Archive for July 2019

Wednesday, July 31, 2019

New 5K 27-Inch LG UltraFine Display

Juli Clover:

Apple’s online store in the United States is now carrying a new 5K 27-inch LG UltraFine Display, which joins the updated 4K 23.7-inch UltraFine display Apple began selling in May.

Available for $1,299.95, the new LG UltraFine 5K Display offers the same 5120 x 2880 resolution as the previous UltraFine 5K Display with 14.7 million pixels and P3 wide color gamut.

Colin Cornaby:

Not the 6k Ultrafine of my dreams but I’ll take it.

John Gruber:

When connected to an iPad Pro via USB-C, it’s limited to 4K resolution, but the old 5K UltraFine Display didn’t support iPad Pro at all.

Previously:

Update (2019-07-31): Benjamin Mayo (via Kyle Cronin):

Another new LG UltraFine 5K gotcha: the MacBook Pro cannot output to two of them at full resolution, which was supported with the previous-generation of the display.

[…]

This means you would get more effective pixels with one Apple Pro Display connected than dual 5K UltraFines.

And of course, running two 5Ks at full resolution was a big selling point of the new MacBook Pro’s Thunderbolt 3 connectivity at the 2016 announcement event.

Update (2019-08-01): Benjamin Mayo:

This saga stretches into another day: the dual-display resolution limit for the UltraFine was a documentation error. So you still can connect and use two at full 5K res with a MBP (or four at 4K).

Retiring Omni’s iOS Document Browser

Ken Case (tweet):

At that time, there was no built-in document browser, or even a rich text editor: if we wanted those features—essential to apps like OmniGraffle and OmniOutliner—we had to build them ourselves.

[…]

In 2019, we think it’s time to retire our custom document browser in favor of using Apple’s built-in document browser—and with our iOS 13 updates this fall we’ll be doing just that. Instead of seeing our custom file browser, you’ll be presented with the standard iOS document browser—just like in Apple’s own iWork apps. Using Apple’s browser, you’ll be able to store and sync your documents using Apple’s built-in iCloud Drive, or third-party commercial options like Box—or even in cloud- or self-hosted collaborative git repositories using Working Copy.

I’m looking forward to being able to directly access files from Working Copy. This way I can sync files to my iPhone directly from my Mac, without having to upload them to any cloud provider. It also means that I can be sure certain files are with me, whereas the Files app can’t easily cache whole folders offline and can’t be trusted not to purge its cache at inopportune times.

The Alert Hammer

Paulo Andrade:

Note how on one end of the spectrum alerts are useless for users that don’t understand the implications of allowing such access and on the other end experts want to turn them off.

So for the benefit of a few power users in the middle of the spectrum that feel more secure with these, every one else gets to be annoyed.

I don’t think anyone really understands the implications because you can’t tell whether the app is going to abuse the power it’s given. If I’m installing Zoom, of course I’m going to grant it access to the camera. That’s reasonable for an app of that genre. But I can’t know whether it’s going to try to turn on the camera at times I didn’t expect. And there’s nobody, not Apple, not a review, nor a friend who can definitively say whether an app is trustworthy. Even an actual good developer could have their signing keys compromised.

It’s not that I want to turn the alerts off, exactly. I appreciate being able to see which privileges an app wants so that I can compare them with what I think it should need. I want to know if an app is doing something unexpected. The problem is that the alerts are annoying and not very informative. And some types of access can only be granted in clunky ways like going to System Preferences, choosing the app from an open panel, and restarting it. It would also be nice to see up front everything that the app wants to do so that I’m not repeatedly prompted.

Secrets has this cool feature when setting up two-factor authentication where it would automatically search currently open windows for the QR Code with the seed value. On Catalina, this is now so cumbersome that’s just easier to manually type or copy/paste the value. So long for “surprise and delight”.

[…]

Still some people will say: “but I want to know if the app is doing that!”. That’s fair. Alerts aren’t the way to do it though. There’s a better solution [for live data] and Apple already employs it for location services.

I’m not sure that passive notification alone is enough for microphone and camera access, because the app could start recording when you’re not looking at the display to see the notification.

But I love the general idea of having a way to audit what an app did after the fact. In other words, instead of blindly trusting Secrets at first launch and forever after, I would be able to see that it’s only reading my window contents when I’m setting up 2-factor. If I granted an app Full Disk Access in order to install a Mail plug-in, I would be able to see that it’s not accessing other, unrelated files.

Furthermore, having a way to verify-later instead of just trust-up-front would help with the information asymmetry problem. Tricking the user about what an app is doing would no longer work over the long term because nefarious apps would be caught. And, conversely, there would be proof that expected good apps actually are well behaved.

Previously:

Update (2019-08-01): Dimitri Bouniol:

I like this a lot. An audit-like feature, though something that won’t be used by everyone, could provide evidence after the fact that an app broke it’s promise to the user, and that version could be banned by the OS directly, helping other less experienced users.

ie. Trust apps by default, but have a heavy hammer for offenders to the platform, that don’t responsibly disclose what they are doing under the hood. Users won’t be bothered constantly and can enjoy their apps, and an offending app can be wiped and the user can be notified why.

Damien Petrilli:

I think Apple needs to improve the granularity of some access.

Like why is photo / media access all in?

Ex: I wish I could allow an App to put pictures and videos in the photo library but NOT read anything.

Same for contact and calendar: can save in it but not read.

Update (2019-08-05): Riccardo Mori:

Here’s my humble proposition: Security Monitor. It would be an application you find in your Utilities folder, and it would behave in a similar way as Activity Monitor. Maybe its interface could be made a bit more user-friendly, so that it could be readable by non-geek users as well. In its main window, you would see all active processes from a security perspective: what they are accessing in your system and, more importantly, whether their behaviour complies with the permissions they have been given — by the system and by the administrator user account.

Mixing License Codes and the Mac App Store

Bare Bones Software (tweet):

If you see this alert, it’s because you previously purchased a perpetual license from us for the current major version of BBEdit, but have since installed and begun using the same major version of BBEdit from the Mac App Store.

However, this can also happen if you have ever purchased BBEdit from the Mac App Store. In this case, the app store remembers that you previously purchased BBEdit there, and then will forever replace your installed version any time you install updates via the App Store — even if you were already using a copy of the app downloaded directly from our web site.

A weird but probably not so uncommon edge case. Some apps can detect a Mac App Store receipt file and use that to activate the direct-sale version of the app, but App Review doesn’t allow the reverse—except, I guess, for cross-platform subscriptions. However, you can avoid the problem of the Mac App Store overwriting your apps by hiding your purchase.

Update (2019-08-01): Kyle Hankinson:

I have the Mac App Store version of SQLPro accept license keys. This way if a user purchased from my website but the App Store version gets installed somehow, the user never even knows, it just keeps working.

[…]

From what I can tell, it’s allowed as long as you don’t direct the user to purchase outside the MAS it’s legit (same thing as someone signing up to Netflix or Spotify outside of their app).

Tuesday, July 30, 2019

Updated Hardened Runtime Documentation

Rosyna Keller:

The updated Hardened Runtime docs are out!

The overview includes more information on how to enable it in Xcode and explains that the hardened runtime is designed to stop certain classes of exploits.

If your app absolutely needs to have an exploit class remain available, use a specific, unrestricted hardened runtime entitlement.

Each entitlement doc now includes real-world examples of why you may need an exploit class to remain open and lists ways you can avoid doing so.

For example, the three unsigned memory entitlements go from green (implied, do this) to red (never do this)

[…]

I’m really, really proud of the🚦 docs as they were written based on direct feedback from third-party developers.

Jordan Pittman:

I find it rather interesting that the use of DVDPlayback.framework requires the “Allow Unsigned Executable Memory” entitlement.

Previously:

Debugging the Responder Chain

Jeff Nadeau:

Maybe this will make it easier to see what’s up w/ the responder chain. Pause in the debugger and run

(lldb) e -- (void)[[[NSClassFromString(@"NSDebugMenuResponderChainProvider") alloc] init] toggleResponderChainPanel:nil]

and then continue. (I reserve the right to break this.)

Andy Lee:

I usually add my own method to the app delegate that prints the responder chain, starting with the current first responder. Often I add a temporary menu item that calls that method, and assign it a keyboard shortcut.

And here’s a link to the responder chain documentation, since it’s now in the archive and not easy to find simply by following links. (You’d think it would be linked from the NSResponder page).

Update (2019-08-01): Friedrich Markgraf:

If you need to figure out on which instance in the responder chain an action method (like scrollWheel:) is actually called, you can use a logging symbolic breakpoint like this[…]

Capital One Breach

Joseph Cox and Lorenzo Franceschi-Bicchierai:

The major US bank Capital One disclosed a major data breach on Monday evening, revealing that an individual accessed the personal data of 100 million people in the United States and around 6 million in Canada.

The FBI has already arrested and indicted Paige Thompson, who worked as a software engineer in Seattle, for allegedly hacking Capital One and posting the data to her GitHub account.

[…]

“A firewall misconfiguration permitted commands to reach and be executed by that server, which enabled access to folders or buckets of data in Capital One's storage space at the Cloud Computing Company,” the complaint reads, without explicitly naming the company. The charging documents, however, mention that the stolen data was stored in “S3,” short for a popular piece of Amazon Web Services software. It adds that the file contained code for three commands, indicating the simple process Thompson may have taken to allegedly download the data.

Nick Heer:

Only in an era of gigantic security breaches can the disclosure of over a hundred thousand Social Security Numbers and tens of thousands of bank account numbers be rounded down to none.

Previously:

Update (2019-08-05): Brian Krebs:

What follows is based on interviews with almost a dozen security experts, including one who is privy to details about the ongoing breach investigation. Because this incident deals with somewhat jargon-laced and esoteric concepts, much of what is described below has been dramatically simplified. Anyone seeking a more technical explanation of the basic concepts referenced here should explore some of the many links included in this story.

SwiftOnSecurity:

My coworker doing analysis of this CapitalOne breach has just been absolutely floored by the layers of issues it demonstrates. It’s truly shocking to an experienced security person. I’ll admit my heart has grown dark and I haven’t had the will to fully dive into it.

Teri Radichel:

Anyone who scoffs at Capital One or other large companies trying to secure organizations with multiple lines of businesses and 10,000+ developers better be careful because you might be next. Still.

[…]

What would have been a better solution for Capital One? I don’t know all the details, so this may or may not have solved the problem, but the WAF should never have access to the S3 bucket in a good architectural design, except write-only access to a single bucket to write log files potentially. The WAF is an Internet-facing system and should never have access to any data. In a three-tier architecture, the WAF would interact with a web tier. The web tier interacts with an application tier. The application tier interacts with the data.

Monday, July 29, 2019

On Switching from iPad to Chromebook in School

Fraser Speirs (tweet):

The problem with Apple’s iOS education offerings that started to really make me wonder what the future held came when I realised that iTunes U was clearly just being left to die a slow death. At the time of writing, iTunes U still does not support basic iOS multitasking features that were introduced in iOS 9 - four releases ago. […] Whatever learning platform a school uses is a vital part of the work of the school and, if it’s not evolving, it’s dying. Make no mistake: iTunes U is a dying service and it would be more honest and respectable of Apple just to announce the date on which it will be put out of its misery.

[…]

The worst issue by far in iOS sysadmin is backup and restore of supervised devices. This process has never been properly documented and it seems to change freely with iOS versions. Every time I have to do it, it takes at least three hours of experimentation to get something that mostly works.

[…]

We’ve been using 9.7” iPad Pro hardware in this cycle and, while the hardware remains fast and capable, I have not been very pleased with durability. We have seen a lot of fatigue-related screen damage - that is, damage not caused by a catastrophic accident but rather just repeated put-downs in a schoolbag.

[…]

In the final analysis, I think that the long-term effect of tablets will be that they forced laptops to get better.

Previously:

Update (2019-08-01): Fraser Speirs:

Once you abstract your data and apps from the hardware, the hardware largely stops mattering. And if I was Tim Cook, that would keep me awake every night.

Fraser Speirs:

I think one of the key features that GSuite has here is that the user directory is integrated, so collaboration is easy because identity is ‘built in’ to the platform so to speak. iCloud doesn’t really have the same kind of thing.

Apple Contractors “Regularly Hear Confidential Details” on Siri Recordings

Hugo Gutiérrez (Google translation, via Adrian Tineo):

The listening of private recordings is carried out through a company subcontracted by the apple company, just as Google does, as EL PAÍS already advanced. These reviewers are responsible for analyzing private conversations and requests made to the virtual assistant of Apple devices.

[…]

In the case of Apple transcriptionists, working conditions were much better than those of employees who performed this work for Google, although the work is almost identical. The reviewers consulted confirm that they did not charge for audio made, but had a monthly salary. “You could choose the number of hours hired. In my case I was part-time, 30 hours a week, and earned 1,100 euros gross per month.” Of course, they had a goal to meet audio heard of about 150 files per hour. That is, I had to review about 4,500 recordings a week.

[…]

In what there was a strict control was the number of recordings made, something that, in case of default, was grounds for dismissal. “They were modifying it several times in the months in which I was working for this company. In fact, in my last weeks there, the objective set was practically impossible to fulfill and they knew it, ”says a former employee.

It was previously reported that Apple had humans reviewing Siri audio data, but it was not known that they were contractors.

Alex Hern (MacRumors):

Apple told the Guardian: “A small portion of Siri requests are analysed to improve Siri and dictation. User requests are not associated with the user’s Apple ID. Siri responses are analysed in secure facilities and all reviewers are under the obligation to adhere to Apple’s strict confidentiality requirements.”

[…]

The whistleblower said: “There have been countless instances of recordings featuring private discussions between doctors and patients, business deals, seemingly criminal dealings, sexual encounters and so on. These recordings are accompanied by user data showing location, contact details, and app data.”

[…]

“There’s not much vetting of who works there, and the amount of data that we’re free to look through seems quite broad. It wouldn’t be difficult to identify the person that you’re listening to, especially with accidental triggers – addresses, names and so on.

“Apple is subcontracting out, there’s a high turnover. It’s not like people are being encouraged to have consideration for people’s privacy, or even consider it. If there were someone with nefarious intentions, it wouldn’t be hard to identify [people on the recordings].”

Devin Coldewey:

Apple’s privacy policy states regarding non-personal information (under which Siri queries would fall):

We may collect and store details of how you use our services, including search queries. This information may be used to improve the relevancy of results provided by our services. Except in limited instances to ensure quality of our services over the Internet, such information will not be associated with your IP address.

It’s conceivable that the phrase “search queries” is inclusive of recordings of search queries. And it does say that it shares some data with third parties. But nowhere is it stated simply that questions you ask your phone may be recorded and shared with a stranger. Nor is there any way for users to opt out of this practice.

Jason Snell (tweet):

It doesn’t matter to me if this is Amazon or Apple. I don’t want human beings listening to the audio these devices record. In fact, I don’t want recordings made of my audio, period—I want the audio processed and immediately discarded.

Apple boasts constantly about taking user privacy seriously. There’s one right response to this report, and it’s to change its policies and communicate them clearly. A mealy-mouthed response about how the eavesdropping is done in a secure facility without an Apple ID attached is not good enough.

David Heinemeier Hansson:

Steve Jobs: “Privacy means people know what they’re signing up for, in plain English, and repeatedly... Let them know precisely what you’re going to do with their data.”

How many Siri users know that contractors are listening in when they intentionally or not trigger it?

Nick Heer:

Even so, there should surely be a way to opt out entirely and not allow any of your Siri conversations to be selected for review. It’s absurd that there seemingly isn’t a way to do this — turning off Siri entirely is not a solution — though I’ve reached out to confirm if disabling the analytics sharing options in Settings would opt users out. Also, as with Google, I have to question why users are not first asked whether a human can review their audio recording.

Previously:

Update (2019-08-01): Peter Cohen:

I’m unpacking this in real-time today so I apologize for the thread. But near as I can tell, Apple doesn’t give any way at all of excluding Siri recording samples from the data you share with Apple.

Michael Potuck (Hacker News):

However, almost 65% of 9to5Mac readers said they want an option to turn off the ability for Apple to record and listen to Siri activations in our recent poll.

Now, Jan Kaiser has shared an iOS profile to turn off logging of server-side Siri commands on GitHub (if you prefer to make your own profile to do this, head below).

[…]

Kaiser also notes that you can make your own profile to restrict Siri’s logging with Apple Configurator if you don’t want to download the one shared on GitHub.

Why doesn’t iOS have a built-in setting to control this? At the very least, it should honor the general setting to not send data back to Apple to help improve its products.

Update (2019-08-02): Matthew Panzarino (tweet, MacRumors, Bloomberg):

Apple says it will review the process that it uses, called grading, to determine whether Siri is hearing queries correctly, or being invoked by mistake.

In addition, it will be issuing a software update in the future that will let Siri users choose whether they participate in the grading process or not.

[…]

When this story broke, I dipped into Apple’s terms of service myself and, though there are mentions of quality control for Siri and data being shared, I found that it did fall short of explicitly and plainly making it clear that live recordings, even short ones, are used in the process and may be transmitted and listened to.

Russell Ivanovic:

What happens on your iPhone stays on your iPhone.*

*Until it turns it doesn’t. Then if the story doesn’t get much traction and you don’t notice we’ll still pretend it does. But when it blows up we’ll fix it. Clear?

Sam Gross:

I’m wondering whether there’s an internal story behind this. I’d bet a bunch of people said no, but some senior person, under pressure to improve Siri, said yes.

Phillip Molly Malone:

The issue isn’t that they do it! The issue is two fold, to me anyway:

  1. They are waging a holy war on privacy and making themselves the lord priests of it!
  2. They don’t offer the controls on the voice recording the experts in the field (Amazon and Google) do!

Update (2019-08-05): Dieter Bohn:

Apple’s handling of your Siri voice recordings is a really clear sign that its strident privacy stance has given the company a blind spot: when it DOES collect your data, it isn’t as good as everybody else at giving you controls for seeing and deleting it.

Update (2019-08-16): Sam Byford:

Apple has said that it will temporarily suspend its practice of using human contractors to grade snippets of Siri voice recordings for accuracy.

