Archive for October 3, 2019

Thursday, October 3, 2019 [Tweets] [Favorites]

Instapaper Safari App Extension

Instapaper:

Today we’re launching Instapaper Save for Safari on Mac. You can download it now from the Mac App Store.

As with MarsEdit, I’m torn between using the bookmarklet, because it’s simpler and can have a keyboard shortcut, and using the extension, because it doesn’t show a security alert for each invocation.

Ironically, despite triggering the scary alert, the bookmarklet is probably better for privacy because it only has access to the pages I invoke it on (and doesn’t have a companion app that can run arbitrary code).

Previously:

Update (2019-10-03): I confused my different bookmarklets. The Instapaper one does not trigger a security alert because it sends the page to a Web URL rather than to a native app.

Thus, I think the main downside of the bookmarklet is that it often makes me log into instapaper.com. I’m not sure whether Instapaper or Safari is responsible for logging me out. But perhaps the app is better able to stay logged in.

Update (2019-10-04): Paul McGrane:

the old pre-Safari 13 @InstapaperHelp extension also had a context-menu item for saving links by right-clicking on them.

Neither the bookmarklet nor the new MAS extension can do that today. I don’t know if the modern extension can do it or not.

Also the old Safari extension inserted “Save to Instapaper” links quite subtly into every post on Reddit and Hacker News, which is a little disturbing but was actually very useful. Neither modern option does that either.

Instapaper:

We’ll be working on getting those back into the save options, we just decided to get the most basic version of it out there to ensure users could save from Safari 13 first - thanks for making sure!

Two Weeks With Apple Arcade

Craig Grannell:

Part of the blame lies with Apple, but it’s also an indication of modern society. When content becomes ephemeral rather than something you can hold, people have been trained to assume they should not have to pay for it. So we now exist in a world where a developer can create a mobile title, and get a review slamming them for including ads and not enough levels, by someone who otherwise claimed they loved the game – and yet played with Airplane Mode on to disable ads, thereby robbing the developer of any income.

[…]

Even with these features, I initially tempered optimism with a healthy dollop of scepticism. Remember, this was Apple. This was the company that got good in games by mistake – and despite itself. This was the company that repeatedly bafflingly rejected perfectly good games from the App Store, often for oddball puritanical reasons. It was the company that messed up games controllers to a degree that possibly warrants some kind of trophy. It was the company that despite raking in millions from games, still gave you the impression no-one senior at the company gave the slightest crap about them.

[…]

Personally, I’d say it splits slightly better than 50:50 in terms of great-to-good and OK-to-poor (with OK being a larger group than the few games that are garbage). Some of the titles reek of freemium with freemium bits removed at the last moment, and that’s a pity. But there are deeply premium efforts made with love. […] And with iCloud save states, this is a service you could feasibly dip in and out of, perhaps subscribing for a while every now and again, if you don’t fancy dropping a fiver every single month.

Craig Grannell:

What surprises me most, though, is the amount of grading on a curve. Having so far played at least some of 68 of the 71 games on Apple Arcade (It’s a living! Sort of.), my personal take is they split right down the middle in terms of what’s good and what’s merely mediocre or outright crap. That in itself is not a bad hit rate, note, but I’m often seeing people championing the entire package – and even games that are objectively a bit shit.

Craig Grannell:

The thing is, as much as the press wants to drum up these services as direct competition, I don’t see them as existing in the same space. Although there’s more than a whiff of me-too about Google Play Pass, it reminds me more of something similar I once tried on Amazon – bundling a bunch of existing apps under an all-you-can-eat subscription.

Cabel Sasser:

I am finally getting a chance to play Apple Arcade games! Quick thoughts:

• The selection is incredible, so well curated, SO many good games
• It’s an incredible bargain
• I will never buy a game in the regular App Store again
• I can’t stop playing What The Golf
• Good job

Andrew Webster (via Dieter Bohn):

The real loser in this scenario is Android users, who likely won’t see many of the biggest iPhone games ported to their platform of choice. For developers, though, this may not be a huge loss. “If premium games were dying on iOS,” Holowaty says, “they’ve been a rotting corpse on Android.”

Previously:

Update (2019-10-04): Patrick Klepek:

Apple Arcade’s launch was a mixture of well-known franchises (Frogger, Rayman), new games from designers during the App Store’s creative heights (Card of Darkness, Overland), and releases from high-profile publishers (Square Enix, Capcom). The service, part of a larger shift towards monthly subscriptions, is a big deal for Apple, so it made sense to double down on attention-grabbing titles. Operator 41, also part of the launch, is hardly that, but is notable for a different reason: Operator 41 was developed by 14-year-old London designer Spruce Campbell.

