Archive for March 21, 2019

Thursday, March 21, 2019

UTF-8 String in Swift 5

Michael Ilseman:

Switching to UTF-8 fulfills one of String’s long-term goals to enable high-performance processing, which is the most passionate request from performance-sensitive developers. It also lays the groundwork for providing even more performant APIs in the future. String’s preferred encoding is baked into Swift’s ABI for performance, so it was imperative that this switch happen in time for ABI stability in Swift 5.

[…]

Swift 5, like Rust, performs encoding validation once on creation, when it is far more efficient to do so. NSStrings, which are lazily bridged (zero-copy) into Swift and use UTF-16, may contain invalid content (i.e. isolated surrogates). As in Swift 4.2, these are lazily validated when read from.

This sounds great, as I’ve run into problems in Objective-C where strings that are not valid Unicode would cause strange failures a layer or two below my code. I don’t see it documented what happens when validation fails, but my guess from the code is that it repairs the string using replacement characters. That makes sense given the cases I’ve seen. Set one bad attribute on a managed object, and the entire context fails to save. If validation were eager, maybe I could do better at the point of creation than replacement characters (assuming I’m even creating the strings myself). But, this much later, I don’t think there’s much to be done. It’s not worth risking data loss for the common case where the developer hasn’t anticipated this happening and written code to fix the strings.

As mentioned above, Swift 5 switches from two native storage representations to one. This allows for better analyses and more aggressive optimizations with fewer potential code-size or compilation time costs.

For example, inlining is a compiler optimization that can improve run-time performance at a potential cost to code size. In Swift 4.2, most string methods contained a pair of implementations, one for each storage representation. No matter what form a 4.2 string was in, an entire portion of potentially-inlined code wouldn’t even be run; this increases the cost and diminishes the benefits of inlining. Furthermore, the greatest benefits of inlining come from follow-on analyses and optimizations specific to one call-site, which are exponentially more difficult to perform on a dual representation. Swift 5’s unified storage representation is far more amenable to inlining and follow-on optimizations.

Michael Ilseman:

String remembers performance-relevant information about its contents through the use of performance flags.

For example, a String that is known to be all-ASCII has a trivial UTF8View, UTF16View, and UnicodeScalarView. Also, mapping offsets between the two code unit views is trivial, so there is no need for any bookkeeping as part of Cocoa interop.

Previously: String’s ABI and UTF-8.

More Undiscoverable Gestures

Nick Lockwood:

For years I thought it was weird that Apple’s phone UI provides no way to paste in a copied phone number. Then someone showed me how to do it and… I couldn’t be angrier 🤬

In case it isn’t clear from that screenshot, you have to long-press on the featureless whitespace area above the keypad.

I guess putting a text field, or literally anything at all would have compromised the designer’s vision.

I didn’t know this either.

Alex Rosenberg:

It’s the same with copying from Calculator. As a user, I expect that to work because the same traditionally worked on Mac.

Constantino Tsarouhas:

You can also tap it once to use it like any other text field (cursor, selection, etc.). It’s been that way since the redesign in iOS 7, IIRC.

Kirill Pahnev:

We have to agree. iOS has become platform of hidden tricks and gestures

Andrei Anton:

…maybe the actual problem is having an UI where what’s technically an input field (that’s obviously expected to have a “long tap to copy/cut/paste” function) looks EXACTLY like whitespace! Let’s bring back UIs that actually have strong visual cues in them…

Jaime Santana:

Another “hidden” dialpad feature; upon opening it, with the text field still empty tap the dial button, it will paste the last dialed number. You have to tap the dial button one more time to actually dial it.

Jason notes that you can put a call on hold by touching and holding the Mute button.

Tom Dale:

I’ve been using OS X for over 15 years and I just figured out how to remove a saved color from the system color picker.

Previously:

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Brian Krebs:

Facebook is probing a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it in plain text on internal company servers.

[…]

The Facebook source said the investigation so far indicates between 200 million and 600 million Facebook users may have had their account passwords stored in plain text and searchable by more than 20,000 Facebook employees. The source said Facebook is still trying to determine how many passwords were exposed and for how long, but so far the inquiry has uncovered archives with plain text user passwords in them dating back to 2012.

My Facebook insider said access logs showed some 2,000 engineers or developers made approximately nine million internal queries for data elements that contained plain text user passwords.

Zero-day Safari Exploits Allowed Complete Takeover of Mac

Ben Lovejoy:

The first exploit managed to escape the sandbox, a protection macOS uses to ensure that apps only have access to their own data, and any system data permitted by Apple.

[…]

The second got rather further, gaining both root and kernel access to the Mac.

This despite process isolation and sandboxing

It’s Frustrating That Preview in Mojave Isn’t Better

Adam Engst:

When 10.14 Mojave rolled around, however, its Continuity Camera and screenshot features directly impacted Preview, so I decided it was time to do a deep dive and see what else might have changed in Preview.

Unfortunately, the results of my investigation weren’t particularly positive. The new features in Preview don’t add much value, one change is actively bad, and Apple introduced a handful of bugs.

Overall, I think the version in macOS 10.11 was better.

Previously:

Update (2019-04-08): I’m still getting lots of internal errors working with PDFs in Preview.

MySpace Lost Music Uploaded From 2003 to 2015

MySpace:

As a result of a server migration project, any photos, videos, and audio files you uploaded more than three years ago may no longer be available on or from Myspace. We apologize for the inconvenience and suggest that you retain your back up copies. If you would like more information, please contact our Data Protection Officer, Dr. Jana Jentzsch at DPO@myspace.com.

Via Nick Heer:

Anyone who thinks that something like this couldn’t happen to the music they’ve created and uploaded to Soundcloud or YouTube is fooling themselves.

Update (2019-03-22): Gary Bernhardt:

Reminder that “the cloud” is neither a backup nor a suitable location for data that you care about. Your provider will delete all of your data when it’s no longer economical to host it, or when someone typos a shell command, whichever comes first!

Not Relying on NSFileCoordinator

Soroush Khanlou:

This is where I discovered my problem. Without using NSFileCoordinator, the mutatingObject dropped about 70% of writes. With it, even using the reading and writing options correctly, I was still losing a few dozen writes every 10,000. This was a serious issue. An object storage that loses about half a percent of writes still isn’t reliable enough to use in production. (Apple folks, here’s a radar. It includes a test project with a failing test.)

At this point, I started thinking about what I was actually trying to do, and whether NSFileCoordinator was really the right API for the job.

Do-nothing “Antivirus” Apps

Catalin Cimpanu (via John Gruber):

An organization specialized in testing antivirus products concluded in a report published this week that roughly two-thirds of all Android antivirus apps are a sham and don’t work as advertised.

Tim Schmitz:

The fact that this stuff exists on the iOS and Mac App Stores really makes you wonder what the point of app review is anyway.

I don’t like the idea of Apple deciding—which it already does to a certain extent—whether an app is “useful,” but clearly one role of a trusted store should be to prevent deception.

Why Operators Are Useful

Guido van Rossum:

The general idea here is that once you’ve learned this simple notation, equations written using them are easier to manipulate than equations written using functional notation -- it is as if our brains grasp the operators using different brain machinery, and this is more efficient.

[…]

Now, programming isn’t exactly the same activity as math, but we all know that Readability Counts, and this is where operator overloading in Python comes in. Once you’ve internalized the simple properties which operators tend to have, using + for string or list concatenation becomes more readable than a pure OO notation, and (2) and (3) above explain (in part) why that is.

Of course, it’s definitely possible to overdo this -- then you get Perl.

Observing the use of custom operators can help identify problem spots in a language.