[…]

Apple did not comment on whether, in addition to pausing the program where contractors listen to Siri voice recordings, it would also stop actually saving those recordings on its servers. Currently the company says it keeps recordings for six months before removing identifying information from a copy that it could keep for two years or more.

See also: The Talk Show.

Nick Heer:

Plain-language explanations of practices that may be compromising to users’ privacy can be hard to write. I am certain that the opt-in rate would be extremely low if these devices asked users — during the onboarding process, for example — whether a selection of their voice recordings can be retained and later reviewed by a human being.

Nevertheless, it is unquestionably the right thing to do.

Update (2019-08-19): John Gruber (tweet):

Until the opt-in process is crystal clear, Apple should delete all existing recordings and confirm that it is no longer saving them. I don’t even know where to start with the fact that until this story broke, they were keeping copies with identifying information for six months. This defies everyone’s expectations of privacy for a voice assistant.

We should expect Apple to lead the industry on this front, but in fact, they’re far behind. Amazon has a FAQ written in plain language that explains how Alexa works, and how to view your voice recordings from Alexa-powered devices. You can review them in the Alexa app in Settings: Alexa Privacy (a pretty obvious location) or on the web. That settings page also has an option: “Use Voice Recordings to Improve Amazon Services and to Develop New Features”. I think Amazon should make clear that with this turned on, some of your recordings may be listened to by Amazon employees, but it’s not too hard to surmise that’s what’s going on.

Apple offers no such setting, and offers absolutely no way to know which, if any, of our Siri recordings have been saved for review by employees. This is something we should have explicit, precise control over, but instead it’s a completely black box we have no control over or insight into whatsoever.

Update (2019-08-29): Jay Peters (Hacker News):

For the Siri contractors, transcribing 1,000 voice commands means they likely had to do about two per minute, assuming they were working an eight-hour day.

Apple (MacRumors):

As a result of our review, we realize we haven’t been fully living up to our high ideals, and for that we apologize. As we previously announced, we halted the Siri grading program. We plan to resume later this fall when software updates are released to our users — but only after making the following changes:

  • First, by default, we will no longer retain audio recordings of Siri interactions. We will continue to use computer-generated transcripts to help Siri improve.
  • Second, users will be able to opt in to help Siri improve by learning from the audio samples of their requests. We hope that many people will choose to help Siri get better, knowing that Apple respects their data and has strong privacy controls in place. Those who choose to participate will be able to opt out at any time.
  • Third, when customers opt in, only Apple employees will be allowed to listen to audio samples of the Siri interactions. Our team will work to delete any recording which is determined to be an inadvertent trigger of Siri.

John Gruber:

Apple also has a “Siri Privacy and Grading” FAQ, written in very clear language. Basically, Apple is admitting they fucked up on this grading thing, they’re owning up to it, and are committed to doing everything they should have been doing all along to protect users’ privacy and make everything as clear as possible to users.

Matthew Panzarino:

Apple says that it will continue using anonymized computer-generated written transcripts of your request to feed its machine learning engines with data, in a fashion similar to other voice assistants. These transcripts may be subject to Apple employee review.

In other words, if Siri was able to transcribe what you said, Apple will still retain any sensitive information you may have uttered. I don’t find the fact that it’s in text form rather than audio to make that much of a difference. There doesn’t seem to be a way to opt out of this, except by not using Siri at all.

Nick Heer:

A ramification of these changes is that hundreds of contracted workers in Ireland were laid off. That’s a horrible result for so many people. It reinforces that employees at tech companies need to carefully consider the impact of their product or service.

Inside Apple’s iPhone Testing Facilities

Andrew Griffin (via Phil Schiller, Hacker News):

“I can tell you that privacy considerations are at the beginning of the process, not the end,” says Craig Federighi, Apple’s senior vice president of software engineering. “When we talk about building the product, among the first questions that come out is: how are we going to manage this customer data?”

[…]

It might seem unlikely that any normal phone would be subjected to this kind of beating, given the chance of their owners going through an environment that chills them to -40C or heats them to 110C. But the fear here is not normal at all. If the chips were found to be insecure under this kind of pressure, then bad actors would immediately start putting phones through it, and all the data they store could be boiled out of them.

If such a fault were found after the phones make their way to customers, there would be nothing Apple could do. Chips can’t be changed after they are in people’s hands, unlike software updates. So it looks instead to find any possible dangers in this room, tweaking and fixing to ensure the chips can cope with anything thrown at them.

[…]

Apple, by design, doesn’t even know which of its own employees it is harvesting [health] data about. The employees don’t know why their data is being harvested, only that this work will one day end up in unknown future products.

Nick Heer:

This claim goes uncontested by Griffin, but it’s wrong. All iCloud data created by Chinese users is stored in China; even the iCloud user agreement for Chinese users is between the user and GCBD, not the user and Apple. Also, Apple’s software actively encourages customers to use iCloud services from a few moments after they power up a device for the first time. It is therefore misleading, at best, to state that Apple collects less data. The company may not collect behavioural data to the same extent as its competitors, but that does not apply to user-provided data.

The next paragraph is similarly misleading[…]

[…]

After re-reading this, it’s clear that my disputes are with the reporter’s explanations, not Federighi’s.

John Gruber (tweet):

Google and Facebook are both pushing back against Apple, arguing that Apple’s stance on privacy is only possible because they charge a lot of money for their products.

I think the point that needs to be made is that free and low-cost products can be subsidized by privacy-respecting advertising — but privacy-respecting advertising is not as profitable as privacy-invasive advertising, as exemplified on Facebook and Google’s humongous platforms.

Inside Apple’s App Review Team

Kif Leswing (via John Voorhees, MacRumors):

Unlike content moderators at Silicon Valley companies such as Facebook or YouTube that rely on tens of thousands of contractors, Apple’s app reviewers work for Apple, people familiar with the process said. They’re paid hourly, have employee badges and get Apple benefits such as health care. Everyone starts out reviewing iPhone apps, and as reviewers become more senior, they are trained to evaluate apps with in-app purchases, subscriptions, Apple Watch and Apple TV.

[…]

App Review is organized under the marketing umbrella at Apple and always has been, even before Schiller took over the greater App Store marketing and product departments in late 2015. Although Schiller is involved in decision-making through the ERB, people who worked at the App Review office said that he rarely if ever visits the office where the review takes place.

According to people familiar with app review operations, day-to-day oversight mainly falls to a vice president at Apple, Ron Okamoto, and a director who joined Apple when it bought TestFlight in 2015, whom CNBC is not naming because of security reasons. Reviewers say they sometimes receive feedback from developers that can be threatening.

[…]

Reviewers have daily quotas of between 50 and 100 apps, and the number of apps any individual reviewer gets through in an hour is tracked by software called Watchtower, according to screenshots seen by CNBC. Reviewers are also judged on whether their decisions are later overturned and other quality-oriented stats.

Previously:

Friday, July 26, 2019

Apple to Acquire Intel’s Modem Business

Apple (Intel, MacRumors, Hacker News):

Apple and Intel have signed an agreement for Apple to acquire the majority of Intel’s smartphone modem business. Approximately 2,200 Intel employees will join Apple, along with intellectual property, equipment and leases. The transaction, valued at $1 billion, is expected to close in the fourth quarter of 2019, subject to regulatory approvals and other customary conditions, including works council and other relevant consultations in certain jurisdictions.

Combining the acquired patents for current and future wireless technology with Apple’s existing portfolio, Apple will hold over 17,000 wireless technology patents, ranging from protocols for cellular standards to modem architecture and modem operation. Intel will retain the ability to develop modems for non-smartphone applications, such as PCs, internet-of-things devices and autonomous vehicles.

Seems like a great deal at only 1/3 of a Beats.

John Gruber:

Remember this bit of the Cook Doctrine: “We believe that we need to own and control the primary technologies behind the products that we make.” If anything, Apple waited too long to take control of its modems the way it has its SoC’s.

Joe Rossignol:

Understandably, the acquisition may enable Apple to accelerate development of its own 5G modem, with Reuters citing a source who claims the iPhone maker wants to have an in-house chip ready for use in some of its products by 2021, compared to previously reported timeframes of between 2022 and 2025.

Previously:

Broken iOS Cellular Data Switch

It’s late in the iOS 12 cycle, but with iOS 12.3.1 I’m seeing a resurgence of an old bug from the iOS 7 days. Specifically, iOS is letting apps such as OmniFocus and Overcast use cellular data, even though I have them unchecked in Settings > Cellular. I’ve had this off for years for certain apps in an effort to reduce my data usage. OmniFocus, in particular, can use more data than all my other apps combined, if I let it, and it’s unnecessary because I’ve already synced the latest data via Wi-Fi before leaving my Mac.

Of course, the reason I noticed this is that my cell plan ran out of data two weeks early, and I never run out of data. The first thing I did was check Settings, and there were all the data-using apps, at the top of the list, despite being unchecked. (I also confirmed that Wi-Fi Assist was off and that the problem persisted after rebooting.)

Omni’s support confirmed that the app has no control over this—it couldn’t override the OS setting even if it wanted to. But they had a helpful suggestion: toggling cellular data on, restarting the phone, toggling it off again, and restarting again. I hate this sort of voodoo, but it indeed seems to have worked.

Update (2019-07-29): Marco Arment:

This is killing me. I get reports every day from people saying Overcast is using cellular data despite it being turned off in system settings.

I’ve checked back with many of them, and Wi-Fi Assist is disabled, so it’s not that.

My app is getting the blame for a clear iOS bug.

Philip:

Have had the same. 20 GB Data Volumen used up within a few hours over night.

Dan Merfeld:

I picked a bad time to go over seas! I was hit by this bug hard. $0.50 / text message.

Rene Ritchie:

I’ve experienced this as well. Worse was tethering when the other device would just start updating everything assuming it was on Wi-Fi.

iOS 13 low data mode might be helpful but it’s like a zombie bug that just keeps coming back.

Eric Goodwin:

Huh. Yup. I’ve always had it off to concerve data. Definitely showing overcast using cellular data.... not enough to matter and I hadn’t noticed. Hope they fix it.

idgaftw:

Spotify too. Everything.

Octavius:

Now that you mention it, I see that Overcast is using cellular data on my phone despite being disabled and WiFi assist being disabled as well. That explains why I’ve gone over the past 2 mns.

Update (2019-08-13): Unfortunately, the workaround of toggling the settings and rebooting was short-lived. Multiple apps are now using cell data again, and I’ve again used up all of my plan’s data.

Update (2020-01-19): The cellular data switch is still broken in iOS 13.3.

Update (2020-06-18): Sebastien Boisvert:

So I upgraded to iOS 13 this weekend.

Nice to see that @Apple STILL hasn’t fixed the cellular data switch bug dating back to at least iOS 7.

I guess the improvement in this release is that the feedback about it not working is immediate now.

At the moment, the switch seems to be working for me with iOS 13.5.1.

Fast Software, the Best Software

Craig Mod:

Speed in software is probably the most valuable, least valued asset. To me, speedy software is the difference between an application smoothly integrating into your life, and one called upon with great reluctance. Fastness in software is like great margins in a book — makes you smile without necessarily knowing why.

[…]

That said, Sublime Text has — in my experience — only gotten faster. I love software that does this: Software that unbloats over time. This should be the goal of all software. The longer it’s around, the more elegant it should become. Smooth over like a river stone.

[…]

Similarly, I started using Lightroom around 2007 because it was so much faster than Apple’s Aperture. But Aperture is gone and Lightroom has not smoothed out over the years. Lightroom is a gangly blob, with lots of dull, slow edges. Why can’t it get faster?

Lightroom is getting faster, in places, but overall it still feels really slow.

Via John Gruber (tweet):

One of the confounding aspects of software today is that our computers are literally hundreds — maybe even a thousand — times faster than the ones we used 20 years ago, but some simple tasks take longer now than they did then. Opening the Web Export dialog in Photoshop, for example.

macOS save dialogs seem slow in general these days.

Brent Simmons:

If, on the third call, the width is 150 — between 100 and 200 — and the cached height for 100 and 200 are equal, then the height for 150 is necessarily that same height. We can avoid text measurement and just return the cached value. (And we keep the cache from growing on each call.)

[…]

Note: this is all because I don’t use Auto Layout on table cell views, for performance reasons. I use Auto Layout everywhere else — just not on table cell views.

Update (2019-07-29): Brent Simmons:

Use a truncated version of the text rather than the entire text. For the truncation limit, come up with a length that is beyond what could conceivably fit in the space.

This way text measurement will be faster since it’s measuring less text.

Update (2019-08-01): Ruffin Bailey:

I think this is a lot of why software runs slowly. And it’s not simply that devs use better hardware, it’s that the difference between great hardware and bottom of the line – all the way down to below-TracFone-level Android phones in third world nations – is much greater than we (as devs) ever anticipate as we code and develop.

Unless devs develop and test on representative hardware, they’ll never truly value their app’s performance.

Mark Bernstein:

First: some speed changes are illusions. Lots of things we do on today’s computers seem slower than the corresponding operations we did ten or twenty years ago, but often that’s because “the same thing” is thousands of times harder. We assume elegant typography everywhere; that takes lots of work where we used to think the VT-100’s monospaced fonts were elegant.. We want to open a document: where a folder back then might have a dozen documents on a disk with thousands, now the folder has a thousand documents and document-versions on a disk with millions.

[…]

Significantly, no new Tinderbox user and no sales prospect is likely to encounter a document this big: it takes times to make that many notes. We can’t expect the speed bump to have much impact on sales. So, the cost of the speed improvement has to be born either by Eastgate or, through upgrades, by the Tinderbox community.

[…]

In my experience, between 30-50% of improvements like this one turn out to be illusions: they work for simple cases but overlook some edge case that either requires lots more engineering or that vitiates the whole thing.

What I Wish I’d Known Before Starting Notarize

Frank Reiff:

Unlike sandboxing, notarization should not have any detrimental effects for most Mac apps.

As always the real trouble starts when you are trying to inject Notarization into the tangled web of modern Mac software development: entitlements, certificates, automated Xcode build chains, build settings, etc..

[…]

In this context, it would have saved me a lot of time if I had known how to find out whether a product has in fact been signed with a secure timestamp. Executing “codesign –verify –deep –strict –verbose=4 –display  -r- /path/to/my/product” will display loads of things. If there is a line with “Signed Time” among it, that means that you did not sign with a secure timestamp. If you have a line with “Timestamp” in it, it means you do have a secure timestamp.

[…]

For most of my products, Sparkle is the only framework that I bundle, so I blame it for the entire dreaded complexity and wasted time of framework signing.. which is a lot of blame. Signing frameworks is hell.. or used to be hell.. and now is hell again.

Previously:

Update (2019-07-26): Rosyna Keller:

This [timestamp issue] is covered on the searchable “Resolving Common Notarization Issues” page.

Thursday, July 25, 2019

Equifax Breach Settlement

Equifax Data Breach Settlement (via Hacker News):

In September of 2017, Equifax announced it experienced a data breach, which impacted the personal information of approximately 147 million people. A federal court is considering a proposed class action settlement submitted on July 22, 2019, that, if approved by the Court, would resolve lawsuits brought by consumers after the data breach. Equifax denies any wrongdoing, and no judgment or finding of wrongdoing has been made.

If you are a class member, you can use this website to claim the benefits described below.

Previously:

Update (2019-07-26): Josh Centers:

Most coverage has focused on the $125 amount, but as the FTC page clearly says and Jessamyn West emphasized on Twitter, you can claim up to 10 hours of compensation for dealing with the breach, at $25 per hour, without submitting any additional documentation, for a total payment of $375. You just have to describe what you did and the approximate dates you took those actions.

[…]

If you choose a cash payment instead of credit monitoring, you’ll be asked to affirm that you already have credit monitoring. Credit Karma already offers this service for free, so you should take the cash.

Update (2019-08-01): FTC:

But there’s a downside to this unexpected number of claims. First, though, the good: all 147 million people can ask for and get free credit monitoring. There’s also the option for people who certify that they already have credit monitoring to claim up to $125 instead. But the pot of money that pays for that part of the settlement is $31 million. A large number of claims for cash instead of credit monitoring means only one thing: each person who takes the money option will wind up only getting a small amount of money. Nowhere near the $125 they could have gotten if there hadn’t been such an enormous number of claims filed.

So, if you haven’t submitted your claim yet, think about opting for the free credit monitoring instead. Frankly, the free credit monitoring is worth a lot more – the market value would be hundreds of dollars a year. And this monitoring service is probably stronger and more helpful than any you may have already, because it monitors your credit report at all three nationwide credit reporting agencies, and it comes with up to $1 million in identity theft insurance and individualized identity restoration services.

For those who have already submitted claims for this cash payment, look for an email from the settlement administrator. They’ll be asking you for the name of the credit monitoring service you already have. Or, if you want to change your mind, you’ll have a chance to switch to the free credit monitoring. You can also email the settlement administrator, JND, at info@EquifaxBreachSettlement.com.

Josh Centers:

Everyone in the country has access to free credit monitoring already. It’s an absolutely worthless settlement.

For example, you can get it from Credit Karma.

Josh Centers:

I’d forgotten that Equifax had purchased a credit monitoring firm before disclosing the breach, so you’re right, it really is a damn scam.

Jo Wright:

I love that it takes the stance that it’s ALL OUR FAULT for having the cheek to apply for a settlement we were collectively awarded. How dare we? We ruined it for ourselves!

Update (2019-08-06): Adam Engst:

In the law, there is a difference between a fine and restitution. Fines go to the government prosecuting the crime, whereas restitution goes to the victims of the crime. Since we’re talking about a settlement in which Equifax gets to deny all wrongdoing, there’s apparently no crime in play. Regardless, the settlement includes both. The fines include $175 million to the states and $100 million to the Consumer Financial Protection Bureau, and the restitution is the $425 million directed to repay consumers.

[…]

The final sour aspect of this situation is the fact that most people never asked to do business with Equifax. We’ve all become concerned about the spread of our personal information and how it can be used against us, but collecting and sharing data about us is Equifax’s core business (as it is for competitors Experian and TransUnion too).