Update (2019-10-13): See also: The Making Of Operator 41 for Apple Arcade (via Phil Schiller).

Update (2019-10-16): Wil Shipley:

It’s amazing how great Apple’s curated “Apple Arcade” is, because they chose to amplify less-heard, independent voices. Then there’s Apple’s TV Plus, where they backed a money truck up to the usual suspects...I have no hope for it.

HKmap Live Rejected From the App Store

Kieren McCarthy (Hacker News):

Apple has banned an app that allows people in Hong Kong to keep track of protests and police activity in the city state, claiming such information is illegal.

“Your app contains content - or facilitates, enables, and encourages an activity - that is not legal … specifically, the app allowed users to evade law enforcement,” the American tech giant told makers of the HKmap Live on Tuesday before pulling it.

The makers, and many others, have taken exception to that argument, by pointing out that the app only allows people to note locations - as many countless thousands of other apps do - and so under the same logic, apps such as driving app Waze should also be banned.

That argument is obtuse of course[…]

It’s actually an interesting question whether apps should be reviewed based on what they technically do vs. what they are marketed to do vs. what customers end up choosing to do with them. The same issue came up with Gab.

Anyway, here’s your regular reminder that the only reason Apple is involved in deciding which politically sensitive apps should be available is that it forbids iOS users from downloading and installing apps themselves.

Tim Hardwick:

Apple is reviewing its decision to reject HKmap Live, reports Bloomberg, and is likely investigating whether the software violates local laws. It’s not yet clear if the app will be re-added to the App Store and the developer has not yet received an update from Apple following the commencement of the new review.

Previously:

Update (2019-10-04): Nick Heer:

At this stage, it seems just as likely to me that this rejection was due to an App Review failure as it was a way to appease the Chinese government. Either way, it’s a problem of Apple’s own creation.

If it’s the former, it just goes to show how accurate App Review needs to be, and the gaping chasm between where it is now and where it ought to be.

[…]

But if it’s deliberate, it suggests a far worse situation.

John Gruber:

Hanlon’s Razor — “Never attribute to malice that which is adequately explained by stupidity” — has never applied to anything more aptly than App Store rejections (although “incompetence” might be a better word than “stupidity”). So I think there’s a good chance that there’s nothing to this other than a bad decision on the part of a rank-and-file App Store reviewer. The HK Map developers think the same thing. (And to be clear, this is a new app that was rejected, it’s not an app that Apple pulled from the App Store. Also, the good news for iPhone-owning Hongkongers is that HK Maps has a good mobile web app.)

HKmap.live (Hacker News):

@Apple finally made the right decision. Will update later as things are going crazy in #HK now.

No explanation for why it was first rejected.

About Project Zero

Lorenzo Franceschi-Bicchierai (tweet):

Ever since Project Zero was announced in 2014, these hackers have taken apart software used by millions of people—and predominantly written by other company’s engineers—with a mission to “make zero-day hard.”

[…]

In five years, Project Zero researchers have helped find and fix more than 1,500 vulnerabilities in some of the world’s most popular software, according Project Zero’s own tally. In Apple products, Beer and his colleagues have found more than 300 bugs; in Microsoft’s products they found more than 500; in Adobe’s Flash, they found more than 200. Project Zero has also found critical issues in CloudFlare, several antivirus apps, and chat apps such as WhatsApp and FaceTime. A Project Zero researcher was also part of the group who found the infamous Spectre and Meltdown flaws in Intel chips.

[…]

For one, Project Zero has normalized something that years ago was more controversial: a strict 90-day deadline for companies that receive its bug reports to patch the vulnerabilities. If they don’t patch in that time frame, Google drops the bugs itself. […] According to its own tally, around 95 percent of bugs reported by Project Zero get patched within that deadline.

[…]

But some think Project Zero may actually be helping law enforcement and intelligence agencies learn from its research and help them develop what are known as N-day or 1-day exploits. These are hacks based on zero-days that have been disclosed—hence their name—but work until the user applies the patch. According to some critics, the idea here is that malicious hackers could lift the code published by Google researchers as part of their reports and build on it to target users who have yet to update their software.

Indeed, Apple and other vendors don’t always update old versions of their software, so some users can’t update. But I don’t think that’s a good reason not to publish the research.

See also: Fun with FaceTime.

Previously: