Archive for April 2019

Monday, April 22, 2019 [Tweets] [Favorites]

Joe Armstrong, RIP

Francesco Cesarini (Hacker News):

It is with great sadness that I share news of Joe Armstrong’s passing away earlier today. Whilst he may no longer be with us, his work has laid the foundation which will be used by generations to come. RIP @joeerl, thank you for inspiring us all.

Sugandha Lahoti:

Dr. Armstrong was best known for helping lay foundations in the ’70s and ’80s to the most widely spread concurrency models as we know them today. In concurrent programming, multiple events, code snippets or programs are perceived to be executing at the same time. Unlike imperative languages, which uses routines or object-oriented languages, which use objects. Concurrency oriented languages use processes, actors, and agents as the main building blocks. Dr. Armstrong helped propel concurrency programming at a time when there was no IoT, web, massive multi-user online games, video streaming, and automated trading or online transactions.

[…]

Erlang was originally built for use only at Ericsson, as a proprietary language, to improve telephony applications. It was designed to be a fault-tolerant, distributed, real-time system that offered pattern matching and functional programming in one handy package. It was then open-sourced to the public in 1998. Since then, it has been responsible for business, big and small, to create reliable systems.

Greg Hurrell:

His last tweet:

Joe Armstrong:

Once upon a time my boss asked me to study if we should use C++ or Erlang for a specialist XML parser to be used in a product (for reasons of speed not energy).

My recommendations was an FPGA

We built an FPGA.

Relative speed of C++/Erlang was irrelevant compared to FPGA.

Michael Gasch:

Apparently, the creators of the language found a way to trick the mighty failure gods. What have they done differently? Well, amongst many carefully evaluated design decisions that went into the language, they came up with the philosophy of “Let it crash”. I.e., instead of writing a lot of defensive code to handle every possible corner case, you accept that there will be failures, where you separate the concerns and take corrective actions.

The separation of concerns in this case is based on the concept of a supervisor and supervision trees, where the supervisor deals with failure (crash) handling when faults in the business logic (worker processes in the tree) occur. Another advantage is that these processes don’t have to run on the same machine to benefit from the supervision concept. Furthermore, in Erlang, processes are isolated from each other and don’t share state. So you can further reduce the blast radius of failures on a process-level.

See also: Wikipedia, Let’s Talk Concurrency (via Hacker News), Why OO Sucks (via Hacker News, note).

Previously: A Taste of Erlang.

Performance Considerations When Reading Directories on macOS

Thomas Tempelmann:

Unfortunately, with Apple’s new file system APFS, and the fact that any macOS running High Sierra or Mojave got their startup volume converted from HFS+ to APFS, search performance has decreased by factor 5 to 6!

[…]

I’ve tried to find out which of the various methods of reading directories, looking only for file names, is the fastest: I had to scan the same directory tree with every method separately.

[…]

contentsOfDirectoryAtURL and getattrlistbulk perform equally indeed, just as predicted, with the latter usually being a bit faster once the data comes from the cache.

On APFS, NTFS and SMB, opendir() is significantly faster than the other methods, which is quite surprising to me.

[…]

When accessing a Mac via SMB, contentsOfDirectoryAtURL is faster than the other methods, but only on the first run (see red field). Once the caches have been filled, it’s slower. I can’t make sense of it, but it’s a very consistent effect in my tests.

Previously: APFS and Fast Catalog Search.

The True and False Security Benefits of Mac App Notarization

Jeff Johnson (tweet):

Notarization is a kind of two-factor authentication. In order to notarize an app, you first need to sign it with your Developer ID cert, but then you have to submit it to Apple using the Apple ID and password of your developer account. If your signing cert is compromised, that by itself would no longer be sufficient to distribute the app.

[…]

A myth has been spread that Developer ID certs can only be revoked in entirety, meaning that all versions of all apps signed with a Developer ID cert would be invalidated when the cert is revoked. Apple has contributed a bit to this myth[…]

[…]

The ability of Mac apps to update themselves shows that the notarization malware scan is security theater. Apple’s notarization service scans for malware, but malware authors don’t need to submit malware to Apple! They can submit a perfectly innocent app for notarization, get the app notarized, and then flip a switch on their own server to download a malware software update when the victim opens the “innocent” notarized app. The downloaded malware update doesn’t need to be notarized, because the software updater will delete the quarantine attribute, thus bypassing Gatekeeper.

I guess the questions are:

I suspect that the answers are “no” and “yes.” Apple presumably believes otherwise. (They are surely aware of this loophole, and I don’t see why they would bother developing notarization if they didn’t believe in it.)

The malware scan is unlikely to catch serious malware authors, but it does punish legitimate developers, because they have to submit their apps and then sit and wait for Apple’s response, which Apple claims should take less than an hour (already too long), but in practice has taken much longer in some instances, according to developers I’ve heard from. Just yesterday, Apple’s Developer System Status showed 2 outages of 90 minutes each with the Developer ID Notary Service. The whole point of distributing software outside the Mac App Store is to avoid problems like these, submitting to Apple for approval and waiting for their response, but now Apple is imposing those very same problems on software outside the App Store. If notarization is to be required at all, I think it should skip the security theater of malware checks and simply notarize the app on submission, a process that would be almost instantaneous.

I’m not sure that the malware scan is the reason that notarization can sometimes take a long time, because I’ve had the same problem with “Processing for App Store” when submitting via App Store Connect.

Besides the notary service being down, mandatory notarization is risky for developers because code signing requirements can (and have) changed without warning and the malware scan might falsely block a legitimate app as malware. I’m not sure what you’re supposed to do in that case, but it would likely take a while. Developers know that when the App Store scanner falsely flags their app for violating a rule, contacting Apple through official channels rarely leads to a resolution. Instead, they have to act like an actual malware author and try to obfuscate their code to fool Apple’s tools.

Previously:

Galaxy Fold Review

Dieter Bohn (tweet):

I have never used a device with this many problems that I have liked this much.

[…]

The Galaxy Fold is also beset with issues that stack up into a pile that you can’t excuse away by saying this is just a first-generation product. There are basic user experience issues that are unacceptable on any smartphone, much less one that costs two grand.

What you should do is head to a store and play around with it because it is legitimately a marvelous thing to play with. Beyond that, it’s a status symbol, a curiosity, and a little tease at a possible future.

[…]

I found myself using it in meetings, and nobody batted an eye. I was reviewing docs for the meeting, but I could have just as easily been messing around on social media. But think about the social rules of a work meeting: somebody messing around on their phone is a jerk, but somebody using a tablet is more likely to be doing something relevant. The Fold feels like a different device with different social rules, and that’s fascinating.

Joe Rossignol:

Samsung has confirmed the delay in a statement provided to CNBC, noting that it will announce a new release date “in the coming weeks” and “will take measures to strengthen the display protection.”

Previously: Galaxy Unpacked 2019.

iOS 13 Rumor Roundup

Rene Ritchie:

But it sounds like the half a decade plus of trolling is, at last, behind us, and performance improvements done, the design evolution is continuing, and this year we’ll actually be getting dark mode for iPhone and iPad.

[…]

[Font] Management is going to be implemented in a Settings panel. There’ll be a new Font Picker controller so you can get your styles on inside text fields, and an alert if you download a document but don’t have the fonts installed to go with it.

[…]

Gui does add that something like PanelKit will also be in the offering. Windows will be able to contain sheets and those sheets will be able to be dragged free, into cards, and those cards will be able to be stacked.

[…]

Three finger tap and swipe left to undo. Three finger tap and swipe right to redo. It’s not quite the Procreate double finger tap, but it’s close and direction adding dimension sounds smart.

It also sounds like we’ll be getting multi-select support not just for icons and draggable items, the kind that currently exists in iOS, but for items in list and collection views as well.

[…]

According to Gui, in a separate article on 9to5Mac, Find my iPhone and Find my Friends are merging and, what’s more, adding the option to find other things connected to small, Tile-like beacons from Apple.

Previously: Proof That iOS Still Hasn’t Gotten Undo Right.

Thursday, April 18, 2019 [Tweets] [Favorites]

Origins of the Apple Human Interface

Riccardo Mori (tweet):

Recently, the Computer History Museum has uploaded on its YouTube channel a lecture called Origins of the Apple human interface, delivered by Larry Tesler and Chris Espinosa. The lecture was held at the Computer History Museum in Mountain View, California, on October 28, 1997.

Being extremely interested in the subject myself, and seeing how apparently little thought is being given today to the subject, I wanted to quote a few selected excerpts from the talk, just to show what kind of hard work creating a user interface was back in the day when the Apple Lisa was being developed. It turns out that isolating this or that bit was futile, as the whole talk is made up of such cohesive, engrossing discourse. So I chose to transcribe it almost entirely, and add a few personal remarks here and there. I hope this turns out to be as interesting to you as it was to me.

I recommend watching the whole video. Mori’s transcription is a great companion that includes better images of the screen and context from a modern perspective.

A few parts I want to highlight:

[Larry Tesler is saying that at this stage of development of the Lisa interface, when you clicked on, e.g., the upward‐facing arrow, the content would move upwards too, in the same way “Natural scroll direction” works since its introduction in Mac OS X 10.7 Lion.[…]]

[…]

So we made a decision that had nothing to do with ease of use, nothing to do with ease of learning, nothing to do with error rates. It wasn’t a human factor’s decision at all in the traditional sense. It was a decision based on what customers liked.

[…]

And what I found was that the way we taught it made a lot of difference. You could take the same user interface and teach it in a different way, and people would get confused; or understand it; or make more mistakes; or fewer mistakes. And terminology made a difference also, so we then started a terminology project that Ellen Nold ran, which ended up with the FILE menu, the EDIT menu, etc., as you know today, and all the various commands that were in them. You know, choosing all the words for everything.

[…]

I remember very very very clearly that one of the massive controversies around the development for the Macintosh circa 1982–1983 was [that] developers would come up to us and say, You know, if you make the user interface consistent and if you put all that software in ROM that makes it— you know, if you make it hard to write to the screen directly, so that we have to use your user interface software to talk to the user, how are we ever going to make our applications unique and stand out and be different from each other in the marketplace?

[…]

[…]and so there’s constantly the dilemma (which you’ve seen historically in Mac system software) that the expert users want to put in the features they want to use, but the people who want to keep this system pure for the novices want to resist those

And if you’re lucky, you get a system that is easy to approach for the novice, and gradually unfolds itself for the expert. And if you’re unlucky, you get a lukewarm mediocrity between the two, where it’s a little too complex for the beginning user to understand, but still not nearly powerful enough for the expert user.

[I think this is a perfect snapshot of the current situation with iOS.]

Update (2019-04-22): Colin Cornaby:

On the note at the end: I drafted a blog post a while back on how I wanted a macOS iPad. When I passed it around, I got unexpected feedback from a few people. While iOS isn’t complicated enough for people like me, iOS is already growing too complicated for novice users.

iOS sits in their weird place, especially on iPad, where it’s not really working for anyone quite right. And there is a feeling out there that making iOS more complicated will make it less accessible to users (which, to be clear, is not my personal preference.)

Google Decides to Monetize Maps

Bloomberg News (via Hacker News):

Schindler’s response showed that Google isn’t waiting anymore. He sliced the opportunity in four areas. Basic directions are a “utility” that can’t be messed with much. Second are requests for things nearby; followed by broader, personalized recommendations; and finally, searching neighborhood business listings.

“If you think about Maps monetization from those four different angles—a little bit more caution obviously on the first one, not disrupting the utility aspect, and all the other three—I think it’s a really, really interesting playground going forward,” Schindler said.

[…]

For the last two years, Google has also tested “promoted pins,” waypoints emblazoned with an advertiser’s brand that show up on the map regardless of whether or not the user searched for that business. McDonald’s, Dunkin’ and Michael Kors are among adopters.

[…]

Before the changes, Owczarek’s startup got 750,000 free map views a month and then was charged 50 cents for every 1,000 views on top of that. Then Google started charging after 30,000 views and the cost was $7 per 1,000 views. His costs jumped from nothing to $5,000 a month.

When Rules Don’t Apply

Filmmakers Collaborative (via Hacker News):

When Rules Don’t Apply is a multi-media campaign to educate the public about the impact of “no-poach” agreements and how they limit competition and employee wages, a violation of antitrust law.

Previously:

How to Remove Siri From the Touch Bar

Zach:

You probably use your backspace [delete] key quite a bit. If you have a Macbook Pro, you probably also hit the Open Siri button quite a bit, as it is (in)conveniently located adjacent to the backspace key.

[…]

This short guide will show you how to remove the Siri button from your Macbook Pro’s touch bar, disabling the button without disabling Siri.

The Hard Part in Becoming a Command Line Wizard

John D. Cook:

McIlroy’s script was a real example of the kind of wizardry attributed to Unix adepts. Why can’t more people quickly improvise scripts like that?

The exercise that Bentley posed was the kind of problem that programmers like McIlroy solved routinely at the time. The tools he piped together were developed precisely for such problems. McIlroy didn’t see his solution as extraordinary but said “Old UNIX hands know instinctively how to solve this one in a jiffy.”

The traditional Unix toolbox is full of utilities for text manipulation. Not only are they useful, but they compose well. This composability depends not only on the tools themselves, but also the shell environment they were designed to operate in.

[…]

You could memorize McIlroy’s script and be prepared next time you need to report word frequencies, but applying the spirit of his script to your particular problems takes work.

Wednesday, April 17, 2019 [Tweets] [Favorites]

Safari Auto-Submitting AutoFilled Passwords

Steve Troughton-Smith:

Safari’s new ‘submit form as soon as you choose from the autocomplete list’ is the quickest way to get locked out of your bank ever. As a universal default, that seems like such a bad idea

[…]

(I think the key part is that it doesn’t consider what happens if the autosaved password is wrong, and so will blind-fire at the site before giving somebody a chance to change it)

This has bitten me several times.

iKyle:

That same sort of ‘presume we are always right’ problem happens with the new password autosuggestion, which covers over the password field and doesn’t let you edit the suggested password anymore.

If it guessed the password requirements wrong you can’t fix it.

Update (2019-04-18): Colin Cornaby:

I hate the way this bypasses the “Remember Me” checkboxes if you didn’t check them before autofill. From Apple’s end I’d guess the lack of cookies and cached logins is probably considered more secure though.

Andrew Abernathy:

As pointed out here, this behavior makes me much more worried about getting locked out of an account.

But beyond that, I dislike the interaction: there’s a “sign in” button on the page, and this preempts me from clicking on that in a way that doesn’t feel “right” to me.

Introducing CalZones

David Smith:

CalZones is a calendaring app built from the ground up to be smart about managing timezones. It starts by letting you choose a list of the zones that are relevant to you and then all aspects of the app tailor themselves into making it easy to coordinate between those timezones.

[…]

Tap on any time shown to quickly create an event at the shown time and in the selected timezone.

[…]

The event creation view makes working out the time for a call super easy by giving you a time picker that is timezone aware and displays the chosen time across all your selected timezones.

Rosemary Orchard:

Along with specifying your time zones you can also control which calendars you see, your preferred theme and icon, work day times, week start, and how event times should be displayed. The latter is very useful allowing you to see that the event you’re looking at starts at 7pm local time, but 10am in the organisers time.

See also: Under the Radar.

The Time Tim Cook Stood His Ground Against the FBI

Leander Kahney (Hacker News):

Cook was very concerned about how Apple would be perceived throughout this media firestorm. He wanted very much to use it as an opportunity to educate the public about personal security, privacy, and encryption. “I think a lot of reporters saw a new version, a new face of Apple,” said the PR person, who asked to remain anonymous. “And it was Tim’s decision to act in this fashion. Very different from what we have done in the past. We were sometimes sending out emails to reporters three times a day on keeping them updated.”

[…]

Privacy advocates celebrated the end of the case and Apple’s apparent victory. “The FBI’s credibility just hit a new low,” said Evan Greer, campaign director for Fight for the Future, an activist group that promotes online privacy. “They repeatedly lied to the court and the public in pursuit of a dangerous precedent that would have made all of us less safe. Fortunately, internet users mobilized quickly and powerfully to educate the public about the dangers of backdoors, and together we forced the government to back down.”

But Cook was personally disappointed that the case didn’t come to trial. Even though Apple had “won” and wouldn’t be forced to create the backdoor, nothing had really been resolved. “Tim was a little disappointed that we didn’t get a resolution,” said Sewell. He “really felt it would have been fair and it would have been appropriate for us to have tested these theories in court. . . . [Though] the situation that was left at the end of that was not a bad one for us, he would have preferred to go ahead and try the case.”

I still think this story has been mostly misreported in that Apple already had a backdoor to access Syed Farook’s iPhone 5c. Commenter lern_too_spel:

What really happened is that Apple loudly proclaimed that they had made it impossible to comply with government data requests and even had a marketing page masquerading as a privacy page explaining that. The FBI asked Apple to put a build on a phone that would allow them to brute force the passcode, leaving the device and the build on Apple’s premises the entire time. This showed that Apple’s claim was false in practice. Apple quickly removed that marketing page in the wake of the news.

[…]

At the time Apple made the false marketing claims, no passcode was required to install a signed build. Hence, the FBI’s request.

The FBI was asking for no more than what Apple could already do, and it was letting Apple control the whole process. The problem was that what Apple could already do disagreed with what Apple told its customers that it could do.

Previously:

Hackers Abused Support Portal to Read Microsoft E-mails

Joseph Cox (via Jason Koebler):

On Saturday, Microsoft confirmed to TechCrunch that some users of the company’s email service had been targeted by hackers. A hacker or group of hackers had first broken into a customer support account for Microsoft, and then used that to gain access to information related to customers’ email accounts such as the subject lines of their emails and who they’ve communicated with.

But the issue is much worse than previously reported, with the hackers able to access email content from a large number of Outlook, MSN, and Hotmail email accounts, according to a source who witnessed the attack in action and described it before Microsoft’s statement, as well as screenshots provided to Motherboard.

[…]

Motherboard’s source, however, said that the technique allowed full access to email content.

Tuesday, April 16, 2019 [Tweets] [Favorites]

Qualcomm and Apple Agree to Drop All Litigation

Tripp Mickle and Asa Fitch:

Apple has called Qualcomm a monopoly and said Mr. Mollenkopf has lied about settlement talks between the companies. Qualcomm has accused Apple of deceiving regulators around the world and stealing software to help a rival chip maker.

For two years, the companies have bickered over the royalties Apple pays to Qualcomm for its patents. Discord between the CEOs, who bring different management styles and principles to the table, has deepened the divide. They have dug into their positions as the dispute has escalated.

The feud heads toward a showdown this coming week, when Apple’s patent lawsuit against Qualcomm is set to go to trial—with both CEOs expected to testify in a case where billions of dollars are at stake.

Via Shaun Maguire (and Benjamin Mayo):

The most interesting part to me is that Steve Jobs personally negotiated the QCOM deal and thought it was fair, but then one of the first things Cook did when he took over was rip it up.

Apple (MacRumors):

Qualcomm and Apple today announced an agreement to dismiss all litigation between the two companies worldwide. The settlement includes a payment from Apple to Qualcomm. The companies also have reached a six-year license agreement, effective as of April 1, 2019, including a two-year option to extend, and a multiyear chipset supply agreement.

Ben Bajarin:

At the FTC trial, we discovered Apple never actually had a formal license with QCOM and they just went through their manufactures. So this is a first time license for Apple with Qualcomm.

Previously: Apple Sues Qualcomm.

Update (2019-04-22): Dan Masters:

This highlights the fact that Apple was (and has been) willing to offer a degraded experience to customers of their $1k+ phones due to their unreasonable demands (i.e. greed).

It seems clear that there was also a long-term strategic element in developing another supplier. But it’s an interesting point that Apple chose to ship a worse product, despite their platitudes about being guided purely by what’s best for the customer experience.

Ben Bajarin:

The Apple Qualcomm settlement now makes even more sense as Intel announces their exit of the 5g modem business.

Ian King and Mark Gurman (tweet):

Throughout the fight, which centered on Apple’s accusations that Qualcomm overcharges for patents on its technology, the iPhone maker played down the importance of the modem and Qualcomm’s inventions. Just before the settlement was announced on Tuesday, Apple’s lawyers were in a San Diego courtroom saying the component was just another method of connecting to the internet. In reality, Qualcomm’s modems are leading a potential revolution in mobile internet -- and Apple could have been forced to play catchup without them.

Ben Bajarin:

Apple pays less than $10 for all of Qualcomm’s stuff that was before this deal. So they already pay a low rate.

Prakash Sangam:

I can guarantee that U.S. govt will block @Huawei s bid. Also, if $AAPL was interested in buying, $INTC wouldn’t have announced existing business though. I suspect @Apple will get @Intel modem talent by attrition, and may buy #IP later for a bargain price..

John Gruber:

Intel’s 5G modem efforts were so behind schedule that it looked increasingly likely, if not certain, that Apple wouldn’t be able to use them for 5G iPhones in 2020. Forget about 2019 — I think Apple determined that even 2020 was increasingly in doubt if they sourced 5G modems from Intel.

[…]

Fast Company has reported that Apple has a “team of between 1,000 and 1,200 engineers working on the modem chips for future iPhones” — but that team’s work is obviously not going to be ready for a few years, at best.

John Gruber:

My initial guess is it’s the former: Intel decided to get out of this market, and Apple got squeezed.

Ben Bajarin:

Knowing Apple curates Apple News it is interesting there is no article on the Qualcomm settlement. There is one about Intel exiting smartphone modems and some coverage of their short lived trial but nothing on settlement.

At least in my feed in News.

Some people replied saying that they do see some articles. But this raises questions about why people see such different Apple News feeds, and whether Apple can be trusted to curate news about itself.

Charlie Demerjian (via Meek Geek):

That same 600Mbps Qualcomm modem in the iPhone ran at 1Gbps in Android devices. The Intel modem ran at 600Mbps max and there were no other customers to make a comparison to. Apple crippled their Qualcomm parts to match the delivered Intel specs. Worse yet those Intel parts were only 600Mbps on paper, in practice they had 30% lower throughput. On top of this the Intel modems consumed vastly more energy to do their slower work than Qualcomm[…]

Reed Albergotti (via Hacker News):

The sealed documents, obtained by Qualcomm through the discovery phase ahead of the trial, offer a rare window into the decision-making process of one of the most secretive and powerful companies on the planet, and how Apple’s internal discussions about Qualcomm differed from what it said publicly. Apple’s criticism of Qualcomm underpinned more than 80 lawsuits around the world and influenced governments to change laws and regulations in Apple’s favor.

[…]

The documents also raise questions about the methods Apple used to inflict pain on Qualcomm and whether Apple really believed its own arguments to lawmakers, regulators, judges and juries when it tried to change not just its long-standing business agreement with Qualcomm but the very laws and practices that have allowed inventors to profit from their work and investments. Apple has argued that Qualcomm’s patents were no more valuable than those of competitors like Ericsson and Huawei, but Qualcomm argued in court that the documents show otherwise.

[…]

In one internal document cited by Qualcomm’s lawyers, Apple said it sought to “create evidence” by scrupulously licensing other less expensive patents to make Qualcomm’s look expensive.

Sandboxing Makes Quarantine Flags Almost Meaningless

Howard Oakley:

When quarantine xattrs start appearing on files which have only ever been stored locally since their creation, is it time to get worried?

It would appear not.

Thanks to Thomas, who drew my attention to the fact that opening any movie in the QuickTime Player app (the latest ‘X’ version, not the old QuickTime 7) results in a quarantine xattr being attached to it.

A little further exploration revealed that this isn’t the only such case: Preview attaches quarantine xattrs to several of the file types which it opens, including PDF. The high-end PDF editors PDF Expert and PDFPenPro, and Nisus Writer Pro also attach quarantine xattrs to the PDFs which they create.

Erik Schwiebert:

Yep. The OS adds the quarantine xattr to any file created by an app that has been sandboxed. I don’t know why; you’d think they would trust a sandboxed app more, not less.

Rich Siegel:

It’s pretty crazy. We’ve seen a lot of this with customers opening/editing +x files. Simply opening the file causes it to grow quarantine, and then the user can’t run it in Terminal or programmatically with NSTask. (Gatekeeper and Terminal don’t really mix.)

Howard Oakley:

The quarantine flag, an extended attribute (xattr) of type com.apple.quarantine, used to be one of the most meaningful and important of all the xattrs attached to files. It meant that item had been downloaded from the Internet. In the case of apps, it’s used to determine whether that app needs to undergo full first-run checks by Gatekeeper before being allowed free run on your Mac.

[…]

Since Apple introduced sandboxing for apps, the quarantine xattr has been used for a quite different purpose: to flag which document files have been opened by sandboxed apps.

[…]

This behaviour appears consistent across almost all apps which run in a sandbox, even if they’re not supplied by the App Store. One exception that I have found is the latest version of BBEdit: although sandboxed (and notarized), the non-App Store version doesn’t appear to attach quarantine xattrs to text files which it opens or writes, even when they are PDFs, for example.

[…]

For file types like JPEG, PNG, Movies and PDF, which are specific targets of this behaviour, the rules for attaching a quarantine flag by a sandboxed app appear to be[…]

Core Image Filter Reference

Noah Gilmore (via Ryan McLeod):

CIFilter.io is a project I’ve been working on for the last few months, and today it’s open source. It has two parts:

  1. A website, https://cifilter.io, which lists all the available CIFilters, their information and examples of applying them
  2. An app which allows you to apply each CIFilter to various inputs, tune their parameters, and apply them to camera and photo library images

[…]

Apple has a page listing about 85% of the available filters, but it’s “no longer being updated”, and no new filters which were made available in iOS 10, 11, or 12 are listed there. If you Google CIThermal, for example, most of what you’ll find is iOS header dumps.

For the filters which are listed, many have incomplete documentation - for example, the inputSharpness parameter to CICheckerboardGenerator says[…] but doesn’t tell you what the parameter actually does. The examples on this page are also limited - for example, CISourceOutCompositing takes an inputImage and a backgroundImage. The page shows two images being composited, but doesn’t specify which image is which[…]

Twitter’s Complicated and Messy Verification Process

Nick Heer:

In November 2017 Twitter announced it would be suspending its public verification process[…] However, the company never actually stopped verifying accounts. Cale Guthrie Weissman reported in 2018 for Fast Company that users were still being given a checkmark; and, today, Karissa Bell reports for Mashable that the process has continued[…]

[…]

Twitter seems utterly confused about what its verification program ought to be. Should it be just a simple way to communicate that an account is run by a real person or company, rather than an impersonator or a robot? Should it be only for public figures? What is a public figure anyhow, in Twitter’s view?

All the Streaming Video

Mark Hughes:

In which I compare some of the thousands of streaming media services[…]

Ben Thompson:

Look no further than that Disney investor event: while most of the time and subsequent attention was given to the new Disney+ offering, the company also spent time talking about ESPN+ and Hulu. At first glance, it might seem odd that the company has three distinct streaming services; why not put all of the company’s efforts behind a single offering?

In fact, I just explained why: in a world where distribution mattered more than anything else it made sense for Disney to put all of its television properties together; that offered maximum leverage with the cable companies. On the Internet, though, it is best to start with jobs.

[…]

Traditional TV will be dominated by news and sports, with ESPN, Fox, and Turner the biggest players. All have very strong assets in sports and/or news, and will remain dependent (and why not!) on the traditional TV mix of advertising and ever-increasing affiliate fees.

The long tail of content, including most information and education, will continue to be dominated by YouTube and its advertising-based model.

That leaves the specialists and the resellers, who will have a symbiotic relationship[…]

Previously:

Update (2019-04-17): Josh Centers:

The only clear shot Netflix has is to sell. It cannot survive as an independent company.

Let’s examine how screwed Netflix is. They’re 8 billion in debt. Their biggest stars are either plagued by scandal or rapidly outgrowing their cuteness. They have no fallback plan. The largest companies in the world are coming after them.

Monday, April 15, 2019 [Tweets] [Favorites]

iOS Guided Access

Mattt Thompson:

In truth, Guided Access can be many things to many different people. So for your consideration, here are some alternative names that you can keep at the back of your mind to better appreciate when and why you might give it a try:

“Kid-Proof Mode”: Sharing Devices with Children

If you have a toddler and want to facilitate a FaceTime call with a relative, start a Guided Access session before you pass the device off. This will prevent your little one from accidentally hanging up or putting the call on hold by switching to a different app.

“Adult-Proof Mode”: Sharing Devices with Other Adults

The next time you go to hand off your phone to someone else to take a photo, give it a quick triple-tap to enter Guided Access mode first to forego the whole “Oops, I accidentally locked the device” routine.

If you set the passcode in Settings, you won’t have to enter it each time you start a Guided Access session. You can also end a session by double-tapping the side button and authenticating with Face ID, instead of triple-tapping and then entering the passcode.

10 Years of MacStories

Federico Viticci:

I had a different idea for what I wanted MacStories to be in 2009. You see, as a newly-minted Apple aficionado from Viterbo, Italy, who had just discovered the world of Apple blogging, I was fascinated by websites such as MacRumors, TUAW, Daring Fireball, and Engadget. I primarily wanted to use my longtime passion for in-depth videogame reviews (which I used to read on EDGE and other magazines when I was younger) and bring that style to Mac and iPhone app reviews; at the same time, I also wanted to have a website that could cover news, share tutorials, and, why not, maybe in the future even report rumors. I wanted to do it all, even though I was just a 20-year old guy from Italy who’d never blogged in English before.

[…]

As MacStories was slowly growing and I was finding an audience for my in-depth app reviews, I increasingly felt lured by the promise of timely news coverage and rumors. I thought that if MacStories could report Apple news and rumors as quickly as other websites, I could accelerate the process of a bigger audience stumbling upon MacStories and then discovering what really made the website unique: in-depth app reviews and opinion pieces. At the time, the most important metric for me was page views (because MacStories was making money off traditional banner ads); therefore, my incentives were directly aligned with attracting the biggest possible audience. At the same time, I didn’t want to give up on the reason I started MacStories in the first place (writing in-depth reviews unlike anyone else), so I decided that I wanted to have my cake and eat it too. I was going to report news and rumors to attract a larger audience, and I was going to continue writing app reviews for a dedicated, loyal niche too.

[…]

At some point by the end of 2012, I made the decision that we were going to stop reporting rumors or leaks and that chasing news stories to be “first” was no longer going to be our priority. I decided that I wanted MacStories to go back to its roots by prioritizing original reporting, editorials, and reviews over rehashing information that other websites were covering better than MacStories anyway.

Previously: Congratulations.

Library Evolution for Stable Swift ABIs

Ben Cohen:

One of Swift’s goals is to be a good language for libraries with binary compatibility concerns, such as those shipped as part of Apple’s OSs. This includes giving library authors the flexibility to add to their public interface, and to change implementation details, without breaking binary compatibility. At the same time, it’s important that library authors be able to opt out of this flexibility in favor of performance.

This proposal introduces:

  • a “library evolution” build mode for libraries that are declaring ABI stability, which preserves the ability to make certain changes to types without breaking the library’s ABI; and
  • an attribute for such libraries to opt out of this flexibility on a per-type basis, allowing certain compile-time optimizations.

The mechanisms for this are already in place, and were used to stabilize the ABI of the standard library. This proposal makes them features for use by any 3rd-party library that wishes to declare itself ABI stable.

Greg Parker:

This feature is one of the reasons that Apple created Swift instead of adopting an existing language. We needed at least as much capability to evolve libraries as Objective-C provided.

Previously: Swift ABI Stability and More.

Core Animation Bug in macOS 10.14.4

Ken Case:

In particular, OmniOutliner and OmniPlan customers have been telling us that since upgrading to 10.14.4, they will open some documents and end up seeing… nothing.

[…]

We’ve been working with Apple and tested a fix that will be in the next Software Update to macOS Mojave. (I don’t know the timeframe for that update shipping to the general public, but I’m glad this fix is on its way!)

John Gruber:

Bugs happen, but with all the ongoing consternation regarding Apple’s (and particularly the Mac’s) software quality, it’s a little worrisome to see this in a .4 release. A .4 release of the OS should be peak stability.

Friday, April 12, 2019 [Tweets] [Favorites]

App Store Subscription Confirmation Alert

David Barnard:

Whoa! Apple added an additional confirmation step for subscriptions. This new alert comes after you confirm with Touch ID/Face ID. I hope they address this in a more elegant way in iOS 13, but I’m thrilled Apple took a definitive step to curb scam subscriptions. 👏🏻

This probably isn’t needed on Face ID devices where you have to double click the side button to confirm a subscription, but this should cut down on accidental subscriptions on Touch ID.

I’m still baffled it took Apple so long to take action on this, but it still says a lot that they made a change like this mid iOS 12 instead of waiting for iOS 13.

This change is likely to prevent $10M+/mo in accidental subscriptions.

Ryan Jones:

I literally went through your flow 2 hours ago to compare it to apple’s and thought you added that. Until I tried Facetune. Here’s the kicker though.... it’s not on apple Music

[…]

Or only Apple gets to do this?

Ryan Jones:

Apple remotely turned off the extra Subscription confirmation modal last night.

(Apps were seeing 20% subscription trial reductions.)

Uluroo:

This means a significant profit was being made due to a lack of understanding by the users, which I don’t think is an ethical business model

Ryan Jones:

Now, there may be a reason, like fixing a bug or making it better. But it’s 100% off right now after ~1 week of being on.

Previously:

Disney+

Peter Kafka (tweet):

Disney+ will launch in the US on November 12, for $7 a month. It will have a very large library of old Disney movies and TV shows — crucially, including titles from its Marvel, Pixar, and Star Wars catalog — along with new movies and series made exclusively for the streaming service. It won’t have any ads. And it will allow subscribers to download all of that stuff, and watch it offline, whenever they want.

For comparison: A standard Netflix subscription now costs $13 a month.

[…]

Disney told investors it expects to have 60 million to 90 million subscribers worldwide for the service by the end of 2024. Netflix currently has 139 million subs.

[…]

Disney+ will also feature shows and movies that previously belonged to 21st Century Fox, which Disney mostly absorbed this year. That means the service will also be the place to watch The Simpsons, for starters.

John Gruber:

I know Apple News+ and Apple Music are both $10/month, and Apple Arcade might cost $10/month, but I don’t think Apple expects to charge $10/month just for Apple TV+. I continue to think Apple TV+ will be something they add on for “free” when you pay for some sort of bundle with other Apple subscriptions — or maybe it will cost $10/month if it’s the only thing you subscribe to from Apple, but they know that most people will get it as a “free” bonus.

Damien Petrilli:

Apple forgot that to use any service you need hardware. They could have been the best hardware provider for all services.

They had everything to do it right. Instead they decided to compete (poorly) on services while degrading hardware quality/value proposition.

Imagine if Apple wasn’t doing its shitty anticompetitive behavior to promote their services and instead was THE platform to get all services well integrated together.

Michael Love:

I think Disney’s entry helps basically every other streaming player except Netflix, because it makes it much harder for Netflix to ascend from ‘channel’ to ‘platform’ - they won’t be able to keep increasing prices / volume of programming until they replace the entire bundle.

Joe Cieplinski:

Clearly, Disney’s back catalog is a big plus. But most of what I watch nowadays is new original TV programming. Until they have some can’t miss shows for me, I’m not altogether interested in paying monthly for the occasional re-watch of a Star Wars flick.

Previously:

US Broadband, OS, and Browser Stats

Devin Coldewey (via Dan Luu):

For instance, the FCC report suggests that broadband, as it is currently defined, is not currently available to around 25 million people. Sounds reasonable. But Microsoft’s data says that some 163 million people “do not use the internet at broadband speeds.”

Those aren’t the same thing, obviously, but you’d think if a person had broadband available they would use it at least now and then, right?

Erie Meyer:

It’s wild to me that

- There were 3.57 billion visits to government websites over the last 90 days
- We know that because it’s public thanks to analytics.usa.gov
- We also have hard data about OS, browser + version, and format data about how Americans are using the web

Previously:

macOS Hot Corners

Rose Orchard:

A great feature of macOS that we don’t discuss often is Hot Corners — the ability to swipe your mouse into a corner and have something happen. For example, your screensaver starts, notification center appears, launchpad shows you a list of apps, etc. This setting is no longer enabled by default, so many people are missing out on this great feature!

[…]

What is more, you can add a modifier key (Command, option/alt, shift, or control) to a Hot Corner, which will only activate if you hold that key while swiping your cursor into the corner. This makes it hard to activate Hot Corners by accident, so it’s ideal for something like locking your screen. You can also use multiple modifier keys at once if you like. Unfortunately, you can’t set multiple commands per corner with different modifier keys.

I use hot corners for Put Display to Sleep, Mission Control, Application Windows, and Notification Center.

First Black Hole Image

TED:

At the heart of the Milky Way, there’s a supermassive black hole that feeds off a spinning disk of hot gas, sucking up anything that ventures too close -- even light. We can’t see it, but its event horizon casts a shadow, and an image of that shadow could help answer some important questions about the universe. Scientists used to think that making such an image would require a telescope the size of Earth -- until Katie Bouman and a team of astronomers came up with a clever alternative.

MIT News:

The solution adopted by the Event Horizon Telescope project is to coordinate measurements performed by radio telescopes at widely divergent locations. Currently, six observatories have signed up to join the project, with more likely to follow.

But even twice that many telescopes would leave large gaps in the data as they approximate a 10,000-kilometer-wide antenna. Filling in those gaps is the purpose of algorithms like Bouman’s.

[…]

Finally, Bouman used a machine-learning algorithm to identify visual patterns that tend to recur in 64-pixel patches of real-world images, and she used those features to further refine her algorithm’s image reconstructions. In separate experiments, she extracted patches from astronomical images and from snapshots of terrestrial scenes, but the choice of training data had little effect on the final reconstructions.

This particular algorithm was not used in the image reported this week; it sounds like it was a prototype that proved the approach.

Abigail Hess:

On Wednesday, after 10 years of planning and scientific investments totaling over $50 million, researchers released the first-ever image of a black hole. The image is a feat of modern science — experts say it’s the equivalent of taking a photo of an orange on the moon with a smartphone — and international collaboration. Over 200 scientists across the globe contributed to the project.

[…]

“The team collected about five petabytes of data, and one petabyte is a thousand terabytes,” explains Bouman. “Your typical computer has maybe one terabyte or so. So that would be like 5,000 typical laptops of data.

[…]

“We spent years developing methods, many different types of methods — I don’t think any one method should be highlighted — because most of all, we were afraid of shared human bias,” says Bouman.

[…]

For this reason, the computer scientists broke into four teams and did not communicate while they were analyzing the data. After months of the teams working independently, they all converged in Cambridge, Massachusetts, and ran their algorithms in the same room, at the same time.

Michelle Lou and Saeed Ahmed:

Using imaging algorithms like Bouman’s, researchers created three scripted code pipelines to piece together the picture.

They took the “sparse and noisy data” that the telescopes spit out and tried to make an image. For the past few years, Bouman directed the verification of images and selection of imaging parameters.

[…]

The result? A groundbreaking image of a lopsided, ring-like structure that Albert Einstein predicted more than a century ago in his theory of general relativity. In fact, the researchers had generated several photos and they all looked the same. The image of the black hole presented on Wednesday was not from any one method, but all the images from different algorithms that were blurred together.

Update (2019-04-16): Akash lists the Python code that was used.

The Astrophysical Journal paper is here (via Matplotlib).

The Physicist has some background information (via Hacker News).

Thursday, April 11, 2019 [Tweets] [Favorites]

Apple Podcasts on the Web Gets a Fresh New Interface

Chance Miller:

The old Apple Podcasts web interface was akin to the iTunes web design that was dropped back in 2017. It was a simple list of podcast episodes, showing you the episode title and description. If you wanted to play an episode, you’d be kicked to iTunes. You also couldn’t view full show notes and other episode details.

With this week’s overhaul, however, Podcasts on the web is a much more usable experience. Episode titles are bolded and feature their full description below. There are also new dedicated pages for individual podcast episodes. Here, you can view full show notes and other details about an episode.

Previously: macOS 10.15 to Break Up iTunes.

Amazon Employees Review “Small Sample” of Alexa Audio

Timothy B. Lee:

Most of the time, when you talk to an Amazon Echo device, only Amazon’s voice-recognition software is listening. But sometimes, Bloomberg reports, a copy of the audio is sent to a human reviewer at one of several Amazon offices around the world. The human listens to the audio clip, transcribes it, and adds annotations to help Amazon’s algorithms get better.

“We take the security and privacy of our customers’ personal information seriously,” an Amazon spokesman said in a statement emailed to Bloomberg. “We only annotate an extremely small sample of Alexa voice recordings in order [to] improve the customer experience.”

Bloomberg hints at a significant workforce doing this kind of work. Bloomberg says Amazon has employees listening to audio clips in offices in Boston, Costa Rica, India, and Romania. Employees interpret as many as 1,000 audio clips in a 9-hour shift.

[…]

Bloomberg says that Apple’s Siri “also has human helpers.” The company points to an Apple privacy white paper that describes how Apple uses audio captured from customer devices.

I wonder whether Apple’s standard opt-out covers this.

Previously:

Google AMP Lowered Our Page Speed, and There’s No Choice But to Use It

Walid Halabi (via Hacker News):

Google puts the onus on publishers to, effectively, rejig large tracts of their websites layout, content, and functionality, in return for preferential treatment. Google promotes AMP as a way to make websites faster. That’s supposed to be the primary benefit, and the reason Google is pushing AMP so forcefully.

[…]

We here at unlike kinds decided that we had to implement Google AMP. We have to be in the Top Stories section because otherwise we’re punted down the page and away from potential readers. We didn’t really want to; our site is already fast because we made it fast, largely with a combination of clever caching and minimal code. But hey, maybe AMP would speed things up. Maybe Google’s new future is bright.

It isn’t. According to Google’s own Page Speed Insights audit (which Google recommends to check your performance), the AMP version of articles got a performance score of 80. The non-AMP versions? 86. Mind you, the AMP versions are hobbled - unauthorised javascript interaction is forbidden by Google, so you can’t vote or comment in place - it’ll kick you to the full version of the page. This is the fruit of weeks of labour converting the site: a slower, less interactive, more clunky site.

Previously:

Update (2019-04-12): Nick Heer:

This power grab is disgusting and should be treated as an attempt at a hostile takeover.

CloudPull Discontinued

John Brayton:

In an effort to tighten security, Google is no longer allowing apps to get permission to write to a user’s account if it cannot provide justification for having write access. Since there is no read-only permission level for OAuth access via IMAP, this means that CloudPull will be unable to access Gmail via IMAP. I appealed Google’s decision, but my appeal was rejected. I carefully considered options for updating CloudPull to keep it working, but every available option will require more time and effort than I can justify. Therefore I have removed CloudPull from sale.

What a crazy situation.

Quantum Computing and APFS: Free and Used Space

Howard Oakley:

In APFS, snapshots are made as part of Time Machine backups, on some occasions such as prior to installing a macOS update, and when the user initiates them. What happens when an APFS snapshot is made is that a complete copy is made of the file system metadata, which is very quick indeed and doesn’t involve the copying of any other file data.

However, to preserve all the files at the moment that the snapshot is made, as those files subsequently change, their original data are retained so long as the snapshot is kept. Let’s say that, in one snapshot, there’s a certain file of 1 GB in size, which then changes completely so the whole 1 GB is rewritten. So long as that snapshot is retained, its original 1 GB of data is retained, as well as its new 1 GB. So although the snapshot itself doesn’t take up much space, it stops a lot of old data from being freed up for reuse.

Time Machine purges old snapshots automatically, but by default retains the last 24 hours of hourly snapshots, which will take a total space similar to the amount of data backed up over that period. In my case, that’s typically around 30 GB at any time, but if you manipulate large media files, or old snapshots aren’t purged properly, it could easily require hundreds of GB.

I find the whole idea of free space confusing with Mojave and APFS. Last week, after updating Xcode, I started getting warnings that my MacBook Air’s SSD was almost full. I deleted about 20 GB of files but saw little improvement in the amount of available space reported by Finder. And I continued to get the warnings. As far as I could tell, based on reports from OmniDiskSweeper and trying to figure out which files had been deleted and added, I should have netted about 14 GB more free space than I started with, yet Finder showed about 6 GB less.

My first thought was that the culprit was snapshots, but Disk Utility showed no purgeable space, and tmutil listlocalsnapshots showed no snapshots. I guess this indicates that the disk really is almost full, but I can’t figure out why.

My current theory is that the problem is due to a 20 GB proxies folder in Photos’s library (which is strangely not included in Manage Storage’s report). I don’t have a measurement of how large this was before, but I suspect it used to be much smaller. It’s not clear how I might compact it or why Photos isn’t automatically deleting old data now that it can tell that the disk is almost full. I will probably end up deleting the Photos library and syncing a new one down from iCloud. But that’s only a potential solution because this Mac doesn’t contain any Photos projects; those are not stored in the cloud and so would be lost if I were to attempt this.

Previously:

Update (2019-04-11): My iMac does show Time Machine snapshots, yet Disk Utility still says there’s zero purgeable space.

Wednesday, April 10, 2019 [Tweets] [Favorites]

macOS 10.15 to Break Up iTunes

Guilherme Rambo (MacRumors):

The new Music, Podcasts, and TV apps will be made using Marzipan, Apple’s new technology designed to facilitate the porting of iPad apps to the Mac without too many code changes. It’s not clear whether the redesigned Apple Books app will also be made using the technology, but given that the redesign came to iOS first and its usage for the other apps, it’s likely that this new Books app will also be using UIKit.

With the standalone versions of Apple’s media apps coming to the Mac, it’s natural to ask: what about iTunes in macOS 10.15? According to sources, the next major version of macOS will still include the iTunes app. Since Apple doesn’t have a new solution for manually syncing devices such as old iPods and iPhones with the Mac, it’s natural to keep iTunes around a little longer.

I’m not looking forward to this because, while I agree that iTunes needs work, I don’t have confidence that Apple will preserve its functionality (or even its desktop-optimized design) in the new apps. I expect that iTunes will remain the only way to sync music that you didn’t buy from the iTunes Store. Apple’s track record is to remove features from AirPort Utility and QuickTime Player 7 and let the dead versions hang around for years until eventually sunsetting them, without ever reimplementing what was lost.

John Gruber:

Nothing surprising here, but it leaves the $64,000 question unanswered: will these apps be more like dumbed-down iPad apps on the Mac, or more like smartened-up Mac apps on the iPad?

Nick Heer:

The unrequited optimist in me is imagining a next generation of cross-platform app that feels completely platform native no matter where it’s running. But I have also used Music on the iPad and it’s not as good as its iPhone sibling — and those are just different versions of the same app on the same platform.

[…]

And, as I have no plans to stop using my local music collection and manually syncing a subset of it to my iPhone, I am wary of what this could mean for my stubborn situation over the long term.

Damien Petrilli:

Some are happy about killing iTunes but it’s the only way to load personal stuff on iOS devices so far, do local backups, manage music, avoid cloud, etc.

If marzipan Apps just replace the Apple services and kill this technical part it’s going to be a mess.

Andrew Pontious:

Really not looking forward to Apple’s cheery full-court press (echoed by many online pundits) about how great their new shitty converted iOS apps are for the Mac.

For me, this is proof of further decline of Mac, not improvement.

Colin Cornaby:

I hope with the amount Apple is relying on Marzipan, they fix issues like Marzipan apps rendering at the wrong resolution for compatibility reasons. It makes the text on non-Retina displays really awful and I can’t imagine it helps with in app graphics.

I’m also not exactly a fan of the possible performance issues of Marzipan apps all being boxed inside of their own runtime-ish thing.

Previously: Apple to Target Combining iPhone, iPad, and Mac Apps by 2021.

Update (2019-04-11): Colin Cornaby:

“The Mac experience won’t be worse because of Marzipan” ”Also now we’re going to ship a bunch of redundant audio players because we can’t get our act together on feature sets.”

If they booted all the video features out of iTunes into the TV app, that would help in straightening out iTunes. But I’m guessing they might be stuck on transitioning that portion of the iTunes library on disk to TV, and what to do for Windows.

Podcasts and Music being separate apps still baffles me on the Mac. They seem like complimentary functions and I’d rather have a single audio player UI, and not have two icons in my dock/applications. And I’m never listening to music and playing a podcast at the same time.

Biappi:

We will never correct from being app-centric to data-centric soon enough. So much damage has been done because we didn’t manage to solve the filesystem UX problems!!

Dan Masters:

Instead of revamping & maintaining the Truck App, they’re taking it all and just throwing it away. iTunes is only terrible because they’ve neglected it.

[…]

This week, I’ve been using iTunes to manage my extensive music library. Its performance has become shocking. But it’s still the most powerful, versatile music library app I’ve ever used.

Abandoning iTunes for Apple Music is equivalent to forcing people to use Excel Mobile on Mac

[…]

Of course, the most likely scenario is that marzipanOS Music will just be a straight port of the iPad app.

If you need any of this “legacy cruft”, you’ll need to use the neglected iTunes app (which will turn into abandonware).

Josh Marshall:

What if Apple take the same road they have with photos? Provide the solution for the 95% of users in their own apps. Then provide access into the library for 3rd party apps to handle importing, metadata+art editing, and playlist creation.

Update (2019-04-15): Dan Moren:

While Smart Playlists created in iTunes sync to iOS via iCloud, there’s no way to natively create them on iOS devices. And that’s a shame, because although Apple has tried to improve its algorithms in Apple Music to surface new songs you might like, those playlists and stations pull from the whole realm of available music, rather than the music you’ve self-selected into your own library. They’re much more powerful than static playlists and allow users a lot more control over their listening habits. It would be a shame if a new Music app on the Mac did away with them.

Marco Arment:

I’m particularly proud of the iTunes-breakup segment on this week’s @atpfm. If you love computers that empower you to be a power user, give this a listen (start at 30:12, runs about an hour)

Jason Snell:

If you’re expecting the new Mac apps to just be mirrors of their iOS counterparts, you might be pleasantly surprised. Apple has the opportunity to work on the iOS apps to make them a little more functional — and have that work come across to macOS at the same time. The iOS apps lack a lot of the functionality of iTunes, and while replicating every iTunes feature is not in the cards (probably ever), it’s hard to believe that Apple won’t attempt to upgrade the apps as it brings them across to the Mac.

[…]

It would also be helpful if Apple lets Music add audio files to the library, a feature that iTunes has had since Day 1 and that has never been available on iOS. If you’ve ever bought an indie album via Bandcamp on an iPad, only to receive a Zip archive in return, you’ve run into this roadblock. While the Music app will always primarily be an interface for Apple Music, letting users import audio files is a necessary addition. (The same should be said for adding video files to the TV app.)

Kirk McElhearn:

Rumors of Apple dismantling iTunes are almost as old as the software itself. I can remember people clamoring for its destruction back when Apple added video management to the app, claiming that since it's called iTunes, it shouldn't manage anything but music.

Update (2019-04-16): Colin Cornaby:

My favorite Marzipan “bug” is how it doesn’t understand mouse drags. Really frustrating to use home.

My guess is it’s still the underlying hold-then-drag gesture recognizer that iOS uses, and they don’t want to break apps by automatically getting rid of the hold.

This has existed since the initial betas and I was thinking about tweeting about it then but I said “Well you’re not supposed to share beta screenshots and I’m sure it will be fixed by final” and guess what jokes on me.

Accessibility Quirk With “Bold Text”

Joe Heck:

When one of my testers ran the app, the toolbar button “disappeared”. It was still there, but rendering white on the white toolbar. It took a while to figure out that the difference between our environments: that Bold Text was enabled in accessibility. Then it took a while longer to find that it wasn’t respecting the local tint, but using the global tint when enabled.

That “Bold Text” being enabled effected the image rendering came as a surprise to me. Some friends indicated they’d seen significant performance issues with Bold Text as well (in cells in a tableview), so they knew that it impacted image rendering – I guess it does something to try and make an image “bolder”, even though it’s not text.

Kindle 9

Amazon:

Meet the all-new Kindle, now with a built-in adjustable front light so you can read indoors and outdoors and at more times of day. Purpose-built for reading, Kindle features a glare-free touchscreen display that reads like real paper, even in direct sunlight.

[…]

Designed by Amazon to perfectly fit your Kindle, these slim, form-fitting covers attach securely and fold back for one-handed reading. They automatically put your Kindle to sleep when closed and wake upon opening, making it easy to get back to your story.

I think it’s worth stepping up to the $130 Kindle Paperwhite, which is waterproof and has almost twice the resolution, but it’s cool that you can get a Kindle with a light and the higher contrast screen for only $89.

Update (2019-04-16): Joe Workman:

I bought a like-new Kindle Voyage 2 weeks ago off Amazon for only $80. Replaced my Kindle 3. Very happy with it.

frombrandon:

I did the same a few weeks ago. I was upgrading from a Paperwhite 2 and wanted the new waterproof one, but I found out the screen on the Voyage is still superior to everything but the Oasis. I’m so happy with the purchase.

Postmortem: iTunes Affiliate for Apps

Jeff Johnson:

Yesterday, six months later, I finally got paid the remaining balance owed to me as an iTunes Affiliate. Getting paid was an ordeal that took many emails from me to the iTunes Affiliate Program.

[…]

I had balances in at least 20 forms of currency. The payments to me are all converted to US dollars, but their payment system is organized by currency, and each currency has a minimum payment threshold. If I recall correctly, the payment threshold was $30, so if your balance in one currency is less than the threshold, you don’t get paid from that balance, and the iTunes Affiliate Program just hoards your money until you reach the threshold.

[…]

Be persistent. Mention the $50 manual adjustment. If all else fails, threaten a lawsuit. They’ll want to close your account, but don’t let them close it until after you’ve been paid in full.

I’ve been going back and forth with them for months but didn’t threaten a lawsuit, and they haven’t paid me yet.

Previously:

Improving the UI of Swift Generics

Joe Groff:

This document tries to provide a foundation for conversations about refining the generics model, not really changing the framework established by the Generics Manifesto, but considering some of its weaknesses, and how we might make it more approachable and easier to use:

  • One of the biggest missing pieces from the original manifesto is generalized existentials. These have been hailed as a panacea for a wide range of problems, but as we’ve explored the idea, we’ve found that there are many use cases that existentials would never be able to address.
  • In particular, although existentials would allow functions to hide their concrete return types behind protocols as implementation details, they would not always be the most desirable tool for this job. We have a gap in the generics model in allowing functions to abstract their concrete return types while still maintaining the underlying type’s identity in client code, and we’ll look at how that gap can be filled.
  • We’ll also look at our existing notation for generics and existentials. Swift follows in the tradition of similar languages like C++, Java, and C# in its generics notation, using explicit type variable declarations in angle brackets, but this notation can be verbose and awkward. We could look at what C++20 is doing with abbreviated templates, and Rust with its impl Trait feature, for ways to make writing generic functions more concise and fluent. Also, protocols currently do double-duty as the spelling for existential types, but this relationship has been a common source of confusion.

Update (2019-04-15): Tim Ekl (Hacker News):

To that end, this post aims to walk through some of the proposals from Joe’s document, explaining the syntax and offering examples of how the changes to generics might look in practice. We’ll pick up a couple technical terms in a practical setting, and wrap up with some details about the open Swift Evolution proposal(s) being considered.

Tuesday, April 9, 2019 [Tweets] [Favorites]

Implementing [NSCell copyWithZone:] in Swift to Avoid Crashes in AppKit

Corbin Dunn (tweet):

It looks like using a baseline constraint with Autolayout will cause it to copy the cell to determine the baseline. So, if you are using AutoLayout, be aware of implicit copies that might happen behind your back!

The trouble with [NSCell copyWithZone:] is that it uses NSCopyObject, which blindly assigns ivars from one instance to another and doesn’t do any proper memory management. I didn’t think this would still be an issue in Swift, but apparently it is! See my solution at the top where I simply retain the value during the copy.

He writes:

let _ = Unmanaged<NSColor>.passRetained(previousTextColor)

Toggle System Grayscale Mode

Daniel Jalkut:

The framework name “UniversalAccess” correlates strongly with the “UA” prefix on the pertinent function names we dug up above. Great, so how do we call these? They’re private system functions which means you should not rely on them for production code, but for a quick hack to make toggling grayscale easier? It’s a reasonable risk in my opinion. Here’s a simple C program that takes advantage of the private methods to simply toggle grayscale mode on or off, depending on the current setting.

This is arguably more reliable than using GUI scripting, and definitely faster and less intrusive. Or, if you don’t want use a compiler:

This script takes advantage of Python’s ability to dynamically load an arbitrary shared library and invoke its exported functions.

Update (2019-04-10): Marco Arment:

I love this kind of power and customization, and it’s the kind of thing we’re losing with the dominance of iOS itself and the invasion of the iOS mindset into macOS

Apple Drops $99 Data Migration Fee for New Macs and Repairs

Adam Engst:

Apple has dropped the $99 fee that it previously charged for migrating data from an old Mac to a newly purchased machine. TidBITS reader and TekBasics consultant David Price wrote to tell us that he has generally advised clients to pay Apple to migrate data to newly purchased Macs, but when he accompanied his brother-in-law to pick up a freshly migrated iMac last week, Apple informed him that there was no charge for the service.

Update (2019-04-10): Thomas Brand:

There was never a charge in 2003. We used to even transfer data from booting Windows PCs.

How to Get Bugs Fixed by Apple

Greg Scown:

For example, I received an email with a fractional street address, and Mail’s data detector chopped off the whole number portion of the address. Rather than report the bug with steps in Mail, I figured that the data detector itself was broken and made a very small Xcode Playground to demonstrate the problem. It’s time-consuming to create reductive cases, but it also reduces the likelihood of confusion. Consider that the person reading and reproducing your bug needs to see it as simply as possible.

If there’s no action on your bug, the next step is to mail devbugs@apple.com and request status. Note that it can take a while to get a reply. Filing and following up on getting bugs fixed with Apple is a process, as with anything else.

Previously: The Sad State of Logging Bugs for Apple.

New WebKit Features in Safari 12.1

Jon Davis (Hacker News):

With users’ ability to choose between light and dark color schemes, websites can start to look out of place, or worse, become a blinding and painful experience. To help websites better integrate with the dark appearance setting in macOS Mojave, WebKit provides the supported-color-schemes property and prefers-color-scheme media query to allow a webpage to support light and dark color schemes.

Web content authors can use the @media(prefers-color-scheme: dark) media query to provide dark mode styles that override a default light theme. Alternatively, @media(prefers-color-scheme: light) can be used to provide light styles that override a default dark theme.

[…]

The Payment Request API has been updated with granular errors, support for default addresses and contacts configured in Wallet and Apple Pay settings, and special field support for Japan. These changes now bring the Payment Request API to parity with the Apple Pay JS payment system, but with all of the benefits of web standards compatibility. Payment Request is now the recommended way to pay implement Apple Pay on the web.

[…]

The Web Share API adds navigator.share(), a promise-based API developers can use to invoke a native sharing dialog provided the host operating system. This allows users to share text, links, and other content to an arbitrary destination of their choice, such as apps or contacts.

[…]

Another newly supported element in WebKit is the <datalist> element. The <datalist> element contains a list of <option> elements that provides suggested values for <input> elements.

Previously: Dark Side of the Mac: Appearance & Materials.

Monday, April 8, 2019 [Tweets] [Favorites]

macOS 10.14.5 Requires New Developers to Notarize

Apple:

Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.

In theory, this shouldn’t be a big deal. It’s like Gatekeeper, but signed by Apple. But, in practice, the notarization service sometimes goes down, or takes an unpredictably long time, or silently adds a requirement that wasn’t there the last time you deployed a build. So you never know how long it will take to get a bug fix out.

Via Rosyna Keller:

There’s also a new section about apps with plug-in SDKs and the hardened runtime.

Other sections of the Notarization docs were updated to address developer feedback.

Previously:

See also: Howard Oakley, Jeff Johnson.

Update (2019-04-09): Rosyna Keller:

Resolving Common Notarization Issues has also been updated.

Additionally, it includes information regarding the fact devs with apps with plugin SDKs no longer have to separately ship a debuggable version and a notarized version.

Felix Schwarz:

TIL why I can no longer enter a fax number in the #macOS Print Dialog & therefore no longer use my Epson MFP to send faxes in #Mojave.

With 10.15 killing 32bit support, my ScanSnap’s software will stop working next.

I’ll soon need a VM to use my Mac for basic office tasks.

Jeff Johnson:

The reality now for Apple OS updates is that there’s no longer a distinction between major and minor updates.

All updates potentially include major new features. Or breakages.

Apple is now a full-on “Agile” shop, for better or worse.

(Narrator: For worse.)

Paul Haddad:

Apple is getting aggressive with this stuff. Normally any Mac changes are years in the making.

Arturo:

This is awful. I really really hope they add an option to disable this just like SIP. I don’t really understand if this is possible.

Probably I need to move from macOS. Its a great OS but this kind of changes that could break anything...

Calum Hunter:

who would want to develop on this platform or use this platform for IT professional services anymore. I’m 18 year veteran mac says admin/engineer and now considering switching to a linux machine to get my work done. apple have lost the plot.

Paulo Andrade:

My question here is: is it really that hard for a bad actor to pass the notarization checks that makes this worthwhile to impose on all other developers?

Jeff Johnson:

No, the whole thing is a complete joke, because apps can software update themselves outside the App Store and avoid Gatekeeper entirely. Submit a harmless version to Apple, notarize it, then flip the switch server-side to update to a new malware version after install.

[…]

The technical term would be “security theater”. :-)

John Daniel thinks it will still be effective against adware:

Because they would have to start writing code instead just running an automated app generation script. It is possible, but gets more and more difficult and costly.

Nikolaus Gebhardt:

About 28% of my users running my apps on macOS switched to the Windows version in the last 2 years. Apple now making it even more difficult for devs to create macOS apps will probably not improve this situation for them.

McCloud:

I haven’t worked on macOS for a year or two, but it seems like notarized apps are non-debuggable, and future versions will keep adding friction for non-notarized apps. Is it just me or is the Mac slowly losing its UNIX roots and leaning towards stripping users of control?

Jim Rea:

I haven’t seen any definition of “new developers” -- who fits into that? Does it mean developers that sign up for a developer app starting from today? And how is this enforced on the user’s computer? Or maybe this is enforced during the signing process? Seems weird.

Jeff Johnson:

My guess: info in the DeveloperID cert. It’s the only thing that makes sense at the OS level & explains why it applies “if you’re new to distributing macOS software, regardless of how long you’ve developed for other Apple platforms”. In other words, on generating new DevID cert.

See also: Hacker News and MacRumors.

Update (2019-04-10): Howard Oakley:

As ever, life isn’t quite as simple as Apple’s announcement might seem. It doesn’t, for example, address problems with command tools, which currently don’t pass through Gatekeeper checks, and are often unsigned, although it is possible to attach signatures to them. Apple still doesn’t have a scheme to provide an equivalent to notarization for command tools which aren’t embedded in an app or other code bundle. If you distribute your command tool as part of an Installer package, it is supposed to be possible to get the whole package notarized, although Apple hasn’t detailed a workflow for doing that, nor said whether all installer packages will be required to be notarized. Hopefully some time before 10.15 is released this will become clearer.

[…]

Notarization is only checked when you first run an app which has been downloaded from the Internet and has gained a quarantine flag as a result.

Howard Oakley:

The requirement coming for non-App Store apps is notarization. You said its purpose is malware detection. That may be the purpose of uploading apps to Apple, but there’s more to it than that: you can’t notarize an app unless it’s hardened. So what’s the purpose of that?

Jeff Johnson:

There’s no good reason for the requirement. Notarization is a convenient excuse.

Apple is using the threat of Gatekeeper not allowing your app to launch in order force developers to do something Apple wants, self-impose the hardened runtime on your apps.

It’s a jerk move.

Tom Bridge:

Kerio’s VPN Client was now dead in the water and not functional, no matter what I could do to follow up. An inspection (which requires Xcode 10.2 and not just the command line tools) of the kvnet.kext file in /Library/Extensions indicated I did not have a valid kernel extension any longer[…] Without a valid ticket stapled to the kext, I was going to have a problem running it, as the secureTimestamp value is after 2019-03-11.

Well crap. I need that kernel extension to work for my VPN to client locations to work, so how am I going to get around it? Thanks to #notarization on the Mac Admins Slack, and Allen Golbig at NASA Glenn, Graham Pugh, and the help of others, the answer was already in our hands: User-Accepted Mobile Device Management and Team ID Whitelisting in the Kernel Extensions Whitelisting payload in MDM.

Update (2019-04-11): Apple:

We’re working with developers to create a safer Mac user experience through a process where all software, whether distributed on the App Store or outside of it, is signed or notarized by Apple. With the public release of macOS 10.14.5, we require that all developers creating a Developer ID certificate for the first time notarize their apps, and that all new and updated kernel extensions be notarized as well. This will help give users more confidence that the software they download and run, no matter where they get it from, is not malware by showing a more streamlined Gatekeeper interface.

Howard Oakley:

So if I understand these results:

- declare built with 10.14 SDK, hardening is required for notarization
- lie about that, or use older SDK, and you can notarize unhardened apps.

Rich Trouton:

The part about “notarization will be required by default for all software” made me think, because there are a few apps that I’ve written over the years that are still useful (at least to me). All of them were built using Automator, which meant that the usual Xcode-based ways of notarizing applications wasn’t going to work for me.

Update (2019-04-12): Howard Oakley:

So if you’ve got folders full of your own apps which haven’t gained a quarantine flag because they weren’t downloaded from the Internet, or which have already cleared quarantine following download, they will continue to open and run fine in 10.15. Apple hasn’t announced that it’s changing the way that Gatekeeper works, and if it were even to consider that, the penalties would be seismic.

That does, though, leave many wondering how they’re going to be able to share tools as they have in the past. Unfortunately, the news for them isn’t good at all. If you want to make such apps available to others via download, the only way that this will work in 10.15 and later is for you to go through the whole process of signing them with a developer ID and notarization. Probably.

[…]

How on earth can an app be hardened, something only available in recent versions of Xcode, to meet the first requirement, but remain unsigned?

The answer seems to rest in what built the app in the first place. If the app declares that it was built using a recent version of Xcode, which supports hardening and notarization, then the latter will expect it to comply with the new and rigorous rules, including code-signing and hardening. If your app is built with an older version of Xcode, or a different tool, then legacy rules apply, as described later in that article.

Twocanoes Software:

We use Packages for easily creating distribution packages, and DropDMG for making great looking disk images. The notarization process involves uploading a copy of the app to the notarization service at Apple, then polling the service until it is complete, then downloading the ticket and “stapling” it to the app. So our new process looks like this:

Archive Build->Upload->Poll Until Success->Staple->Package->Add to DMG

Update (2019-04-22): Howard Oakley:

Typical notarizations take less than 5 minutes, from completing upload to Apple’s server to the app being ready to distribute. It’s been unusual for any to take much longer than that, although there were a couple of occasions last October which were delayed by over an hour. I’ve not had any failures at all, neither have I discovered the service to be unavailable. Generally speaking, I can get an app from final test build to distribution on this server within 10-15 minutes when I need.

Twice, just recently, Xcode 10.2 has reported silly errors as if I wasn’t notarizing but trying to send for review for the App Store. I simply quit Xcode, opened it again, and notarization worked fine.

Undoubtedly your experience will vary, as will mine now that the Notary Service is becoming more heavily used.

Tom Bridge:

So, if you deliver an unstapled object, as DisplayLink has, it may still pass muster, but that requires your machine to be able to talk with Apple at the time of install. If you are operating a network which embraces 802.1X user certificates, and you install software at the login window (with Munki, say) you may run into a circumstance where the software is actually notarized by Apple, but without that stapled ticket, you’re stuck if you can’t talk to Apple to prove it. This will result in a failed install.

Codextended: Extension for Swift’s Codable

John Sundell (tweet):

However, once some form of customization is needed — for example to transform parts of the decoded data, or to provide default values for certain keys — the standard Codable API starts to become really verbose. It also doesn’t take advantage of Swift’s robust type inference capabilities, which produces a lot of unnecessary boilerplate.

That’s what Codextended aims to fix.

[…]

Codable already comes with support for custom date formats through assigning a DateFormatter to either a JSONEncoder or JSONDecoder. However, requiring each call site to be aware of the specific date formats used for each type isn’t always great — so with Codextended, it’s easy for a type itself to pick what date format it needs to use.

Previously: Even More About Swift’s Codable.

Apple Books Category Icons

Ryan Jones highlights some good work from Apple’s icon designers:

These icons are unreal.

Carl Jonard:

Weird… some of the icons are different for text vs. audiobooks.

Netflix No Longer Supports AirPlay

Juli Clover (tweet):

The Netflix app for iPhone and iPad no longer appears to support AirPlay, based on an updated support document found on the Netflix website.

According to Netflix, AirPlay is no longer supported on iPhone, iPad, or iPod touch due to “technical limitations.”

[…]

A Netflix spokesperson provided further explanation on the company’s decision to discontinue support for AirPlay on iOS devices, attributing it to the rollout of AirPlay support on third party devices and an inability to distinguish between them:

We want to make sure our members have a great Netflix experience on any device they use. With AirPlay support rolling out to third-party devices, there isn’t a way for us to distinguish between devices (what is an Apple TV vs. what isn’t) or certify these experiences. Therefore, we have decided to discontinue Netflix AirPlay support to ensure our standard of quality for viewing is being met. Members can continue to access Netflix on the built-in app across Apple TV and other devices.

Marco Arment:

Media outlets aren’t being critical enough of Netflix here.

Their argument is effectively “We can’t tell which TV you’re using, so you aren’t allowed to send video to TVs anymore.”

It’s complete bullshit, and an uncharacteristically customer-punishing move from Netflix.

Peter N Lewis:

I expect it is a licensing issue, the same way you cannot watch Netflix in Safari if you have a Apple Cinema HD Display plugged in - they cannot tell that it is a secure channel and not a channel being saved to disk - it sucks but not entirely surprising.

Author:

Translation: AirPlay coming to non-Apple devices makes it difficult for us to prevent piracy. At least that’s my interpretation.

See also: Dan Masters.

Reddit’s /r/Piracy is Deleting Almost 10 Years of History to Avoid Ban

Andy (via Hacker News):

In an article published mid-March 2019, we reported how the moderators of the forum were making best efforts to keep content on the right side of the law and within Reddit’s rules. Just a handful of days later, however, the moderators received notice from Reddit that they were receiving too many copyright complaints from rightsholders.

For a sub-Reddit that has strict rules forbidding anyone posting links to infringing content, the notification came as a disappointment. While some complaints were legitimate (some people simply won’t abide by the rules and some posts do get missed), many were not. This placed the forum’s moderators between a rock and a hard place.

[…]

Uncertain of what lay in the archives and only being in a strong position to be absolutely certain of the state of play more recently, they asked the community for input on the ‘Nuclear Option‘ – deleting every post older than six months old, just to be sure.

Friday, April 5, 2019 [Tweets] [Favorites]

The Golden Age of YouTube Is Over

Julia Alexander (Hacker News):

The Philippous’ story is part of a long-brewing conflict between how creators view YouTube and how YouTube positions itself to advertisers and press. YouTube relies on creators to differentiate itself from streaming services like Netflix and Hulu, it tells creators it wants to promote their original content, and it hosts conferences dedicated to bettering the creator community. Those same creators often feel abandoned and confused about why their videos are buried in search results, don’t appear on the trending page, or are being quietly demonetized.

At the same time, YouTube’s pitch decks to advertisers increasingly seem to feature videos from household celebrity names, not creative amateurs. And the creators who have found the most success playing into the platform’s algorithms have all demonstrated profound errors in judgment, turning themselves into cultural villains instead of YouTube’s most cherished assets.

MailSuite 1.0.7

SmallCubed:

With MailSuite we have consolidated our four(4) previous plugins into a single plugin. The MailSuite app acts as the plugin manager for the MailSuite plugin and helps with the communications between the MailSuite plugin and Mail. The MailSuite app also manages the installation and updating of the individual components (MailTags, Mail Act-On, SigPro, Mail Perspectives).

This makes a big difference because Mojave has really increased the friction for installing and updating Mail plug-ins. Each component is now a meta plug-in that can be updated without updating the actual Mail plug-in (which requires reauthorization in Mail).

The MailTags component is being overhauled to move the syncing of tag data from the internals of messages relying on the email server for synchronising, to separate, associated records that are encrypted and stored on a SmallCubed managed server.

EagleFiler 1.8.7 knows about the new MailTags storage format and will preserve the tags, projects, and notes when importing messages.

SmallCubed:

MailSuite users who want to synchronise their tagged messages on multiple computers will need to use SmallCube’s new Tag Syncing Service. MailSuite uses end-to-end encryption on all stored data. This means that data is encrypted before it is sent to the server and can only be decrypted on the user’s devices using the same Tag Syncing Service profile. SmallCubed does not have access to the keys that are used to encrypt/decrypt the data.

Notably, the optional server feature does not require a subscription.

Previously: Mojave Privacy Protection Aftermath.

HoudahSpot 5.0

Houdah Software:

Folding Text Preview — Text Preview can focus on paragraphs that match your search. This makes it easier to see the context in which the text was found.

[…]

New filter options — Filter – show or hide – search results by name, path, or folder names. For example, when you want to find all photos in folders named “vacation”, it is quicker to use filters than to list all of these folders as search locations. Just run a search for photos in your home folder. Then filter the results to see only photos where a parent folder is named “vacation”.

[…]

Quicker criteria setup — While entering criteria values in the Refine pane, you can press a keyboard shortcut to add another criterion for the same attribute. For example, when searching for file names that contain both “Houdah” and “Software”: Fill in the “Name” criterion by typing “Houdah”. Then press Command-Option-Return to get a new row. Then type “Software”.

App Store Connect Change Breaks Fastlane

Renaud Lienhart:

Apple has yanked an App Store Connect endpoint fastlane was relying on, and the whole iOS development world has come to a standstill 😒[…]

Would it be too hard for them to work with the community, provide a probation period? 😕

John Sundell:

I think the larger issue here is that many teams are structuring their entire workflow around a tool that relies on private Apple APIs (which are bound to change at any time). fastlane is awesome, but I would never put myself in a position where I can't keep working without it 🙂

Previously: Apple Acquires Buddybuild.

Apple Discouraging Photo Recovery From Damaged Devices

Mike Wuerthele and Malcolm Owen:

After querying third-party repair outfits nearby, the Billards were referred to a company near Rochester, New York called iPadRehab. The firm, operated by Jessa Jones who formed the company following a similar water-based mishap of her own and taught herself how to repair iPhones, was able to get the iPhone up and running enough to recover the data for the couple.

The report then moves towards how Apple’s advice the pictures were unrecoverable is a common statement from the company. Jones claims “The most common answer - and I hear this from customers all the time - is ‘there is no way to get your pictures from your iPhone if it won’t turn on.’ It’s heartbreaking, because it’s absolutely not true.”

[…]

While her company is doing well from Apple’s unwillingness to service water-damaged iPhones, the report highlights issues Jones has when posting to the Apple Support Communities, a section of Apple’s website where users can offer advice to others for issues with problematic devices. When Jones writes posts to the forum advising that water-damaged devices could undergo a repair via non-Apple authorized means, her posts are removed as being “inappropriate,” and eventually the account itself is banned.

[…]

The CBC put a lot of weight on the Apple support forums as a venue for data. However, Apple in no way participates in the forums, nor issues any form of formal statement regarding data recovery there.

See also: Louis Rossmann.

Via Josh Centers:

Yes, people were generally okay with Apple being locked down as long as the products were dependable. That’s increasingly not the case. Meanwhile, Apple is going to greater lengths to prevent repair.

Previously:

Thursday, April 4, 2019 [Tweets] [Favorites]

Microsoft Shuts Down E-book Store

Microsoft:

Starting April 2, 2019, the books category in Microsoft Store will be closing. Unfortunately, this means that starting July 2019 your ebooks will no longer be available to read, but you’ll get a full refund for all book purchases. See below for details.

While you can no longer purchase or acquire additional books from the Microsoft Store, you can continue to read your books until July 2019 when refunds will be processed.

Cory Doctorow (tweet, via Chris Turner):

This puts the difference between DRM-locked media and unencumbered media into sharp contrast. I have bought a lot of MP3s over the years, thousands of them, and many of the retailers I purchased from are long gone, but I still have the MP3s. Likewise, I have bought many books from long-defunct booksellers and even defunct publishers, but I still own those books.

Safari Link Tracking Can No Longer Be Disabled

Jeff Johnson (tweet):

Notice that when you hover over the “Ping Me” link, you only see the href URL, you don’t see the ping URL, so you don’t even know that the attribute exists unless you look at the HTML page source. When you click the link, it loads the page http://lapcatsoftware.com/ as expected. But it also sends an HTTP POST request to http://underpassapp.com/ without any visible indication to the user. You can only see it if you do a packet trace. It should come as no surprise that the primary usage of hyperlink auditing is for tracking of link clicks.

[…]

Apple shipped Safari 12.1 last week to the public with no way to disable hyperlink auditing. I hope to raise awareness about this issue, with the ultimate goal of getting hyperlink auditing disabled by default in Safari. Apple claims that Safari is supposed to protect your privacy and prevent cross-site tracking, but hyperlink auditing is a wide open door to cross-site tracking that still exists.

Eric Jacobsen:

If anyone is curious why this attribute was introduced: it’s supposed to be an alternative to those chains of redirects that publishers often put in front of outbound links.

User gets a direct link to destination instead of redirects (good), publishers and advertisers still get their data async (creepy, but arguably better than the alternative)

Imo is fine as long as there’s an opt-out, which chrome and ff have but oddly Safari just dropped.

Is Apple’s reasoning that making it an option would prevent sites from using ping? It’s better to have access to the real URL with a compulsory ping than to be forced to use a redirect chain that’s slower and no more private.

Previously:

With privacy and online tracking being such a large problem and major concern for many users, you would think that browser developers would give you the option to disable anything that could affect your privacy.

Unfortunately, this seems to be going in the reverse direction when it comes to hyperlink auditing.

[…]

Of all the browsers I tested, only Brave and Firefox currently disable it by default and do not appear to have any plans on enabling it in the future.

[…]

It turns out that Google uses hyperlink auditing in their search result pages. Every time you click on a search result link, your browser will also send HTTPS POST request back to a Google url in order to track the click.

Jeff Johnson:

Anchor ping is not an alternative form of tracking, it’s an additional form of tracking. We still have all the other forms of tracking along with this one. It may be true that if advertisers don’t have anchor ping, they’ll just use alternative methods, but the belief that advertisers won’t use alternative methods of tracking if they have anchor ping has proven to be completely false. Anchor ping also turns out to be an advertiser’s dream feature. It’s completely invisible to the user, and it’s more powerful and reliable than the other tracking methods.

[…]

Anchor ping was supposed to be transparent as in easily perceived by the user. Instead, anchor ping has become “transparent” as in invisible to the user. The browsers never informed the user about the ping notifications. And now browsers such as Safari and Chrome are removing the ability of the user to disable the notifications. As far as privacy is concerned, this is not “a wash” compared to previous tracking methods. It’s a cover-up.

I still can’t figure out what users gain by not being informed of both the target URL and the redirect. When links are being used for tracking purposes, it makes sense to show the contents of the href so that users aren’t misled; but, if we start assuming all browser features will be used maliciously, it is easy to see why the ping attribute should also be visible to the user.

Researchers have found that the HTML feature called hyperlink auditing, or pings, is being used to perform DDoS attacks against various sites. This feature is normally used by sites to track link clicks, but is now found to be abused by attackers to send a massive amount of web requests to sites in order to take them offline.

[…]

The yo.js script, shown below, would randomly select one of the above sites and create a HTML ping URL with that site as the ping target. It would then programmatically click on the link as shown by the link.click() command.

The JavaScript would then create a new HTML ping URL and click every second. So the long a user was on this page, the most clicks they would generate.

Just turning off the Ping attribute or the Beacon API doesn’t solve the privacy implications of link click analytics. Instead, it creates an incentive for websites to adopt tracking techniques that hurt the user experience. In effect, the choice between supporting Ping and not is not one of privacy, rather it is a choice between a good user experience and a bad one.

[…]

Until recently, Safari supported an internal User Defaults flag to disable support for the Ping attribute. It was never our intention to surface this flag as a customer setting. We think it’s misguided to offer users the ability to disable web-facing features if doing so doesn’t disable or prevent the ends of that technology. Instead, Intelligent Tracking Prevention and Content Blockers offer users different levels of support for categorically affecting link click analytics.

However, currently it seems like neither can be used to categorically block pings.

Jeff Johnson:

The Chromium team is finally coming around[…]

[…]

I think Apple just found itself on the wrong side of history, now as the only browser vendor defending a user tracking technology.

Ricky Mondello:

We agree that <a ping> should be more transparent. I publicly filed this bug to track improving this for WebKit and Safari[…]

This is weird because his bug notes that Safari is not to spec, yet Wilander’s blog post makes it sound like the Safari team likes the current behavior.

Fortunately, I have a solution for you now! Last night (as soon as I could get approved by Apple) I released StopTheMadness 6.0 in the Mac App Store. If you click on a link with the “ping” attribute, StopTheMadness 6.0 will now remove that “ping” attribute, thereby preventing your clicks from getting tracked by hyperlink auditing.

macOS 10.14’s Software Update Release Notes

John Gruber:

But the sheet containing the release notes can’t be resized. You see about 9 lines of text at a time, and there’s nothing you can do about it.

Worse, the text can’t be selected, so you can’t even copy and paste it into TextEdit or some other app to read it comfortably. They even have URLs at the bottom of the note, pointing to support pages on apple.com which contain even more details about the update — but the URLs aren’t clickable. Can’t copy them, can’t click them — the only way to actually open these URLs is to retype them manually.

Apple’s newest Mac software designs just don’t seem to work very well.

Steven Aquino:

What @gruber doesn’t mention here is worth a shout by me: Reading release notes on the Mac—or anything else—is damn near impossible if you’re visually impaired. You could use Zoom, but again, 10.15 better bring Dynamic Type to macOS.

Previously: macOS 10.14 Mojave Released.

BBEdit Returns to the Mac App Store With Subscription

Bare Bones Software (tweet, Phil Schiller, 9to5Mac, MacRumors):

In the spring of 2018, Bare Bones and Apple announced that, subsequent to the release of macOS Mojave (10.14) and the accompanying refresh of the Mac App Store, BBEdit would be returning to the store.

This was made possible by changes to the OS itself which allow Mac App Store versions of BBEdit to function to their fullest extent while complying with Mac App Store rules; as well as changes to the Mac App Store business mechanics which make it possible for us to distribute our software through the Mac App Store as part of a sustainable business model.

[…]

There are two levels of paid subscription:

  • Annual: US$39.99 per year (may vary in other locales)
  • Monthly: US$3.99 per month (may vary in other locales)

You may install BBEdit at no charge via the Mac App Store, and use it either with a paid subscription or in Free Mode.

They are still offering “perpetual” licenses for $50. There’s been a paid upgrade every three years. BBEdit 12 was a $40 upgrade, BBEdit 11 was a $30 upgrade, BBEdit 10 was a $40 upgrade, and BBEdit 9 was a $30 upgrade (with a full price of $125).

Steve Troughton-Smith:

If you’re curious about BBEdit’s MAS entitlements, as I was, you can see them here; it says a lot that everybody is still relying on ‘temporary’ sandbox exceptions just to make life in the MAS possible

Jeff Johnson:

There’s a kind of dilemma with having both MAS subscriptions and non-MAS 1-time licenses:

If you ever want to have a non-MAS paid upgrade again, you’ve got to hold back new features. But then subscribers get nothing new for their continued payments.

Paulo Andrade:

I always thought the argument that subscriptions allow developers to not bundle features in major versions a bit moot. Having a big update makes it a lot easier to do marketing around it and that’s kind of a big deal. Having a subscription doesn’t change that.

Previously:

Update (2019-04-05): John Gruber:

The App Store has welcomed BBEdit back warmly, with a nice top-of-the-front-page feature on developer Rich Siegel and BBEdit’s incredibly long history as a Mac stalwart, along with two other features: “BBEdit: A Writer’s Secret Weapon” and “Tame Your Text Files” — both good guides to BBEdit’s rich feature set. (Those App Store articles will open in the App Store apps on Mojave or iOS.)

Wojtek Pietrusiewicz:

I can’t read the @bbedit @AppStore features on my iPad. First of all I found the links to the stories on @gruber’s @daringfireball. Clicking the links does nothing on my iPad however. One tried to open iTunes and failed, the other just silently failed.

Previously: App Store Covers RSS Readers.

HomePod Price Reduced to $299

Tim Hardwick:

Apple today cut the price of HomePod on its online store by $50, with the smart speaker now listed for $299, down from $349. The price drop follows recent promotional discounts at several third-party retailers across the U.S.

I wonder whether that will affect sales much. My gut feeling is that $250 would have been a lot more interesting and that there are not that many more people who would want a HomePod for $300 than for $350.

Joe Rossignol:

In a new entry in its Machine Learning Journal, Apple has detailed how Siri on the HomePod is designed to work in challenging usage scenarios, such as during loud music playback, when the user is far away from the HomePod, or when there are other active sound sources in a room, such as a TV or household appliances.

Previously:

Update (2019-04-05): Marco Arment:

It’s a lot like the Apple Watch: great at a few core things, mediocre for some others, and regularly fails at simple tasks.

Great for music, as long as it’s Apple Music. Great for HomeKit. Mediocre for assistant tasks. Mediocre for timers.

Siri makes — and breaks — the HomePod.

If music quality is a high priority, it’s a good option.

But if so, you’ll really want two of them in a stereo pair, which is a HUGE improvement in music quality. Budget accordingly.

Wednesday, April 3, 2019 [Tweets] [Favorites]

Powerbeats Pro

Chris Welch (MacRumors):

A couple of weeks after Apple shipped its second-generation AirPods, the company’s Beats division is finally making its own entrance into the true wireless earbuds market. The new $249.95 Powerbeats Pro ship in May and are Beats’ most significant product in years. I get the feeling that, for many people, these are going to prove even more compelling than AirPods. They offer longer battery life, they seal fully in your ears without letting in outside noise, they include the same Apple H1 chip as the latest AirPods for hands-free “Hey Siri” voice commands, and yes, to my ears, the Powerbeats Pro sounded better during my brief introduction to them.

This sounds great. They’re also water-resistant and have physical volume controls. Downsides: the case is too large for a pocket, no Qi charging. I wonder whether the isolation is good enough for airplane use.

Previously:

Update (2019-04-08): Rene Ritchie:

Play pause can happen when you put Powerbeats Pro in or take them out, just like AirPods, but where AirPods are all stealth and you can tap invisible quote-unquote buttons to do one thing of your choosing, Powerbeats Pro have legit physical hardware controls. There's volume up and down, right on the top, and the big B button on the outside, which you can even long-press to pass on a call.

Matt Birchler:

How much bigger could the PowerBeats charging case be than AirPods?

*checks it out*

Mother of god…

Xcode Custom Search Scopes

Paulo Andrade:

In my case, my source code comes down to Objective-C, C, and Swift files. So I just create a code that search for any file with the .m, .h, .c and .swift extensions.

[…]

But most of the time when searching for localized strings I’m just interested in the Base localization. I never touch the translated files inside Xcode, these are synced with my translation service. So by using this scope, whenever I’m searching for a localized string I just get back the base localization files.

[…]

Last but not least, when your working on a given feature it’s usual to have a set of modified files you’re working on. Sometimes you’ll want to search for something on only this set of related files.

Accessors Have Message Obsession

Marcel Weiher (tweet):

Every single attribute of every single class gets its own accessor or accessor pair, again with the action (get/set) mushed together with the name of the attribute to work on. The solution is the same as for the directions in Nat’s example: there are only two actual messages, with reified identifiers.

These, of course, correspond to the GET and PUT HTTP verbs. Properties, now available in a number of mainstream languages, are supposed to address this issue, but they only really address to 2:1 problem (getter and setter for an attribute). The much bigger N:2 problem (method pair for every attribute) remains unaddressed, and particularly you also cannot pass around, store or perform calculations on the identifier.

UTF-8’s History and Virtues

Rob Pike:

What happened was this. We had used the original UTF from ISO 10646 to make Plan 9 support 16-bit characters, but we hated it. We were close to shipping the system when, late one afternoon, I received a call from some folks, I think at IBM - I remember them being in Austin - who were in an X/Open committee meeting. They wanted Ken and me to vet their FSS/UTF design. We understood why they were introducing a new design, and Ken and I suddenly realized there was an opportunity to use our experience to design a really good standard and get the X/Open guys to push it out. We suggested this and the deal was, if we could do it fast, OK. So we went to dinner, Ken figured out the bit-packing, and when we came back to the lab after dinner we called the X/Open guys and explained our scheme. We mailed them an outline of our spec, and they replied saying that it was better than theirs (I don’t believe I ever actually saw their proposal; I know I don’t remember it) and how fast could we implement it? I think this was a Wednesday night and we promised a complete running system by Monday, which I think was when their big vote was.

So that night Ken wrote packing and unpacking code and I started tearing into the C and graphics libraries. The next day all the code was done and we started converting the text files on the system itself. By Friday some time Plan 9 was running, and only running, what would be called UTF-8. We called X/Open and the rest, as they say, is slightly rewritten history.

Why didn’t we just use their FSS/UTF? As I remember, it was because in that first phone call I sang out a list of desiderata for any such encoding, and FSS/UTF was lacking at least one - the ability to synchronize a byte stream picked up mid-run, with less that one character being consumed before synchronization. Becuase that was lacking, we felt free - and were given freedom - to roll our own.

Ken Thompson:

Below are the guidelines that were used in defining the UCS transformation format:

1) Compatibility with historical file systems:

Historical file systems disallow the null byte and the ASCII slash character as a part of the file name.

2) Compatibility with existing programs:

The existing model for multibyte processing is that ASCII does not occur anywhere in a multibyte encoding. There should be no ASCII code values for any part of a transformation format representation of a character that was not in the ASCII character set in the UCS representation of the character.

3) Ease of conversion from/to UCS.

4) The first byte should indicate the number of bytes to follow in a multibyte sequence.

5) The transformation format should not be extravagant in terms of number of bytes used for encoding.

6) It should be possible to find the start of a character efficiently starting from an arbitrary location in a byte stream.

Rich Felker:

Not only do ASCII bytes never appear in multibyte UTF-8 chars; NO character is ever a substring of another character.

UTF-8 was really a work of brilliance, guaranteeing what’s pretty much a maximal set of important desirable properties like this.

Of course the desirable properties necessitate one property that’s hard to like: not all byte sequences can be legal/valid.

See also: The History of Unix (via Hacker News).

Previously:

Update (2019-04-04): See also: Hacker News.

Tuesday, April 2, 2019 [Tweets] [Favorites]

High Memory Use With Vapor and MySQL

Tanner (via Ilja A. Iwas):

MySQL 3.2.4 has been tagged with a fix that reduces peak memory usage by 10-15x for the sample project. See vapor/mysql#232 if you’re interested to see what was fixed.

[…]

Here’s a small recap of what went wrong, and also why it took so long to find it. The main blocker was that we initially thought this was a Linux-only memory leak[…]

[…]

The problem was not leaking memory, but overly high peak memory usage which lead to fragmentation. Which, importantly, we were also seeing on macOS. This meant it was highly likely the problem was in Vapor.

[…]

Due to optimizations in Swift’s String, Valgrind may think bytes have been “definitely lost” even though they haven’t. This seems to only happen when you stop Valgrind while it is still busy doing work.

[…]

To help prevent issues like this from happening in the future, we need to improve Vapor’s DB driver performance benchmarking. Currently, benchmarks are for small, unrealistic models and test run time only. Benchmarks that could have caught this issue early would test realistically sized models (with diverse properties and types) and also memory usage alongside run time. Implementing these benchmarks is unfortunately much easier said than done, but it’s something that has been on our list long before this issue.

Using Drag and Drop with NSTableView

Nate Thompson (via Daniel Jalkut):

I recently tried to implement drag and drop with NSTableView in a project and ran into a bunch of issues with finding resources that actually helped. Such is the life of a Cocoa developer. So here’s my attempt at the definitive guide to drag and drop with NSTableView. (This should also apply to NSOutlineView, since they work in a similar way.)

[…]

There’s a bug in NSTableView that requires implementing tableView(_:heightOfRow:) to get the gap style to animate correctly.

[…]

Passing -1 and on will highlight the entire table view.

Unfortunately, I have not found that highlighting to be reliable since macOS 10.14.

Withholding AppleCare

Nigel Kersten:

I don’t think I’ve ever really told the story on Twitter about the time Steve Jobs sent me a polite but dismissive email and then proceeded to make my life at work rather hellish.

[…]

So these new Macs came out and you couldn’t run OSX 10.3.9 on them, only 10.4.x

But Pro Tools wouldn’t run on 10.4 and digidesign were not looking like they’d have support ready before the start of the school year.

So I started poking at 10.3.x to see if I could fix it.

[…]

I get a phone call from AppleCare

“Hi I have to tell you that if you run those computer labs on OS X 10.3 we’re not going to honor your warranties for any of your Macs. Been told to tell you. Bye”

Kickstarting Watch App Development

Pádraig Kennedy:

The single biggest thing Apple could do to kickstart Watch app development imho is to sell developer units that you can connect to directly with a wire, just like the ones Apple uses to do watch app development.

(I made one of our developers work on the watch for a week and I feel guilty and am trying to figure out how to make it up to them.)

Marco Arment has made similar comments. The more unpleasant an area of development is, the more people will want to do something else instead.

Joe Cieplinski:

I second this suggestion. Wireless debugging of watch apps is still a nightmare.

Previously:

Falsehoods About Time and CSVs

Zach Holman:

I’ve made notes of the egregious things I’ve learned about programming with time and pulled them together as a talk. This is the written companion piece, which is sort of a super set of the talk, since I had way more notes than what I could shove in a single talk.

Beyond that, though, there’s also a lot about time itself that is properly hilarious, and it’d be a travesty to not talk about the country that recently decided to skip a certain day, or that the Unix epoch isn’t technically the number of seconds since January 1970, or that February 30 happened at least twice in history.

Jesse Donat (Hacker News):

Much of my professional work for the last 10+ years has revolved around handling, importing and exporting CSV files. CSV files are frustratingly misunderstood, abused, and most of all underspecified. While RFC4180 exists, it is far from definitive and goes largely ignored.

Partially as a companion piece to my recent post about how CSV is an encoding nightmare, and partially an expression of frustration, I've decided to make a list of falsehoods programmers believe about CSVs. I recommend my previous post for a more in-depth coverage on the pains of CSVs encodings and how the default tooling (Excel) will ruin your day.

Previously:

Monday, April 1, 2019 [Tweets] [Favorites]

What’s New in Swift 5.1

Paul Hudson:

SE-0068 expands Swift’s use of Self so that it refers to the containing type when used inside classes, structs, and enums. This is particularly useful for dynamic types, where the exact type of something needs to be determined at runtime.

[…]

In Swift 5.1 this confusion now prints a warning: “Assuming you mean ‘Optional.none’; did you mean ‘BorderStyle.none’ instead?” This avoids the source compatibility breakage of an error, but at least informs developers that their code might not quite mean what they thought.

[…]

Well, in Swift 5.1 we can now use switch/case pattern matching to match optional enums with non-optionals, like this[…]

[…]

SE-0240 introduces the ability to calculate and apply the differences between ordered collections. This could prove particularly interesting for developers who have complex collections in table views, where they want to add and remove lots of items smoothly using animations.

Or for use in test cases.

Because Swift now ships inside Apple’s operating systems, new features like this one must be used with an #available check to make sure the code is being run on an OS that includes the new functionality. For features that will land in an unknown, unannounced operating system shipping at some point in the future, a special version number of “9999” is used to mean “we don’t know what the actual number is just yet.”

Texting Means Never Having to Say Goodbye

Jane C. Hu (via Hacker News):

I thought about the last time I’d actually typed ttfn. I imagine it was at least 18 years ago, on my family’s Gateway desktop during the era of dial-up AOL. And then I realized I couldn’t remember the last time I said “g2g,” or even “bye,” in an online conversation. I asked some friends in a group chat if they ever say goodbye when chatting digitally. “They never really have a beginning. Do they also not have an end?” said my friend Dan. Another friend, Mitch, chimed in with a diagnosis: “It’s because we never go offline anymore.”

[…]

In a 2016 study, many respondents say they read into a lack of response. It’s especially confusing when your conversational medium tells you if someone is currently online, or has already read your messages, like the “read” labels in iMessage, the green dot by your name in Slack, or the blue tick mark on WhatsApp messages. “When WhatsApp introduced the blue tick [that shows when you’re online], that introduced a lot of anxiety,” she says.

Alternatives to Mac Laptops

Dieter Bohn (tweet):

Even though the XPS 13 has a strong pedigree, it’s worth talking about again. It was one of the first mainstream laptops with a nearly edge-to-edge screen. It doesn’t go in for 360-degree hinge tricks — there’s the XPS 13 2-in-1 for that — it was just always a good, well-built laptop. It has become something of a default alternative to the MacBook Air for Windows users — something thin, light, stylish, and also reliable.

[…]

The 2019 version of the XPS 13 starts at $899, but I think most people will want to step up to the $1,199 (as of this writing) version. That will get you a Core i5 processor, 8GB of RAM, 256GB of storage, and the 1080p screen.

[…]

The keyboard on this machine is excellent, with a very good balance of key travel, firmness, and thinness. I don’t love that the page up and page down buttons are crammed in next to the arrow keys […]

But at least it has those keys.

Dell quotes up to 21 hours of battery life with the 1080p screen and around 12 for the 4K. As usual, I think those estimates are super optimistic, but that doesn’t mean I think the battery life on this laptop is bad.

[…]

I am mostly pleased with the port choices: there are two Thunderbolt ports on the left, one USB-C port on the left, a headphone jack, and a microSD card slot. It would have been nicer if Dell had found a way to bring back a USB-A port, but it at least includes a dongle in the box.

[…]

And the USB-C power brick is just plain thoughtful in its design: it’s easy to wrap the cord around it cleanly and compactly.

Nolan O’Brien:

I find myself at a crisis somewhat. This 300 dollar chromebook is by all metrics a pos harware-wise, but the damn thing outperforms my $2000 MBP for normal non-dev use cases.

And it’s keyboard kills the butterfly keys of Apple. Plus it has really good drawing tablet mode

I would have expected needing to go to an equally expensive Windows machine to get out of the plodding degradation of macOS, but I can actually get away with a cheap chromebook.

[…]

I can’t even fathom why folks would do iPad leasing at schools given how much better using a chromebook is. This is after expecting it to not be any good, but being proven wrong.

Thomas Reed:

Since there is, definitively, already malware that can affect Chromebooks, it’s reasonable to install antivirus software on a Chromebook. And since Chromebooks are increasing in popularity, it’s also reasonable to assume cybercriminals will continue to develop more malware to get their piece of the pie. Once Pandora’s Box has been opened for a device, operating system, browser, or other platforms, we’ve never once seen the bad guys back away from it.

However, there is a catch to all of this. And to discover the catch, you must first answer this question: Does your Chromebook support Google Play?

Not all Chromebooks do. If yours does not, it cannot download malware through Google Play, much less third-party app stores, because it cannot download any apps at all.

Previously:

Update (2019-04-02): scott:

My alternatives are:

Macbook - Dell XPS 13 ($899)
MacBook Air - Lenovo 14e ($279)
MacBook Pro - Lenovo X1 ($1,139) or Pixelbook ($799 on sale)
iMac Pro/Mac Pro (Xeon, ECC) - Lenovo P1 ($2,059)

Key iOS Chip Architect Departs Apple

Chris Jenkins:

Gerard Williams III, lead designer of Apple’s custom iOS chips from A7 to A12X, has departed the company, according to CNET. While no indication of a change has been made on his LinkedIn profile, it does offer a glimpse into his design prowess.

[…]

He came to Apple with a splash, as the A7 was Apple’s first 64-bit CPU core. This design arrived on the market over a full year before competitors like Qualcomm and Samsung could respond and largely cemented the technical prowess of the SoC team Apple had created.

If confirmed, his departure would follow the more well-known CPU architect Jim Keller, who was part of Apple’s acquisition of PA Semi. More recently, Apple’s SoC team lost its lead Manu Gulati, whose vacated role was assumed by Williams.

Seems like we were just hearing that all the top people were going the other way.

Paying to Whitewash Wikipedia Pages

Ashley Feinberg (via Hacker News):

The vast majority of the people who propose and make changes to Wikipedia are volunteers. A few people, however, have figured out how to manipulate Wikipedia’s supposedly neutral system to turn a profit.

That’s Sussman’s business. And in just the past few years, companies including Axios, NBC, Nextdoor and Facebook’s PR firm have all paid him to manipulate public perception using a tool most people would never think to check.

[…]

One of Wikipedia’s more well-known rules is its prohibition on editing pages that you have any sort of direct connection to. This, along with the fact that it’s humiliating to get caught editing your own Wikipedia page, is usually enough of a deterrent to companies and public figures looking to inject a positive spin. But those looking to get around the site’s conflict of interest rules aren’t totally without options. Anyone, even someone financially tied to the subject in question, is allowed to merely suggest edits in the hopes that a less conflicted editor might come by, agree, and implement the changes for them. This is where a paid editor like Sussman comes in.

[…]

He often replies to nearly every single bit of pushback with walls of text arguing his case. Trying to get through even a fraction of it is exhausting, and because Wikipedia editors are unpaid, there’s little motivation to continue dealing with Sussman’s arguments. So he usually gets his way.