Archive for March 4, 2019

Monday, March 4, 2019

Bringing iOS Apps to macOS Using Marzipanify

Steve Troughton-Smith:

At WWDC 2018 Apple gave us a ‘sneak peek’ at perhaps one of the most impactful developments on macOS since the transition to Mac OS X: UIKit apps running on the desktop. Today, I’m going to detail a special tool I built, called marzipanify, to get started with UIKit on the Mac early, and start the initial bringup of your iOS app on macOS.


There’s another reason for the iosmac distinction: many of the frameworks underneath, née iOS Simulator, clash horrendously with the built-in macOS frameworks, thanks to a decade of divergence from OS X. Both iOS and macOS today share a UIFoundation framework to help support UIKit and AppKit and provide common code, but UIFoundation makes decisions at runtime based on which platform it’s running on that affect everything from Interface Builder to text rendering. At its simplest level, this means that if you link AppKit into your iOSMac app, all manner of things will explode in your app. The iosmac linker variant for iOSMac binaries explicitly prevents loading non-iosmac binaries and libraries into your code (unless they’re whitelisted).


Altogether, it appears running modern UIKit on macOS is so much more complex than the more-obvious tack Chameleon took when it rewrote UIKit for the Mac all those years ago. It’s not a virtual machine by any stretch, despite evolving from the iOS Simulator, but it certainly goes to great lengths to distance itself from how Mac apps traditionally work.

Steve Troughton-Smith:

If you look at your newly-marzipanified app, and compare it with Apple’s built-in UIKit apps on Mojave, you will notice that yours looks a lot more clunky and less-native than what Apple’s doing. To really make your app sing, you’re going to have to use some new classes and mechanics unique to UIKit on macOS.


One thing that is key to remember is that Marzipan scales everything in your window by 0.77 to better suit the desktop. This is mostly transparent to the developer, unless of course you’re trying to closely match the metrics used in AppKit apps for e.g. sidebar row height, and you suddenly realize everything is smaller than it should be.


You may find all your centered text is no longer centered when run on the Mac. That’s because Apple uses different integer values for the NSTextAlignment enum, so NSTextAlignmentCentered is interpreted as NSTextAlignmentRight.

James Thomson:

Here’s iOS PCalc running under Marzipan on Mojave. Mostly working, with a few graphical glitches - some stuff works even better than the current Mac version, like fullscreen / live resizing. Looking forward to seeing what we get officially at WWDC in June.

Previously: Apple to Target Combining iPhone, iPad, and Mac Apps by 2021.

Keyboard Shortcuts Killed by Bug

Howard Oakley:

When you try to edit the command associated with that shortcut, the editing box is tiny, just over two characters in width, so tiny that it’s hard to read or change its contents.

With a fourth shortcut added, every single entry made by the user is replaced by an ellipsis. Which command is which shortcut? Well, you can either read it through the selection keyhole, or view it in the tooltip attached to the ellipsis.

I have spent some time looking for workarounds which make this feature still usable, and cannot find any. This bug effectively renders the App Shortcuts feature unusable in Mojave 10.14.3.

You may not use App Shortcuts, and consider them a minor feature of little importance. This bug, though, reveals a great deal about what is going wrong inside Apple, which is the reason for this article.

The bug is present at least as far back as macOS 10.13.4.

Facebook and Phone Numbers

Jeremy Burge:

For years Facebook claimed the adding a phone number for 2FA was only for security. Now it can be searched and there’s no way to disable that.

Facebook 2FA numbers are also shared with Instagram which prompts you ‘is this your phone number?’ once you add to FB.

The original FB phone number prompt never mentioned “and more”. It was shown for MONTHS before a link was added in September 2018 clarifying “actually we’ll use this wherever we damn well please”

WhatsApp also shares phone numbers with Facebook

Facebook shares phone numbers with advertisers

Update (2019-03-05): Zack Whittaker (Hacker News):

Alex Stamos, former chief security officer and now adjunct professor at Stanford University, also called out the practice in a tweet. “Facebook can’t credibly require two-factor for high-risk accounts without segmenting that from search and ads,” he said.

Since Stamos left Facebook in August, Facebook has not hired a replacement chief security officer.

John Gruber:

The lesson some people are going to take from this is that enabling two-factor authentication is for suckers.

Nick Heer:

Ever since fears about SIM hijacking began spreading, some people have been claiming that using SMS-based two-factor authentication is worse than not using two-factor at all. I think that’s silly and myopic. It is worth noting that SIM hijacking is pretty easy for someone who has access — directly or indirectly — to a carrier’s SIM backend. But the circumstances under which someone’s phone number would be hijacked are pretty rare for the vast majority of us. People who are connected with low character count or high-valued social media accounts, higher-ranking employees, activists, journalists, wealthy individuals, and public figures are more susceptible to these kinds of attacks. Most of us, however, are not any of these things, and will likely benefit from using any kind of two-factor authentication. You should use a code generator or a hardware mechanism like a YubiKey wherever you can, but SMS authentication is not necessarily terrible, and is likely not worse than using no verification at all.

Adding to the Wayback Machine

Jesse Gardner:

Jeffrey Zeldman shared this helpful tip for saving web pages to the Internet Archive Wayback Machine[…]

I reference the Wayback Machine a lot, so requesting an archive of the current page by prepending the url with is wicked useful; but I figured I’d make it just a smidge easier by turning it into a bookmarklet.