At least the likes of Google and Facebook provide us with services we choose to use in exchange for our data. In comparison, the credit reporting agencies sell our data to other companies with whom we want to do business. They couldn’t care less about us because we’re just raw materials to them.

Update (2019-08-13): Nick Heer:

This settlement does nothing to dissuade state actors from continuing to pilfer sensitive data, nor does it encourage care for those who stockpile information like this. Of course, the FTC has limited scope and powers. It could not accomplish the former, but it certainly could attempt the latter.

Instead, the Commission agreed to a weak deal that barely impacts Equifax’s financial status and does little to encourage better behaviour in data-hoarding industries. Even if this were a financially-motivated crime, this settlement does not protect those affected. But this breach was so much more, and this settlement doesn’t begin to address the far more serious and more likely rationale.

Update (2020-01-02): Megan Leonhardt (via Hacker News):

On Thursday, Dec. 19, a Georgia federal judge awarded $77.5 million to the attorneys representing the class of consumers against Equifax. That’s over 20% of the roughly $380 million settlement fund Equifax agreed to set up to directly help consumers affected by the breach[…]

[…]

It’s also one more reason why the consumers who sought a cash settlement from Equifax won’t be getting the full $125 as initially expected. In fact, consumers were never going to get $125, says Ted Frank, director of litigation for Hamilton Lincoln. “That’s down to $6 or $7 [per consumer] now.

The Man Who Built The Retweet

Alex Kantrowitz (Hacker News):

After the retweet button debuted, Wetherell was struck by how effectively it spread information. “It did a lot of what it was designed to do,” he said. “It had a force multiplier that other things didn’t have.”

“We would talk about earthquakes,” Wetherell said. “We talked about these first response situations that were always a positive and showed where humanity was in its best light.”

But the button also changed Twitter in a way Wetherell and his colleagues didn’t anticipate. Copying and pasting made people look at what they shared, and think about it, at least for a moment. When the retweet button debuted, that friction diminished. Impulse superseded the at-least-minimal degree of thoughtfulness once baked into sharing. Before the retweet, Twitter was largely a convivial place. After, all hell broke loose — and spread.

[…]

A platform could revoke or suspend the retweet ability from audiences that regularly amplify awful posts, said Wetherell. “Curation of individuals is way too hard, as YouTube could attest,” Wetherell said. “But curation of audiences is a lot easier.”

[…]

MIT’s Rand suggested another idea: preventing people from retweeting an article if they haven’t clicked on the link. “That could make people slow down,” he said. “But even more than that, it could make people realize the problematic nature of sharing content without having actually read it.”

Update (2019-08-01): Om Malik:

My takeaway from the Buzzfeed piece — and maybe I am missing something — was that optimism blinded the Twitter team. They were swept away by their desire to grow and keep the engagement up.

This is easy to do in the technology ecosystem, because there is a faint regard for history of any kind, be it cultural and technological. This bias is not necessarily incorrect — it is impossible to invent the future if you aren’t predisposed towards doing so. It takes an insane amount of optimism and self-confidence to think you have an idea about what the future should look like. But it takes more than that to be the one who actually made it happen.

WYSIWYG and Dark Mode

Howard Oakley:

Those of us who work fairly constantly in Dark Mode have come to understand that white is black and the reverse when working with text, but we continue to rely on colour. Any image editor which inverted its colours or their lightness values just because you switched from one Mode to the other would be laughed out of court. Yet that’s pretty well what Apple’s standard rich text editor does, and without your even having to change Mode.

[…]

A little experimentation demonstrates that, rather than TextEdit using the colour you selected, it chose the light lilac instead, but just to fool you, when a dark background is enabled, it changed the display colour to what you thought you were using.

Huge Home.app Gradients

Ryan Govostes:

Home.app takes 360 MB to store a cache of background gradient images in various colors.

I guess that’s why there won’t be room for scripting languages. But, seriously, I wonder why they can’t be generated on-the-fly.

Update (2019-08-01): Collin Allen:

Underwhelmed with new Home app backgrounds in iOS 13. Apple should add images of textures one might actually find in a home — some tan wall texture, paved concrete, white subway tile, granite, green grass, or stained wood, etc. These would be more representative of real spaces.

Wednesday, July 24, 2019

Lockdown 0.1.1

Juli Clover:

Lockdown, a new app launching today, is designed to be an open source firewall, letting users block any connection to any domain, including those that use ad tracking services and analytics platforms to monitor device usage.

Lockdown is free to download and use, and because it operates on device, it collects no user data. Lockdown uses Apple’s VPN setup to function, though it is not a VPN and will not obscure your own IP address.

This sounds great, although it looks like you have to manually enter the domains to block, and they are blocked globally and permanently. Whereas, Little Snitch on the Mac prompts you interactively, its blocks can be temporary, and you can have different settings for each app.

Note that the actual name of the app in the App Store is “Lockdown Apps”. That’s currently the fifth app in the list when I search for “Lockdown.”

The source is available here. Being able to compile it yourself—from code that anyone can inspect—makes it a bit more trustworthy than downloading the version from the App Store, which you can’t prove matches the published source.

Previously:

Attorney General William Barr on Encryption Policy

Bruce Schneier:

Yesterday, Attorney General William Barr gave a major speech on encryption policy -- what is commonly known as “going dark.” Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it.

[…]

I think this is a major change in government position. Previously, the FBI, the Justice Department and so on had claimed that backdoors for law enforcement could be added without any loss of security. They maintained that technologists just need to figure out how: an approach we have derisively named “nerd harder.”

With this change, we can finally have a sensible policy conversation. Yes, adding a backdoor increases our collective security because it allows law enforcement to eavesdrop on the bad guys. But adding that backdoor also decreases our collective security because the bad guys can eavesdrop on everyone. This is exactly the policy debate we should be having not the fake one about whether or not we can have both security and surveillance.

That sounded encouraging. However, Barr also said (via Nick Heer):

We are confident that there are technical solutions that will allow lawful access to encrypted data and communications by law enforcement, without materially weakening the security provided by encryption.

If he’s only conceding a theoretical—not material—difference, I’m not sure how much of a change this really is.

Previously:

Update (2019-08-15): See also: Bruce Schneier.

Update (2021-03-09): Christopher A. Wray:

The FBI remains a strong advocate for the wide and consistent use of responsibly-managed encryption – encryption that providers can decrypt and provide to law enforcement when served with a legal order. Protecting data and privacy in a digitally-connected world is a top priority for the FBI and the U.S. government, and we believe that promoting encryption is a vital part of that mission. But we have seen that the broad application of end-to-end and user-only-access encryption adds negligible security advantages. It does have a negative effect on law enforcement’s ability to protect the public. What we mean when we talk about lawful access is putting providers who manage encrypted data in a position to decrypt it and provide it to us in response to legal process. We are not asking for, and do not want, any “backdoor,” that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else. Unfortunately, too much of the debate over lawful access has revolved around discussions of this “backdoor” straw man instead of what we really want and need.

We are deeply concerned with the threat end-to-end and user-only-access encryption pose to our ability to fulfill the FBI’s duty of protecting the American people from every manner of federal crime, from cyber-attacks and violence against children to drug trafficking and organized crime.

Google Open Sources robots.txt Parser

Google (via Hacker News):

We’re here to help: we open sourced the C++ library that our production systems use for parsing and matching rules in robots.txt files. This library has been around for 20 years and it contains pieces of code that were written in the 90’s. Since then, the library evolved; we learned a lot about how webmasters write robots.txt files and corner cases that we had to cover for, and added what we learned over the years also to the internet draft when it made sense.

We also included a testing tool in the open source package to help you test a few rules.

My sites have recently been hammered by bots—hundreds of thousands of hits for search engines and directories I’d never heard of—causing the server to run out of memory (I think due to the PHP-based vBulletin forum) and reboot. If you’ve seen this site go down for a couple minutes every now and then, I think that’s why.

The bots all claimed to follow the Robots Exclusion Protocol, but they were not respecting my requests to crawl more slowly and to avoid the forum. Eventually I figured out that the specification calls for lines to be separated by CR LF, but my robots.txt files were only using CR.

bhartzer:

Google has been very clear lately (via John Mueller) regarding getting pages indexed or removed from the index.

If you want to make sure a URL is not in their index then you have to ‘allow’ them to crawl the page in robots.txt and use a noindex meta tag on the page to stop indexing. Simply disallowing the page from being crawled in robots.txt will not keep it out of the index.

Previously:

Tuesday, July 23, 2019

xattr Flags and iCloud Drive

Howard Oakley:

If you work with xattrs, you’ve probably already seen this in xattrs whose name ends with a hash # then one or more characters: that’s actually the flags, not part of the name, what Apple refers to as a ‘property list’. To avoid confusion I won’t use that term here, but refer to them as xattr flags. A common example of this is com.apple.lastuseddate#PS, which is seen quite widely.

Flags can be upper or lower case letters C, N, P and S, and invariably follow the # separator, which is presumably otherwise forbidden from use in a xattr’s name. Upper case sets (enables) that property, whilst lower case clears (disables) that property.

[…]

The sought-for ‘whitelist’ is actually baked into the xattr flag code, where as of 2013 the following default flags are set for different types of xattr[…]

[…]

If you want a xattr preserved when it passes through iCloud, you therefore need to give it a name which ends in the xattr flag S, such as co.eclecticlight.MyTest#S.

This is like filename extensions all over again, cramming two pieces of data into the same field. If you have an app that uses xattrs (maybe even from before iCloud Drive was introduced), you need to migrate all your metadata (and forever check the old xattrs when reading a file) if you want to set the “flags” for proper iCloud treatment.

Previously:

Update (2019-07-24): Howard Oakley:

Thus the S flag preserved all the xattrs containing Skim’s annotations, but when that file was opened in Skim, it was unable to read them because it doesn’t strip the xattr flags from their names when reading xattrs. And that is the problem with this technique: although the xattrs are, in general, preserved, because most apps don’t expect to have to handle xattr flags appended to their names, the preserved xattrs aren’t used – after all that.

The solution therefore is for all apps which access xattrs by name to drop any xattr flags from the names before using them. This demonstrates the cost of this elegant kludge. As this isn’t handled transparently in calls such as getxattr() which access xattrs, every app is left to its own devices to handle xattr flags appended to xattr names, which is inefficient and encourages inconsistencies between apps.

Update (2019-07-25): Pierre Habouzit:

In general xattrs are a difficult challenge to sync because of the fact that it’s a thing that has no meaning for the end user, and the problem it’s trying to solve is that xattr serve very different purposes, some are metadata for the document (XATTR_FLAG_SYNCABLE), some are about metadata tied to the machine you’re on and make no sense on another machine (XATTR_FLAG_NO_EXPORT), or is privacy sensitive.

The two motivations FWIW are completely for good user experience for 3 reasons:

  • privacy
  • not blowing up your data plan because you have an xattr used for indexing e.g. that keeps being updated
  • avoiding fake “conflicts” in the sync UI that would be extremely confusing.

is it more work for developers? yes.

but this is to eventually get a better user experience. syncing everything by default, because the sync engine cannot understand what is a meaningful change and what isn’t, would pop up the user due to conflicts on xattrs ALL THE F-ing time.

so instead we rely on developers to tell us what is really important to sync for the document to be whole (and in general we prefer packages with metadata in a plist inside the document or in a Resource/ subdir of the bundle).

To be clear, I think the flags seem to do a good job of solving real problems. I just don’t think their existence was communicated very well, and the implementation—combining them with the name—is not very friendly to pre-existing data (or xattrs that need to change flags later).

Update (2019-07-26): Howard Oakley:

Jonathan Levin – who of course does know all about these, and has now added a short section about them to volume I of his reference books on Apple’s operating systems – points out that xattr flags only affect copy behaviour under the copyfile(3) API. That means that copies made using the Finder will respect them, and will strip xattrs where so instructed, but cp in Terminal doesn’t, and preserves all xattrs regardless of their flags. That can of course be a mixed blessing.

Trusting iCloud Drive

Dave Verwer:

I’d be much, much happier with the weird situation where one part of the system says it’s full, while another says there is 5Gb free if I was constantly being shown error messages. In that case, it’d just be a bug with the amount of space being shown in some places, I’d know I was really out of space and I’d upgrade.

No, it’s the silent failure and the fact that a file that seems to be synced with no errors, but actually isn’t that is so troubling. Unless something really major changes, I don’t think I’ll ever be able to trust iCloud Drive with my critical files.

Something to consider if you’re thinking of switching from Dropbox.

Tony Arnold:

Narrator: this did not end well.

Git repos stores in iCloud Drive die a horrible death if you try to actually interact with them.

Meek Geek:

I’ve tried moving a Git repo into iCloud Drive. It spun for a while, then flat out stopped syncing everything on the Mac after that. Such is a feature instead of a product, eh?

Cédric Luthi:

I can see my document in iCloud Drive but every time I try to recover it, I get a “Download Error”. SO UNRELIABLE.

Previously:

Annoying Catalina Security Features

Jason Snell:

After 24 hours of trying to use Catalina in earnest with all my data and apps intact, the new security features are incredibly annoying. Apps constantly asking for permission to see various folders, lots of relaunches and trips to System Preferences. It’s really unpleasant.

At WWDC Apple’s presenters said they would not prevent you from running software you wanted to run on your Mac, but these interface choices are disaffecting. It feels like my Mac is fighting my choices every step of the way, and there’s not even a button to turn it all off.

Erik Schwiebert:

Apple is going to end up learning the lesson Microsoft did with Vista’s UAC prompts. Users end up getting conditioned to blindly click OK because the “security” just gets in their way. It’s a mess.

Mark Hougaard Jensen:

I, apparently as the only one, think it’s great. I found out for instance that Google’s “backup from this Mac” app wants to log all of my keystrokes. I’d never have known if Catalina didn’t tell me.

[Update (2019-07-26): I’m not sure what this is referring to, as apps such as TextExpander and Dash that need to monitor which keys you type have long needed to ask for accessibility access. There’s speculation that the warning is about registering a global hotkey, in which case it sounds like it’s misleading or was misinterpreted by Jensen.]

Kyle Howells:

They won’t actually prevent you from the running software. They’ll just limit how much they can do and make what they still can do impossibly annoying to use until you voluntarily give up and stop using them.

Bryan Jones:

Agreed. It also irritates me that GateKeeper is automatically re-enabled periodically.

I constantly have to turn it off in Terminal just to open a bash script marked as executable in a text editor.

Brad Brown:

The worst so far for me is that all my QuickLook plugins are blocked, and while permission dialogs are annoying for other things, I can’t even find a way to whitelist those plugins anywhere.

John Gruber:

I sincerely think Apple should add a single “expert mode” preference to OK all of this at once. Maybe even make it something you have to type in Terminal, to discourage looky-loos, but something you only have to do once.

Peter N Lewis:

I think the security preferences needs to be flipped over, so applications are listed, and then permissions associated with them, with a big red switch at the top for “allow all”.

Daniel Kennett:

Modern Mac development! \o/

James Thomson:

Honestly, this is all part of my decision not to rewrite DragThing. The writing is on the wall for system level utilities, even if it’s tolerated currently...

Peter N Lewis:

[It] is clear Apple wants to stop all levels of unapproved workflow apps, despite it being essential both for business and even more so for accessibility assistance.

Panic:

Transmit 5.5.2, released today, will be the last version to support the current iteration of Transmit Disk. To prepare Transmit 5.6 for Catalina, we must support hardened runtime, which means dropping Transmit Disk and OS X El Capitan (10.11).

Wil Shipley:

App sandboxing has set app development back more than anything else. I love security but it was designed wrong from the beginning. Should have just replaced the system calls instead of trying to be invisible and magic.

[…]

It wouldn’t have been trivial to create a new set of API calls that were secure and remove access to the old ones, but it would have been a billion times better for developers and users than the current hyperlink nightmare.

Daniel Jalkut (tweet):

The Catalina 10.15 public beta identifies software that has not been notarized as potentially risky because it “cannot be scanned for malware.”

Peter N Lewis:

And the (“cannot be scanned for malware.”) is such a lie, since Apple could clearly just check it at that point - why not just add a Scan button, and have it scan using the same process. Why? Because Notarisation is about controlling developers, not about security.

macOS doesn’t even tell you that there’s a way to bypass the check by using the Open command in the contextual menu.

Previously:

Update (2019-07-24): Kyle Howells:

“Locking everything down that they can” is exactly what they are doing. And it’s killing the mac. If you lock everything down, you no longer have a powerful computer capable of anything I want to do, you have an iOS device with a different UI.

Dave Mark:

Disheartening. This is the first Mac beta I can remember that didn’t call to me. 🙁

Peter N Lewis:

This is the first OS X where I really really don’t want to upgrade for reasons other than concern about bugs. This drops support for 32-bit, breaking lots of old games and tools, and adds a whole bunch of security theatre road blocks.

Shawn King:

Same here. This is the first OS X version I won’t upgrade until I’m forced to.

See also: The Talk Show.

Update (2019-07-26): Martin Pilkington:

I think the first time I encountered it was opening an Xcode project from the desktop. Understandable if wanting to access the desktop directly without any user input, but seems a tad overkill for those cases where I explicitly tell an app “open something in ~/Desktop/Foo/”

Rosyna Keller:

Yes, that is supposed to be inferred access. Through the betas, inference is getting much, much better.

See also: Reddit.

Update (2019-07-29): Peter Steinberger:

Anyone seen that one yet? App doesn’t start anymore, no idea how to fix.

Message from debugger: Error 1

The fix:

sudo DevToolsSecurity -enable

Finding that took me 3 hours. Yay.

Update (2019-08-13): Craig Hockenberry:

This constant barrage of security permission dialogs on Catalina would be a lot less distasteful if a modicum of thought went into the user experience. Everything about the flow, including help that’s incorrect when you click on ?, is about accessibility, not the user’s goals.

Update (2019-08-16): Joe Barbour:

Could you explain why @sip_app wants to record my entire screen? No where in your terms of service does it state you will record the users screen, this is illegal.

Paulo Andrade:

Sip is a color picker. The warning in Catalina makes its users feel insecure...

See also: The Talk Show.

Update (2019-08-20): Paul Kim:

In case you haven’t figured it out yet, third-party System Preference panes on Catalina are loaded into a separate “legacyLoader” process. Can’t find any mention of this and had to find out through back channels. This is also responsible for all sorts of display bugs. Lovely.

