Archive for February 2019

Monday, February 18, 2019 [Tweets] [Favorites]

Explaining Code Using ASCII Art

John Regehr:

People tend to be visual: we use pictures to understand problems. Mainstream programming languages, on the other hand, operate in an almost completely different kind of abstract space, leaving a big gap between programs and pictures. This piece is about pictures drawn using a text character set and then embedded in source code. I love these! The other day I asked around on Twitter for more examples and the responses far exceeded expectations (thanks everyone!). There are a ton of great examples in the thread; here I’ve categorized a few of them.


Inline Types and Functions in Swift

John Sundell:

Inlining can be a great tool for situations when we need an additional type or function, but we don’t want to expose it outside of the scope that it’s being used in. By placing that kind of simpler, more narrowly scoped, types and functions right next to the code that uses them — we can also make our code a bit easier to navigate and work with, by reducing context switching.

The fact that we can choose to define types and functions not only at the top level of a program, but also inline within other types or functions, is another example of just how flexible Swift is in terms of structure and syntax. However, just like with other features of the same nature, it’s important not to take things too far.

I really like using nested declarations and access control modifiers to make code more readable. A downside is that this can make stack traces less readable because the mangled names end up longer than if you had picked a globally unique name yourself.

Ten Years Ago, Apple Said Goodbye to Macworld

Stephen Hackett:

After giving the cursory update on Apple retail and the business on a whole, the news of the keynote started with updates to both the iLife and iWork suites, which at the time were still sold on DVD for $79 each.


Schiller moved onto hardware, showing off the unibody 17-inch MacBook Pro. These big notebooks were in Apple’s lineup for some time, and this marked the last major revision to the family.


Macworld ended with “one last thing,” which was a set of updates to iTunes.

First, Schiller announced an update to song pricing. Songs would now be available at $0.69, the classic $0.99 and a new $1.29. He assured the audience that more songs would be moving down in price than increasing.

It seems like everything is $1.29 now.

Daring Fireball 2018 Apple Report Card

John Gruber (Hacker News):

The MacBook keyboards, lack of iMac updates, and still-missing Mac Pro would’ve led me to give Apple a “C” for the Mac. I took off a whole grade for how embarrassingly bad the “Marzipan” apps are.


iOS 12 is one of my favorite iOS updates for iPhone in years. Apple promised back at WWDC that they were focusing on performance and they delivered.


iCloud Photos is now one of the best sync services I’ve ever used. It’s fast and reliable, and it handles data that I consider invaluable — my family’s photos and videos. iCloud overall has gotten very good.

I continue to have problems with iCloud Photo Library (new photos not showing up, slow syncing, mysterious failures downloading/exporting) and iMessage (messages arriving minutes late or not at all, spontaneous signouts, huge numbers of messages temporarily disappearing). It seems like iCloud Drive has been improving, though.

But for me, personally, I don’t care about huge new flagship stores in Dubai or Paris, and I don’t partake in the “Today at Apple” classes. I care about two things: buying stuff and getting service at my local Apple Store here in Philadelphia.


I just want to get in line, wait my turn, pay, and leave. Instead, the way to check out at an Apple Store is to wander around until you get the attention of an employee who has one of the handheld checkout iPod Touches.


But inevitable or not, the result is that getting support at an Apple Store now stinks. And frankly, the technical acumen of the Genius Bar staffers is now hit-or-miss.

I think Apple needs a lot more stores just to maintain the quality of experience that they used to have. Given that they’re currently stretched so thin, I wish they would focus on service and sales.


Friday, February 15, 2019 [Tweets] [Favorites]

Using Tuples As Lightweight Types in Swift

John Sundell:

Even though a tuple can have labels, you are always free to ignore those when creating an instance. This can help make call sites look really nice and clean, for example when dealing with vector types, like coordinates.


Tuples can also be super useful when checking if multiple values are equal. Even though they don’t conform to the Equatable protocol (or any protocol for that matter), the Swift standard library defines == overloads for tuples that contain values that themselves are equatable.


It turns out that the argument list of any closure can in fact be described using a tuple, and since - thanks to first class functions - all functions are also closures, we can actually use a tuple to pass arguments to a function. All we have to do is to make Swift treat a function as a closure. To do that we could define a call function that takes any function and applies its required arguments to it[…]

John Sundell:

Tuples can not only be super useful in order to group multiple related local variables into one, but can also be a great way to combine throwing expressions

Pixelmator Pro vs. Photoshop CC

Victor Agreda:

If you do heavy print work, you rely on other Creative Cloud apps, or if you’re plugged into a workflow reliant upon some of the connected features available in Creative Cloud, I can save you some time: forget it. Adobe offers a decent deal for subscribers: between online storage, fonts, and other workflow niceties; you won’t easily replicate that with a single application. However, if you simply need to work with photos and manipulate them for the Web—which is likely a big chunk of Photoshop users out there—then Pixelmator Pro offers some advantages for a lot less money.


That said, Pixelmator Pro takes advantage of numerous macOS features, including Versions, which lets you move among previous saves with ease. In fact, as I alluded to earlier, the macOS features in Pixelmator Pro give it somewhat of an edge over Photoshop. By relying on macOS features like Metal 2, Wide Color, and CoreML (which powers its machine learning features), Pixelmator Pro moves like a speedboat to Photoshop’s battleship. I wound up launching Pixelmator Pro to do a lot of my photo work simply because (on a 2017 27-inch iMac, anyway) it launched instantly and ran like a cheetah.

I recently used Photoshop for the first time in many years and was surprised at how it feels less like a regular Mac app than I remember.

Color Spaces

Bartosz Ciechanowski:

A color space can specify how the numeric values of the red, green, and blue components map to intensity of the corresponding light source. In other words, the position of a slider may not be equal to intensity of the light the slider controls.


This may seem all like a pointless transformation, but there is a good reason for doing all this nonlinear mapping. The human eye is not a simple detector of the power of the incoming light – its response is nonlinear. A two-fold increase in emitted number of photons per second will not be perceived as twice as bright light.

If we were to encode the colors using floating point numbers the need for a nonlinear encoding function would be diminished. However, the numeric values of color are often encoded using the familiar 8 bits per component, e.g. in the most common configurations of JPEG and PNG files. Using a nonlinear tone response curve, or TRC for short, lets us maintain more or less perceptual uniformity and use the chunky, quantized range to keep the detail in the darker parts.


Accessing the Log and Utilities From the macOS Installer


Check out the video to see how to use the keyboard shortcut command-option-control-w to switch back to the standard macOS installer. Also, get access to a grayed out menu for accessing the Terminal and Disk Utility by holding down command-option-control when selecting the menu items.

Your Apps Know Where You Were Last Night

The New York Times (tweet, Hacker News):

At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found. Several of those businesses claim to track up to 200 million mobile devices in the United States — about half those in use last year. The database reviewed by The Times — a sample of information gathered in 2017 and held by one company — reveals people’s travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.

These companies sell, use or analyze the data to cater to advertisers, retail outlets and even hedge funds seeking insights into consumer behavior. It’s a hot market, with sales of location-targeted advertising reaching an estimated $21 billion this year.


Many location companies say that when phone users enable location services, their data is fair game. But, The Times found, the explanations people see when prompted to give permission are often incomplete or misleading. An app may tell users that granting access to their location will help them get traffic information, but not mention that the data will be shared and sold. That disclosure is often buried in a vague privacy policy.

Jason Koebler:

Along with the investigation, the New York Times published a guide to managing and restricting location data on specific apps. This is easier on iOS than it is Android, and is something everyone should be periodically doing. But the main takeaway, I think, is not just that we need to be more scrupulous about our location data settings. It’s that we need to be much, much more restrictive about the apps that we install on our phones.


What this means is that the dominant business model on our smartphones is one that’s predicated on monetizing you, and only through paying obsessive attention to your app permissions and seeking paid alternatives can you hope to minimize these impacts on yourself.

Jason Koebler:

Don’t think Apple or Google get enough shit for incentivizing an app economy that relies on free apps that make money by monetizing the data collected by your phone. Allowing the “app is free but we sell your data” as a business model for flashlights and games was disastrous

This is another reason why I think Apple’s Walled Garden is so terrible. For years, it was completely fine to make sketchy apps that monetized data. Why wasn’t Apple protecting its users from that business model?

I suspect Apple would argue this is why you need a walled garden, but Apple has not done a great job of policing it, anyway, so it seems more like protectionism and an obsession with control than anything.

Will Strafach:

I see some are speaking about this as if apps keep their own location databases, but that is not the case. it is so much worse. the location data is sent directly from your phone to big centralized tracking databases owned by one or more of the 75 tracking firms.

Nick Heer:

App developers should, at the very least, be required to be completely forthright in their permissions request dialogs. If a developer is scooping and selling user data, they should be able to defend that practice to users in language that they can understand; if they cannot, then perhaps that’s a practice they should cease.


Thursday, February 14, 2019 [Tweets] [Favorites]

Developer Apple ID’s to Require Two-Factor Authentication

Apple (via e-mail):

In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you’re the only person who can access your account. If you haven’t already enabled two-factor authentication for your Apple ID, please learn more and update your security settings.

