Archive for October 16, 2019

Wednesday, October 16, 2019

Yahoo Groups Shutting Down

Yahoo (via Hacker News):

Yahoo has made the decision to no longer allow users to upload content to the Yahoo Groups site. Beginning October 21, you won’t be able to upload any more content to the site, and as of December 14 all previously posted content on the site will be permanently removed. You’ll have until that date to save anything you’ve uploaded.

“Uploaded” is referring to file attachments and the like. As far as I know, there’s no way to download the actual mailing list conversations, which are the bulk of most groups’ content. Lots of interesting and valuable information will be lost. Will anyone rescue it, à la DejaNews?

I love how the title of this announcement, “Understand what’s changing in Yahoo Groups,” downplays the what’s happening here. Unless you’re accustomed to these types of headlines, you might think that they’re just changing how avatars work, or something, and ignore it.

Groups.io seems like the best successor and is free for unlimited members, funded by premium features. It’s already being used by apple-dev and has instructions for transferring from Yahoo and Google. Another alternative is Gaggle, which is only free up to 20 members.

Update (2019-10-17): erincandescent:

Today it was announced that Yahoo! Groups is shutting down, and taking with it a piece of critical national infrastructure: the Oftel Yahoo Group which is used for managing UK phone number assignments.

Harry McCracken:

This is terrible news for the Internet’s collective memory, just as it was when Yahoo purged GeoCities and AOL purged Hometown.

Update (2019-10-22): Josh Centers:

I’ve received a lot of messages about Yahoo Groups today. “Yeah, they’re shutting the website down, but I can still use the email list, right?”

Take the hint. It’s time to migrate.

Update (2020-10-14): Yahoo (via e-mail, Hacker News):

Beginning December 15, 2020 the Yahoo Groups website will shut down and members will no longer be able to send or receive emails from Yahoo Groups.

iOS 13’s Forced “Find My” Notifications

Casey Liss:

Interesting: in Find My in iOS 13, the subject of a notification is told you set up a notification.

In Find My Friends in the iOS 12 era, you could quietly notify yourself about a friend without them knowing.

[…]

So for example, I know my wife is returning home shortly, and I want to finish up what I’m working on before she arrives. I could notify myself when she leaves her current location.

I can see why they thought this was a good idea, but I don’t think it solves the problem very well. The person being tracked has already consented and can revoke the permission whenever they want. They can also already see in the app when they are being tracked. Some sort of notification may make sense to remind people who have forgotten that they enabled this feature years ago. But a notification for every single use is really annoying. Many people use this feature to avoid bothering the person.

You can control whether Find My notifications are shown in Notification Center, but it doesn’t really help. If I turn off notifications to avoid being bothered when my wife is tracking me, it also means I won’t get notifications when she’s on her way home.

If your worry is that someone will gain access to your phone and start tracking you without your knowledge, that person would likely turn off the notifications, leaving you none the wiser. And, of course, they could still track you simply by leaving the Find My app open, without using the geofence feature. So how is this really improving privacy?

Dr. Drang:

I noticed this last week. I’m sure it’s considered a privacy/consent issue, but you’d think consent had already been given when they allowed you to follow them.

Nick:

This will be annoying for my wife, I set notifications for when she get to a certain location for dinner prep on my end. She says this will end up pissing her off if she can’t turn these off for me.

Tony Scida:

Yeah, I used this all the time in 12 to know when my kids were on the way with my ex so I could be ready. Don’t use it anymore because it’s not important enough to send a notification!

Maik Musall:

I use this a lot with my wife to facilitate family coordination. Despite this new hint, she says she doesn’t get a notification if I set one up about her leaving a place or something. Works as it did in iOS 12. We’re both on 13.

Kyle Howells:

This basically kills the feature for me. I’ll just try to remember to check the app frequently. Nobody I know will use notifications anymore either.

Receipt Validation and AirPlay 2

Chris Liscio:

I hear rumblings about some App Store receipt validation issues relating to MAC addresses on macOS Catalina. The commonly-used Apple sample code has busted logic that—in the presence of a strange condition on a (small?) number of systems—will fail to return a value.

[…]

I don’t know yet, but it manifests on my machine as a service match for both en0 as well as IOTimeSyncEthernetModernInterfaceAdapter (see attached screenshot.) The latter causes a second go-around in the while loop, causing the MAC address to get overwritten with NULL.