Update (2019-12-20): John Gruber:

I have not touched the Simulator in about 24 hours. I just got this alert while I was typing in MarsEdit and really in the flow. The modality of the alert interrupted me mid-sentence.

Update (2020-01-30): Steve Troughton-Smith:

Speaking of Catalina and its dialogs, this daily popup drives me crazy. No indication what causes it, and if I don’t enter my password I can’t continue using the machine. Checking Activity Monitor suggests it’s Mail-related

How Many Gold Apple Watches Were Sold?

Joe Rossignol:

As for the $10,000-plus, 18-karat gold Apple Watch Edition, the report claims Apple’s sales were “in the low tens of thousands” of units, with “few after the first two weeks.” The line was discontinued in September 2016 after just 16 months and, humorously, the gold models are now stuck on watchOS 4 and below.

Nick Heer:

Even with the lowest possible numbers within this framing — 10,000 units sold of a minimum $10,000 product — that still means Apple made a hundred million dollars on the first-generation Edition. I’m not making a judgement on whether this is good, obviously, but it’s noteworthy.

Previously:

App Store Takedown Demands by Governments

Juli Clover (Hacker News):

Apple received a total of 80 requests from 11 countries to remove 634 apps from various App Stores in different countries. While Apple did not provide specific details on which apps it was asked to pull, requests from China made up the bulk of total takedown requests.

China asked Apple to remove 626 apps, and Apple ultimately pulled 526 of those. Apple also pulled a smaller number of apps at the request of Vietnam, Austria, Kuwait, Lebanon, the Netherlands, Norway, Russia, Saudi Arabia, Switzerland, and Turkey.

The transparency report, from the second half 2018, is here.

Previously:

Monday, July 22, 2019

Andy Hertzfeld’s Videos

Adafruit:

Andy Hertzfeld has a YouTube channel and it’s great.

There’s a bunch of Mac and Magic Cap history stuff that I hadn’t seen before.

Previously:

macOS 10.14.6 and Xcode 10.3

The macOS 10.14.6 Combo update is now available.

Xcode 10.3 is in the Mac App Store, but it’s not yet available for direct download. In fact, the download page is currently directing me to check the system status, which of course shows all green.

Update (2019-07-23): The Xcode direct download is now available. The release notes still show only a single bug fix, so it’s not clear why the release is Xcode 10.3 rather than 10.2.2.

Dave DeLong:

One interesting note: Today I downloaded both Windows 10 and Xcode 10.3.

Windows 10 is 4.6GB.

Xcode 10.3 6.0GB

🤔🤔🤔🤔

Howard Oakley:

First and foremost, it brings new system support for “Expansion Slots”, which are surely for the new Mac Pro model which is due to ship in the next few weeks. This confirms that its initial macOS install will be Mojave 10.14.6 rather than Catalina.

[…]

Further updates, which Apple doesn’t appear to have covered in its release notes, are across most software supporting Bluetooth, even its preference pane, and in Photos, which has changes in its iCloud support as well. There have been many updates across the various components for Notes.

Update (2019-07-25): Howard Oakley:

The latest news on this week’s macOS updates is that the Mojave update to 10.14.6 does appear ‘safe’, but the two security updates 2019-004 to Sierra and High Sierra remain unavailable, and shouldn’t be attempted until Apple replaces them.

The problems appear to be in the BridgeOS update, which is specific to Macs with T1 or T2 chips. The version of BridgeOS or iBridge, 16.16.6568.0.0, which ships with these updates appears to work correctly in the 10.14.6 update, but can cause problems with sleep and wake in the Sierra and High Sierra Security Updates 2019-004.

Update (2019-08-06): Howard Oakley:

Apple has just released macOS Mojave 10.14.6 Supplemental Update, which it says addresses problems in some Macs when waking from sleep. This is slightly less than 1 GB in size.

Although the release refers to security notes, none are yet available.

Howard Oakley:

It’s not unusual for Apple to fluff a significant macOS update, but it’s been a while since one went as badly wrong as Mojave 10.14.6 and its accompanying security updates.

[…]

Over this period, Apple has published three press releases. None of them concerns problems with these updates, nor explains why so many recent MacBook Pros were suffering kernel panics. As Apple doesn’t provide a list of new support notes, it’s almost impossible to discover whether it was mentioned in one, but I have been unable to locate any mention of the update saga, or warning to those MacBook Pro users that Apple had identified a problem.

Update (2019-08-29): Mr. Macintosh:

Apple has now released two Supplemental updates for macOS Mojave 10.14.6. The first macOS Mojave 10.14.6 Supplemental Update #1 (18G87) was released on August 1st. You can take a look at what was included inside the first Supplemental Update in the link below. The second one, which was released today is called macOS Mojave 10.14.6 Supplemental Update #2 (18G95).

See also: Howard Oakley.

Update (2019-09-27): Howard Oakley:

Apple has just released macOS 10.14.6 Supplemental Update 2 (which is in fact the third Supplemental Update to 10.14.6).

Apple:

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero

Rob Griffiths:

Below the break is a table showing all major releases of macOS (previously Mac OS X) from the public beta through the latest public version, which is macOS 10.14.6 Supplemental Update 3, as of September 26th, 2019—the 126th release in total.

Friday, July 19, 2019

An Illustrated History of Easter Eggs

James Thomson:

The video of my talk “An Illustrated History of Easter Eggs” is up.

This was a lot of fun to put together!

Lots of fun stuff here, from Atari, to the Finder, and later PCalc.

Update (2019-08-13): David Pogue (via The Talk Show):

In the Google Maps division, the best-known Easter egg appeared on March 10, 2018. It was International Mario Day (Mar10, get it?), celebrating the goofy Italian plumber from Nintendo’s video games.

[…]

The link then opens a photograph of beef brisket and a tribute to Memphis Minnie’s, a San Francisco barbecue restaurant. Mr. Mullenweg noted that because he makes this Terms of Service document available to anyone, “this Easter egg has actually been copied into many other companies’ terms of service, without them reading or noticing it.”

Margaret Hamilton and Apollo 11

Margaret Hamilton (via Hacker News):

There were two onboard computers – one on the command module, Columbia, and one on the lunar module, Eagle. Our task included developing the software to run on each and the systems software they shared. At the beginning, nobody thought software was that big a deal. But then they began to realise how much they were relying on it. The group grew so there were approximately 100 software engineers on my team. Astronauts’ lives were at stake. Our software needed to be ultra-reliable and it needed to be able to detect an error and recover from it at any time during the mission. And it all had to fit on the hardware.

[…]

Just as the astronauts were about to land, the software’s priority displays interrupted them with alarms to warn there was an emergency, and that the computer was overloaded. I learned about it as it was happening, standing in the monitoring room at MIT. We pieced together afterwards what had happened, which was that a radar switch was in the wrong position and it was taking up processing power. It quickly became clear the software was not only informing everyone that there was a hardware-related problem but was compensating for it – restarting and re-establishing the highest priority tasks. The error detection and recovery mechanisms had come to the rescue. It was a total relief when they landed – both that the astronauts were safe, and that the software worked perfectly.

[…]

During the early days of Apollo, software was not taken as seriously as other engineering disciplines. Though in fact we had a complex system of systems, we weren’t getting credit for what was a legitimate field. It was out of desperation I came up with the term, to say: “Hey, we’re engineering too.” It was an ongoing joke for a long time. Then one day in a meeting, one of the most respected hardware gurus explained to everyone that he agreed with me. The process of building software should also be considered an engineering discipline, just like with hardware.

donnie:

The entire Apollo 11 computer code is available on @github, and it’s incredible.

Don Eyles:

The Apollo 11 mission succeeded in landing on the moon despite two computer-related problems that affected the Lunar Module during the powered descent. An uncorrected problem in the rendezvous radar interface stole approximately 13% of the computer’s duty cycle, resulting in five program alarms and software restarts. In a less well-known problem, caused by erroneous data, the thrust of the LM’s descent engine fluctuated wildly because the throttle control algorithm was only marginally stable. The explanation of these problems provides an opportunity to describe the operating system of the Apollo flight computers and the lunar landing guidance software.

Jason Kottke:

With the 50th anniversary of the first crewed landing on the Moon fast approaching, I thought I’d share one of my favorite views of the Moon walk, a map of where Neil Armstrong and Buzz Aldrin walked on the Moon, superimposed over a baseball field (bigger). The Lunar Module is parked on the pitcher’s mound and you can see where the two astronauts walked, set up cameras, collected samples, and did experiments.

Graham Roberts:

50 yrs ago, Apollo 11 returned to Earth with rolls of film containing iconic images: a boot print on the moon, a wrinkled U.S. flag, and a portrait of Buzz Aldrin with Neil Armstrong. Today @nytimes offers a perspective like never before.

Our inspiration came from a map originally created by NASA in 1970 that pinpoints the location and direction of every photo taken during this first moonwalk.

@kartpat, an editor on the Immersive team, wrote a custom program to determine how the moonwalk photographs were oriented in space. For each photo, he calculated the height of the camera, its direction and tilt, and the field of view of the lens.

The result: you can stand where Neil Armstrong and Buzz Aldrin were standing when they took these historic photographs. This three-part interactive article uses real-time 3-D graphics and Augmented Reality to bring it all together.

Jeremy Deaton (via Paul Kafasis):

Though almost no one knew it at the time, the mission had nearly ended in disaster. It was spared only at the last minute by two canny meteorologists with access to a top-secret weather satellite.

[…]

The storm, with its towering clouds and powerful winds, threatened to tear apart the parachutes on the command module on its descent into the Pacific.

Previously:

Update (2021-01-07): Jason Kottke:

On July 20, 1969, 50 years ago today, Neil Armstrong & Buzz Aldrin landed on the Moon and went for a little walk. For the 11th year in a row, you can watch the original CBS News coverage of Walter Cronkite reporting on the Moon landing and the first Moon walk on a small B&W television, synced to the present-day time. Just open this page in your browser today, July 20th, and the coverage will start playing at the proper time.

Ken Shirriff:

The software to land on the Moon was woven by hand into core rope memory: wire through a core for a 1 bit, around a core for a 0 bit. Apollo Guidance Computer’s ropes held 36K of 15-bit words and used the first amplifier integrated circuits.

Cara Giaimo:

So in 1964, when [Margaret Hamilton] saw an ad from the MIT Instrumentation Lab recruiting programmers to work on software for what would become the Apollo program, Hamilton jumped at the chance. Initially, she was assigned what was presumed to be a low-impact project, writing the code that would kick in if an unmanned mission aborted. The higher-ups were “so sure this wasn’t going to happen,” she says, that she actually named her program “Forget It.” (When one of these missions did abort, she found herself in high demand.)

Scottie Andrew and Katherine Dillinger:

On Thursday, Google unveiled a giant tribute to Hamilton in California’s Mojave Desert: More than 107,000 mirrors were positioned to reflect moonlight and form her image for one night.

Jen Fitzpatrick:

The tribute was created by positioning over 107,000 mirrors at the Ivanpah Solar Facility in the Mojave Desert to reflect the light of the moon, instead of the sun, like the mirrors normally do. The result is a 1.4-square-mile portrait of Margaret, bigger than New York’s Central Park.

Jason Kottke:

50 years ago, the Sony TC-50 cassette player and recorder accompanied the Apollo 11 crew to the Moon and back. Ten years later, the company came out with the Walkman, the first portable cassette player that struck a chord with consumers. In this video, Mat of Techmoan shows us the TC-50 and shows how similar it is to the later Walkman.

Jordan Merrick:

For the 50th anniversary of the moon landing, Todd Douglas Miller’s breathtaking film of the Apollo 11 mission that’s comprised entirely of archive footage is essential viewing for all mankind.

Alexis Gallagher:

Interesting article on the Apollo 11 guidance computer.

Ken Shirriff (via Hacker News):

We recently restored an Apollo Guidance Computer, the revolutionary computer that helped navigate to the Moon and land on its surface. At a time when most computers filled rooms, the Apollo Guidance Computer (AGC) took up just a cubic foot. This blog post discusses the small but complex switching power supplies that helped make the AGC compact enough to fit onboard the spacecraft.

What’s Coming in Python 3.8

Jake Edge (via Hacker News):

Out of that came a new operator, however, that is often called the “walrus operator” due to its visual appearance. Using “:=“ in an if or while statement allows assigning a value to a variable while testing it.

[…]

The f-strings (or formatted strings) added into Python 3.6 are quite useful, but Pythonistas often found that they were using them the same way in debugging output. So Eric V. Smith proposed some additional syntax for f-strings to help with debugging output.

[…]

Another change for 3.8 affords pure-Python functions the same options for parameters that those implemented in C already have. PEP 570 (“Python Positional-Only Parameters”) introduces new syntax that can be used in function definitions to denote positional-only arguments—parameters that cannot be passed as keyword arguments.

Previously:

The Sad Truth About Sleep-Tracking Devices and Apps

Brian X. Chen:

Ultimately, the technology did not help me sleep more. It didn’t reveal anything that I didn’t already know, which is that I average about five and a half hours of slumber a night. And the data did not help me answer what I should do about my particular sleep problems. In fact, I’ve felt grumpier since I started these tests.

That mirrored the conclusions of a recent study from Rush University Medical College and Northwestern University’s Feinberg School of Medicine. Researchers there noticed patients complaining about sleep data collected by apps and devices from Nike, Apple, Fitbit and others.

In their study, the researchers warned that sleep-tracking tech could provide inaccurate data and worsen insomnia by making people obsessed with achieving perfect slumber, a condition they called orthosomnia. It was one of the latest pieces of research supporting the idea that health apps don’t necessarily make people healthier.

Thursday, July 18, 2019

Have We Hit Peak Podcast?

Nick Heer:

Jennifer Miller of the New York Times wrote about the eruption of podcasting popularity — a seemingly evergreen topic. Nieman Lab wondered in 2017 if we had hit “peak podcast”, while Wired thought the same in 2015. Podcasts were “back” in 2012, according to Social Media Examiner, and also in 2014, according to the Washington Post. 2005 was the “year of the podcast”, according to Slate. Podcasting seems perpetually mainstream and, also, simultaneously on the verge of death.

Much as I think this story subject is well worn, there’s plenty of research in Miller’s article that helps provide a sort of status update on the podcasting industry. One stat she quotes near the end of the piece is particularly eye-opening: less than 20% of podcasts tracked by Blubrry issued a new episode between March and May.

No, I don’t think this is the peak, either in terms of the number of active shows or listeners.

Previously:

iPhone Loyalty

Chance Miller:

In total, using its own data and data from other companies, BankRoll concludes that iPhone loyalty has hit its lowest point since 2011, falling to 73 percent. This compares to loyalty in 2017 of 92 percent.

[…]

There are several things worth noting with this data. For one, the sample size is relatively small and seemingly comes almost entirely from customers using the specific BankMyCell service. Furthermore, other data from companies like CIRP has suggested that iOS loyalty has continued to hit new highs. In January, CIRP said that iOS loyalty was at 91 percent.

Another inconclusive report. I wonder whether Loyalty is more important than Customer Sat. Maybe yes, because it’s about action rather than just reported sentiment. On the other hand, it doesn’t measure people who aren’t buying a new phone this year (an increasing percentage). And, of course, Customer Sat. doesn’t count the customers who have already switched away.

Anecdotally, I am hearing less interest and satisfaction in the iPhone X series of phones, and increasing concerns (whether true or not) that Apple’s cameras are no longer market leading. And, at least prior to iOS 13, iPhones can be slower at launching apps. Personally, I remain quite happy with my iPhone XR.

Previously:

Wednesday, July 17, 2019

SummerFest 2019 Ending Soon

The SummerFest festival of artisanal software is ending tomorrow. Besides the apps I previously mentioned, it includes HoudahSpot (better Spotlight searching), Nisus Writer Pro (my favorite word processor), Panorama X (RAM-based database), TaskPaper (plain text lists), and Tinderbox (power notes organizer).

Lowercase Passwords

Stuart Schechter:

Your master password should be at least 12 lowercase characters or five words. Why use lowercase characters or words when you’ve probably been told (and coerced) to use uppercase characters and symbols in the past? If you have to enter the password on a device with on on-screen keyboard (like your phone’s), each uppercase letter or symbol may require extra key presses. You can get the same security, and save yourself a great deal of frustration, by making your all-lowercase password just 30% longer than if it were mixed case [9]. In other words, a randomly-generated 13-character lowercase password, which can be entered with 13 keystrokes, is as secure as a 10-character mixed password, which may require many more.

Via Ricky Mondello:

This plays into why the passwords that iCloud Keychain generates are dominated by lower-case letters; you might have to type them somewhere, sometime (but not remember). I explain this in the talk I gave at PasswordsCon 2018.

Previously:

Branches and Continuous Integration

Soroush Khanlou (tweet):

A problem presents itself, however. You need to build a feature that takes 1,000 lines of code, but you’d like to merge it in in smaller chunks. How can you merge the code in if it’s not finished?

Broadly, the strategy is called “branch by abstraction”. You “branch” your codebase, not using git branches, but rather branches in the code itself. There’s is no one way to do branch by abstraction, but many techniques that are all useful in different situations.

[…]

Of course, the humble if statement is also a great way to apply this technique; use it liberally with feature flags to turn features on and off. (A feature flag doesn’t have to be complicated. A global constant boolean gets you pretty far. Feature flags don’t have to come from a remote source! However, I would recommend against compile-time #if statements, however. Code that doesn’t get compiled might as well be dead.)

Branches are just not very useful for managing features or major releases for which development will take a long time (during which you will keep working on the shipping version). They’re great when you want to make a bug fix release based on an old version, and thereafter plan for the branch to die. But, otherwise, you spend a lot of time merging changes back and forth between two active branches and still end up with a potentially difficult integration at the end. It’s better to use feature flags and potentially extra Info.plist files and Xcode targets to support simultaneous development of multiple versions.

Previously:

Why Does APT Not Use HTTPS?

Chris Lamb (via Hacker News):

Accessing mirrors over HTTPS would not prevent a compromised mirror tampering with packages, so APT already has other mechanisms to guard against this.

Also, HTTPS would not stop a determined attacker deducing which apt packages your system was downloading (though this becomes more difficult).

[…]

A switch to HTTPS would also mean you could not take advantage of local proxy servers for speeding up access and would additionally prohibit many kinds of peer-to-peer mirroring where files are stored on servers not controlled directly by your distribution. This would disproportionately affect users in remote locales.

Previously:

Go64 Finds 32-bit Apps

St. Clair Software:

macOS 10.15 Catalina will not run 32-bit Mac applications. At all. Once you upgrade to Catalina, those apps won’t even launch.

To prepare, I wrote Go64, a free application that scans your system for 32-bit apps and shows them all in one place, with version and website information to make it easier to assess whether you need to update or look for an alternative.

[…]

As they say, the devil’s in the details, and dealing with the vagaries of what goes on inside applications got interesting. Go64 leverages Spotlight to compile a list of executables, but then does a deep dive into each 64-bit application to check for any helper apps, frameworks, services or plugins that might not be 64-bit. While I knew this could be an issue, Howard’s work highlighted just how common it is to have a mix of executables bundled within apps. Most of the time, it’s just for expediency, and developers do the proper juggling to run the correct one, but how’s a user to know? So Go64 does a bunch of checks to look for common methods, and if it still can’t make sense of things, errs on the safe side and flags the app with a little caution icon.

Previously:

Tuesday, July 16, 2019

Apple to Bankroll Original Podcasts

Lucas Shaw and Mark Gurman (MacRumors, Hacker News):

Apple Inc. plans to fund original podcasts that would be exclusive to its audio service, according to people familiar with the matter, increasing its investment in the industry to keep competitors Spotify and Stitcher at bay.

Executives at the company have reached out to media companies and their representatives to discuss buying exclusive rights to podcasts, according to the people, who asked not to be identified because the conversations are preliminary. Apple has yet to outline a clear strategy, but has said it plans to pursue the kind of deals it didn’t make before.

The introduction of Apple Music made the Music app worse for everyone not using it. This will likely have a bigger negative effect for podcasts, both because it messes up Apple’s incentives (for their apps and directory) and because it will make it harder for customers to get content in the apps that they want.

Marco Arment:

Unfortunately, this is both very likely and a lot less awesome.

Previously:

Update (2019-07-17): See also: Hacker News.

Marco Arment:

I expect Apple to have as much success with exclusive podcasts as everyone else has.

karizma23:

Hypothetically speaking, would you take their money for a show if offered?

Marco Arment:

No, for the same reason it’s unwise for most people to do “podcasts” exclusive to one platform:

Most of my audience isn’t there and won’t move for me, the paywall/appwall would halt most audience growth, and any new audience I build won’t follow me off the platform if necessary.

Manton Reece:

Not sure where Apple is going with exclusive podcasts, but it’s probably nowhere good. By default I’m against any “podcast” that can’t play in multiple podcast apps because it erodes the openness of the ecosystem.

Zac Cichy:

I’ve kind of been arguing for Apple to go hard on owning its podcast platform for a really long time. The thing is, things have changed and it doesn’t matter what anyone says a podcast is. Market is maturing, and Apple should have done more years ago to hedge the inevitable.

It’s not a popular position around here, and I personally have zero incentive to argue this, but Apple should be trying to create a centralized podcast platform.

Every time Apple waits on something like this, a market moves on without them.

Jason Snell:

Given Apple’s deep pockets and its focus on services, I can’t see how the company wouldn’t at least investigate the possibility of adding original audio content to its portfolio, both to strengthen the pull of the Podcasts app and increase the value of one of its existing services or a forthcoming services bundle.

Update (2019-07-23): See also: Accidental Tech Podcast.

Update (2019-07-26): See also: Upgrade.

How Many Kinds of USB-C to USB-C Cables Are There?

Benson Leung (via Hacker News):

We have a matrix of 2 x 3, with 2 current rating levels (3A max current, or 5A max current), and 3 data speeds (480mbps, 5gbps, 10gpbs).

Adding a bit more detail, cables 3-6, in fact, have 10 more wires that connect end-to-end compared to the USB 2.0 ones in order to handle SuperSpeed data rates. Cables 3-6 are called “Full-Featured Type-C Cables” in the spec, and the extra wires are actually required for more than just faster data speeds.

“Full-Featured Type-C Cables” are required for the most common USB-C Alternate Mode used on PCs and many phones today, VESA DisplayPort Alternate Mode. VESA DP Alt mode requires most of the 10 extra wires present in a Full-Featured USB-C cable.

Alexis Gallagher:

Inconvenient but not crazy. I’d say the design failure here is the absence of a system of clear graphic symbols to convey this.

Jonathan Wight:

Assuming no one has invented a USB-C hub yet? (USB-C <-> USB-C).

Still just a bunch of USB-3 hubs or overpriced “docking stations”…

See also: USB-C Charger Roundup.

Previously:

Most “Free” VPN Apps Secretly Owned by China

Simon Migliano:

Unfortunately, the majority of apps appearing in the top results for “VPN” searches are free products from obscure and highly secretive companies that deliberately make it very difficult for consumers to find out anything about them.

[…]

Our investigation uncovered that over half of the top free VPN apps either had Chinese ownership or were actually based in China, which has aggressively clamped down on VPN services over the past year and maintains an iron grip on the internet within its borders.

[…]

Apple and Google have let down consumers by failing to properly vet these app publishers, many of whom lack any sort of credible web presence and whose app store listings are riddled with misinformation.

Via Josh Centers:

Additionally, the investigation revealed many have bad or nonexistent privacy policies, don’t even have legitimate Web sites, and share user activity with third parties. If you’re selecting a VPN in order to guard your privacy, be careful of which one you choose and do your research to find a trustworthy provider because a VPN service can monitor all of your Internet activity.

How can you even tell whether a paid VPN is trustworthy—not a honeypot and actually follows its privacy policy?

Update (2019-07-17): Adi Robertson (tweet):

An OO-certified app or site must meet three criteria. First, it needs to demonstrate “a basic level of transparency” by making its code and infrastructure — among other things — public and fully documented. Second, it needs to lay out its policy in the form of “claims with proof,” establishing what user data is collected, who can access it, and how it’s being protected. Third, those claims must be evaluated by an OO-certified auditor who then makes the audit results public.

The site OpenlyOperated.org, for example, is OO-certified. (It’s one of two OO-certified services right now, alongside Lin and Dewan’s Confirmed VPN.) Its audit report lists several easily readable and footnoted claims about the site, including the claim that your email address is kept totally private — even from the site’s operators. It then includes details about the encryption system that makes this possible, plus statements from cybersecurity consultants who corroborate the claims. While companies can already run privacy audits, Openly Operated’s branding is supposed to promise a certain level of depth, in addition to guaranteeing transparency.

Update (2019-08-19): Kenn White:

Myths about VPN providers

- they protect your identity
- they’re safe
- they don’t log
- they are competent
- they’ll shield you from the law
- NSA can’t…no, just stop. Really.

Update (2019-10-21): Kenn White:

A story of the entire VPN industry, in 4 acts. Starring NordVPN.

See also: Dan Goodin.

Google Photos Is Making Photos Semi-public

Robert Wiblin (via Hacker News):

Whenever you share a photo with a specific person or account on Google Photos, it creates a link that will allow anyone in the world to view those photos, forever, until you go and manually deactivate that link in an obscure part of the interface.

[…]

If that ‘secret’’ link is ever revealed, anyone anywhere will be able to see it until I go and delete that specific sharing instance. And I’d have no way to find out that they were viewing it!

This is perhaps not surprising if you’ve used Flickr, which works the same way, and even has a way to track visits to the link. But it is surprising from the perspective of Facebook or Google’s own Drive, where sharing with a particular user makes a link only for that user.

Update (2019-07-17): Russell Brandom (via sciwizam):

So why is that public URL more secure than it looks? The short answer is that the URL is working as a password. Photos URLs are typically around 40 characters long, so if you wanted to scan all the possible combinations, you’d have to work through 10^70 different combinations to get the right one, a problem on an astronomical scale. “There are enough combinations that it’s considered unguessable,” says Aravind Krishnaswamy, an engineering lead on Google Photos. “It’s much harder to guess than your password.” Because web traffic for Photos is encrypted with SSL, it’s also kept secret from anyone on the network who might be listening in.

However, it would be easy for people to listen in if you send the URL to anyone via an unencrypted service such as e-mail.

Why Did Moving the Mouse Cursor Cause Windows 95 to Run More Quickly?

Retrocomputing (via Devon Zuegel):

Windows 95 applications often use asynchronous I/O, that is they ask for some file operation like a copy to be performed and then tell the OS that they can be put to sleep until that operation finishes. By sleeping they allow other applications to run, rather than wasting CPU time endlessly asking if the file operation has completed yet.

For reasons that are not entirely clear, but probably due to performance problems on low end machines, Windows 95 tends to bundle up the messages about I/O completion and doesn’t immediately wake up the application to service them. However, it does wake the application for user input, presumably to keep it feeling responsive, and when the application is awake it will handle any pending I/O messages too.

Thus wiggling the mouse causes the application to process I/O messages faster, and install quicker. The effect was quite pronounced; large applications that could take an hour to install could be reduced to 15 minutes with suitable mouse input.

Whereas, on classic Mac OS, you could pause certain processing by depressing the mouse button.

Update (2019-07-17): Dimitri Bouniol:

Even today, the main run loop mode will change and stop typical timers from running if you open a menu in a modern Mac app.

Kevin Purcell:

This was true of 3270 terminals on IBM mainframes running CMS on VM/370.

If you hit the spacebar you’d get a little hit of CPU time.

I recall numbers of mech eng and elec eng grad students sitting at 3270 tapping the keyboard in the late 1980s when running their FORTRAN codes.

Monday, July 15, 2019

Airmail Adds Subscription for Push Notifications

Joe Rossignol (tweet, Reddit):

Airmail for iOS is now free to download on the App Store, but push notifications and multi-account support have become premium features priced at $2.99 per month or $9.99 per year in the United States. The app was previously available for a one-time, upfront cost of $4.99 with all features unlocked.

Speaking of changing the price for features already shipped…

At face value, the change appears to violate Apple’s App Store Review Guidelines, which state “if you are changing your existing app to a subscription-based business model, you should not take away the primary functionality existing users have already paid for.”

Leonardo Chiantini:

Customers who purchased the app can still have access to multiple accounts but not push notifications which, is a side service of the app and is not preventing the use of the app’s core functionality.

We do understand users frustration, the decision was made to keep the business sustainable as we face increasing backend service expenses.

Previously:

Update (2019-07-19): ilia kukharev:

What happens when you ask your paid users to pay again, by changing the monetization model.

Via Ryan Jones:

Brutal :( for Airmailer. I feel for them, it’s not easy.

Fernando Corbató, RIP

Katie Hafner (via Rodney Brooks):

Dr. Corbató, who spent his entire career at M.I.T., oversaw a project in the early 1960s called the Compatible Time-Sharing System, or C.T.S.S., which allowed multiple users in different locations to access a single computer simultaneously through telephone lines.

[…]

C.T.S.S. gave rise to a successor project called Multics, which Dr. Corbató also led. He told the Babbage Institute, “Multics started out as kind of a wish list of what we would like to see in a big computer system that might be made as a commercial model.”

Multics was a collaboration among M.I.T., AT&T’s Bell Laboratories and General Electric. It failed as a commercial endeavor, but it inspired a team of computer scientists at Bell Labs to create Unix, a computer operating system that took root in the 1970s and was adopted widely in the ′80s and ′90s.

[…]

In the course of refining time-sharing systems in the 1960s, Dr. Corbató came up with another novelty: the computer password.

Shape Up

Ryan Singer (Ryan Singer):

This book is a guide to how we do product development at Basecamp. It’s also a toolbox full of techniques that you can apply in your own way to your own process.

[…]

First, we work in six-week cycles. Six weeks is long enough to build something meaningful start-to-finish and short enough that everyone can feel the deadline looming from the start, so they use the time wisely.

[…]

Second, we shape the work before giving it to a team. A small senior group works in parallel to the cycle teams. They define the key elements of a solution before we consider a project ready to bet on. Projects are defined at the right level of abstraction: concrete enough that the teams know what to do, yet abstract enough that they have room to work out the interesting details themselves.

[…]

Third, we give full responsibility to a small integrated team of designers and programmers. They define their own tasks, make adjustments to the scope, and work together to build vertical slices of the product one at a time. This is completely different from other methodologies, where managers chop up the work and programmers act like ticket-takers.

[…]

This book is about the risk of getting stuck, the risk of getting bogged down with last quarter’s work, wasting time on unexpected problems, and not being free to do what you want to do tomorrow.

Infinite Night Shift

Austin Johnsen (via Ashley Bischoff):

TIL that if you go North of the Arctic Circle in the summer and bring a MacBook with Night Shift set to be triggered by sunrise/sunset, the process will go into an infinite loop because the sun never sets...

I noticed this when my computer fan went crazy because my CPU was running at 120% trying to calculate when sunset was in order to trigger Night Shift. As soon as I turned Night Shift off, that process disappeared and the fan spun back down...

Previously:

Friday, July 12, 2019

SFUniversalLink

Jonathan Grynspan:

As promised, API for macOS browsers to adopt universal links!

Please review the header for details on how to adopt—ADC hasn’t got them yet. 🤐

Universal Links let certain HTTP links (e.g. Dropbox and Twitter, or hypothetically Zoom) open directly in an app instead of in the browser, potentially bypassing a confirmation alert that a custom URL scheme would have caused. This API lets third-party browsers provide an experience that matches Safari.

However, sometimes the user doesn’t want the link to open in the app, and so Safari in Catalina lets you Control-click to choose the browser instead. (On iOS you can long-press.) The isEnabled property lets you see how the user last opened a link for that app, so that you can respect the preference. And it’s shared across the OS, so you can change it in a third-party browser and affect Safari’s behavior.

See also: What’s New in Universal Links.

Previously:

Mac Marketshare in Q2 2019

Eric Slivka:

If accurate, Gartner’s estimates would put Apple with its lowest share of the U.S. PC market since the first quarter of 2014 and the lowest recorded on a global basis since Gartner started including Apple as a top global vendor in the third quarter of 2014.

[…]

IDC’s estimates paint a much different picture, however, projecting worldwide PC shipment growth of 4.7 percent compared to the second quarter of 2018. IDC pegs Apple as having shipped 4.011 million Macs in the quarter for nearly 10 percent year-over-year growth.

Previously:

Local 1Password iOS Vaults No Longer Free

gross (via Hacker News):

I have a workflow where I use 1Password on my phone - locally, no sync, do not want sync, can not use sync. Obviously this is not my main way of using 1Password, which I have been using now since 2011, mostly on Mac and iOS.

On that phone, I often remove 1Password and reinstall it. The last time I did this was a few weeks ago, likely running 7.3.1 or 7.3.2.

Today, I needed to urgently do this again, and I reinstalled 1Password to realize the new onboarding screen does not seem to let me configure my local vault at all.

I looked at release notes - all I can see is that 7.3.1 had improvements to standalone vault syncing, which seems to mean standalone vaults still work, and 7.3.3 reduced the size of the app by 27%.

Ben:

I’m sorry for the trouble. 1Password no longer offers a free-to-use option on iOS. It can either be used with a 1Password membership account or it can be synced to a standalone vault created by 1Password for Mac or 1Password for Windows. It wouldn’t be possible to create a new standalone vault from 1Password for iOS. Standalone vaults still work, but must be created by a licensed product (1Password for Mac or 1Password for Windows).

It seems pretty reasonable to disallow free creation of vaults. But it does reduce the utility of the app for those of us who don’t want to use the cloud service, because there’s no longer a way to pay for the iOS app without subscribing to the service.

The other issue this story highlights is that app updates aren’t handled well on iOS. Chances are that you’ll get silently updated to the new version—and in this case the change wasn’t called out in the release notes, anyway—and there’s no way to go back or even to restore from backup. So you can never be sure that a feature you depend on won’t suddenly disappear or break.

haaf:

Perhaps one could split the arguments in this thread into two categories; 1) forcing payment for some features is frustrating when it was free before, 2) stand-alone vault synchronisation features are disappearing because AgileBits thinks it’s more secure and more convenient to work via 1P-accounts.

As a five year old customer of both personal and company plans, I also see the disappearance of stand-alone synchronisation as a negative. I’ve brought it up with customer support and sales on multiple occasions.

Unfortunately, the outcome of those conversations is always similar to this thread.

ken:

One thing I’ve learned about software in general is that I never want to be outside of the primary use case. If you’re not using it the same way that the people building it do, it’s going to be a pain to use, and your requests will be ignored.

“Ignored” is probably too strong here, but the overall point is sound. This is also why people get uneasy about Apple dropping certain types of hardware and adding impediments to automation workflows. Even if it’s technically still possible to do what you could do before, everything becomes more difficult and less supported when you’re on a niche path.

Previously:

Update (2019-07-19): See also: Reddit.

MrRooni:

I am sorry that we removed a feature that some of you rely on for your workflow and I’m sorry we didn’t communicate its removal. In all honesty I assumed it would go mostly unnoticed. I figured that existing customers already have 1Password setups that are working for them, so no one would miss it. And really, why draw attention to the removal of a feature that shouldn’t really affect anyone anyway?

Clearly I missed the mark on this one.

[…]

I also want to touch briefly on why this feature was removed. For better or worse, a good chunk of the answer comes down to how we want 1Password viewed as a product among the field of other password managers. Prior to this change 1Password would frequently appear on the list of the “best free password managers” and while that’s flattering, it’s not where we want to be. 1Password is a paid product, and prior to today 1Password for iOS was the only 1Password app on any platform that could be used entirely for free. That is no longer the case. Another large reason why we removed this feature was that an unsynced vault on an iOS device is a dangerous thing. We receive enough customer support from people who set up 1Password in this way and then lose their device and lose everything that we wanted to take a very deliberate step in removing the possibility that people could find themselves in that state.

Tim Hardwick:

The good news is that 1Password has listened to user feedback, and the latest update, v7.3.4, restores the ability to create standalone vaults from setup to customers who had previously purchased 1Password 4 for iOS or the Pro Features in-app purchase.

