Archive for February 5, 2019

Tuesday, February 5, 2019

Swift 5 Exclusivity Enforcement

Andrew Trick:

The Swift 5 release enables runtime checking of “Exclusive Access to Memory” by default in Release builds, further enhancing Swift’s capabilities as a safe language. In Swift 4, these runtime checks were only enabled in Debug builds.

[…]

In essence, a variable cannot be accessed via a different name for the duration in which the same variable is being modified as an inout argument or as self within a mutating method.

[…]

The overhead of the memory access checks could affect the performance of the Release binary. The impact should be small in most cases; if you see a measurable performance regression, please file a bug so we know what we need to improve. As a general guideline, avoid performing class property access within the most performance critical loops, particularly on different objects in each loop iteration. If that isn’t possible, making the class properties private or internal can help the compiler prove that no other code accesses the same property inside the loop.

[…]

The combination of compile-time and run-time exclusivity checks described above are necessary to enforce Swift’s memory safety. Fully enforcing those rules, rather than placing the burden on programmers to follow the rules, helps in at least five ways[…]

Update (2019-02-26): Russ Bishop:

This has some interesting interactions with atomics, especially when running under the Thread Sanitizer (TSAN). If you’ve ever seen a TSAN report on some simple Swift code that looks obviously correct then you’re probably running into this issue[…]

[…]

The problem lies in the Law Of Exclusivity. The ampersand operator in Swift is not the same as C’s address of operator. It is the inout operator.

[…]

The takeway is this: Under the Swift memory model the UnsafeLock shown above is illegal. The correct strategy is to allocate storage for the lock yourself[…]

He does this using an UnsafeMutablePointer.

Wishing for a Low-End Apple Watch

David Smith:

I increasingly find myself wishing that Apple made a smaller, simpler and cheaper Apple Watch. A device that would compare more closely to a FitBit or similar lightweight fitness tracker. The current direction the Apple Watch is taking seems to leave behind so many users that it seems like a big missed opportunity.

Previously:

Mojave Privacy Protection Aftermath

Paul Kim:

Months later, the issues stopped (or at least people stopped reporting them). I can’t say whether some sort of bug was fixed or if people are just now more familiar with how all the new privacy protections work. I’m leaning towards a bug of some sort as the reports have stopped altogether; I’d expect the occasional report of confusion if it was just a knowledge thing.

[…]

Regarding unit tests, it seems that changing my unit tests to run within an app, and adding the appropriate usage strings to the test app, was enough to get them to run.

[…]

At least, there seems to be one way as a dev to be able to make sense of things. Accessing protected directories (for instance, by using access()) will fail with an EPERM error. This differs from accessing a directory protected by UNIX permissions. In those cases, you will get an EACCESS error. While that’s great for differentiating between the two cases what’s unclear to me is if there are other situations, outside of Mojave privacy protections, that would give me an EPERM error.

Howard Oakley:

Imagine playing a team sport, and midway through a match the referee tells you that all the rules have changed, but they’re not telling you how, just that what you have been doing so far has been banned – in part.

[…]

For the last five months, I have looked high and low in Apple’s developer and user documentation for an official account of this, and information as to how TCC determines the Attribution Chain, which in turn informs us – developers, sysadmins and users alike – which app or tool we should add to the Full Disk Access list.

You already know the answer: Apple has not even mentioned any of this. Mojave’s privacy protection is undocumented, by Apple at least.

Daniel Martín:

Here’s an interesting Mojave support document. I didn’t know that you can use a configuration profile with the “SystemPolicyAllFiles” key set to automatically grant full disk access to apps. Convenient!

Howard Oakley:

Some of the most intractable problems in Mojave are those arising from its new privacy protection. The Privacy pane in Security & Privacy and the command tool tccutil intentionally give users, sysadmins and developers almost no help. Most of the lists in the Privacy pane aren’t directly controlled by the user, and all tccutil seems able to do is wipe the contents of those lists. When you have a problem, you’re stuffed.

[…]

I have now extended my free app Taccy, which already helps you examine entitlements and settings in an app, to provide customised access to the unified log which should make troubleshooting privacy control a great deal easier. If you’re familiar with Cirrus, which does the same for iCloud, then you’ll already be familiar with this new feature.

I’ve had lots of customers try to give an app Automation access or Full Disk Access, but find that it just doesn’t work or doesn’t stick. This page from the SpamSieve manual documents the different levels of resets that you can do to fix the problem: tccutil, manually deleting the TCC database (requires temporarily turning off System Integrity Protection), and reinstalling macOS. These are crude remedies, but fortunately they do work.

Previously:

Update (2019-02-07): Isaiah Carew:

Mojave includes many more system level protections to keep out malware. But with this security comes some annoying side effects. One that hit me recently is that I can’t attach Instruments to some apps. This has made plugin development difficult, particularly because RapidWeaver is one of those apps.

Update (2019-02-12): Sergiu Gatlan:

In that post, he also mentioned privacy issues present in the implementation of the /usr/bin/tccutil tool, as well as the possibility to piggyback other apps who have been previously granted access by the user to access sensitive data or locations. The Automator issue was fixed by Apple with the release of macOS Mojave 10.14.3 Supplemental Update on February 7, but the other two are still unpatched.

Update (2019-02-27): See also: Bryan Jones (via John Gruber).

Update (2019-06-20): Peter N Lewis:

So I have descended to the point of adding specific assistance for Mojave security setting bugs. “yes, yes, I know you told the system to grant Keyboard Maestro permission, but Mojave does not really think you meant it”. Sigh.

Top 25 Photos on Flickr in 2018 From Around the World

Flickr:

From the billions of photos uploaded to Flickr in 2018, we chose the Top 25 Flickr Photos of 2018. Of all the incredible moments captured, we’ve curated a list of the most inspiring photos, which represent a global community of unique perspectives.

To determine top photos, Flickr staff created an algorithm that took into account a number of social and engagement metrics, like how many times the photo was viewed or faved. We made sure to curate the raw data to avoid the results being a popularity contest; we removed spammers and photos that don’t qualify as high-quality. We also tried to ensure diversity of genre. For photographers whose photos placed in the top list multiple times, we selected their top-scoring photo.

Previously:

Twitterrific Ad Network

Ged Maheux (tweet):

Now you can advertise your app, website, product or service directly on Twitterrific’s expansive network of tech-savvy users for just $100 a month. For that price we guarantee 1,000 tap-throughs – not impressions but actual visits – to your App Store page or website. What’s more, we take care of creating the ad for you ourselves and even provide App Analytics for iOS or Google Analytics for websites.

Previously: The Deck Shuts Down.