Archive for October 10, 2019

Thursday, October 10, 2019

How My Application Ran Away and Called Home From Redmond

Mikko Kenttälä (via Paul Haddad):

We were puzzled because I had killed the Beacon process and it should not be running anymore. I logged in to my Windows test machine to see if the Beacon is still running. But there was nothing. We were confused. Then I checked the alerts more carefully.

[…]

After that I realized Beacon’s Home received the packet from an unknown IP address. At this point I was confused and freaking out — why someone else is running the same unique binary which was recently built just for me? Are my systems hacked?

[…]

I managed to narrow it down to Microsoft Defender and the “Automatic sample submission” feature. […] Microsoft Windows 10 sends all new unique binaries for further analysis to Microsoft by default. They run the executable in an environment where network connectivity is available. This opens interesting data leak vector for attacker and also includes some privacy concerns. It is quite common that even in isolated environments, many of the Microsoft IP address ranges are whitelisted to make sure systems will stay up to date. This enables adversary to leak data via Microsoft services which is extremely juicy covert channel.

Silent Failure

John Gruber:

I continue to hold that one of the worst aspects of today’s Apple is their strident antipathy toward error messages. Silent failure is so much worse than an error message, but that’s the way Apple rolls.

I don’t know when it started (maybe with the update to 13.1.2? maybe one of the other 13.1.x updates?) but for a week or so I’ve been unable to buy new apps on my iPad. I hit the buy button, confirm with top button, Face ID authenticates me, it spins for a bit — then, nothing.

[…]

I don’t mind that my card needed to be verified. Security is good. But why in the world wasn’t I told that the reason why I couldn’t purchase anything is that my card needed to be verified?

[…]

Even a bad error message, something that just says “An Error Occurred” with no indication of what the error was, is better than silent failure. Silent failure is the UI equivalent of gaslighting — it makes you feel like you’re going crazy.

Todd Heberlein:

Seriously. In the age of search engines, being able enter error message details into a search field, even if the messages seem cryptic to the typical user, will often lead the user to a simple, step-by-step solution to their problem.

But you need the message to start the search

Dan Crosby:

My guess: software quality is now metric-driven, so their efforts are to driving down (or up) numbers they can track: crashes, dialogs displayed, etc. Silent errors don’t show up in metrics, so nobody is rewarded for either fixing or revealing them.

Andy Newman:

I wonder how much this gives Apple a false sense that their software is performing better than it actually is, simply because so many issues can’t always be accurately described or fixed by the average user. Many just give up.

Previously:

Update (2019-10-11): Jeff Baxendale:

speaking of infuriating Apple bugs with no error messages or information whatsoever… I can pretty much no longer install from the App Store on my laptop (cache clearing/disk repair attempted) 🤷‍♂️

Can’t see anything useful in Console either.

Update (2019-10-13): Cédric Luthi:

“An Error Occurred” without further information is an extremely low bar to set. Software engineers should feel comfortable writing more core handling errors than handling the happy path. Unfortunately, this is often not how software is written. 🤷‍♀️

Brian Webster:

I strive to have good user facing error messages, but even an error with tech gobbledygook can at least give me some clue of what’s going on when I get the angry email so I can try to fix it.

Dave DeLong:

I think it stems from your expectation about what you want your users to actually DO about it.

As an indie dev, you want users to contact you.

I’m not convinced Apple institutionally wants that

scott:

This has seemingly gotten worse with every software release under Federighi. I often say that giving support to Mac and iPhone used to be great since everything was so predictable and explaining the problem often lead the person to a better understanding of the products.

Now it’s just impossible to troubleshoot problems. I won’t even offer to help anymore, because I have no idea where to start. And good luck with official Apple support.

Thomas Fuchs:

The App Store In 10.14 shows Twitter here, but clicking “GET” does absolutely nothing because it’s not compatible with 10.14. No error message, just nothing.