It makes no sense for Apple to provide buggy sample code for getting the MAC address when every app in the store needs to do this. With some other aspects of receipt validation, one could argue that you want each app to do it slightly differently to make them harder to crack. But the point of checking the MAC address is that you want to match it with the address provided by Apple when it generated the receipt. So you want to use the exact same logic they did.

Paul Haddad:

BTW I don’t think this is a Catalina issue, have seen reports of what sounds like this for several OS versions. Also seems to work if tested right after reboot, but breaks if tested later.

Chris Liscio:

The plot thickens!

After a reboot, my system no longer exhibits this “strange condition”.

Immediately after playing audio over AirPlay 2? BOOM—“strange condition”! 🤯

The “strange condition” appears to be the presence of IOTimeSyncEthernetModernInterfaceAdapter in ioreg.

Previously:

Update (2019-10-22): Chris Liscio (tweet, James Thomson):

While playing audio using AirPlay 2, there are two devices that have a BSD Name equal to en0. Both the actual en0 interface, and a new device called IOTimeSyncEthernetModernInterfaceAdapter (or IOTimeSyncWiFiInterfaceAdapter, depending on your Mac) that is only present while AirPlay is active.

[…]

When copy_mac_address returns NULL, your receipt validation code fails, and probably results in your application calling exit(173) to ask the App Store for a new receipt. Unfortunately, a new receipt isn’t going to help, and you get stuck in a very strange loop.

For me, this resulted in the app repeatedly appearing & disappearing in the Dock for quite some time. Eventually, the system finally gave up and told me the app was “Damaged” and needed to be re-downloaded.

[…]

The keys to this alternate approach are as follows:

  1. It specifies the kIOEthernetInterfaceClass, which only matches network interfaces. (Before you ask—yes, this includes Wi-Fi adapters.)
  2. It also specifies that kIOPrimaryInterface is set to true, which matches the built-in, primary network interface.

Update (2021-10-20): Paulo Andrade:

In reality the device identifier for macOS is the MAC for the primary network interface, which might not actually be named en0. To be on the safe side, instead of trying to determine which interface is the primary, I just grab all the MACs on that Mac and attempt validation with each one. Problem solved! Right?

Well… not yet. There’s another issue I just encountered recently. The IOBSDNameMatching call to get an interface by name can actually return nil even when ifconfig shows an interface with that name. I haven’t been able to understand why this happens (it’s very rare), but on one occasion Vallum Firewall seemed to be the culprit and on another, a simple restart seemed to fix it.

I finally ended up with a solution based on Apple’s source code here. Instead of getting a list of interface names and then getting the MAC for each by name I just iterate all the interfaces irrespective of what they’re called and collect the MACs for each.

Catalina Vista

Annoyances

Tyler Hall (tweet, Hacker News):

I completely realize and wholeheartedly own-up to the fact that I’m a geek and a Mac power user above and beyond what normal muggles will ever experience, nonetheless, this is the first-run experience I was greeted to this afternoon after upgrading to Catalina.

[…]

I only spent about ten minutes on that system today. But it was enough time to capture all of these papercuts and combine them into one truly-awful über screenshot.

I want to make clear that I’m not blaming the talented Apple engineers who obviously worked their butts off on Catalina just like they do every release.

My side-eye is squarely directed at the managers and Marketers who push for such an insane release cycle.

Sean Heber:

Just installed Catalina and logged in for the first time and have been hit with 6 permission prompts for various things so far.

Ben Sandofsky:

Your first time running Catalina:[…]

Razengan:

Apple seems to be forgetting their own credo against nag-based security

013a:

I’m astounded with some of the user security dialogs that Macs display. I got one today: “VSCode wants to make some changes. Deny or Allow.” That was the exact wording.

Matt Birchler:

Can Apple reimburse my company for all the time I’ve spent authorizing apps to perform basic functionality on my Mac today?

Joking of course, but man, this feels like Vista to me. Do a thing I do every day…“do you want to do this?”

I support the move to make the Mac more secure, but this is a rough first run experience.

Dave Wood:

Thanks for wasting more of my time #macOS #Catalina. Seems cron jobs don’t run anymore if they touch certain files/folders, including your ~/Documents folder (even if your script is stored there).

The system should be prompting for access to that now-protected folder but isn’t.

Dave Wood:

Solved the cron permission issue properly: drag /usr/sbin/cron into Full Disk Access in System Prefs.

