Archive for May 17, 2019

Friday, May 17, 2019 [Tweets] [Favorites]

Three iOS Keyboard Changes Apple Should Make

Dan Moren:

I’ve become more and more puzzled about autocorrect in recent years. In my personal experience, it’s become both worse at fixing legitimate typos and more aggressive about taking actual words and turning them into nonsense. The latter is many times more frustrating; I’ve watched more than a few sentences turn incomprehensible before my very eyes.

[…]

Personally, I’ve been impressed with swipe typing when I’ve used it in other keyboards—the biggest thing holding me back is that it’s not available on the system keyboard. Third-party keyboard support is still limited on iOS, and it’s often buggy and crash-prone.

[…]

Apple already offers a way to search for emoji on the Mac, it’s more than a little puzzling that it wouldn’t make a similar feature available on iOS.

Previously:

Update (2019-05-31): Kyle Howells:

“In my personal experience, it’s become both worse at fixing legitimate typos and more aggressive about taking actual words and turning them into nonsense.”

Couldn’t agree more. It’s been a disaster ever since around iOS 10 when they switched to machine learning.

Raphael Sebbe:

I find SwiftKey has more accurate completion, allows swipe-typing, has better multi-lingual support, is better at emojis.

The only downside is the 3D-touch selection mode: looks like they can’t replicate 2D panning like Apple does (API limitation?). Too bad, so useful…

Previously: Apple Expected to Remove 3D Touch.

Update (2019-06-03): Simeon:

Has iOS autocorrect gotten incredibly bad for anyone else? It used to correct common mistakes but now it just replaces entirely valid words with other similar words turning sentences into nonsense

Update (2019-06-04): Tim Hardwick:

Apple has also added a swipe to type feature to the stock iOS keyboard called QuickPath, which brings easy one-hand typing to the iOS keyboard by continuously swiping through the letters of a word, and Memoji are automatically made into sticker packs built into the iOS keyboard, so they can be used in Messages, Mail and other apps.

Microarchitectural Data Sampling (MDS) Mitigation

Ross Mcilroy et al. (via Hacker News):

This paper explores speculative side-channel attacks and their implications for programming languages. These attacks leak information through micro-architectural side-channels which we show are not mere bugs, but in fact lie at the foundation of optimization. […] As a result of our work, we now believe that speculative vulnerabilities on today’s hardware defeat all language-enforced confidentiality with no known comprehensive software mitigations, as we have discovered that untrusted code can construct a universal read gadget to read all memory in the same address space through side-channels. In the face of this reality, we have shifted the security model of the Chrome web browser and V8 to process isolation.

Liam Tung (via Reddit):

Major slowdowns caused by the new Linux 4.20 kernel have been traced to a mitigation for Spectre variant 2 that Linux founder Linus Torvalds now wants restricted.

Pierre Lebeaupin:

It’s hard to believe it has now been more than one year since the disclosure of Meltdown and Spectre. There was so much frenzy in the first days and weeks that it has perhaps obscured the fact any solutions we currently have are temporary, barely secure, spackle-everywhere stopgap mitigations, and now that the dust has settled on that, I thought I’d look at what researchers and other contributors have come up with in the last year to provide secure processors – without of course requiring all of us to rewrite all our software from scratch.

Apple (via Benjamin Mayo):

Intel has disclosed vulnerabilities called Microarchitectural Data Sampling (MDS) that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

Although there are no known exploits affecting customers at the time of this writing, customers who believe their computer is at heightened risk of attack can use the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology, which provides full protection from these security issues.

[…]

Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks.

John Gruber:

It’s good that there are no known exploits using these techniques, but even if there were, the overwhelming majority of Mac users — almost everyone — would not need to enable this mitigation. These MDS vulnerabilities enable malware on your computer to do bad things. But these vulnerabilities are not ways for malware to get onto your computer.

However, it sounds like the fix is finally a way to work around the hyper-threading bug that can lead to data corruption on my iMac, amongst other Macs.

Previously:

Update (2019-05-31): Quentin Adam:

FYI, as cloud provider we rawly loss around 25% of CPU performances the lasts 18 months due to different CVE and issues on CPU and mitigation limiting capacity using microcode, so we stuff more CPUs, but prices didn’t go down at all... That’s a kind of upselling. #IntelFail

Dynamic Equality Checking and Equatable

Tanner Bennett (tweet):

Note that the arguments for == are defined as Self rather than Equatable. This has some implications and benefits[…]

[…]

The use of Self as in Equatable’s definition restricts how Equatable can be used. You cannot declare collections or variables as a protocol type, like you can in Objective-C.

[…]

Many APIs vend Any, such as JSONSerialization’s .jsonObject(_:_:) methods. For testing purposes, you may want to compare the output of these methods to one another. You’ll quickly find you can’t[…]

See also: Adding a polymorphic Equatable?, Protocol-Oriented Programming in Swift.

Previously:

The Potential Advantages of a JavaScript Whitelist

Brent Simmons:

What I want is two related and similar things:

  • The ability to turn off JavaScript by default, and turn it on only for selected sites. (For me that would be sites like GitHub.)
  • The ability to turn off cookies by default, and, again, turn them on only for selected sites.

If it‘s the opposite — if I have to blacklist instead of whitelist — then I’d be constantly blacklisting. And, the first time I go to a site, it gets to run code before I decide to allow it.

Nick Heer:

When you think about it, it’s pretty nuts that we allow the automatic execution of whatever code a web developer wrote. We don’t do that for anything else, really — certainly not to the same extent of possibly hundreds of webpages visited daily, each carrying a dozen or more scripts.

[…]

It’s baffling to me that trackers, ad networks, cryptocurrency miners, and image lightboxes are all written for the web in the same language and that there is little granularity in how they’re treated. You can either turn all scripts off and lose key functionality on some websites, or you can turn everything on and accept the risk that your CPU will be monopolized in the background.

What if pages were allowed a certain amount of JavaScript CPU time, beyond which they had to request more from the user?

I would also like to see a report of what the JavaScript is doing, i.e. which information it’s reading and which servers it’s contacting. Part of the reason things have gotten so out of hand is that users can’t see what’s happening. I like how the iCab browser would always report whether a page had valid HTML, and how the macOS battery menu shows which apps are using significant energy.

Kyle Howells:

My number one feature request for Safari, a whitelist for Javascript use, defaults to disabled when whitelist enabled. Battery life doubled in one feature!

Previously: Intelligent Tracking Prevention 2.2.

Update (2019-05-21): It looks like Chrome already implements what Simmons is suggesting.