Archive for April 2019

Tuesday, April 30, 2019

End of the Line for Aperture

Apple (via Joe Rossignol, tweet):

In June 2014, Apple announced the discontinuation of development of Aperture. Since that time, Apple has released five major macOS updates. For technical reasons, Aperture will not run in future versions of macOS after macOS Mojave. To continue working with your Aperture photo libraries, you must migrate them to the Photos app included with macOS, or migrate them to Adobe Lightroom Classic.

Frankly, I’m surprised that Apple maintained support for this long. They recommend using Lightroom’s built-in migrator. But, unless things have changed since I investigated it, Aperture Exporter is a much better option.

What has surprised me is the level of progress with Photos. I didn’t expect it to come close to matching Aperture, but I still find it more clunky and less featured than iPhoto (though, obviously, it does some things iPhoto couldn’t). Still, if you can live with Photos, it does have the advantage of not forcing you to choose between discarding and baking in your Aperture edits.

Jeff Carlson:

I’ve written extensively about this transition since Aperture was shuttered in June 2014. The good news is that there are lots of options now for managing and editing your photo libraries, not just Apple’s Photos app. Luminar, Picktorial, Exposure X4, On1 Photo… In fact, the newest version of Picktorial adds the ability to open Aperture libraries directly, without any type of conversion.

If you want specific step-by-step instructions, pick up a copy of my book Take Control of Your Digital Photos. My book walks you through the steps that will preserve your edited versions, along with ratings and other metadata that can get stripped during the migration process.

Clark Goble:

Lack of an Aperture like app that uses the Photos iCloud backend remains an inexplicable failure by Apple. Lots of people want to use Photos but hate the limited UI & features of the app on Mac.

This is one reason I’m skeptical about the iTunes breakup. Sure, it sounds great to have a powerful backend provided by Apple. The first-party app can be basic, third parties can add more features and options and pro interfaces, and it all interoperates and syncs because of the shared backend. But the reality is that the backend is going to be designed and tested for the cases that Apple is itself using. Trying to build on that would be both limiting and risky. Even in seemingly simpler domain like calendars, apps like Fantastical end up talking to the server themselves, rather than relying on the API for Apple’s backend.


Update (2019-05-01): Nilay Patel:

I’m all in on Lightroom now but Aperture was my first love, and it’s so weird that Apple sells so many cameras with such lame software to support them

The iOS / Mac photo experience is a prime example of how lock-in at scale insulates meh products from competition — Photos is “successful” because millions of people use it by default, not because it’s good or even at parity with the competition

My father just e-mailed to ask how to copy from Photos to a USB stick. With iPhoto, he could always just drag and drop, but Photos has a longstanding issue with promised file drags and so sometimes when you drag and drop nothing happens.

Intelligent Tracking Prevention 2.2

John Wilander:

As of ITP 2.2, persistent cookies set through document.cookie are capped to one day of storage when both of the following conditions are met:

  1. A domain classified with cross-site tracking capabilities was responsible for navigating the user to the current webpage.
  2. The final URL of the navigation mentioned above has a query string and/or a fragment identifier.

The rest of this blog post explores this in detail.

I’m not using the beta, but I wonder whether ITP is the source of some problems I’ve been having. I recently tried to update my billing information with GoDaddy, but got a blank white pane instead of the reCAPTCHA. This happened again after restarting Safari, but it worked when I unchecked “Prevent cross-site tracking” (and also worked in Firefox and Chrome).

I continue to have problems with bank and credit card sites (not to mention Apple’s iCloud and developer sites) not remembering that I have previously logged in.


.DS_Store File Format


#MacOS ‘.DS_Store’ files have now their binary format description on @kaitai_io now.

It means it is now possible to easily parse those files in many programming languages!

Kaitai Struct:

Kaitai Struct is a declarative language used to describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.

The main idea is that a particular format is described in Kaitai Struct language (.ksy file) and then can be compiled with ksc into source files in one of the supported programming languages. These modules will include a generated code for a parser that can read described data structure from a file / stream and give access to it in a nice, easy-to-comprehend API.


Improved Twitter Data Export

Cabel Sasser:

Holy smokes — Twitter Data Export has been massively upgraded. In January I exported my data: 42MB. Today, I get a 3.03GB (!!!) json-based archive of everything — followers, DMs, and most importantly, ALL MY MEDIA! Photos and videos! THIS IS VERY GOOD 🎉

wow according to account-suspension.js i was suspended briefly from twitter?? what’d i do?? also mildly interesting to look at my ad-engagements.js


Monday, April 29, 2019

Mozilla Looking for IRC Replacement

Mike Hoye:

I wasn’t in the room when was stood up, but from what I’ve heard IRC wasn’t “chosen” so much as it was the obvious default, the only tool available in the late ’90s. Suffice to say that as a globally distributed organization, Mozilla has relied on IRC as our main synchronous communications tool since the beginning. For much of that time it’s served us well, if for some less-than-ideal values of “us” and “well”.


We’ve come to the conclusion that for all IRC’s utility, it’s irresponsible of us to ask our people – employees, volunteers, partners or anyone else – to work in an environment that we can’t make sure is healthy, safe and productive.


In the next small number of months, Mozilla intends to deprecate IRC as our primary synchronous-text communications platform, stand up a replacement and decommission soon afterwards. I’m charged with leading that process on behalf of the organization.

Clip Sharing With Overcast

Marco Arment (tweet):

With today’s 2019.4 update, you can now share audio or video clips, up to a minute each, from any public podcast. Simply tap the share button in the upper-right corner.


For podcasting to remain open and free, we must not leave major shortcomings for proprietary, locked-down services to exploit. Conversely, the more we strengthen the open podcast ecosystem with content, functionality, and ease of use, the larger the barrier becomes that any walled garden must overcome to be compelling.

This is really cool.

Timothy Buck:

Marco also updated’s episode and show pages. Now when you click an Overcast link on any device and you’re not logged into Overcast, you’ll receive a page with links to the Overcast app, Apple Podcasts, Castro, Pocket Casts, and a generic RSS Feed link.

As a podcast creator with 80% of my traffic coming from Overcast and Apple Podcasts, this is a hugely welcome change. This doesn’t solve the link sharing problem entirely, especially for shows who have large Android listenerships, but it will reduce the need for me to tweet 3 different links of the same episode.

Marco Arment:

I experimented with automatic transcripts from Apple, Google, and other various providers during clip-sharing development. But none were reliably usable.

They’re OK for search-indexing, but not for humans to read. Imagine the way your voicemail transcribes. It’s like that.

Marco Arment:

Clips are file attachments to wherever you’re posting them, so they’ll stay exact.

The web links load the file directly from the publisher each time and seek to the specified timestamp, so if they use DAI with variable-duration ads, they’ll be off by a bit. Another DAI problem.

Marco Arment:

I tried sending both the video and URL to the share system to see if various apps would do the right thing and share both, but most didn’t. So I offer separate URL and video sharing buttons.

My recommended workflow is to copy the URL, then share the video to wherever, and paste.

Federico Viticci:

Not only is @OvercastFM’s new clip sharing great for podcast listeners, but it’s also a terrific tool for creators who want to share better previews on social channels. I love this addition to the app.

Nick Heer:

Sharing just a clip is the audio equivalent of a blockquote. And because these things are generated as video clips by default, they work with Instagram and Twitter and all the other typical destinations for sharing. Brilliant.

Previously: Luminary Proxying Podcasts Without Asking.

Update (2019-05-31): Pádraig Kennedy:

Full credit to @marcoarment for bringing easy video clip sharing to podcast apps. I genuinely hate copying features from other apps, but once in a while a competitor does something really fucking cool and you have to respond.

Marco Arment:

I sometimes have the same dilemma. I always try to be original and do my own take on things (as do they; Castro is by far my most innovative competitor), but sometimes, a competitor does something the best/only/right way, and the best choice is to do it the same way.

We’re cool.

Pádraig Kennedy:

Thanks man, try this in the export session exportSession.outputFileType = .mov and you might not need an automatic kicking machine... 💚

The Under-Appreciated Awesomeness of Apple Events (the Technology)

Brent Simmons (tweet):

That’s where automation — Apple events — comes in. It doesn’t get in the way of the UI, but if you can find your way to Script Editor (or a similar app: there are others), you can learn how to write any feature or workflow you can dream of (as long as it’s technically possible).

Part of the genius of this is that you’re scripting the apps you already use. You’re scripting these great GUI apps that you know and love. No command line, no piping/launching/closing. Just pulling information from apps and telling them to do things.


An outside observer might think Mac users just use pretty — and pretty simple — apps, and that’s the whole story. But that completely misses the power and genius of Macs.

I can’t think of another platform with the sheer level of automation power that OS X (now macOS) has.

Jon Gotow:

With Marzipan reportedly coming in macOS 10.15 this year, Apple is further de-emphasizing the cooperative nature of macOS apps, and will most likely not support Apple events in the “iPad apps adapted to run on the Mac” context of Marzipan.


And as Brent says (and as I detailed in an earlier post), many Mac apps use Apple events to directly integrate with other applications. They tie everything together for you, taking your Mac experience from ‘good’ to ‘great’. Just in my own apps, Default Folder X communicates this way with the Finder, Path Finder, ForkLift, Terminal and iTerm2 to give you seamless access to folders no matter where you need them. App Tamer uses Apple events to make sure it doesn’t interrupt iTunes and Spotify when they’re streaming music for you. And there are numerous other examples throughout the Mac ecosystem (and probably on your Mac right now).


Update (2019-05-02): Jason Snell:

I have a million questions about the future of user automation on Apple’s platforms, beyond just the scope of the changes in macOS 10.15. Are URL schemes really the future of inter-application communication, or is Apple working on a new system that’s a successor to AppleEvents that will offer a more robust pathway than a giant string of plain text? Is Shortcuts going to gain more low-level capabilities on both platforms? Will third-party automation utilities like Keyboard Maestro be able to control UIKit apps effectively?

In the end, I’m not as concerned with how user automation is preserved on macOS as I am concerned that it is preserved. Shortcuts is a remarkably powerful app, and even URL schemes can be richer than you might think—though they’re definitely inelegant.

They can do a lot more than you might think, but they’re definitely not a replacement for something like Apple events.

Apple Cracks Down on Screen Time Apps That Use MDM

Jack Nicas (Hacker News):

Over the past year, Apple has removed or restricted at least 11 of the 17 most downloaded screen-time and parental-control apps, according to an analysis by The New York Times and Sensor Tower, an app-data firm. Apple has also clamped down on a number of lesser-known apps.

In some cases, Apple forced companies to remove features that allowed parents to control their children’s devices or that blocked children’s access to certain apps and adult content. In other cases, it simply pulled the apps from its App Store.


“We treat all apps the same, including those that compete with our own services,” said Tammy Levine, an Apple spokeswoman. “Our incentive is to have a vibrant app ecosystem that provides consumers access to as many quality apps as possible.” She said the timing of Apple’s moves were not related to its debut of similar tools.


Apple told the companies that their apps violated App Store rules, like enabling one iPhone to control another, although it had allowed such practices for years and had approved hundreds of versions of their apps.

Apple allows corporations to use such software to control employees’ phones. But last year, the company stopped apps from using the software to enable parents to control their children’s devices.


The app makers said they were most frustrated by the process of meeting Apple’s sudden demands. In many cases, Apple alerted them that their apps would be removed — and their businesses crippled — via a short note, according to correspondence viewed by The Times.

When app makers asked for more information, responses were often perfunctory and slow in coming.

The article doesn’t do a very good job of presenting Apple’s point of view.


So, let’s get the facts straight here:

1. The apps used MDM profiles, intended for control of employee’s smartphones and/or vpns to filter access to apps.

2. Those approaches gave the app makers enormous control over the devices. If they used vpns, all internet traffic from the device could be intercepted. If they used MDM profiles, they had deep access to all the device’s settings. It was a huge privacy risk.

3. This was clearly against Apple’s policies. APIs were used for the purpose they were not intended for. That was what Facebooks’s certificates were revoked for. They should’ve feared removal since the day they wrote their first line of code.

4. I guess that Apple understood the need for parental control apps and allowed them, with the privacy risks, as there was no other way to get parental control at the time.

5. Apple knew how important iPhone addiction has become and developed their own, privacy respecting solution, screen Time.

6. The need for parental control has now been filled and the privacy risks of those apps now outweigh the benefits. Apple made the decision to remove.

Eric Slivka:

The report quotes several developers who had their apps removed, including one who says the removal came “out of the blue with no warning.” Apple is facing several complaints related to the moves, with a pair of developers filing with the European Union’s competition office and Russian cybersecurity firm Kaspersky Lab filing an antitrust complaint in that country.

Apple (via Phil Schiller):

Over the last year, we became aware that several of these parental control apps were using a highly invasive technology called Mobile Device Management, or MDM. MDM gives a third party control and access over a device and its most sensitive information including user location, app use, email accounts, camera permissions, and browsing history. We started exploring this use of MDM by non-enterprise developers back in early 2017 and updated our guidelines based on that work in mid-2017.

MDM does have legitimate uses. Businesses will sometimes install MDM on enterprise devices to keep better control over proprietary data and hardware. But it is incredibly risky—and a clear violation of App Store policies—for a private, consumer-focused app business to install MDM control over a customer’s device.


When we found out about these guideline violations, we communicated these violations to the app developers, giving them 30 days to submit an updated app to avoid availability interruption in the App Store. Several developers released updates to bring their apps in line with these policies. Those that didn’t were removed from the App Store.

I think Apple’s heart is in the right place, but I don’t like the way they’ve handled this.

It’s hard to believe that Apple only recently figured out that these very popular apps had been using MDM for years or that MDM was potentially dangerous. Their spin is basically that App Review was asleep at the switch—which I guess sounds better than that they just decided to change the rules and pull the rug out from underneath these developers and users.

The framing is that the developers are choosing not to bring their apps into compliance, but it sounds like it’s not possible for them to do so—hence the quotes in The Times about Apple being unwilling to provide specific guidance.

There’s no evidence presented that any of these developers abused the power of MDM. I’m sure they would prefer to have a more tailored API, but there isn’t one. In the meantime, they seem to have provided useful features that customers liked and that are not available in Apple’s first-party solution.

John Gordon:

This is a complicated area I know well. Overall Apple is wrong and abusive. OTOH these apps all failed my testing. OTOH Apple’s solution has huge unfixed bugs ...

Colin Cornaby:

The point about MDM is fair, but the lack of an alternative to MDM for these use cases is problematic.

John Gordon:

In my testing, for a user with two iOS devices, Apple’s remote control “Content & Privacy Restrictions” only work for one of a user’s devices. The other is not affected …

… I don’t think anyone else on earth has actually tried using Apple’s Screen Time… It’s as broken as their keyboards.

… interestingly looking at Screen Time on either the controlling or controlled device shows that account cannot be changed … but it can be changed (not grayed out)

Nick Heer:

App Review should, at the very least, prevent rule breakers from getting into the App Store in the first place. They failed to do that by allowing high-profile parental control apps into the store that cannot work without violating their rules. But they should at least be very clear about the circumstances of rule violation, particularly when an app has already been approved.

It’s also clear that there is a demand for these apps. I think it would be great if there were APIs for Screen Time data, perhaps tied into HealthKit.

Benjamin Mayo:

The timing of Apple discovering the MDM abuse does line up almost too conveniently with the launch of Apple’s own Screen Time features in iOS 12, but realistically Apple has no real incentives to push Screen Time over third-party offerings.

However, there is a nuance to Schiller’s words. He welcomes developers to continue making parental control apps that are not based on MDM profiles. The problem is, making such a service results in a significantly limited user-experience. The iOS app sandbox prevents a normal app from gathering phone-wide data like which apps were opened and for how long, or support ‘downtime’ behaviours like blocking an app from working after a timeout.

Schiller names an app called Moment – Balance Screen Time as an example of a great app for parents. This app relies on user’s manually screenshotting their Battery screen every day to upload to the Moment app, which uses optical character recognition to read the rows of most used apps. It’s a big hack and nowhere near as seamless as the always-running-in-the-background, official, Screen Time.

Tony Fadell:

Apple’s Screen Time still has many holes & deficiencies. Their v1.0 solution was a rush job & it’s very non-intuitive to use. Apple should be building true APIs for Screen Time so the “privacy” concerns are taken into account instead of limiting users App Store choices.


Apple until you have a real API, let the 3rd party apps be available to App stores users. Those devs are trying to help, not steal data. The only reason they have to do what they do is because you don’t provide a proper API.

John Gordon:

I’m so glad you wrote this. I felt like only user. We need API to build solutions for special use cases. Great need for cognitive disability users who age out of “traditional parental controls”. OTOH, no 3rd party solution actually works. I tried them.

Will Strafach:

Apple seems to now be very serious about apps capable of access to certain data. we had to fight tooth and nail to get approval for Guardian, and the nature of Apple’s questions indicated to me that they would like to avoid another Onavo.


Update (2019-04-30): Shawn King:

While becoming more common, it’s still a fairly unusual move for Apple to respond so quickly, directly, and on a weekend to stories like the one in the New York Times.

Timo Perfitt:

Is it possible that Apple didn’t know that companies were using MDM for parental controls? Why were the apps approved in the first place?

All of this seems like a communications / feedback failure.

Ryan Jones:

This is a really bad look for Apple. These apps have been using MDM for years and years.

Either they allowed apps that “put users’ privacy and security at risk” for 3+ years or they only now care for competitive reasons. Has to be one (or both).

Rene Ritchie:

What was Apple’s full statement to the times? Unless and until the Times posts it, we don’t know.


Apple opens up this way:

Apple has always believed that parents should have tools to manage their children’s device usage. It’s the reason we created, and continue to develop, Screen Time. Other apps in the App Store, including Balance Screen Time by Moment Health and Verizon Smart Family, give parents the power to balance the benefits of technology with other activities that help young minds learn and grow.

And, really, I think that’s just about the worst way to open. No other apps currently permissible on the App Store has the capabilities to really offer similar features in a convenient, effective way.

My guess is that Apple is doing what Apple typically does: Introducing Screen Time as a built-in feature, dog-fooding it, adjusting it if and as needed, and then, a year or two later, introducing an API — application programming interface — that other apps can use to securely, reliably, privately tap into the same data and offer alternative implementations and value-added services.

I would say: “typically” for areas where Apple wants to have an API. I’m not sure that this is a case where they do. They haven’t added an API for Night Shift, and I doubt that they will. There’s no API to make third-party e-mail clients or Web browsers that can do what Mail and Safari can (Schiller’s comments notwithstanding) or even set a default app.

Update (2019-05-01): OurPact (via Zac Cichy):

We present here, point by point, Apple’s recent claims in defense of removing apps that use MDM, to be contrasted with quotes from their own MDM documentation.


To date, OurPact has been approved by Apple for release to the App Store 37 times, with documented use of MDM.

