Archive for June 14, 2019

Friday, June 14, 2019

Is the Mac’s Future Bright?

Jeff Johnson:

My argument for the downfall of the Mac is pretty simple. The raison d’être of the Mac has always been its unique software. IMO the best software in the biz. The hardware has had its ups and down, at many points underpowered and/or overpriced. But the software was always best.

The business model of the Mac App Store, and the iOSification of the OS, are destroying unique Mac software. As soon as all the software becomes cross-platform and lowest common denominator, Mac loses its whole reason for being.

The question is, does SwiftUI help fix this by making it easier to support multiple platforms, letting you spend your Mac development time on truly Mac-specific features (rather than busywork from UIKit/AppKit differences)? Or does it bake in too many assumptions and limitations—it was originally developed for watch apps, after all—so that the API of the future can’t make good Mac apps (or makes that hard) and we end up with the worst of write-once-run-anywhere? So far I’ve seen evidence pointing both ways.

Jeff Johnson:

All of the worst case scenarios are coming true. For example, when Swift was released many claimed that the writing was on the wall for Objective-C, and some people including me scoffed, but a mere 5 years later we now have Swift-only frameworks. One of which is the future of UI.

Another worst case scenario: You can simply tick a box in Xcode and port an iOS app to Mac. Unimaginable before, but now it’s here.

Mac developers now need to submit apps to Apple and get approval in order to distribute. Again, this was unimaginable in the past, but the worst case scenario is here.

Don’t look at just this WWDC. Though it’s an important WWDC. Compare the Mac in 2019 to the Mac in 2009. Look at everything we’ve lost in those 10 years. Now project that same pattern out another 10 years.

The list goes on and on, and I’m frustrated by many of the same things. On the other hand, this is not the complete picture. There have been good changes and surprises as well, which empower developers and users. On the whole, I think Swift is a very positive development, and it came out of nowhere at a time when it seemed like Apple wasn’t taking the problems with Objective-C seriously enough. Likewise, SwiftUI could turn out to be fabulous, and it arrived sooner—and more ambitious—than most of us thought possible. iCloud is not great yet, but it has certainly improved greatly compared with where Apple’s cloud services were in 2010. So I’m sure one could make quite a long “good” list, as well. Not that this balances out, necessarily. How can one weigh AirPods against sandboxing or macOS Recovery against tccutil?

Mattt Thompson:

I don’t think it’s an exaggeration to say that Apple’s announcements of Catalyst and SwiftUI this year saved macOS from becoming obsolete as a platform.

John Gruber:

Last week felt like what WWDC should be: an Apple developer conference. Off the top of my head, it was the best WWDC for Mac users and developers since 2005, when the Intel transition was announced.

Marco Arment (tweet):

It’s hard to tell when Apple is listening. They speak concisely, infrequently, and only when they’re ready, saying absolutely nothing in the meantime, even when we’re all screaming about a product line as if it’s on fire. They make great progress, but often with courageous losses that never get reversed, so an extended silence because we’re stuck with a change forever is indistinguishable from an extended silence because the fix isn’t ready yet.

But there has clearly been a major shift in direction for the better since early 2017, and they couldn’t be more clear now:

Apple is listening again, they’ve still got it, and the Mac is back.

Jeff Johnson:

If you somehow believe that this WWDC was good for the Mac, consider this:

Apple specifically and publicly rewarded Twitter for discontinuing their Mac app.

The future Apple wants is one in which you don’t write Mac apps, you write apps for all Apple platforms.

Mac is demoted.

Jim Rea:

I respectfully disagree. At recent WWDCs most features were “sorry, iOS only, quite discouraging for this AppKit only developer. This year, at almost every session the story was “all platforms supported”, and significant time was spent demoing on/for Mac. Very exciting.

Jeff Johnson:

The elephant in the room for Mac software is the Mac App Store. At WWDC 2018, we were given the impression that the MAS would improve. […] The reality is that these few selected companies were given special privileges (in direct contradiction to Apple’s own anti-Spotify argument), and nothing else whatsoever changed about the Mac App Store. And again in 2019, nothing at all changed about the Mac App Store.


The existential question for Mac developers is, how do we sell our software to customers and make a sustainable living?

Steve Troughton-Smith:

Re-watching Catalyst sessions, it seems clear that Apple expects devs to offer brand new app SKUs for the Mac App Store w/ no shared purchase, shared IAPs, shared subscriptions.


Catalyst MAS distribution options currently restrict you to: free apps (no quality filter), free apps with in-app purchase & server-side account records (i.e. price erosion), or angry users having to pay twice for a Mac app that you can’t dedicate 50% of your resources to

I don’t know—I guess this is better than setting the expectation that you get all four versions of the app for one low price?


Update (2019-06-17): Leo:

No. They’re turning it into Windows and adding walled garden BS for non-MAS apps.

Colin Cornaby:

I came out of WWDC feeling that things would be different, but better for both iPad and the Mac. Not worse as was feared with Catalyst.

I also think the “what Apple actually means is Catalyst is the way forward” is just the other side of this. In the sort term, we’re all going to have to let go of things to move forward. And someday SwiftUI will be replaced by something else.

Things aren’t worse. Just new.

I’m not thrilled with the state of the Mac, and I have a lot of questions, but I would say that overall I’m more optimistic after WWDC than before it. Now we’ll have to see whether Apple follows through on its rhetoric with its actions.

Desktop Apps Post-Catalyst

Adam Engst:

That’s not to say that Apple is trying to replace the Mac with iOS or remove those unique capabilities of the Mac that make it special. The Mac and macOS remain first-class, vibrant Apple hardware and software platforms. But what we’re not going to see, at least from Apple, are new technologies that set the Mac further apart from its iOS brethren. When it comes to operating systems, it’s safe to say that it’s one for all, and all for Apple.

Chance Miller:

After talking about the new hardware introduced at WWDC, Craig Federighi dove into Apple’s new Project Catalyst, which allows developers to easily port their iPad apps to the Mac. Federighi noted that if a developer simply ticks the “Mac” option in Xcode, they’ll get some degree of “Mac-ification” right off the bat, but that developers can fine tune that for a true Mac experience.

In defense of the first set of Catalyst apps that were released by Apple last year, such as Apple News and Home on the Mac, Federighi said that some of the complaints people voiced were actually simple interface design decisions that the development teams made. Not necessarily because of Project Catalyst framework itself. Over time, Federighi says that Apple has learned how to strike a balance between the best design for these types of media-oriented applications on the Mac:

When we released the first set of apps using Catalyst, some of the concerns that were voiced placed a certain amount of focus on the technology, but that was really design decisions we made. There were pure design decisions that were different design teams pushing the bounds of what is the future of media oriented design. I think we’re finding our balance there, pulling back in some areas. And the underlying technology has improved.

I guess this was a planned talking point because he repeated it to Gruber and Viticci (whom he also told that he—like Tim Cook—mostly uses an iPad). It seemed to make people breathe a sigh of relief, but why? Is it supposed to inspire confidence that Apple could have used the technology to make good Macs apps, but the designers decided not to?

And have you seen the apps in Catalina? The Home app still looks like an iOS port, with iOS-style buttons and navigation in a little overlay on top of the window.

The News app seems pretty much the same as in Mojave. It still doesn’t support multiple windows. The navigation is still confusing. Basic features like text selection, page-up/down, and printing don’t work. It still has the horrible iOS-style interface for configuring channels and notifications. The “Open in Safari” command should have been given a keyboard shortcut but was instead removed.

The new Podcasts app has an iOS-style interface for notifications and depends on a private Catalyst entitlement. It also has to fake some controls. The info pane slides over the content in a strange way. The compact outline view from iTunes is gone.

The Music app uses AppKit but lost the column browser.

Apple Mail remains an AppKit app but is becoming more iOSified.

We expected Catalyst to finally bring parity to the Mac version of Messages, but it didn’t.

Steve Troughton-Smith:

Catalyst is the main event, SwiftUI is more long term! That much is very clear to me now 😄 SwiftUI distracts Catalyst detractors from iOS apps consuming the Mac

John Gruber:

An iOS picker control on the Mac is bad UI. I wouldn’t celebrate a Mac picker control on iOS just because the Mac is more important to me personally. Bad UI is bad UI and Apple’s willingness to ship bad UI is the only truly worrisome thing about Apple today.