However, for new users at least, there’s no longer any way to use the password management service without subscribing to a paid plan.

Predatory iOS App Subscriptions

David Barnard:

I decided to try and tune the my niece’s Disney princess guitar and went to the App Store looking for a tuner. Top result is an ad for an app by MVM, the company I called out last week for shady onboarding and $400+/yr subscriptions.

Second result is a curated story, so I figured that would be better than continuing to look through the search results. So I download one of those apps. Similar shady onboarding, then a $100/yr subscription. (At least this one has a close button hidden in the top left.)

[…]

What’s especially insidious is that to make these scams work, developers are spending tons of money on user acquisition. I’ve talked to some knowledgable folks who estimate these apps spend as much as 90% of their gross revenue on app install ads.

[…]

Apple is allowing these scams to tarnish their brand and destroy people’s trust in the App Store to make a little extra money and pad the pockets of Google and Facebook. They’ve been playing whack-a-mole for years instead of doing the deeper work of re-aligning incentives.

[…]

And that brings us back to my rant last fall. Not only is Apple failing to re-aligning incentives, they are actively incentivizing revenue over user experience by featuring apps based on how well they do financially without regard for how they do it.

Dominik Wagner:

The @AppStore currently promotes a metronome app that has a $7.99 weekly price. That is $415.48 for the default trial subscription it shows at start. That’s promoting fraud. And not the first occasion. @Apple we demand better.

Rene Ritchie:

Gross. Looks like a few metronome apps do this. Among a ton of other gross of apps.

Totally destroys the “you can just trust it” reputation of the @AppStore

Hope Apple cracks down on all the subscription scams and yesterday.

I don’t think Apple should ban these apps or prevent developers from setting the prices. But it should be easier for customers to see what they’re committing to and to cancel before they get rebilled.

Ryan Jones:

The scammers that are ruining the App Store WILL erode consumer trust, Apple’s advantage, viability of good products, and services revenue.

Again, I think and talk about it a lot, because these things change slowly, then all of a sudden.

Previously:

Update (2019-07-23): Ryan Jones:

Whhhhhhaaaaat. LOL. Found this app because the twin sisters that made it were featured in the App Store.

Now THAT is a paywall. 🤣

Ryan Jones:

Here’s a video.

TRY FOR FREE!

....$500 per year. Hahahah

Ryan Jones:

OMG, if you try to close the paywall...

At this point - pure scam. Through and through.

Paul Haddad:

I like how the $520 subscription text is unreadable. Also wow this is an app target at kids, how the hell can Apple feature this. Shameful.

John Gruber:

More than just unreadable, I’d argue they go to extraordinary lengths to render it illegible. It’s more like a hidden easter egg.

Marco Arment:

App Store subscription scams are 100% Apple’s fault, with most of the problem being the design of the purchase-confirmation screen.

Look at how little space is used to communicate the price, buried under a wall of boilerplate “policy” text, surrounded by huge calls to action.

If Apple’s going to continue accepting apps despite exorbitant subscription pricing — probably the only enforceable option — iOS needs to MUCH better communicate pricing on the IAP confirmation screen.

I’d like to see short-duration subs show the true price per month or year.

Ryan Jones:

Exactly, plus the incentives they have created. All their policies incentive this, we are the fools fighting what the platform‘s natural gravitational pull is telling us to do.

David Hsu:

Ignorant app review is one thing—we’re used to it—but actively promoting apps like this, with Apple taking 30% cut of whatever amount these scams rake in… It’s hard to not doubt these repeated offenses from Apple are completely accidental.

Kyle Howells:

Apple avoided upgrade pricing… because they disagreed with the user experience or the principle? 🤷🏻‍♂️

Instead they’ve pushed developers towards subscriptions, with this completely predictable result. The AppStore is now full of spam and scam apps trying to trick you.

Update (2019-08-02): Mark Villacampa:

This? Oh, nothing, just a QR code app that charges a 10€/week subscription, hoping people forget to unsubscribe after the 3 days free trial period

Update (2019-08-19): Lukas Stefanko:

Over 2,000 scam apps discovered on App Store #iOS

-scan fingerprint to make in-app purchase
-some of them are still on App Store
-2 apps made around $400k in June alone
-list of 517 apps

Apps ask users to place their finger on the Home button to take a heart-beat reading. App dims the display to minimum to hide the content — which is actually dialogue requesting authorization for in-app purchase.

Craig Grannell:

There is no way to escape the screen and use even a feature-limited version of the app. The FREE FOR NEW USERS button shimmers and animates, and the header states you can “access all features for free”. However, beneath the shimmering button is a comparatively dull one, outlining a staggering £24.49 fee – for a filter app. This is clearly designed to drive people to prod the free button; but take another look and you see some really faint grey text below, which notes that the trial is for just three days. After that point, you’ll be charged a monstrous £8.49 per week – more even than that monthly fee.

Sure enough, tap the button labelled FREE under the heading that says ‘For Free’, and you’re invited to join a piffling three-day free trial that then converts into an £8.49 per week charge. On older iPhones, this is horribly easy to trigger in error – automatic, if your thumb’s already on the Home button.

Update (2019-09-27): See also: Fleeceware (via Hacker News).

Thursday, July 11, 2019

Why Do Web Browsers Allow Access to the Local Network?

Jeff Johnson:

Since constantly requiring confirmation is obviously incredibly annoying, Apple has conveniently exempted some of its own apps from the requirement. For example, macappstore and macappstores URLs will automatically open App Store app without your confirmation.

But, curiously, Safari does prompt for opening the News app.

Zoom is certainly deserving of criticism. But I’ve seen very few people stop to ask, how was Zoom’s little trick even possible in the first place? Why does Safari allow a web page, zoom.us, to make requests to a localhost server? Is this possibility not surprising to you? It was surprising to me! The problem is actually worse than this. The major browsers I’ve tested — Safari, Chrome, Firefox — all allow web pages to send requests not only to localhost but also to any IP address on your Local Area Network! Can you believe that? I’m both astonished and horrified.

[…]

Moreover, a web page can even scan your network to find the addresses of your devices. I found a recent paper by Forcepoint that discusses in detail these kinds of attacks on your LAN from the web. So security researchers are aware of this possibility, but it seems that the browser vendors are doing nothing to plug the holes in their web browsers!

It seems strange that browsers prohibit access to local files but not the local network.

Bob Burrough:

Run some Javascript to scan common local router IP’s and save the results to the server. It would even map to your WAN IP so they could start hitting your router externally. The web is an absolute mess.

Previously:

Update (2019-07-15): See also: Hacker News.

Update (2019-07-17): Maxwell Swadling:

re web browsers, use LuLu or Little Snitch. They are great for lots of reasons, not just web browsers.

Agreed, but unfortunately most people don’t even know about such utilities—hence the argument for browsers providing some security here.

iCloud Data Loss With macOS 10.15 and iOS 13 Betas

Max Seelemann:

Whereas in recent years, it was pretty safe to install preview versions early on, this year that’s definitely not the case (see for example this report on Cult of Mac).

Most impactful for us, however, is that the (great, great) updates done to iCloud are also leading to severe problems with the service. As iCloud is Apple’s sync service, it’s beyond our power to solve them, of course. Some public beta users reported synchronization outages and data loss that propagated to devices that did not even run the beta but were just connected via iCloud.

Craig Hockenberry:

If you have an iOS or macOS beta installed, disable iCloud on that device NOW.

If you don’t you’ll end up with data loss on your production devices. Also, these problems are not app-specific, things are fucked up at the framework level.

Judging from the release notes, Apple knew about many of the issues prior to releasing the betas, so it’s surprising that they chose to release the public betas earlier this year.

John Gruber (tweet):

Right now iCloud is dangerous on the beta OSes. That’s not a complaint in and of itself; if there weren’t bugs they wouldn’t be betas. But I think it was a bad idea for Apple to release public betas at this stage.

Craig Hockenberry:

Apple talks a lot about services being the future of the company, but then they pull shit like this and it makes me wonder if they have any clue that the most important part of a data service is protecting its contents.

Wil Shipley:

The real BS part of this is that there’s really no good way for us to restore iCloud data, which is becoming increasingly more of our data.

Max Seelemann:

I know what a beta is and what that means. But in times where everything is a beta, people tend to to forget.

imo, a company giving betas to millions of people is responsible for doing this in a responsible manner. As a minimum it’s to make sure to at least not delete data.

Colin Weir:

There’s also an implied level of stability in a public beta that’s not in a developer beta. We know they’re basically the same builds, but to normal users “public beta” means “safe, but some stuff might work weird"

So by putting out unstable developer betas and calling them public betas, they’re doing a big disservice

Steve Troughton-Smith:

iBooks is unusable in iOS 13 thanks to iCloud issues. It took three weeks (!) for it to re-index my iCloud library before it would let me open a book, and it deletes it and requires a redownload, citing space issues, constantly (I have 180GB free space). Local cache is whack

It’s definitely not the worst beta process by a long shot, but it’s definitely way too rough for public seeding on iPad. I’m losing touches constantly, which makes the software keyboard as bad as the MacBook Pro for reliability At least they’re consistent…

Craig Hockenberry:

We submitted a detailed DTS incident about corrupted/deleted iCloud documents in the iOS 13 beta. But guess what? DTS doesn’t support beta releases.

So it’s a public release, but not.

Steve Troughton-Smith:

from what I’ve seen, a lot of the time I run into ‘data loss’ is where some migration/indexing process has got stuck, making it look like I’ve got no/wrong data, and instead of waiting it out I try and fix it myself while the system is still broken

It’s very easy to panic and do a lot of damage when the OS makes it look like your data is screwed up, even when underlying data is totally fine and it’s actually some intermediary daemon process hanging in the bg. Sometimes you really do need to chill & wait for the next beta

Previously:

Apple News+ Revenue

Juli Clover:

Apple News+ seems to be floundering just months after its launch, according to new details from participating magazine publishers shared by Business Insider.

Multiple publishers have been unimpressed with the revenue generated from Apple News+. One told Business Insider that revenue was one twentieth of what Apple promised, while another said that it was on par with what was earned from Texture, which isn’t much.

Nilay Patel:

This implies Apple News publishers are making half of what they did with Texture, which is impressively bad. (10x/20 = .5x)

Oluseyi Sonaiya:

Apple made a big deal about WSJ, for example, being part of News+, but if I understand correctly the index of articles is not included, so you can’t browse the content listing. You’re left with inbound links and whatever they push into the News+ feed.

Gotta pony up for the feed.

Chance Miller:

Last month, Eddy Cue said that Apple had “hundreds” of people working to make Apple News+ better. Apple News+ is currently available in the United States and Canada, but it’s expected to launch in the UK this year as well.

Rob Griffiths:

You know what what would make Apple News better? This…

• Let me delete my downloaded mags.
• Show new issues in sidebar list of my subscribed mags.
• Give the Mac version support for multiple windows or tabs—no more of this one-window iOS bullcrap.

Mitchel Broussard:

Jumping to the topic of Apple News+, Cue stated that one of Apple’s big goals right now is to convince younger people to subscribe to the service.

Previously:

Update (2019-07-15): Josh Centers:

The best bet for Apple News+ isn’t legacy publishers, but small, platform-oriented ones like @GlennF and @jdalrymple. Too bad Apple already burned people like that with Newsstand.

These big dinosaurs have a hard time adapting to these new formats. Smaller outlets can and will do it if given the proper support. Look at what @MacSparky does with Apple Books.

“Hey, read a month-old Macworld article for just $10 a month” isn’t a great sales pitch.

Update (2019-08-07): Lucinda Southern (via Eric Young):

Publishers including Vice Media and The Stylist Group say they’ve gotten traffic and, more importantly, revenue lifts from Apple News in the last three months. While this is from a small base, for some publishers it signifies that patience with publishing to the platform, which has been widely accepted as good for brand awareness but lagging revenue, is starting to pay off.

Wednesday, July 10, 2019

WWDC 2019 Video Transcripts Now Available

Apple:

Take advantage of transcripts to quickly discover and share information presented in WWDC19 videos. You can search by keyword, see all instances where the keyword is mentioned in the video, go straight to the time it was mentioned, and even share a link to that specific time.

It seems like they are more human-edited this year, which is good because the sessions now serve as defacto documentation in many cases.

Previously:

Hook 1.0

CogSci Apps:

Hook supplies the missing links in macOS, to allow users to access the documents that are most relevant to the task at hand. The app, based on cognitive science, allows users to instantly create notes linked to a document, or other information item, providing instant navigation between the two.

Hook doesn’t replace any of a user’s favorite Mac apps, but instead augments them. For instance, by using a simple keyboard hotkey combination, a Mac user can instantly create a new item (in the app of their choice) that Hook links to the current item (such as a web page, PDF, email or file). With Hook, a document can be linked to an outline, an OmniFocus project, an email, and many other types of information.

It works with EagleFiler’s record links.

GDPR Fines: So Now We Know

Doug Lhotka:

In the past few days, Marriott and BA were both hit with $100M+ fines for breaches. While both are going to appeal, the benchmark has been set, and we now know that the regulators are serious about enforcement. One interesting fact – if the reports are accurate, Marriott is being fined under the GDPR, while the breach occurred before it went into effect. That certainly changes the risk equation, as retroactive security is, alas, still beyond our ability today. I suspect we’ll see a similar seriousness with CCPA (the new California regulation), though those costs will include consumer litigation as well.

Gosh Darn SwiftUI

Sarun Wongpatcharapakorn (via Andy Bargh):

All the answers you found here don’t mean to be complete or detail, the purpose here is to act as a cheat sheet or a place that you can pick up keywords you can use to search for more detail.

kateinoigaku (Soroush Khanlou):

Only Apple knows the actual implementation. But it’s certain that AttributeGraph.framework has its own reflection system.

I said “I’m looking forward to your great libraries using metadata” in try! Swift but I had never thought Apple do it, I think Apple started to use metadata because ABI stability was built since Swift5. In fact, ABI stability brings us great benefits!

Previously:

Update (2019-07-11): Jeff Nadeau:

A clever teardown, and not far off in principle

Tuesday, July 9, 2019

Apple Discontinues 12-Inch MacBook

Joe Rossignol:

Coinciding with refreshes to the MacBook Air and the entry-level 13-inch MacBook Pro today, Apple appears to have discontinued the 12-inch MacBook, which is no longer available through its online store.

It’s a bit sad to see it go because I know some people really liked the tiny size. But it’s hard to justify its existence and premium price when compared with a still-small MacBook Air with a much better display that’s faster and has more ports. I’m surprised it wasn’t discontinued when the 2018 MacBook Air was introduced.

I don’t think I’ve ever seen a 12-inch MacBook in the wild, and it’s the least popular Mac among users of my apps. There are roughly 40% more customers using the pricey iMac Pro—which didn’t ship until 6 months after the last MacBook update—than the entire MacBook family (which includes the older polycarbonate models).

Perhaps this size and name will return when Apple introduces its first ARM Macs.

Matt Birchler:

One thing I find interesting is that Apple’s completely new computers from 2013-2016 include:

  • Trash can Mac Pro
  • 12” MacBook
  • Touch Bar MacBook Pros

3 of those are already dead and we have rumblings of a new MBP design coming in the next year or so.

Since then we’ve had:

  • iMac Pro
  • New Mac mini
  • Mac Pro (cheese grater 2.0 edition)
  • New MacBook Air

Clearly, Apple has turned a corner when it comes to Mac hardware.

Ryan Jones:

Credit to Cupertino for killing the MacBook One!

Been saying it for years - that computer was a mistake. Stupid to go one port, premature to go USB-C, launched with no supply, bad name, immediate forgotten in the roadmap.

Apple’s starting to do literally exactly what I/we said they should with Mac lineup. More evidence they are back to listening to core users.

Previously:

Update (2019-07-10): Jason Snell:

Theory: It’s another thermal corner. They couldn’t add anything to the product w/o a redesign because of the fanless thing, they couldn’t get it down under $1000, and decided (early on, I guess!) to replace it with another Air.

My daughter has one and loves it 🤷🏻‍♂️

Riccardo Mori:

First it was the 11-inch MacBook Air, now it’s the 12-inch MacBook. Do you want an Apple ‘ultrabook’? You’ll have to get an iPad Pro. What a coincidence.

Apple Lowers SSD Prices

Benjamin Mayo (tweet, MacRumors):

In addition to launching refreshes to the MacBook Air and MacBook Pro, Apple has lowered the cost of higher-end Mac solid state storage options, cutting the price in half for many of the configurations.

For example, the 4 TB SSD of the 512 GB 15-inch MacBook Pro used to cost $2800. It now costs $1,400. These savings are seen across the iMac, iMac Pro, Mac mini, and MacBook Air line.

[…]

The general pattern is that the first upgrade still costs the same, with price reductions applied to the bigger capacities.

This is great news, although the prices still seem inflated. For comparison, Apple is charging $400 to go from 256 GB to 1 TB, but you can get a highly regarded 1 TB Samsung SSD for $137. And there’s now a 2 TB Intel one for $103. Granted, this is not as fast as what Apple ships, but for many people the tradeoff would be worth it for that amount of storage. And it would certainly be an improvement over the spinning hard drive in the 2019 iMac.

It’s important to get enough internal storage because current Macs don’t have many ports, and there are issues with external drives.

Howard Oakley:

The snag with thermal throttling is that it only happens when you’re putting pressure on the SSD, maybe with it writing hundreds of GB of video. So when you need the X5’s performance most is when it’s most likely to have to use thermal throttling to keep itself cool. In what I thought was a comfortable ambient of 23˚C (73˚F) with a light breeze and good shade, my X5 suffered thermal throttling fairly consistently when I left it to run the Blackmagic Disk Speed Test for longer than 2 minutes 45 seconds, and by 3 minutes most of its writing was being done at 700 MB/s or less.

[…]

Yes, the installer thought it had worked and installed the two kernel extensions it required (two kernel extensions? really?), but in fact they had been blocked by macOS, so the Samsung app couldn’t see the SSD.

