Archive for August 6, 2019

Tuesday, August 6, 2019 [Tweets] [Favorites]

FileMaker Returns to Claris Name

Joe Rossignol:

Apple subsidiary FileMaker today announced it has returned to its original name Claris from the late 1980s.

[…]

Now, the company plans to expand its portfolio again, leading it to readopt the Claris name. FileMaker Pro will remain one of its offerings.

Before it was pared down to FileMaker, Claris had a fantastic portfolio of apps.

Previously:

Update (2019-08-13): See also: FileMaker.

No Thanks vs. Later

Tim Hardwick:

Apple Card got its first group of public test users today. A limited number of customers who signed up on Apple’s website to be notified about the release of Apple Card are now able to apply for the card in their Wallet app as well as order a physical Apple Card (via TechCrunch).

Nilay Patel:

Hey how badly does Apple want to be your default card in Wallet? It doesn’t say “no thanks,” at this prompt, it says “Set as default later”

And “Set as Default Later in Wallet” doesn’t even look like a button.

Marco Arment:

Apple, you’re above tricks like this.

Sure, it’s a small thing. But small things add up. We all love Apple because of a large collection of GOOD small things over time.

Don’t let customer-hostile tricks in today’s services strategy cheapen the brand you’ve built over decades.

Kyle Howells:

They use this ‘now or later’, with no ‘no’ option, all over the place in iOS now. I can’t stand it. It feels less and less like my device and more like Apple allowing me to use theirs.

Mark Villacampa:

Counterpoint: this wording let’s people know they can set it as default later, hence reducing the anxiety of tapping “No thanks” and not being able to change it later, so fewer people will tap “Set as default”

Previously:

Practical Concurrency: Some Rules

Mark Bernstein:

You can get away with murder. Going by the book, you’ve got to use extreme caution and you’ve always got to get it right. In practice, Tinderbox Six took all sorts of risks and accepted that it was Doing It Wrong in order to get stuff done.

It sounds like there’s a good story here. My experience has been more that it’s sometimes hard to know when you’re doing something wrong, but that once you’re aware of it it’s not that much extra effort to do it by the book. I try to do that as much as possible because it’s no fun tracking down concurrency-related bugs.

The profiler is now good. It wasn’t always. In the Tinderbox 4 era, firing up the Profiler meant recompiling the world, and that took 20 minutes. Then, you'd get slow and inconclusive results, and throw up your hands. Life today is better[…]

The profiler is indeed really great—when it works. Unfortunately, I have not had much luck getting it to work with tests. Most of the time, I Control-click on the test diamond and choose “Profile ‘testName()’”, it recompiles and launches Instruments, but it doesn’t actually run the test code. Sometimes I can get it to work with the old and clunkier approach of stopping at a breakpoint and then attaching Instruments to the running process, but other times it doesn’t actually record what it’s supposed to.

If a queue has one clear purpose, it’s easier to be confident it won’t deadlock. Dispatch queues are cheap. Don’t share queues, don’t reuse queues, don’t worry about making queues.

Classes should encapsulate their queues.

Update (2019-08-07): Thomas Clement:

Queues are not cheap, you should reuse queues, you should worry a lot about making (too many) queues.

He’s posted some libdispatch efficiency tips and links to some good threads from Swift Evolution. You may find them easier to read in the new Swift forums:

Although some of the messages seem to have been imported out-of-order.

Previously:

Update (2019-08-08): Marcel Weiher:

From a, cough, well-respected, cough, performance book:

In the end, I’ve rarely had to use multi-threading for speeding up a CPU-bound task in anger, and chances are good that I would have made my code slower rather than faster.

... The advice to never optimize without measuring as you go along goes double for multi-threading.

Yelp Inserts Tracking Phone Numbers

Adrianne Jeffries (via Jason Koebler):

Even though restaurants are capable of taking orders directly—after all, both numbers are routed to the same place—Yelp is pushing customers to Grubhub-owned phone numbers in order to facilitate what Grubhub calls a “referral fee” of between 15 percent and 20 percent of the order total, I learned while researching an episode for the podcast Underunderstood.

Yelp has historically functioned like an enhanced Yellow Pages, listing direct phone numbers for restaurants along with photos, information about the space, menus, and user reviews. But Yelp began prompting customers to call Grubhub phone numbers in October 2018 after the two companies announced a “long-term partnership.”

[…]

Restaurant owners may not be aware of the change. Mohammad Zaman, an owner of Afghan Kabab and Grill House in Brooklyn, insisted the phone number that showed up in Yelp was a mistake until a call placed to the number rang at his desk.

Hacker-Friendly iPhones and Mac Bug Bounty Program

Thomas Brewster (via Patrick Wardle):

Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It’ll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed.

Steve Troughton-Smith:

What could a pre-jailbroken iPhone from Apple look like? I would have to imagine it has debug symbols (+ no dyld cache) and the ability to attach a kernel debugger, maybe even SSH, and is surely very securely provisioned and locked to your dev account with strict usage rules

Joel Bernstein:

Uh, can you provide non-current-OS iPhones to devs?

Ivan Krstić:

Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more.

Previously:

Update (2019-08-08): Rich Mogull:

Basically, Apple will be releasing to authorized applicants a version of iOS devices with a research chain and appropriate hooks already installed. Think an iPhone already with a shell on it for research, no jailbreak needed.

Talking bug bounties now. Current program was iOS and iCloud only and invite only with a max payout of $200K.

They received 50 high value reports.

Just opened up to all researchers.

Massive jump in Apple bug bounties. Now payouts for pre release (with a 50% bonus).

Up to $1M for a zero click full chain kernel code execution!!!

Releasing a vuln research kit with ssh and more on iOS. Full chain access device (yes a supported hardware platform).

Update (2019-08-13): See also: MacRumors, Hacker News.

Felix Krause:

I found a security issue with the iTunesConnect backend, where I could access the full build information unreleased builds (e.g. internal TestFlight) of any app available.

Reporting it was a pain, it took forever. They fixed it within 4w. I never heard back. I never got thanked.