Brent Simmons:

I have two accounts — one for personal use, one for development use — and so do lots of developers.

I don’t know how to make this work. None of my devices are ever signed in to my developer account. That account exists purely for building and distributing apps.

It is possible, but Apple has not done a good job of explaining it.

Nick Heer:

To register an iOS device with two-factor authentication, you must sign out of your personal Apple ID at the system level, which means you’re signing out of iCloud. This is a highly disruptive action. On a Mac, it’s much easier, because you can associate different MacOS users with their own Apple ID. So, the best recourse to set up two-factor authentication is probably to create a separate user account on your Mac, set it up with your developer Apple ID, and then follow Apple’s directions.

James Thompson:

So, if my developer Apple ID is going to require 2FA in two weeks, how is that going to work mixed with my personal Apple ID? Am I right that a device like a phone can only be the trusted device for one Apple ID?

Ryan Booker:

It’s a great example of Apple not thinking things through. Custom system that doesn’t work with every other TFA system, no ability to get the prompts from multiple accounts, and no ability to merge accounts.

Dave Wood:

To put into perspective how much of a PITA Apple’s bad 2FA will be, I rec’d 14 of the “Teams and roles have been unified.” emails. I have a lot of developer accounts, tied to specific clients. I also often need to log in as the client because they have no clue how ASC works.

Kyle Seth Gray (tweet):

Here’s how you can add your developer account to your device to get authentication codes.


Despite the account being labeled as ‘inactive’ on that account screen, you have added your device as a “trusted” device capable of receiving two-factor authentication codes.


The one problem is enabling it in the first place - the easiest way is to create a temporary user on your Mac and enable it there, but damn if that isn’t a clunky solution.

I have not, as far as I recall, ever made a separate Mac account or used a dedicated device for my developer account, but somehow I was able, long ago, to enable 2FA using SMS. Some people are worried that Apple will stop allowing this and require an actual iOS device, but I haven’t seen any official indication of that. SMS is more convenient in a lot of situations but less secure.

Maxwell Swadling:

Never use consumer phone numbers, they are easily stolen. Most telcos only require a name and DOB to port. Get a number that doesn’t have a sim allocated and can’t be ported, such as twilio or google voice.

Maxwell Swadling:

1. get a dedicated google voice number on a dedicated google account
2. Disable text message forwarding
3. Put THAT account under U2F
4. Create a Mac VM
5. Sign in and activate with that number

I think this is the only decent approach

Tanner Bennett:

Lol what about company developer accounts that aren’t attached to any particular device, and thus, not tied to a phone number that can receive SMS?

See also: Cabel Sasser.

Update (2019-02-15): Simone Manganelli:

The SMS thing is “two-step” verification (as opposed to “two-factor”), and though it’s still supported, I dunno if you can activate it on newer devices.

Marco Arment:

This sudden requirement for 2FA on dev accounts feels rushed and ill-considered.

iCloud device-based 2FA doesn’t fit the way most iOS devs, big and small, use Apple IDs.

Apple should add support for TOTP (Authy, Authenticator, 1Password, etc.) before requiring 2FA.

Andrew Mayers:

I called dev support about it two days ago. They completely understood the problem and said they would look at my accounts and let me know the next day how to handle it. No response yet so I think they don’t have an answer yet.

Matthew Dicembrino:

Indie devs are now going to feel the pain us contractors have felt in last year. New dev accounts have been 2FA required for months. I use a google voice number to receive sms codes. Also reverse engineered the 2FA api calls to automate the process for my fastlane builds.

Gardner von Holt:

Marco, not publicized is that if you have no device to use for two factor auth, dev support can authorize your dev account to continue using Two Step auth, the 4 digit old method. Call dev support and explain the situation, you will get escalated to a sr. tech who has a process.

Nate Petersen:

Dev support got back to me: “At this time, two-factor authentication is only a requirement for the account holder role”. So you could have a separate account just to be the “account holder”. Still a huge pain though.

Konstantinos Kontos:

Since,I’m the senior iOS dev, but not the account owner, and since there are tasks that only the account owner can do, I know need to go ordinate with the US west time zone (10 hours difference to me) to perform tasks that I would otherwise do in a couple of minutes.

Craig Hockenberry:

Just removed an Apple ID from an old Mac mini and got a barrage of alerts on phones, watches, Macs about FaceTime being used on a new device that’s not new. Also signed out of the iTunes Store.

If anyone at Apple is wondering why developers are worried about 2FA, see above.


So let’s recap: I decided (stupidly) to do a little cleanup on my Apple ID. Now I can’t buy anything from Apple. I can’t renew my developer account, get a WWDC ticket, or buy some hardware.

We see fragility in Apple’s backend service a lot more than most customers. And worry.

My fear at this point is that all of these declines is going to trigger something that locks my account and really screws my business up.

See also: Scripting OS X.

Update (2019-02-18): See also: Reddit.

Dave Wood:

Apple’s forced 2FA is going to go really well. Here’s one of my dev accounts, now completely locked out (unrelated to 2FA). One site says I need to update the country associated with the account, the other says I can’t update it. Now what?…

Stealing High-Value Instagram Accounts

Joseph Cox (tweet):

Usually when you think of someone taking over an Instagram account, you probably imagine a hacker breaking in with an unearthed password, or tricking the victim into giving up their credentials. But Instagram scammers have another, sometimes more effective method too: just asking Instagram to hand over the account.

Scammers do this by creating fake companies and trademarks to convince Instagram they should be the legitimate owner of a username in question, with fraudsters using “trademarking,” as the technique is known, to get ahold of sought-after, valuable handles, according to posts and evidence of the process in action obtained by Motherboard. The scammers can then keep these handles as digital mementos, brag about their acquisition, or resell them at a profit in a thriving underground community.

Update (2019-02-15): Isaiah Carew:

i’ve had my instagram account “isaiah” stolen 3 times. they used “sim flipping”, social engineering, and a loophole in 2-factor.

iTunes U and iBooks Author Are Suffering From Software Rot

Bradley Chambers:

Google has been ridiculed over creating and shutting down various applications over the years, but when it comes to enterprise software applications, I would prefer that over letting things die a slow agonizing death. Apple, on the other hand, has done the latter with two of its K–12 focused software applications: iBooks Author and iTunes U.


[iBooks Author is] largely the same application that it was when it was released in 2012. Is iBooks Author an app that schools are supposed to build around? If so, what promise do they have that it will be compatible with anything in the future?


The last major [iTunes U] feature was released in 2015. […] Sadly, iTunes U doesn’t even support split screen on the iPad yet. The Apple Pencil support is bare bones. It would be hard for me to recommend iTunes U as a platform for anyone at this point.


Most Security Bugs Are Memory Safety Issues

Catalin Cimpanu (via Hacker News):

Speaking at the BlueHat security conference in Israel last week, Microsoft security engineer Matt Miller said that over the last 12 years, around 70 percent of all Microsoft patches were fixes for memory safety bugs.

The reason for this high percentage is because Windows has been written mostly in C and C++, two “memory-unsafe” programming languages that allow developers fine-grained control of the memory addresses where their code can be executed. One slip-up in the developers’ memory management code can lead to a slew of memory safety errors that attackers can exploit with dangerous and intrusive consequences --such as remote code execution or elevation of privilege flaws.

Kara Swisher Interview of Jack Dorsey

Dan Luu (tweet, Hacker News):

This is a transcript of the Kara Swisher / Jack Dorsey interview from 2/12/2019, made by parsing the original Tweets because I wanted to be able to read this linearly. There’s a “moment” that tries to track this, but since it doesn’t distinguish between sub-threads in any way, you can’t tell the difference between end of a thread and a normal reply.

Mostly, I think this demonstrates how hard it is to read collections of tweets on Twitter itself.

Wednesday, February 13, 2019 [Tweets] [Favorites]

Flickr Moving Away From Yahoo Logins

Don MacAskill:

I am SO happy to announce that @Flickr login without Yahoo is rolling out! Thanks for your patience and support as we worked hard to build & debug. New login page is up, and members will get to update their logins over the coming weeks.


In preparation for launching our new login system, we’re beginning the rollout today of the new Flickr login page. This will take some time, so hang tight if you don’t see it immediately -- it’s coming!

For now, the login page will still forward you over to Yahoo, where you’ll continue to use the same credentials as always to sign into your Flickr account. The next step in the process will take a few weeks -- we’ll let each member know when it’s time to choose the email address and password you’ll use to log in to Flickr.

I think that’s the only time I use my Yahoo ID these days.

The Future of Blogger and MarsEdit

Daniel Jalkut:

Google is shutting down the Picasa Web Albums API, and MarsEdit will no longer be able to upload images to Blogger/Blogspot blogs.


This is a very disappointing development, but it sort of comes with the territory for an app such as MarsEdit that supports a variety of services, none of which is under my control. Over the past 12 years, I’ve witnessed the disappearance of services such as Vox and Posterous, and the elimination of support for 3rd party apps by services such as Squarespace.

AR Will Spark the Next Big Tech Platform

Kevin Kelly (tweet):

Someday soon, every place and thing in the real world—every street, lamppost, building, and room—will have its full-size digital twin in the mirrorworld. For now, only tiny patches of the mirrorworld are visible through AR headsets. Piece by piece, these virtual fragments are being stitched together to form a shared, persistent place that will parallel the real world. The author Jorge Luis Borges imagined a map exactly the same size as the territory it represented. “In time,” Borges wrote, “the Cartographers Guilds struck a Map of the Empire whose size was that of the Empire, and which coincided point for point with it.” We are now building such a 1:1 map of almost unimaginable scope, and this world will become the next great digital platform.


The mirrorworld—a term first popularized by Yale computer scientist David Gelernter—will reflect not just what something looks like but its context, meaning, and function. We will interact with it, manipulate it, and experience it like we do the real world.


The mirrorworld will raise major privacy concerns. It will, after all, contain a billion eyes glancing at every point, converging into one continuous view. The mirrorworld will create so much data, big data, from its legions of eyes and other sensors, that we can’t imagine its scale right now. To make this spatial realm work—to synchronize the virtual twins of all places and all things with the real places and things, while rendering it visible to millions—will require tracking people and things to a degree that can only be called a total surveillance state.

I still don’t really understand how this will work or what Apple thinks its role is going to be.


Cell Carriers Sold Location Data to Bounty Hunters

Jason Koebler (tweet):

Around 250 bounty hunters and related businesses had access to AT&T, T-Mobile, and Sprint customer location data, according to documents obtained by Motherboard. The documents also show that telecom companies sold data intended to be used by 911 operators and first responders to data aggregators, who sold it to bounty hunters. The data was in some cases so accurate that a user could be tracked to specific spots inside a building.


A list of a particular customer’s use of the phone location service obtained by Motherboard stretches on for around 450 pages, with more than 18,000 individual phone location requests in just over a year of activity. The bail bonds firm that initiated the requests—known in the industry as phone pings—did not respond to questions asking whether they obtained consent for locating the phones, or what the pings were for.

Joseph Cox:

Some of these bounty hunters then resold location data to those unauthorized to handle it, according to two independent sources familiar with CerCareOne’s operations.


“This scandal keeps getting worse. Carriers assured customers location tracking abuses were isolated incidents. Now it appears that hundreds of people could track our phones, and they were doing it for years before anyone at the wireless companies took action,” Oregon Senator Ron Wyden said in an emailed statement after presented with Motherboard’s findings.


“With AT&T, Sprint and T-Mobile phones, utilizes GPS technology to track registered cell phones to within a few feet of their location,” the article reads. “With Verizon, they use less-precise cellular triangulation technology.”


Tuesday, February 12, 2019 [Tweets] [Favorites]

Amazon Acquires Eero

Chris Welch (MacRumors, Hacker News):

Amazon has announced that it’s acquiring Eero, the maker of mesh home routers. Amazon says buying Eero will allow the company to “help customers better connect smart home devices.” It will certainly make Alexa-compatible gadgets easier to set up if Amazon also controls the router technology. Financial terms of the deal are not being disclosed.

Nilay Patel:

Eero was one of the few major (and necessary) tech products you could buy that was 1. terrific 2. made by a well-run, personable company 3. not made by one of the giants

Dieter Bohn:

Maybe Eero’s mesh network could be built-in to future Echoes. Maybe future Eeros could get microphones built into them. Maybe Amazon will hug Eero so tightly it will die or maybe Amazon will let it live as an independent unit, much like Ring. Maybe Eero Plus — which includes a VPN and anti-malware and even a subscription to a password manager — would get bundled for free into an Amazon Prime subscription.


But this time, the surprise might be on Amazon. The first reaction from people who know and love Eero wasn’t speculating on any of those possibilities. Instead, the overwhelming reactions were consternation, concern, and exhaustion.

Dan Masters:

I remember when I thought Apple would integrate the AirPort Express into the Apple TV. #waste


I thought the same thing.

Before the ‘reinvented’ 4th gen Apple TV came out, it was supposed to be a console/Steam competitor, a cable TV killer, home Siri, and Wi-Fi - all in one.

It got basically none of that right.

Instead, we go an awful remote and apps no one uses.

Jon Gales:

I still find it really weird that Apple got out of the wireless networking game. Amazon and Google clearly see value in it.

Joe Cieplinski:

At some point, Apple is going to have to ask itself: If we care about privacy, should we be providing our customers with a means to protect themselves at all points of their internet connections?

See also: Rene Ritchie.


Update (2019-02-13): John Gruber:

I know Amazon wants to keep its options open and isn’t going to commit to anything today, but that “at this time” is painful to read.

Rene Ritchie:

Google, Amazon, Facebook are massive data harvesting companies with service/device front ends critical to facilitate that harvesting. It makes any/unlimited numbers categories business-necessities.

Apple doesn’t need to make routers. We need them to because of the above. :(

Spencer Callaghan:

right but as a market strategy, would keeping that data from competitors not be a good move? Also, they are clearly interested in the smart home space, embedded routers in HomeKit devices just makes so much sense, particularly from a company that values minimalism.

Nut Button:

The only companies that feel like there’s a market in routers are the ones that do it for data collection. If Apple really wants to walk the walk they’d be making routers. I hope that if they aren’t already that this is a wake up call.

Robert Walter:

I know Apple believes in security but if they were really serious about it, they’d offer 1. Safe router, 2. VPN and 3. upgrade iCloud Keych/Apple Wallet to a full function p/w mgr..

Apple originally sold Airports because so few good routers. Should do now because few safe ones


The iDevice could have played the role of the HomeKit bridge and respond to Siri requests from the wireless speakers (just like the Siri Remote is able to send requests wirelessly to the Apple TV). The combinaison of all these features could have become an ecosystem by itself, a new platform. Configuration would have been done via the (or a seperate app for more advanced feature configuration like firewall rules or internet content filtering.

What name could Apple give to this fabulous new product? The HomePod. Now that would have made sense. Boom.

See also: Accidental Tech Podcast.

Update (2019-02-14): Rosyna Keller:

I’m personally mode terrified Amazon will start requiring an Amazon account to do anything with an eero.

Google Wi-Fi already requires a Google account.

Transparency in macOS 10.14

Dr. Drang:

Why should the Dock appear as if it’s transparent? It’s not as if there’s anything interesting behind the Dock. That space can’t be used for icons, and I wouldn’t put any there even if it could be. So there’s no value is seeing through the Dock, but there is value in distinguishing the icons in the Dock from those that may be next to it on the Desktop. The distinction between the icons in the Dock and those on the Desktop is unnecessarily reduced by the excessive transparency of the Mojave Dock.


This is ludicrous. This menu isn’t directly in front of the Desktop, it’s in front of the browser window (which is white because I was on Google’s home page when I took the screenshot). There is no reason for it to look like you’re seeing through it to the Desktop. That it looks that way screws up the sense of layering, especially since it still has that shadow around its border.

This absurd fake transparency isn’t confined to Safari. The little popup boxes that appear in Maps have the same muted Desktop coloring even though their conceptual position is floating on top of the map, not on top of the Desktop.

“Reduce transparency” is less effective than before. I usually run with “Increase contrast,” which further reduces the transparency and makes text more readable. But it also exposes a variety of bugs with standard controls and with built-in apps (e.g. the top of the main table view in Mail).

Nick Heer:

For what it’s worth, I don’t necessarily share Drang’s complaints with transparency more generally on the Mac; I think it’s more decorative than helpful, but it’s fine. But I keep the “Reduce Transparency” setting switched on mostly because I prefer a solid background for the menu bar. The resulting layering and compositing doesn’t make any spatial sense and, especially with a saturated desktop picture, is often jarring.


Update (2019-02-13): Tony Arnold:

I have to be honest, recent changes to macOS’ design have me scratching my head, too. How and when things show through seems like a massive mess. The content of vibrant sidebars is less emphasised, and harder to read when the window is focused.

Apple Retail Employees Aggressively Pushing iPhone Upgrades

Chance Miller:

A source tells 9to5Mac that this is a new policy at all Apple retail locations. Employees are being instructed to push for an upgrade instead of repairing an existing device. In some stores, the source says, an employee is tasked with pitching iPhone upgrades to Genius Bar customers as they wait for appointments. Other stores have the Geniuses themselves to pitch an upgrade.


First and foremost, pitching users of the iPhone X to upgrade comes across as a desperate move. The device is barely over a year old, and many iPhone X users haven’t even had it for more than a year. Trying to get someone who spent $1,000+ on their iPhone less than a year ago to spend another $1,000+ is a bold move.

Further, many people dread the task of going to Apple stores and many have to drive several hours to do so. The last thing those people want is for an employee to immediately up-sell instead of helping them repair their existing phone. An employee’s first response to my problem shouldn’t have been, “Have you considered upgrading to a new iPhone recently?” It should have been promising to resolve my problem as quickly as possible.

Benjamin Mayo:

The Apple Store is a store. It’s a place to buy something, and a place for Apple to sell something. However, the Apple Store has never been defined by the hard sell. In fact, it boldly fought against it. Apple retail employees have never earned commission because the goal was to give shoppers the right advice, and match person to product based on need and wants, not which one gives the biggest kickback.