Previously:

MacBook Air 2019 and New 13-inch MacBook Pro

Joe Rossignol:

Apple today announced that it has updated the MacBook Air with a True Tone display and lowered the price of the notebook to $1,099 in the United States, or $999 for qualifying students through Apple’s education store.

[…]

Alongside today’s update and price drop, Apple has also discontinued the 2017 MacBook Air, which it had continued to sell for $999 following the introduction of the revamped MacBook Air last October.

It is great to see more frequent Mac updates. Now the only non-Retina Mac is the base iMac—unless you count the Mac Pro and Mac mini because of the available external displays.

Joe Rossignol:

Apple today announced it has updated its entry-level 13-inch MacBook Pro with the latest 8th-generation Intel Core quad-core processors for up to two times faster performance compared to the previous generation. The notebook now also features a Touch Bar with Touch ID, a True Tone display, and the Apple T2 security chip.

It’s sad to no longer be able to get a MacBook Pro without a Touch Bar, but the 13-inch MacBook Escape hadn’t been updated in more than two years.

Wojtek Pietrusiewicz:

If Apple hadn’t added the Touch Bar to the non-Touch Bar model and just upgraded the CPU, I would be ordering one right now — the new CPUs are exactly what I have been waiting for. Unfortunately, they did, so that probably means no more Macs for me, at least until they get rid of the Touch Bar. And no, the Air is not sufficient for my needs — it lacks Display P3 and a proper processor.

retrac98:

99%+ of my usage of the touchbar is pressing escape, adjusting screen brightness, speaker volume, or accessing music controls.

All of these worked flawlessly when I had physical keys, but now it’s hard to know what I’m pressing without looking, and sometimes the controls become unresponsive to touches or drags.

I am also a musician. The Touch Bar is fantastic to adjust tuneables in GarageBand, without the gorilla arm or wobbly screen effect you get on touchscreens.

Mark Munz:

Apple adds Touch Bar to entry level MacBook Pro, because THAT’S what everyone has been clamoring for – more Touch Bar.

🤦‍♂️

Nick Heer:

This simplifies the lineup dramatically. No longer are there three similar yet purportedly different computers within $200 of each other; now, there’s a simple choice of consumer models and professional models, and at respectably lower price points to boot.

Stephen Hackett:

I think for almost everyone, the MacBook Air is the right notebook. It’s thin and light, with plenty of power for most tasks, but if you need a better GPU or more cores, the MacBook Pro is a logical upgrade. I like it when the Mac product line makes sense.

John Gruber:

Other than the increase in size of the “smallest” MacBook, the only knock against today’s revamp is that the starting price (for those other than college students) has jumped from $1000 to $1100.

Previously:

Update (2019-07-10): See also: Hacker News.

Update (2019-07-11): Dan Seifert:

macbook pro owners: what are you using the touchbar for at this point, three years on from its debut?

Joe Rossignol:

Geekbench 4 scores indicate the base 2019 model with an 8th-generation 1.4GHz quad-core Core i5 processor has up to a 6.8 percent increase in single-core performance, and up to 83.4 percent faster multi-core performance, compared to the base 2017 model with a 7th-generation 2.3GHz dual-core Core i5 processor.

Update (2019-07-15): Benjamin Mayo:

The equivalent 256 GB SSD 2018 MacBook Air could top 2 GB/s read and around 0.9 GB/s write speeds. Therefore, the new SSD component in use has marginally superior write speeds but 35% slower read speeds, falling from 2 GB/s to 1.3 GB/s.

Update (2019-07-19): Dieter Bohn:

Most of all — keyboard aside — the overall design and quality of the hardware is top-notch. There are dozens of Windows laptops in the same price range that beat this Air on any number of metrics. You can get edge-to-edge screens, log in with your face, and find faster and more powerful processors. But very few of them have the same iconic look and feel of the aluminum Air.

[…]

There’s also the fact that Apple was unable to update the processor to something more powerful. It is still using a 1.6GHz dual-core “Y-series” Intel processor, which is not nearly as powerful as the “U-series” processor you find on the MacBook Pro and many Windows laptops.

Via Nick Heer:

Based on Bohn’s review, it seems like this year’s revision gets closer to correcting the balance. Get a decent keyboard in these things again and there ought to be no reason for most people with the money to spend to even consider buying anything else.

Zoom Vulnerabilities

Jonathan Leitschuh (Hacker News, Reddit):

A vulnerability in the Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business.

[…]

Additionally, if you’ve ever installed the Zoom client and then uninstalled it, you still have a localhost web server on your machine that will happily re-install the Zoom client for you, without requiring any user interaction on your behalf besides visiting a webpage. This re-install ‘feature’ continues to work to this day.

This vulnerability leverages the amazingly simple Zoom feature where you can just send anyone a meeting link (for example https://zoom.us/j/492468757) and when they open that link in their browser their Zoom client is magically opened on their local machine.

Joseph Cox:

The problem lies is how Zoom allows whoever sets up the call—be that someone creating a conference call for a company, or perhaps a hacker—to decide whether participants’ webcams are enabled at the start of the call or not. Leitschuh says Zoom did fix this, and stopped an attacker from turning on a user’s video camera, but then an issue with the patch was discovered, still allowing a hacker to turn on the camera.

Richard Farley, Zoom:

Second, when Zoom is installed on a Mac device by the user, a limited-functionality web server that can only respond to requests from the local machine is also installed on the device to help launch Zoom meetings. This is a workaround to a change introduced in Safari 12 that requires a user to confirm that they want to start the Zoom client prior to joining every meeting. The local web server enables users to avoid this extra click before joining every meeting. We feel that this is a legitimate solution to a poor user experience problem, enabling our users to have faster, one-click-to-join meetings. We are not alone among video conferencing providers in implementing this solution.

I wonder if, rather than “Safari 12,” he means “Safari in macOS 10.12,” as that was the version that introduced the incredibly annoying confirmation alert every time you click a link to another app. It doesn’t just prompt you the first time for a particular app, or the first time a link from a certain site takes you to that app; it asks you every single time. I have to click through these alerts dozens of times a day, and after years of this you can be sure that I don’t read them.

If this Safari security feature had not been so draconian, I doubt that Zoom and similar apps would have gone to such lengths to work around it. And I have serious doubts that the alert actually helps security much, both because of the limited ways such links could be abused and because I don’t think most users are able to make an informed decision about it.

Frankly, everyone looks bad here. Zoom, obviously, because of questionable design decisions and poor engineering. And Apple, because this is the type of app that should be in the Mac App Store. Whenever someone would send me a Zoom link, I would try to find another way to communicate because I didn’t want to run their installer and figure out how to remove any junk that it added. Were the app in the Mac App Store, I would have easily installed it and trusted that it was confined to its container. Technically, the app should be able to do everything it needs within the sandbox. But for whatever reason—perhaps business—Zoom didn’t find the Mac App Store to be a good way to distribute its app.

The solution is not to further lock down apps outside the store, making both users and developers miserable. Think about what types of lock down would have been required to prevent this and whether it would have actually been effective. (Are you going to ban local Web servers? Try to discourage the user from clicking Allow?) No, the solution is to make the store more attractive so that it makes sense for mainstream apps—from indies to multi-billion dollar companies like Zoom—to be there.

Jim Rea:

This sucks, and I am upset with Zoom, but am I correct in thinking if this happened I could just immediately quit the zoom app? I mean the zoom app isn’t exactly stealthy. Also, maybe I might be more worried about it sharing my screen than the camera, is it doing that?

Tony Arcieri:

The flipside to responsible disclosure: failure to patch a critical vulnerability in 90 days makes a software vendor irresponsible and it’s a good thing for their irresponsibility to become public knowledge sooner than later

Jeff Nadeau:

Oh hey, Zoom is that product that installs the entire app inside its package preflight script if it detects that you’re running as administrator. Naughty indeed.

Maxwell Swadling:

If you don’t like how Zoom bypasses safari security wait till you see how Google Chrome proxies USB / HID clients 🤭

Alexis Gallagher:

What other apps install local web servers that always run, even when the app is not running, even after you’ve uninstalled the app?

For instance, is that you @figmadesign? 😔

agreenbhm:

I also found that, instead of making a regular AJAX request, this page instead loads an image from the Zoom web server that is locally running. The different dimensions of the image dictate the error/status code of the server...One question I asked is, why is this web server returning this data encoded in the dimensions of an image file? The reason is, it’s done to bypass Cross-Origin Resource Sharing (CORS).

Sean Coates:

You know the state of video conferencing apps is bad when “it might turn on your camera without your permission” isn’t bad enough to make you switch to one of the worse alternatives.

Josh Centers:

To check to see if the Web server is running, open Terminal, enter this command, and press Return:

lsof -i :19421

[…]

If you want to get rid of the hidden Web server, though, you’ll have to use Terminal.

Mateusz Stawecki:

Zoom nastiness removal one-liner. Open Terminal, paste and press return:

lsof -i TCP:19421 | awk 'NR > 1 {print $2}' | xargs kill -9; rm -rf ~/.zoomus; touch ~/.zoomus

Dr. Drang:

I don’t pretend to follow all of Leitschuh’s explanation of the vulnerability, but I do understand the commands for the fix. I thought I’d talk about what they do. Also, there’s a cut-and-paste solution getting some traction on Twitter that I want to talk about.

Previously:

Update (2019-07-11): Jason Snell:

I think this Zoom story is getting a bit overhyped, but the fact is that Apple added a security feature that required an extra click by the user, and @zoom_us responded by... installing a local web server to bypass the feature. Talk about a disproportionate response.

Jason Snell:

My guess is that Zoom’s original sin comes out of its corporate culture, which is focused on competing in a pretty cutthroat industry with demanding clients (IT managers) and not particularly technically literate customers (the individual business users). There’s probably a great fear of losing business to other businesses who can boast about running video meetings with ever less friction to the user.

Glenn Fleishman:

Zoom had a cascading failure of product decisions, security bypasses, and then a terrible hand-waving blog post—which has been updated several times, and they’re finally doing the right thing.

This reminds me of the 2005 Sony rootkit scandal. Zoom had no ill intent here, but they scored own goals by allowing developers to create a system that intentionally bypasses security protections, installs unknown software, and has no consent involved.

John Gruber:

But the fact that Zoom implemented it in a way such that the web server was still there, still running, even when you deleted the Zoom app, is morally criminal, and should be legally criminal. No one who understands how this worked could possibly have thought this was ethical.

Renaud Lienhart:

Yes, @zoom_us is a garbage fire that deserves to go bankrupt. But we need to analyse why they do this: it’s because macOS doesn’t provide the frameworks & infrastructure to implement these features in a simple & secure way.

Ideally, macOS would work more like iOS, where developers could bundle specific extensions within their bundles that the system would register and launch on demand for these purposes. Instead, they have to work around these limitations in an atrocious way.

Rosyna Keller:

The Safari security feature that requires user-confirmation will always stop drive-by [no user interaction] attacks. Attacks that are designed to passively launch exploits.

Rosyna Keller:

In Catalina, apps can use universal links + associated domains to avoid the confirmation dialog.

Rich Trouton:

I’ve taken those [uninstall] commands and used them to build a script to address the vulnerabilities described in CVE-2019-13450.

Zoom (Hacker News):

We are stopping the use of a local web server on Mac devices. Once the patch is deployed, Mac users will be prompted in the Zoom user interface (UI) to update their client. Once the update is complete, the local web server will be completely removed on that device. 2. Allow users to manually uninstall Zoom – We’re adding a new option to the Zoom menu bar that will allow users to manually and completely uninstall the Zoom client, including the local web server. Once the patch is deployed, a new menu option will appear that says, “Uninstall Zoom.” By clicking that button, Zoom will be completely removed from the user’s device along with the user’s saved settings.

Zack Whittaker (Hacker News):

Apple has released a silent update for Mac users removing a vulnerable component in Zoom, the popular video conferencing app, which allowed websites to automatically add a user to a video call without their permission.

So the Zoom story seems to be mostly over. However, there remain some open questions:

  1. Why didn’t Zoom use a Safari extension to avoid the extra click? Would it not have done the job? Did they not consider this option? Did they deem it too clunky for customers to install and enable?

  2. Is the browser the appropriate place to put these sort of protections? After all, potentially dangerous links can be received via other means, such as e-mail and iMessage. Would it make more sense for the app receiving the link to offer protection? For example, FaceTime requires you to click a button to answer a call (though Apple lets it bypass asking for camera access). There could be a preference—off by default—to auto-accept connections, or to only auto-accept from certain trusted callers.

  3. What does Apple consider to be the actual problem—opening custom links in response to user action, or only drive-by attacks?

  4. Will Universal Links in macOS 10.15 make a difference? It sounds like the answer is only in some cases.

  5. Why aren’t people talking about BlueJeans, which runs a similar daemon for similar reasons?

  6. Will browsers continue to allow remote pages to access local servers? That seems to be the root problem in this case.

Update (2019-07-12): Jonathan Leitschuh:

That @zoom_us daemon (hidden web server) is now known to have a Remote Code Execution Vulnerability!

Patrick Wardle:

Zoom: Let’s allow remote access to your mic/cam 🛡️ OverSight: Fine, but we’ll detect & alert

Apple: Let’s silently remove Zoom 🛡️ BlockBlock: Fine, but we’ll detect & alert

Update (2019-07-16): Juli Clover:

Apple today pushed a second silent security update to Macs to address further vulnerabilities related to the Zoom video conferencing app for macOS, reports The Verge.

Apple removed software that was installed by RingCentral and Zhumu, two video conferencing apps that relied on technology from Zoom and were also found to have the same vulnerabilities as Zoom earlier this week.

Update (2019-07-17): Rich Trouton:

To verify that you have this installed, here’s a one-line command to check for the latest installed MRT installer package[…]

John Gruber:

This option is enabled by default — even if you choose to install regular system updates manually — which is why the vast majority of Mac users are getting these “silent” updates automatically. But if you disable this option, even these silent updates won’t be installed automatically. I confirmed this with an Apple spokesperson, who emphasized that Apple only issues such updates “extremely judiciously”. Any pending security updates will be installed the next time you manually update software.

[…]

If I could tweak anything, it would be to have these updates show up in the regular list of pending software updates if you have “Install system data files and security updates” turned off.

Bruce Schneier:

This is why we disclose vulnerabilities. Now, finally, Zoom is taking this seriously and fixing it for real.

Update (2019-07-25): See also: The Talk Show.

Timo Perfitt:

The current zoom installer for macOS installs and runs the application from a pre-install script in the installer package. Also, if you use the “pkginfo” option with installer command to get info about the package, it also installs and runs. 😫😫😫😫

Apple Revives Texas Hold’em Game

Michael Potuck:

In a surprise move, Apple has revived its Texas Hold’em game for iOS today. The update to the original game comes in celebration of the 10-year anniversary of the App Store and has been redesigned to include new characters, improved graphics, more challenging gameplay, and much more.

I certainly didn’t expect that to happen.

John Voorhees:

Missed the 10th anniversary by 363 days.

Theories:

  1. The intern didn’t finish the update until this summer
  2. Jony said no, but now that he’s leaving, anything is possible

Marco Arment:

  1. They submitted it last year but it was held up by app-review limbo.
  2. The build was stuck “Processing” for a year.

Previously:

Update (2019-07-15): John Gruber:

They’ve switched the font to San Francisco (but maybe that’s just because they were always specifying the system font), and it adapts to fit the iPhone X-class displays, but there’s still no iPad version and still no iCloud syncing across devices. For the most part, the game seems unchanged. Oh, and in a sign of the times, the price dropped from $4.99 to free.

Monday, July 8, 2019

Cloudflare Outage Caused by Regular Expression

John Graham-Cumming:

Unfortunately, one of these rules contained a regular expression that caused CPU to spike to 100% on our machines worldwide. This 100% CPU spike caused the 502 errors that our customers saw. At its worst traffic dropped by 82%.

We were seeing an unprecedented CPU exhaustion event, which was novel for us as we had not experienced global CPU exhaustion before.

Update (2019-07-15): John Graham-Cumming (Hacker News):

Although the regular expression itself is of interest to many people (and is discussed more below), the real story of how the Cloudflare service went down for 27 minutes is much more complex than “a regular expression went bad”. We’ve taken the time to write out the series of events that lead to the outage and kept us from responding quickly. And, if you want to know more about regular expression backtracking and what to do about it, then you’ll find it in an appendix at the end of this post.

Malformed iMessage Could Cause iPhone Boot Loop

Project Zero (via Hacker News):

The method -[IMBalloonPluginDataSource individualPreviewSummary] in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString. This method calls [IMBalloonPluginDataSource _summaryText] which returns the property assuming it is a string, but this is not checked. The calling method then calls -[IMBalloonPluginDataSource _replaceHandleWithContactNameInString:] which calls im_handleIdentifiers on the NSString which is really an NSNumber, which throws an exception as the selector does not exist in that class.

On a Mac, this causes soagent to crash and respawn, but on an iPhone, this code is in Springboard. Receiving this message will case Springboard to crash and respawn repeatedly, causing the UI not to be displayed and the phone to stop responding to input. This condition survives a hard reset, and causes the phone to be unusable as soon as it is unlocked. The only way I could find to fix the phone is to reboot into recovery mode and do a restore. This causes the data on the device to be lost though.

The bug is fixed in macOS 10.13.4 and iOS 12.3, but what about customers on previous OS versions? Now that the bug is known, they could be targeted. And it doesn’t seem like Apple could intercept the bad messages at the server level without decrypting private messages.

NSSecureCoding can’t really protect against this kind of mistake. Maybe Swift could have, depending on how the code was written.

I recently ran into a similar bug with AVPlayer, where using the scroll wheel calls an internal method with the wrong data type where a number was expected, causing an exception and alert window. I’m sure sort of thing happens all the time, throughout the iOS/macOS and apps, but rarely are the potential consequences so dire.

Previously:

Post-Approval App Review

NSErrorWtf (via Michael Love):

He said that app review tends to take around 10-15 minutes. App review will go “in review” 4-5 hours before the first reviewer actually looks at it. Then someone will launch it and all the diagnostic logs start trickling in. They’ll play with it for a bit. Launch/relaunch it a bit. Lots of force-quits.

