Archive for July 31, 2019

Wednesday, July 31, 2019

New 5K 27-Inch LG UltraFine Display

Juli Clover:

Apple’s online store in the United States is now carrying a new 5K 27-inch LG UltraFine Display, which joins the updated 4K 23.7-inch UltraFine display Apple began selling in May.

Available for $1,299.95, the new LG UltraFine 5K Display offers the same 5120 x 2880 resolution as the previous UltraFine 5K Display with 14.7 million pixels and P3 wide color gamut.

Colin Cornaby:

Not the 6k Ultrafine of my dreams but I’ll take it.

John Gruber:

When connected to an iPad Pro via USB-C, it’s limited to 4K resolution, but the old 5K UltraFine Display didn’t support iPad Pro at all.


Update (2019-07-31): Benjamin Mayo (via Kyle Cronin):

Another new LG UltraFine 5K gotcha: the MacBook Pro cannot output to two of them at full resolution, which was supported with the previous-generation of the display.


This means you would get more effective pixels with one Apple Pro Display connected than dual 5K UltraFines.

And of course, running two 5Ks at full resolution was a big selling point of the new MacBook Pro’s Thunderbolt 3 connectivity at the 2016 announcement event.

Update (2019-08-01): Benjamin Mayo:

This saga stretches into another day: the dual-display resolution limit for the UltraFine was a documentation error. So you still can connect and use two at full 5K res with a MBP (or four at 4K).

Retiring Omni’s iOS Document Browser

Ken Case (tweet):

At that time, there was no built-in document browser, or even a rich text editor: if we wanted those features—essential to apps like OmniGraffle and OmniOutliner—we had to build them ourselves.


In 2019, we think it’s time to retire our custom document browser in favor of using Apple’s built-in document browser—and with our iOS 13 updates this fall we’ll be doing just that. Instead of seeing our custom file browser, you’ll be presented with the standard iOS document browser—just like in Apple’s own iWork apps. Using Apple’s browser, you’ll be able to store and sync your documents using Apple’s built-in iCloud Drive, or third-party commercial options like Box—or even in cloud- or self-hosted collaborative git repositories using Working Copy.

I’m looking forward to being able to directly access files from Working Copy. This way I can sync files to my iPhone directly from my Mac, without having to upload them to any cloud provider. It also means that I can be sure certain files are with me, whereas the Files app can’t easily cache whole folders offline and can’t be trusted not to purge its cache at inopportune times.

The Alert Hammer

Paulo Andrade:

Note how on one end of the spectrum alerts are useless for users that don’t understand the implications of allowing such access and on the other end experts want to turn them off.

So for the benefit of a few power users in the middle of the spectrum that feel more secure with these, every one else gets to be annoyed.

I don’t think anyone really understands the implications because you can’t tell whether the app is going to abuse the power it’s given. If I’m installing Zoom, of course I’m going to grant it access to the camera. That’s reasonable for an app of that genre. But I can’t know whether it’s going to try to turn on the camera at times I didn’t expect. And there’s nobody, not Apple, not a review, nor a friend who can definitively say whether an app is trustworthy. Even an actual good developer could have their signing keys compromised.

It’s not that I want to turn the alerts off, exactly. I appreciate being able to see which privileges an app wants so that I can compare them with what I think it should need. I want to know if an app is doing something unexpected. The problem is that the alerts are annoying and not very informative. And some types of access can only be granted in clunky ways like going to System Preferences, choosing the app from an open panel, and restarting it. It would also be nice to see up front everything that the app wants to do so that I’m not repeatedly prompted.

Secrets has this cool feature when setting up two-factor authentication where it would automatically search currently open windows for the QR Code with the seed value. On Catalina, this is now so cumbersome that’s just easier to manually type or copy/paste the value. So long for “surprise and delight”.


Still some people will say: “but I want to know if the app is doing that!”. That’s fair. Alerts aren’t the way to do it though. There’s a better solution [for live data] and Apple already employs it for location services.

I’m not sure that passive notification alone is enough for microphone and camera access, because the app could start recording when you’re not looking at the display to see the notification.

But I love the general idea of having a way to audit what an app did after the fact. In other words, instead of blindly trusting Secrets at first launch and forever after, I would be able to see that it’s only reading my window contents when I’m setting up 2-factor. If I granted an app Full Disk Access in order to install a Mail plug-in, I would be able to see that it’s not accessing other, unrelated files.

Furthermore, having a way to verify-later instead of just trust-up-front would help with the information asymmetry problem. Tricking the user about what an app is doing would no longer work over the long term because nefarious apps would be caught. And, conversely, there would be proof that expected good apps actually are well behaved.


Update (2019-08-01): Dimitri Bouniol:

I like this a lot. An audit-like feature, though something that won’t be used by everyone, could provide evidence after the fact that an app broke it’s promise to the user, and that version could be banned by the OS directly, helping other less experienced users.

ie. Trust apps by default, but have a heavy hammer for offenders to the platform, that don’t responsibly disclose what they are doing under the hood. Users won’t be bothered constantly and can enjoy their apps, and an offending app can be wiped and the user can be notified why.

Damien Petrilli:

I think Apple needs to improve the granularity of some access.

Like why is photo / media access all in?

Ex: I wish I could allow an App to put pictures and videos in the photo library but NOT read anything.

Same for contact and calendar: can save in it but not read.

Update (2019-08-05): Riccardo Mori:

Here’s my humble proposition: Security Monitor. It would be an application you find in your Utilities folder, and it would behave in a similar way as Activity Monitor. Maybe its interface could be made a bit more user-friendly, so that it could be readable by non-geek users as well. In its main window, you would see all active processes from a security perspective: what they are accessing in your system and, more importantly, whether their behaviour complies with the permissions they have been given — by the system and by the administrator user account.

Mixing License Codes and the Mac App Store

Bare Bones Software (tweet):

If you see this alert, it’s because you previously purchased a perpetual license from us for the current major version of BBEdit, but have since installed and begun using the same major version of BBEdit from the Mac App Store.

However, this can also happen if you have ever purchased BBEdit from the Mac App Store. In this case, the app store remembers that you previously purchased BBEdit there, and then will forever replace your installed version any time you install updates via the App Store — even if you were already using a copy of the app downloaded directly from our web site.

A weird but probably not so uncommon edge case. Some apps can detect a Mac App Store receipt file and use that to activate the direct-sale version of the app, but App Review doesn’t allow the reverse—except, I guess, for cross-platform subscriptions. However, you can avoid the problem of the Mac App Store overwriting your apps by hiding your purchase.

Update (2019-08-01): Kyle Hankinson:

I have the Mac App Store version of SQLPro accept license keys. This way if a user purchased from my website but the App Store version gets installed somehow, the user never even knows, it just keeps working.


From what I can tell, it’s allowed as long as you don’t direct the user to purchase outside the MAS it’s legit (same thing as someone signing up to Netflix or Spotify outside of their app).