These new initiatives to juice iPhone XS and iPhone XR fly in the face of the principled stance Apple has established in the past. Staff advice is distorted by upper management marketing pressure, rather than monetary incentives, but the result is the same for the customer. The advice is currently biased towards hitting Apple’s targets, not what the person walking in the shop really wants.

As he notes, Apple’s rhetoric is increasingly at odds with how the company actually behaves.

Previously: 2018 iPhone Sales.

Update (2019-02-13): Justin Miller:

I have seen this daily for months when I check It used to be an inspiring place to see what Apple’s stance on tech is. Now it’s a blaring ad to trade in your phone or to act on a limited time pricing offer. Everything above the fold is about selling.

Apple Storing Russian Users’ Data on Local Servers

Amy MacKinnon:

Roskomnadzor, the Russian government agency that oversees media and telecommunications, has confirmed for the first time that Apple Russia is to adhere to a 2014 law that requires any company handling the digital data of Russian citizens to process and store it on servers physically located in Russia. Under Russian counterterrorism laws, Apple could be compelled to decrypt and hand over user data to security services on request.


Russian law takes a broad interpretation of personal data and applies it to anything that could be used to identify individuals or their behavior. Photos, music, and e-book downloads would all indirectly be defined as personal data, said Medvedev, who specializes in internet and e-commerce law.

Via Nick Heer:

It isn’t clear to me how Russia could expect to decrypt any user data with the exception of email, as it’s end-to-end encrypted in Russia the same way as it is anywhere else.

So far, it seems that Apple has been happy to move data to local servers so long as they get to maintain control over encryption and privacy practices. But what happens when a country passes a law that requires them to relinquish their ability to secure user data?

However, I disagree about most user data being end-to-end encrypted.

Previously: iCloud in China and on Google’s Cloud.

Monday, February 11, 2019 [Tweets] [Favorites]

Spotify’s Podcast Aggregation Play


That’s why we announced today the strategic acquisitions of two podcasting companies, Gimlet and Anchor. These companies serve two different, distinct roles in the industry. Gimlet is one of the best content creators in the world, with unique, celebrated podcast shows like Homecoming, which was recently adapted into a critically acclaimed show on Amazon Prime, and the internet culture hit Reply All. And Anchor has completely reimagined the path to audio creation, enabling creation for the next generation of podcasters worldwide — 15 billion hours of content on the platform during Q4. These companies are best-in-class and together we will offer differentiated and original content. Gimlet and Anchor will position us to become the leading platform for podcast creators around the world and the leading producer of podcasts.

Ben Thompson (Hacker News):

The shift in purpose from “music” to “audio” is, for now anyways, about podcasts. And, at least from a user perspective, it is a natural extension: playing music and playing podcasts entail downloading or streaming some sort of digital file, decoding it on a device, and playing it back through some sort of speaker. That one involved melodies and harmonies and the other primarily the spoken word (although there are plenty of music podcasts) is, from a technical perspective, a distinction without meaning.

From a value chain perspective, though, music and podcasts could not be more different[…]


This importance of centralization to an advertising business model is best seen by the fact that Spotify drove €542 million ($616 million) in advertising revenue last year, far outpacing all of podcasting, even though half of the company’s users didn’t hear any ads at all.


To that end, it is worth considering if this is good for the podcasting industry generally. After all, to return to the web analogy, the price of the Internet finally monetizing effectively was the shift of content to centralized platforms like Facebook.

See also: Accidental Tech Podcast, Core Intuition, Download, Exponent, Recode.

Jeff Bezos and the National Enquirer

Jeff Bezos:

In the AMI letters I’m making public, you will see the precise details of their extortionate proposal: They will publish the personal photos unless Gavin de Becker and I make the specific false public statement to the press that we “have no knowledge or basis for suggesting that AMI’s coverage was politically motivated or influenced by political forces.”

Rather than publishing this as a JPEG of text, he used Medium.

Jaclyn Peiser:

Medium, the online open platform and publisher, is one bloglike platform that has persisted and innovated in the social media era. With 90 million unique monthly visitors, it has maintained relevance as a destination for open letters, petitions and personal essays. But it scarcely sparks such frenetic reactions as it did Thursday night.

The post went viral, and Medium soon found itself in the middle of a major news story.

In a statement, a Medium spokeswoman said the site hadn’t known that Mr. Bezos was going to publish the post.

Vlad Savov (tweet):

But what stood out to me, precisely by virtue of it not being noticed or widely recognized, was the role that Twitter played in that explosive news moment. If Bezos dropped a bomb, it was Twitter that sparked and catalyzed the explosion.


The anatomy of the Bezos disclosure was simple. He chose Medium as the receptacle of his thoughts — perhaps as a neutral alternative to writing in The Washington Post, which he owns — but the path that everyone followed to get to Medium was via his tweet. No journalist was casually browsing Medium’s “Combative Blog Posts from Multibillionaires” section and accidentally stumbled upon it. No one could even have been sure it was Bezos just by looking at the blog post in isolation. Twitter was both the trigger of awareness for the post’s existence and the first step of verification for its legitimacy.

John Gruber:

Here’s a detail I would like to see everyone reporting on this story identify: what type of text messages was Bezos exchanging with Lauren Sanchez? […] This matters because SMS is not encrypted. iMessage is not just encrypted but end-to-end encrypted. If, as Bezos’s investigator apparently believes, Bezos’s phone was not compromised, that means either Sanchez’s phone was compromised, or the messages were intercepted in transit. But if they were iMessages, they couldn’t be intercepted in transit.

I’m not sure whether Bezos uses an iPhone (and thus has access to iMessage).

Lachlan Markay:

The brother of Jeff Bezos’ mistress, Lauren Sanchez, supplied the couple’s racy texts to the National Enquirer, multiple sources inside AMI, the tabloid’s parent company, told The Daily Beast.

Of course, he denies this. But, if true, he could have gotten them via physical access to Sanchez’s phone, or directly from her, without having to intercept anything. So perhaps there’s a messaging tech angle to this story, but perhaps not.


On Covering Webcams

John Gruber (tweet):

I have never understand the mass paranoia over laptop webcams — which have in-use indicator lights, which I’ve seen no evidence can be circumvented on Macs from the last decade — and the complete lack of similar paranoia over microphones, which cannot be blocked by a piece of tape and which have no in-use indicator lights. And I don’t see anyone taping over the cameras on their phones. This story is only going to feed that paranoia, because the takeaway is going to be “The Wall Street Journal says you should cover up your webcam.”


The problem isn’t your camera, it’s malware. Don’t install any software from unknown or sketchy sources, keep your OS up to date, and you should be fine. And if you do have malware on your Mac, the webcam is likely the least of your problems.

I cover my Mac’s camera with a piece of tape, not because I’m terribly worried about it, but because it’s easy to do, so why not? But I think something like Little Snitch is probably better protection. I don’t really care whether an app is using the camera or microphone so long as it isn’t sending data anywhere.

Phone cameras and microphones should probably be of greater concern, but there’s not much you can do about them. It’s not practical to cover sensors that you use throughout the day. Third-party phone apps are harder to audit. And intelligence agencies can allegedly activate the microphone and camera, anyway.


Sandboxed macOS X Login Item With XPC

Uli Kusterer:

I’m currently working on updating the Talking Moose to modern macOS, with an eye on a Mac App Store release. This differs from your stock XPC setup, as the Talking Moose consists of a GUI application for configuring it, and a background process for the animated character, the latter of which should be launched at login and stay running, instead of only being launched on-demand when someone makes explicit requests to the service.

Here are the things I had to do differently from Xcode’s standard XPC Service target template[…]

Friday, February 8, 2019 [Tweets] [Favorites]


Adam Engst:

Over at the New York Times, Brian X. Chen penned a thoroughly reasonable column explaining why advertisers use auto-play videos and some of the technical solutions for reducing their impact. Google Chrome tries to prevent them from playing based on your behavior, and Safari on the Mac, which Chen doesn’t mention, can also block them, either for a particular site or for all sites. And Firefox 66, due in March 2019, will mute all auto-playing videos.

The auto-play offense that has pushed me over the edge is Netflix’s Apple TV app, which auto-plays previews for movies and TV shows as you browse through Netflix’s library. Within 3 seconds of when you navigate to a show’s icon, it starts playing a preview for the show, complete with audio. It’s difficult even to read the show’s description in that amount of time, much less reflect on whether you might want to watch the show. As soon as the audio starts, it interrupts whatever thoughts might be going through your head (Josh Centers made this example video; it shows what he hears as his 5-year-old browses).

Update (2019-02-11): Nick Heers:

And here’s the thing: Netflix knows it drives people nuts. Last year, Dan Jackson of Thrillist cited several pieces pointing out just how awful and irritating and downright shitty this feature is. There’s a Twitter account dedicated to the terribleness of Netflix autoplay.

The Definitive Guide to iCloud Photos in 2019

Mike Peterson:

Optimize Storage only affects images stored on your device. More than that, your iPhone will only optimize storage when you’re running low. It also starts optimization with the images and photos that you access the least.

So it can be hard to proactively free up more space that you know you will need for something else.