Leo Natan:

The Mac App Store has many such issues. It allows downloading 32-bit apps on Catalina (and worse, allows purchase of such apps). 🤦‍♂️

See also: John Siracusa’s problems with certain contacts that silently didn’t sync because their images were too large.

Update (2019-10-18): Damien Petrilli:

Status of the TV app on #CatalinaOS :

- Can’t stream some movies I purchased
- Can’t download ANY movies I purchased

[…]

Of course called support and apparently there is a lot of wait because they are submerged by calls regarding Catalina (I gave up).

Short talk on phone:

- “What error message do you get ?”.
- “None, I don’t get any error message”.
- “Ho that’s not going to help”
- “Yup”

So we are at the point where even the support won’t be able to troubleshoot because Apple is removing error messages.

Implementing Dark Mode in iOS 13

Tim Johnsen:

That being said, we didn’t use UIKit’s APIs alone since most developers in the company and our build systems are all still using Xcode 10, and introducing iOS 13 APIs would cause build breakages. We went with the approach of writing thin wrappers around UIKit APIs that are compatible with Xcode 10 and iOS 12.

Writing little wrappers is often the best engineering solution, but it seems like a waste that so many developers have to do essentially the same thing for the same APIs. Why can’t the tools handle this automatically?

We discovered towards the end of our dark mode adoption that our implementation of dynamic colors had equality implications because a new instance of UIColor was returned each time and the only thing that was comparable about each was the block passed in. In order to resolve this we modified our API slightly to create single instances of each of semantic colors so that they were comparable. Doing something like dispatch_once-ing your semantic colors or using asset catalog-based colors and +colorNamed: will produce comparable colors if your app is sensitive to color equality.

[…]

One clever testing trick this IGTraitCollection wrapper afforded us is something we’ve come to call “fake dark mode” — which is an internal setting that override IGTraitCollection to become dark even in iOS 12!

Sherlocked by Sidecar

Savannah Reising:

A big misconception is that your main competitors are the other companies creating similar products to yours. In our case, we viewed Astropad and Luna Display’s biggest competitors as other second display and graphics tablet creators.

But all along, we really should have been worried about our platform provider, Apple. There will always be infinite ways to differentiate yourself against other competitor companies via price, features, and target markets. But if your platform provider decides to step into your domain, it’s a tough battle to position your product against a free, native feature.

[…]

We always knew that we wanted to go cross-platform. For quite awhile, we’ve heard from creative professionals about an exodus from Mac to Windows. For these creatives, it all comes down to getting more bang for your buck — super powerful PCs at a lower price than Apple products. In fact, we’d often hear from people begging us to come to Windows. But even though we knew the market was waiting for us, we pushed off the Windows effort because it created a catch-22 situation of really tough engineering problems.

[…]

In other words, while Sidecar will be good enough for the average user, we’ve carved out a niche space for the pro users that need a more powerful tool.

Adam Bell:

I spent an absurd amount of time trying to get Sidecar working on my hackintosh, and I really wish I didn’t :P

@LunaDisplayHQ has much better image quality and a higher frame rate ¯\_(ツ)_/¯

Previously:

Update (2019-10-13): Dan Counsell:

Oh my god, Sidecar on Catalina is incredible, it’s so responsive. My iPad Pro just got a lot more useful!

Michael Luís Brown:

TIL that Sidecar (iPad as external monitor) in macOS Catalina only works if you have an Apple Pencil. I mean, it works without one, but you can't “click” (ie tap) on any control with your finger, it has to be the pencil 🤦‍♀️

Colin Cornaby:

The more annoying thing to me is that Apple didn’t make public the feature to create a new display without physical hardware present (as far as I saw.) A lot of things the rely on creating a second display without hardware could use that.

There’s a legacy kernel extension based interface for that sort of thing. But it doesn’t support Metal acceleration, or easily support Retina output.

Also it requires a kernel extension.

If you use USB display hardware (like DisplayLink) it works by creating a virtual second display and streaming the contents. That experience could be made dramatically better with the private features Apple added for Sidecar.

See also: Hacker News.