In Apple’s public statement, they claimed that they gave developers 30 days to modify their apps in line with their guidelines, even though their guidelines make no mention of MDM. We did not receive any notice before OurPact’s child app was removed by Apple.

More importantly, there is no way for any company offering a parental control app to remove MDM functionality and still have a viable product. If Apple offered alternate APIs to achieve the robust parental controls that OurPact provides we would happily use them. Unfortunately, no such API exists. All attempts to open a dialogue with Apple to create those APIs have also been refused.


The takeaway from the call was that the technology in use was not the issue, but the act of blocking or restricting the use of third party apps was. Once again, user privacy was never raised by Apple as a concern.

Update (2019-05-02): Joe Rossignol:

In the days since, a handful of developers behind parental control apps including Qustodio, Kidslox, OurPact, and Mobicip have responded to Apple's press release with open letters, calling for the company to make the APIs behind its Screen Time feature available to the public for use in third-party apps.

See also: Techmeme.

Update (2019-05-10): See also: Accidental Tech Podcast.

Thursday, April 25, 2019

Luminary Proxying Podcasts Without Asking


Luminary is caching 3rd party podcast MP3s on their CDN. Their iOS app doesn’t even go to the ATP RSS feed. How do you feel about Luminary redistributing ATP without permission?

Luminary’s show notes UI doesn’t have clickable links. And some shows have show notes truncated. Removing sponsors, promo codes. And call to action links to directly support podcasts.

This weird behaviour isn’t done by the app. If you look at the podcast “feed” the show notes have been edited in their backend.

This kind of reminds me of that time Google scanned books with an opt-out instead of an opt-in.

Nicholas Quah:

The Joe Rogan Experience, one of America’s most popular podcasts, has requested to be removed from Luminary, the new $8-a-month premium podcast platform, I’ve confirmed. The show explicitly cites licensing issues as the reason behind the intent to withdraw: “There was not a license agreement or permission for Luminary to have The Joe Rogan Experience on their platform,” a representative told me last night. “His reps were surprised to see the show there today and requested it be removed.”

David J. Loehr:

It’s not just copyright infringement, it seems like this would potentially affect the statistics we use in order to show advertisers what kind of downloads we have, which would drive down ad rates, etc. Right?

Marco Arment:

Yup. The podcast economy works on download counts, not RSS subscribers.

Re-hosting platforms (Spotify, Google, formerly Stitcher) prevent each download from being counted properly by the publisher, under-reporting their audience size.

That’s why re-hosting requires opt-ins.

Federico Viticci:

We have requested @hearluminary to remove @appstoriesnet from their service.

We have agreed to nothing yet our content appears to be cached on their servers and our show notes (with sponsor info) were stripped.

Their behavior is appalling and we want nothing to do with this.

John Voorhees:

Here’s the thing. @hearluminary is trying to build a spoken work subscription service that isn’t podcasting on the back of free podcasts it’s using to backfill their meager selection of original shows. If someone wants to be part of that fine, but they didn’t ask us and we don’t.

Marco Arment:

Luminary’s responding in this thread, claiming (I think) that they’re proxying, not caching — still re-serving, but making a new request to the publishers’ servers for each request.

If so, that’s still a copyright issue and still breaks most stats, which de-dupe by request IP.

John Voorhees:

Setting aside the fact that you shouldn’t have to opt out of someone scraping your show, if you have a podcast and want to remove it from @hearluminary, they have a support page with the details they want before they’ll remove it.

Marco Arment:

It’s not faster if it’s 1:1. That means for each request, a Cloudflare server must fetch the file from the publisher’s servers, then re-serve it to you. It will always be slower, even if only slightly. CDNs are only faster if they cache.

There’s also little speed difference to be had in practice even with caching, since most podcasts are already hosted on CDNs.

If @hearluminary is truly 1:1 proxying podcast files and not modifying them, they should be able to switch to HTTP redirection and achieve the same goals as whatever their problematic proxy/CDN is doing.

Marco Arment:

Proxying breaks any modern podcast stats (including IAB-compliant ones) because they require algorithms to exclude multiple requests from the same IP address.

Every proxy download will appear to come from the same small number of IP addresses, thus being undercounted.

Federico Viticci:

To clarify my stance on this: I’ve seen enough startups come and go over the years that promise to aggregate RSS blog/podcast content to “elevate the medium”. They don’t care. Creators are just a commodity to them. They never ask for consent and act like the saviors of a medium.

Marco Arment:

Confirmed, the @hearluminary podcast-masking proxy URLs are now serving HTTP 302 redirects.

Glad they responded quickly. Should’ve been done properly from the start, but at least they fixed it.

Federico Viticci:

This is better. But we’ll still be pulling AppStories due to Luminary’s behavior (we did not ask to be included in a closed platform), because they hide show notes, and because they won’t let listeners subscribe with our own, open RSS feed. We’re not interested in this business.

Update (2019-04-28): See also: Accidental Tech Podcast.

Federico Viticci:

To clarify my stance on this: I’ve seen enough startups come and go over the years that promise to aggregate RSS blog/podcast content to “elevate the medium”. They don’t care. Creators are just a commodity to them. They never ask for consent and act like the saviors of a medium.

Joshua Benton:

Now Luminary says to podcasters:

— it’s not copying your podcast files, and
— it’s no longer screwing with your stats, BUT
— but it really is killing all your show-notes links on purpose for your own safety

John Gruber:

If you want to read a particular website, you can enter the URL for that website into any web browser. In the same way, if you want to listen or subscribe to a podcast, you can enter the URL for that podcast’s RSS feed into any podcast client. And all popular podcast players make it easy to search for podcasts by name so that you, the user, don’t have to know the URL or even know what a URL is.


So is a podcast a “podcast” if it only works in one app? I’m going to say no.


So putting aside (for the moment) whether Luminary’s own original shows qualify as “podcasts”, as a podcast player, Luminary’s app is in the incredibly bizarre position of not playing several very popular podcasts that every other podcast player in the world can subscribe to and play.

Dave Winer:

We need a new name for podcast-like things that have no feeds, are locked behind a paywall, can’t be archived, cited or shared, and don’t create any kind of record.

Tuesday, April 23, 2019

PDF Outlines, Bookmarks, and Preview

Howard Oakley:

I took a vanilla three-page PDF created using the Quartz 2D engine in Mojave, and tried to add an Outline or Bookmarks using each of the PDF editors I have to hand[…]


In most cases, whether called a Table of Contents, Outline or Bookmarks, the marked locations are written using a PDF /Outlines scheme, to a series of objects in the PDF source. The notable exception to this is Preview, which encodes Bookmark data in an XML stream rather than using /Outlines or any simple PDF objects.

All the apps are able to read Outlines or Bookmarks which use the /Outlines scheme. However, Preview’s XML stream doesn’t work in any other app of those tested.

Preview still hasn’t recovered from the rewrite in macOS 10.12. I continually get uncaught exception errors and hangs. These can actually be data-destructive because Preview will overwrite the on-disk file with unsaved changes, and if it doesn’t close the document in the normal way it won’t revert the file to its original state.

Previously: It’s Frustrating That Preview in Mojave Isn’t Better.

Collision Course

Jeff Johnson:

You could argue that Apple is wasting resources trying to put “Pro” features into iOS. They’ll be mostly wasted on people buying the cheapest, smallest iPads. The idea of iPad as a Mac replacement seems to be ideologically-driven by a vocal few.

Unfortunately, Tim Cook is one.

Mac unit sales increased 75% between 2009 and 2018. Empirically, iPad has not replaced Mac. Not at all. And given that iPad ISP is $422, have to conclude:

1) iPad is a supplement to Mac, and/or

2) iPad is a device for people who wouldn’t otherwise buy a Mac (maybe cheap PCs?)

Too bad Apple is no longer reporting unit sales.

Dan Masters:

Interesting point – the Apple community bubble assumes much about how the general public uses particular products, but how much of it is true?

It’s hard to know. My mother’s 2017 Mac is newer than her iPad Air, so her wallet is voting for the Mac, but she spends far more time on the iPad. Yet if she had to give up one or the other, she’d keep the Mac. My father is similarly non-technical and only uses a Mac and phone.

Michael Potuck:

Apple’s VP of software engineering, Craig Federighi, answered the question of whether the company was working on merging iOS and macOS with a huge “No.” on stage at WWDC yesterday.

Federighi’s “No” is to UIKit/AppKit/Marzipan as the word “modular” is to the new Mac Pro. It was intended as reassurance but isn’t, really, because it can mean just about anything. Everyone is reading their own hopes and fears into it. I tend to think he meant only that there won’t literally be a single OS that runs across Apple’s hardware lineup. But that’s not saying a whole lot if it ends up that he thinks the future of Mac apps is the same UIKit code running on a slightly different substrate. If the majority of apps end up being designed for touch and limited by what UIKit can do, what difference does it make that it’s called macOS?

Apple has definitely been making iOS more like the Mac and macOS more like iOS. In some ways this is good, but both platforms also seem to be losing aspects of what made them great. iOS was inevitably going to lose its simplicity due to competitive pressure. The Mac situation seems unnecessary, and I think stems from a combination of vision (apply Apple’s favorite iOS ideas to the Mac) and neglect (no time/budget for Mac-only stuff).

Steve Troughton-Smith:

So the ‘Marzipan SDK’ is just the iOS 13 SDK all along — a checkbox in your iOS project settings. I theorized it might be, months ago. What will that mean for the separation between UIKit and AppKit world? The iOS SDK doesn’t include Mac frameworks like AppKit, AppleScript…

Colin Cornaby:

Was pointed out to me that if Marzipan and AppKit are partitioned, that not only would Mac apps not get Shortcuts, but Marzipan apps wouldn’t get AppleScript.

AppleScript doesn’t get a lot of attention these days but it’s invaluable to a lot of power user workflows. What a mess.

IF I take the Siri Shortcuts/Mac rumors at face value: Siri Shortcuts only being available to Marzipan apps implies that Marzipan still segmented from the Mac. That’s not great for people who want to mix Marzipan and AppKit, or transition one way or the other.

Brent Simmons:

For UIKit to become an app framework for Macs that makes great Mac apps, it will have to become AppKit. That is, it will have to adopt so much (perhaps with revision, of course) that it does pretty much everything AppKit does.

Brian Webster:

I had this same thought myself. Makes me wonder whether ultimately it will be easier to provide a way to combine/embed UIKit and AppKit controls/windows, much the way Apple did with Carbon and Cocoa (over the course of a few years).

Jim Rea:

When this was announced last year, I thought that was what they were doing. Very disappointing that this apparently isn’t happening. But we’ll see for sure in 40 days.

Currently, it doesn’t even seem like they are unifying the types.

Michael Love:

And my theory that AppKit = Carbon seems to be if anything understating what’s about to happen; Apple’s going to simply bring the interesting AppKit UI pieces to UIKit and deprecate the rest, by 2020 nobody will be writing AppKit apps anymore.

Drew McCormack:

In any case, in my discussions with people at Apple, it seems UIKit is not designed to replace AppKit, or even be used by skilled Mac developers. They simply don’t have that goal in mind.

However, Marizpan will surely have consequences that were not a goal but that nonetheless follow inevitably from its introduction.

Nicolas Zinovieff:

For sure, but what I’m mostly concerned about is the “hybrid side-effect”: so you fear AppKit and you do your app in UIKit because “easymode”. Then you want or need to add a feature that’s not supported. You will just drop that feature rather than rewriting the UI.

Steve Troughton-Smith:

If you missed last week’s @_connectedfm, @viticci had a pretty interesting scoop that he’d been sitting on re mouse support coming to iPad as an accessibility feature. As far as I’m aware, that is indeed in the works. I feel like every pro user will turn that on, day one 😂 with UIKit adopting all kinds of API for mouse support for the Mac, it makes a ton of sense to let that be leveraged on iPad too if somebody has a mouse connected. Not changing the OS for anybody using touch, but adding functionality for those who choose, or need it


Unsigned apps, full system access, full file system access, Steam and 3rd party stores all exist on the mac.

These are the mac’s strengths, they are what makes it so powerful and useful.

Apple seems to view all of that as a weakness, a failing to be corrected and eliminated.

They think anything less than the lock down and control they have over iOS is a security and strategic vulnerability to be removed.

Locking down and controlling the mac, ends it being a real computing platform and kills innovation on the platform.

One could argue that the most significant Mac changes in recent years have been putting up roadblocks to development rather than opening up new avenues of functionality like at the beginning of the OS X era.


Update (2019-04-24): Colin Cornaby:

Without speaking to the accuracy of rumors/speculation: I worry about a Windows 8 style Pyrrhic victory. You can succeed in unifying all your applications around the lowest common denominator and filling the store with apps, at the cost of the platform you were trying to save.

The iPad and Mac have been on a collision course since the very beginning. But it feels like Apple is scared of the iPad becoming a Mac. So they continue to sit on their position of “we’re not merging the platforms” and we get situations like (possibly) this.

Take macOS, tweak it, and make it ProOS. Run it on the iPad and Mac. Have AppKit and UIKit and AppleScript and Terminal and Xcode and eGPU and drivers for everyone. This all feels like a giant exercise in keeping the iPad from becoming more open and locking down the Mac.

I love my iPad but I hate that I’m constantly having to grab my MacBook Pro to do things. I want my MacBook Pro on iPad hardware, not an iPad on my MacBook Pro hardware.

Brent Simmons (tweet):

Maybe because I lived through this — maybe because I’m a certain age — I believe that that freedom to use my computer exactly how I want to, to make it do any crazy thing I can think of — is the thing about computers.

That’s not the thing about iOS devices. They’re great for a whole bunch of other reasons: convenience, mobility, ease-of-use.


In a way, it feels like iOS devices are rented, not owned.


Macs carry the flame for the revolution. They’re the computers we own, right? They’re the astounding, powerful machines that we get to master.

Except that lately, it feels more and more like we’re just renting Macs too, and they’re really Apple’s machines, not ours.

Drunken Dogcow:

Agreed, except giving Apple a pass on iOS for their nanny authoritarianism while simultaneously arguing against the Mac heading the same way. This makes no sense to me. iPhones and iPads are computers and could be so much more if they weren’t locked down. Let’s not make excuses.

Ken Kocienda:

Over time, I’ve become and less less interested in software that doesn’t have access to its hardware. I want the option to “drop down a level” and then another and another, as far as necessary to get the job done right.

Steve Troughton-Smith:

Apple seemed to need a lot of reminding that the Mac was important. Now, it’s important to remind them why the Mac is important, so that they get any coming transitions right. The future is still being written

Will Cosgrove:

We’re always talking about how Apple created a Pro team to simply research how pros use their computers. They don’t understand why the Mac is important anymore.

Damien Petrilli:

It’s funny to see a claim that the Mac App Store is involving without developers because they didn’t embrace it.

When you known 100% of developers were forced to "embrace" the App Store on iOS and Apple still didn’t give a shit about them.

See also: Marco Arment.

Michael Love:

On this, a) he’s right but also b) the war between consumers and power users for the soul of personal computing has been raging for decades; this is just the latest front.


I feel as though Apple with the Mac has become like the proverbial snake eating its own tail… while—muffled, mouth full—extolling how they were so prescient to “see” that the iPad was to become the natural successor to the Mac.

It’s sad.


Mark Bernstein:

The end of personal computing?

iKyle quoting Mark Pilgrim:

“Once upon a time, Apple made the machines that made me who I am. I became who I am by tinkering. Now it seems they’re doing everything in their power to stop my kids from finding that sense of wonder.”

Steve Troughton-Smith:

It was described to me recently by somebody in the know that AppKit will stick around as long as Photoshop needs it. I’m not sure the source was aware that Photoshop’s new cross-platform (‘iPad’) version was rumored to be destined for the desktop, like all of their revamps…

I very much got the impression that Apple was not planning to maintain two dueling UI frameworks on the Mac. If that is the case, developers and users really need to make it clear to Apple what parts of legacy macOS are worth bringing to UIKit and iOS, and soon

Jason Snell:

I fell in love with the Mac nearly 30 years ago, in the fall of 1989. It’s been the center of my tech world ever since, and I’ve been writing about it professionally for 25 years. And yet these past months, I’ve noticed something strange creeping into my thoughts occasionally while I sit at my desk working on my iMac Pro: iOS does this better.

That’s how I feel much of the time using my iPhone.

Update (2019-04-28): Kyle Howells:

I think most of the danger associated with the Marzipan transition is just Apple touching apps in any way. Because Apple can’t touch a mac app without turning it into a terrible iPad app lately, regardless of the framework used.

Eric Schwarz:

While I can sympathize with those who are concerned of the direction of the Mac and what it means for their usage, the vast majority of Mac users probably won’t care because they’re using Macs like oversized iOS devices anyway. Outside of iOS development, Apple has basically said that you have a choice: pick a Mac that suits your needs and live with the weird macOS purgatory that we’re in right now or feel free to buy literally any other computer out there.

See also: Accidental Tech Podcast and The Talk Show.

Update (2019-05-13): Mike Zornek:

For a meeting who’s goal was to clear things up, they sure did leave us speculating [about the Mac Pro].

Update (2019-05-14): Steve Troughton-Smith:

Apple’s dual operating system strategy is ill-equipped for foldable tablets; what happens when a MacBook is an iPad and an iPad is a MacBook? Does Apple sell two identical devices with different OSes? Or does the Mac stay with legacy form-factors only?

Update (2019-05-24): Steve Troughton-Smith:

A really interesting question we probably won’t have an answer to for years to come is whether UIKit is the ‘Carbon’ or the ‘Cocoa’ of this transition. I think the only appropriate answer is ‘yes’. UIKit is the present, and the developer ecosystem it will bring with it is incredibly important. AppKit is also the present, and it provides and powers the Mac as we know it.

I’m sure we will have great, genre-defining apps from both UIKit and AppKit on the Mac. With Carbon, we had iTunes, Photoshop, Microsoft Office and Final Cut Pro. Eighteen years on, Carbon is finally reaching its end date, and the transition of all these apps to Cocoa/AppKit is complete. If AppKit still has eighteen years left ahead of it, I think the Mac will be just fine.

Both classic Mac OS and NEXTSTEP came to an end; the Mac did not. I think everybody can agree the unified whole was much greater than the sum of its parts, but this was not clear at all in 1997. The future is still being written, and we each, ‘Mac developers’ and ‘iOS developers’ alike, will get to be there to help shape it.

Brent Simmons:

So, knowing how this has worked out in the past, why do I fear the reaper?

Because bringing UIKit brings no new power. If anything, it subtracts power. UIKit apps — at least so far — are all sandboxed and available only via the App Store. They don’t offer everything AppKit offers.

And, to make things worse, it’s reasonable to be somewhat skeptical of Apple leadership’s understanding of the platform. Daring Fireball quotes a source at Apple as saying they had “taken their eye off the ball on Mac.”

Backing Up Shared iCloud Photo Albums

Tyler Hall:

Ideally, on Mac (or iOS) would have a preference to automatically import shared items taken by other people – and then those would feed into Google Photos. But that doesn’t exist. I could manually save-to-my-library new items as they’re shared, but that’s error prone and not scalable.

Also, what about the 2,000+ previously shared photos? I thought I would be clever and just select-all on my Mac and drag them into my main library, but after doing a few quick tests I realized isn’t smart enough to not duplicate the photos I took and shared when importing. (This is likely due to Apple scaling-down and stripping out metadata of shared items.) And there’s no way to sort by “other people” or build a smart album of “photos taken by other people” to filter out your own images when importing.

Monday, April 22, 2019

Joe Armstrong, RIP

Francesco Cesarini (Hacker News):

It is with great sadness that I share news of Joe Armstrong’s passing away earlier today. Whilst he may no longer be with us, his work has laid the foundation which will be used by generations to come. RIP @joeerl, thank you for inspiring us all.

Sugandha Lahoti:

Dr. Armstrong was best known for helping lay foundations in the ’70s and ’80s to the most widely spread concurrency models as we know them today. In concurrent programming, multiple events, code snippets or programs are perceived to be executing at the same time. Unlike imperative languages, which uses routines or object-oriented languages, which use objects. Concurrency oriented languages use processes, actors, and agents as the main building blocks. Dr. Armstrong helped propel concurrency programming at a time when there was no IoT, web, massive multi-user online games, video streaming, and automated trading or online transactions.


Erlang was originally built for use only at Ericsson, as a proprietary language, to improve telephony applications. It was designed to be a fault-tolerant, distributed, real-time system that offered pattern matching and functional programming in one handy package. It was then open-sourced to the public in 1998. Since then, it has been responsible for business, big and small, to create reliable systems.

Greg Hurrell:

His last tweet:

Joe Armstrong:

Once upon a time my boss asked me to study if we should use C++ or Erlang for a specialist XML parser to be used in a product (for reasons of speed not energy).

My recommendations was an FPGA

We built an FPGA.

Relative speed of C++/Erlang was irrelevant compared to FPGA.

Michael Gasch:

Apparently, the creators of the language found a way to trick the mighty failure gods. What have they done differently? Well, amongst many carefully evaluated design decisions that went into the language, they came up with the philosophy of “Let it crash”. I.e., instead of writing a lot of defensive code to handle every possible corner case, you accept that there will be failures, where you separate the concerns and take corrective actions.

The separation of concerns in this case is based on the concept of a supervisor and supervision trees, where the supervisor deals with failure (crash) handling when faults in the business logic (worker processes in the tree) occur. Another advantage is that these processes don’t have to run on the same machine to benefit from the supervision concept. Furthermore, in Erlang, processes are isolated from each other and don’t share state. So you can further reduce the blast radius of failures on a process-level.

See also: Wikipedia, Let’s Talk Concurrency (via Hacker News), Why OO Sucks (via Hacker News, note).

Previously: A Taste of Erlang.

Update (2019-05-10): See also: uses this (Hacker News) and The Guardian (Hacker News).

Performance Considerations When Reading Directories on macOS

Thomas Tempelmann:

Unfortunately, with Apple’s new file system APFS, and the fact that any macOS running High Sierra or Mojave got their startup volume converted from HFS+ to APFS, search performance has decreased by factor 5 to 6!


I’ve tried to find out which of the various methods of reading directories, looking only for file names, is the fastest: I had to scan the same directory tree with every method separately.


contentsOfDirectoryAtURL and getattrlistbulk perform equally indeed, just as predicted, with the latter usually being a bit faster once the data comes from the cache.

On APFS, NTFS and SMB, opendir() is significantly faster than the other methods, which is quite surprising to me.


When accessing a Mac via SMB, contentsOfDirectoryAtURL is faster than the other methods, but only on the first run (see red field). Once the caches have been filled, it’s slower. I can’t make sense of it, but it’s a very consistent effect in my tests.

Previously: APFS and Fast Catalog Search.

Update (2019-04-23): Thomas Tempelmann:

fts_open() / fts_read() are, in most cases, faster than readdir()contentsOfDirectoryAtURL and getattrlistbulk. Exceptions are network protocols, where especially the retrieval of additional attributes makes it slower than the other

The True and False Security Benefits of Mac App Notarization

Jeff Johnson (tweet):

Notarization is a kind of two-factor authentication. In order to notarize an app, you first need to sign it with your Developer ID cert, but then you have to submit it to Apple using the Apple ID and password of your developer account. If your signing cert is compromised, that by itself would no longer be sufficient to distribute the app.


A myth has been spread that Developer ID certs can only be revoked in entirety, meaning that all versions of all apps signed with a Developer ID cert would be invalidated when the cert is revoked. Apple has contributed a bit to this myth[…]


The ability of Mac apps to update themselves shows that the notarization malware scan is security theater. Apple’s notarization service scans for malware, but malware authors don’t need to submit malware to Apple! They can submit a perfectly innocent app for notarization, get the app notarized, and then flip a switch on their own server to download a malware software update when the victim opens the “innocent” notarized app. The downloaded malware update doesn’t need to be notarized, because the software updater will delete the quarantine attribute, thus bypassing Gatekeeper.

I guess the questions are:

I suspect that the answers are “no” and “yes.” Apple presumably believes otherwise. (They are surely aware of this loophole, and I don’t see why they would bother developing notarization if they didn’t believe in it.)

The malware scan is unlikely to catch serious malware authors, but it does punish legitimate developers, because they have to submit their apps and then sit and wait for Apple’s response, which Apple claims should take less than an hour (already too long), but in practice has taken much longer in some instances, according to developers I’ve heard from. Just yesterday, Apple’s Developer System Status showed 2 outages of 90 minutes each with the Developer ID Notary Service. The whole point of distributing software outside the Mac App Store is to avoid problems like these, submitting to Apple for approval and waiting for their response, but now Apple is imposing those very same problems on software outside the App Store. If notarization is to be required at all, I think it should skip the security theater of malware checks and simply notarize the app on submission, a process that would be almost instantaneous.

I’m not sure that the malware scan is the reason that notarization can sometimes take a long time, because I’ve had the same problem with “Processing for App Store” when submitting via App Store Connect.

Besides the notary service being down, mandatory notarization is risky for developers because code signing requirements can (and have) changed without warning and the malware scan might falsely block a legitimate app as malware. I’m not sure what you’re supposed to do in that case, but it would likely take a while. Developers know that when the App Store scanner falsely flags their app for violating a rule, contacting Apple through official channels rarely leads to a resolution. Instead, they have to act like an actual malware author and try to obfuscate their code to fool Apple’s tools.


Update (2019-04-23): Jeff Johnson:

“signing applications with your Developer ID certificate provides users with the confidence that your application is not known malware”

Isn’t that the exact same story we’re being told again with notarization? Fool me once, shame on you, fool me twice…

Update (2019-04-28): Todd Ditchendorf:

I fully appreciate the criticisms on this, but I can think of one good reason why Notarizing is not just Security Theater: It gives the responsible developer some “confirmation” that his app does not unintentionally contain malware. Like a mandatory virustotal dot com check.

Update (2019-04-29): Stephane:

Strangely, I tend to remember that Apple was not able to detect XCodeGhost by itself and prevent infected iOS apps from entering the App Store. So why should we believe they would be more effective with the notarization process?

Update (2019-05-09): Kyle Howells:

App notarisation I think is the biggest threat to the Mac remaining the open app platform we know today.

It can act as a Mac AppStore style, sandboxing and private API gate at the flick of a switch.

And we all just have to hope Apple will never flick that switch.

Update (2019-05-10): Jason Snell:

Yes, it’s possible that Apple could use this approach to ban most third-party apps outside of the App Store, but I don’t think that’s the intent. Instead, I think this is yet another example of how Apple wants to gain some of the benefits of App Store-style security without forcing every piece of Mac software through the Mac App Store.

Update (2019-09-09): Thomas Clement:

Funny thing, someone notarized the latest version of my app and that’s not me. Is it some random developer? Is Apple notarizing apps out there to avoid too much breakage?

Jeff Johnson:

My old blog post “The true and false security benefits of Mac app notarization” said that notarization is a kind of 2FA, but now we see that’s false.

Any developer can notarize signed software, not just the owner of the Developer ID signing certificate.

This means that if someone has unauthorized access to your DevID cert (not the situation for Thomas, but other devs have had certs stolen), the unauthorized person can still notarize and distribute software using your cert without your knowledge or access to your AppleID.

Update (2019-12-23): Jeff Johnson (tweet):

In my previous article I claimed that notarization protects your Developer ID certificate from unauthorized use, because once your app is signed with the certificate, it also has to be uploaded to Apple’s notary service using your Apple developer account, which itself requires 2FA. Consequently, unauthorized distribution would require compromise of both your Developer ID certificate and your developer account, and you would still receive email notification of any notarization performed with your account, or indeed any changes whatsoever to your account, including change of the email address associated with the account. Nobody can notarize an app using your account without your knowledge.

My mistake was assuming that a Mac app signed with your Developer ID certificate would have to be notarized with your Apple developer account. […] It seems that anyone with an Apple developer account can notarize any signed Mac app, even if the signer and the notarizer have no knowledge of each other.


Galaxy Fold Review

Dieter Bohn (tweet):

I have never used a device with this many problems that I have liked this much.


The Galaxy Fold is also beset with issues that stack up into a pile that you can’t excuse away by saying this is just a first-generation product. There are basic user experience issues that are unacceptable on any smartphone, much less one that costs two grand.

What you should do is head to a store and play around with it because it is legitimately a marvelous thing to play with. Beyond that, it’s a status symbol, a curiosity, and a little tease at a possible future.


I found myself using it in meetings, and nobody batted an eye. I was reviewing docs for the meeting, but I could have just as easily been messing around on social media. But think about the social rules of a work meeting: somebody messing around on their phone is a jerk, but somebody using a tablet is more likely to be doing something relevant. The Fold feels like a different device with different social rules, and that’s fascinating.

Joe Rossignol:

Samsung has confirmed the delay in a statement provided to CNBC, noting that it will announce a new release date “in the coming weeks” and “will take measures to strengthen the display protection.”

Previously: Galaxy Unpacked 2019.

iOS 13 Rumor Roundup

Rene Ritchie:

But it sounds like the half a decade plus of trolling is, at last, behind us, and performance improvements done, the design evolution is continuing, and this year we’ll actually be getting dark mode for iPhone and iPad.


[Font] Management is going to be implemented in a Settings panel. There’ll be a new Font Picker controller so you can get your styles on inside text fields, and an alert if you download a document but don’t have the fonts installed to go with it.


Gui does add that something like PanelKit will also be in the offering. Windows will be able to contain sheets and those sheets will be able to be dragged free, into cards, and those cards will be able to be stacked.


Three finger tap and swipe left to undo. Three finger tap and swipe right to redo. It’s not quite the Procreate double finger tap, but it’s close and direction adding dimension sounds smart.

It also sounds like we’ll be getting multi-select support not just for icons and draggable items, the kind that currently exists in iOS, but for items in list and collection views as well.


According to Gui, in a separate article on 9to5Mac, Find my iPhone and Find my Friends are merging and, what’s more, adding the option to find other things connected to small, Tile-like beacons from Apple.

Previously: Proof That iOS Still Hasn’t Gotten Undo Right.

Update (2019-04-29): See also: macOS 10.15: Features, release date, and analysis.

Update (2019-05-13): Mark Gurman (MacRumors):

  • Apple is also planning bring over a couple of its own iPad apps to the Mac this year: a Podcasts app and the new merged Find My iPhone and Find My Friends app from iOS 13.

  • There will also be a new Apple Music app, which is being developed as a standard Mac program.

  • Other in-house software coming to the Mac includes: Screen Time; effects and stickers for the Messages app; integration with the Siri Shortcuts app (the company’s new service for writing your own Siri commands); the new Reminders app; and upgrades to Apple Books.

Thursday, April 18, 2019

Origins of the Apple Human Interface

Riccardo Mori (tweet):

Recently, the Computer History Museum has uploaded on its YouTube channel a lecture called Origins of the Apple human interface, delivered by Larry Tesler and Chris Espinosa. The lecture was held at the Computer History Museum in Mountain View, California, on October 28, 1997.

Being extremely interested in the subject myself, and seeing how apparently little thought is being given today to the subject, I wanted to quote a few selected excerpts from the talk, just to show what kind of hard work creating a user interface was back in the day when the Apple Lisa was being developed. It turns out that isolating this or that bit was futile, as the whole talk is made up of such cohesive, engrossing discourse. So I chose to transcribe it almost entirely, and add a few personal remarks here and there. I hope this turns out to be as interesting to you as it was to me.

I recommend watching the whole video. Mori’s transcription is a great companion that includes better images of the screen and context from a modern perspective.

A few parts I want to highlight:

[Larry Tesler is saying that at this stage of development of the Lisa interface, when you clicked on, e.g., the upward‐facing arrow, the content would move upwards too, in the same way “Natural scroll direction” works since its introduction in Mac OS X 10.7 Lion.[…]]


So we made a decision that had nothing to do with ease of use, nothing to do with ease of learning, nothing to do with error rates. It wasn’t a human factor’s decision at all in the traditional sense. It was a decision based on what customers liked.


And what I found was that the way we taught it made a lot of difference. You could take the same user interface and teach it in a different way, and people would get confused; or understand it; or make more mistakes; or fewer mistakes. And terminology made a difference also, so we then started a terminology project that Ellen Nold ran, which ended up with the FILE menu, the EDIT menu, etc., as you know today, and all the various commands that were in them. You know, choosing all the words for everything.


I remember very very very clearly that one of the massive controversies around the development for the Macintosh circa 1982–1983 was [that] developers would come up to us and say, You know, if you make the user interface consistent and if you put all that software in ROM that makes it— you know, if you make it hard to write to the screen directly, so that we have to use your user interface software to talk to the user, how are we ever going to make our applications unique and stand out and be different from each other in the marketplace?


[…]and so there’s constantly the dilemma (which you’ve seen historically in Mac system software) that the expert users want to put in the features they want to use, but the people who want to keep this system pure for the novices want to resist those

And if you’re lucky, you get a system that is easy to approach for the novice, and gradually unfolds itself for the expert. And if you’re unlucky, you get a lukewarm mediocrity between the two, where it’s a little too complex for the beginning user to understand, but still not nearly powerful enough for the expert user.

[I think this is a perfect snapshot of the current situation with iOS.]

Update (2019-04-22): Colin Cornaby:

On the note at the end: I drafted a blog post a while back on how I wanted a macOS iPad. When I passed it around, I got unexpected feedback from a few people. While iOS isn’t complicated enough for people like me, iOS is already growing too complicated for novice users.

iOS sits in their weird place, especially on iPad, where it’s not really working for anyone quite right. And there is a feeling out there that making iOS more complicated will make it less accessible to users (which, to be clear, is not my personal preference.)

Google Decides to Monetize Maps

Bloomberg News (via Hacker News):

Schindler’s response showed that Google isn’t waiting anymore. He sliced the opportunity in four areas. Basic directions are a “utility” that can’t be messed with much. Second are requests for things nearby; followed by broader, personalized recommendations; and finally, searching neighborhood business listings.

“If you think about Maps monetization from those four different angles—a little bit more caution obviously on the first one, not disrupting the utility aspect, and all the other three—I think it’s a really, really interesting playground going forward,” Schindler said.


For the last two years, Google has also tested “promoted pins,” waypoints emblazoned with an advertiser’s brand that show up on the map regardless of whether or not the user searched for that business. McDonald’s, Dunkin’ and Michael Kors are among adopters.


Before the changes, Owczarek’s startup got 750,000 free map views a month and then was charged 50 cents for every 1,000 views on top of that. Then Google started charging after 30,000 views and the cost was $7 per 1,000 views. His costs jumped from nothing to $5,000 a month.

When Rules Don’t Apply

Filmmakers Collaborative (via Hacker News):

When Rules Don’t Apply is a multi-media campaign to educate the public about the impact of “no-poach” agreements and how they limit competition and employee wages, a violation of antitrust law.


How to Remove Siri From the Touch Bar


You probably use your backspace (delete) key quite a bit. If you have a Macbook Pro, you probably also hit the Open Siri button quite a bit, as it is (in)conveniently located adjacent to the backspace key.


This short guide will show you how to remove the Siri button from your Macbook Pro’s touch bar, disabling the button without disabling Siri.

The Hard Part in Becoming a Command Line Wizard

John D. Cook:

McIlroy’s script was a real example of the kind of wizardry attributed to Unix adepts. Why can’t more people quickly improvise scripts like that?

The exercise that Bentley posed was the kind of problem that programmers like McIlroy solved routinely at the time. The tools he piped together were developed precisely for such problems. McIlroy didn’t see his solution as extraordinary but said “Old UNIX hands know instinctively how to solve this one in a jiffy.”

The traditional Unix toolbox is full of utilities for text manipulation. Not only are they useful, but they compose well. This composability depends not only on the tools themselves, but also the shell environment they were designed to operate in.


You could memorize McIlroy’s script and be prepared next time you need to report word frequencies, but applying the spirit of his script to your particular problems takes work.

Wednesday, April 17, 2019

Safari Auto-Submitting AutoFilled Passwords

Steve Troughton-Smith:

Safari’s new ‘submit form as soon as you choose from the autocomplete list’ is the quickest way to get locked out of your bank ever. As a universal default, that seems like such a bad idea


(I think the key part is that it doesn’t consider what happens if the autosaved password is wrong, and so will blind-fire at the site before giving somebody a chance to change it)

This has bitten me several times.

Kyle Howells:

That same sort of ‘presume we are always right’ problem happens with the new password autosuggestion, which covers over the password field and doesn’t let you edit the suggested password anymore.

If it guessed the password requirements wrong you can’t fix it.

Update (2019-04-18): Colin Cornaby:

I hate the way this bypasses the “Remember Me” checkboxes if you didn’t check them before autofill. From Apple’s end I’d guess the lack of cookies and cached logins is probably considered more secure though.

Andrew Abernathy:

As pointed out here, this behavior makes me much more worried about getting locked out of an account.

But beyond that, I dislike the interaction: there’s a “sign in” button on the page, and this preempts me from clicking on that in a way that doesn’t feel “right” to me.

Update (2019-05-01): Dave DeLong:

I generally really really like Safari and have very few complaints about it.


rdar://problem/50369660 “Safari: STOP AUTOSUBMITTING PASSWORD FORMS”

Update (2019-08-20): Andrew Abernathy:

Oh, that’s why I’ve been having to sign in to this web site every time: Safari’s autofill prompt covers the “remember me” checkbox, and Safari’s new behavior of auto-submitting credentials meant it signed in without giving me a chance to notice & check that box.

Update (2020-04-23): Jeff Johnson:

The good news is that StopTheMadness 8.0 can stop Safari from automatically submitting login forms. There’s a new website protection called “Stop autosubmit of autofilled forms”. This is disabled by default, so you’ll need to enable it manually in the StopTheMadness Website Protections. You can selectively enable the protection for individual sites, or you can enable it in the Default Website Protections for all sites. With the new protection enabled, Safari will no longer automatically submit forms. Instead, StopTheMadness will display a confirmation that asks whether you want to submit the form or cancel. If you cancel, then you can make changes to the AutoFilled form and submit manually. Note that when the confirmation is displayed, you can press the return key to submit or press the escape key to cancel if you want to avoiding clicking a button.

Introducing CalZones

David Smith:

CalZones is a calendaring app built from the ground up to be smart about managing timezones. It starts by letting you choose a list of the zones that are relevant to you and then all aspects of the app tailor themselves into making it easy to coordinate between those timezones.


Tap on any time shown to quickly create an event at the shown time and in the selected timezone.


The event creation view makes working out the time for a call super easy by giving you a time picker that is timezone aware and displays the chosen time across all your selected timezones.

Rosemary Orchard:

Along with specifying your time zones you can also control which calendars you see, your preferred theme and icon, work day times, week start, and how event times should be displayed. The latter is very useful allowing you to see that the event you’re looking at starts at 7pm local time, but 10am in the organisers time.

See also: Under the Radar.

The Time Tim Cook Stood His Ground Against the FBI

Leander Kahney (Hacker News):

Cook was very concerned about how Apple would be perceived throughout this media firestorm. He wanted very much to use it as an opportunity to educate the public about personal security, privacy, and encryption. “I think a lot of reporters saw a new version, a new face of Apple,” said the PR person, who asked to remain anonymous. “And it was Tim’s decision to act in this fashion. Very different from what we have done in the past. We were sometimes sending out emails to reporters three times a day on keeping them updated.”


Privacy advocates celebrated the end of the case and Apple’s apparent victory. “The FBI’s credibility just hit a new low,” said Evan Greer, campaign director for Fight for the Future, an activist group that promotes online privacy. “They repeatedly lied to the court and the public in pursuit of a dangerous precedent that would have made all of us less safe. Fortunately, internet users mobilized quickly and powerfully to educate the public about the dangers of backdoors, and together we forced the government to back down.”

But Cook was personally disappointed that the case didn’t come to trial. Even though Apple had “won” and wouldn’t be forced to create the backdoor, nothing had really been resolved. “Tim was a little disappointed that we didn’t get a resolution,” said Sewell. He “really felt it would have been fair and it would have been appropriate for us to have tested these theories in court. . . . [Though] the situation that was left at the end of that was not a bad one for us, he would have preferred to go ahead and try the case.”

I still think this story has been mostly misreported in that Apple already had a backdoor to access Syed Farook’s iPhone 5c. Commenter lern_too_spel:

What really happened is that Apple loudly proclaimed that they had made it impossible to comply with government data requests and even had a marketing page masquerading as a privacy page explaining that. The FBI asked Apple to put a build on a phone that would allow them to brute force the passcode, leaving the device and the build on Apple’s premises the entire time. This showed that Apple’s claim was false in practice. Apple quickly removed that marketing page in the wake of the news.


At the time Apple made the false marketing claims, no passcode was required to install a signed build. Hence, the FBI’s request.

The FBI was asking for no more than what Apple could already do, and it was letting Apple control the whole process. The problem was that what Apple could already do disagreed with what Apple told its customers that it could do.


Hackers Abused Support Portal to Read Microsoft E-mails

Joseph Cox (via Jason Koebler):

On Saturday, Microsoft confirmed to TechCrunch that some users of the company’s email service had been targeted by hackers. A hacker or group of hackers had first broken into a customer support account for Microsoft, and then used that to gain access to information related to customers’ email accounts such as the subject lines of their emails and who they’ve communicated with.

But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft’s statement, as well as screenshots provided to Motherboard.


Motherboard’s source, however, said that the technique allowed full access to email content.

Tuesday, April 16, 2019

Qualcomm and Apple Agree to Drop All Litigation

Tripp Mickle and Asa Fitch:

Apple has called Qualcomm a monopoly and said Mr. Mollenkopf has lied about settlement talks between the companies. Qualcomm has accused Apple of deceiving regulators around the world and stealing software to help a rival chip maker.

For two years, the companies have bickered over the royalties Apple pays to Qualcomm for its patents. Discord between the CEOs, who bring different management styles and principles to the table, has deepened the divide. They have dug into their positions as the dispute has escalated.

The feud heads toward a showdown this coming week, when Apple’s patent lawsuit against Qualcomm is set to go to trial—with both CEOs expected to testify in a case where billions of dollars are at stake.

Via Shaun Maguire (and Benjamin Mayo):

The most interesting part to me is that Steve Jobs personally negotiated the QCOM deal and thought it was fair, but then one of the first things Cook did when he took over was rip it up.

Apple (MacRumors):

Qualcomm and Apple today announced an agreement to dismiss all litigation between the two companies worldwide. The settlement includes a payment from Apple to Qualcomm. The companies also have reached a six-year license agreement, effective as of April 1, 2019, including a two-year option to extend, and a multiyear chipset supply agreement.

Ben Bajarin:

At the FTC trial, we discovered Apple never actually had a formal license with QCOM and they just went through their manufactures. So this is a first time license for Apple with Qualcomm.

Previously: Apple Sues Qualcomm.

Update (2019-04-22): Dan Masters:

This highlights the fact that Apple was (and has been) willing to offer a degraded experience to customers of their $1k+ phones due to their unreasonable demands (i.e. greed).

It seems clear that there was also a long-term strategic element in developing another supplier. But it’s an interesting point that Apple chose to ship a worse product, despite their platitudes about being guided purely by what’s best for the customer experience.

Ben Bajarin:

The Apple Qualcomm settlement now makes even more sense as Intel announces their exit of the 5g modem business.

Ian King and Mark Gurman (tweet):

Throughout the fight, which centered on Apple’s accusations that Qualcomm overcharges for patents on its technology, the iPhone maker played down the importance of the modem and Qualcomm’s inventions. Just before the settlement was announced on Tuesday, Apple’s lawyers were in a San Diego courtroom saying the component was just another method of connecting to the internet. In reality, Qualcomm’s modems are leading a potential revolution in mobile internet -- and Apple could have been forced to play catchup without them.

Ben Bajarin:

Apple pays less than $10 for all of Qualcomm’s stuff that was before this deal. So they already pay a low rate.

Prakash Sangam:

I can guarantee that U.S. govt will block @Huawei s bid. Also, if $AAPL was interested in buying, $INTC wouldn’t have announced existing business though. I suspect @Apple will get @Intel modem talent by attrition, and may buy #IP later for a bargain price..

John Gruber:

Intel’s 5G modem efforts were so behind schedule that it looked increasingly likely, if not certain, that Apple wouldn’t be able to use them for 5G iPhones in 2020. Forget about 2019 — I think Apple determined that even 2020 was increasingly in doubt if they sourced 5G modems from Intel.


Fast Company has reported that Apple has a “team of between 1,000 and 1,200 engineers working on the modem chips for future iPhones” — but that team’s work is obviously not going to be ready for a few years, at best.

John Gruber:

My initial guess is it’s the former: Intel decided to get out of this market, and Apple got squeezed.

Ben Bajarin:

Knowing Apple curates Apple News it is interesting there is no article on the Qualcomm settlement. There is one about Intel exiting smartphone modems and some coverage of their short lived trial but nothing on settlement.

At least in my feed in News.

Some people replied saying that they do see some articles. But this raises questions about why people see such different Apple News feeds, and whether Apple can be trusted to curate news about itself.

Charlie Demerjian (via Meek Geek):

That same 600Mbps Qualcomm modem in the iPhone ran at 1Gbps in Android devices. The Intel modem ran at 600Mbps max and there were no other customers to make a comparison to. Apple crippled their Qualcomm parts to match the delivered Intel specs. Worse yet those Intel parts were only 600Mbps on paper, in practice they had 30% lower throughput. On top of this the Intel modems consumed vastly more energy to do their slower work than Qualcomm[…]

Reed Albergotti (via Hacker News):

The sealed documents, obtained by Qualcomm through the discovery phase ahead of the trial, offer a rare window into the decision-making process of one of the most secretive and powerful companies on the planet, and how Apple’s internal discussions about Qualcomm differed from what it said publicly. Apple’s criticism of Qualcomm underpinned more than 80 lawsuits around the world and influenced governments to change laws and regulations in Apple’s favor.


The documents also raise questions about the methods Apple used to inflict pain on Qualcomm and whether Apple really believed its own arguments to lawmakers, regulators, judges and juries when it tried to change not just its long-standing business agreement with Qualcomm but the very laws and practices that have allowed inventors to profit from their work and investments. Apple has argued that Qualcomm’s patents were no more valuable than those of competitors like Ericsson and Huawei, but Qualcomm argued in court that the documents show otherwise.


In one internal document cited by Qualcomm’s lawyers, Apple said it sought to “create evidence” by scrupulously licensing other less expensive patents to make Qualcomm’s look expensive.

Update (2019-04-28): Chance Miller:

More details continue to emerge this weekend about the behind-the-scenes drama of Apple’s dealings with Intel and Qualcomm. According to a report from The Telegraph, Apple poached Intel’s lead 5G modem developer earlier this year.

Sandboxing Makes Quarantine Flags Almost Meaningless

Howard Oakley:

When quarantine xattrs start appearing on files which have only ever been stored locally since their creation, is it time to get worried?

It would appear not.

Thanks to Thomas, who drew my attention to the fact that opening any movie in the QuickTime Player app (the latest ‘X’ version, not the old QuickTime 7) results in a quarantine xattr being attached to it.

A little further exploration revealed that this isn’t the only such case: Preview attaches quarantine xattrs to several of the file types which it opens, including PDF. The high-end PDF editors PDF Expert and PDFPenPro, and Nisus Writer Pro also attach quarantine xattrs to the PDFs which they create.

Erik Schwiebert:

Yep. The OS adds the quarantine xattr to any file created by an app that has been sandboxed. I don’t know why; you’d think they would trust a sandboxed app more, not less.

Rich Siegel:

It’s pretty crazy. We’ve seen a lot of this with customers opening/editing +x files. Simply opening the file causes it to grow quarantine, and then the user can’t run it in Terminal or programmatically with NSTask. (Gatekeeper and Terminal don’t really mix.)

Howard Oakley:

The quarantine flag, an extended attribute (xattr) of type, used to be one of the most meaningful and important of all the xattrs attached to files. It meant that item had been downloaded from the Internet. In the case of apps, it’s used to determine whether that app needs to undergo full first-run checks by Gatekeeper before being allowed free run on your Mac.


Since Apple introduced sandboxing for apps, the quarantine xattr has been used for a quite different purpose: to flag which document files have been opened by sandboxed apps.


This behaviour appears consistent across almost all apps which run in a sandbox, even if they’re not supplied by the App Store. One exception that I have found is the latest version of BBEdit: although sandboxed (and notarized), the non-App Store version doesn’t appear to attach quarantine xattrs to text files which it opens or writes, even when they are PDFs, for example.


For file types like JPEG, PNG, Movies and PDF, which are specific targets of this behaviour, the rules for attaching a quarantine flag by a sandboxed app appear to be[…]

Update (2019-08-13): Craig Hockenberry:

If you think the dialogs in Catalina are annoying, just wait until you discover that any script you edit with BBEdit or TextEdit get thrown into a quarantine and won’t execute until you use xattr at the command line.

You’re going to see a lot of “operation not permitted”.

Erik Schwiebert:

So far as I know, macOS adds the quarantine xattr to any file created by a sandboxed app. This happens to Office files, and was resolved as By Design by Apple several years ago. It isn’t new to Catalina.

Rich Siegel:

Check and see whether sandbox access is allowed (in BBEdit’s “Application” preferences). If it is not, allow it and I think that will solve this for you.

That worked for me. So apparently it doesn’t add the quarantine flags when saving into a folder that the app already has access to due to a security-scoped bookmark.

See also: Quarantine: Apps and Documents and Advances in macOS Security.

Update (2019-08-15): Craig Hockenberry:

It looks like is the secret sauce in this:

$ codesign -dvvvv --entitlements :- /System/Applications/

And it looks like it’s not generally available.

Craig Hockenberry:

The irony here, is that thanks to the entitlement, developers are better off using non-sandboxed native apps.

Apps like Visual Studio Code have an a distinct advantage with lesser security.

Core Image Filter Reference

Noah Gilmore (via Ryan McLeod): is a project I’ve been working on for the last few months, and today it’s open source. It has two parts:

  1. A website,, which lists all the available CIFilters, their information and examples of applying them
  2. An app which allows you to apply each CIFilter to various inputs, tune their parameters, and apply them to camera and photo library images


Apple has a page listing about 85% of the available filters, but it’s “no longer being updated”, and no new filters which were made available in iOS 10, 11, or 12 are listed there. If you Google CIThermal, for example, most of what you’ll find is iOS header dumps.

For the filters which are listed, many have incomplete documentation - for example, the inputSharpness parameter to CICheckerboardGenerator says[…] but doesn’t tell you what the parameter actually does. The examples on this page are also limited - for example, CISourceOutCompositing takes an inputImage and a backgroundImage. The page shows two images being composited, but doesn’t specify which image is which[…]

Twitter’s Complicated and Messy Verification Process

Nick Heer:

In November 2017 Twitter announced it would be suspending its public verification process[…] However, the company never actually stopped verifying accounts. Cale Guthrie Weissman reported in 2018 for Fast Company that users were still being given a checkmark; and, today, Karissa Bell reports for Mashable that the process has continued[…]


Twitter seems utterly confused about what its verification program ought to be. Should it be just a simple way to communicate that an account is run by a real person or company, rather than an impersonator or a robot? Should it be only for public figures? What is a public figure anyhow, in Twitter’s view?

All the Streaming Video

Mark Hughes:

In which I compare some of the thousands of streaming media services[…]

Ben Thompson:

Look no further than that Disney investor event: while most of the time and subsequent attention was given to the new Disney+ offering, the company also spent time talking about ESPN+ and Hulu. At first glance, it might seem odd that the company has three distinct streaming services; why not put all of the company’s efforts behind a single offering?

In fact, I just explained why: in a world where distribution mattered more than anything else it made sense for Disney to put all of its television properties together; that offered maximum leverage with the cable companies. On the Internet, though, it is best to start with jobs.


Traditional TV will be dominated by news and sports, with ESPN, Fox, and Turner the biggest players. All have very strong assets in sports and/or news, and will remain dependent (and why not!) on the traditional TV mix of advertising and ever-increasing affiliate fees.

The long tail of content, including most information and education, will continue to be dominated by YouTube and its advertising-based model.

That leaves the specialists and the resellers, who will have a symbiotic relationship[…]


Update (2019-04-17): Josh Centers:

The only clear shot Netflix has is to sell. It cannot survive as an independent company.

Let’s examine how screwed Netflix is. They’re 8 billion in debt. Their biggest stars are either plagued by scandal or rapidly outgrowing their cuteness. They have no fallback plan. The largest companies in the world are coming after them.

Monday, April 15, 2019

iOS Guided Access

Mattt Thompson:

In truth, Guided Access can be many things to many different people. So for your consideration, here are some alternative names that you can keep at the back of your mind to better appreciate when and why you might give it a try:

“Kid-Proof Mode”: Sharing Devices with Children

If you have a toddler and want to facilitate a FaceTime call with a relative, start a Guided Access session before you pass the device off. This will prevent your little one from accidentally hanging up or putting the call on hold by switching to a different app.

“Adult-Proof Mode”: Sharing Devices with Other Adults

The next time you go to hand off your phone to someone else to take a photo, give it a quick triple-tap to enter Guided Access mode first to forego the whole “Oops, I accidentally locked the device” routine.

If you set the passcode in Settings, you won’t have to enter it each time you start a Guided Access session. You can also end a session by double-tapping the side button and authenticating with Face ID, instead of triple-tapping and then entering the passcode.

10 Years of MacStories

Federico Viticci:

I had a different idea for what I wanted MacStories to be in 2009. You see, as a newly-minted Apple aficionado from Viterbo, Italy, who had just discovered the world of Apple blogging, I was fascinated by websites such as MacRumors, TUAW, Daring Fireball, and Engadget. I primarily wanted to use my longtime passion for in-depth videogame reviews (which I used to read on EDGE and other magazines when I was younger) and bring that style to Mac and iPhone app reviews; at the same time, I also wanted to have a website that could cover news, share tutorials, and, why not, maybe in the future even report rumors. I wanted to do it all, even though I was just a 20-year old guy from Italy who’d never blogged in English before.


As MacStories was slowly growing and I was finding an audience for my in-depth app reviews, I increasingly felt lured by the promise of timely news coverage and rumors. I thought that if MacStories could report Apple news and rumors as quickly as other websites, I could accelerate the process of a bigger audience stumbling upon MacStories and then discovering what really made the website unique: in-depth app reviews and opinion pieces. At the time, the most important metric for me was page views (because MacStories was making money off traditional banner ads); therefore, my incentives were directly aligned with attracting the biggest possible audience. At the same time, I didn’t want to give up on the reason I started MacStories in the first place (writing in-depth reviews unlike anyone else), so I decided that I wanted to have my cake and eat it too. I was going to report news and rumors to attract a larger audience, and I was going to continue writing app reviews for a dedicated, loyal niche too.


At some point by the end of 2012, I made the decision that we were going to stop reporting rumors or leaks and that chasing news stories to be “first” was no longer going to be our priority. I decided that I wanted MacStories to go back to its roots by prioritizing original reporting, editorials, and reviews over rehashing information that other websites were covering better than MacStories anyway.

Previously: Congratulations.

Library Evolution for Stable Swift ABIs

Ben Cohen:

One of Swift’s goals is to be a good language for libraries with binary compatibility concerns, such as those shipped as part of Apple’s OSs. This includes giving library authors the flexibility to add to their public interface, and to change implementation details, without breaking binary compatibility. At the same time, it’s important that library authors be able to opt out of this flexibility in favor of performance.

This proposal introduces:

  • a “library evolution” build mode for libraries that are declaring ABI stability, which preserves the ability to make certain changes to types without breaking the library’s ABI; and
  • an attribute for such libraries to opt out of this flexibility on a per-type basis, allowing certain compile-time optimizations.

The mechanisms for this are already in place, and were used to stabilize the ABI of the standard library. This proposal makes them features for use by any 3rd-party library that wishes to declare itself ABI stable.

Greg Parker:

This feature is one of the reasons that Apple created Swift instead of adopting an existing language. We needed at least as much capability to evolve libraries as Objective-C provided.

Previously: Swift ABI Stability and More.

Core Animation Bug in macOS 10.14.4

Ken Case:

In particular, OmniOutliner and OmniPlan customers have been telling us that since upgrading to 10.14.4, they will open some documents and end up seeing… nothing.


We’ve been working with Apple and tested a fix that will be in the next Software Update to macOS Mojave. (I don’t know the timeframe for that update shipping to the general public, but I’m glad this fix is on its way!)

John Gruber:

Bugs happen, but with all the ongoing consternation regarding Apple’s (and particularly the Mac’s) software quality, it’s a little worrisome to see this in a .4 release. A .4 release of the OS should be peak stability.

Update (2019-05-14): Ken Case:

Today Apple released macOS Mojave 10.14.5, which fixes a CoreAnimation drawing issue that was affecting customers using large OmniOutliner and OmniPlan documents.

Friday, April 12, 2019

App Store Subscription Confirmation Alert

David Barnard:

Whoa! Apple added an additional confirmation step for subscriptions. This new alert comes after you confirm with Touch ID/Face ID. I hope they address this in a more elegant way in iOS 13, but I’m thrilled Apple took a definitive step to curb scam subscriptions. 👏🏻

This probably isn’t needed on Face ID devices where you have to double click the side button to confirm a subscription, but this should cut down on accidental subscriptions on Touch ID.

I’m still baffled it took Apple so long to take action on this, but it still says a lot that they made a change like this mid iOS 12 instead of waiting for iOS 13.

This change is likely to prevent $10M+/mo in accidental subscriptions.

Ryan Jones:

I literally went through your flow 2 hours ago to compare it to apple’s and thought you added that. Until I tried Facetune. Here’s the kicker though.... it’s not on apple Music


Or only Apple gets to do this?

Ryan Jones:

Apple remotely turned off the extra Subscription confirmation modal last night.

(Apps were seeing 20% subscription trial reductions.)


This means a significant profit was being made due to a lack of understanding by the users, which I don’t think is an ethical business model

Ryan Jones:

Now, there may be a reason, like fixing a bug or making it better. But it’s 100% off right now after ~1 week of being on.


Update (2019-06-18): Federico Viticci:

Never seen this alert before – Apple now tells you if an app you’re deleting has a subscription still active. Good move.


Peter Kafka (tweet):

Disney+ will launch in the US on November 12, for $7 a month. It will have a very large library of old Disney movies and TV shows — crucially, including titles from its Marvel, Pixar, and Star Wars catalog — along with new movies and series made exclusively for the streaming service. It won’t have any ads. And it will allow subscribers to download all of that stuff, and watch it offline, whenever they want.

For comparison: A standard Netflix subscription now costs $13 a month.


Disney told investors it expects to have 60 million to 90 million subscribers worldwide for the service by the end of 2024. Netflix currently has 139 million subs.


Disney+ will also feature shows and movies that previously belonged to 21st Century Fox, which Disney mostly absorbed this year. That means the service will also be the place to watch The Simpsons, for starters.

John Gruber:

I know Apple News+ and Apple Music are both $10/month, and Apple Arcade might cost $10/month, but I don’t think Apple expects to charge $10/month just for Apple TV+. I continue to think Apple TV+ will be something they add on for “free” when you pay for some sort of bundle with other Apple subscriptions — or maybe it will cost $10/month if it’s the only thing you subscribe to from Apple, but they know that most people will get it as a “free” bonus.

Damien Petrilli:

Apple forgot that to use any service you need hardware. They could have been the best hardware provider for all services.

They had everything to do it right. Instead they decided to compete (poorly) on services while degrading hardware quality/value proposition.

Imagine if Apple wasn’t doing its shitty anticompetitive behavior to promote their services and instead was THE platform to get all services well integrated together.

Michael Love:

I think Disney’s entry helps basically every other streaming player except Netflix, because it makes it much harder for Netflix to ascend from ‘channel’ to ‘platform’ - they won’t be able to keep increasing prices / volume of programming until they replace the entire bundle.

Joe Cieplinski:

Clearly, Disney’s back catalog is a big plus. But most of what I watch nowadays is new original TV programming. Until they have some can’t miss shows for me, I’m not altogether interested in paying monthly for the occasional re-watch of a Star Wars flick.


US Broadband, OS, and Browser Stats

Devin Coldewey (via Dan Luu):

For instance, the FCC report suggests that broadband, as it is currently defined, is not currently available to around 25 million people. Sounds reasonable. But Microsoft’s data says that some 163 million people “do not use the internet at broadband speeds.”

Those aren’t the same thing, obviously, but you’d think if a person had broadband available they would use it at least now and then, right?

Erie Meyer:

It’s wild to me that

- There were 3.57 billion visits to government websites over the last 90 days
- We know that because it’s public thanks to
- We also have hard data about OS, browser + version, and format data about how Americans are using the web


macOS Hot Corners

Rose Orchard:

A great feature of macOS that we don’t discuss often is Hot Corners — the ability to swipe your mouse into a corner and have something happen. For example, your screensaver starts, notification center appears, launchpad shows you a list of apps, etc. This setting is no longer enabled by default, so many people are missing out on this great feature!


What is more, you can add a modifier key (Command, option/alt, shift, or control) to a Hot Corner, which will only activate if you hold that key while swiping your cursor into the corner. This makes it hard to activate Hot Corners by accident, so it’s ideal for something like locking your screen. You can also use multiple modifier keys at once if you like. Unfortunately, you can’t set multiple commands per corner with different modifier keys.

I use hot corners for Put Display to Sleep, Mission Control, Application Windows, and Notification Center.

First Black Hole Image


At the heart of the Milky Way, there’s a supermassive black hole that feeds off a spinning disk of hot gas, sucking up anything that ventures too close -- even light. We can’t see it, but its event horizon casts a shadow, and an image of that shadow could help answer some important questions about the universe. Scientists used to think that making such an image would require a telescope the size of Earth -- until Katie Bouman and a team of astronomers came up with a clever alternative.

MIT News:

The solution adopted by the Event Horizon Telescope project is to coordinate measurements performed by radio telescopes at widely divergent locations. Currently, six observatories have signed up to join the project, with more likely to follow.

But even twice that many telescopes would leave large gaps in the data as they approximate a 10,000-kilometer-wide antenna. Filling in those gaps is the purpose of algorithms like Bouman’s.


Finally, Bouman used a machine-learning algorithm to identify visual patterns that tend to recur in 64-pixel patches of real-world images, and she used those features to further refine her algorithm’s image reconstructions. In separate experiments, she extracted patches from astronomical images and from snapshots of terrestrial scenes, but the choice of training data had little effect on the final reconstructions.

This particular algorithm was not used in the image reported this week; it sounds like it was a prototype that proved the approach.

Abigail Hess:

On Wednesday, after 10 years of planning and scientific investments totaling over $50 million, researchers released the first-ever image of a black hole. The image is a feat of modern science — experts say it’s the equivalent of taking a photo of an orange on the moon with a smartphone — and international collaboration. Over 200 scientists across the globe contributed to the project.


“The team collected about five petabytes of data, and one petabyte is a thousand terabytes,” explains Bouman. “Your typical computer has maybe one terabyte or so. So that would be like 5,000 typical laptops of data.


“We spent years developing methods, many different types of methods — I don’t think any one method should be highlighted — because most of all, we were afraid of shared human bias,” says Bouman.


For this reason, the computer scientists broke into four teams and did not communicate while they were analyzing the data. After months of the teams working independently, they all converged in Cambridge, Massachusetts, and ran their algorithms in the same room, at the same time.

Michelle Lou and Saeed Ahmed:

Using imaging algorithms like Bouman’s, researchers created three scripted code pipelines to piece together the picture.

They took the “sparse and noisy data” that the telescopes spit out and tried to make an image. For the past few years, Bouman directed the verification of images and selection of imaging parameters.


The result? A groundbreaking image of a lopsided, ring-like structure that Albert Einstein predicted more than a century ago in his theory of general relativity. In fact, the researchers had generated several photos and they all looked the same. The image of the black hole presented on Wednesday was not from any one method, but all the images from different algorithms that were blurred together.

Update (2019-04-16): Akash lists the Python code that was used.

The Astrophysical Journal paper is here (via Matplotlib).

The Physicist has some background information (via Hacker News).

Thursday, April 11, 2019

Apple Podcasts on the Web Gets a Fresh New Interface

Chance Miller:

The old Apple Podcasts web interface was akin to the iTunes web design that was dropped back in 2017. It was a simple list of podcast episodes, showing you the episode title and description. If you wanted to play an episode, you’d be kicked to iTunes. You also couldn’t view full show notes and other episode details.

With this week’s overhaul, however, Podcasts on the web is a much more usable experience. Episode titles are bolded and feature their full description below. There are also new dedicated pages for individual podcast episodes. Here, you can view full show notes and other details about an episode.

Previously: macOS 10.15 to Break Up iTunes.

Amazon Employees Review “Small Sample” of Alexa Audio

Timothy B. Lee:

Most of the time, when you talk to an Amazon Echo device, only Amazon’s voice-recognition software is listening. But sometimes, Bloomberg reports, a copy of the audio is sent to a human reviewer at one of several Amazon offices around the world. The human listens to the audio clip, transcribes it, and adds annotations to help Amazon’s algorithms get better.

“We take the security and privacy of our customers’ personal information seriously,” an Amazon spokesman said in a statement emailed to Bloomberg. “We only annotate an extremely small sample of Alexa voice recordings in order [to] improve the customer experience.”

Bloomberg hints at a significant workforce doing this kind of work. Bloomberg says Amazon has employees listening to audio clips in offices in Boston, Costa Rica, India, and Romania. Employees interpret as many as 1,000 audio clips in a 9-hour shift.


Bloomberg says that Apple’s Siri “also has human helpers.” The company points to an Apple privacy white paper that describes how Apple uses audio captured from customer devices.

I wonder whether Apple’s standard opt-out covers this.


Update (2019-05-10): Alfred Ng:

Amazon lets you delete those voice recordings, giving you a false sense of privacy. But the company still has that data, just not as a sound bite. It keeps the text logs of the transcribed audio on its cloud servers, with no option for you to delete them.

Amazon said it erases the text transcripts from Alexa’s “main system,” but is working on removing them from other areas where the data can travel.

Google AMP Lowered Our Page Speed, and There’s No Choice But to Use It

Walid Halabi (via Hacker News):

Google puts the onus on publishers to, effectively, rejig large tracts of their websites layout, content, and functionality, in return for preferential treatment. Google promotes AMP as a way to make websites faster. That’s supposed to be the primary benefit, and the reason Google is pushing AMP so forcefully.


We here at unlike kinds decided that we had to implement Google AMP. We have to be in the Top Stories section because otherwise we’re punted down the page and away from potential readers. We didn’t really want to; our site is already fast because we made it fast, largely with a combination of clever caching and minimal code. But hey, maybe AMP would speed things up. Maybe Google’s new future is bright.

It isn’t. According to Google’s own Page Speed Insights audit (which Google recommends to check your performance), the AMP version of articles got a performance score of 80. The non-AMP versions? 86. Mind you, the AMP versions are hobbled - unauthorised javascript interaction is forbidden by Google, so you can’t vote or comment in place - it’ll kick you to the full version of the page. This is the fruit of weeks of labour converting the site: a slower, less interactive, more clunky site.


Update (2019-04-12): Nick Heer:

This power grab is disgusting and should be treated as an attempt at a hostile takeover.

CloudPull Discontinued

John Brayton:

In an effort to tighten security, Google is no longer allowing apps to get permission to write to a user’s account if it cannot provide justification for having write access. Since there is no read-only permission level for OAuth access via IMAP, this means that CloudPull will be unable to access Gmail via IMAP. I appealed Google’s decision, but my appeal was rejected. I carefully considered options for updating CloudPull to keep it working, but every available option will require more time and effort than I can justify. Therefore I have removed CloudPull from sale.

What a crazy situation.

Quantum Computing and APFS: Free and Used Space

Howard Oakley:

In APFS, snapshots are made as part of Time Machine backups, on some occasions such as prior to installing a macOS update, and when the user initiates them. What happens when an APFS snapshot is made is that a complete copy is made of the file system metadata, which is very quick indeed and doesn’t involve the copying of any other file data.

However, to preserve all the files at the moment that the snapshot is made, as those files subsequently change, their original data are retained so long as the snapshot is kept. Let’s say that, in one snapshot, there’s a certain file of 1 GB in size, which then changes completely so the whole 1 GB is rewritten. So long as that snapshot is retained, its original 1 GB of data is retained, as well as its new 1 GB. So although the snapshot itself doesn’t take up much space, it stops a lot of old data from being freed up for reuse.

Time Machine purges old snapshots automatically, but by default retains the last 24 hours of hourly snapshots, which will take a total space similar to the amount of data backed up over that period. In my case, that’s typically around 30 GB at any time, but if you manipulate large media files, or old snapshots aren’t purged properly, it could easily require hundreds of GB.

I find the whole idea of free space confusing with Mojave and APFS. Last week, after updating Xcode, I started getting warnings that my MacBook Air’s SSD was almost full. I deleted about 20 GB of files but saw little improvement in the amount of available space reported by Finder. And I continued to get the warnings. As far as I could tell, based on reports from OmniDiskSweeper and trying to figure out which files had been deleted and added, I should have netted about 14 GB more free space than I started with, yet Finder showed about 6 GB less.

My first thought was that the culprit was snapshots, but Disk Utility showed no purgeable space, and tmutil listlocalsnapshots showed no snapshots. I guess this indicates that the disk really is almost full, but I can’t figure out why.

My current theory is that the problem is due to a 20 GB proxies folder in Photos’s library (which is strangely not included in Manage Storage’s report). I don’t have a measurement of how large this was before, but I suspect it used to be much smaller. It’s not clear how I might compact it or why Photos isn’t automatically deleting old data now that it can tell that the disk is almost full. I will probably end up deleting the Photos library and syncing a new one down from iCloud. But that’s only a potential solution because this Mac doesn’t contain any Photos projects; those are not stored in the cloud and so would be lost if I were to attempt this.


Update (2019-04-11): My iMac does show Time Machine snapshots, yet Disk Utility still says there’s zero purgeable space.

Update (2019-04-23): Tricertops (via Peter Steinberger):

I have 40 GB of free space, but Xcode cannot be updated. Maybe the next macOS will finally fix things? Or the one after that?

I just had the same problem updating Xcode on a Mac that purportedly had 30 GB of free space, with the expanded .xip file needing less than 10 GB. After waiting a while, the displayed amount of free space didn’t change, but expanding the .xip no longer reported a disk space error.

Update (2019-04-28): Matt Birchler:

iPad: You have about 70GB of free space
Me: I’d like to download this 2GB file from iCloud
iPad: I don’t think so, chief
Me: Ok, I’ll remove some stuff manually, can I see what files are taking up space?
iPad: What sort of agreement do you think we have?

Update (2019-05-09): Lloyd Chambers:

The purgeable space concept on APFS is mystifying.

Update (2019-07-29): I recently encountered a problem where I couldn’t back up via SuperDuper because the destination drive had 250 GB free, but it was all purgeable. Both tmutil and diskutil reported no space consumed by APFS snapshots, so it’s not clear how I could ever purge that space. I ended up having to reformat the drive.

Update (2019-09-17): Tom Harrington:

I have 78GB free on this Mac according to Finder but I can’t decompress Xcode because there’s not enough space. I know it’s APFS stuff and can fix, but how do non geeks deal with this kind of thing?

Update (2019-12-20): Oluseyi Sonaiya:

32 GB free.

Update Xcode to 11.1

20 minutes later: “This application can not be installed. Insufficient disk space.”

20 GB free.

It’s insufficient because YOOOOOOUUUU took up 12 GB?!

Wednesday, April 10, 2019

macOS 10.15 to Break Up iTunes

Guilherme Rambo (MacRumors):

The new Music, Podcasts, and TV apps will be made using Marzipan, Apple’s new technology designed to facilitate the porting of iPad apps to the Mac without too many code changes. It’s not clear whether the redesigned Apple Books app will also be made using the technology, but given that the redesign came to iOS first and its usage for the other apps, it’s likely that this new Books app will also be using UIKit.

With the standalone versions of Apple’s media apps coming to the Mac, it’s natural to ask: what about iTunes in macOS 10.15? According to sources, the next major version of macOS will still include the iTunes app. Since Apple doesn’t have a new solution for manually syncing devices such as old iPods and iPhones with the Mac, it’s natural to keep iTunes around a little longer.

I’m not looking forward to this because, while I agree that iTunes needs work, I don’t have confidence that Apple will preserve its functionality (or even its desktop-optimized design) in the new apps. I expect that iTunes will remain the only way to sync music that you didn’t buy from the iTunes Store. Apple’s track record is to remove features from AirPort Utility and QuickTime Player 7 and let the dead versions hang around for years until eventually sunsetting them, without ever reimplementing what was lost.

John Gruber:

Nothing surprising here, but it leaves the $64,000 question unanswered: will these apps be more like dumbed-down iPad apps on the Mac, or more like smartened-up Mac apps on the iPad?

Nick Heer:

The unrequited optimist in me is imagining a next generation of cross-platform app that feels completely platform native no matter where it’s running. But I have also used Music on the iPad and it’s not as good as its iPhone sibling — and those are just different versions of the same app on the same platform.


And, as I have no plans to stop using my local music collection and manually syncing a subset of it to my iPhone, I am wary of what this could mean for my stubborn situation over the long term.

Damien Petrilli:

Some are happy about killing iTunes but it’s the only way to load personal stuff on iOS devices so far, do local backups, manage music, avoid cloud, etc.

If marzipan Apps just replace the Apple services and kill this technical part it’s going to be a mess.

Andrew Pontious:

Really not looking forward to Apple’s cheery full-court press (echoed by many online pundits) about how great their new shitty converted iOS apps are for the Mac.

For me, this is proof of further decline of Mac, not improvement.

Colin Cornaby:

I hope with the amount Apple is relying on Marzipan, they fix issues like Marzipan apps rendering at the wrong resolution for compatibility reasons. It makes the text on non-Retina displays really awful and I can’t imagine it helps with in app graphics.

I’m also not exactly a fan of the possible performance issues of Marzipan apps all being boxed inside of their own runtime-ish thing.

Previously: Apple to Target Combining iPhone, iPad, and Mac Apps by 2021.

Update (2019-04-11): Colin Cornaby:

“The Mac experience won’t be worse because of Marzipan” ”Also now we’re going to ship a bunch of redundant audio players because we can’t get our act together on feature sets.”

If they booted all the video features out of iTunes into the TV app, that would help in straightening out iTunes. But I’m guessing they might be stuck on transitioning that portion of the iTunes library on disk to TV, and what to do for Windows.

Podcasts and Music being separate apps still baffles me on the Mac. They seem like complimentary functions and I’d rather have a single audio player UI, and not have two icons in my dock/applications. And I’m never listening to music and playing a podcast at the same time.


We will never correct from being app-centric to data-centric soon enough. So much damage has been done because we didn’t manage to solve the filesystem UX problems!!

Dan Masters:

Instead of revamping & maintaining the Truck App, they’re taking it all and just throwing it away. iTunes is only terrible because they’ve neglected it.


This week, I’ve been using iTunes to manage my extensive music library. Its performance has become shocking. But it’s still the most powerful, versatile music library app I’ve ever used.

Abandoning iTunes for Apple Music is equivalent to forcing people to use Excel Mobile on Mac


Of course, the most likely scenario is that marzipanOS Music will just be a straight port of the iPad app.

If you need any of this “legacy cruft”, you’ll need to use the neglected iTunes app (which will turn into abandonware).

Josh Marshall:

What if Apple take the same road they have with photos? Provide the solution for the 95% of users in their own apps. Then provide access into the library for 3rd party apps to handle importing, metadata+art editing, and playlist creation.

Update (2019-04-15): Dan Moren:

While Smart Playlists created in iTunes sync to iOS via iCloud, there’s no way to natively create them on iOS devices. And that’s a shame, because although Apple has tried to improve its algorithms in Apple Music to surface new songs you might like, those playlists and stations pull from the whole realm of available music, rather than the music you’ve self-selected into your own library. They’re much more powerful than static playlists and allow users a lot more control over their listening habits. It would be a shame if a new Music app on the Mac did away with them.

Marco Arment:

I’m particularly proud of the iTunes-breakup segment on this week’s @atpfm. If you love computers that empower you to be a power user, give this a listen (start at 30:12, runs about an hour)

Jason Snell:

If you’re expecting the new Mac apps to just be mirrors of their iOS counterparts, you might be pleasantly surprised. Apple has the opportunity to work on the iOS apps to make them a little more functional — and have that work come across to macOS at the same time. The iOS apps lack a lot of the functionality of iTunes, and while replicating every iTunes feature is not in the cards (probably ever), it’s hard to believe that Apple won’t attempt to upgrade the apps as it brings them across to the Mac.


It would also be helpful if Apple lets Music add audio files to the library, a feature that iTunes has had since Day 1 and that has never been available on iOS. If you’ve ever bought an indie album via Bandcamp on an iPad, only to receive a Zip archive in return, you’ve run into this roadblock. While the Music app will always primarily be an interface for Apple Music, letting users import audio files is a necessary addition. (The same should be said for adding video files to the TV app.)

Kirk McElhearn:

Rumors of Apple dismantling iTunes are almost as old as the software itself. I can remember people clamoring for its destruction back when Apple added video management to the app, claiming that since it's called iTunes, it shouldn't manage anything but music.

Update (2019-04-16): Colin Cornaby:

My favorite Marzipan “bug” is how it doesn’t understand mouse drags. Really frustrating to use home.

My guess is it’s still the underlying hold-then-drag gesture recognizer that iOS uses, and they don’t want to break apps by automatically getting rid of the hold.

This has existed since the initial betas and I was thinking about tweeting about it then but I said “Well you’re not supposed to share beta screenshots and I’m sure it will be fixed by final” and guess what jokes on me.

Update (2019-05-09): Mark Gurman:

The Mac Podcasts app will be a ported iPad app (Marzipan), but the Music and TV apps will likely be true Mac apps.

Steve Troughton-Smith:

As @_inside revealed it on Stacktrace, I can finally repeat here: the Music app on macOS 10.15 is indeed not a UIKit app, but is a stripped-down and refactored version of iTunes. Including (last I heard) disc burning, smart playlists, & device management

Accessibility Quirk With “Bold Text”

Joe Heck:

When one of my testers ran the app, the toolbar button “disappeared”. It was still there, but rendering white on the white toolbar. It took a while to figure out that the difference between our environments: that Bold Text was enabled in accessibility. Then it took a while longer to find that it wasn’t respecting the local tint, but using the global tint when enabled.

That “Bold Text” being enabled effected the image rendering came as a surprise to me. Some friends indicated they’d seen significant performance issues with Bold Text as well (in cells in a tableview), so they knew that it impacted image rendering – I guess it does something to try and make an image “bolder”, even though it’s not text.

Kindle 9


Meet the all-new Kindle, now with a built-in adjustable front light so you can read indoors and outdoors and at more times of day. Purpose-built for reading, Kindle features a glare-free touchscreen display that reads like real paper, even in direct sunlight.


Designed by Amazon to perfectly fit your Kindle, these slim, form-fitting covers attach securely and fold back for one-handed reading. They automatically put your Kindle to sleep when closed and wake upon opening, making it easy to get back to your story.

I think it’s worth stepping up to the $130 Kindle Paperwhite, which is waterproof and has almost twice the resolution, but it’s cool that you can get a Kindle with a light and the higher contrast screen for only $89.

Update (2019-04-16): Joe Workman:

I bought a like-new Kindle Voyage 2 weeks ago off Amazon for only $80. Replaced my Kindle 3. Very happy with it.


I did the same a few weeks ago. I was upgrading from a Paperwhite 2 and wanted the new waterproof one, but I found out the screen on the Voyage is still superior to everything but the Oasis. I’m so happy with the purchase.

Postmortem: iTunes Affiliate for Apps

Jeff Johnson:

Yesterday, six months later, I finally got paid the remaining balance owed to me as an iTunes Affiliate. Getting paid was an ordeal that took many emails from me to the iTunes Affiliate Program.


I had balances in at least 20 forms of currency. The payments to me are all converted to US dollars, but their payment system is organized by currency, and each currency has a minimum payment threshold. If I recall correctly, the payment threshold was $30, so if your balance in one currency is less than the threshold, you don’t get paid from that balance, and the iTunes Affiliate Program just hoards your money until you reach the threshold.


Be persistent. Mention the $50 manual adjustment. If all else fails, threaten a lawsuit. They’ll want to close your account, but don’t let them close it until after you’ve been paid in full.

I’ve been going back and forth with them for months but didn’t threaten a lawsuit, and they haven’t paid me yet.


Improving the UI of Swift Generics

Joe Groff:

This document tries to provide a foundation for conversations about refining the generics model, not really changing the framework established by the Generics Manifesto, but considering some of its weaknesses, and how we might make it more approachable and easier to use:

  • One of the biggest missing pieces from the original manifesto is generalized existentials. These have been hailed as a panacea for a wide range of problems, but as we’ve explored the idea, we’ve found that there are many use cases that existentials would never be able to address.
  • In particular, although existentials would allow functions to hide their concrete return types behind protocols as implementation details, they would not always be the most desirable tool for this job. We have a gap in the generics model in allowing functions to abstract their concrete return types while still maintaining the underlying type’s identity in client code, and we’ll look at how that gap can be filled.
  • We’ll also look at our existing notation for generics and existentials. Swift follows in the tradition of similar languages like C++, Java, and C# in its generics notation, using explicit type variable declarations in angle brackets, but this notation can be verbose and awkward. We could look at what C++20 is doing with abbreviated templates, and Rust with its impl Trait feature, for ways to make writing generic functions more concise and fluent. Also, protocols currently do double-duty as the spelling for existential types, but this relationship has been a common source of confusion.

Update (2019-04-15): Tim Ekl (Hacker News):

To that end, this post aims to walk through some of the proposals from Joe’s document, explaining the syntax and offering examples of how the changes to generics might look in practice. We’ll pick up a couple technical terms in a practical setting, and wrap up with some details about the open Swift Evolution proposal(s) being considered.

Tuesday, April 9, 2019

Implementing [NSCell copyWithZone:] in Swift to Avoid Crashes in AppKit

Corbin Dunn (tweet):

It looks like using a baseline constraint with Autolayout will cause it to copy the cell to determine the baseline. So, if you are using AutoLayout, be aware of implicit copies that might happen behind your back!

The trouble with [NSCell copyWithZone:] is that it uses NSCopyObject, which blindly assigns ivars from one instance to another and doesn’t do any proper memory management. I didn’t think this would still be an issue in Swift, but apparently it is! See my solution at the top where I simply retain the value during the copy.

He writes:

let _ = Unmanaged<NSColor>.passRetained(previousTextColor)

Toggle System Grayscale Mode

Daniel Jalkut:

The framework name “UniversalAccess” correlates strongly with the “UA” prefix on the pertinent function names we dug up above. Great, so how do we call these? They’re private system functions which means you should not rely on them for production code, but for a quick hack to make toggling grayscale easier? It’s a reasonable risk in my opinion. Here’s a simple C program that takes advantage of the private methods to simply toggle grayscale mode on or off, depending on the current setting.

This is arguably more reliable than using GUI scripting, and definitely faster and less intrusive. Or, if you don’t want use a compiler:

This script takes advantage of Python’s ability to dynamically load an arbitrary shared library and invoke its exported functions.

Update (2019-04-10): Marco Arment:

I love this kind of power and customization, and it’s the kind of thing we’re losing with the dominance of iOS itself and the invasion of the iOS mindset into macOS

Apple Drops $99 Data Migration Fee for New Macs and Repairs

Adam Engst:

Apple has dropped the $99 fee that it previously charged for migrating data from an old Mac to a newly purchased machine. TidBITS reader and TekBasics consultant David Price wrote to tell us that he has generally advised clients to pay Apple to migrate data to newly purchased Macs, but when he accompanied his brother-in-law to pick up a freshly migrated iMac last week, Apple informed him that there was no charge for the service.

Update (2019-04-10): Thomas Brand:

There was never a charge in 2003. We used to even transfer data from booting Windows PCs.

How to Get Bugs Fixed by Apple

Greg Scown:

For example, I received an email with a fractional street address, and Mail’s data detector chopped off the whole number portion of the address. Rather than report the bug with steps in Mail, I figured that the data detector itself was broken and made a very small Xcode Playground to demonstrate the problem. It’s time-consuming to create reductive cases, but it also reduces the likelihood of confusion. Consider that the person reading and reproducing your bug needs to see it as simply as possible.

If there’s no action on your bug, the next step is to mail and request status. Note that it can take a while to get a reply. Filing and following up on getting bugs fixed with Apple is a process, as with anything else.

Previously: The Sad State of Logging Bugs for Apple.

New WebKit Features in Safari 12.1

Jon Davis (Hacker News):

With users’ ability to choose between light and dark color schemes, websites can start to look out of place, or worse, become a blinding and painful experience. To help websites better integrate with the dark appearance setting in macOS Mojave, WebKit provides the supported-color-schemes property and prefers-color-scheme media query to allow a webpage to support light and dark color schemes.

Web content authors can use the @media(prefers-color-scheme: dark) media query to provide dark mode styles that override a default light theme. Alternatively, @media(prefers-color-scheme: light) can be used to provide light styles that override a default dark theme.


The Payment Request API has been updated with granular errors, support for default addresses and contacts configured in Wallet and Apple Pay settings, and special field support for Japan. These changes now bring the Payment Request API to parity with the Apple Pay JS payment system, but with all of the benefits of web standards compatibility. Payment Request is now the recommended way to pay implement Apple Pay on the web.


The Web Share API adds navigator.share(), a promise-based API developers can use to invoke a native sharing dialog provided the host operating system. This allows users to share text, links, and other content to an arbitrary destination of their choice, such as apps or contacts.


Another newly supported element in WebKit is the <datalist> element. The <datalist> element contains a list of <option> elements that provides suggested values for <input> elements.

Previously: Dark Side of the Mac: Appearance & Materials.

Monday, April 8, 2019

macOS 10.14.5 Requires New Developers to Notarize


Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.

In theory, this shouldn’t be a big deal. It’s like Gatekeeper, but signed by Apple. But, in practice, the notarization service sometimes goes down, or takes an unpredictably long time, or silently adds a requirement that wasn’t there the last time you deployed a build. So you never know how long it will take to get a bug fix out.

Via Rosyna Keller:

There’s also a new section about apps with plug-in SDKs and the hardened runtime.

Other sections of the Notarization docs were updated to address developer feedback.


See also: Howard Oakley, Jeff Johnson.

Update (2019-04-09): Rosyna Keller:

Resolving Common Notarization Issues has also been updated.

Additionally, it includes information regarding the fact devs with apps with plugin SDKs no longer have to separately ship a debuggable version and a notarized version.

Felix Schwarz:

TIL why I can no longer enter a fax number in the #macOS Print Dialog & therefore no longer use my Epson MFP to send faxes in #Mojave.

With 10.15 killing 32bit support, my ScanSnap’s software will stop working next.

I’ll soon need a VM to use my Mac for basic office tasks.

Jeff Johnson:

The reality now for Apple OS updates is that there’s no longer a distinction between major and minor updates.

All updates potentially include major new features. Or breakages.

Apple is now a full-on “Agile” shop, for better or worse.

(Narrator: For worse.)

Paul Haddad:

Apple is getting aggressive with this stuff. Normally any Mac changes are years in the making.


This is awful. I really really hope they add an option to disable this just like SIP. I don’t really understand if this is possible.

Probably I need to move from macOS. Its a great OS but this kind of changes that could break anything...

Calum Hunter:

who would want to develop on this platform or use this platform for IT professional services anymore. I’m 18 year veteran mac says admin/engineer and now considering switching to a linux machine to get my work done. apple have lost the plot.

Paulo Andrade:

My question here is: is it really that hard for a bad actor to pass the notarization checks that makes this worthwhile to impose on all other developers?

Jeff Johnson:

No, the whole thing is a complete joke, because apps can software update themselves outside the App Store and avoid Gatekeeper entirely. Submit a harmless version to Apple, notarize it, then flip the switch server-side to update to a new malware version after install.


The technical term would be “security theater”. :-)

John Daniel thinks it will still be effective against adware:

Because they would have to start writing code instead just running an automated app generation script. It is possible, but gets more and more difficult and costly.

Nikolaus Gebhardt:

About 28% of my users running my apps on macOS switched to the Windows version in the last 2 years. Apple now making it even more difficult for devs to create macOS apps will probably not improve this situation for them.


I haven’t worked on macOS for a year or two, but it seems like notarized apps are non-debuggable, and future versions will keep adding friction for non-notarized apps. Is it just me or is the Mac slowly losing its UNIX roots and leaning towards stripping users of control?

Jim Rea:

I haven’t seen any definition of “new developers” -- who fits into that? Does it mean developers that sign up for a developer app starting from today? And how is this enforced on the user’s computer? Or maybe this is enforced during the signing process? Seems weird.

Jeff Johnson:

My guess: info in the DeveloperID cert. It’s the only thing that makes sense at the OS level & explains why it applies “if you’re new to distributing macOS software, regardless of how long you’ve developed for other Apple platforms”. In other words, on generating new DevID cert.

See also: Hacker News and MacRumors.

Update (2019-04-10): Howard Oakley:

As ever, life isn’t quite as simple as Apple’s announcement might seem. It doesn’t, for example, address problems with command tools, which currently don’t pass through Gatekeeper checks, and are often unsigned, although it is possible to attach signatures to them. Apple still doesn’t have a scheme to provide an equivalent to notarization for command tools which aren’t embedded in an app or other code bundle. If you distribute your command tool as part of an Installer package, it is supposed to be possible to get the whole package notarized, although Apple hasn’t detailed a workflow for doing that, nor said whether all installer packages will be required to be notarized. Hopefully some time before 10.15 is released this will become clearer.


Notarization is only checked when you first run an app which has been downloaded from the Internet and has gained a quarantine flag as a result.

Howard Oakley:

The requirement coming for non-App Store apps is notarization. You said its purpose is malware detection. That may be the purpose of uploading apps to Apple, but there’s more to it than that: you can’t notarize an app unless it’s hardened. So what’s the purpose of that?

Jeff Johnson:

There’s no good reason for the requirement. Notarization is a convenient excuse.

Apple is using the threat of Gatekeeper not allowing your app to launch in order force developers to do something Apple wants, self-impose the hardened runtime on your apps.

It’s a jerk move.

Tom Bridge:

Kerio’s VPN Client was now dead in the water and not functional, no matter what I could do to follow up. An inspection (which requires Xcode 10.2 and not just the command line tools) of the kvnet.kext file in /Library/Extensions indicated I did not have a valid kernel extension any longer[…] Without a valid ticket stapled to the kext, I was going to have a problem running it, as the secureTimestamp value is after 2019-03-11.

Well crap. I need that kernel extension to work for my VPN to client locations to work, so how am I going to get around it? Thanks to #notarization on the Mac Admins Slack, and Allen Golbig at NASA Glenn, Graham Pugh, and the help of others, the answer was already in our hands: User-Accepted Mobile Device Management and Team ID Whitelisting in the Kernel Extensions Whitelisting payload in MDM.

Update (2019-04-11): Apple:

We’re working with developers to create a safer Mac user experience through a process where all software, whether distributed on the App Store or outside of it, is signed or notarized by Apple. With the public release of macOS 10.14.5, we require that all developers creating a Developer ID certificate for the first time notarize their apps, and that all new and updated kernel extensions be notarized as well. This will help give users more confidence that the software they download and run, no matter where they get it from, is not malware by showing a more streamlined Gatekeeper interface.

Howard Oakley:

So if I understand these results:

- declare built with 10.14 SDK, hardening is required for notarization
- lie about that, or use older SDK, and you can notarize unhardened apps.

Rich Trouton:

The part about “notarization will be required by default for all software” made me think, because there are a few apps that I’ve written over the years that are still useful (at least to me). All of them were built using Automator, which meant that the usual Xcode-based ways of notarizing applications wasn’t going to work for me.

Update (2019-04-12): Howard Oakley:

So if you’ve got folders full of your own apps which haven’t gained a quarantine flag because they weren’t downloaded from the Internet, or which have already cleared quarantine following download, they will continue to open and run fine in 10.15. Apple hasn’t announced that it’s changing the way that Gatekeeper works, and if it were even to consider that, the penalties would be seismic.

That does, though, leave many wondering how they’re going to be able to share tools as they have in the past. Unfortunately, the news for them isn’t good at all. If you want to make such apps available to others via download, the only way that this will work in 10.15 and later is for you to go through the whole process of signing them with a developer ID and notarization. Probably.


How on earth can an app be hardened, something only available in recent versions of Xcode, to meet the first requirement, but remain unsigned?

The answer seems to rest in what built the app in the first place. If the app declares that it was built using a recent version of Xcode, which supports hardening and notarization, then the latter will expect it to comply with the new and rigorous rules, including code-signing and hardening. If your app is built with an older version of Xcode, or a different tool, then legacy rules apply, as described later in that article.