Unfortunately, no matter which platform you’re in, you’ll need to tap or click on each image to select it individually. If you’re on an iOS device, you can speed this process along by tapping and dragging across multiple photos very quickly. […] The one workaround that folks use on their iPhone to select Multiple photos to delete is to use a Third party app on your iPhone that facilitates selection of multiple photos.


But, of course, you may run into some issues when using the platform. Here’s how to troubleshoot some of the more common iCloud Photos problems.

Previously: Quickly Emptying the iPhone Camera Roll.

Update (2019-02-11): Tanner Bennett:

iCloud Photos on Mac does not sync over hotspot connections, and there is no indication of this, it just says “Updating” as if it were actually trying to sync.

Google Should Force Better Security on Nest Users

Patrick Howell O’Neill:

It took a growing mountain of home hacking horror stories going viral, but Google on Wednesday finally took action by telling their customers to stop messing everything up.

In the last few weeks, multiple stories have emerged about owners of Nest security cameras—at least some of which have speakers through which users can talk—seeing their devices hijacked so that hackers can not only look into their homes but also terrorize unsuspecting families by issuing fake bomb threats and threatening to kidnap children.


Why is something as important as a live video stream from inside your home secured as weakly as a video game by default?

Previously: Nest Cam Waking in the Night.

Update (2019-02-11): Simone Manganelli:

This is quite rich coming from a company that doesn’t support 2-factor auth by app, only by horribly insecure SMS. :rolleyes:

How Hackers and Scammers Break into iCloud-Locked iPhones

Joseph Cox and Jason Koebler:

The iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phone’s original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold.


In practice, “iCloud unlock” as it’s often called, is a scheme that involves a complex supply chain of different scams and cybercriminals. These include using fake receipts and invoices to trick Apple into believing they’re the legitimate owner of the phone, using databases that look up information on iPhones, and social engineering at Apple Stores. There are even custom phishing kits for sale online designed to steal iCloud passwords from a phone’s original owner.


“I wish that they would just use iCloud lock for devices that are reported lost or stolen,” Justin Carroll, owner of FruitFixed, an independent smartphone repair shop in Virginia, told Motherboard. “We’ve seen it hundreds of times—people bring in perfectly working and capable phones that have nothing wrong with them and we can’t do anything for them. We’ve even had it happen to us, where we give a loaner phone to a customer, they don’t remove iCloud, they leave the store, and we have an expensive paperweight. That’s incredibly frustrating.”

Thursday, February 7, 2019 [Tweets] [Favorites]

Swift ABI Stability and More

Jordan Rose:

This post describes what binary compatibility means in Swift 5 and how it will evolve in future releases of Swift.


To remove this restriction, the library author needs a feature currently being implemented called module stability. This involves augmenting the opaque [swiftmodule] format with a textual summary of a module, similar to what you see in Xcodeʼs “Generated Interface” view, so that clients can use a module without having to care what compiler it was built with. You can read more about that on the Swift forums.


Swift already has an implementation of support for library evolution, informally termed “resilience”. It’s an opt-in feature for libraries that need it, and it uses not-yet-finalized annotations to strike a balance between performance and future flexibility, which you can see in the source code for the standard library. The first of these to go through the Swift Evolution Process was @inlinable, added in Swift 4.2 (SE-0193). Look for more proposals about library evolution support in the future.

Previously: Swift 5 Release Notes for Xcode 10.2 Beta.

Update (2019-02-11): Joe Groff:

However, as a result of this, the Swift runtime is now a component of the user’s target operating system rather than part of the developer’s toolchain. As a consequence, in the future, for a Swift project to adopt new Swift runtime and standard library functionality, it may also have to require new OS versions that include an updated Swift runtime supporting the added features. This tradeoff between adopting new language features and frameworks or maintaining compatibility with older OS versions has always existed for Objective-C and Apple system frameworks, and will now be a factor for Swift as well.


The language compatibility setting is a purely compile-time feature that is used to control source compatibility. It does not affect ABI. You do not need to migrate Swift 4 code to Swift 5 mode in order to use Swift 5’s stable ABI, and going forward, new language modes can be adopted without imposing a newer OS requirement if language features that require new runtime features are not used.

It will not be possible to update the shared Swift runtime from a copy bundled with an app. But apps can continue to ship newer versions that are self-contained, as this is the only way Swift apps can run prior to macOS 10.14.4 and iOS 12.2.

Popular iPhone Apps Secretly Record Your Screen for Analytics

Juli Clover:

Multiple popular iPhone apps from major companies are using intrusive analytics services that capture detailed data like taps, swipes, and even screen recordings without customer knowledge, reports TechCrunch.

Apps that include Abercrombie & Fitch,, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm that lets developers use “session replay” screen recording technology within their apps.


Some apps, such as Air Canada, don’t properly mask data that’s recorded, exposing information like passport numbers and credit card information. Air Canada employees with access to the screenshot database can readily see this data.

Previously: Apple Granted Uber a Background Screen Recording Entitlement.

Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps — or face removal from the app store, TechCrunch can confirm.


TechCrunch began hearing on Thursday that app developers had already been notified that their apps had fallen afoul of Apple’s rules. One app developer was told by Apple to remove code that recorded app activities, citing the company’s app store guidelines.

“Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” Apple said in the email.

Apple gave the developer less than a day to remove the code and resubmit their app or the app would be removed from the app store, the email said.

Dave Verwer:

I’ve never talked about this before, but the only relevant sponsor who I’ve ever turned down for iOS Dev Weekly was a company focused on in-app screen recording analytics. It was a few years ago now and I had no idea this was even a thing at the time. I just couldn’t believe that they were doing it and they were incredulous that I had a problem with it. It made me really angry. Looking at the client list on their site was shocking too. Your screen is almost certainly being recorded by some of the apps on your phone. I didn’t want to support that, and I didn’t take their money.

The irony is that in a past job I had, the company I worked for used one of these screen recording analytics tools and I was asked to look at the results as part of my job. I protested and made a case they they should remove it from their app, but I failed and as far as I know they continue to do it. The irony? To my annoyance, the data collected from that tool was incredibly useful, and I found at least one really hard to reproduce bug because I could watch it happen for a user. Even so, I never felt comfortable with it and was happy to put it behind me.

In an email, an Apple spokesperson said: “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.

John Gruber:

I think Apple’s doing the right thing here, and it’s an impressive display of what the App Store review team can analyze, but given that this has been going on for years, I think 24 hours notice over a weekend is a bit drastic.

KeySteal Mac Keychain Exploit

Benjamin Mayo:

Security researcher Linuz Henze has shared a video demonstration of what is claimed to be a macOS Mojave exploit to access passwords stored in the Keychain. However, he has said he is not sharing his findings with Apple out of protest.

Henze has publicly shared legitimate iOS vulnerabilities in the past, so he has a track record of credibility.

However, Henze is frustrated that Apple’s bug bounty program only applies to iOS, not macOS, and has decided not to release more information about his latest Keychain invasion.

Why doesn’t Apple have a bug bounty program for macOS?

Rene Ritchie:

Garbage. Disclose to Apple to help protect users then use the follow up to push for when (not if) the bounty program is launching.

There absolutely should be one and yesterday but don’t hold users hostage for your entitlement.

(Especially if you’ve previously dropped 0days…)

Dave DeLong:

Eh, mixed feelings. Civil disobedience is a well-established form of protest, and @apple tends to gloss over Mac stuff publicly, because it’s minuscule compared to iOS

And until he releases the exploit, there are no “hostages”. This isn’t blackmail.

Patrick Wardle:

Got to play with @LinusHenze’s ‘KeySteal’. It’s a lovely bug & exploit

✅ works on macOS 10.14.3
✅ his payload dumps passwords, private keys, & tokens

Protect yourself by:

🔐manually locking your keychain
🔐or setting a keychain-specific password

Lorenzo Franceschi-Bicchierai (Hacker News):

On Wednesday, after a talk at the Black Hat security conference in Las Vegas, Beer tweeted a message to Apple’s CEO Tim Cook, challenging him to pay for each bug he has reported since 2016, and asking him to donate $2.45 million to to human rights group Amnesty International.


Apple’s bug bounty program had a lackluster start last year. As Motherboard reported at the time, the majority of independent iOS security researchers had not submitted any bugs to Apple as part of the bug bounty, mostly because doing so would hinder future research and was just not worth the trouble, given that those exploits can be sold for much more money in the gray market of exploit brokers.

Previously: Apple Security.

Update (2019-02-08): Benjamin Mayo:

It is pretty twisted that Apple will bend the rules of their own bug bounty program so much for the Thompson family because of the press coverage. Meanwhile, ‘real’ security researchers are upset that Apple won’t even offer a program — of any kind — for macOS.

Previously: Major FaceTime Privacy Bug.

Jeff Johnson:

I could continue to pester Apple Product Security by email, but I don’t feel like it. I shouldn’t have to. I shouldn’t have to do anything except report the bug, which I did. I can accept that a mistake was made when my bug was not credited along with all of the others on October 30. What I cannot accept is that it takes more than 3 months to fix the mistake and simply update a web page on their site.

On a tangentially related note, the scam apps in the App Store that I blogged about previously are still in the App Store today. I also reported these apps to Apple Product Feedback. I’m not sure if that’s where you’re supposed to report App Store scams. Should you email Apple Product Security? Who knows. Why isn’t there a clearly identified place to report App Store scams to Apple?

Update (2019-02-11): Linus Henze:

On Tuesday @Apple contacted me and asked me if I would send them the details about my exploit. I told them that I would if they accept my offer. However, I’ve got no response from them. Today I wrote them again. Attached is an image of what I wrote.

John Gruber:

Why in the world Apple only offers security bounties for iOS is beyond my comprehension. Of course iOS has the most users, but the potential for truly critical bugs exists on all of Apple’s platforms.


as much as the FaceTime kid deserves the money he got, it’s very sad to see that Apple will only do things under the threat of bad PR. The bounty program has pissed off so many researchers that it seems very tone deaf of Apple to bend rules like that.

I’m not supposed to share details, but at this point I don’t even care about being disqualified from the bounty program. I submitted two sandbox escapes, for a $25k payout each. Additionally I wanted to donate my payout to charity, which made me elegible for a match.

It’s been now 2 years of silence from them, but I did recently hear that supposedly they took my decision to donate to @MAPS as a “joke” and seemingly they’re unwilling to donate to them. I think it’s despicable and the bounty program can die in a fire as far as I’m concerned.

Jeff Johnson:

Yesterday I wrote a blog post about how Apple Product Security has failed to credit me for my previous discovery of another hole in Mojave’s privacy protections. Later that day, Apple updated their support article online. The article now credits me, but unfortunately it credits me for the wrong bug. Perhaps the update was a rush job in response to my blog post, who knows.

Update (2019-02-18): Jeff Johnson:

I finally got proper credit from Apple Product Security for the Mojave privacy protections bypass that was fixed in macOS 10.14.1 back on October 30, 2018.

Apple Is Removing “Do Not Track” From Safari

Juli Clover (Hacker News):

In the release notes for Safari 12.1, the new version of Apple’s browser installed in iOS 12.2, Apple says that it is removing support for the “Do Not Track” feature, which is now outdated.


The same feature was also removed from Safari Technology Preview today, Apple’s experimental macOS browser, and it is not present in the macOS 10.14.4 betas. According to Apple, Do Not Track is “expired” and support is being eliminated to prevent its use as, ironically, a fingerprinting variable for tracking purposes.

Kaelan the Tired:

The problem with it was that it all hinged on the option being disabled by default, so that only the rare unicorns who actually knew about it and wanted it would turn it on. Microsoft made the infuriating decision to blatantly violate this delicate contract by making Do Not Track enabled by default in Internet Explorer. So all that could happen from there was for the whole thing to come tumbling down. I vaguely remember some website trying to create a compromise where they would still honor the header if it came from a non-Microsoft browser, but I guess that kind of duct tape over the mess wasn’t sustainable. Advertisers were spooked and it all ended sadly-ever-after.

Previously: Intelligent Tracking Prevention 2.0.

Update (2019-02-11): Marco Arment:

The Do Not Track header trusted ad-tech to follow users’ preferences, getting less data and making less money.

But ad-tech can NEVER be trusted. It fundamentally violates trust for profit.

Our only option is to constantly fight it with countermeasures.

Fast Safe Mutable State in Swift 5

Ben Cohen:

My talk from Functional Swift Conf about some of the performance challenges with Collections of Copy-on-Write types, and how we’ve fixed this in the standard library in Swift 5.

Ben Cohen:

Here’s the code for Dictionary’s subscript _modify

What Dictionary does is find the key, then move the corresponding value out of its buffer temporarily into an optional it then yields. This leaves an uninitialized hole in the buffer memory – but that’s fine, because subscript call keeps exclusive access to that memory.

The caller can then modify that optional in-place, and the value inside it remains uniquely referenced. Then the caller returns from the yield, and dictionary can move the element back into its storage before returning.

This is using unsafe operations under the hood (to move the memory out of the buffer) but only the bottom layer needs to do this. You can then layer more yielding subscripts on top of it (as Dictionary does here – the unsafe stuff is isolated in _NativeDictionary).

And the unsafe ops are all regular std lib operations using UnsafeMutablePointer. No scary builtins involving pinning memory in place.


Wednesday, February 6, 2019 [Tweets] [Favorites]

Why Swift’s Copy-on-Write Is Safe

Drew McCormack:

I’ve been applying the Copy-on-Write pattern for structs in Swift for quite a while, but is it actually thread safe? Is there not a risk of a race condition between checking that the object is uniquely referenced, and returning the reference?

Joe Groff:

It’s thread safe to read and copy but not write (modulo bugs). It should be as thread safe as an int variable

Joe Groff:

The difference from an ObjC object would be that two threads can both copy from a common value and modify their local copy with a guarantee that the writes don’t race, so this is valid:

let x = [1, 2, 3]

q.async { var y = x; y[0] = 4 }
q.async { var y = x; y[0] = 4 }


If you implement your cow buffer the same way the standard library does, using isUniquelyReferenced to check whether copying is necessary before any modification, then you should get the same guarantee. The isUniquelyReferenced is itself threadsafe

Drew McCormack:

I wasn’t even particularly thinking of Apple’s types, but more just the way we are told to do it in our own. If I understand, it is possible for a CoW struct to change value unexpectedly without you doing anything. Seems like would be pretty serious violation of value semantics.

Joe Groff:

Retain, release, and isUnique are all atomic, and ARC ensures that the read will ensure an independent retain for each thread. There should be no “between”

Daniel Jalkut:

I think Drew is not concerned with isUnique’s atomicity, but with the atomicity of the return/copy code that follows.

Joe Groff:

isUnique takes its argument inout intentionally to ensure this isn't a problem. Swift's inout requires exclusive access to the memory passed in, so by the time you have a local copy, it must be in a separate memory location with its own strong reference

In other words, because of the inout exclusivity guarantee, isUnique returning true also implies that your thread is the only thread that can see the one outstanding reference

See also: ManagedBuffer.swift.

Helge Heß:

I guess they key thing to understand is that this is not thread safe and needs synchronization:

var x = [ 1, 2, 3 ]
q.async( x.append(4) )
q.async( x.append(5) )

Drew McCormack:

I’m afraid I am still not completely convinced. Contested writes are always a risk, but I can live with that. I am more worried that there could be violations of value semantics. Here is a sample which creates a let constant, which subsequently mutates.

Raphael Sebbe:

makes sense. From this code (image), unless I miss sth, the second reference can be created (2nd thread) after the atomic test (1st thread) but before the update. This would mean that the copied value would be changed too.

I think part of the confusion is that people are not talking about the same thing. The way I think about it, Swift’s CoW protects variables that are declared as let. Other code can take the value, put it in a var, and mutate it, and the original variable will be unchanged, even if it’s not protected by a lock or queue. The reason this works is that a mutating method can only be called if the value is already in a var. By the time that happens, the reference count will be at least 2 (the original let, plus the var). ARC-itself is thread-safe. So, at the time of the mutation, isKnownUniquelyReferenced() will return false, and it will have to make a copy.

In McCormack’s example, the original value is in a var, and then it goes into a let, and the object inside the struct changes after the struct has been copied in the let. This is unfortunate, but—as with primitive types—you aren’t supposed to be writing without synchronization. It’s not a goal of CoW to protect against this.


Update (2019-02-07): Drew McCormack:

Thanks for summarizing the CoW discussion. I think we are in agreement. I will say, first, that it did surprise me that a ‘let’ constant can mutate, although I accept the explanation. Second, on the question of whether CoW has a race condition, the answer is clearly “Yes”

If I had to summarize that whole exchange, it would be… Me: “Does CoW have a potential race condition?”. Swift Folk: “You shouldn’t be asking that question.” Effectively the question is irrelevant, because you shouldn’t share mutable value types. That is the lesson.

Secure Erase and Mojave’s Disk Utility

Howard Oakley:

The snag is that Disk Utility won’t overwrite an SSD’s free space in the way that it does with hard disks. It pretends to offer the same three secure erase options, but in fact none of them does what the dialog says. Indeed, in Sierra they aren’t even available, which is perhaps a little more honest.

In Mojave, all three secure erase options offer is that the original APFS volume is completely deleted, with any Preboot and Recovery directories, and it is then added back as a new volume. This will destroy all APFS data about the original volume, but the file data for that volume will remain on the SSD. Although at present there appear to be no macOS utilities which can reconstruct such a removed volume, that situation will change in the future.

Howard Oakley:

To perform the secure erase which it describes, you have to use the diskutil command in Terminal instead, using a command of the form

diskutil secureErase freespace 2 /Volumes/volumeName

which is an even slower process.

Before using diskutil secureErase, you should read man diskutil, where Apple cautions:

This kind of secure erase is no longer considered safe. Modern devices have wear-leveling, block-sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. The modern solution for quickly and securely erasing your data is encryption. Strongly-encrypted data can be instantly “erased” by destroying (or losing) the key (password), because this renders your data irretrievable in practical terms. Consider using APFS encryption (FileVault).


It isn’t possible to encrypt an existing APFS volume non-destructively using Disk Utility, and in some cases when attempting to erase and reformat a volume, Disk Utility returns “an internal state error” and fails to perform the operation.


Considering Pulling Google News From Europe

Natalia Drozdiak:

The European Union’s Copyright Directive will give publishers the right to demand money from the Alphabet Inc. unit, Facebook Inc. and other web platforms when fragments of their articles show up in news search results, or are shared by users.


Lawmakers are still hashing out how to define small excerpts of stories and whether individual words should be covered by the copyright rules, according to an EU official who asked not to be identified.


The impact of a Google News withdrawal on publishers who rely on the search giant for traffic to their sites is unclear. Google shut its news service in Spain in 2014 after the country passed a law requiring Spanish publications to charge aggregators for displaying excerpts of stories. Publishers must claim compensation for the reuse of fragments of text whether they want to or not.

The Spanish law led to small publishers losing about 13 percent of their web traffic, according to a 2017 study released by the Spanish Association of Publishers of Periodical Publications.

Via Nick Heer:

An alternative could be to display search results without excerpts, photos, or titles.

Previously: EU Approves Controversial Copyright Directive.

eBay’s Changing Strategy

Spencer Soper (Hacker News):

Wall Street bought the story for a while, but with Amazon gaining and EBay atrophying, investors have been losing patience with Wenig’s slow-and-steady approach. That impatience came to a head on Tuesday, when Billionaire Paul Singer’s Elliott Management Corp. -- which owns more than 4 percent of the company -- published a letter outlining “urgently needed” steps that included assets sales and share buy-backs.

EBay’s growth was languishing even before Wenig took over in 2015 after the company split from faster-growing PayPal Holdings Inc. Many shoppers still think of EBay as the online rummage sale of yesteryear, where you could snag a deal on someone’s baseball card collection or video game console by bidding in an auction. In fact, EBay is much like any e-commerce site these days, replacing a trip to the mall by offering deals on new iPhones, Under Armour shirts and cordless drills from DeWalt.


As a shopper I hate a lot of the recent shifts in their strategy. The only thing interesting enough to make me want to deal with all the hassles of eBay are the interesting vintage or collectible one-of-a-kind items: coins, camera gear, art, etc. These things are more work to list and describe but make for an always entertaining browsing experience. I loved eBay back in the day when it was like one big never-ending garage sale.

The catalogization of eBay, moving toward SKU-based product pages with sellers providing fulfillment, ends up feeling like a weird me-too version of the Amazon FBA race to the bottom. Small sellers with interesting inventory have been bled to death with ever-increasing fees and seem ready to pack up the wagon and move on to greener pastures.

The featured products on the homepage have the same bland sameness as every other e-com site and as a shopper I don’t feel like I have much reason to ever go there these days. Right now I’m seeing a Patriots ballcap, some men’s sneakers, and a small grill. Might as well be shopping at Target.

Kirk McElhearn:

For many years, I have bought new iPhones and sold the previous models. As a tech journalist, it’s useful for me to have the latest technology – even though I don’t do this every year – and I don’t want to accumulate old devices, like many of my friends who have “boxes of phones.”

I used to do this on eBay, but, when I tried to sell my iPhone 8+ recently, the experience was so bad that I will never do it again.

Previously: eBay Is for Suckers.

Amazon and Fake Books and Filtered Reviews

Dave Mark (tweet):

The book had the same title, same author, and a similar cover. But it was not printed by No Starch Press and, presumably, none of the money will make its way to No Starch or the author.


Once they had the fake book in hand, they could print a fake and sell it, or add the fake PDF to a torrent web site. Happened to me with every book I ever wrote.

But this particular fake appears to be surfaced by Amazon, the number one bookseller in the world.

John Gordon:

Amazon reviews have long been helpful to me, and were once a big part of Amazon’s value proposition.

That is no longer true. Amazon is filtering out negative reviews.

See also: Reddit.


Tuesday, February 5, 2019 [Tweets] [Favorites]

Swift 5 Exclusivity Enforcement

Andrew Trick:

The Swift 5 release enables runtime checking of “Exclusive Access to Memory” by default in Release builds, further enhancing Swift’s capabilities as a safe language. In Swift 4, these runtime checks were only enabled in Debug builds.


In essence, a variable cannot be accessed via a different name for the duration in which the same variable is being modified as an inout argument or as self within a mutating method.


The overhead of the memory access checks could affect the performance of the Release binary. The impact should be small in most cases; if you see a measurable performance regression, please file a bug so we know what we need to improve. As a general guideline, avoid performing class property access within the most performance critical loops, particularly on different objects in each loop iteration. If that isn’t possible, making the class properties private or internal can help the compiler prove that no other code accesses the same property inside the loop.


The combination of compile-time and run-time exclusivity checks described above are necessary to enforce Swift’s memory safety. Fully enforcing those rules, rather than placing the burden on programmers to follow the rules, helps in at least five ways[…]

Wishing for a Low-End Apple Watch

David Smith:

I increasingly find myself wishing that Apple made a smaller, simpler and cheaper Apple Watch. A device that would compare more closely to a FitBit or similar lightweight fitness tracker. The current direction the Apple Watch is taking seems to leave behind so many users that it seems like a big missed opportunity.


Mojave Privacy Protection Aftermath

Paul Kim:

Months later, the issues stopped (or at least people stopped reporting them). I can’t say whether some sort of bug was fixed or if people are just now more familiar with how all the new privacy protections work. I’m leaning towards a bug of some sort as the reports have stopped altogether; I’d expect the occasional report of confusion if it was just a knowledge thing.


Regarding unit tests, it seems that changing my unit tests to run within an app, and adding the appropriate usage strings to the test app, was enough to get them to run.


At least, there seems to be one way as a dev to be able to make sense of things. Accessing protected directories (for instance, by using access() ) will fail with an EPERM error. This differs from accessing a directory protected by UNIX permissions. In those cases, you will get an EACCESS error. While that’s great for differentiating between the two cases what’s unclear to me is if there are other situations, outside of Mojave privacy protections, that would give me an EPERM error.

Howard Oakley:

Imagine playing a team sport, and midway through a match the referee tells you that all the rules have changed, but they’re not telling you how, just that what you have been doing so far has been banned – in part.


For the last five months, I have looked high and low in Apple’s developer and user documentation for an official account of this, and information as to how TCC determines the Attribution Chain, which in turn informs us – developers, sysadmins and users alike – which app or tool we should add to the Full Disk Access list.

You already know the answer: Apple has not even mentioned any of this. Mojave’s privacy protection is undocumented, by Apple at least.

Daniel Martín:

Here’s an interesting Mojave support document. I didn’t know that you can use a configuration profile with the “SystemPolicyAllFiles” key set to automatically grant full disk access to apps. Convenient!

Howard Oakley:

Some of the most intractable problems in Mojave are those arising from its new privacy protection. The Privacy pane in Security & Privacy and the command tool tccutil intentionally give users, sysadmins and developers almost no help. Most of the lists in the Privacy pane aren’t directly controlled by the user, and all tccutil seems able to do is wipe the contents of those lists. When you have a problem, you’re stuffed.


I have now extended my free app Taccy, which already helps you examine entitlements and settings in an app, to provide customised access to the unified log which should make troubleshooting privacy control a great deal easier. If you’re familiar with Cirrus, which does the same for iCloud, then you’ll already be familiar with this new feature.

I’ve had lots of customers try to give an app Automation access or Full Disk Access, but find that it just doesn’t work or doesn’t stick. This page from the SpamSieve manual documents the different levels of resets that you can do to fix the problem: tccutil, manually deleting the TCC database (requires temporarily turning off System Integrity Protection), and reinstalling macOS. These are crude remedies, but fortunately they do work.


Update (2019-02-07): Isaiah Carew:

Mojave includes many more system level protections to keep out malware. But with this security comes some annoying side effects. One that hit me recently is that I can’t attach Instruments to some apps. This has made plugin development difficult, particularly because RapidWeaver is one of those apps.

Update (2019-02-12): Sergiu Gatlan:

In that post, he also mentioned privacy issues present in the implementation of the /usr/bin/tccutil tool, as well as the possibility to piggyback other apps who have been previously granted access by the user to access sensitive data or locations. The Automator issue was fixed by Apple with the release of macOS Mojave 10.14.3 Supplemental Update on February 7, but the other two are still unpatched.

Top 25 Photos on Flickr in 2018 From Around the World


From the billions of photos uploaded to Flickr in 2018, we chose the Top 25 Flickr Photos of 2018. Of all the incredible moments captured, we’ve curated a list of the most inspiring photos, which represent a global community of unique perspectives.

To determine top photos, Flickr staff created an algorithm that took into account a number of social and engagement metrics, like how many times the photo was viewed or faved. We made sure to curate the raw data to avoid the results being a popularity contest; we removed spammers and photos that don’t qualify as high-quality. We also tried to ensure diversity of genre. For photographers whose photos placed in the top list multiple times, we selected their top-scoring photo.


Twitterrific Ad Network

Ged Maheux (tweet):

Now you can advertise your app, website, product or service directly on Twitterrific’s expansive network of tech-savvy users for just $100 a month. For that price we guarantee 1,000 tap-throughs – not impressions but actual visits – to your App Store page or website. What’s more, we take care of creating the ad for you ourselves and even provide App Analytics for iOS or Google Analytics for websites.

Previously: The Deck Shuts Down.