Steve Troughton-Smith:

Everybody’s complaining about Catalina getting in the way of the command line and I’m like you know you can turn off SIP, right? Everything goes back to the way it used to be; I’ve never seen aaany of this. If you want the legacy security model, you can have it

Dave Wood:

The problem w/doing that is that I won’t see problems that my customers will run into. I need to swim in the same cesspool first so I can find out how to get them through it.

I bet a bunch of Apple engineers have done this exact thing & thats why we’re in the boat we’re in now.

Phillip Boushy:

There are so many other security controls that SIP implements that disabling it is overkill. Apple should have given a better UX for this. Make them entitlements if needed, pop up a single window during first load. Also an “allow all apps access to X” would be nice...

Benjamin Mayo:

Most of the privacy dialogs in Catalina are sane; patching holes in the permissions system that should have been there for years already. Nevertheless, Apple could have come up with a better policy where you don’t get bombarded with dialogs from every app all at once.

Jeff Johnson:

A good practical joke to play on someone running Catalina:

$ tccutil reset All

Mr. Macintosh:

This article will show you how to Manage Catalina’s New Application Notification Preferences with a Config Profile.

Craig Hockenberry:

If you think the Catalina permissions problem is bad from a customer’s point-of-view, it’s absolutely brutal for developers.

The security prompts are so half-baked that developers have to guess about permissions. And since we don’t know the internals, that guess can be wrong.

Rui Aureliano:

Dear macOS developers, recently for Catalina we see this window for Screen Recording permission. Has anyone found a way to check if it’s already granted?

Matthias Gansrigler:

this is how I do it in @ScreenFloatApp.

Broken

Tyler Hall (Hacker News):

But Catalina has been different in two particularly gruesome ways that get even worse when combined.

[…]

I’ll go through some of the highlights (lowlights?) I’ve run into below, but I guess this is my thesis: The final (well, first) Catalina release along with the outright awful public beta makes me think one thing. And that is Apple’s insistence on their annual, big-splash release cycle is fundamentally breaking engineering. I know I’m not privy to their internal decision making and that software features that depend on hardware releases and vice-versa are planned and timed years (if not half-decades) in advance, but I can think of no other explanation than that Marketing alone is purely in charge of when things ship. Why else would stuff so completely broken and lacking the attention to detail that Apple is known for and (ahem) markets themselves on have shipped if not than to meet an arbitrary deadline? Apple has so many balls in the air – and this metaphor doesn’t really make any sense now that I’m typing it – but they’re all interconnected now that Apple is a services company. And as a services company they must find a way to ship features, fixes, and updates outside of the run-up to the holiday season.

[…]

After upgrading to Catalina, macOS made me reauthorize every app that wanted to send me notifications. Ironically, the following alert appears every time I reboot despite always dismissing it using the most definitive option Apple provides and never giving whatever-process-is-showing-it permission to notify me of anything in the first place[…]

Thomas Claburn:

Since at least 2015, developers and other technically-savvy folk have fretted that Apple’s software quality isn’t what it could be. The gripes reached Apple executives and by 2018, there were reports that company technical leaders were focused on improving quality.

To judge by the reception of macOS Catalina, aka macOS 10.15, it appears Apple’s quality push was more aspirational than actual.

snapples:

Things are so broken here at Apple. I joined about 4 years ago.

I am awed by the fact that we manage to release any software at all, let alone functional software.

The biggest problem is communication. No one fucking communicates.

- No communication between orgs. Tons of bureaucratic tape to cut through just to get a hand on someone working on a different product

- Barely any communication between teams. Literally every group of 4 people is in a little silo with no incentive to go outside it

- Broken management structure. I have had many managers (a red flag in itself) but even worse none of the managers take suggestions from engineers. Everything is purely top down. If an engineer realizes there is a problem on a macro scale they cannot fix it. It is literally impossible to unite more than 1.5 teams to get anything done.

[…]

- Culture of secrecy means nothing gets fucking done. You file a bug report and you can’t even see it any more for some orgs

jarjoura:

When I worked there under SJ, the Mac OS org (then under Betrand Serlet), it was sort of open amongst the org itself. It was really easy to walk to someone’s office and strike up an interesting conversation. Many late nights were spent working through collaborative problems. Or randomly, I had a friend who would pop by my office and spend hours explaining how he figured out some complex Javascript compiler bug of the day.

It always felt like we were in a mission to ship Mac OS together. What Apple did do back then was create these special versions of the OS that had a few key hidden/secret products that SJ was going to demo, like iTunes or iPhoto. So while I could install the latest internal developer build of the OS, it would have a feature or two missing. You would then get radars that mentioned the code-name and explained a bug that you had to fix for the feature, but you had to fix the bug blinded and send the bug back to verify. (Radars could never be closed until the original creator verified them) The secrecy didn’t really get in the way and it made for an interesting culture.

Then it all started to change when Forstall was promoted to VP of the iPhone effort. He took what was probably meant to be a short term secret launch team culture and expanded it to create this massive secret island in the company. The program office and by extension, the original founding engineers were all promoted to management that expanded on the secret culture. I think if management meant to open the culture back up to the same level as Mac OS in 2009, they would have been burned by Samsung and Palm WebOS making exact copies of the software coming out at the time. So the hyper locked down culture persisted and SJ passed away. Then Forstall was fired and Federighi was promoted to replace him and merge both the Mac OS and iOS orgs finally killing off any of the remaining openness that once existed.

Then came all the ridiculous tools such as checking someone’s security clearance when you had a meeting with them.

snapples:

I should note that most developers here really do care, and that’s probably why products can be released in the first place. You have to have really dedicated people willing to cut through the organizational bullshit to get things done.

All of the engineers I’ve met here are smart and innovative. Only if we could organize, things would be much better.

Aftermath

Tyler Hall (Hacker News):

I fully stand behind every criticism I leveled at Apple. From the specific bugs, to the broader statements about detecting a lack of focus on the Mac in recent years, to my final thesis about their lock-step, annual release cycle hurting the company’s ability to maintain software quality.

But the part that wasn’t fair. The parts that I regret are my direct insults at those in charge.

[…]

Around 11am the next day, I received a Twitter DM from an Apple engineering manager who (I thought) had somehow stumbled across my post. And they very kindly asked if I could jump on a call to go into more details about my post and the bugs I identified. They were super awesome and I’m looking forward to working with them more this week.

They say that running to the press “never helps,” but the Mail bug that’s causing users to lose hundreds of thousands of e-mails was reported months ago via a bug report that was apparently ignored. Hall’s concerns are at least being heard.

Luc Vandal:

Really Apple, why bother with this yearly update cycle non-sense if it just adds more bugs that are annoying your users and prevents them to actually do some work? We need stable OSes, not full of bugs shipped because of some marketing-force deadline.

[…]

And I’m not blaming Apple engineers, which are doing their best. I think the issue is within high management.

Michael Rockwell:

Apple should just take the next year or two and Snow Leopard every piece of software they make. Fixing bugs and improving overall quality needs to be their number one priority.

thelittleone:

The position of Apple today reminds me a lot of Microsoft after they peaked (~2000?). Cocky to the point of arrogance because of market position, past innovations and brand loyalty (e.g., it is cool to own Apple). But loyalty and market sentiment can only endure so much amidst plummeting product quality, nonsensical pricing (e.g. dongles) and lack of any meaningful innovation (thinner doesn’t count). Apple doesn’t listen because they think they know better (and that used to be true).

These seem to be common sentiments, though I don’t understand the persistent claim that Apple hasn’t innovated lately.

Justin Blanton:

I genuinely can’t remember the last time I was even remotely excited about macOS/OS X. All I really care about these days is that the newest version doesn’t break shit. 🤷🏻‍♂️

Jeff Johnson:

Let’s not forget that Apple used to charge $129 for Mac OS X updates.

If they charged $129 for Catalina, it would be DOA.

John Gruber:

That’s an interesting measuring stick. A MacOS update (or iOS for that matter) should feel like something many users would pay for. If it doesn’t that’s a problem.

Joe Rossignol:

Apple shares are currently trading above the $234 mark on the intraday market, setting a new all-time high for the company.

Previously:

Update (2019-10-17): scott:

The selling point of Catalina is it will be the only version of macOS that runs on Macbooks with scissor switch keyboards.

Update (2019-10-21): David Shayer:

In a well-run project, features that are lagging behind are cut early, so engineers can devote their time to polishing the features that will actually ship. But sometimes managers play “schedule chicken” since no one wants to admit in the departmental meeting that their part of the project is behind. […] Apple could address this scheduling problem by not packing so many features into each release, but that’s just not the company culture.

[…]

When I worked on Apple products, we’d get a list of the top bugs driving Apple Store visits and support calls, and we were expected to fix them. […] Unfortunately, bugs that are rare or not terribly serious—those that cause mere confusion instead of data loss—are continually pushed to the back burner by the triage system.

[…]

But if you file a bug report, and the QA engineer determines that bug also exists in previous releases of the software, it’s marked “not a regression.” By definition, it’s not a new bug, it’s an old bug. Chances are, no one will ever be assigned to fix it.

[…]

No need to go into the details here, except to say that, apart from a few specific areas, Apple doesn’t do a lot of automated testing. Apple is highly reliant on manual testing, probably too much so.

Riccardo Mori:

What I want from a new version of an operating system, especially one as mature as Mac OS, is that it fixes or improves what was not working well in previous versions, and that it leaves tried-and-true features and functionalities as untouched as technically possible. I don’t need and I don’t want disruption for disruption’s sake on a yearly basis.

Update (2019-10-22): See also: Hacker News:

Colin Cornaby:

I feel like Apple needs to take an OS release cycle just to fix their internal process.

I know it’s a political problem and not a technical one that can’t just be solved by throwing a unit of time at it. But still. Makes it harder to fix actual bugs.

The repeated whispers of a lack of automated testing is concerning just because it’s so hard to ensure quality at the scale Apple is trying to ship at. Either you hire a lot of QA engineers (which Apple doesn’t seem to be doing) or you automate the heck out of things.

The challenge is that it’s a political problem and they need to throw a unit of time at it, which is also a political problem.

Update (2019-10-23): See also: Hacker News, John Gruber.

Bob Burrough:

I worked with David, and I have great respect for him. However, the premise is false. iOS 13 and Catalina are not any more bug-riddled than any release over the last five years. They’ve all been filled with bugs.

Dave Mark:

This one passes the vast majority of those tests. This doesn’t feel like post-Apple spite, but rather a knowledgable take on problems, with thoughts on where things are going wrong.

Apple is a fast moving train, steadily producing and refining immensely complex products. Apple is dancing to the opposing forces of satisfying shareholder demands for ever-increasing growth, and user demands to stop and fix the bugs. Short of halting forward progress and retooling, there’s no easy answer here.

Peter Steinberger:

I still remember at WWDC a few years back, I went with some older radars to the labs, only to get turned down with a „You already have a workaround - why do you care?“

...that made me mostly stop filing radars for older issues. (There are just too many, not even mad, mgmt issue)

Jeff Johnson:

If Apple’s reputation is temporarily dinged, but that doesn’t hurt the company financially, does it really matter to current leadership?

They’re still better than the (sucky) competition. It’s a can’t-lose situation.

[…]

Apple is in a comfortable, stable duopoly with Microsoft on desktop and Google on mobile.

[…]

The awful truth of the tech industry is that technical debt is profitable. It doesn’t pay to fix your bugs. You have to do it because you care, not because your stockholders care.

Andrew Hoos:

If you know anyone that wants to be a part of expanding automated testing at Apple. We are hiring: backend (Scala), client (Python, Objective-C, Swift), infrastructure (Kubernetes), and frontend (some kind of js I guess).

Update (2019-11-06): Manton Reece:

Day 2 of Catalina, now hitting more issues with full disk access and Ruby-related commands. Using rbenv and starting to wonder if I need to throw everything out and re-install to make Catalina happy. I’ve added all the obvious paths to System Prefs.

Rui Carmo:

Apple’s software QA has become so much of a risk to my personal productivity that I’m (again) considering switching to a Linux desktop, and only a combination of inertia, real life and my working at Microsoft has prevented that from happening.

Update (2019-11-27): Maxime Chevalier-Boisvert:

I decided that today I was finally going to upgrade MacOS after putting it off for a year. Three hours later I’m still trying to get my MacBook Air in some kind of working condition. :'(

[…]

As far as I can tell, the OSX installer corrupted my filesystem while trying to convert it to APFS, and left it in a broken state.

Update (2020-02-14): See also: Hacker News.

Update (2020-05-28): Brian Webster:

Ever since upgrading to Catalina, the first time I open up the sound pane in System Preferences after a restart, I get about half a dozen notifications that pop up for the same set of Apple Pay purchases I made over a year ago.