Twocanoes Software:

We use Packages for easily creating distribution packages, and DropDMG for making great looking disk images. The notarization process involves uploading a copy of the app to the notarization service at Apple, then polling the service until it is complete, then downloading the ticket and “stapling” it to the app. So our new process looks like this:

Archive Build->Upload->Poll Until Success->Staple->Package->Add to DMG

Update (2019-04-22): Howard Oakley:

Typical notarizations take less than 5 minutes, from completing upload to Apple’s server to the app being ready to distribute. It’s been unusual for any to take much longer than that, although there were a couple of occasions last October which were delayed by over an hour. I’ve not had any failures at all, neither have I discovered the service to be unavailable. Generally speaking, I can get an app from final test build to distribution on this server within 10-15 minutes when I need.

Twice, just recently, Xcode 10.2 has reported silly errors as if I wasn’t notarizing but trying to send for review for the App Store. I simply quit Xcode, opened it again, and notarization worked fine.

Undoubtedly your experience will vary, as will mine now that the Notary Service is becoming more heavily used.

Tom Bridge:

So, if you deliver an unstapled object, as DisplayLink has, it may still pass muster, but that requires your machine to be able to talk with Apple at the time of install. If you are operating a network which embraces 802.1X user certificates, and you install software at the login window (with Munki, say) you may run into a circumstance where the software is actually notarized by Apple, but without that stapled ticket, you’re stuck if you can’t talk to Apple to prove it. This will result in a failed install.

Update (2019-04-23): Adam Maxwell:

We had an argument over this on the MacTeX mailing list. The concern is that self-signed software like TeX Live Utility and BibDesk can’t be shipped with MacTeX anymore. I won’t install Mojave, and no way am I paying Apple $100/yr for the privilege of writing free software.

Update (2019-05-09): Mark Munz:

I don’t understand why @Apple

1) Pushes devs to get apps notarized.
2) Makes that work virtually invisible to user.

w/o digging into Package contents, doesn’t seem to be a way for users to look at app & know whether or not it is notarized.

Update (2019-05-23): Rosyna Keller:

FWIW, if your software meets the “requires notarization” criteria on macOS 10.14.5 but isn’t notarized, the user will see a dialog similar to this.

Update (2019-05-30): Howard Oakley:

As the dust settles on the recent Mojave 10.14.5 update, I’ve been looking at its undocumented change in the way that it handles kernel extensions. This article examines how this could trip you up, as it already has done for many users who tried to install Oracle’s VirtualBox 6.0.8.


A workaround was quickly posted to user forums, to restart in Recovery mode and enter the following code in Terminal there:

spctl kext-consent add VB5E2TV963

The last group of characters is Oracle’s Developer ID.

And since then it looks like Oracle has notarized the extension, so it works even though it isn’t stapled.

Update (2019-06-14): Matt:

I can’t notarize anything due to this error, and Apple support has been no help.

Update (2019-06-17): Rosyna Keller:

Starting in macOS 10.14.6 beta 2, Mojave will now load tickets stapled to installer packages even if they aren’t quarantined to aid in automated installs of kexts.

Update (2019-07-23): Rosyna Keller:

If the disk image is signed, it needs to be notarized (this is true on 10.14.5+ too for signing certs issued after April 7th). Unsigned disk images subject to translocation don’t need to be notarized.

In summary: to avoid Gatekeeper Path Randomization you need to code sign your disk image, and if you do that then notarizing the app on the disk image via Xcode is not enough. You need to use the custom notarization workflow, i.e. altool, to notarize the disk image, too.

John Gruber:

This is shit.

Codextended: Extension for Swift’s Codable

John Sundell (tweet):

However, once some form of customization is needed — for example to transform parts of the decoded data, or to provide default values for certain keys — the standard Codable API starts to become really verbose. It also doesn’t take advantage of Swift’s robust type inference capabilities, which produces a lot of unnecessary boilerplate.

That’s what Codextended aims to fix.


Codable already comes with support for custom date formats through assigning a DateFormatter to either a JSONEncoder or JSONDecoder. However, requiring each call site to be aware of the specific date formats used for each type isn’t always great — so with Codextended, it’s easy for a type itself to pick what date format it needs to use.

Previously: Even More About Swift’s Codable.

Apple Books Category Icons

Ryan Jones highlights some good work from Apple’s icon designers:

These icons are unreal.

Carl Jonard:

Weird… some of the icons are different for text vs. audiobooks.

Netflix No Longer Supports AirPlay

Juli Clover (tweet):

The Netflix app for iPhone and iPad no longer appears to support AirPlay, based on an updated support document found on the Netflix website.

According to Netflix, AirPlay is no longer supported on iPhone, iPad, or iPod touch due to “technical limitations.”


A Netflix spokesperson provided further explanation on the company’s decision to discontinue support for AirPlay on iOS devices, attributing it to the rollout of AirPlay support on third party devices and an inability to distinguish between them:

We want to make sure our members have a great Netflix experience on any device they use. With AirPlay support rolling out to third-party devices, there isn’t a way for us to distinguish between devices (what is an Apple TV vs. what isn’t) or certify these experiences. Therefore, we have decided to discontinue Netflix AirPlay support to ensure our standard of quality for viewing is being met. Members can continue to access Netflix on the built-in app across Apple TV and other devices.

Marco Arment:

Media outlets aren’t being critical enough of Netflix here.

Their argument is effectively “We can’t tell which TV you’re using, so you aren’t allowed to send video to TVs anymore.”

It’s complete bullshit, and an uncharacteristically customer-punishing move from Netflix.

Peter N Lewis:

I expect it is a licensing issue, the same way you cannot watch Netflix in Safari if you have a Apple Cinema HD Display plugged in - they cannot tell that it is a secure channel and not a channel being saved to disk - it sucks but not entirely surprising.


Translation: AirPlay coming to non-Apple devices makes it difficult for us to prevent piracy. At least that’s my interpretation.

See also: Dan Masters.

Reddit’s /r/Piracy is Deleting Almost 10 Years of History to Avoid Ban

Andy (via Hacker News):

In an article published mid-March 2019, we reported how the moderators of the forum were making best efforts to keep content on the right side of the law and within Reddit’s rules. Just a handful of days later, however, the moderators received notice from Reddit that they were receiving too many copyright complaints from rightsholders.

For a sub-Reddit that has strict rules forbidding anyone posting links to infringing content, the notification came as a disappointment. While some complaints were legitimate (some people simply won’t abide by the rules and some posts do get missed), many were not. This placed the forum’s moderators between a rock and a hard place.


Uncertain of what lay in the archives and only being in a strong position to be absolutely certain of the state of play more recently, they asked the community for input on the ‘Nuclear Option‘ – deleting every post older than six months old, just to be sure.

Friday, April 5, 2019

The Golden Age of YouTube Is Over

Julia Alexander (Hacker News):

The Philippous’ story is part of a long-brewing conflict between how creators view YouTube and how YouTube positions itself to advertisers and press. YouTube relies on creators to differentiate itself from streaming services like Netflix and Hulu, it tells creators it wants to promote their original content, and it hosts conferences dedicated to bettering the creator community. Those same creators often feel abandoned and confused about why their videos are buried in search results, don’t appear on the trending page, or are being quietly demonetized.

At the same time, YouTube’s pitch decks to advertisers increasingly seem to feature videos from household celebrity names, not creative amateurs. And the creators who have found the most success playing into the platform’s algorithms have all demonstrated profound errors in judgment, turning themselves into cultural villains instead of YouTube’s most cherished assets.

MailSuite 1.0.7


With MailSuite we have consolidated our four(4) previous plugins into a single plugin. The MailSuite app acts as the plugin manager for the MailSuite plugin and helps with the communications between the MailSuite plugin and Mail. The MailSuite app also manages the installation and updating of the individual components (MailTags, Mail Act-On, SigPro, Mail Perspectives).

This makes a big difference because Mojave has really increased the friction for installing and updating Mail plug-ins. Each component is now a meta plug-in that can be updated without updating the actual Mail plug-in (which requires reauthorization in Mail).

The MailTags component is being overhauled to move the syncing of tag data from the internals of messages relying on the email server for synchronising, to separate, associated records that are encrypted and stored on a SmallCubed managed server.

EagleFiler 1.8.7 knows about the new MailTags storage format and will preserve the tags, projects, and notes when importing messages.


MailSuite users who want to synchronise their tagged messages on multiple computers will need to use SmallCube’s new Tag Syncing Service. MailSuite uses end-to-end encryption on all stored data. This means that data is encrypted before it is sent to the server and can only be decrypted on the user’s devices using the same Tag Syncing Service profile. SmallCubed does not have access to the keys that are used to encrypt/decrypt the data.

Notably, the optional server feature does not require a subscription.

Previously: Mojave Privacy Protection Aftermath.

HoudahSpot 5.0

Houdah Software:

Folding Text Preview — Text Preview can focus on paragraphs that match your search. This makes it easier to see the context in which the text was found.


New filter options — Filter – show or hide – search results by name, path, or folder names. For example, when you want to find all photos in folders named “vacation”, it is quicker to use filters than to list all of these folders as search locations. Just run a search for photos in your home folder. Then filter the results to see only photos where a parent folder is named “vacation”.


Quicker criteria setup — While entering criteria values in the Refine pane, you can press a keyboard shortcut to add another criterion for the same attribute. For example, when searching for file names that contain both “Houdah” and “Software”: Fill in the “Name” criterion by typing “Houdah”. Then press Command-Option-Return to get a new row. Then type “Software”.

App Store Connect Change Breaks Fastlane

Renaud Lienhart:

Apple has yanked an App Store Connect endpoint fastlane was relying on, and the whole iOS development world has come to a standstill 😒[…]

Would it be too hard for them to work with the community, provide a probation period? 😕

John Sundell:

I think the larger issue here is that many teams are structuring their entire workflow around a tool that relies on private Apple APIs (which are bound to change at any time). fastlane is awesome, but I would never put myself in a position where I can't keep working without it 🙂

Previously: Apple Acquires Buddybuild.

Apple Discouraging Photo Recovery From Damaged Devices

Mike Wuerthele and Malcolm Owen:

After querying third-party repair outfits nearby, the Billards were referred to a company near Rochester, New York called iPadRehab. The firm, operated by Jessa Jones who formed the company following a similar water-based mishap of her own and taught herself how to repair iPhones, was able to get the iPhone up and running enough to recover the data for the couple.

The report then moves towards how Apple’s advice the pictures were unrecoverable is a common statement from the company. Jones claims “The most common answer - and I hear this from customers all the time - is ‘there is no way to get your pictures from your iPhone if it won’t turn on.’ It’s heartbreaking, because it’s absolutely not true.”


While her company is doing well from Apple’s unwillingness to service water-damaged iPhones, the report highlights issues Jones has when posting to the Apple Support Communities, a section of Apple’s website where users can offer advice to others for issues with problematic devices. When Jones writes posts to the forum advising that water-damaged devices could undergo a repair via non-Apple authorized means, her posts are removed as being “inappropriate,” and eventually the account itself is banned.


The CBC put a lot of weight on the Apple support forums as a venue for data. However, Apple in no way participates in the forums, nor issues any form of formal statement regarding data recovery there.

See also: Louis Rossmann.

Via Josh Centers:

Yes, people were generally okay with Apple being locked down as long as the products were dependable. That’s increasingly not the case. Meanwhile, Apple is going to greater lengths to prevent repair.


Thursday, April 4, 2019

Microsoft Shuts Down E-book Store


Starting April 2, 2019, the books category in Microsoft Store will be closing. Unfortunately, this means that starting July 2019 your ebooks will no longer be available to read, but you’ll get a full refund for all book purchases. See below for details.

While you can no longer purchase or acquire additional books from the Microsoft Store, you can continue to read your books until July 2019 when refunds will be processed.

Cory Doctorow (tweet, via Chris Turner):

This puts the difference between DRM-locked media and unencumbered media into sharp contrast. I have bought a lot of MP3s over the years, thousands of them, and many of the retailers I purchased from are long gone, but I still have the MP3s. Likewise, I have bought many books from long-defunct booksellers and even defunct publishers, but I still own those books.

Safari Link Tracking Can No Longer Be Disabled

Jeff Johnson (tweet):

Notice that when you hover over the “Ping Me” link, you only see the href URL, you don’t see the ping URL, so you don’t even know that the attribute exists unless you look at the HTML page source. When you click the link, it loads the page as expected. But it also sends an HTTP POST request to without any visible indication to the user. You can only see it if you do a packet trace. It should come as no surprise that the primary usage of hyperlink auditing is for tracking of link clicks.


Apple shipped Safari 12.1 last week to the public with no way to disable hyperlink auditing. I hope to raise awareness about this issue, with the ultimate goal of getting hyperlink auditing disabled by default in Safari. Apple claims that Safari is supposed to protect your privacy and prevent cross-site tracking, but hyperlink auditing is a wide open door to cross-site tracking that still exists.

Eric Jacobsen:

If anyone is curious why this attribute was introduced: it’s supposed to be an alternative to those chains of redirects that publishers often put in front of outbound links.

User gets a direct link to destination instead of redirects (good), publishers and advertisers still get their data async (creepy, but arguably better than the alternative)

Imo is fine as long as there’s an opt-out, which chrome and ff have but oddly Safari just dropped.

Is Apple’s reasoning that making it an option would prevent sites from using ping? It’s better to have access to the real URL with a compulsory ping than to be forced to use a redirect chain that’s slower and no more private.


With privacy and online tracking being such a large problem and major concern for many users, you would think that browser developers would give you the option to disable anything that could affect your privacy.

Unfortunately, this seems to be going in the reverse direction when it comes to hyperlink auditing.


Of all the browsers I tested, only Brave and Firefox currently disable it by default and do not appear to have any plans on enabling it in the future.


It turns out that Google uses hyperlink auditing in their search result pages. Every time you click on a search result link, your browser will also send HTTPS POST request back to a Google url in order to track the click.

Jeff Johnson:

Anchor ping is not an alternative form of tracking, it’s an additional form of tracking. We still have all the other forms of tracking along with this one. It may be true that if advertisers don’t have anchor ping, they’ll just use alternative methods, but the belief that advertisers won’t use alternative methods of tracking if they have anchor ping has proven to be completely false. Anchor ping also turns out to be an advertiser’s dream feature. It’s completely invisible to the user, and it’s more powerful and reliable than the other tracking methods.


Anchor ping was supposed to be transparent as in easily perceived by the user. Instead, anchor ping has become “transparent” as in invisible to the user. The browsers never informed the user about the ping notifications. And now browsers such as Safari and Chrome are removing the ability of the user to disable the notifications. As far as privacy is concerned, this is not “a wash” compared to previous tracking methods. It’s a cover-up.

I still can’t figure out what users gain by not being informed of both the target URL and the redirect. When links are being used for tracking purposes, it makes sense to show the contents of the href so that users aren’t misled; but, if we start assuming all browser features will be used maliciously, it is easy to see why the ping attribute should also be visible to the user.

Researchers have found that the HTML feature called hyperlink auditing, or pings, is being used to perform DDoS attacks against various sites. This feature is normally used by sites to track link clicks, but is now found to be abused by attackers to send a massive amount of web requests to sites in order to take them offline.


The yo.js script, shown below, would randomly select one of the above sites and create a HTML ping URL with that site as the ping target. It would then programmatically click on the link as shown by the command.

The JavaScript would then create a new HTML ping URL and click every second. So the long a user was on this page, the most clicks they would generate.

Just turning off the Ping attribute or the Beacon API doesn’t solve the privacy implications of link click analytics. Instead, it creates an incentive for websites to adopt tracking techniques that hurt the user experience. In effect, the choice between supporting Ping and not is not one of privacy, rather it is a choice between a good user experience and a bad one.


Until recently, Safari supported an internal User Defaults flag to disable support for the Ping attribute. It was never our intention to surface this flag as a customer setting. We think it’s misguided to offer users the ability to disable web-facing features if doing so doesn’t disable or prevent the ends of that technology. Instead, Intelligent Tracking Prevention and Content Blockers offer users different levels of support for categorically affecting link click analytics.

However, currently it seems like neither can be used to categorically block pings.

Jeff Johnson:

The Chromium team is finally coming around[…]


I think Apple just found itself on the wrong side of history, now as the only browser vendor defending a user tracking technology.

Ricky Mondello:

We agree that <a ping> should be more transparent. I publicly filed this bug to track improving this for WebKit and Safari[…]

This is weird because his bug notes that Safari is not to spec, yet Wilander’s blog post makes it sound like the Safari team likes the current behavior.

Fortunately, I have a solution for you now! Last night (as soon as I could get approved by Apple) I released StopTheMadness 6.0 in the Mac App Store. If you click on a link with the “ping” attribute, StopTheMadness 6.0 will now remove that “ping” attribute, thereby preventing your clicks from getting tracked by hyperlink auditing.

Mozilla has told BleepingComputer that they will be enabling the tracking feature called hyperlink auditing, or Pings, by default in Firefox.


After Mozilla’s response, we also contacted Brave Software to ask if they had any plans to enable hyperlink auditing in their browser.

“Disabling hyperlink auditing is a crucial privacy feature, and Brave has always disabled this by default,” Catherine Corre, Head of Communications at Brave Software, told BleepingComputer via email. “Brave users expect this protection from our browser.”

Jeff Johnson:

Today, Google shipped Chrome 74 to the public, and this hidden preference is now indeed gone for everyone. The change log for Chrome 74 includes the removal of disable-hyperlink-auditing from Chromium.

macOS 10.14’s Software Update Release Notes

John Gruber:

But the sheet containing the release notes can’t be resized. You see about 9 lines of text at a time, and there’s nothing you can do about it.

Worse, the text can’t be selected, so you can’t even copy and paste it into TextEdit or some other app to read it comfortably. They even have URLs at the bottom of the note, pointing to support pages on which contain even more details about the update — but the URLs aren’t clickable. Can’t copy them, can’t click them — the only way to actually open these URLs is to retype them manually.

Apple’s newest Mac software designs just don’t seem to work very well.

Steven Aquino:

What @gruber doesn’t mention here is worth a shout by me: Reading release notes on the Mac—or anything else—is damn near impossible if you’re visually impaired. You could use Zoom, but again, 10.15 better bring Dynamic Type to macOS.

Previously: macOS 10.14 Mojave Released.

BBEdit Returns to the Mac App Store With Subscription

Bare Bones Software (tweet, Phil Schiller, 9to5Mac, MacRumors):

In the spring of 2018, Bare Bones and Apple announced that, subsequent to the release of macOS Mojave (10.14) and the accompanying refresh of the Mac App Store, BBEdit would be returning to the store.

This was made possible by changes to the OS itself which allow Mac App Store versions of BBEdit to function to their fullest extent while complying with Mac App Store rules; as well as changes to the Mac App Store business mechanics which make it possible for us to distribute our software through the Mac App Store as part of a sustainable business model.


There are two levels of paid subscription:

  • Annual: US$39.99 per year (may vary in other locales)
  • Monthly: US$3.99 per month (may vary in other locales)

You may install BBEdit at no charge via the Mac App Store, and use it either with a paid subscription or in Free Mode.

They are still offering “perpetual” licenses for $50. There’s been a paid upgrade every three years. BBEdit 12 was a $40 upgrade, BBEdit 11 was a $30 upgrade, BBEdit 10 was a $40 upgrade, and BBEdit 9 was a $30 upgrade (with a full price of $125).

Steve Troughton-Smith:

If you’re curious about BBEdit’s MAS entitlements, as I was, you can see them here; it says a lot that everybody is still relying on ‘temporary’ sandbox exceptions just to make life in the MAS possible

Jeff Johnson:

There’s a kind of dilemma with having both MAS subscriptions and non-MAS 1-time licenses:

If you ever want to have a non-MAS paid upgrade again, you’ve got to hold back new features. But then subscribers get nothing new for their continued payments.

Paulo Andrade:

I always thought the argument that subscriptions allow developers to not bundle features in major versions a bit moot. Having a big update makes it a lot easier to do marketing around it and that’s kind of a big deal. Having a subscription doesn’t change that.


Update (2019-04-05): John Gruber:

The App Store has welcomed BBEdit back warmly, with a nice top-of-the-front-page feature on developer Rich Siegel and BBEdit’s incredibly long history as a Mac stalwart, along with two other features: “BBEdit: A Writer’s Secret Weapon” and “Tame Your Text Files” — both good guides to BBEdit’s rich feature set. (Those App Store articles will open in the App Store apps on Mojave or iOS.)

Wojtek Pietrusiewicz:

I can’t read the @bbedit @AppStore features on my iPad. First of all I found the links to the stories on @gruber’s @daringfireball. Clicking the links does nothing on my iPad however. One tried to open iTunes and failed, the other just silently failed.

Previously: App Store Covers RSS Readers.

HomePod Price Reduced to $299

Tim Hardwick:

Apple today cut the price of HomePod on its online store by $50, with the smart speaker now listed for $299, down from $349. The price drop follows recent promotional discounts at several third-party retailers across the U.S.

I wonder whether that will affect sales much. My gut feeling is that $250 would have been a lot more interesting and that there are not that many more people who would want a HomePod for $300 than for $350.

Joe Rossignol:

In a new entry in its Machine Learning Journal, Apple has detailed how Siri on the HomePod is designed to work in challenging usage scenarios, such as during loud music playback, when the user is far away from the HomePod, or when there are other active sound sources in a room, such as a TV or household appliances.


Update (2019-04-05): Marco Arment:

It’s a lot like the Apple Watch: great at a few core things, mediocre for some others, and regularly fails at simple tasks.

Great for music, as long as it’s Apple Music. Great for HomeKit. Mediocre for assistant tasks. Mediocre for timers.

Siri makes — and breaks — the HomePod.

If music quality is a high priority, it’s a good option.

But if so, you’ll really want two of them in a stereo pair, which is a HUGE improvement in music quality. Budget accordingly.

Wednesday, April 3, 2019

Powerbeats Pro

Chris Welch (MacRumors):

A couple of weeks after Apple shipped its second-generation AirPods, the company’s Beats division is finally making its own entrance into the true wireless earbuds market. The new $249.95 Powerbeats Pro ship in May and are Beats’ most significant product in years. I get the feeling that, for many people, these are going to prove even more compelling than AirPods. They offer longer battery life, they seal fully in your ears without letting in outside noise, they include the same Apple H1 chip as the latest AirPods for hands-free “Hey Siri” voice commands, and yes, to my ears, the Powerbeats Pro sounded better during my brief introduction to them.

This sounds great. They’re also water-resistant and have physical volume controls. Downsides: the case is too large for a pocket, no Qi charging. I wonder whether the isolation is good enough for airplane use.


Update (2019-04-08): Rene Ritchie:

Play pause can happen when you put Powerbeats Pro in or take them out, just like AirPods, but where AirPods are all stealth and you can tap invisible quote-unquote buttons to do one thing of your choosing, Powerbeats Pro have legit physical hardware controls. There's volume up and down, right on the top, and the big B button on the outside, which you can even long-press to pass on a call.

Matt Birchler:

How much bigger could the PowerBeats charging case be than AirPods?

*checks it out*

Mother of god…

Xcode Custom Search Scopes

Paulo Andrade:

In my case, my source code comes down to Objective-C, C, and Swift files. So I just create a code that search for any file with the .m, .h, .c and .swift extensions.


But most of the time when searching for localized strings I’m just interested in the Base localization. I never touch the translated files inside Xcode, these are synced with my translation service. So by using this scope, whenever I’m searching for a localized string I just get back the base localization files.


Last but not least, when your working on a given feature it’s usual to have a set of modified files you’re working on. Sometimes you’ll want to search for something on only this set of related files.

Update (2019-10-31): Erica Sadun:

Now, interestingly enough, this list fails to offer “does not contain” but that’s fairly easy to work around. Since Xcode supports regex matching, you can easily replicate “does not contain” with an appropriate regex.

You can also do a regular contains match and put it inside a None of the following conditions are met group.

Accessors Have Message Obsession

Marcel Weiher (tweet):

Every single attribute of every single class gets its own accessor or accessor pair, again with the action (get/set) mushed together with the name of the attribute to work on. The solution is the same as for the directions in Nat’s example: there are only two actual messages, with reified identifiers.

These, of course, correspond to the GET and PUT HTTP verbs. Properties, now available in a number of mainstream languages, are supposed to address this issue, but they only really address to 2:1 problem (getter and setter for an attribute). The much bigger N:2 problem (method pair for every attribute) remains unaddressed, and particularly you also cannot pass around, store or perform calculations on the identifier.

UTF-8’s History and Virtues

Rob Pike:

What happened was this. We had used the original UTF from ISO 10646 to make Plan 9 support 16-bit characters, but we hated it. We were close to shipping the system when, late one afternoon, I received a call from some folks, I think at IBM - I remember them being in Austin - who were in an X/Open committee meeting. They wanted Ken and me to vet their FSS/UTF design. We understood why they were introducing a new design, and Ken and I suddenly realized there was an opportunity to use our experience to design a really good standard and get the X/Open guys to push it out. We suggested this and the deal was, if we could do it fast, OK. So we went to dinner, Ken figured out the bit-packing, and when we came back to the lab after dinner we called the X/Open guys and explained our scheme. We mailed them an outline of our spec, and they replied saying that it was better than theirs (I don’t believe I ever actually saw their proposal; I know I don’t remember it) and how fast could we implement it? I think this was a Wednesday night and we promised a complete running system by Monday, which I think was when their big vote was.

So that night Ken wrote packing and unpacking code and I started tearing into the C and graphics libraries. The next day all the code was done and we started converting the text files on the system itself. By Friday some time Plan 9 was running, and only running, what would be called UTF-8. We called X/Open and the rest, as they say, is slightly rewritten history.

Why didn’t we just use their FSS/UTF? As I remember, it was because in that first phone call I sang out a list of desiderata for any such encoding, and FSS/UTF was lacking at least one - the ability to synchronize a byte stream picked up mid-run, with less that one character being consumed before synchronization. Becuase that was lacking, we felt free - and were given freedom - to roll our own.

Ken Thompson:

Below are the guidelines that were used in defining the UCS transformation format:

1) Compatibility with historical file systems:

Historical file systems disallow the null byte and the ASCII slash character as a part of the file name.

2) Compatibility with existing programs:

The existing model for multibyte processing is that ASCII does not occur anywhere in a multibyte encoding. There should be no ASCII code values for any part of a transformation format representation of a character that was not in the ASCII character set in the UCS representation of the character.

3) Ease of conversion from/to UCS.

4) The first byte should indicate the number of bytes to follow in a multibyte sequence.

5) The transformation format should not be extravagant in terms of number of bytes used for encoding.

6) It should be possible to find the start of a character efficiently starting from an arbitrary location in a byte stream.

Rich Felker:

Not only do ASCII bytes never appear in multibyte UTF-8 chars; NO character is ever a substring of another character.

UTF-8 was really a work of brilliance, guaranteeing what’s pretty much a maximal set of important desirable properties like this.

Of course the desirable properties necessitate one property that’s hard to like: not all byte sequences can be legal/valid.

See also: The History of Unix (via Hacker News).


Update (2019-04-04): See also: Hacker News.

Tuesday, April 2, 2019

High Memory Use With Vapor and MySQL

Tanner (via Ilja A. Iwas):

MySQL 3.2.4 has been tagged with a fix that reduces peak memory usage by 10-15x for the sample project. See vapor/mysql#232 if you’re interested to see what was fixed.


Here’s a small recap of what went wrong, and also why it took so long to find it. The main blocker was that we initially thought this was a Linux-only memory leak[…]


The problem was not leaking memory, but overly high peak memory usage which lead to fragmentation. Which, importantly, we were also seeing on macOS. This meant it was highly likely the problem was in Vapor.


Due to optimizations in Swift’s String, Valgrind may think bytes have been “definitely lost” even though they haven’t. This seems to only happen when you stop Valgrind while it is still busy doing work.


To help prevent issues like this from happening in the future, we need to improve Vapor’s DB driver performance benchmarking. Currently, benchmarks are for small, unrealistic models and test run time only. Benchmarks that could have caught this issue early would test realistically sized models (with diverse properties and types) and also memory usage alongside run time. Implementing these benchmarks is unfortunately much easier said than done, but it’s something that has been on our list long before this issue.

Using Drag and Drop with NSTableView

Nate Thompson (via Daniel Jalkut):

I recently tried to implement drag and drop with NSTableView in a project and ran into a bunch of issues with finding resources that actually helped. Such is the life of a Cocoa developer. So here’s my attempt at the definitive guide to drag and drop with NSTableView. (This should also apply to NSOutlineView, since they work in a similar way.)


There’s a bug in NSTableView that requires implementing tableView(_:heightOfRow:) to get the gap style to animate correctly.


Passing -1 and on will highlight the entire table view.

Unfortunately, I have not found that highlighting to be reliable since macOS 10.14.

Withholding AppleCare

Nigel Kersten:

I don’t think I’ve ever really told the story on Twitter about the time Steve Jobs sent me a polite but dismissive email and then proceeded to make my life at work rather hellish.


So these new Macs came out and you couldn’t run OSX 10.3.9 on them, only 10.4.x

But Pro Tools wouldn’t run on 10.4 and digidesign were not looking like they’d have support ready before the start of the school year.

So I started poking at 10.3.x to see if I could fix it.


I get a phone call from AppleCare

“Hi I have to tell you that if you run those computer labs on OS X 10.3 we’re not going to honor your warranties for any of your Macs. Been told to tell you. Bye”

Kickstarting Watch App Development

Pádraig Kennedy:

The single biggest thing Apple could do to kickstart Watch app development imho is to sell developer units that you can connect to directly with a wire, just like the ones Apple uses to do watch app development.

(I made one of our developers work on the watch for a week and I feel guilty and am trying to figure out how to make it up to them.)

Marco Arment has made similar comments. The more unpleasant an area of development is, the more people will want to do something else instead.

Joe Cieplinski:

I second this suggestion. Wireless debugging of watch apps is still a nightmare.


Falsehoods About Time and CSVs

Zach Holman:

I’ve made notes of the egregious things I’ve learned about programming with time and pulled them together as a talk. This is the written companion piece, which is sort of a super set of the talk, since I had way more notes than what I could shove in a single talk.

Beyond that, though, there’s also a lot about time itself that is properly hilarious, and it’d be a travesty to not talk about the country that recently decided to skip a certain day, or that the Unix epoch isn’t technically the number of seconds since January 1970, or that February 30 happened at least twice in history.

Jesse Donat (Hacker News):

Much of my professional work for the last 10+ years has revolved around handling, importing and exporting CSV files. CSV files are frustratingly misunderstood, abused, and most of all underspecified. While RFC4180 exists, it is far from definitive and goes largely ignored.

Partially as a companion piece to my recent post about how CSV is an encoding nightmare, and partially an expression of frustration, I've decided to make a list of falsehoods programmers believe about CSVs. I recommend my previous post for a more in-depth coverage on the pains of CSVs encodings and how the default tooling (Excel) will ruin your day.


Monday, April 1, 2019

What’s New in Swift 5.1

Paul Hudson:

SE-0068 expands Swift’s use of Self so that it refers to the containing type when used inside classes, structs, and enums. This is particularly useful for dynamic types, where the exact type of something needs to be determined at runtime.


In Swift 5.1 this confusion now prints a warning: “Assuming you mean ‘Optional.none’; did you mean ‘BorderStyle.none’ instead?” This avoids the source compatibility breakage of an error, but at least informs developers that their code might not quite mean what they thought.


Well, in Swift 5.1 we can now use switch/case pattern matching to match optional enums with non-optionals, like this[…]


SE-0240 introduces the ability to calculate and apply the differences between ordered collections. This could prove particularly interesting for developers who have complex collections in table views, where they want to add and remove lots of items smoothly using animations.

Or for use in test cases.

Because Swift now ships inside Apple’s operating systems, new features like this one must be used with an #available check to make sure the code is being run on an OS that includes the new functionality. For features that will land in an unknown, unannounced operating system shipping at some point in the future, a special version number of “9999” is used to mean “we don’t know what the actual number is just yet.”

Texting Means Never Having to Say Goodbye

Jane C. Hu (via Hacker News):

I thought about the last time I’d actually typed ttfn. I imagine it was at least 18 years ago, on my family’s Gateway desktop during the era of dial-up AOL. And then I realized I couldn’t remember the last time I said “g2g,” or even “bye,” in an online conversation. I asked some friends in a group chat if they ever say goodbye when chatting digitally. “They never really have a beginning. Do they also not have an end?” said my friend Dan. Another friend, Mitch, chimed in with a diagnosis: “It’s because we never go offline anymore.”


In a 2016 study, many respondents say they read into a lack of response. It’s especially confusing when your conversational medium tells you if someone is currently online, or has already read your messages, like the “read” labels in iMessage, the green dot by your name in Slack, or the blue tick mark on WhatsApp messages. “When WhatsApp introduced the blue tick [that shows when you’re online], that introduced a lot of anxiety,” she says.

Alternatives to Mac Laptops

Dieter Bohn (tweet):

Even though the XPS 13 has a strong pedigree, it’s worth talking about again. It was one of the first mainstream laptops with a nearly edge-to-edge screen. It doesn’t go in for 360-degree hinge tricks — there’s the XPS 13 2-in-1 for that — it was just always a good, well-built laptop. It has become something of a default alternative to the MacBook Air for Windows users — something thin, light, stylish, and also reliable.


The 2019 version of the XPS 13 starts at $899, but I think most people will want to step up to the $1,199 (as of this writing) version. That will get you a Core i5 processor, 8GB of RAM, 256GB of storage, and the 1080p screen.


The keyboard on this machine is excellent, with a very good balance of key travel, firmness, and thinness. I don’t love that the page up and page down buttons are crammed in next to the arrow keys […]

But at least it has those keys.

Dell quotes up to 21 hours of battery life with the 1080p screen and around 12 for the 4K. As usual, I think those estimates are super optimistic, but that doesn’t mean I think the battery life on this laptop is bad.


I am mostly pleased with the port choices: there are two Thunderbolt ports on the left, one USB-C port on the left, a headphone jack, and a microSD card slot. It would have been nicer if Dell had found a way to bring back a USB-A port, but it at least includes a dongle in the box.


And the USB-C power brick is just plain thoughtful in its design: it’s easy to wrap the cord around it cleanly and compactly.

Nolan O’Brien:

I find myself at a crisis somewhat. This 300 dollar chromebook is by all metrics a pos harware-wise, but the damn thing outperforms my $2000 MBP for normal non-dev use cases.

And it’s keyboard kills the butterfly keys of Apple. Plus it has really good drawing tablet mode

I would have expected needing to go to an equally expensive Windows machine to get out of the plodding degradation of macOS, but I can actually get away with a cheap chromebook.


I can’t even fathom why folks would do iPad leasing at schools given how much better using a chromebook is. This is after expecting it to not be any good, but being proven wrong.

Thomas Reed:

Since there is, definitively, already malware that can affect Chromebooks, it’s reasonable to install antivirus software on a Chromebook. And since Chromebooks are increasing in popularity, it’s also reasonable to assume cybercriminals will continue to develop more malware to get their piece of the pie. Once Pandora’s Box has been opened for a device, operating system, browser, or other platforms, we’ve never once seen the bad guys back away from it.

However, there is a catch to all of this. And to discover the catch, you must first answer this question: Does your Chromebook support Google Play?

Not all Chromebooks do. If yours does not, it cannot download malware through Google Play, much less third-party app stores, because it cannot download any apps at all.


Update (2019-04-02): scott:

My alternatives are:

Macbook - Dell XPS 13 ($899)
MacBook Air - Lenovo 14e ($279)
MacBook Pro - Lenovo X1 ($1,139) or Pixelbook ($799 on sale)
iMac Pro/Mac Pro (Xeon, ECC) - Lenovo P1 ($2,059)

Key iOS Chip Architect Departs Apple

Chris Jenkins:

Gerard Williams III, lead designer of Apple’s custom iOS chips from A7 to A12X, has departed the company, according to CNET. While no indication of a change has been made on his LinkedIn profile, it does offer a glimpse into his design prowess.


He came to Apple with a splash, as the A7 was Apple’s first 64-bit CPU core. This design arrived on the market over a full year before competitors like Qualcomm and Samsung could respond and largely cemented the technical prowess of the SoC team Apple had created.

If confirmed, his departure would follow the more well-known CPU architect Jim Keller, who was part of Apple’s acquisition of PA Semi. More recently, Apple’s SoC team lost its lead Manu Gulati, whose vacated role was assumed by Williams.

Seems like we were just hearing that all the top people were going the other way.

Paying to Whitewash Wikipedia Pages

Ashley Feinberg (via Hacker News):

The vast majority of the people who propose and make changes to Wikipedia are volunteers. A few people, however, have figured out how to manipulate Wikipedia’s supposedly neutral system to turn a profit.

That’s Sussman’s business. And in just the past few years, companies including Axios, NBC, Nextdoor and Facebook’s PR firm have all paid him to manipulate public perception using a tool most people would never think to check.


One of Wikipedia’s more well-known rules is its prohibition on editing pages that you have any sort of direct connection to. This, along with the fact that it’s humiliating to get caught editing your own Wikipedia page, is usually enough of a deterrent to companies and public figures looking to inject a positive spin. But those looking to get around the site’s conflict of interest rules aren’t totally without options. Anyone, even someone financially tied to the subject in question, is allowed to merely suggest edits in the hopes that a less conflicted editor might come by, agree, and implement the changes for them. This is where a paid editor like Sussman comes in.


He often replies to nearly every single bit of pushback with walls of text arguing his case. Trying to get through even a fraction of it is exhausting, and because Wikipedia editors are unpaid, there’s little motivation to continue dealing with Sussman’s arguments. So he usually gets his way.