Monday, February 4, 2019 [Tweets] [Favorites]

Despair, Thy Name Is App Store

Daniel Kennett:

On Wednesday afternoon, I accidentally shipped the worst bug of my career. On Thursday morning, I fixed it, pushed an update to the App Store, and thankfully it got approved quickly.

Unfortunately, there’s currently a glitch in the App Store, and it’s still serving the broken version of my app to the world alongside the release notes and version metadata of the fixed one. “Fixed the crash!” it gleefully claims, cruelly delivering a very much unfixed binary. I’ve since uploaded a second update in the hopes that it’d get unstuck. No dice. The App Store is now serving a build from two versions ago alongside metadata from the current version.

There’s no way to call in to Developer Support that I can find any more, and the old numbers I have don’t work. The contact site is selling me the EU call centres have closed and won’t let me contact the US ones.

Update (2019-02-05): See also: John Siracusa.

Memories of Facebook Paper

Mike Matas:

5 years ago today Facebook Paper was released. So cool to see this incredibly thorough archive of all the little interactions we worked so hard on


My experience with it was that most of the actual FB posts never fit in. It seemed designed for a different kind of content than what fb actually has.

Vincent Bidaux:

User perspective: I felt I was missing even more of my timeline than with normal fb, which was already #1 struggle. Too much editorial/news/organic content vs. what friends were actually doing/saying.

Felix Krause:

When I first used the Facebook Paper app, I thought this would be how UIs are gonna look like in a few years, it felt like from the future. And look where we are now 🙃

Previously: Design Details: Paper by Facebook.

Margins on AirPods, Apple TV, and HomePod

Juli Clover:

On the latest episode of The Talk Show, Daring Fireball’s John Gruber discusses Apple TV and HomePod pricing and whether Apple is charging too much for some of its products.

According to Gruber, Apple is actually selling the 2017 Apple TV 4K at cost, suggesting the device costs Apple $180 to make. As for the HomePod, Gruber said he believes Apple sells it at a loss.


Gruber said that he also suspects the AirPods are priced close to cost as well, though he’s not sure and can’t prove it.

This doesn’t make a whole lot of sense to me (especially for AirPods), but I take it seriously because Gruber usually has good sources. Maybe it was accidental because the costs ended up being higher than what Apple predicted? I do think he’s right that Apple designed “too good” of a product—“good” in the sense of using high-end components that may not be valued commensurately by customers. If Apple TV 4K actually costs $180 to sell at no profit, Apple really didn’t design the right product.

Mark Gurman:

I’m told Apple is selling HomePods at a profit, not a loss, which wouldn’t make any sense. If it’s losing money, that’s only because it built too many speakers people don’t seem to want, and is now sitting on unsold inventory.

Update (2019-02-05): Joe Rossignol:

Apple’s expensive HomePod speaker accounted for just six percent of the U.S. smart speaker installed base through the fourth quarter of 2018, according to research firm Consumer Intelligence Research Partners.

Via Michael Love:

’Struggling’ implies effort, which I suspect they’re no longer applying to this, particularly if you assume that @gruber’s leak about Apple losing money on HomePod/TV was tactical in advance of March and June announcements that make that retreat official.

Previously: Initial HomePod Sales.

Apple Is Indeed Patenting Swift Features

Thomas Claburn (Hacker News):

Here are two of the patents in question: 9,952,841 and 9,329,844.

John McCall:

By licensing its contributions under the Apache license, Apple has granted you a perpetual, royalty-free license to use all of its patents that are necessary in order to use Swift.

Ted Kremenek:

Any company making a contribution to Swift is intentionally licensing implied patents to the project. This is a business decision. Speaking on Apple’s behalf, that business decision is clear and deliberate: we want Swift to be successful and to be used widely. The Apache 2 license provides a form of IP licensing as well as IP protection for the project, and thus its users.

Chris Lattner:

I agree with much of the sentiment that software patents are often silly and the system is broken in many ways. This patent is a reasonable example of that (patenting syntactic sugar for monads, really?). I have no idea if there is prior art, but I wouldn’t be surprised. For sake of discussion, lets assume the patent is valid.

Even if I and others don’t like it, the software patent system exists. As is pointed out upthread, one of the major reasons that Swift uses the Apache 2 license is to provide more certainty for the community w.r.t. licensing and patents. An additional bonus of the Apache 2 license is that the open source project as a whole benefits from companies having and contributing their patents under the terms of the license: to say more directly, it is good for the Swift project that Apple has this patent and has contributed it to the project.


This basically says that if someone sues someone else over Swift then they lose access to the patents contributed to the project, and are therefore subject to countersuits. This is a significant part of the protection that the Apache license provides (it is a big deterent to lawsuits in general) but it only has teeth if there are actually patents in play!


If Apple genuinely intends to use this only for defensive purposes, or as counter-suits against patent trolls, then they should put it under something like Twitter’s Innovator’s Patent Agreement, something that legally enforces the idea of only using the patent for defensive purposes.

Nathan Gray:

Like most software engineers I’m not qualified to analyze what will or won’t infringe on a specific patent, so I’m not going to make any such claims, but attempting to patent programming language features from Swift is certainly a chilling move by Apple. @Chris_Lattner3, @tkremenek, and other (former/present) Apple people have emphasized how great this is for the Swift community, but that’s a very limited perspective. What about other languages? What about other communities? Is a new, from-scratch language design that uses optional chaining open to legal attack by Apple?

UltraViolet Digital Movie Locker Service Will Close

Mitchel Broussard (Hacker News):

Between January 31 and July 31, 2019, users will be able to keep accessing their UltraViolet Library, purchase new movies, and redeem digital codes. After the shutdown date, all UltraViolet Libraries will automatically close, but the company has detailed a way that users will be able to continue accessing their content.

To do this, UltraViolet is advising users to log into their accounts and verify that they have another retailer linked to their UltraViolet Library, which will allow them to watch their movies and TV shows on another platform after July 31.

Previously: Movies Anywhere.

Friday, February 1, 2019 [Tweets] [Favorites]

Clearing the Icon Services Cache in Mojave

Howard Oakley:

After all these 35 years, and numerous bug reports, Apple still doesn’t provide any tool to rebuild the IconServices cache. You might find that restarting in Safe mode (with the Shift key held down), leaving your Mac a couple of minutes, then restarting back in normal mode, might do the trick, if you’re lucky, but as far as I know, that doesn’t force the IconServices cache to be rebuilt. Neither does resetting the SMC or NVRAM, although sometimes they’re recommended.

If all else fails, and you have to force the IconServices cache to be rebuilt, the only way seems to be to delete it at the command line.


The command to remove the main store is

sudo rm -rfv /Library/Caches/

That for the subsidiary data is

sudo find /private/var/folders/ \( -name -or -name \) -exec rm -rfv {} \;

which includes the Dock icon cache too.

Once you have done that, you’ll need to restart and give your Mac plenty of time to rebuild the caches.

Previously: Clearing the Icon Services Cache in Yosemite.

Comparing Xcode Target Build Settings

Paulo Andrade:

Simply shift+click the targets you want to compare and then enable the “Levels” toggle on the top filter bar.

By doing so, Xcode displays each target’s settings side by side for easy comparison. Furthermore, you can/should also enable the “Customized” toggle make it even easier to spot differences.

Not only does this Xcode feature have none of the drawbacks mentioned before, it also allows you to compare more than 2 targets! Simply shift+click another target and another column is displayed!

Blocking the Big 5: Google

Kashmir Hill (Hacker News, via Dare Obasanjo):

I’m saying goodbye to all that this week. As part of an experiment to live without the tech giants, I’m cutting Google from my life both by abandoning its products and by preventing myself, technologically, from interacting with the company in any way. Engineer Dhruv Mehrotra built a virtual private network, or VPN, for me that prevents my phone, computers, and smart devices from communicating with the 8,699,648 IP addresses controlled by Google. This will cause some huge headaches for me: The company has created countless genuinely useful products, some that we use intentionally and some invisibly. The trade-off? Google tracks us everywhere.


This experiment is not just about boycotting Google products. I’m also preventing my devices from interacting with Google in invisible or background ways, and that makes for some big challenges.

Update (2019-02-04): Bogdan Popa:

I spent this past weekend de-Google-ifying my life and, despite my expectations, it wasn’t too hard to do.


Why go through all this trouble? I’ve grown increasingly concerned this past year with how much access Google has to our lives. They are the world’s biggest advertising company and they have access to most of our web browsing via Google Chrome (62.5% market share – although given the amount of broken websites (some explicitly Chrome-only!) I’ve found since switching to Firefox, I believe this number may actually be higher), all our website visitors via Google Analytics and Google Fonts. Much of our communication via GMail and Google Apps and much of the content we consume every day via YouTube. I’m not even going to get into all the information they gather from people who use Android phones.

Passwords and Muscle Memory

Brent Simmons:

What I realized is that — probably for many years — I didn’t actually know my password. I couldn’t have told you what it is. I just relied on my fingers to know it. And since it always worked, I never thought to question it.

And then, one day at random, my fingers failed. And the more I tried to figure it out — trying things that seemed likely — the more I worried I was fuzzing my muscle memory.