Update (2019-06-18): John Gruber:

Catalyst apps on Catalina:

News and Stocks: still can’t open articles in their own windows.

Voice Memos: still can’t open more than one recording at a time.

Home: still looks like this[…]

Dieter Bohn:

It is super disappointing that Apple didn’t put any work into these apps. iOS apps on the Mac are starting to feel like a pretty sweet solution.

I wanted Apple to go hard and show developers the right way to do these. This is not that.

Update (2019-06-19): Chris Masterson:

Took a stab at imagining what creating an Automation in the Home app for macOS could look like if it used native controls instead of the iOS app in a wrapper[…]

For context, here's how it looks today.

Jason Hiner (MacRumors):

In an interview with CNET at WWDC, Apple software chief Craig Federighi confirmed that the four iOS apps for Mac released last year will get major updates based on the new technology in Project Catalyst. But he also revealed that the apps will get new designs to make them more Mac-like.

“They’re getting improvements,” Federighi said. “The underlying technology has matured…Some of that is super low-level stuff. Some people have dissected those apps and realized that they were sort of two halves: an AppKit half and a UIKit half, literally running in different processes. That’s all unified now. This has become much more of a native Mac framework…So automatically, the apps we built last year are upgraded.”


People took that as ‘this feels iOS-y’ and therefore they thought it was a technology thing. Actually, it was a designer preference. So part of [the upgrade] is we said we’ve got to co-evolve with our user base around the aesthetics of the Mac experience. And so we made some adjustments to the apps.


“Wait for the public beta. We’re still tuning everything up. That’s where it gets really good,” Federighi said.

Update (2019-06-27): Jason Snell:

Mojave’s four iOS import apps inspired nobody. It’s possible that by the time macOS Catalina ships, they’ll be improved—and the additions of Podcasts and Find My might also change the narrative. But based on the initial public beta release, these apps are still either very simple utilities or are still missing menu items and keyboard shortcuts and the other niceties that Apple spent all of WWDC week pushing to an audience of potential Catalyst developers.

See also: The Talk Show.

Update (2019-08-01): Tim Cook:

We think [Catalyst] is huge, and so great for the user experience.

Colin Cornaby:

Checked on the macOS home app to see if that fabled redesign has landed yet and it’s… worse. Same UI but much more laggy, onboarding refers to my Mac as an “iPad” and discusses using the iOS Settings app to update my device.

This is beta so yes, it’s a work in progress. But the lack of attention on the Mac during the betas and the redesign that was supposed to hit in PB1 not appearing at all does not inspire confidence.


My pet theory is that internal Apple politics is involved in whatever is going on with Catalyst. Too many weird statements and different approaches. But whatever is going on, these apps don’t seem to be substantially improving.


Also these blurry Catalyst fonts are literally giving me a headache.

We’re now at Public Beta 4, and there’s still no sign of the big improvements that Craig Federighi said would be in the first public beta.

Update (2019-08-20): Colin Cornaby:

Catalina Developer Beta 6: Still no redesigned Mojave Catalyst apps that Craig promised would arrive in PB1.

Home still doesn't even understand mouse drags.

Catalyst fonts still give me a headache too.

John Gruber:


Update (2024-05-16): Kuba Suder:

So, 5 years later, have Catalyst apps consumed the Mac or not yet? 🤔

Sign in With Apple

Apple (MacRumors):

Sign In with Apple makes it easy for users to sign in to your apps and websites using their Apple ID. Instead of filling out forms, verifying email addresses, and choosing new passwords, they can use Sign In with Apple to set up an account and start using your app right away.

I’ve been wondering for 10 years or so when Apple was going to do this. This is late to the game, but it’s not too late to make a big difference.

I don’t really want to use it myself, because why insert a man-in-the-middle who can access all my accounts? Why link all my accounts to the same password? Why make logging into other services dependent on Apple’s server working? But, for the regular user who doesn’t even have a password manager, this is great.

All accounts are protected with two-factor authentication for superior security, and Apple will not track users’ activity in your app or website.

This is strangely worded. I would assume they aren’t and can’t track what’s going on in the app or site after login. But are they tracking which sites/services you log into (and how often and from where)? This would be very valuable competitive information. And probably of interest to law enforcement as well. It’s likely no worse than single sign-on using Facebook, Google, or Twitter, though.

Lily Hay Newman:

One important difference: Sign in with Apple integrates seamlessly with Apple’s authentication offerings—like Face ID and Touch ID—which provide strong security while also being quick and easy to use. No passwords to remember, no extra accounts to manage and worry about. Other single-sign-on schemes largely haven’t added support for biometric authentication yet.

And in an even more dramatic measure, Apple’s universal login will let you hide your email address from third-party services. Unlike Facebook and Google, Apple will randomly generate an email address on your behalf, which then forwards communications from companies and institutions to your real address.

Sarah Perez:

If I let Apple make up a random email address for me, does Apple now have the ability to read my email?

No. For those who want a randomized email address, Apple offers a private email relay service. That means it’s only routing emails to your personal inbox. It’s not hosting them.

But Apple absolutely can read any e-mail sent by the service that you’re logging into, since it’s sending the message to the relay address. And Apple has historically had aggressive server-side spam filtering that deletes some good messages before you can even see them. Does this make e-mail accounts hosted with other providers subject to that, too?

Ben Thompson (Hacker News):

This was certainly an interesting announcement in its own right: identity management is one of the single most powerful tools in technology. Owning identity was and is a critical part of Microsoft’s dominance in enterprise, and the same could be said of Facebook in particular in the consumer space. Apple making a similar push — or even simply weakening the position of others — is noteworthy.

Manton Reece:

People often ask me how we “win” against the big social networks, bringing more open platforms and indie blogging to everyone. It happens in small steps, not overnight. Sign In with Apple can be one of those small steps. Anything that moves people away from signing in with Facebook and Twitter is part of the solution.

Eric Young:

‘Sign on with Apple’ identity management system - is quite possibly the biggest announcement from Apple in years

Darrell Etherington (Hacker News):

Apple’s truly transforming into a privacy-as-a-service company, which shows in the way that it’s implementing both the new single sign-on account service, as well as its camera and location services updates in iOS 13. The SSO play is especially clever, because it includes a mechanism that will allow developers to still have the relevant info they need to maintain a direct relationship with their users – provided users willingly sign-up to have that relationship, but opting in to either or both name and email sharing.

Laurie Voss:

This is amazing chess by Apple, positioning them as pro-privacy while simultaneously making themselves a major aggregator of behavior, identity and customer relationships. Apple is pro-privacy... as long as you trust Apple with all your data.

Sean Hollister (MacRumors):

But Apple doesn’t seem to be content just selling its single sign-on as a convenient, pro-privacy option. As iOS developer Ben Sandofsky spotted today, the company has unilaterally decided that if any app offers Google, Facebook, or other third-party sign-on options, it’ll need to offer Apple’s sign-on too.


Plus, there’s a genuine argument to be made that offering Apple single sign-in is doing the right thing by users — who will no doubt already be logged into their own iPhones and iPads, and are one thumbprint or glance away from adding an extra level of security to that sign-in with a biometric Touch ID or Face ID login.


On the other hand, this is a terrifying example of the power Apple wields over developers. Apple just announced this feature, and now every developer that got comfy with Facebook, Google, etc. is going to have to add (and find space to add) a button and the underlying code at some undetermined point later this year, or else abandon single sign-on entirely, or risk their livelihood getting cut off?

Lauren Goode:

That doesn’t mean the end user has to use Apple sign-on. But it means it has to be there in sign on screen of the app. And we have yet to see how aggressively this is pushed.

And if you do sign up for an app or service using Apple sign-on and then you try to access that account from another device (like an Android phone) or non-Apple browser (like Chrome) you will be rerouted back to to sign in.

Will it be pushed as aggressively as, say, iCloud Keychain is when you’re trying to use another password manager? Maybe. And that would be annoying.

Ricky Mondello:

My WWDC session, What’s New in Authentication, is now available to watch anytime!

I cover Sign in with Apple, iPad Apps for Mac, transcending Password AutoFill with one tap sign-in, Safari 13’s weak password warnings, SSO, WebAuthn, and more!

Aaron Parecki (tweet):

Thankfully, Apple adopted the existing open standards OAuth 2.0 and OpenID Connect to use as the foundation for their new API. While they don’t explicitly call out OAuth or OIDC in their documentation, they use all the same terminology and API calls. This means if you’re familiar with these technologies, you should have no trouble using Sign in with Apple right away!

Let’s walk through building a short sample application that can leverage Apple’s new API to sign users in.

Zack Whittaker (Hacker News):

app developers will have to switch on SPF for their outgoing email — to prevent others spoofing their emails — before they can use sign-in... which is mandatory.

Eric Ravenscraft:

It’s an appealing promise, but it’s not flawless. The biggest drawback to SSO — whether it comes from Apple or someone else — is that if there’s a failure in the way you sign in to your primary account, then it can make all your accounts vulnerable. Someone with access to your Facebook account could, for example, also get in to your Spotify account. It’s like putting all your eggs in one basket. Security for your primary SSO account has to be as good or better than all of the other accounts you use it to sign in to.

Nameless Wanderer:

This is the kind of stuff I’m scared of with Apple login. I entered all details perfectly on the mac yet it couldn’t verify me. I needed an iPad to finally login to my account.

Dan Masters:

Very valid concern. Apple is notorious for their subpar account management & backend – from repeatedly requiring re-authentication in macOS/iOS, to somehow always forgetting “Remember Me”, to using their own proprietary network-based 2FA rather than a time-based token system…


Update (2019-06-19): Luc P. Beaudoin:

I totally agree with Apple requiring their login to be at the top. Nudge theory — for the good of users who know no better, ie the majority. However, law makers, being part of the majority, might disagree

Update (2021-01-01): Steve Yegge:

Apple is refusing my app because I won’t redesign it to shove Sign in with Apple down the customer’s throat, relegating other (BETTER) options (Google, Facebook) to a tiny link at the bottom.


I’ve spent MONTHS adding Sign in with Apple to my app because it’s a new requirement. It’s practically undocumented and was INSANELY hard to get working, and required a major backend redesign.

Steve Yegge:

Apple finally approved my app after I screamed loud enough; they no longer need me to arbitrarily rewrite my entire 4-year-old sign-in flow to suit their personal tastes du jour.

How “Find My” Works

Andy Greenberg (tweet, Hacker News, MacRumors):

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they’re offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it’s sleeping in a thief’s bag. And it turns out that Apple’s elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.


The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations.


Short summary:

  1. At setup, Find My generates private key shared to all your Apple devices.
  2. The private key generates a perpetual sequence of public keys. These change (iterates to the next) “frequently”.
  3. The rotating public key is shared across all (including other people’s) Apple devices via Bluetooth and can even do this when it’s off.
  4. The shared scheme pings to Apple’s central system and uploads A. hashes of the public keys in the area and B. the location.
  5. When you try to find a device you send your hashed public key to Apples server and they return the last picked up location (encrypted). (You thus need at least 2 Apple devices, one to find the other. Also, they don’t say how the previously iterated public keys are remembered.)

Matthew Green (Hacker News):

The idea of the new system is to turn Apple’s existing network of iPhones into a massive crowdsourced location tracking system. Every active iPhone will continuously monitor for BLE beacon messages that might be coming from a lost device. When it picks up one of these signals, the participating phone tags the data with its own current GPS location; then it sends the whole package up to Apple’s servers.


(It’s worth mentioning that Apple didn’t invent this idea. In fact, companies like Tile have been doing this for quite a while. And yes, they should probably be worried.)


The good news is that Apple claims that their system actually does provide strong privacy, and that it accomplishes this using clever cryptography. But as is typical, they’ve declined to give out the details how they’re going to do it. Andy Greenberg talked me through an incomplete technical description that Apple provided to Wired, so that provides many hints. Unfortunately, what Apple provided still leaves huge gaps. It’s into those gaps that I’m going to fill in my best guess for what Apple is actually doing.


The nasty thing about this problem setting is that, with many weird edge cases, there just isn’t a perfect solution. For example, what if Timmy is evil and wants to make Lassie reveal her location to Apple? What if Old Man Smithers tries to kidnap Lassie?