The INTERESTING thing that had said started a few weeks ago was they would notice updates would get approved/released on one day. Then consistently ~48 hours after release they’d see the apple review account login again and poke around.

He suspected this was apple trying to catch app devs performing “review fraud”, where the app’s behavior changes with a server flag at a later date to try and bypass app store guidelines and such.

MacUpdater 1.4.15

CoreCode (tweet, via Leo):

While our users tell us that MacUpdater is the best app they have found in years, Apple rejected it from inclusion into the Mac App Store, because it is not ‘useful enough’. Meanwhile, Apple continues to distribute dozens of apps that are malware, or are from known Malware vendors!

I had not heard of this app, perhaps because it’s not listed on MacUpdate, either. (Besides the similar name, it competes with their Desktop product.)

It seems genuinely useful, though:

Nothing could be easier than finding out which of your apps are out-of-date with MacUpdater. Just launch it and let it scan your apps. You’ll see a list of all your apps, and apps with updates are listed in red. There are filter-options to display just outdated apps or ignore apps from being updated. The MacUpdater database has information about the latest versions of more than 30.000 apps (see FAQ).

I think there used to be another app that did this, e.g. by polling Sparkle feeds, but I haven’t heard about it in a long time.

See also: Mark Sealey.

No Engagement Algorithms

Brent Simmons:

These kinds of algorithms optimize for engagement, and the quickest path to engagement is via the drugs outrage and anger — which require, and generate, bigger and bigger hits.

This is what Twitter and Facebook are about — but it’s not right for NetNewsWire. The app puts you in control. You choose the sites and blogs you want to read, and the app reliably shows you their articles sorted by time. That’s it.

Joshua Emmons:

Brent is making a subtle point here:

  1. Algorithms weigh signal.
  2. In the domain of engagement, outrage and anger mask all other signals.
  3. These signals are fatiguing. As Outrage: 5 is normalized, Outrage: 10 is now required to move the needle.

1. and 2. mean it’s not the algorithm’s fault. There’s no way to write an engagement algorithm that doesn’t select for outrage and anger. But 3. means anything that incorporates such an algorithm actually makes us worse people.

Brent Simmons:

Maybe, though, I could do better. I kind of think not, because I think the problem is a bug in human nature. But let’s say I believed I could do better.

Should I?

Friday, July 5, 2019

FaceTime Attention Correction

Rachel England:

A video call is a great way to connect with friends and family when you can’t physically be together. But even if you’re staring directly at your loved one’s face, there’s still something a little off about the whole process. The way your phone’s screen display and camera lens sync up means you’re never quite able to look your conversational partner squarely in the eye. Until now, that is. Apple is allegedly working on a new feature that subtly adjusts your gaze during video calls, so it appears as if you’re looking into the camera when you’re actually looking at the screen.

Tim Hardwick:

The new “FaceTime Attention Correction” feature, first spotted by Mike Rundle on Twitter, can be turned on and off in the FaceTime section of the Settings app, although it only appears to work on iPhone XS and XS Max devices in the third iOS 13 beta sent out to developers on Tuesday.

Juli Clover:

FaceTime Attention Correction appears to use an ARKit depth map captured through the front-facing TrueDepth camera to adjust where your eyes are looking for a more personal and natural connection with the person that you’re talking to.

Twitter users have discovered the slight eye warping that Apple is using to enable the feature, which can be seen when an object like the arm of a pair of glasses is placed over the eyes.

“S” iPhones Get the Most Software Updates

Steve Moser:

I never noticed this before but you want the most number of major iOS updates go with an ’S’ iPhone. They get the same number or one more year of updates over the non-S iPhones.

I will be interested to see whether the iPhone 6s and iPhone SE are supported by iOS 14. Given how well they currently perform, it seems like they could be. Launching apps is one of the slowest things, and that’s greatly improved in iOS 13.

Requesting Entitlements

Felix Schwarz:

Has anybody heard back from Apple after requesting the #DriverKit entitlement? I requested mine 26 days ago and didn’t so far.

Timo Hetzel:

Requested CarPlay entitlement about 5 years ago 👴🏻

LateNite Films:

Same here for Final Cut Pro’s Workflow Extensions API - radio silence.

Robbie Trencheny:

Same here for Critical Alerts for @home_assistant until about 5 phone calls to dev support, two forums threads and finally only noticing that I got the entitlement without them notifying me by clicking around and doing network debugging in certificates area. Ugh.

I also wonder whether many (or any additional) apps have gotten the com.apple.developer.security.privileged-file-operations entitlement.

Previously:

Update (2020-02-22): Steve Troughton-Smith:

Wow, adding CarPlay support is really easy these days. Still, no reply from Apple means no entitlement means it could never ship

Still frustrating that Apple doesn’t have the decency to reply to CarPlay entitlement requests to say you’ve been rejected, so you’re just sitting there for years wondering what to do

(Yet another massive target for the antitrust hammer, too; how can any app compete fairly with Apple’s own native experiences if they’re not allowed build a CarPlay UI and Apple can)

Giving Notes on Apple’s TV Shows

Tripp Mickle and Joe Flint:

Tim Cook sat down more than a year ago to watch Apple Inc.’s first scripted drama, “Vital Signs,” and was troubled by what he saw. The show, a dark, semi-biographical tale of hip hop artist Dr. Dre, featured characters doing lines of cocaine, an extended orgy in a mansion and drawn guns.

It’s too violent, Mr. Cook told Apple Music executive Jimmy Iovine, said people familiar with Apple’s entertainment plans. Apple can’t show this.

Alexandra Steigrad and Nicolas Vega:

But as the company’s streaming project gets ready for launch, agents and producers can’t stop griping about how “difficult” Apple is to deal with — citing a “lack of transparency,” “lack of clarity” and “intrusive” executives, including CEO Cook.

One of the biggest complaints involves the many “notes” from Apple executives seeking family-friendly shows, sources said.

“Tim Cook is giving notes and getting involved,” said a producer who has worked with Apple. One of the CEO’s most repeated notes is “don’t be so mean!,” the source said.

[…]

Apple executives in general have been “very involved,” this person said, adding that writers and directors prefer to work without corporate intrusions.

Stuart McGurk (via MacRumors):

“I saw the comments that myself and Tim were writing notes on the scripts and whatever,” says Cue. “There’s never been one note passed from us on scripts, that I can assure you. We leave the folks [alone] who know they’re doing.”

So Cook didn’t give that particular note?

“I can assure you that was 100 per cent false. He didn’t say, ‘Don’t be so mean.’ He didn’t say anything about a script.”

Previously:

Update (2019-09-05): Chance Miller:

The Apple TV+ series was said to focus on two Vietnam veterans and best friends, and would have been Richard Gere’s highest-profile TV role:

Richard Gere was set to star as one of two elderly Vietnam vets and best friends who find their monotonous lives upended when a woman they both loved 50 years ago is killed by a car. Their lifelong regrets and secrets collide with their resentment of today’s self-absorbed millennials and the duo then go on a shooting spree.

Howard Gordon and Warren Leight collaborated on two scripts for “Bastards,” but Apple reportedly sent notes with concerns about the “show’s tone of vigilante justice.” According to the report, Gordon did not want to focus on the friendship between the two characters, but rather wanted to emphasize the “darker elements of the series.” Apple, however, wanted to ensure the “series was focused on the heart and emotion of the central friendship.”

Update (2020-02-06): John Gruber:

Say what you want about Apple’s original content thus far, but it does not lack for meanness.

YouTube Hacking Video Ban

Kody Kinzie (via Hacker News):

We made a video about launching fireworks over Wi-Fi for the 4th of July only to find out @YouTube gave us a strike because we teach about hacking, so we can’t upload it.

YouTube now bans: “Instructional hacking and phishing: Showing users how to bypass secure computer systems”

[…]

Just a clarification, we haven’t even uploaded the firework video. We can’t due to a strike on a video about the WPS-Pixie Wi-Fi vulnerability.

YouTube Help:

Don’t post content on YouTube if it fits any of the descriptions noted below.

[…]

Instructional hacking and phishing: Showing users how to bypass secure computer systems or steal user credentials and personal data.

Kate O’Flaherty:

But the infosec community says this policy is broken, because it’s seeing viable educational content also being removed. This content has been used by security professionals and businesses for many years to hone their skills and learn about new threats.

[…]

YouTube has now reinstated the video. It responded to Kinzie on Twitter, saying: “Our policy team reviewed the flagged video and determined that it was taken down by mistake. We have gone ahead and reinstated the video and resolved the strike on your channel. We hope you can upload the 4th of July fireworks video now!”

This doesn’t resolve the core issue, though, because the policy still bans this type of content.

Wednesday, July 3, 2019

SummerFest 2019 for Indie Mac Apps

SummerFest:

Your inspiration doesn’t come from a factory. Neither does artisanal software.

For a limited time, we’re offering you a great price on great software, right at the workshop door. No ridiculous bundles, no silly gimmicks. Great software, great support, great (but sustainable) prices.

[…]

These are terrific tools for thinking, writing, organizing, and delivering your ideas. Sure, you can manage with less – but why would you want to? Each of these tools is carefully crafted and maintained by a small, dedicated team with vision and determination.

A great list of quality apps for ~25% off, including ones I’ve used a lot like BBEdit, TextExpander, PDFpen, and my own SpamSieve.

altool 4.0

Rosyna Keller:

Xcode 11.0b3 includes a major update to altool (used for notarization), altool 4.0, with some awesome new features.

[…]

First, altool actually has a man page now (man altool) accessible after new Xcode 11b3 is installed.

altool supports a new --verbose argument that’s my type of verbose (it’s overly verbose to the MAX!) that’s useful in debugging issues, filing radars, and watching progress.

[…]

Another new argument (as seen in the previous screenshot) is the --transport argument that allows you to specify the upload method order altool/Transporter tries.

[…]

The DAV (WebDAV) method is extremely slow but explicitly specifying it will prevent altool from attempting the other transport methods doomed to fail if UDP is blocked.

[…]

altool 4.0 now supports concurrent uploads from the same host. You no longer have to wait for a submission to return a RequestUUID before starting another submission in a new Terminal window.

A lot of third-party developers were having issues creating a keychain item for use with -p "@keychain:<Keychain Item>" so altool 4.0 has a new convenience command, --store-password-in-keychain-item <New Item Name>, that will create it in the iCloud Keychain for you!

These sound like great improvements.

Previously:

Superhuman Embeds Tracking Pixels in User E-mails

Mike Davidson (via Hacker News):

It is disappointing then that one of the most hyped new email clients, Superhuman, has decided to embed hidden tracking pixels inside of the emails its customers send out. Superhuman calls this feature “Read Receipts” and turns it on by default for its customers, without the consent of its recipients. You’ve heard the term “Read Receipts” before, so you have most likely been conditioned to believe it’s a simple “Read/Unread” status that people can opt out of. With Superhuman, it is not. If I send you an email using Superhuman (no matter what email client you use), and you open it 9 times, this is what I see[…] A running log of every single time you have opened my email, including your location when you opened it.

[…]

They’ve identified a feature that provides value to some of their customers (i.e. seeing if someone has opened your email yet) and they’ve trampled the privacy of every single person they send email to in order to achieve that.

This has long been common with spam and mass marketing tools like MailChimp. But adding tracking—which the sender can’t turn off—for personal e-mails takes this to a new level. The only recourse for the recipient is to turn off automatic display of all remote images, as I describe in the SpamSieve documentation.

cj:

What bothered me the most about tracking pixels in emails (when using Apple Mail) was false positives:

I would occasionally have someone ask me why I opened their email 20+ times before responding (I didn’t).

After a while, I realized that when using the “arrow down” key to scroll through your inbox in Apple Mail (with split view enabled), Apple Mail will open and render every email in the split view when attempting to open an email further down in the inbox. This would result in every tracking pixel being loaded/rendered dozens of times, even when the email was open on the screen for < 200ms.

See also: David Heinemeier Hansson.

Previously:

Update (2019-07-05): Rahul Vohra (tweet):

We are making these changes:

  1. We have stopped logging location information for new email, effective immediately.
  2. We are releasing new app versions today that no longer show location information.
  3. We are deleting all historical location data from our apps.
  4. We are keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on.
  5. We are prioritizing building an option to disable remote image loading.

Walt Mossberg:

This is a good first step. Better than doing nothing. But it’s not enough. I read the full blog post. It makes no mention of disabling tracking how often the recipient opens the email. It’s also full of the rationalization that secret tracking is ok in “business” software.

Michael Rockwell:

Maybe content blockers for email apps should be a thing.

See also: Nilay Patel.

Update (2019-07-10): David Heinemeier Hansson:

Microsoft understood years ago how to offer ethical read receipts in email.

Update (2019-07-24): John Gruber (The Talk Show):

Once we allowed email clients to act as de facto web browsers, loading remote content from servers when messages are viewed, we opened up not just a can of worms but an entire case of canned worms. Every privacy exploit for a web browser is now a privacy exploit for email. But it’s worse, because people naturally assume that email is completely private.

[…]

I think Superhuman should be ashamed of themselves for building this feature in the first place — particularly the geo-tracking. But ultimately, email clients should defend against this. The fact that this nonconsensual tracking is even possible should be treated as a serious bug in all email clients. Apple Mail — both on Mac and iOS — allows you to disable loading of remote images as a preference, but that breaks most graphically rich emails. Mail clients should allow remote images but load them anonymously, through a proxy server perhaps. I’m sure it’s a tricky problem to solve, but I’m convinced it can be solved.

Callionica:

I feel like people are a little undereducated on this whole email tracking read receipt thing (Superhuman is but one example), so here’s something to consider: not only images can track you, but also DNS itself: unique domain + DNS server that logs queries == tracking.

Look up “DNS prefetch” to see why you don’t actually have to click anything or contact the domain itself to have your interest logged.

UIStackView and NSStackView

Reda Lemeden:

The UIStackView class provides axis-specific properties to define the layout: distribution for the main axis, and alignment for the cross axis.

[…]

Unlike NSStackView, UIStackView doesn’t support gravity-based distribution. This solution works by defining gravity areas along the main axis, and placing arranged items in any of them. One obvious upside of this approach is the ability to have multiple alignment rules within the same axis. On the downside, it introduces unnecessary complexity for most use cases.

[…]

The automatic layout calculation that stack views do for us come with a performance cost. In most cases, it is negligible. But when stack views are nested more than two layers deep, the hit could become noticeable.

[…]

Stack views are a lot more versatile than they get credit for. Their API on iOS isn’t always the most self-explanatory, nor is it the most coherent, but once you overcome these hurdles, you can bend them to your will to achieve non-trivial feats — nothing short of a Michelin star chef boasting their plating prowess.

This is probably the best overview I’ve seen.

Monday, July 1, 2019

Catalyst Deep Dive

Samuel Axon (MacRumors):

Ars spoke with key members of the Apple team responsible for developing and promoting Project Catalyst at WWDC, as well as with a handful of app developers who have already made Mac apps this way. We asked them about how Catalyst works, what the future of Apple software looks like, and what users can expect.

[…]

In other instances, developers can, of course, use conditional logic in their code to deliver different experiences and functionality based on which device the software is running on. Apple, however, intended for that approach to be reserved for cases where functionality is simply not available on a certain device but is desired on another.

“We’d like them to use conditionals as little as possible because, you know, conditionals are different code paths that you have to worry about,” explained Ozer. “And I think that the things we’ve tied to conditionals are APIs and features that are really very much Mac-only.”

[…]

Still, Apple agreed that AppKit is the way to go for broad and deep Mac apps like those used by creative professionals and power users. Pruden said she believes Catalyst is about offering developers options but that teams creating powerful desktop apps will know whether it’s suitable for their products or not.

[…]

To Pruden’s point, Benjamin believes there are fundamentally multiple types of apps, and they’re not mutually exclusive with one another on a platform. And this is key to understanding Apple’s approach, here.

Samuel Axon:

To be clear, the Apple interviews did take place at WWDC. (MacStories seems to suggest that Apple participated in this story to do damage control after the fact.) Reason it was pubbed weeks later was that it took a long time to wrangle dev interviews after the Apple interviews.

Previously:

Gaming With a MacBook Pro and eGPU

Justin Searls (tweet):

So, it’s thanks to the trash can Mac Pro that in 2019, it can truthfully be said: instead of putting a beefy graphics card inside your computer, you are now able to take a top-of-the-line gaming GPU, seat it inside an external box, plug that box into your computer, and—using a single high-bandwidth cable—push the necessary instructions to render 4K games at 60 frames per second on the card before (over the very same cable!) pushing those frames back to your notebook’s built-in monitor without introducing any perceptible latency. I’ve seen daily evidence of this for the last month and I gotta say: it’s pretty freakin’ cool.

The idea that you’d be able to connect a GPU over a 2-meter cable and get desktop-class gaming performance out of the current crop of MacBooks Pro seems far-fetched. Even to me, as I literally play games with one. When reasonable people encounter Apple’s marketing about eGPUs—which is only focused on creative professional workflows like modeling VR experiences as opposed to experiencing them—it would be unreasonable to make the logical leap to say, “ah, yes, surely if I boot that computer into Windows, the eGPU enclosure would have the necessary drivers and the Thunderbolt 3 cable would have the necessary bandwidth to render games in real-time with an acceptable frame rate and input latency.”

[…]

Congratulations, you’re now too tired to want to play any games with your now-capable-of-running-them MacBook Pro.

SwiftWebUI

Helge Heß (Hacker News):

So what exactly is SwiftWebUI? It allows you to write SwiftUI Views which display in a web browser[…]

[…]

Unlike some other efforts this doesn’t just render SwiftUI Views as HTML. It also sets up a connection between the browser and the code hosted in the Swift server, allowing for interaction - buttons, pickers, steppers, lists, navigation, you get it all!

In other words: SwiftWebUI is an implementation of (many but not all parts of) the SwiftUI API for the browser.

Previously:

Using Combine

Joseph Heck (Hacker News):

The book is being made available at no cost. The content for this book, including sample code and tests is available on GitHub at https://github.com/heckj/swiftui-notes.

[…]

The contents of this book are available as HTML, PDF, and ePub. There is also an Xcode project (SwiftUI-Notes.xcodeproj) available from GitHub.

This looks really good.

Previously: