Archive for November 2019

Tuesday, November 26, 2019

Ink: Markdown Parser in Swift

John Sundell (tweet):

Welcome to Ink, a fast and flexible Markdown parser written in Swift. It can be used to convert Markdown-formatted strings into HTML, and also supports metadata parsing, as well as powerful customization options for fine-grained post-processing. It was built with a focus on Swift-based web development and other HTML-centered workflows.

It doesn’t depend on Foundation or even regular expressions.

Gatekeeper Override for Indirect Launching

Chuq Von Rospach:

The first time I tried to publish new images to Flickr, Lightroom aborted and the OS put up a dialog warning me that the app “magick” isn’t signed and so it might be dangerous, so the OS wouldn’t let it launch. “magick” is part of the ImageMagick graphics tool suite, a commonly used set of image manipulation tools; as of today the developers haven’t signed it with a developer certificate from Apple, so Apple’s Gatekeeper will reject it.

You can tell the OS to let the app run, but it’s not obvious where to do that. Here’s how:

Try to export some images and get the warning dialog. Then open up the System Preferences app and navigate to the “Security and Privacy” section and the “General” tab. At the bottom of that tab, you should see some text similar to the warning you got in the dialog. There’s an “Allow” button there. If you click it, you’re approving that app as something that’s okay to be launched.

When launching an app directly, the workaround is easier: you can Control-click and choose Open from the contextual menu.

In both cases, why doesn’t the alert tell you how to resolve the problem (if you do, in fact, trust the software)? In my view, this is poor design and essentially security through obscurity. Apple decided that they don’t want you to run unsigned software, but they don’t want to (or realistically can’t) completely forbid it, so they provide an escape hatch but keep it hidden. macOS doesn’t trust the user to make the right decision, so it acts as though there’s no choice.

It could have explained the situation, from Apple’s point of view, and perhaps required a few extra clicks to confirm. But instead it makes it look like an unsolvable problem. Most customers will probably give up. Some will enter the text into Google and find who-knows-what. In other words, Apple is delegating the explanation to an unknown third party.

Walt Mossberg:

Today I upgraded both of my fairly new Macs to the Catalina OS. Then I tried to run Skype. On my MacBook Pro, it wouldn’t load. On my MacBook Air, it launched fine, but wouldn’t work. Had to use an iPad. Is this Apple’s way of forcing a switch to the iPad from the Mac? WTF?

Note: Skype was up to date. Even so, on one of the Macs, I tried downloading it again from the Web and was told my Mac couldn’t run it because Apple couldn’t check it for malware. I saw no opt out from this warning box. Again, WTF?

Again, the alert presents it as if something is broken. The app certainly could be checked for malware. It’s just that Apple has decided to only do the check in a particular way. The app certainly could be launched without the check, but Apple has decided not to tell you that.

Previously:

Update (2019-11-27): Rosyna Keller:

There’s no need to google or anything. The dialog that comes up has a help button that can be clicked and discusses the options…

I should have mentioned that, but I don’t think it’s a good solution:

Mike Hay:

I mean, I understand Apple building the UX for the 90% of consumers who buy a mac, but I would prefer a different user type in the Users & Groups to having to constantly affirm that I want to go against recommended practice.

Update (2020-02-04): Rosyna Keller:

The button now works in macOS 10.15.3. Thanks for reporting the issue!!

Slow Xcode 11 Objective-C Builds

Chris Liscio:

When I build my app, Xcode 11 appears to stall out completely (dropping from full core usage down to 10-20% CPU) during the Objective-C build phases.

[…]

The bug manifested for me like this:

  1. Starting with a clean DerivedData folder, I can build my app, Capo in about 60 seconds, flat.
  2. Once I clean the build folder using command-shift-K, all subsequent builds will take anywhere from 180s to 500s (in the very worst case, which I’ve not seen for a while now.)

After some back & forth with Apple’s engineers, I learned to turn on clang’s -Rmodule-build flag to see what’s going on behind the scenes. It turns out that—for every Objective-C file that is built—framework modules are being re-built unnecessarily.

Trademarked Colors

Paul Kafasis:

Recently, I spotted a story about T-Mobile successfully forcing a company called Lemonade to change the color of their marketing materials in Germany. T-Mobile was able to do this because they own a trademark on the color magenta. I first learned of the rather ridiculous idea of trademarking a color many years ago, and since that time, I’ve kept a not-at-all comprehensive list of stories about this practice. Today, let’s take a look at just a few colors that companies have attempted to trademark, with varying degrees of success.

[…]

Worse, it seems T-Mobile isn’t even using the color they actually have trademarked, as evidenced by this graphic from the story[…]

Black Friday 2019

My apps are on sale for Black Friday and Cyber Monday, and here are some other good deals that I found:

Lists of deals:

Monday, November 25, 2019

.org Top-Level Domain Sold

Kieren McCarthy (via Quincy Larson):

At the end of last week, the Internet Society (ISOC) announced that it has sold the rights to the .org registry for an undisclosed sum to a private equity company called Ethos Capital. The deal is set to complete in the first quarter of next year.

The decision shocked the internet industry, not least because the .org registry has always been operated on a non-profit basis and has actively marketed itself as such. The suffix “org” on an internet address – and there are over 10 million of them – has become synonymous with non-profit organizations.

[…]

No one, including, we understand, the board of ICANN, expected the Internet Society to sell the registry. But it is also worth noting that the contract negotiation failed to add, or even ask for, protections or commitments to .org’s long-standing non-profit status despite the significant contractual changes and an extension of the contract by 10 years, far longer than previous extensions.

Save .ORG (via Hacker News):

Decisions affecting .ORG must be made with the consultation of the NGO community, overseen by a trusted community leader. If the Internet Society (ISOC) can no longer be that leader, it should work with the NGO community and the Internet Corporation for Assigned Names and Numbers (ICANN) to find an appropriate replacement.

The 2019 .ORG Registry Agreement represents a significant departure from .ORG’s 34-year history. It gives the registry the power to make several policy decisions that would be detrimental to the .ORG community[…]

Previously:

Update (2020-01-02): Nick Heer:

Translation: “If we had told people about this before the sale, it would have meant answering awkward questions that I very much wish to avoid — then and now.”

Andrew Sullivan (via Hacker News):

In our continued interest to be transparent about the details of the agreement regarding Ethos Capital’s acquisition of Public Interest Registry from the Internet Society, earlier today we disclosed the purchase price of the transaction: $1.135 billion.

[…]

Our mission is to support and promote the development of the Internet around the world — an Internet that is open, globally connected, secure, and trustworthy. Our agreement with Ethos Capital will allow us to accelerate our initiatives based on more sustainable, dependable funding, to enable us to commit to longer-term investments and to do much more to ensure that the Internet is there for everyone.

Update (2020-02-04): Nick Heer:

The Attorney General’s letter is thorough, and ICANN indicates that it intends to respond at the end of next week. ICANN has also said that it wants approval for the sale to be delayed from February 17 to April 20.

Update (2020-04-17): Kieren McCarthy (via Hacker News):

ICANN has again delayed a decision on the sale of the .org registry, pushing the issue off for another month multiple sources with knowledge of Thursday’s meeting, have told The Register.

The organization’s board of directors was due to decide today on whether to approve the $1.13bn sale of the .org domain from the Internet Society to private equity firm Ethos Capital, but a last-minute letter from California’s attorney general Xavier Becerra appears to have upended the plan.

Update (2020-05-06): Kieren McCarthy:

ICANN has vetoed the proposed $1.1bn sale of the .org registry to an unknown private equity firm, saying this was “the right thing to do.”

CNAME Cloaking

Romain Cointepas (Hacker News):

A suitable name for this method would be CNAME Cloaking, and it is used to disguise a third-party tracker as first-party tracker. In this case, they are also purposely obfuscating this behind a random subdomain, with a CNAME to a generic and unbranded domain.

With CNAME Cloaking, many problems arise that makes it realistically impossible to block this:

  1. Browser extensions are not allowed access to the DNS layer of the request — i.e., they can’t see the CNAMEs.
  2. When each website loads third party trackers by calling something like a3ksbl.website.com, privacy-protection tools now have to figure out which subdomain is a front for CNAME Cloaking, for tens of thousands of websites. […]
  3. With each website now having its own subdomain cloaking the third-party tracker, those tools need to include as many rules as there are websites using this CNAME Cloaking method. Blocking a third-party tracker went from one rule to thousands.

And newer browsers have relatively low limits for the number of allowed rules.

See also: Wolfie Christl.

Update (2019-11-26): Jeff Johnson:

The endgame has to be disabling JavaScript.

As long as sites can execute arbitrary code in your browser, you’re doomed. Web programmers will continue to find more clever and evil hacks.

Howard Oakley:

I continue to be frustrated that, while most others things in Safari can be controlled by site, JavaScript is just a single control - on or off for everything.

Would it be too much to have finer control?

NVIDIA Drops CUDA Support for macOS

Alex Cranz (Hacker News):

The last vestiges of Nvidia and Apple’s long-term relationship are ending shortly. On Monday Nvidia published the release notes for the next update of its CUDA platform and noted that “CUDA 10.2 (Toolkit and NVIDIA driver) is the last release to support macOS for developing and running CUDA applications.” That means all future versions of CUDA will lack support for Apple devices, which could leave a decent share of the pro community, as well as the hackintosh community, without support for the most popular discrete GPUs being made at the moment.

[…]

But despite the reliance on AMD hardware Apple continued to support Nvidia GPUs. If you wanted to cram a Nvidia card into your older Mac Pro or rely on it for you hackintosh than Apple and Nvidia had you covered. Until last year when Apple quietly stopped support CUDA with the release of macOS 10.14 Mojave. That forced apps that relied on CUDA for hardware acceleration, like Adobe’s suite of software, to issue warnings and reminders to customers.

Previously:

Apple Store Removes Customer Reviews

Amber Neely (Slashdot, Hacker News):

AppleInsider received a tip from a reader who had noted the buyer review section was missing on Apple’s online retail store page. The user also pointed out that the pages have been removed from U.S., U.K., and Australian Apple online stores, which suggests this is not simply a mistake, but rather an intentional move on Apple’s behalf.

The reviews were pulled over the weekend, though it’s not clear as to why this has happened. Apple had been known for leaving up even especially negative reviews, which demonstrated both transparency and integrity to their customers.

Chance Miller:

The Verge points out that it was not uncommon for Apple products and accessories to have unfavorable customer reviews through Apple’s online store. For example, Apple’s Lightning to 3.5mm headphone jack adapter had over 700 one-star reviews.

Presumably this was because customers were mad that newer iPhones need such an adapter, not because the adapter itself didn’t work. On the other hand, the Lightning video adapters have been widely reported to not be reliable. And the extended Magic Keyboard is well regarded but had lots of critical reviews because of its bending problem.

Previously:

Friday, November 22, 2019

OmniOutliner 5.5.1

OmniGroup:

Data Corruption — Changed how LinkBack data is stored to avoid corruption on save when running macOS Catalina. This does not fix files already corrupted by the bug, which presents itself with error details that start with “Error Domain=NSCocoaErrorDomain Code=3840 “Unexpected character…”.

This sounds like it was caused by the Catalina NSData.description change that I wrote out.

Attachments — Attachments added using the Edit menu option immediately appear.

Attachments — Dragging in a folder and selecting the Alias option correctly creates a link instead of embedding.

[…]

Interface — The saved filter rule editor resizes to fit the contents.

I’m really happy to see these fixed.

Now the main thing I’m looking for from OmniOutliner is for it to be faster with large outlines. Opening documents and typing, especially, can be really slow when lots of rows are visible.

Detecting Screen Recording Permission on Catalina

Craig Hockenberry (tweet):

All of the solutions presented here have a flaw in one way or another. The root of the problem is that there’s no correlation between your permission to know about a window (via the name in the window list), your permission to know about the process owner of the window (such as WindowServer and Dock). Your permission to view the pixels on screen is a combination of two sparse sets of information.

Here is a heuristic that covers all the cases as of macOS 10.15.1[…]

Most of the new privacy settings in Mojave and Catalina don’t have APIs to query whether permission has been granted. And many don’t even have APIs to request permission. This leads to extra work for developers to maintain changing heuristics and ultimately a more error-prone and complicated process for customers.

Nicholas Ptacek:

It’s such a mess, and so dumb that we have to do crazy workarounds to get what should be built-in functionality. Apple seems to be under the impression that if they make it excruciatingly hard for developers to query permissions, they’ll just give up.

As do some customers when the system privacy database gets corrupted and the only way to fix it is to reboot in single user mode to temporarily turn off System Integrity Protection.

Previously:

Update (2019-11-25): Neil Sardesai:

Latest update to Step Two got rejected from the Mac App Store cause my QR code scanner technically needs screen recording permissions

It doesn’t help that the Screen Recording permission alert doesn’t let you supply a usage description string. And there’s no simple way to check if your app has screen recording permission, making it hard to put up your own explanatory UI

After explaining to the reviewer why screen recording is needed, they’ve asked me to completely change how the feature works, which is nuts. Other Mac App Store apps like 1Password do literally the exact same thing.

Thursday, November 21, 2019

Full Steam Ahead, But With Feature Flags

Mark Gurman (tweet, Hacker News):

Apple Inc. is overhauling how it tests software after a swarm of bugs marred the latest iPhone and iPad operating systems, according to people familiar with the shift.

Software chief Craig Federighi and lieutenants including Stacey Lysol announced the changes at a recent internal “kickoff” meeting with the company’s software developers. The new approach calls for Apple’s development teams to ensure that test versions, known as “daily builds,” of future software updates disable unfinished or buggy features by default. Testers will then have the option to selectively enable those features, via a new internal process and settings menu dubbed Flags, allowing them to isolate the impact of each individual addition on the system.

When the company’s iOS 13 was released alongside the iPhone 11 in September, iPhone owners and app developers were confronted with a litany of software glitches. […] This amounted to one of the most troubled and unpolished operating system updates in Apple’s history.

[…]

Test software got so crammed with changes at different stages of development that the devices often became difficult to use. Because of this, some “testers would go days without a livable build, so they wouldn’t really have a handle on what’s working and not working,” the person said.

[…]

Still, iOS 14 is expected to rival iOS 13 in the breadth of its new capabilities, the people familiar with Apple’s plans said.

It sounds like they are still in the denial. Feature flags may be a useful tool to help with testing, but much more drastic changes are needed. They don’t seem to have much interest in reducing the scope of major releases, so I would like to see them drop the annual release schedule. And, above all, make an internal commitment to quality.

The testing shift will apply to all of Apple’s operating systems, including iPadOS, watchOS, macOS and tvOS. The latest Mac computer operating system, macOS Catalina, has also manifested bugs such as incompatibility with many apps and missing messages in Mail.

The missing Mail messages bug remains unfixed in macOS 10.15.2 betas. This is the buggiest Mail release I can recall. I’m still busy working around Catalina bugs throughout the system.

Apple privately considered iOS 13.1 the “actual public release” with a quality level matching iOS 12. The company expected only die-hard Apple fans to load iOS 13.0 onto their phones.

And yet customers were automatically prompted to update to 13.0, and even 13.2 introduced major problems.

Peter Steinberger:

Feature flags in teat releases are Apple’s answer to the software quality issue? What about automated testing? And opening up hiring outside of Cupertino, to deal with the amount of radars and missing documentation.

ssɐquʞunɹp:

I can tell you from experience that these “feature flags” carry a lot of tech debt that these managers don’t seem to understand. This may be the canary in the coal mine.

Michael Dupuis:

How about slowing things DOWN? It’s very much a feeling that they are just throwing things over the fence as fast as they can, and it shows in the horrible quality we’ve been seeing...

Kyle Howells:

Adding feature flags to betas isn’t the answer. It’ll just add more work.

Keeping the same process but adding extra steps doesn’t generally work.

They need to slow down, only release software when it’s ready, and prioritise quality, documentation and fixing bugs.

Jeff Johnson:

Annual OS releases are also destroying third-party software quality. We can’t keep up with the constant churn, and the tools are never stable. We waste so much time every year just dealing with Apple’s shit.

Jeff Johnson:

Apple’s software quality problems can’t be solved in iOS 14. They’ve accumulated at least 5 years of technical debt, if not more, from annual releases.

They’re deep down in a hole. Desperately in need of years without a major update.

Previously:

Update (2019-11-26): Mark Gurman:

iOS 13 has had 8 updates in its first two months, the most in that same period since Craig Federighi took over development with iOS 7. See chart.

Scott Anguish:

It’s a myth that Apple doesn’t have remote writers. They have an entire department in Seattle.

Thomas Clement:

And this only works if Apple can detect before shipping that a feature is broken enough that it needs to be turned off.

Dr. Drang:

An old saying from the making of physical products seems apropos: you can’t inspect quality into a product.

Norbert M. Doerner:

They need a massive OS release moratorium, and look at what they have done, and why that failed. Then start fixing the bugs, and change the crazy yearly release cycle, it is utter madness #Apple #StartFixingTheBugs

Jeff Johnson:

Months since previous Mac .0 release:

10.1.0 6
10.2.0 11
10.3.0 14
10.4.0 18
10.5.0 18
10.6.0 22
10.7.0 23
10.8.0 12
10.9.0 15
10.10.0 12
10.11.0 11
10.12.0 12
10.13.0 12
10.14.0 12
10.15.0 12

A sensible progression... until 10.8

(Note that Steve died after 10.7)

Griffin Caprio:

Anyone who’s built even a moderately complex app knows you can’t just pepper in if/else statements and iOS is more than moderately complex.

Patrick McCarron:

The amount of technical debt those flags carry are no joke. Not always a clean removal either.

Update (2019-12-20): See also: MacRumors, Macworld.

Catalina’s Log Can’t Be Unprivatised

Howard Oakley:

If you’ve ever accessed the unified log in macOS Sierra or later, you’ll have seen the many log entries whose crucial information is censored with <private>. Apple introduced this to prevent leakage of protected information into the log, which is an admirable aim, but unfortunately it makes many entries farcical. If you’re really unlucky, the key information for which you’re accessing the log in the first place appears there as <private>.

Apps like Cirrus have relied on an undocumented setting which can be changed by the command log config --mode 'private_data:off' run with root privileges.

But this no longer works with Catalina.

Previously:

Update (2019-11-27): Howard Oakley:

Hardly any log entries made by diskarbitrationd contain usable information in their message field. Trying to diagnose disk, iCloud and OpenDirectory problems from the unified log is almost impossible as a result. For those, we have generally relied on being able to disable log censorship.

In Catalina, Apple has removed that option to disable censorship. Saagar Jha has discovered that the only way to disable censorship now is to put macOS into a special diagnostic mode intended for use exclusively by Apple engineers. George Garside has packaged Saagar Jha’s code into a command tool which can be used to remove censorship in Catalina’s log.

[…]

With the spate of iCloud problems reported from those who have upgraded to Catalina, this is particularly ill-timed. It’s not as if Apple provides any alternative: iCloud is one service for which it appears to have completely forgotten to provide any diagnostics or utilities.

[…]

The unified log is not Apple’s <private> playground. It’s a shared space, with users diagnosing problems, developers hunting bugs, support staff fixing glitches, and system administrators managing their networks. For us all to get benefit from our logs, Apple needs to provide a supported means of temporarily disabling this censorship in the unified log. If it won’t, then it’s time for Apple to admit openly that it doesn’t really want anyone else using the unified log.

Google Shakes Up Its “TGIF”

Steven Levy (Hacker News):

With that, Pichai not only ended an era at Google, he symbolically closed the shutters on a dream held widely in the tech world—that one can scale a company to global ubiquity while maintaining the camaraderie of an idealistic clan.

[…]

Though Google didn’t invent the phenomenon of a weekly all-hands, the success of TGIF made it a much-emulated practice. Facebook held its meeting from the start; Zuckerberg would end by shouting “Domination!” Twitter had a version called Tea Time. You’d probably be hard pressed to find a successful startup or unicorn that didn’t have such a session. What made the weekly all-hands so attractive was its power to bind a workforce to a shared mission. The fact that such meetings could continue when the head count reached five figures and more reflected a crazy optimism that, with the right kind of culture, the physics of corporate alienation could be defied.

Now we’ve learned—no surprise—that physics wins. The big problems of these big companies have led employees to more aggressively question their bosses, and in some cases even sabotage them by leaking the secrets shared in these meetings.[…] In earlier times, employees tended to express their gripes with the expectation that leaders and workers were colleagues, too evolved to get hung up on power disparities. Now, with giant corporations worrying more about market dominance and regulators than about feel-good missions, that kumbaya sensibility is gone.

See also: Three Years of Misery Inside Google, the Happiest Company in Tech.

Schiller on Chromebooks in Education

Phil Schiller (9to5Mac):

You don’t envision a future where [Mac and iPad] merge?

No, that’s not our view. Because then you get this in-between thing, and in-between things are never as good as the individual things themselves. We believe the best personal computer is a Mac, and we want to keep going down that path. And we think the best tablet computing device is an iPad, and we’ll go down that path.

iPad benefits because we assume that you need to be able to do most everything with touch, and we don’t have to trade off on that experience. Mac assumes you want to do most everything with a keyboard and mouse input. We don’t have to trade off on that path. You can look at some of the other products that will try to go halfway between the two. They end up just compromising experiences. That’s not good.

scott:

This is completely at odds with the Catalyst initiative.

Phil Schiller:

College students’ [use] is dominated by Macs. In the majority of creative fields -- writers, video editors, music creators and programmers -- I think that’s an area that’s super strong.

[…]

We have this incredible responsibility to make sure the hardware and software is designed seamlessly together, works the way you want, and those things all ultimately make it so that as a customer, you have ease of use. That’s what we strive to do with the Mac.

[…]

You talked about MacBook as popular with college students. But Chromebooks have grown in the education market. What’s your perspective on that?

In the K-12 market, particularly for the lower grades -- K through six to nine -- iPad is doing really well. We think it is the ultimate tool for a child to learn on.

We’re really investing a lot into continuing to grow, both from the enterprise side with manageability and tools to helping schools from a learning experience. Everything from our Everyone Can Code curriculum that has our Swift Playgrounds app to help children at a very young age learn how to understand software and create opportunities for kids to become developers, all the way to augmented reality.

[…]

Kids who are really into learning and want to learn will have better success. It’s not hard to understand why kids aren’t engaged in a classroom without applying technology in a way that inspires them. You need to have these cutting-edge learning tools to help kids really achieve their best results.

Yet Chromebooks don’t do that. Chromebooks have gotten to the classroom because, frankly, they’re cheap testing tools for required testing. If all you want to do is test kids, well, maybe a cheap notebook will do that. But they’re not going to succeed.

James Vincent:

Schiller later tried to clarify the comment on Twitter, saying that Apple also provides “content, curriculum and tools” for kids, framing his remarks more as a comment on Google and Chromebook manufacturers than the children using them.

Steven J. Vaughan-Nichols (Hacker News):

I guess Apple is in the first stage of grief over the state of its education market share: denial. As my colleague Mike Elgan noted recently, “Google schooled Apple and Microsoft in the education market by growing market share from zero to 60 in eight years.”

[…]

And, no, it’s not all about price. Chromebooks are great machines, and vendors are adding features to push them into the enterprise.

Benjamin Mayo:

IMO iPads offer a better experience but are easier to break and not as affordable … so schools pick Chromebooks.

Daniel Bader:

The implication here is that Chromebooks can’t, or make it hard to, facilitate kids’ creative learning and growth. That’s grossly false, but it also misses that most teachers and school boards are cash-strapped and any tool, even a shitty Chromebook, is better than nothing.

Quinn Nelson:

Privacy aside, Schiller couldn’t be more wrong. Chromebook fills all the needs for schools and iPad leaves much to be desired.

[…]

And if I’m being frank, I agree with Schiller. They suck. But they’re perfect for schools and they’ve already succeeded. Google won. Better tools, better integration with schools, lower cost, cheaper hardware. Apple will never be able to compete. It’s over.

Eric Young:

When you hear Schiller & Apple press folk talk about iPad price as being the reason Apple lost

That should be eye opening

And it explains why Apple to this day is flat footed without any viable strategy in so many areas they compete in. And why Apple press folks are too

I’ll say it again. It really has nothing to do with price

Apple could give iPads away for free - and they do! They still lose and don’t know why

Google, Facebook, Amazon own the Apple users. Apple just doesn’t know it yet

Previously:

Update (2019-11-26): Kyle Howells:

An iPad is nicer but is more limited.

If I had to pick a device I’d pick a Chromebook. It has a real desktop web browser and a trackpad. It’s a computer(ish) & can do computer things. An iPad is still too limited.

Chromebook vs MacBook Apple wins
Chromebook vs iPad Google wins

And that’s from a users point of view.

From school’s the Chromebook keeping everything in the cloud and the device being throw away interchangeable terminals is fantastic and exactly what they need.

SF Viewer Removed From the App Store

SFViewer:

Are you a designer or developer who wants to view, compare or export SF Symbols on your iPhone or iPad? Check out SF Viewer here.

Aaron Pearce:

Just received a phone call from Apple regarding SF Viewer. They have made the decision to remove it from sale as its concept is not acceptable under their guidelines/license.

I may look to tidy up the code base and open source it in the near future.

It was rejected due to allowing users to export symbols to various formats and view the additional internal metadata of the fonts.

Honestly I was somewhat surprised that it even passed review once so this was an outcome I was expecting eventually. It was a very grey area of the rules.

It seems like without the export feature it would still be useful and hopefully non-controversial.

Previously:

Update (2019-11-26): Geoff Hackworth:

I was sad to see SF Viewer go, but there’s another solution! Browsing system images is one (of many) features of my Adaptivity app. Supports multiple windows on iPadOS 13. I’m working on a grid view for the next release.

Wednesday, November 20, 2019

Guilherme Rambo Locked Out of Apple Developer Account

Guilherme Rambo (tweet, Hacker News):

After about two weeks of waiting, I decided to call developer support, which sounds easy, but I couldn’t find any phone number to reach them anywhere on the public part of the developer site. The only way to get on the phone with developer support is to visit a page within the developer portal where you can enter your phone number for them to call you later. The problem is that I couldn’t even visit that page because it also redirected me to the aforementioned contact form.

[…]

Like I mentioned before, the problem began in August. So far I’ve tried every possible private communication channel before deciding to make this story public. It’s worth mentioning that I didn’t get any e-mail or call from Apple warning about any sort of action being taken against my developer account. Apple always says that “running to the press doesn’t help”. Unfortunately, they haven’t responded in any way, even when I tried reaching out through internal contacts that I have. So the only option I have left now is to “run to the press”.

I’ve read about developers having their accounts shut down for all sorts of alleged reasons. The most recent case happened to my friend Ying, who got his account terminated for “fraud”, which he didn’t commit. After he shared his story publicly, Apple reinstated his account.

With notarization required for Catalina, even distributing apps outside the App Store requires a developer account. Not stated: he’s probably violated the Apple Developer Agreement. Personally, I don’t think publishing publicly available (though hidden) information should be grounds for banning. And, regardless, he should be able to get a straightforward and prompt answer about his account status.

John Gruber:

Rambo is extraordinarily talented at what I would describe as digital spelunking — he explores the internals of beta OS releases and pokes at beta APIs and he finds things that weren’t supposed to have been exposed. And when he does, he publishes his findings. It would be quite a coincidence if that’s not the conflict at the center of his account having been disabled — that someone at Apple got pissed off and impetuously ordered Rambo’s account disabled, and now they don’t want to explain it.

Jason Snell:

Would be a real shame if Apple suspended his account because they don’t like that he’s smart enough to uncover things they’ve accidentally shipped publicly. That would be petty retaliation.

Rob Lorenz:

It would be terrible, but I think it’s almost better than the alternative. They’ve locked him out for months and won’t tell him how to restore his account. If that isn’t retaliation, what is it? They’re just totally incompetent at account management and developer relations?

Previously:

Update (2019-11-25): Jason Snell:

There are many angles to this story. Rambo’s sources are not limited to software—over the past year he’s written stories that suggest human sources, he’s outguessed Apple at how it named URLs for forthcoming public events, and yes, he’s found hints of future products in beta releases of Apple’s operating systems.

That last one is, without a doubt, against the letter of the law of section 9 of Apple’s developer license agreement[…]

[…]

It is literally impossible for disclosures like this to remain secret on today’s Internet. The right move is what Apple’s been doing the past few years, namely attempting to keep the real secrets locked up in Cupertino and assume that anything given to developers will leak.

Guilherme Rambo:

My Apple developer account issues have been resolved.

No word on whether Apple provided an explanation or imposed any conditions for reinstating his account.

Are Apple Repairs Profitable?

Matthew Gault (via Jason Koebler, MacRumors):

Tuesday, Kyle Andeer, Apple’s Vice President of Corporate Law, answered those questions. In its testimony, Apple repeatedly denied accusations it was making it hard for people to repair their own phones and protecting a virtual repair monopoly. But its answers often didn’t align with reality.

[…]

Safety obviously isn’t Apple’s primary concern. If it were, it’d provide easy access to training and manuals it claims would prevent injury.

[…]

Apple also seemed incapable of answering basic questions about the repair market it insists it must tightly control. When the Congressional committee asked Apple how many technicians it had, it claimed there were tens of thousands. When the Committee asked how much revenue Apple generated from repairs, Apple claimed that “For each year since 2009, the costs of providing repair services has exceeded the revenue generated by repairs.”

The idea that Apple is losing money on repair is wild, and a curse of its own making. The answer by Apple seems vague on purpose. Throughout the years, Apple has had to offer many “service programs” for defective products. Most notably, Apple has had to replace a large number of MacBook and MacBook Pro devices for free because it designed an unrepairable keyboard that breaks easily and with normal use. Rather than replacing a few keys on those devices, Apple has to replace half of the computer. If Apple is including warranty repairs and service program repairs in addition to standard retail repairs, well, then, it is quite simply misleading the public and Congress.

I wonder if AppleCare plans are counted in the revenue. I actually do think it’s possible that repairs are not profitable. But there’s also room for a lot of creative accounting, e.g. for the portions of retail stores dedicated to repair.

Previously:

Update (2019-11-25): Chris Carr:

Apple repairs are not profitable. At least I’m pretty darned sure they weren’t when I was there. AppleCare (the organization) would be happy to just break even.

Update (2019-11-26): Kevin Purdy:

Apple answers the question we’ve been chasing for the last fifteen years, “Why prevent access to repair content?” with: Our content makes repairs safer and easier. Which is not only not an answer, it also seems to be a very solid reason to distribute parts and manuals. In Apple’s mind, there’s a straight line between untrained techs and unsafe repair, which is a dubious claim to be sure–but if they believe it, shouldn’t they be trying to prevent that danger, not exacerbate it?

The charitable view is that this close-to-the-vest practice can be chalked up to Apple’s obsession with vertical integration of the customer experience. But that hasn’t really panned out.

[…]

Apple’s answer is, essentially, no. In full: “Apple does not take any actions to block consumers from seeking out or using repair shops that offer a broader range of repairs than those offered by Apple’s authorized technicians. Customers are free to obtain repairs from any repair shop of their choice.”

Apple’s answer is false.

Where to Get Apple Products Repaired

Speaking of outsourcing and contracting what should be a core competency, scott writes:

It’s important to know that once you drop your devices off at the Apple store, they’ll ship them off to a subcontractor for repairs. These facilities are run like sweatshops.

themobfoundmeguilty:

I work at an Apple repair depot, a company called CSAT Solutions.

[…]

Recently, they have begun to hire more people because their retention rate is horrible. The problem is that most of the people they hire are incredibly incompetent. You could have never worked on a computer before and as long as you can read and write English you’re in. The result is you have a bunch of people that don’t know even the basics of troubleshooting computers repairing $2000+ machines. These people also can’t handle the workload so it puts incredible pressure on veteran techs that not only have to worry about their work but other’s work as well. To add insult to injury, these new technicians are being given a $750 bonus for staying with the company for 3 months. All the while technicians that have been at the company for a decade haven’t seen another penny.

[…]

In the end you’ll get a refurbished motherboard that will most likely fail again because the company that repairs them does a shitty job. Sometimes the “new” board we’re gonna use looks worse than the one you sent your unit in with. I have received boards with corrosion and we are told to use them and cannot change it unless it fails for something.

Every aspect of this company is a joke. Their shopfloor system is always crashing. And they still expect us to finish the work. We get the units in the morning and they’re supposed to ship out at night.

1-800-275-2273:

I work for AppleCare. If OP, or any of the technicians in the repair depot flag a device for “unauthorized modifications” (like a screen or battery that isn’t Apple’s), we deny warranty service to the customer. Guess how many times the “unauthorized modifications” are wrong?

Literally every day. And then I have a customer screaming to me how they’ve never had the phone or MacBook serviced by anyone other than Apple. And there’s nothing we can do about it. We send the device back, and lose the customer.

MarblesAreDelicious:

I’ve worked at two AASPs now as an ACMT/ACiT and I’m beginning to think AASPs are perhaps a better solution for people to get their Apple stuff fixed. Our locations have to meet Apple’s standards and we have been always overly cautious to ensure we do as to not lose our certification and the customer base it provides. Because it is our company’s money and reputation on the line for every repair, we make for damn certain we follow the procedures and read the service guides until we are completely familiar with them.

The only two issues with some AASPs is that they can and will charge beyond Apple’s guidelines for pricing. My company does not for certain services, but does for others. The other being turnaround time; we don’t stock parts and cannot replace devices on the fly. Turnaround time can be days because of this. But I feel the offset is that we will make sure it’s done correctly every step of the way.

I have typically done mail-in repairs because they are faster than waiting a week or so for the local shop to have availability and then receive parts. I also don’t want to be charged extra when I’m already paying for AppleCare. I’ve generally been happy with the results, though several times the Macs have come back with damage that wasn’t initially there.

Michael Brice-Saddler (via Alex Stamos):

Upon arriving, she handed her phone to an employee who began “messing around with it for quite a while,” she wrote the next day.

“I didn’t really pay any mind to it because I just figured he’s doing his job, looking into my insurance info or whatever,” she wrote to Facebook. “He asked for my passcode TWICE in that time frame which I, at the time, didn’t think anything of.”

It turns out Fuentes’s initial concerns were legitimate. When she got home, Fuentes turned on her phone and noticed a text that had been sent to an unknown number, she wrote. The message’s contents were even more harrowing: Fuentes alleged that the Apple employee had gone through her photos, retrieved a private picture and texted it to himself.

ChrisLTD:

Apple store employees have always confirmed that I’ve deleted all my data before I drop off a device that is being sent to a repair center.

scott:

For me it was always just give them the password and turn off Find My Phone. But then again I always wiped my devices ahead of time. It’s also been years since I’ve taken a Mac in. I’m dreading going to get my keyboard replaced, I’ve put that off for four years.

I think I’ve always been instructed to give them the password, which I never do. But backing up, wiping, and restoring a Mac (or even an iPhone) is very time consuming.

See also: The Talk Show.

Previously:

Update (2019-12-20): Mike Peterson:

It’s also worth turning on FileVault 2 disk encryption before you send your Mac off to be repaired. When FileVault 2 is enabled, only the administrator who set it up can actually decrypt the contents of your drive.

Because of that, your data should be safe from any non-admin account that you set up for Apple Support staff to use for testing.

Nikolaj Schlej:

macOS Catalina brings a small, but important update to Mac Firmware Password mechanism: you can now opt-out (and back in) from password reset mechanism used by AppleCare (see here for it’s guts). It makes FW password harder to reset, use it on your own risk!

Update (2019-12-30): Howard Oakley:

This article explains what you should do – when possible – before your Mac goes for service or repair, so that when it returns you can get up and running as quickly as possible.

How Swift Achieved Dynamic Linking Where Rust Couldn’t

Alexis Beingessner (tweet, Hacker News):

For those who don’t follow Swift’s development, ABI stability has been one of its most ambitious projects and possibly it’s defining feature, and it finally shipped in Swift 5. The result is something I find endlessly fascinating, because I think Swift has pushed the notion of ABI stability farther than any language without much compromise.

So I decided to write up a bunch of the interesting high-level details of Swift’s ABI. This is not a complete reference for Swift’s ABI, but rather an abstract look at its implementation strategy. If you really want to know exactly how it allocates registers or mangles names, look somewhere else.

Also for context on why I’m writing this, I’m just naturally inclined to compare the design of Swift to Rust, because those are the two languages I have helped develop. Also some folks like to complain that Rust doesn’t bother with ABI stability, and I think looking at how Swift does helps elucidate why that is.

Patrick Walton:

I should mention that Rust tried in its early days to do witness tables (“type descriptors”/“tydescs”). I wrote a lot of that code.

Ironically, one of the big reasons we ripped it out was because of code bloat.

IIRC switching to monomorphization actually reduced code size by quite a bit.

Though the biggest reason was just performance: we couldn’t get type descriptor overhead below 20% of the program runtime or so, which was unacceptable.

Doug Gregor:

I still think that Swift’s library evolution story (ties in with the ABI) is the only novel feature of the Swift language. Everything else is lovingly borrowed and integrated from other languages

Joe Groff:

Reabstraction might also be a novel implementation technique. Some papers on levity polymorphism in Haskell declared the problem unsolvable without a JIT

Previously:

Tuesday, November 19, 2019

Time Machine in Catalina

Howard Oakley:

  • Backups now include three volumes: the read-only System volume, the Data volume, and the Recovery volume.
  • Strategies for determining what needs to be backed up now include both FSEvents and snapshot differences for APFS volumes.
  • backupd doesn’t log the free space available on the backup volume.
  • Backups made by macOS 10.15 are no longer compatible with 10.14.6 and earlier.

See also: Time Machine and backing up in Catalina.

Previously:

Name Mangler 3.6

Many Tricks:

The biggest new feature is that you can now create independent sequences based on some common metadata, such as parent folder name. Now each set of files within a folder can have a sequence number that starts with “1,” instead of continuing on across folders.

Previously:

Airline Apps and Business Chat

Adam Engst:

The moral of the story? If you have, for some reason, resisted getting the free airline apps, I can say that using them is absolutely worthwhile. From what I can tell, both the American and United apps provide similar features, and other airlines may as well. The way Delta’s app allowed me to pick alternative flights when there were options and rebooked me automatically when there was an obvious best choice was both brilliant and tremendously welcome.

I also appreciated the low-stress communication via Business Chat in Messages—between waiting for the agents to appear in Messages and then solve my problems and answer my questions, I spent over 100 minutes chatting. There’s no way of knowing if I could even have achieved the same results on the phone or if it would have taken the same amount of time, but the prospect of devoting that much phone time to such simple conversations is daunting.

Apple’s New Map Expands to Midwest and Western U.S.

Justin O’Beirne (Hacker News):

All of this suggests that Apple might be using iPhone probe data to determine which roads to show on its map. And if that’s the case, it helps explain why so many rural and less traveled roads have been downgraded or dropped from certain zooms[…]

That doesn’t seem like a good idea.

Because of data licensing restrictions, Apple likely can’t use traffic data derived from the old map in order to make the new one. So Apple might be seeding new map areas to get traffic information that it can feed back into the map for road prioritization.

And if you watch how the new map has been changing while Apple has been “testing” it, this seems to be what Apple is doing. As time goes on (and as Apple accumulates traffic information), more and more roads are upgraded to arterials[…]

[…]

Given the pace of Apple’s U.S. expansion, it seems that Apple’s initial map, which it had spent four years making (and had hints of human labor), served as a training set for the extraction algorithms that are now accelerating Apple’s mapmaking effort.

And if that’s the case, it explains why Apple still expects to cover the entire U.S. by year’s end, even though there’s 48.6% left to go...

Previously:

Direct Objective-C Properties

In a future compiler version:

A direct property specifier is added (@Property(direct) type name)

These attributes / specifiers cause the method to have no associated Objective-C metadata (for the property or the method itself), and the calling convention to be a direct C function call.

The symbol for the method has enforced hidden visibility and such direct calls are hence unreachable cross image. An explicit C function must be made if so desired to wrap them.

Via Tanner Bennett:

This feature tries it’s hardest to break everything that makes Objc great. KVC, KVO, swizzling, etc., even OOP because this is effectively final for objc. In case anyone was wondering why I’m disappointed in this addition.

I can only hope codebases adopt it sparingly.

Greg Parker:

Counterargument: the alternative to get this level of performance is to rewrite your method as a C function. That experience is awful in practice. It’s important to be able to tune dynamism vs performance without busy-work syntax changes.

It’s a great feature to have for this reason. But I hope it’s not overused.

Previously:

Update (2019-11-20): Jonathan Deutsch:

Counter-counter argument: this is needed rarely, and much more rarely than many will think it is needed.

In my experience, most developers jump at the opportunity for “performance” even when premature, not measured, and probably not going to be effective.

Part of Objective-C’s beauty was that it was simple. One used to be able to easily learn the language, read others’ code, and thus debug others’ code.

There’s no feature in a language of higher priority than this… definitely not performance.

Although one could argue that this feature makes the optimized code more readable.

See also: this thread.

Update (2019-11-27): Pierre Habouzit (thread):

The Obj-C dynamic dispatch comes with many costs, this is common “knowledge”. However the details of it are rarely known.

Beside the obvious cost of the h-lookup, it comes with 4 other kinds of costs:

- codegen size
- optimization barrier
- static metadate
- runtime metadata

[…]

When used on a typical Obj-C framework, it is easy to reduce your binary size by 5% or more. Using LTO will easily make this win even larger. It means in turn that the working-set of the processes is smaller, which gives you more space for things that are actually useful.

As such, you now start to see that despite the obvious initial reaction which is “holy s**t this is great for hot code”, the target audience is even more the long tail of rarely used monomorphic calls that are killing your binary size for very little added value.

Update (2019-12-17): Steve Troughton-Smith:

As far as things that make my life harder, inlining ObjC methods isn’t one of them. Getting human-readable disassembly out of Swift code is a nightmare, on the other hand. I’m far more concerned about Swift adoption increasing than improvements to ObjC

Louis Gerbarg:

The best part about that thread is that I am about 90% the StepStone ObjC compiler actually had a keyword with pretty much the same semantics as objc_direct. Unfortunately I can’t find any documentation for it.

Pierre Habouzit:

Not exactly. But close. The radar has it. It used to be - ([inline] __direct__ type)mySelector...;

See also: Mattt Thompson.

Monday, November 18, 2019

How Google Interferes With Its Search Algorithms and Changes Your Results

Kirsten Grind et al. (via Sam Schechner, Hacker News):

Over time, Google has increasingly re-engineered and interfered with search results to a far greater degree than the company and its executives have acknowledged, a Wall Street Journal investigation has found.

[…]

Despite publicly denying doing so, Google keeps blacklists to remove certain sites or prevent others from surfacing in certain types of results. These moves are separate from those that block sites as required by U.S. or foreign law, such as those featuring child abuse or with copyright infringement, and from changes designed to demote spam sites, which attempt to game the system to appear higher in results.

[…]

To evaluate its search results, Google employs thousands of low-paid contractors whose purpose the company says is to assess the quality of the algorithms’ rankings. Even so, contractors said Google gave feedback to these workers to convey what it considered to be the correct ranking of results, and they revised their assessments accordingly, according to contractors interviewed by the Journal. The contractors’ collective evaluations are then used to adjust algorithms.

[…]

In one change hotly contested within Google, engineers opted to tilt results to favor prominent businesses over smaller ones, based on the argument that customers were more likely to get what they wanted at larger outlets. One effect of the change was a boost to Amazon’s products, even if the items had been discontinued, according to people familiar with the matter.

Barry Schwartz:

The truth is, I spoke to a number of these Wall Street Journal reporters back in both March and April about this topic, and it was clear then that they had little knowledge about how search worked. Even a basic understanding of the difference between organic listings (the free search results) and the paid listings (the ads in the search results) eluded them. They seemed to have one goal: to come up with a sensational story about how Google is abusing its power and responsibility for self gain.

Google is not certainly perfect, but almost everything in the Wall Street Journal report is incorrect.

[…]

I know they interviewed me a couple of times, and I told you how that went above. But we reached out to Glenn Gabe, an SEO industry veteran who works extensively with companies that have been impacted by search algorithm updates, who was quoted in the piece. Gabe told us that not only were his conversations with the paper off-the-record but also that he was misquoted. Gabe said he reached out to the reporter who apologized and offered to fix the quote. But later he was told that the quote had to stay as is.

It’s worrisome that something so important is a black box. I’ve been seeing smoke about stuff like this for years, but solid information is hard to come by, and no one has yet put it together in a way that shows there really is a fire. It seems that this report doesn’t, either.

Previously:

OpenSwiftUI

Devran Uenal (via Hacker News):

OpenSwiftUI is an OpenSource implementation of Apple’s SwiftUI DSL (Domain-specific language.

The project’s goal is to stay close to the original API as possible.

The actual rendering of UI elements can then be implemented by other projects for different platforms like Linux, Windows, Embedded, etc.

[…]

This project is in early development.

Even if you don’t plan to use the open-source implementation, seeing how it works can help you understand what SwiftUI is doing.

danpalmer:

Interesting detail about Square that I learnt on Twitter shortly after SwiftUI was launched… Square sold iPads with their software on as “appliances”, so they can’t deprecate them on a schedule like most software. For this reason the Square iOS codebase (which is a single codebase) must support back as far as iOS 9.

Because of this, they’re considering an internal implementation of SwiftUI so that they can start using it now, rather than in ~5 years time. I wouldn’t be surprised if they open sourced this if they do go ahead with it.

See also: AwfulUI.

Previously:

Basecamp Personal

Jason Fried (via tweet):

But one complaint we’ve heard is that Basecamp is priced for businesses, not for personal side projects. We felt it was finally time to do something about that.

So today we’re formally introducing Basecamp Personal – a completely free Basecamp plan designed specifically for freelancers, students, families, and personal projects.

It’s limited to 3 projects and 20 users. It’s nice that they allow it for money-making projects, rather than only personal ones as some services do. The business price is $99/month, which is just too much for the occasional freelance project.

David Heinemeier Hansson:

We’ve had a free plan in the past, but it was always way more limited than our new Basecamp Personal. But not everyone can afford our business plans, and it’s a tragedy if they’re forced to trade their privacy with Big Tech tools.

[…]

You can delete a project, but no archiving.

Vaping Apps Removed From App Store

Joe Rossignol:

Apple is removing all vaping-related apps from the App Store today, according to Axios, shortly after the Centers for Disease Control and Prevention reported 2,172 lung injury cases linked to e-cigarette or vape products.

[…]

Apple had already took a step in this direction in June, when it updated its App Store Review Guidelines to indicate that apps encouraging consumption of vape products are not permitted on the App Store.

Wikipedia:

The benefits and the health risks of e-cigarettes are uncertain. There is tentative evidence they may help people quit smoking, although they have not been proven to be more effective than smoking cessation medicine. There is concern with the possibility that non-smokers and children may start nicotine use with e-cigarettes at a rate higher than anticipated than if they were never created.

John Gruber:

The stuff about selling cartridges, and sharing news — it’s fine for that stuff to be out of the App Store because you can get it on the web. But Bluetooth stuff where apps were used as the interface for controlling hardware — web apps can’t do that (nor should they be able to). There is no alternative to a native app, and native apps are only available on the App Store. This would be an easy call to make (and would have been made from the get-go by Apple) if vaping were illegal. But it’s not illegal.

Update (2019-11-26): Steve Troughton-Smith:

There are all kinds of modern hardware ecosystems that literally do nothing if not paired with a smartphone app, like some scooter brands. Apple does not get to unilaterally make calls like this, and I hope they get crucified in upcoming antitrust cases

The Macalope:

It’s worth pointing out that the canisters that did contain cyanide were counterfeit. The Macalope just checked his local liquor store and we haven’t banned alcohol sales because prison wine blinded some people. He also checked the App Store and we haven’t banned mixology apps, either. But one of the apps Apple banned actually checked canisters to see if they were counterfeit.

Ben Thompson:

Those apps — and by extension, device functionality — are no longer available to iPhone users— you can’t get this level of functionality in a browser — not because regulators ruled them illegal, or because Congress passed a law, but because a group of technology executives said so. And, what they said held sway because the App Store is integrated with the iPhone: Apple has a monopoly on what apps can or cannot be installed.

John Gruber:

As it stands today, tobacco and marijuana are OK in the App Store if you smoke them but banned if you vape them. That distinction seems impossible to defend, other than by noting that vaping is a hot topic in the news, and cigarettes and weed baroning are not.

Previously:

Update (2020-10-20): Journal of the American Heart Association:

During peer review, the reviewers identified the important question of whether the myocardial infarctions occurred before or after the respondents initiated e‐cigarette use, and requested that the authors use additional data in the PATH codebook (age of first MI and age of first e‐cigarettes use) to address this concern. While the authors did provide some additional analysis, the reviewers and editors did not confirm that the authors had both understood and complied with the request prior to acceptance of the article for publication.

Post publication, the editors requested Dr. Bhatta et al conduct the analysis based on when specific respondents started using e‐cigarettes, which required ongoing access to the restricted use dataset from the PATH Wave 1 survey. The authors agreed to comply with the editors’ request. The deadline set by the editors for completion of the revised analysis was not met because the authors are currently unable to access the PATH database. Given these issues, the editors are concerned that the study conclusion is unreliable.

The editors hereby retract the article from publication in Journal of the American Heart Association.

The Hotel Cupertino Clause

Alex Russell (Google employee):

There seems to be confusion about how, exactly, Apple keeps the web second-class on iOS. Understandable! It’s the interplay of several interlocking effects. Let’s examine them (thread).

First, no matter how app-like it is, Section 4.2 of the App Store Review Guidelines excludes web experiences from being discovered via the search box where users go to add things to their homescreen.

[…]

Next, Apple under-invests in Safari’s engine (WebKit) in ways that cumulatively make it difficult to do anything new and ambitious.

[…]

On every other OS, the way we have dealt with laggard browsers is through competition.

[…]

Section 2.5.6 is the Hotel Cupertino clause: you can pick any browser you like, but you can’t choose a better web. In fact, iOS prevents other browsers from even replacing Safari as the system default.

2.5.6 caps web progress at the rate that Apple (under) invests.

All of this has been done to preserve the linkage between proprietary OS/APIs, an exclusive software ecosystem, and the hardware sales that software ecosystem supports.

If you’re a web developer, this means that iOS -- the whole OS -- is the new IE6. Your CEO and wealthiest users won’t switch off it, so it taxes everything you do. They also can’t imagine the web being great because, for them, it isn’t.

Russ Bishop (Apple employee):

That’s rich, coming from the company that abused its #1 search position to drive adoption of Chrome, forked Blink from WebKit, and slams new APIs through without considering perf/privacy.

“Open Web” from Google is code for “whatever Is best for Google and ad-tech this week”

You were the ones that decided to fork from WebKit, dividing what had been the largest community of devs working on web technologies.

You did it because YOU want control of the web.

As if best battery life and privacy is “under-investing”.

Tony Arnold:

Google forking WebKit was a thin cover for breaking down standards bodies of the time.

It wasn’t altruistic. It wasn’t about users.

Google are an advertising company that uses their tech to gather data to better sell ads.

Miguel de Icaza (Microsoft employee):

1. This has the upside of preventing the web to have a single provider in the form of Chromium. This is the last bastion of defense for diverse engines.

2. It also slows down the standardization of fringe features that are done purely for Google’s needs and have no reason to be standardized.

Orta Therox (Microsoft Employee):

I’m pretty glad for the App Store rules that keep chrome from monopolizing all web browsers in every context, personally. Never been a Chrome user, but I think Safari do a good balance on user features vs dev wants.

Matt Aimonetti:

Both companies are terrible and both of you have valid points. Apple opts to be conservative and closed (therefore safer but also in a closed ecosystem), Google is pushing features, often for its own benefit, which leads to fragmentation and security threads

Yes, both companies are pursuing policies that benefit them and which they also think are better for users. Users have multiple concerns, which are only partially addressed by each browser.

On the Mac, I choose Safari because I like its emphasis on privacy, and I think it’s a better Mac app. But seemingly everyone I know who is not picky about such things uses Chrome because it’s always compatible. (Or, perhaps, it has such marketshare that sites are forced to adapt to it, but to the user that amounts to the same thing.) I am seeing increasingly many sites that don’t work properly with Safari, so for them I use Chrome or Firefox. The WebKit Goals for 2020 (via Hacker News) don’t have much to say about this. It also annoys me that Safari beachballs for a few seconds every time it auto-fills a login. So I am always tempted to switch, but I don’t like any of the other choices that much.

On iOS, of course, there is no choice. Microsoft famously got in trouble merely for privileging its browser, not actively blocking competing browsers from running.

Kyle Pflug:

There’s a third axis here, which is “good for competition.” It’s difficult to deny (at least, in good faith) that iOS policies have the effect of making it more difficult for compelling alternate device ecosystems to take root (Google Play policies do the same thing.)

The web has remarkable potential to be an equalizer and Apple is strongly disincentivized to invest in capabilities that enable that.

Even when there are also good-faith reasons to prefer a walled garden (and there are many), it’s hard to not notice the more cynical motivations.

Jamie Gaskins:

I really wish people would stop using the phrase “the new IE6”. There is literally nothing in web development today that compares to developing for IE6.

Nathanael Anderson:

Actually I tend to agree it is the new ie6. Been around since pre-ie6. IE6 froze API in that era; so all these cool new API were unusable because of IE6. Safari is doing the same thing now. Lots of new shipping api’s are unusable because of having to support iOS...

Bridger Maxwell:

FWIW, when I port features from my iOS app to the web app version it is often Safari that is missing the APIs. The little examples add up. For example, touch and scroll input APIs don’t support Retina resolutions yet (they are all whole numbers). Other browsers do.

There are lots of people making fun of Google for counting the number of Web APIs implemented. But what other metric would make sense? It’s pretty funny because in the early days Apple bragged about the percentage of Web specs Safari implemented vs. other browsers, and at each WWDC it touts the number of new iOS and macOS APIs that it’s added.

Previously:

Update (2019-11-20): Apple responds to Congress (via Hacker News):

Users cannot uninstall Safari, which is an essential part of iPhone functionality; however, users have many alternative third-party browsers they can download from the App Store.

[…]

iPhone users cannot set another browser as the default browser. Safari is one of the apps that Apple believes defines the core user experience on iOS, with industry-leading security and privacy features.

[…]

The purpose of this rule is to protect user privacy and security. Nefarious websites have analyzed other web browser engines and found flaws that have not been disclosed, and exploit those flaws when a user goes to a particular website to silently violate user privacy or security. This presents an acute danger to users, considering the vast amount of private and sensitive data that is typically accessed on a mobile device. By requiring apps to use WebKit, Apple can rapidly and accurately address exploits across our entire user base and most effectively secure their privacy and security. Also, allowing other web browser engines could put users at risk if developers abandon their apps or fail to address a security flaw quickly. By requiring use of WebKit, Apple can provide security updates to all our users quickly and accurately, no matter which browser they decide to download from the App Store.

rgovostes:

Google pioneered the out-of-process architecture that Safari now uses, developed the Safe Browsing program that Safari also uses, drove the adoption of HTTPS, put pressure on misbehaving certificate authorities and shepherded certificate pinning and then Certificate Transparency, and found many vulnerabilities in WebKit through security research that Apple was not itself doing.

Moreover, on the desktop, Chrome and Firefox both have automatic update channels that allow them to push out security fixes much more rapidly than Apple’s heavy OS updates. (On iOS, they would be limited by Apple’s App Store approval process.)

Friday, November 15, 2019

Apple Card’s Outsourced Algorithm

David Heinemeier Hansson (video):

The @AppleCard is such a fucking sexist program. My wife and I filed joint tax returns, live in a community-property state, and have been married for a long time. Yet Apple’s black box algorithm thinks I deserve 20x the credit limit she does. No appeals work.

It seems like a bit of an overreaction because he’s extrapolating from two data points that are not independent. There could be a reasonable explanation, or simply a bug. But it’s worth asking whether the algorithm is fair in aggregate, and many other customers have chimed in with similar experiences. This story also points to other issues about black box algorithms and AI: whether anyone actually understands the algorithm, the desire for explanations and appeal in individual cases, special treatment for some, and Apple’s role in the card that bears its name.

Jamie Heinemeier Hansson:

I care about transparency and fairness. It’s why I was deeply annoyed to be told by AppleCard representatives, “It’s just the algorithm,” and “It’s just your credit score.” I have had credit in the US far longer than David. I have never had a single late payment. I do not have any debts. David and I share all financial accounts, and my very good credit score is higher than David’s. […] But AppleCard representatives did not want to hear any of this. I was given no explanation. No way to make my case.

There wasn’t even a way to check and correct the inputs to the algorithm.

I care about justice for all. It’s why, when the AppleCard manager told me she was aware of David’s tweets and that my credit limit would be raised to meet his, without any real explanation, I felt the weight and guilt of my ridiculous privilege.

If only it were so easy for a manager to snap their fingers and make other computing problems go away. But with cloud syncing and other modern bugs, there’s often no explanation or solution. People accept brokenness because they feel they have no choice. There are no legal requirements for transparency, nor culture of it.

David Heinemeier Hansson:

And the best defense of all: THAT’S JUST HOW THE CREDIT INDUSTRY WORKS. Ehh, okay? How is that anything but the most damning charge upon Apple’s pitch with their card? Did the iPhone launch pledging to please carriers and the status quo as its modus operandi? No.

Apple offers a credit card that bases its credit assessment on a black-box algorithm that 6 different reps across Apple and GS have no visibility into. Even several layers of management. An internal investigation. IT’S JUST THE ALGORITHM!

So nobody understands THE ALGORITHM. Nobody has the power to examine or check THE ALGORITHM. Yet everyone we’ve talked to from both Apple and GS are SO SURE that THE ALGORITHM isn’t biased and discriminating in any way.

[…]

The algorithm might discriminate out of biased historical training data, faulty but uncorrectable inputs, programming errors, or malicious intent. You’ll never be able to know.

Sridhar Natarajan and Shahien Nasiripour (tweet, Hacker News):

A Wall Street regulator is opening a probe into Goldman Sachs Group Inc.’s credit card practices after a viral tweet from a tech entrepreneur alleged gender discrimination in the new Apple Card’s algorithms when determining credit limits.

Sonder Scheme:

We suspect that the Goldman algorithm was trained on data that included an important bias: that the husband is the primary card holder in traditional credit card approval. This biased the data so the algorithm assigned higher creditworthiness to the primary card holder. This meant that the primary card holder status became the proxy for gender.

The whole situation was made worse by a number of applications coming from a demographic or group that exposed this bias, an AI-enabled product which broke the mental model of Apple family sharing and a total lack of a “human-in-the-loop” recovery combined with unexplainable and non-intuitive AI.

David Heinemeier Hansson:

They delegated the most central question of the entire product – CAN I USE THIS? – to a status-quo player with a checkered moral past.

Steve Wozniak:

The same thing happened to us. I got 10x the credit limit. We have no separate bank or credit card accounts or any separate assets. Hard to get to a human for a correction though. It’s big tech in 2019.

Daniel Vassallo:

My @Apple Card got rejected. The reason appears to be that @keybank recently closed a checking account that got automatically opened when I got my mortgage and I never ever used!

Not a great first impression from every party involved in this.

David Heinemeier Hansson:

Apple likes to promote that their card was “Created by Apple, not a bank”. So please, stop with the “THIS IS GOLDMAN’S FAULT” shit. The card is called THE APPLE CARD. Sending out GS spokespeople to deflect on their responsibility and ownership is cowardly.

[…]

Imagine if you had to call Foxconn yourself when your iPhone broke? If it says Apple on the box, it’s an Apple product.

David Heinemeier Hansson:

“Apple Card completely rethinks everything about the credit card. It represents all the things Apple stands for. Like simplicity, transparency, and privacy.” - I couldn’t make this up! This is literally the top pitch on the @AppleCard marketing page.

Update (2019-11-27): Josh Centers:

Apple Card not offering joint accounts is a real liability that’s blowing up in Apple’s and Goldman Sachs’ collective faces. Goldman Sachs has said that the low-limit problem is due to applicants with a “limited credit history,” like people who piggyback on their spouse’s credit lines. It’s likely this wouldn’t have made the news at all if the Apple Card had simply offered joint accounts from the beginning, like nearly every other credit card.

Update (2020-01-24): Apple Card:

A new kind of credit card. Created by Apple and built for iPhone.

David Heinemeier Hansson:

Pretty amazing that Apple still runs this campaign after Goldman Sachs has repeated stated that, no, this is not a card created by Apple. This is a GS card, with a discriminatory black-box algorithm, and they make all the decisions. All Apple provides is their brand and an app.

Enpass Moves to a Subscription Model

Enpass:

We are transforming our business model into a seamless subscription model that would make things easier for our users. A subscription would make the on-boarding process easier allowing users to purchase Enpass once anywhere and use the same feature set across all their devices.

A good software costs money and a subscription helps sustain the creator/developer while offering constant value to the customer. Enpass, as a product focused on online security, requires extensive work with security experts as well as regular third-party audits to safeguard your data and digital security. The subscription will allow us to keep improving the experience with the latest platform innovations along with delivering new features and functionalities.

[…]

The transition to subscription will not change how Enpass will work. The core architecture will remain the same – Enpass would continue to be an offline password manager and we would never store your data on our servers in any way.

Paulo Andrade (developer of Secrets):

The competition keeps switching to subscriptions 😏. I’ll be here holding the fort.

Previously:

1Password Takes Accel Investment

Dave Teare (tweet, TechCrunch, Hacker News):

Accel will be investing USD$200 million for a minority stake in 1Password. Along with the investment – their largest initial investment in their 35-year history – Accel brings the experience and expertise we need to grow further and faster.

[…]

Since then, 1Password has become more successful than we ever dreamed. It’s been humbling to watch as we’ve crossed one milestone after another. I still remember with fondness hiring our first employee, planning our first AGConf, recruiting my friend as CEO, opening our first office, and acquiring our first enterprise customer with over 300,000 employees.

[…]

We’ve been turning down Venture Capital firms for as long as they’ve been courting us. We were profitable and didn’t see the value in partnering with someone else. It was fun to grow the company ourselves from 2 to 176, but just like when we hired our CEO, we’ve reached a point where we need expertise and guidance from those who’ve made this journey before.

There’s been a lot of worrying that this is going to hurt the consumer product. This seems like the wrong time to be asking that question because they’ve already been growing rapidly and pivoting to the enterprise. As a consumer, I wish they hadn’t done that. But given that decision—and there are certainly benefits to having thoughtfully designed password software in big businesses—the funding and partnership are tools to help them execute that plan.

1Password has remained a good product, though the parts I care about seem to be on life support. New features are being added to the hosted service, which I don’t want to use. The app’s basic design and focus on browser extensions are not a good fit for the way I want to use it. But these seem to be differences in philosophy, not consequences of the growth strategy.

Accel:

1Password is trusted by millions of users globally, 50,000+ paying business customers, and 25% of the Fortune 100, including leading enterprises such as IBM, Slack, Pagerduty, Dropbox, GitLab and Roche. We’re excited to be investing alongside the Slack Fund, Atlassian co-founders Mike Cannon-Brookes & Scott Farquhar, Atlassian president Jay Simons, and several notable angels.

[…]

At the time of that meeting, they were scaling their consumer-focused product and in the process of releasing a business solution. Now, their Enterprise Password Manager (EPM) is used by tens of thousands of businesses (including 40+ in Accel’s portfolio). They’ve added numerous features broadening the scope of their product beyond password management, including SCIM Bridge and Advanced Protection.

Matthew Panzarino:

1Password was a nice business for a long time but it’s biggest competitor lastpass started pushing hard into enterprise, flooding out the “byot” channel. Makes sense they’d raise to build support and grow enterprise business. I don’t see the need to freak out for personal users.

Ryan Jones:

Ahhh this is important context missing from TechCrunch: Dashlane raised $110M. File this under “you have to plan the game on the field”.

So $200M for an enterprise sales team and enterprise features to avoid getting squashed by capital.

[…]

The @1Password :: Dropbox metaphors could not be more perfect.

Cabel Sasser:

I can’t help but feel there’s a wonderful and often unexplored middle ground between “die” and “grow and grow aggressively”, but that’s extremely easy for me to say without knowing any details, and nobody likes a backseat CEO!!!! I wish you and the team the best! ♥️

Dave Teare:

Fun fact, over the last 14 years we’ve grown log2(174) =~ 7.4, so we’ve been roughly doubling every two years. That to me is already pretty freaking fast but it hasn’t been fast enough to keep up. Hope that gives some context to “aggressively”.

Roustem Karimov:

Feature requests, bug fixes, BugCrowd bounties, SOC2 certification, GDPR requests, pentests, AWS and Google Cloud infrastructure upgrades/monitoring, ...

Customer support -- when your customers have to wait weeks to get a reply because there are 10,000 emails in the queue.

Cabel Sasser:

Yipes!! One (very simplistic) question then: if you have 10,000 e-mails in your queue, you have an incredible number of customers, which means you should have plenty of revenue to cover hiring the people needed to reduce that queue. Right? But maybe not, if you were near death?

Roustem Karimov:

Money was not the deciding factor, we do not need it. We need the people who did this before. Turns out growing is hard and painful -- I had no idea how many things I didn’t know. Sure, we could spend a few more years and figure it out on our own but this felt like an easier way.

Jamie Phelps:

“Doesn’t seem like a business that needs 174 employees to operate.” Let’s unpack that a little[…]

Daniel Jakut:

I’m as skeptical of VC as most people, but I think critics of @1Password’s funding round should be less sure of their predictions of doom. Some companies suffer after funding, and some companies don’t. Change is scary, but not necessarily harmful.

I agree in principle, but I would like to see a list of top-quality consumer apps developed by software companies that took lots of VC money. I don’t see any in my Dock.

Previously:

Update (2019-11-18): John Gruber:

The 1Password founders seem confident that they can expand rapidly into the enterprise world without losing the soul that has made their indie consumer app so beloved (and trusted). Most companies that have tried this, however, have failed. (Dropbox is the one that pops to mind first.)

Dave Teare (tweet):

We kept full control so we could uphold our values and ensure we’d never be forced to compromise on them. Our values are what made us successful over the last 14 years and we plan on building on them for the next 14 years and beyond. Our values really struck a chord in today’s world and I’m tickled pink that they resonated with so many people. 🙌

[…]

For the last 14 years we’ve gone from 2 to 174 people, so we’ve already been doubling every other year. For most businesses this is already “growing aggressively” but we’ve done this for 14 years already and it’s worked quite well. The thing is, even though we’re already growing fast, we need to accelerate the pace just to catch up to today’s tasks, let alone the multitude of other things that we’d like to add to our plate.

[…]

One of the things that gets me most excited is 99% of the time employees at businesses are using the exact same features in 1Password that everyone else is using. The difference in the enterprise is all the tooling that goes around these core features to provide businesses the tools they need. As we improve the user experience for individuals we automatically improve our business offering. It means that we get to continue focusing on what’s made us successful since the beginning. We can have our (gluten-free) cake and eat it, too. 🧁

See also Teare’s 2013 presentation at Çingleton.

Daniel Pasco:

I was also at this talk, which hugely tempered my reaction to the investment news.

Update (2019-11-20): Dave Teare:

Thankfully we’re gonna be fine. There are a lot of incorrect assumptions that those fears are based on and I’d love to clear them up.

Update (2019-11-25): Om Malik:

If you ask me, money won’t ruin 1Password. There are precedents for this sort of thing: Atlassian was a private, self-grown business that thrived for years before it took venture capital and then went public. The capital only helped expand its footprint. It continues to thrive.

Do people love Atlassian products the way they love 1Password?

David Heinemeier Hansson:

We once again proved that if Twitter is great for starting a beef, podcasting is so much better at digesting it. My conversation with @dteare about the $200m in VC for 1pw is going to be out on December 3rd.

Update (2019-11-27): 1Password did an Ask Me Anything.

Update (2020-01-10): Ilja A. Iwas:

Why isn’t @sourcetree 4 notarized?

Maybe don’t aspire to have it work out like Atlassian.

Thursday, November 14, 2019

The 16-inch MacBook Pro

Apple (tweet, Hacker News):

The new Magic Keyboard features a refined scissor mechanism with 1 mm travel for a responsive, comfortable, and quiet typing experience. The Touch Bar puts powerful shortcuts front and center, and Touch ID provides fast authentication. A dedicated Escape key allows quick switching between modes and views. And the inverted-T arrow keys enable fluid navigation whether you’re flying through lines of code, navigating spreadsheets, or gaming.

Apple:

16‑inch (diagonal) LED‑backlit display with IPS technology; 3072‑by‑1920 native resolution at 226 pixels per inch with support for millions of colors

[…]

Configurable to 1TB, 2TB, 4TB, or 8TB SSD

[…]

Configurable to 32GB or 64GB of memory

[…]

Four Thunderbolt 3 (USB-C) ports

[…]

720p FaceTime HD camera

[…]

High‑fidelity six‑speaker system with force‑cancelling woofers

[…]

Studio‑quality three-mic array with high signal-to-noise ratio and directional beamforming

It sounds like the keyboard is truly fixed, which was the most important thing, but also table stakes. I’m surprised but pleased that there’s a new (old) arrow key arrangement.

The second most important thing, but less talked about, is the improved thermals. Assuming they got it right—and they seem to have on the other recently revised Macs—this is a huge deal.

The separate Esc key and Touch ID are good, as is the increased distance between the Touch Bar and keyboard, but I would still prefer an option to have no Touch Bar at all. I use F-keys all the time and also find that physical keys work better for adjusting the brightness and volume. Perhaps I would feel differently if there were haptics or if the software had advanced, but there’s still no public way to add global Touch Bar items. The potential seems unrealized. The Touch Bar itself is smaller and shows different items with different spacing and alignment.

The larger display is welcome, but we’re talking 0.6 inches here. I had the 17-inch before and would like to see something like that again. The 16-inch still can’t natively do 1680x1050 at Retina, the (optional) resolution of the old 15-inch MacBook Pro. And the display is still glossy-only; I prefer matte.

The higher RAM and SSD ceilings are great, but I would rather the Mac be a little larger so they could be upgradable. The MacBook Pro’s processor, display, and other main components should last for a very long time. My 2012 MacBook Pro still has decent performance. But RAM and storage needs will keep increasing. It doesn’t make sense to pay up-front for capacity that you don’t need today, plus Apple’s markup, for components that are rapidly getting cheaper. Microsoft, at least, is moving in that direction with a replaceable SSD.

The level pricing of the base configurations is much better than I expected, though it’s too bad they couldn’t get it back to the pre–Touch Bar starting price. Where it can get crazy is with the RAM and SSD upgrades ($800 for 64 GB of RAM, $2,400 for 8 TB SSD). My iMac has 40 GB of RAM and regularly uses 12 GB of swap, without doing anything particularly intensive. So moving from 4 to 6/8 cores and with the idea of keeping the Mac for a long time, 32 GB seems iffy.

Everyone talks about the (still absent) SD Card slot in relation to photography, but I liked having it for secondary storage and Time Machine. The cards are cheap and tiny and, unlike USB-C drives/sticks, can easily remain connected when you put the Mac in a case.

If I were using it as a primary Mac, I’d still want more ports. And, in any case, at least one USB-A would be nice to avoid having to carry a dongle. Apple remains committed to USB-C, which seems to have barely made progress since 2016.

Charging still takes up one of the four ports. Safety aside, USB-C is still much less pleasant to plug and unplug than MagSafe.

Most of the improvement in battery capacity is relative to the 2016–2018 models, rather than 2015, but it’s good to see it move in the right direction, even if it makes the Mac slightly larger and heavier.

I’d still prefer a smaller trackpad to avoid accidental input. And it looks like the edges and indentation in front of the trackpad remain sharp, as if you aren’t supposed to put your hands near there.

Will I get one? If this MacBook Pro had been released in 2016, I would have upgraded my original Retina MacBook Pro to a loaded configuration (well, not 8 TB) and used it as my main Mac. Since I didn’t like the 2016 MacBook Pros, I instead switched to an iMac. Now, using the 16-inch MacBook Pro my main Mac would be a regression given the external display situation and the fact that it requires Catalina.

For my auxiliary/travel Mac, it would be a big improvement but overkill. What I’m looking for there doesn’t exist in Apple’s lineup. I’d prefer something cheaper with less power, fewer premium features, and a larger screen. As long as my 2012 MacBook Pro continues to run the latest macOS versions, I may as well wait and see what happens with the 13-inch Pro and MacBook Air and see whether the keyboard ends up being as reliable as we hope.

John Gruber (tweet):

There’s also more space between keys — about 0.5mm. This difference is much more noticeable by feel than by sight. Making it easier to feel the gaps between keys really does make a difference. Like the 15-inch MacBook Pro, all 16-inch models come with the Touch Bar. But even there, there’s a slight improvement: it’s been nudged further above the top row of keys, to help avoid accidental touches. No haptic feedback or any other functional changes to the Touch Bar, though.

[…]

And they didn’t throw away the good parts of the butterfly keyboard — including excellent backlighting and especially the increased stability, where keys go down flat even when pressed off-center. The keys on this keyboard don’t wobble like the keys on pre-2016 MacBook Pro keyboards do.

Typing is very quiet on the new keyboard, and the sound it does make is satisfying. Less click-ity, more chunk-ity.

[…]

Lastly, Apple seems very confident that this new keyboard design is durable and reliable. The new 16-inch MacBook Pro is not covered by Apple’s keyboard service program, because they apparently don’t need to be.

Marcin Krzyzanowski:

MBP’15 2018 wasn’t included in the program since day one too. MBP’15 2018 is not included in Anti-Reflective Display Coating replacement program, but definitely suffer from the very same disease.

I mean: It means nothing

Marco Arment (tweet):

Two years ago, I wrote a wishlist to fix the MacBook Pro, and the 16-inch doesn’t actually deliver most of it. But time and technological progress are slowly getting Apple off the hook[…]

I mostly disagree about the latter. I love his graphs of the key spacing and travel.

Dr. Drang:

But I have opinions about chart style, and I think a handful of small improvements could be made. Most of these could not be made within the charting software Marco was using (Numbers, I think); the charts would have to be imported into a drawing package and manipulated there. But the small extra effort would be worth it.

Marco Arment:

And I didn’t get everything I wanted. But many of my wishlist items fall outside of what Apple is likely to ever do, and all of them are much less important than making the computer’s primary input device functional, acceptable, and reliable. Now we have the luxury of being able to complain about less-urgent wishes.

The biggest change is that I finally don’t feel like it’s constantly fighting me. Its design doesn’t feel spiteful. It’s a computer that doesn’t seem to hate being a computer. I’m not afraid to use it in the world, and I’m not avoiding using it because it’s unpleasant. The butterfly keyboard was the opposite, it never got better, I never got used to it, and good riddance to it.

Following in the footsteps of the fantastic iMac Pro, updated Mac Mini, and upcoming Mac Pro, the release of the 16-inch MacBook Pro ends a painful chapter of neglect and hubristic design of the Mac. Apple has finally turned the ship around.

Jason Snell:

Apple doesn’t like to admit that it’s wrong, but will be the first to let you know when it’s made an improvement. In this case, the Apple representatives I talked to admitted that while many people liked the butterfly keyboard, “some didn’t.” (That feels like a bit of an understatement.) Regardless, Apple spent time reconsidering what users wanted out of their keyboards, including doing a lot of internal research—and the result is that this new MacBook Pro has a keyboard based on the other 2015 Apple keyboard design, in the hope that this keyboard will be more broadly appealing to laptop users.

[…]

Pixel density has increased from 220 pixels per inch to 226 ppi, so this is a higher resolution screen, not just a bigger one. Still, Apple has set this laptop to default to a scaled size that’s the retina equivalent of 1792 by 1120.

[…]

The 16-inch display can also alter its refresh rate, which is especially helpful for video editors. You can choose from 47.95, 48, 50, 59.94, and 60 Hertz refresh rates.

Phil Schiller (MacRumors):

As you know, a number of years ago we started a new keyboard technology with this butterfly keyboard and began it with MacBook. It had some things it did really well, like creating a much more stable key platform. It felt more firm and flat under your finger -- some people really like that, but other people weren’t really happy with that. We got sort of a mixed reaction. We had some quality issues we had to work on.

But a few years back, we decided that while we were advancing the butterfly keyboard, we would also -- specifically for our pro customer -- go back and really talk to many pro customers about what they most want in a keyboard and did a bunch of research.

[…]

Will this keyboard find its way to other MacBooks? There are folks who don’t need the power of the MacBook Pro, but may appreciate the tactile experience.

I can’t say today. We are continuing both keyboard designs.

Hopefully, he doesn’t mean that a working keyboard is a Pro feature. They had better be fixing the rest of the notebook lineup for early 2020.

See also:

Myke Hurley:

Apple are saying that the new MacBook Pro has microphones that can be used ‘for creating superclean podcasts or music recordings on the go’

So we put that to the test[…]

Benjamin Mayo:

I railed on Apple’s SSD pricing before so here’s some (earned) praise.

As recently as this July, it would cost $2800 to get 4 TB SSD in a MacBook Pro. Now it’s $2400 for 8 TB.

Marco Arment:

My Overcast build script (timed xcodebuild after clean) averaged:

~40 seconds on the 16” MBP (8-core 2.4 GHz i9)
~38 seconds on the iMac Pro (10-core)

[…]

I haven’t disabled Turbo Boost on mine yet, but running the highest CPU offered during setup (lots of Dropbox, search indexing, Xcode decompression, build scripts, etc.), I did hear the fans spin up occasionally and it got warm sometimes.

Kaya Thomas:

The 16" MacBook Pro is much faster for fresh builds and incremental builds in Xcode. Some stats below for the @Calm app:

MBP 15":
216 seconds for a fresh build
7 seconds for an incremental build

MBP 16":
135 seconds for a fresh build
2 seconds for an incremental build

One thing that was extremely noticeable is how QUIET the 16" MacBook Pro is. While running Xcode usually my computer sounds like its running a full marathon 😭 but I barely heard a peep from the new one!! Even if the fans started up they didn’t stay on for long at all.

Marco Arment:

Some 16” MBP Overcast-build testing with Turbo Boost disabled (with Turbo Boost Switcher Pro), which is great if you’re willing to give up a good chunk of peak performance in exchange for much less heat, noise, and battery drain[…]

Frank A. Krueger:

I wonder if a 110 Wh battery is really that more dangerous than a 99.5 Wh? My guess is they have absolutely no evidence either way.

Zach Holman:

The new MacBook Pro is a monster- 64GB of RAM! First time with 8TB of SSD in a laptop! And... <checks notes> still the same 720p FaceTime camera. What is this, 2005? Does no one at Apple ever work remotely?

if only Apple had another product line with stupid absurd camera technology that shoots fucking lasers into your face to identify it and take crazy good quality photos and video so they could put it into a laptop too

Martin Gordon:

It’s worth noting that while the 16” is larger than the Touch Bar MBP, it is also slightly smaller/lighter than the beloved 2015 MBP. For those of us who were still holding on to our 2015s, any existing sleeves/backpacks/etc should still work with the 16”.

Mark Gurman:

Also notable that this 16-inch MBP is running the same Intel parts as the previous update 6 months ago and WiFi 5 versus WiFi 6 on the new iPhones. Very easy to believe this will be updated again within 6-9 months alongside the 13-inch and the Air getting the new keyboards.

Nick Heer:

Apple has not announced new models of the MacBook Air or 13-inch MacBook Pro, both of which still ship today with an unreliable keyboard, so this absolutely is just a first step. There’s also an open class action suit in California concerning the keyboards in Apple’s laptops from 2015 through this year, and that highlights the “finally” aspect of this improved keyboard. Having a reliable input system is basically the ground floor in computer hardware, and it’s absurd that this design was able to ship at all, let alone across three product lines for four years.

Quinn Nelson:

I’m proud of Apple in 2019. They’ve fixed laptop thermal throttling, they’ve made their phones and laptops thicker and heavier for the sake of improved battery, they’ve given us a laptop keyboard that doesn’t suck, etc. They’ve listened. For the first time in a longgg time.

Previously:

Update (2019-11-18): Upgrade (via Jason Snell):

Dongletown is proud of its local sports team, the Butterflies! Most other teams consider them a key rival, even though the Butterflies don’t travel very far. This shirt is guaranteed to command attention. We’re happy to provide several color and style options, so you can control your wardrobe--or if you prefer to shift strategies, buy them all and run up your tab! We’re not sure if this style will ever return, so buy one now and wear it upside-down for that “inverted tee” feeling.

Jason Snell:

Apple is clearly guided, at least in part, by a design philosophy that considers size and weight to be the enemy of good. I like to call this Jobs’s Law, though it could just as easily be called the Ive Doctrine: Always strive for the next version of your product to be thinner and lighter than the current one.

[…]

I’m not going to argue that Apple has made a massive course correction when it comes to creating products—it’s not that dramatic. But what has happened, somewhere, is that Apple has reordered its priority list.

Kaya Thomas:

The 64 GB of RAM, meanwhile, is a dream for development. I had a MacBook Pro with just 16 GB of RAM, and it couldn’t handle running certain simulators in Xcode while simultaneously running other apps, and even after upgrading to 32 GB there were still performance lags. The new MacBook Pro can handle running Xcode and the simulators without overheating or getting any “running out of application memory” warnings.

Curtis Herbert:

OMG, these fans for the i9 2019 MBP are no joke. But, build times were literally cut in half. 🥳

Colin Cornaby:

A moderately spec'd 2019 Macbook Pro really puts the base Mac Pro in a tough spot. The base Mac Pro wins in a few places, but costs twice as much. The Mac Pro makes a lot more sense if you're going to be doing a lot of upgrades. Otherwise the Macbook Pro is a great deal.

Chaim Gartenberg (Slashdot):

And iFixit’s teardown of the new laptop confirms that promise, with Apple using scissor switches that appear to be virtually identical the ones it uses in its Magic Keyboards, first introduced in 2015.

Paul Haddad:

Apple’s trade in value on a high-end Macbook 2015. I mean, I can’t even disagree that much it is the worst Mac I’ve ever bought.

Quinn Nelson:

Also, the TouchID sensor is matte now instead of glossy so it matches all the other keys and doesn’t ever look gross and smeared.

Ben Thompson:

Or, to put it another way, the power — and downside — of monopoly. No, Apple does not have a monopoly in computers — how amazing would that be! — but the company does have a monopoly on macOS. It sells the only hardware that runs macOS, which is why millions of customers kept buying computers that, particularly in the last couple of years, were widely reported to be at risk of significant problems.

To be clear, Apple didn’t commit some sort of crime here. At the same time, it is hard to imagine the butterfly keyboard persisting for four-and-a-half years and counting if the company faced any sort of competition. Integration can produce a superior user experience, but once an integrated product faces no more competition it can result in something that is downright user-hostile.

[…]

This article is not a legal argument: in particular, I have used the term “monopoly” very loosely. What makes Apple so brilliant from a business perspective is that it has managed to, via hardware and software integration, earn monopoly profits in a way that would not normally be classified as a monopoly.

Joe Cieplinski:

It’s not a bad keyboard, by any stretch of the imagination. And it certainly tramples the old keyboard on the 2015 and prior models. But the extra travel makes me feel like I’m working harder than I should have to when I type. And the extra space between the keys looks and feels cheaper and older to me.

Angus MacGyger:

Following @drdrang here is a scatter chart of @marcoarment data inspired by @jsnell interview. I got the raw data with apps.automeris.io/wpd/ and plotted with matplotlib in Python.

Update (2019-11-20): Casey Johnston:

@gruber asked me if i thought macbook keyboards would have been fixed sooner if i’d written my keyboard story for a bigger, more significant outlet. i don’t think it could have ever happened that way because no publication would have risked stepping out on apple like that :)

big credit to @leahfinnegan and @outline for commissioning and running it when apple has so many people gaslighting themselves so badly every day

the bad keyboards had been in the world two and a half calendar years!! i wasn’t the first or last person to use them; worth asking why no one else called it out

See also: The Talk Show.

Marco Arment:

I can tell you exactly why “nobody” was talking about them, because we talked about them all the time.

The audience HATED it.

Many Apple-media fans hate when we harp on Apple about long-standing problems, even if they’re still major problems. They say we’re “too negative”.

Apple:

Make sure the proper wattage adapter for your portable computer is used. Select the appropriate power adapter for your Apple portable computer. You can use a higher wattage power adapter, but you cannot use one with less wattage without potential operating issues.

Update (2019-11-25): Dieter Bohn:

The trackpad is still almost comically big, but Apple does better than anybody at palm rejection.

[…]

My favorite part of the 16-inch MacBook Pro isn’t the keyboard or the improved thermals. (More on that below.) To be blunt, those are both things Apple shouldn’t have messed up in the first place, so I don’t want to give it too much credit for just hitting par.

It’s the speakers. They’re the best I’ve ever heard on a laptop.

[…]

It’s the no-drama MacBook Pro. And thank god for that because for people who want a big-screen, big-power Mac laptop, it’s also the only option around.

Nilay Patel:

It’s a very good laptop with incredible speakers, but mostly it just feels like Apple reset things, instead of pushing anything too far forward.

Kyle Howells:

I tried the 16" MacBook Pro in an Apple Store and, after hearing everyone rave about the keyboard, I’m incredibly disappointed in it. The keys are still far too immobile and the gaps are tiny between the keys. Typing on it is so error prone and feels so bad compared to the 2015’s

Tyler Stalman:

Exporting 10 min YouTube video

Late 2019 16” MBP - 5m 4s
Early 2018 15” MBP - 12m 29s

Joanna Stern:

Sometimes you can’t just take Apple’s word for it and you have to find yourself an anecohic chamber to test the new MacBook Pro’s keyboard to make sure it’s really quieter.

See also: Exponent.

Update (2019-12-16): Dave Verwer:

It’s noticeably faster in day to day use and feels like a great upgrade in real-world capability. That said, the fans spin up a lot. Way more than they did on my 2015. They’re also distractingly loud.

[…]

The keyboard feel is fine, I guess. It’s nowhere near as nice as the 2015 MacBook Pro keyboard, or the external Magic Keyboard but my typing is quick and accurate on it. It’s fine.

Jesper:

The Touch Bar, at least set to the app-contextual “App Controls” commands, constantly needs these affirmations, landing you in the odd situation of diverting your attention from a ~1120 points high screen to one that is 30 points high, and from a tactile lattice of keys that we all know to operate from muscle memory built up over decades to a shallow strip with no feedback except visual. Since effective commanding is often about being able to do things blindfolded, this gets in the way.

The Touch Bar does open a few doors – it can display colors (and therefore also emoji), it can offer fine motor control without affecting the mouse cursor or requiring precision in two axes. If you can fit your workflow into scrubbing or sliding or panning, you can operate it without needing to look, allowing a new kind of gesture not offered by the trackpad with both precision and agility, and at least local efficiency gains.

[…]

It still carries all the previous problems of a budding universal connector, though; it connects directly to almost nothing, even for the many people who have made the deliberate transition.

[…]

In a sentence, it is both perfect and stupid, rolled into one. It is not the computer I wished for, but it has things in it that I wished for, and it is enough to get me through the next few years and feel like charting that course wasn’t a fool’s errand — money given to a company that’s still willing to listen to its customers, even if it could work on its humility and attitude.

John Banovich:

Comparing it to my old 2014 MacBook Pro, with only 16GB RAM, older video with only 2GB and a 1TB SSD, I expected this 16” to be much faster.

Taking a 6K full-frame 16-bit HFR clip captured in X-OCN on Sony’s new Venice, I compared performance time between the two working in both Adobe Premiere Pro and Black Magic DaVinci Resolve, using simple edits, color correction, renders and exports. Overall, the MacBook Pro 16” offered only an 8 – 12% performance and speed improvement.

But what really shocked me was the battery life. Full charged (100%) I quickly approached 5% in less than 3 hours.

Peter Steinberger:

Experience with the LG 5K Monitor + 16-inch MacBook

- Monitor no longer delivers enough power, battery is down to 25% after playing some StarCraft
- After sleep mode, screen no longer wakes up. Fix: unplug/replug usb-c cable

So glad I bought a screen that is co-built by Apple.

Previously:

Update (2020-02-24): Mike:

Have 3 new 16” MacBook pros in the office, none of which are older than ~1.5 months. One of those is 2 weeks old and.... has a sticky key already.

Update (2020-07-29): Steve Streza:

Both my personal and work 16” MacBook Pros are having some keyboard issues now. All are in very specific places on the key (often corners), but they’re the places I press frequently.

Update (2020-11-07): Steve Streza:

I can’t believe Apple hasn’t fixed the 16 inch MacBook Pro crackling audio bug after nearly a year. I’ve gone through four of these laptops this year and they’ve all had the problem, the 48kHz fix does nothing, and it happens basically daily.

Friday, November 8, 2019

Falling Back to an Older MBP

Erica Sadun:

The basic truth for me is that both keyboards are fully usable and that having the dedicated escape key (or not) was never a big deal. The virtual one did the job just fine. That’s something I never expected to admit but it’s true. I may not love MBP keyboards but they work.

[…]

On the other hand, moving back from USB-C to all these wonderful ports is delightful. My 2018 was always an octopus, and I had to carry around a bag of hubs and adapters.

[…]

I have a bunch of extra file space with the built-in SD card reader with my computer-flush reader adapter so it looks built in. The two standard USB ports are so convenient. I have an entire bag of USB-C gizmos that I’d carry around with the 2018 machine that I dumped into my USB box-of-everything for now.

Unlike others, she doesn’t seem to have had trouble with keyboard reliability and likes the big trackpad. She misses Touch ID but not the Touch Bar.

Previously:

Update (2019-11-09): Tanner Bennett:

This mirrors how I feel. I don’t mind the Touch Bar or the miss the escape key, and my keys rarely broke, but

• I hate the low-travel keys
• I hate the new arrow key layout
• I miss ports (HDMI, USB)

David Heinemeier Hansson:

Apple’s stubborn four-year refusal to fix the terminally broken butterfly keyboard design led me to a crazy experiment last week: Giving Windows a try for the first time in twenty years.

[…]

What this experiment taught me, though, was just how much I actually like OSX. How much satisfaction I derive from its font rendering. How lovely my code looks in TextMate 2. How easy it is to live that *nix developer life, while still using a computer where everything (well, except that fucking keyboard!) mostly just works.

Update (2019-11-26): See also: Hacker News.

100,000 E-mails From iCloud

Neal Rogers (via John Gruber):

On Oct 10, the day I upgraded to OS 10.15 & iOS 13, iCloud quit working as it had for.. ever. I’ve since received @Apple email “Your Apple ID was used to sign in to iCloud via web browser” ~100,000 times. A month later, no one at @AppleSupport has been able to help me resolve it.

Previously:

Swift Numerics

Steve Canon (tweet):

I’m excited to announce a new open-source project for the Swift ecosystem, Swift Numerics! Swift Numerics will provide the building blocks of numerical computing in Swift, as a set of fine-grained modules bundled together into a single Swift package. My hope is that we can quickly fill some important gaps in the Standard Library’s existing APIs, and unlock new domains of programming to the Swift language.

I’ve seeded the repository with two much-requested modules that are immediately useful for computational mathematics: Real (providing the functionality of SE-0246) and Complex (providing complex numbers and arithmetic).

[…]

The C and C++ complex math libraries attempt to make fine-grained distinctions between different zeros and infinities and NaNs. This is occasionally useful, but it means that multiplication cannot use the obvious arithmetic expression.

Swift does not attempt to make this distinction. Any complex number with zero real and imaginary parts is zero, and all complex numbers with a non-finite real or imaginary part are collapsed into a single “point at infinity”.

Looks good to me.

Firefox Making DNS-over-HTTPS the Default

Selena Deckelmann:

In 2017, Mozilla began working on the DNS-over-HTTPS (DoH) protocol, and since June 2018 we’ve been running experiments in Firefox to ensure the performance and user experience are great. We’ve also been surprised and excited by the more than 70,000 users who have already chosen on their own to explicitly enable DoH in Firefox Release edition. We are close to releasing DoH in the USA, and we have a few updates to share.

[…]

In addition, Firefox already detects that parental controls are enabled in the operating system, and if they are in effect, Firefox will disable DoH. Similarly, Firefox will detect whether enterprise policies have been set on the device and will disable DoH in those circumstances. If an enterprise policy explicitly enables DoH, which we think would be awesome, we will also respect that.

Kristian Köhntopp:

Once that happens, the browser will ask Cloudflare over DNS for name resolution instead of whatever your sysadmin configures, leaking the names of all the websites you visit to Cloudflare.

[…]

It’s breaking an old contract between OS and application. The browser trying to become an OS, in a way.

It’s also implemented in a way that it is breakable by your ISP (NXDOMAIN on a certain query), so the security improvement doesn’t

Josh Centers:

Cloudflare is slowly gaining a stranglehold over the entire Internet and no one is paying attention.

Firefox: “We’re the privacy browser! Also, we collect absurd amounts of telemetry and now we’re going to route all your DNS requests through one of our partners.”

No one is challenging them on this.

Trisha:

The insecure DNS servers, as set in the network interface settings of your computer, allow the domain name resolution queries sent to DNS servers to be read by someone sitting in the middle such as your ISP. But with secure and encrypted DoH, nobody can know which domain names you are trying to access.

However, some security experts are not happy with Mozilla’s decision to include TRR in the web browser. They are arguing that it should not be enabled for everyone, especially the security conscious users who have configured their network to use trustworthy DNS servers (source: slashdot.org). If you are one of those Firefox users who want to use the DNS servers configured with your network interface instead of DoH, then here is how you progress[…]

berthubert:

Many people appear to conflate the concepts of privacy and encryption, which are in fact very different things.

In this post I argue that in September 2019, centralised DoH “by default” is a net-negative for privacy for everyone and that even in later years it will not improve privacy outside of the most privacy hostile environments – where no one should rely on partial measures like DoH to stay secure.

See also: Hacker News.

Previously:

Thursday, November 7, 2019

Apple’s New Privacy Page

John Voorhees:

With Apple’s update to its privacy page today, the company has created a site that explains how privacy drives the design of its apps in clear, concise language. However, for anyone who wants to understand the nitty-gritty details, Apple has also published white papers and linked to other materials that provide a closer look at the issues that the main page addresses.

I’m not thrilled with the Safari section and white paper:

Browsers are more convenient to use when information is synced across a user’s different devices. For example, being able to access their history across devices means users can easily find the places that they’ve been on the web, regardless of whether they’re on their phone or their computer. Safari provides a secure way to keep information in sync across devices while protecting privacy. Unlike other browsers, Safari doesn’t have a browser-level sign-in that automatically signs the user in to all the browser vendor’s online services.

Instead, macOS continually badgers you to sign into iCloud, and unless you specifically opt out using the checkbox that merely says “Safari,” it sends your entire browsing history to Apple. Nowhere in the app’s interface does it say that it does this, and you can’t opt out without also losing bookmark syncing. Whereas, Chrome does not badger you to log in, does not enable history syncing by default, and does let you sync bookmarks without syncing history.

It also fails to mention that the Safe Browsing feature sends, from your IP address, information about the sites you visit to Google or Tencent.

Previously:

RunningBoard in Catalina

Howard Oakley:

Normally, assertions are used during development and debugging, then switched off when software is released. In macOS 10.15 and 10.15.1, at least, the subsystem for handling assertions, RunningBoard, is fully active in release versions, which suggests a substantial change in software practice by Apple.

This subsystem consists of a small service, /usr/libexec/runningboardd, and two Private Frameworks, RunningBoard.framework and RunningBoardServices.framework. There is also an AssertionServices.framework still, as in Mojave. Minimal access is provided from the public macOS interface, in the form of the NSAssertionHandler class and a few calls such as the NSAssert() macro. At present, RunningBoard and assertions are largely the preserve of macOS and don’t appear to be intended for direct third-party use, except in some Objective-C code.

Update (2019-11-08): I’ve received a tip that RunningBoard is not related to NSAssertionHandler. It’s intended for resource assertions, e.g. keeping the device alive during a download or temporarily using more memory.

Limits to Apple’s Butterfly Keyboard Repair Program

Michael Peterson:

Unfortunately, there appear to be limits to how many times you can get a MacBook repaired under that keyboard repair program. Notably, that is something that’s fairly unknown among the Apple community.

[…]

According to a post they made back in October, Reddit user spgremlin brought recently their 2016 MacBook Pro in for service for the third time. Under the Apple keyboard replacement, the user’s first two repairs were completely free. As they should be.

But when the Redditor brought their MacBook Pro in a third time, the Genius Bar staff there told them it wasn’t covered under the repair program.

Previously:

Apple Notes and iCloud Syncing

Warner Crocker:

Recently, (and I sadly can’t pin this on recent iOS or Mac OS system updates because I just wasn’t paying close enough attention), I’ll create a note on one device and it may indeed show up on all three, or perhaps two, and sometimes it won’t sync off of the device it was created on until some random time down the road.

[…]

I had spent a morning creating a number of notes on the MacBook in preparation for a production meeting. I walked to theatre, opened up the iPad Pro and none of those notes appeared. I checked the iPhone and some of those notes appeared.

[…]

At the end of that testing period I ended up with four different note counts on three devices and the web.

[…]

Further, it appeared that some of the notes, not all, I created that morning were gone from all devices and the web.

And it happened again after the Apple Senior Advisor reset his iCloud database.

Previously:

Update (2019-11-09): Ivan Pavlov:

I can only confirm that since iOS 13 Notes syncing has become much less reliable. It is a pity since it was so good before. Apple is aware of that, my bug report FB7267359 has more than 10 similar reports with no visible actions since September.

Michele Galvagno:

Wow! Thank you for this!

At least I’m not alone in this!

How are you (people affected) facing this?

I’ve not had my sync for one month now... that’s a lot!

Cameron Ehrlich:

This has been driving me nuts!

They Might Never Tell You It’s Broken

Maxime Chevalier-Boisvert:

The more important lesson, that I didn’t understand until that point, is that you can’t count on the people trying your project to quickly and reliably signal bugs to you. Most of the time, if it doesn’t work, they won’t report the problem.

[…]

It’s a horrifying thought, but it could be that for every one person who opens an issue on GitHub, 100 or more people have already tried your project, run into that same bug, and simply moved on. So, what can you do? You can encourage people to report bugs.

Previously:

Twitterrific iOS Windows

Ryan Christoffel:

Twitterrific has become the first Twitter client to add multiwindow support, enabling creating separate windows for different accounts or different views within the same account. The first-party Twitter app, meanwhile, has recently added extensive support for external keyboards, likely as a side benefit of the app making its way to the Mac. In both cases, the Twitter experience on iPad has been meaningfully improved in ways that power users will appreciate.

[…]

If you have more than one Twitter account, such as one for personal use and another for business, multiwindow is a compelling way to avoid needing to switch back and forth between them constantly.

Craig Hockenberry:

This review that covers a both a third-party and first-party Twitter app shows how important the former is.

Third parties are always first with platform features like multi-window on iPad. And we’ve had keyboard support for several years.

Sean Heber:

I did quite a lot of work to retain support for iOS 12 while adding iOS 13 multi-windowing, but it’s kind of looking like we probably could have just dropped iOS 12 and saved myself a lot of effort. 😛

A particularly nasty implementation detail when adding multi-window to Twitterrific was that our previous theming system assumed a single global setting. When you send a window to the background on iOS 13, it snapshots it for the app picker a bunch of times.

While it’s taking snapshots for the app picker, it changes the appearance mode for that window between light/dark so it has snapshots ready if your system appearance changes. This caused the whole app to flicker between light/dark whenever any window was being snapshotted.

I had to pull a LOT of stuff apart and rebuild it just to get this all to work per-window so any other visible windows you might have had open didn’t flicker between light and dark.

Another wrinkle here is that we allow custom themes to be loaded from iCloud Drive - but you can’t rely on a file in iCloud Drive to be immediately available (it might have to be downloaded first, for example).

[…]

There are just countless little things like this to consider when implementing something as fundamentally disruptive as adding multi-window. People have no idea.

Previously:

Wednesday, November 6, 2019

Siri Stores Encrypted E-mails in Plain Text

Bob Gendler:

The snippets.db database is storing encrypted Apple Mail messages…completely, totally, fully — UNENCRYPTED — readable, even with Siri disabled, without requiring the private key. Most would assume that disabling Siri would stop macOS from collecting information on the user. This is a big deal. This is a big deal for governments, corporations and regular people who use encrypted email and expect the contents to be protected. Secret or top-secret information, which was sent encrypted, would be exposed via this process and database, as would trade secrets and proprietary data.

[…]

Another database, entities.db, stores records of people’s names, email, and phone numbers you’ve corresponded with. Although the phone number may not be in your contact list, data from emails such as signature blocks and forward information are stored. It’s like an address book built for you. This could be touchy, as it may allow quick and easy access to some potentially sensitive information.

[…]

For a company that prides itself on security and privacy, the lack of attention to detail on an issue like this completely and totally surprises me. […] I also have to wonder why it took 99 days for someone to know the answer on how to prevent this. All parties at Apple were alerted multiple times before writing this blog and giving an ample amount of time before I published this.

You can prevent it by going into the Siri settings and unchecking Mail. This does not remove e-mails that have already been stored in the database.

The Suggestions folder is protected from apps that haven’t been given permission, but the data is unencrypted on disk if you aren’t using FileVault.

Previously:

Update (2019-11-08): Jay Peters:

Apple tells The Verge it’s aware of the issue and says it will address it in a future software update. The company also says that only portions of emails are stored. But the fact that Apple is still somehow leaving parts of encrypted emails out in the open, when they’re explicitly supposed to be encrypted, obviously isn’t good.

Update (2020-02-06): Juli Clover:

Apple in macOS 10.15.3 quietly addressed a bug that left some of the text of encrypted emails unencrypted, reports The Verge.

See also: macOS 10.15.3.

Static Types in SwiftUI

Chris Eidhof (tweet, Hacker News):

In SwiftUI, the implementation works differently. In our stack above, SwiftUI knows the type: a vertical stack view with two subviews. During the execution of the program this type will never change — it’s a static property of the code. As such, our program will always render a vertical stack view with a text and a rectangle. When the state changes, some of the views’ properties might change, but the stack view with the two subviews will always persist.

This hard guarantee from the type system means that SwiftUI doesn’t need to do a tree diff. Instead, it only needs to look at the properties of each view, and update those on screen. Theoretically, this still involves walking the entire tree, but walking a tree has a much lower complexity than diffing a tree.

[…]

For view trees that have a variable length, SwiftUI uses ForEach. We won’t go into detail on ForEach, but SwiftUI requires you to provide either a constant range, or, if the length is truly dynamic, to use an identifier for each element you’re displaying. When the elements change, ForEach uses the identifier to uniquely identify elements during a diffing step.

[…]

An AnyView is a type-erased view, and as such, it provides no information at compile-time about what’s inside. SwiftUI will need to do more work at runtime to verify changes (as mentioned here, and here).

Hardened XPC Services Don’t Prompt

ZigZag:

Things get a bit more complicated if an attempt to access contact comes not from the application, but from its bundled XPC service, like explained in the video.

[…]

Luckily, smart folks at Apple thought of such scenarios, so macOS security subsystem (for simplicity, I will refer to it as TCC) understands that the AvatarService is trying to access contacts ON BEHALF of GitFinder application.

[…]

The application + XPC service combo build with hardened runtime fails to access contacts. Having proper sandbox entitlement defined, the XPC service requests access to contacts and passes that request to the application, just like it did before hardened runtime. However, this time around the TCC does not understand that the request comes from the XPC service on behalf of the application. Instead, it thinks the request comes from the application itself and hence checks if the application has required sandbox entitlement (AddressBook). Since the entitlement isn’t there, because the application does NOT need it at all, access to contact is denied.

[…]

The consequence of absence of absolutely unnecessary sandbox entitlement is the user consent dialog NOT being displayed at all. The user won’t even know the application would like to access contacts and the access will be permanently declined.

This probably happens for all the entitlements, not just the Contacts one. The same thing happened for a while with command-line tools on macOS 10.14 (except without the workaround). If not addressed, this will become a bigger issue in January, when the hardened runtime becomes a requirement.

Previously:

Update (2019-11-07): Felix Schwarz:

Bug: in #macOS 10.14/10.15 host apps needs to be given the same privacy entitlement as bundled XPC services - even if ONLY the XPC service needs it; eliminating THE key security benefit of sandboxed XPC services & increasing attack surface.

Apple’s Rosyna Keller says this is a feature, not a bug:

The issue here is better attribution in TCC. If App B is immediately passing data to App A, they both need the entitlement (because macOS knows you’re giving contacts to an unprivileged app).

This prevent attacks in which a malicious app asks a privileged app for private info only the latter is supposed to have access to.

I’m not convinced by this reasoning. Apparently, the requirement works this way for the TCC entitlements but not the traditional sandbox ones.

Felix Schwarz:

What if the XPC service only returns avatar images for email addresses?

In that case, a compromised GitFinder has no access to contacts data & only to those avatars for which the attacker already knows the email.

W/o separation of powers, an attacker gains unlimited access.

Update (2019-11-09): Jeff Johnson:

The sandbox allows the xpc service and the main executable to have different sandbox entitlements, which is how one can have the Contacts entitlement and the other not. In contrast, the hardened runtime depends only on the main executable of the app.

[…]

The app is still blocked unless the hardened runtime and the sandbox are in agreement. Here’s the catch: for better or worse, the hardened runtime and the sandbox use the same name for some entitlements. For example, they both use com.apple.security.personal-information.addressbook for the Contacts entitlement. As a consequence, if an app is both hardened and sandboxed, it’s impossible to give the Contacts hardened runtime entitlement to the [XPC service] without also giving the Contacts sandbox entitlement to the main executable!

I agree that the root problem for GitFinder is that the sandbox and hardened runtime use the same entitlement names for different purposes and with different inheritance rules.

In my opinion, I’m not sure that it is a problem. I don’t think the architecture of GitFinder reflects the intent behind Apple’s XPC API.

[…]

If the xpc passes Contacts info back the app, and network attackers compromise the app, then the network attackers have the Contacts info! The attackers may not have unlimited access to Contacts, but they still have some illicit access to Contacts. So you really haven’t solved the problem there.

This part I don’t agree with. I think it does make sense to use separate XPC services for privilege separation. In GitFinder’s case, the network and Contacts access are confined to separate XPC services. The app itself is isolated, so it shouldn’t get compromised. If it did, and the hardened runtime entitlements worked the same way as the sandbox, it would have only very limited access to Contacts through the XPC service, which is good.

The goal of the xpc service is not to limit the damage the app can do if it’s compromised, the goal is to prevent the app from getting compromised in the first place.

Why can’t it be both?

GitFinder:

I’ve never said it’s related to notarisation, but in my experience it IS related to hardened runtime, because app+xpc without hardened runtime worked fine, while the same app+xpc with hardened runtime fails on the very same macOS version/build.

GitFinder:

Furthermore, if it’s intentional (hence, a feature - “better attribution it TCC”) it would’ve been much easier if anyone from DTS had said that to me immediately, instead of having, like, seven months of back/forth correspondence…

GitFinder:

… with two DTS guys, including filing a bug report (and reporting bug number back to DTS), running log stream for “com.apple.TCC” while running test applications and doing other things I was asked for, just to confirm noticed behaviour.

Alas, the TCC/privacy stuff is virtually undocumented and was only discussed in a cursory manner at WWDC. So it’s not surprising that is isn’t well understood inside Apple, either.

GitFinder:

That’s actually what GitFinder is doing; its XPC service returns only image data for known email address (known from git commit) and nothing else.

GitFinder:

Forcing compromised GitFinder to get something else back from XPC service would require compromising XPC service as well. But if GitFinder (application) has contacts entitlement, then all contacts data is available right away.

GitFinder:

I have to agree with @mjtsai here and I think we “understand” the concept of “privilege separation with XPC services” the same way, but I accept I may be wrong. Anyway, there’s that video I referred to in the blog post

GitFinder:

It actually starts at about 2:25 and is related to Preview.app architecture and different pieces it consists of, each having access to only limited resources.

GitFinder:

Preview is probably chosen as an example of a know app. Anyway, this is how I thought of the whole concept: I will isolate access to contacts in a very small service, which can access contacts only…

GitFinder:

… not disk, not network. If it is compromised (somehow, anyhow), access to contacts is there, but no contacts data can be written to disk or send over the network. And as a small binary, (I hope) the number of potential security holes is much smaller that in much larger app.

Ilya Kulakov:

I think the case is that given

- App with the network entitlement
- Contained XPC service with the contacts entitlement

the system has to assume that App can access contacts too. XPC protects nothing: hijacked App it to give all the data.

My understanding is that privilege separation is still beneficial though: hijacked XPC cannot request App to give it contacts unless it is a part of the XPC connection protocol.

Update (2019-11-26): Jeff Johnson:

So the entitlement given to the xpc service applies directly to the xpc service. Indeed, if you enable the hardened runtime for the app target, it makes no difference. The hardened runtime of the app can neither allow nor prevent the unsigned dylib from getting loaded by the xpc service. The setting for Disable Library Validation on the app target has no effect at all on the behavior of the embedded xpc service. The xpc service hardened runtime does matter, at least for library loading.

[…]

In contrast to dyld, the Transparency, Consent, and Control (TCC) subsystem operates at the level of the app as a whole. The TCC database located at ~/Library/Application Support/com.apple.TCC/TCC.db stores a reference to an app as a bundle identifier; it doesn’t distinguish between the app’s main executable and the embedded xpc service’s executable. Thus, for the purpose of resources access, all that matters is the hardened runtime on the main executable.

Don’t Interrupt the Installation

Adam Engst:

The details vary, but all revolve around problems at boot, with complete lockups, accounts not available, current passwords not working, the login window reappearing after the user enters the password, or a crash screen after login. So far, it seems that only Macs with the T1 or T2 security chip are affected—that includes the MacBook Pro with Touch Bar (2016 and later), iMac Pro, MacBook Air (2018), and Mac mini (2018).

[…]

In the end, my advice is simply to go ahead with installing Security Update 2019-001 (Mojave), with two important caveats. First, make sure you have good backups before starting, in case the worst happens. That’s always a good plan anyway. Second, do not interrupt the installation process! It may take longer than you expect, but let it run as long as it needs.

I don’t know what I’m going to do once I get a T2 Mac because, since macOS 10.10 or so, probably 50% of my macOS updates get stuck and don’t complete the first time. I end up waiting several hours or overnight before giving up and hard resetting the Mac.

Archive Team’s Yahoo Groups Rescue Effort

Andy Baio:

For me, it took ten full days to get an email that my archive was ready to download — are they doing this by hand!? — but it appears complete: it contained a folder for every group I belonged to, each containing their own ZIP files for messages, files, and links.

[…]

The Archive Team wiki charts the rise and fall of Yahoo Groups, showing a peak in 2006, and rapid fall after that.

[…]

As you’d expect, the volunteer team of rogue archivists known as Archive Team are working hard to preserve as much of Yahoo! Groups as possible before its shutdown.

The Their initial crawl discovered nearly 1.5 million groups with public message archives that can be saved, with an estimated 2.1 billion messages between them. As of October 28, they’ve archived an astounding 1.8 billion of those public messages.

Previously:

Update (2020-01-31): Yahoo:

We have extended the deadline for Yahoo Groups and will now process ALL requests to download data that are submitted before 11:59 PM PT on Jan 31, 2020 (originally Dec 14). As long as the request meets this deadline, the content will not be deleted until the download is complete.

The Mad Programer (via Hacker News):

While Archive Team had also gotten involved right off the bat, they stated their goal to be grabbing as many public groups as possible. Whereas the fandom community wanted to ensure the survival of their groups, some of which had restricted access (were publicly visible but an invite was needed to join) or were private (not publicly visible).

The two teams worked in tandem; with Archive Team providing tools and logistics for backing up the data, and the SYG team which worked to sniff out the more obscure fandom groups and establish contacts with the restricted/private group owners.

FastScripts 2.8

Red Sweater updates one of my favorite apps:

Custom folder icons are now displayed in the FastScripts menu

FastScripts can now be quit by cmd-dragging the icon out of the menu bar

Revealing a folder from FastScripts now respects the user setting for default folder opener

Apps such as Path Finder can set the handler for the public.folder UTI to control which app will be used when an app tells the system to open a folder. FastScripts, along with other apps like BBEdit, lets you hold down the Option key to edit a script instead of running it, or Shift to reveal it in Finder. Unfortunately, the system doesn’t use the default folder opener when revealing a file. My apps check whether Path Finder is running and send it an Apple event to do that.

Catalina No Longer Caches Shared Photos Locally

Tyler Hall:

So, I looked, and, sure enough, that sharedstreams folder is gone. But where?

[…]

Ok. That’s great. It actually makes more sense to have shared photos also live inside your Photos.app library instead of somewhere random in ~/Library.

[…]

Of the 112 GB my shared albums previously took up, only 250 MB (MB!!!) are cached locally.

[…]

I don’t trust iCloud with my photos. And I’m not trying to single out Apple. I don’t trust Google Photos either. I don’t trust any cloud with my data. I love the convenience of iCloud photo sharing with friends and family and using Google Photos as a source of truth for my own family archives. But I want a backup of my data – just in case – that I’m in control of.

The option to “Download Originals to this Mac” doesn’t apply to shared photos. So you can’t back them up youself, and there’s no backup in the cloud. Not only does it no longer download the photos, but it also deleted the ones that had been downloaded by macOS 10.14.

Previously:

Tuesday, November 5, 2019

Dell UltraSharp 27 4K PremierColor Monitor

Malcolm Owen:

In this monitor’s case, it offers 100% of the Adobe RGB range, 98% coverage of DCI-P3, and 80% of BT2020, allowing it to represent a wide array of color space standards.

[…]

Displaying at a 4K resolution of 3,840 by 2,160 pixels at 60Hz, the LCD screen has a contrast ratio of 1,300:1 and a typical brightness of 250 nits. The front features an anti-glare treatment for the front polarizer hard coating, and the backlight is a white LED edgelight system.

[…]

Dell’s monitor may be seen as a potential cost-saving alternative to Apple’s Pro Display XDR, which is anticipated to be available to purchase in the near future. While Dell’s monitor is $3,000 cheaper than Apple’s version, it has fewer Thunderbolt 3 connections, is smaller with a lower resolution, and doesn’t feature Apple’s optional nano-texture glass etching to produce a matte finish.

Looks like it includes a stand. But why can’t they make a 5K?

Previously:

Update (2019-11-05): wooliegeek:

The PPI is all wrong for macOS unfortunately. I wish Dell hadn’t cancelled their 5K. 😢

Raphael Sebbe:

Also something I don’t understand. 27″ @ 5K and 21″ @ 4K are the perfect retina (2x) densities, comfortable & crisp. Yet no one is making those.

Instead we get Full HD or oversized 4K, with all kinds of secondary features: response time, P3/Adobe RGB. Even Porsche design.

Monday, November 4, 2019

“Real” Photoshop for iPad

Michael Steeber:

A full, desktop-class version of Photoshop on iOS has been one of the most hotly anticipated creative apps for designers and artists since the original iPad’s introduction in 2010. In the years since, competitors have released their own products hoping to fill the void, but can’t offer true integration with Creative Cloud that existing Photoshop customer have come to expect. Today at 2018’s Adobe MAX conference in Los Angeles, Adobe is answering the requests of the creative community by previewing what it calls real Photoshop CC for iPad.

Mark Gurman and Nico Grant:

Adobe has been testing Photoshop for iPad under the codename Rocket with a small group of beta testers since earlier this year. Participants have told Bloomberg News that some beta versions don’t include well-established features they expected to be part of the release. They complained about less advanced or missing features around core functionality like filters, the pen tool and custom paintbrush libraries, vector drawing, color spaces, RAW editing, smart objects, layer styles and certain options for mask creation.

[…]

“I understand it is based on desktop Photoshop code, but it doesn’t feel like it right now.” Other testers have called the app “rudimentary” and said, in its current state, it is inferior to other apps like Procreate and Affinity on the iPad.

John Gruber (tweet):

From what I gather, the mistake Adobe made was not precisely setting expectations for the initial release of Photoshop for iPad. When Adobe described it as “real” Photoshop, what a lot of people heard was “full” Photoshop, and that was never the plan. Some of this expectation-setting is attributable to Bloomberg, which described the project as “the full version of its Photoshop app” as far back as July last year.

Photoshop for iPad is real because it is using the same code base that’s been running on the desktop for decades. That’s an amazing technical accomplishment. Photoshop for iPad is not full — and the initial release was never planned to be — because it only exposes a subset of features from the desktop version.

Steve Troughton-Smith:

I’d phrase it more like: Adobe is years late to what Serif is doing with Affinity Photo on iOS, and it’s no surprise that it might take years to catch up. It’s up to Serif to really take advantage of that lead while they can

John Voorhees (tweet, MacRumors):

It’s against this backdrop of rumors and hype that Photoshop for iPad has emerged finally. Mindful of the outsized expectations that were created, Adobe takes great pains in its announcement today to explain that Photoshop for iPad 1.0 ‘is just the beginning,’ emphasizing that the new app is built on the same code base as the desktop version but optimized for touch. The company also stresses that its new cloud-based PSD file architecture will allow users to move seamlessly between platforms.

That’s good news, but not the same as the ability to substitute one app for the other. What users can accomplish on the new iPad app is more limited than the desktop. Adobe says the initial release focuses on compositing, masking, and basic retouching, which I can confirm from my limited use of the app. Those are core Photoshop features that many users will welcome, but desktop Photoshop can do much more. So, for the time being, Adobe is positioning its new iPad app as an accessible way to introduce Photoshop to new users, a complement to the desktop version, and a companion app for professional users.

Russell Ivanovic:

Alternate take: Photoshop for iPad is going to be and feel like Photoshop Lite forever. Adobe sucks at this. I can’t see them ever getting it right.

Lightroom, certainly, remains very different from the “classic” desktop version. Of course, Microsoft Office, iWork, and Omni’s apps are also “real” but not “full.”

Dave Mark:

Looks like Photoshop for iPad does NOT support RAW.

This seems like a huge deal to me.

Eli Schiff:

I’d like to write off the cuff about the evaluation of design tools based on my thorough usage of @photoshop @sketch and @figmadesign

Update (2019-11-07): Scott Belsky:

a real-time v1 lesson: you’ve gotta ship an MVP to start the journey, but it will be painful at first. by definition, it won’t please everyone (and if it’s a reimagination of a 30yr old popular/global product, will displease many)

Bob Burrough:

Changing the way the user interacts with software (replacing mouse+keyboard with multitouch) is a major, fundamental change. Adobe did not carefully manage expectations. Instead, they misled their customers by describing it as “real” Photoshop.

For Apple’s part, they had no qualms letting Adobe take center stage to make such a claim. Apple has been trying to convince us for years that iPad is a suitable replacement for mouse+keyboard PC’s. Unfortunately, that isn’t the case. It will never be the case.

[…]

Keyboard+mouse is better at open-ended computing that requires high bandwidth input. iPad is far superior at mobility. Apple Pencil and Wacom tablets are far more expressive than mouse or multitouch will ever be. But, different they remain.

Electron Apps Rejected From the Mac App Store

David.dev (via Ben Sandofsky, Hacker News, Slashdot):

Allright, as a follow up to the previous chapter in this odyssey I can now state that, apparently,  you cannot submit an electron 6 or 7 app to the apple store:

The first refusal from apple states:

Your app app links against the following non-public framework(s):
CAContext
CALayerHost
NSAccessibilityRemoteUIElement
NSNextStepFrame
NSThemeFrame
NSURLFileTypeMappings

I am not the only one having this issue and I did write back to Apple trying to explain that I am using Electron and I can’t really change any of these public-framework usage (I assume is something from Chromium)[…]

Craig Hockenberry:

There was a time when digging into the bowels of the macOS implementation was “necessary”. Back in the day, you’d use NSThemeFrame to get UI into an app’s titlebar.

iTunes did it, so everyone wanted to do it.

But those days are long gone - there are public APIs to get the job done now.

And with the advent of Spaces, split-screen windows, and translucent effects, using these private APIs are likely to break an app.

Unfortunately, that isn’t the whole story. Some of the private APIs are used in the Web rendering engine itself:

Mozilla recently published a good write up on why they started using the undocumented CALayer API in Firefox 69. The TLDR is that that these private API’s allowed them to get up to 3x better battery usage in Firefox. The article also mentioned that Chrome uses these Core Animation API’s.

So there are a multiple problems here:

  1. It’s (apparently) impossible for Chromium to get competitive performance and battery life without using private API, which Safari freely uses.
  2. Apple probably has good reasons for keeping these APIs private.
  3. Private API has always been banned, but Apple has been accepting these apps for years and then abruptly stopped without any notice.
  4. Apps using Electron probably didn’t know that they were even using private API. Neither Xcode nor Application Loader reports this, and App Review was accepting the apps.
  5. The rule is not being enforced equally.

Jeff Johnson:

I just checked Slack, which was updated 3 days ago, and its embedded Electron Framework contains all of the listed private symbols.

“And developers, from first-time engineers to larger companies, can rest assured that everyone is playing by the same set of rules.”

thomascgalvin:

This, however, is draconian:

Continuing to use or conceal non-public APIs in future submissions of this app may result in the termination of your Apple Developer account, as well as removal of all associated apps from the App Store.

“Keep trying to submit, and we might just ban you forever” is insane. Every program of any complexity depends on third party libraries, and many people wouldn’t be able to tell what arcane APIs their dependencies (or their dependencies’ dependencies) call. “If you continue to have an upstream dependency that violates our terms, we might permaban you” is bullshit.

Colin Cornaby:

This has got to be a big problem for Apple. The widespread distribution of Electron and Chromium means they have to maintain this as semi-public API. Or risk breaking a lot of apps in a future OS release. Google is forcing them into a bad spot.

Matt Birchler:

Good people of Twitter, what are your favorite Catalyst apps? Asking because I am yet to find one that is remotely as good as the Electron apps I use daily.

I’ll be more specific: Slack and Visual Studio Code works great for me, while Postman is a little annoying, but very functional. Meanwhile the Jira and Twitter Catalyst apps have sent me running back for the web.

Previously:

Update (2019-11-05): anatomisation points out that the Mozilla post does not actually say that they are using private API and that WebKit is not using CALayerHost very extensively. However, Chromium does seem to be using it for compositing during rendering.

Pierre Lebeaupin:

Reminds me of the time people found out Unity was relying on an undocumented API, around the iPhoneOS 3 or iOS 4 timeframe IIRC. I think we were affected too (by direct usage, not through Unity. Our bad.

Jeff Johnson:

These private symbols have been in Electron/Chromium for a long time. Strange coincidence that Apple is changing their enforcement now, so soon after Catalyst is available.

[…]

That neither Chrome nor Firefox is in the MAS could be considered an indictment of the MAS.

Previously:

Rosyna Keller:

FWIW, Chromium is using CALayerHost for something better served by public IOSurface APIs and public CALayer properties.

Update (2019-11-09): Owen Williams (via Hacker News):

Developers use technologies like Electron and PWA because they allow for faster updates across platforms without an array of different codebases. Some argue that this results in lower quality apps, but I’d argue the alternative is no app at all or apps that are rarely updated because maintaining unique Windows, Mac, and web-based products is complex and expensive.

[…]

Apple’s subtle, anti-competitive practices don’t look terrible in isolation, but together they form a clear strategy: Make it so painful to build with web-based technology on Apple platforms that developers won’t bother.

[…]

These types of changes may be made in the name of privacy or security, but the reality is that the argument looks weak when both users and developers simply don’t have a choice because Apple controls the platform, browser engine, and the distribution method. Regardless of your opinion of Electron app quality, choice is important.

Update (2019-12-17): Jeff Johnson:

Slack was updated again today in the Mac App Store, and guess what? The private symbols are still there.

Apple TV, Apple TV, Apple TV, and Apple TV+

Dustin Curtis (via Hacker News):

Apple TV is a hardware device.

Apple TV is an app on Apple TV that curates content you can buy from Apple and also content you can stream through other installed apps (but not all apps, and there is no way to tell which ones).

Apple TV is an app on iOS/iPadOS devices that operates similarly to Apple TV on Apple TV. Apple TV on iOS/iPadOS syncs playback and watch history with Apple TV on Apple TV, but only if the iOS/iPadOS device has the same apps installed as the Apple TV – and not all apps are available on all platforms. Apple TV is also an app on macOS, but it does not show content that can only be streamed from external apps on an Apple TV or iOS/iPadOS device.

Here’s the post color-coded.

Update (2019-11-07): Jason Snell:

An article like this would also be written if Apple went to market with a hardware device called Apple TV, an app called Videos, a smart-TV app called Apple, a reselling strategy called Apple Channels (or having no name at all!), and a subscription streaming service called Apple Cinema. Too many names, Apple! It’s confusing! Why not something simpler?

[…]

So, yes: Apple’s strategy is a mess. I’m also not sure that the alternatives are any better.

I saw someone the other day say that television is so much simpler than it used to be, and I had to laugh. Television has never been more complicated. Apple’s very Apple-like attempt to stick to a single simple phrase—“Apple TV”—can’t spackle over just what a messy situation the streaming entertainment world is right now.

Twitter’s Ban on Political Ads

Will Oremus:

Twitter CEO Jack Dorsey announced on Wednesday that the company will ban political advertising, a move that earned the company a rare wave of positive press.

[…]

There’s something to be said for a tech platform taking its responsibilities to the democratic process seriously. But banning political ads is not as straightforward, nor as obviously correct, as those cheering Dorsey’s announcement seem to think.

The problem is twofold. First, defining which ads count as “political” gets tricky in a hurry. Second, prioritizing commercial speech over political speech is itself a political stance, and not necessarily one that we should want our online communication platforms to take.

Facebook’s policy is to allow such ads but to “[exempt] political candidates from its rules on misinformation in advertising.” This perhaps makes sense because fact checking is not straightforward, and it would set them up to be blamed for any controversial decision. But it creates an obvious loophole, which is already being exploited.

Update (2019-11-05): Ben Thompson:

Start with the latter: it is hard to interpret Twitter’s decision as anything other than a Strategy Credit. The company, by its own admission, earned an immaterial amount of revenue from political ads in the last election cycle; now it gets to wash its hands of the entire problem and chalk up whatever amount of revenue it misses out on as an investment in great PR.

Such a policy, however, particularly were it applied to Facebook, where much more advertising is done (political or otherwise), would significantly disadvantage new candidates without large followings, particularly in smaller elections without significant media coverage. It is, at a minimum, a rejection of social media’s third estate role; best to leave the messy politics to the parties and the mass media.

Facebook, meanwhile, has struggled to defend its decision in the context of a “marketplace of ideas”. After all, what value is there in a lie? In fact, Mill would argue, there is a great deal of value in exactly that, but it’s a hard case to make! Never mind that most disputes would be less about easily disprovable lies and more about challengeable assumptions.

Saturday, November 2, 2019

Efficiently Mutating Nested Swift Data Structures

Radek Pietruszewski:

That feel when you’re profiling a React Native app, and you’re sure JavaScript is the source of your problems… but no, it’s ridiculously misoptimized Swift doing… well… nothing much for two minutes.

[…]

Code does something that seems completely reasonable, but ends up creating a new copy of a large Set 10,000s times. Not entirely sure if Swift is supposed to be smart enough to figure out that it can safely mutate it, or it’s programmer’s responsibility.

The intention is to insert to a Set that’s in a Dictionary that’s a mutable variable on a class

Joe Groff:

Older versions could not modify values in dictionaries without copying them, but 5.0 and later should be able to.

Karoy Lorentey:

Yep, Array & Dictionary both support in-place mutations. For Dictionary, the recommended way is to use the defaulting subscript. E.g., this won’t make a CoW copy:

sets[key, default: Set()].insert(foo)

But this will:

var tmp = sets[key]
tmp.insert(foo)
sets[key] = tmp

The Dictionary.Values collection also supports this, and it may come handy if you need to distinguish between existing and new keys:

if let i = sets.index(forKey: key) {
  sets.values[i].insert(foo)
} else {
  fatalError("Unknown key \(key)")
}

I’ve written about this before, but I think it’s worth re-emphasizing how this works. It’s counterintuitive and unusual in programming for introducing a temporary variable, as people often do when debugging, to radically change the behavior of the code. Copy-on-write is a leaky abstraction.

Previously:

Update (2019-11-02): See also: Karoy Lorentey.

Preparing to Migrate From Aperture to Photos.app

John Gordon:

I’ll still be on Aperture into 2020, three years beyond my original plan. The Catalina catastrophe has made staying on Mojave more agreeable. I’ll have to switch sooner or later though, almost certainly by 2021. So I’m working on a list of what I need to do prepare. I’ll update this post with items I think about[…]

Previously:

Xcode 11.2 and XIBs With UITextView

Juri Pakaste:

Xcode 11.2: NSInvalidUnarchiveOperationException. Oh boy.

Nikita Zhuk:

Xcode 11.2 seems to cause havoc if you have XIBs which contain UITextViews. Beware!

Marcin Krzyzanowski:

This is really bad year for devtools at Apple

Peter Steinberger:

One more reason not to use Interface Builder.

Randy Reddig:

DEAD_CODE_STRIPPING = NO seems to fix it for the moment.

Previously:

Update (2019-11-05): Thomas Ricouard:

Xcode 11.2 retail fail to decode UITextView from Xib/Storyboard on any iOS lower than iOS 13.2.

Marc Palmer:

PSA: do not submit builds with Xcode 11.2 or you will have huge numbers of crashes on iOS releases older than 13.2. We luckily just hit this in our CI rather than in production.

XcodeReleases (9To5Mac):

#Xcode11.2.1 GM Seed is out!

[…]

To be clear, the UITextView issue is fixed for iOS and tvOS. It’s still an issue on macOS.

Update (2019-11-07): Paul Haddad:

Cool, deprecate the current version without releasing the new version to the App Store…

Update (2019-11-26): drunknbass:

Looks like Xcode 11.2 changes the way UIAlertControllers present on iPad. Now they are popovers. Popovers require additional APIs

Hope you have tests 🥶

Ivano Di Gese:

Quite simple: due to this known issue, this Xcode version is simply considered banned from Apple, so that you can’t distribute apps compiled with this setup.

Steve Troughton-Smith:

Where is the Xcode update on the Mac App Store? Seriously Apple, it's been a whole week since you banned store submissions from the MAS version of Xcode. How is this OK?

Luc Vandal:

The UITextView bug caused by Xcode 11.2 still seems to occur with Xcode 11.2.1 for users still on iOS 13.1.x.

Update (2019-11-27): Raphael Sebbe:

Seeing stalls (minutes long), and random Xcode crashes while doing nothing (background, not building).

Started with Xcode 11.2 and 11.2.1, occurs a few times per day. Was fine before.

Friday, November 1, 2019

Google Acquires Fitbit

Rick Osterloh (via MacRumors, Hacker News):

Today, we’re announcing that Google has entered into a definitive agreement to acquire Fitbit, a leading wearables brand.

[…]

Over the years, Google has made progress with partners in this space with Wear OS and Google Fit, but we see an opportunity to invest even more in Wear OS as well as introduce Made by Google wearable devices into the market. Fitbit has been a true pioneer in the industry and has created engaging products, experiences and a vibrant community of users. By working closely with Fitbit’s team of experts, and bringing together the best AI, software and hardware, we can help spur innovation in wearables and build products to benefit even more people around the world.

Fitbit:

Consumer trust is paramount to Fitbit. Strong privacy and security guidelines have been part of Fitbit’s DNA since day one, and this will not change. Fitbit will continue to put users in control of their data and will remain transparent about the data it collects and why. The company never sells personal information[…]

Except, I guess, when they sell all of it to Google at once.

Mike Wuerthele:

Multiple analysts say that Fitbit’s value has more to do with user data collection, more than hardware. The company has been making deals with insurance companies to bundle the product in with customer health offerings, and is trying to expand its revenue in a crowded low-end fitness tracking market, increasingly squeezed by the Apple Watch.

Dieter Bohn:

Fitbit is going to be part of Google’s hardware division, this is about Google getting smarter at making wearable hardware -- Wear OS is almost tangential to this deal from what I can tell.

I stand by everything I wrote earlier this week when the Fitbit acquisition was just a rumor.

Think of this like the HTC acquisition: it will make Google slightly better at making wearable hardware. But Fitbit doesn’t make processors.

Buying Fitbit won’t help Google overcome Apple’s biggest smartwatch advantage It’s the silicon, stupid

….and Fitbit’s platform will need to be supported for 3? at least 3 years preferably much more alongside Wear OS. There’s also Google Fit.

Basically this integration is going to take forever and there is a good chance it’ll be messy and involve a long Nest-esque falllow period

Update (2019-11-02): See also: Hacker News.

Update (2019-11-27): Jason Perlow:

You’ll have to excuse my pessimism. I fully expect this to result in a total catastrophe for Fitbit’s employees, products, and customers. Just about everything Google has ever purchased has been discarded like garbage or has been completely devalued as a result of the company’s inability to successfully integrate acquired businesses into its culture.

[…]

But questions remain: Does a “not invented here” mentality pervade Google? Will WearOS continue to be developed in favor of Fitbit OS? Plus, there’s the issue of the continued WearOS investments by Google’s smartwatch partners -- if WearOS development at Google ceases, then developers will abandon it entirely. That would look very bad for Google indeed.

Nick Heer:

There’s a common thread here: Google is acquiring massive amounts of deeply personal information, but it insists that you can trust it — the company promises that it won’t use this data for advertising purposes nor will it mix it with behavioural data it has collected about you.

And you know what? I believe Google when it says that it won’t do that right now — I really do. But will it uphold the same promise in five years, or ten?

[…]

Even if you believe that this collection of highly personal information is kept perpetually secret, why is it the case that companies that have a primary business of behavioural data mining are able to dabble in industries that necessarily require a privacy firewall? I think of this in much the same way that financial institutions in the United States were once prohibited from being in consumer businesses and investment banking under Glass–Steagall.

Alex Sherman:

Scoop: Facebook was mystery Party A that bid against Google to buy Fitbit, sources say. Facebook made a best and final of $7.30, falling by five cents a share to Google. Facebook doesnt plan to bid again, one of the people said.

The Varying Date.distantFuture

Apple:

An NSDate object representing a date in the distant future (in terms of centuries).

Craig Hockenberry:

Date.distantFuture is fixed at “January 1, 4001 at 12:00:00 AM GMT” - that means its timeIntervalSince1970 (currently at 64,092,211,200) will change over time because of leap seconds.

Date/time will always be hard, unless the Earth stops moving.

In other words, even within the same run (not to mention when unarchiving), you can’t rely on two distant future dates being equal. So don’t use it as a sentinel value.

Nikolai Ruhe:

I think timeIntervalSinceReferenceDate (and 1970) works differently: It does not take leap seconds into account. Each day ends at an exact multiple of 86400. That means that a given timeInterval might point to one (normal), two or zero points in time (at leap seconds).

Update (2019-11-02): The value can also vary between OS releases.

Tylenol Moment for Apple’s Laptop Keyboards

Kev van Zonneveld (Hacker News):

Both in terms of productivity and delight I had my best years on Apple and I didn’t think I’d ever look back. But here we are.

Why? I (guess I’m the only person alive that) didn’t mind the TouchBar or lack of a real escape key (can map Caps Lock to that). And I liked having 4 USB-C+ ports that I could do anything with. But yes, The Keyboard.

I spent the most money I ever did on this MacBook Pro, and it’s also the worst machine I ever had because the keyboard breaks down (like, it won’t register the s).

[…]

So far I’ve brought it in for repairs three times, and each time I’m without my workhorse for a week. Those are unplanned holidays that are dragging my productivity–and basically my company down.

I personally also feel macOS has taken a freefall regarding robustness and polish, but that might be just me. It’s the keyboard that ultimately made me feel just really concerned about having my productivity/company/future so tightly coupled to what Apple ships next.

Joe Rossignol:

While it is unclear if the widely rumored 16-inch MacBook Pro will launch in 2019 or 2020, the latest report from DigiTimes claims that Apple will begin receiving volume shipments of the notebook in the fourth quarter of this year.

[…]

Apple analyst Ming-Chi Kuo originally said the 16-inch MacBook Pro would launch in the fourth quarter of 2019 with an all-new design, including a scissor switch keyboard. As of late, however, Kuo has more vaguely stated that a “new MacBook model” with a scissor keyboard will launch in mid 2020. It’s unclear if the “new MacBook model” that Kuo has referred to more recently is the 16-inch MacBook Pro.

Mid-2020 would be more than five years after the initial 12-inch MacBook shipped with the bad keyboard, and it may take longer to turn over all the laptop product lines.

David Heinemeier Hansson:

My great hope for the keyboard debacle is that Apple pulls a Johnson & Johnson 1982 move and recalls every single laptop they’ve sold since 2015, and gives buyers a new scissor-keyboard equipped model instead. How many billions might that cost? A quarters’ worth of buybacks?

[…]

I know it’s institutionally almost impossible for Apple to accept that they not only fucked up the MacBook’s keyboard, but that they failed to fix their fuckup for 4 years running, with several attempts. They’re proud people, Apple. But I’d be prouder still of them if they did.

[…]

Apple’s consumer confidence amongst people who’ve been stricken by the keyboard debacle is hurting. Maybe it’s not showing up in their net-promoter scores yet, but it’s there. Oh it’s there. I-FUCKING-BOUGHT-A-WINDOWS-LAPTOP it’s there.

Alec Joy:

I bought the first butterfly switch MacBook Pro when it came out in 2016. After three years, and 4 keyboard repairs (thankfully all free) I bought a Thinkpad last month and sold my MacBook and ipad.

Patrick McKenzie:

I felt like I was really missing something for years after I started using Macs in 2014. My next personal computer is unlikely to be a Mac, solely because I want a built-in keyboard that works. Happy to eat N months of retraining muscle memory to get it.

Mikey:

Yup. I was an Apple Fanboi until the current generation of MBPs (2015+). Then they demonstrated just how utterly tone-deaf they are to the things that matter to actual professionals.

Colin Cornaby:

Both my home and work Touch Bar MacBook Pro creak very loudly as they heat and cool. I have heard Apple is fixing this with top case replacements.

I use two MacBook Pros and both have serious hardware issues in addition to the keyboard.

Dave Nanian:

Even thought I’m a macOS developer, when I’m on vacation and don’t need to do development, I travel with a Windows laptop, because my Mac laptops are kind of awful.

Awful to the point where I’ve considered installing macOS in a VM on said laptop.

Previously:

Update (2019-11-02): David Heinemeier Hansson:

The favorite go-to explanation for why Apple screwed up their laptop keyboards seems to be: They went too thin!! This fails to account for the fact that the Surface Laptop is thinner than a MacBook Air and has a great keyboard. ThinkPad X1 is super thin, great keyboard.

Addison Webb:

If I didn’t use Xcode for a living, I would be heavily considering a non-Apple laptop to replace my 2016 MacBook Pro.

Dave Hidding:

Truth. With all due respect & as a really long-time Mac owner (going back to a FatMac) @tim_cook, this is worth the five minute read. Surprise us with a J&J response...

levelsio:

Current MacBook Pro status:

- external keyboard on top because internal keyboard broken
- frozen shrimp as ice pack to stop overheating while browsing the web

Update (2019-11-05): Giles P. Croft:

Yes. Must confess, this was one of the factors that led me to sell my MacBook Pro: typos in every other sentence on that damned keyboard 🙄

It’s crazy that one company can concurrently make both the best/most satisfying keyboard I’ve ever used (Magic Keyboard) and the worst (every Mac laptop currently on sale).

The TV App Strategy Tax

Joe Cieplinski:

Take a look at the TV app on your iPhone, iPad, or Apple TV. At first, when I saw the way Apple was mixing and matching all the content from available channels, iTunes rentals, purchases, and streaming services like Prime, I was annoyed. How am I supposed to find shows specific to certain sources in here? And more importantly, how can I tell the difference between what I already have access to with my existing subscriptions, and what is going to require a new subscription or a one-time payment?

And that’s the rub. You can’t easily get a screen with all the content you already have access to. Sure the library tab will show you movies and tv shows you’ve purchased on iTunes. But my HBO subscription? Prime? These are just mixed in with all the rest of the content. You can dig and find HBO specific pages, sure. But they are buried behind multiple layers of UI. And there’s a good reason for that.

The TV app is not an app. It’s a store. And Apple knows a thing or two about running stores. They know the more you walk in and hang out, the more likely you will spend some money while you are in there.

In other words, the app is designed to optimize for Apple’s needs rather than the customer’s. I prefer the old strategy where Apple makes its money from hardware, so it’s free to design the software to do the right thing. “Only Apple could do” didn’t only apply to the technical aspects, but also to what it could do because of its business model. Now, the strategy is that Apple, too, can spend money to buy content, creating constraints for itself that didn’t need to be there. The whole effort is clearly a distraction from product concerns for Tim Cook and various company departments. And it gets in the way of making partnerships with other content companies, which didn’t have to be enemies.

The question is why? Does TV content further the mission of empowering people through technology? I don’t see how. Is that even still the mission? Does it provide a better return on investment than technology R&D, documentation, or QA? Sadly, maybe, at least in the short term.

Lesley Goldberg and Natalie Jarvey:

By several accounts, the company already has well outspent its initially projected $1 billion annual content budget. Morning Show alone costs $15 million an episode for a total of $300 million for two seasons, per sources, due in large part to the $2 million-an-episode fees that Witherspoon and Aniston negotiated. (Their deals are said to be even higher with producing fees and ownership points.) See also is expensive, with sources estimating $240 million for two seasons. These costs are at the high end of premium streaming but represent pocket change for Apple.

The reason they are doing this:

Though Apple makes significantly more — $167 billion in 2018 — from the sale of the iPhone, as people hold on to their devices longer, services like TV+ will be key to ensuring Apple ecosystem loyalty. “There’s a lot at stake,” notes Wedbush analyst Daniel Ives. “TV+ is going to play a major role in them further monetizing their 900 million iPhone users. The next leg of growth for Apple is going to be services.” Apple declined to participate in this story.

I see a lot about how this will increase services revenue but little about net services income. Netflix has only recently become profitable, and there is now more competition in streaming.

And does “ecosystem loyalty” mean keeping people buying Apple hardware or getting more revenue per hardware customer?

The logic for the latter is clear, although I’m not sure why customers should care. No one seems to expect Apple to lower prices and make its products more widely accessible because it’s making the profit up from services.

For the former, the idea seems to be that Apple is going to make TV shows so good that they keep people from considering Android or Windows. But that seems kind of nutty and is belied by the availability of Apple TV+ on Amazon Fire as well as various TVs.

Previously:

Update (2019-11-02): Jason Snell (tweet):

Consider the soul-sucking term ARPU. It stands for Average Revenue Per User (or, alternately, Unit), and it’s a useful-yet-noxious lens through which businesses can view their customers. Of course, businesses should be aware about how much revenue their customers are generating—the issue is more that focusing on ARPU is often a sign that a business is on a path that will attempt to wring every last penny out of its customers. It’s a sign of nickel-and-diming, sliding in hidden fees, and all sorts of other questionable practices that make sense if you’re looking at a balance sheet—but are so infuriating if you’re a customer.

On the phone call, Evercore Analyst Amit Daryanani asked Tim Cook directly about whether Apple’s growth in services revenue was based on growing the overall number of people using Apple products, or scratching more money out of the collective wallets of existing Apple customers. Cook walked that line[…]

Update (2019-11-06): Nick Heer:

Apple TV Plus doesn’t fit that archetype — not yet, anyway. This becomes plain if you compare it to the closest television equivalent to an Apple product that I can think of: HBO — a premium cable channel that features must-watch shows that are defined as much by their quality as their budgets, all without being interrupted by ads. Apple TV Plus is, so far, serving up fine shows with astronomical budgets, all for either a low monthly cost or, if you’ve bought a new Apple product recently, a free year’s trial. Are they going for subscription volume?

Apple TV Plus has just launched, and the app is more of a storefront for more established players in the streaming video market. They can get better at this, and they should. But I want to hear a reason for Apple to be in the streaming business beyond ARPU and subscription stickiness.

Update (2021-01-26): Tom Harrington:

Apple’s TV app on macOS supports having a local library of videos. But the “search” feature only looks at things you can buy from Apple, not things you already have. iTunes got this right.

Maybe it’s not a big thing but it reinforces the idea that Apple’s more about rent seeking than features these days.

Giving Notes on China

Eddy Cue, just a few months ago:

There’s never been one note passed from us on scripts, that I can assure you. We leave the folks [alone] who know they’re doing.

Alex Kantrowitz and John Paczkowski (via John Gruber, Hacker News):

Apple’s recent actions in China are a continuation of the company’s years-long practice of appeasing Beijing. To do business in China, the company adopts to local dictates, distasteful as they may be to its CEO Tim Cook, an outspoken gay rights advocate and privacy crusader. It’s an ironic inversion of a longstanding argument in the West that by bringing China into the world trade system, the country would adopt western values. Instead, China is asking tech companies to adopt its values — and Apple is willing to pay that price.

In early 2018 as development on Apple’s slate of exclusive Apple TV+ programming was underway, the company’s leadership gave guidance to the creators of some of those shows to avoid portraying China in a poor light, BuzzFeed News has learned. Sources in position to know said the instruction was communicated by Eddy Cue, Apple’s SVP of internet software and services, and Morgan Wandell, its head of international content development. It was part of Apple’s ongoing efforts to remain in China’s good graces after a 2016 incident in which Beijing shut down Apple’s iBooks Store and iTunes Movies six months after they debuted in the country.

Nilay Patel:

If you want to be the face of “privacy is a human right” then you are also the face of “we brushed off a targeted attack against a religious minority in China” and “we told our TV creators not to piss off China”

Nick Heer:

The bigger story here can be found in an article yesterday from Shane Savitsky in Axios[…]

Jason Kottke:

The partnership between China and Western governments & corporations has hit a rough patch recently, namely the Hong Kong protests and how the NBA, Apple, and gaming company Blizzard have handled various responses to them on their platforms.

Ben Thompson:

And then there is Apple: the company is deeply exposed to China both in terms of sales and especially when it comes to manufacturing. The reality is that, particularly when it comes to the latter, Apple doesn’t have anywhere else to go. That, though, is where the company’s massive cash stockpile and ability to generate more comes in handy: it is past time for the company to start spending heavily to build up alternatives.

[…]

The biggest, shift, though, is a mindset one. First, the Internet is an amoral force that reduces friction, not an inevitable force for good. Second, sometimes different cultures simply have fundamentally different values. Third, if values are going to be preserved, they must be a leading factor in economic entanglement, not a trailing one.

Nick Heer:

Just a few months ago, Tim Cook denied that the company was exploring other places to build their products. The depth and extent of the electronics supply chain in China beggars belief — and, in one of those decades-old twists of fate, Cook helped make it so. There are loads of American tech companies that build products in China; Apple’s particular investment, though, is notable.

Nilay Patel:

It’s not hard to understand that carmakers in the US market build to California emissions standards because they are the strictest - it’s the most efficient choice.

Not a leap to think global companies will hold themselves to China’s speech restrictions for the same reason.

Josh Rogin (via Ryan Saavedra):

Last year, China severely punished Marriott after an employee in Omaha, Neb., “liked” a pro-Tibet tweet. Marriott profusely apologized and fired the employee.

Joe Rogan:

Superstar German DJ ‘permanently banned’ from China for liking a ‘South Park’ tweet

Noah Smith:

HOLY SHIT there are a lot of American companies doing pro-China censorship!!!

Tom Gara:

The new DreamWorks movie uses a map of Southeast Asia that contains the Chinese “nine dash line” that annexes basically all of the South China sea[…]

Previously:

Update (2019-11-06): Chance Miller:

Apple, alongside viral video sharing app TikTok, skipped a congressional hearing today that focused on the relationship between the tech industry and China. The absence of an Apple representative drew ire from some lawmakers at today’s hearing.

Safari Safe Browsing, China, and Privacy

Matthew Green (tweet, Hacker News):

It appears that, at least on iOS 13, Apple is sharing some portion of your web browsing history with the Chinese conglomerate Tencent. This is being done as part of Apple’s “Fraudulent Website Warning”, which uses the Google-developed Safe Browsing technology as the back end. This feature appears to be “on” by default in iOS Safari, meaning that millions of users could potentially be affected.

[…]

Google first computes the SHA256 hash of each unsafe URL in its database, and truncates each hash down to a 32-bit prefix to save space.

[…]

If the prefix is found in the browser’s local copy, your browser now sends the prefix to Google’s servers, which ship back a list of all full 256-bit hashes of the matching URLs, so your browser can check for an exact match.

[…]

The weakness in this approach is that it only provides some privacy. The typical user won’t just visit a single URL, they’ll browse thousands of URLs over time. This means a malicious provider will have many “bites at the apple” (no pun intended) in order to de-anonymize that user. A user who browses many related websites — say, these websites — will gradually leak details about their browsing history to the provider, assuming the provider is malicious and can link the requests. (There has been some academic research on such threats.)

MacJournals covered Safe Browsing back in 2008:

We must point out here that this system provides, indirectly, a way for Google to estimate what pages you’re visiting. If the URL of a page you want to visit matches the hash prefix of a known malicious page, Safari 3.2 appears to send that prefix to Google and ask for the entire 256-byte hash to make sure that this really is a malicious page (and also to verify that the page hasn’t been removed from Google’s lists since Safari’s last list update). Millions and millions of URLs could produce hashes that start with the same 32 bits, but if Google gets several requests for the same value, the company could reasonably infer that people were visiting the malicious page it had tracked—and since the request from Safari to Google comes from your IP address, Google might infer data from that as well. Mozilla’s privacy policy would forbid use of that data except to improve the service, but Apple’s privacy policy does not. Neither Apple nor Google state anywhere that they would only use such data to improve the phishing and malware protection features.

[…]

Safari 3.2’s “SafeBrowsing.db” file does not appear to contain data for Google’s whitelist, but the specification confirms that some clients can, with Google’s permission, use an “enhanced mode” that looks up each page you visit rather than maintaining the list on the client computer.

Rene Ritchie (MacRumors, Hacker News):

First, here’s Apple’s statement[…]

[…]

Because Safari is communicating with Google and Tencent, they do see the IP address of the device, and because they have the hash prefix, they do know the general pool to which the site belongs.

I assume the URLs are not very private, despite being hashed, because with knowledge of the full set of URLs and visit frequency, it’s probably possible to estimate what the hash prefixes map to. The main source of privacy is not the hashing but the fact that most URLs are only checked locally.

And you’d hope that only “unsafe” URLs would be looked up with Google/Tencent. But the implementation, at least initially, used a Bloom filter to save space. Since Bloom filters allow false positives, this means that the browser would be sending lookup requests even for some URLs whose prefixes didn’t actually match the local data set, i.e. ones that were not even suspected to be dangerous.

In a perfect world, a more privacy-centric company like Duck Duck Go or Apple would be able to maintain and use their own lists, both internationally and inside China. In the meantime, some system that anonymizes and relays requests, like Siri does or like Sign in with Apple, perhaps, could improve privacy within the current implementation.

This likely wouldn’t have much performance impact, since it would only affect URLs whose hash prefixes already matched.

John Gruber:

My assumption was that Apple was only using Tencent in mainland China, where Google services are banned. Apple’s statement today makes it clear that that is true. But Apple brought this mini-controversy upon itself, because Apple’s own description of the feature doesn’t specify when the Fraudulent Website Warning feature uses Google and when it uses Tencent.

John Gruber:

Via Dino Dai Zovi, a user on Hacker News disassembled the code for Safari’s Fraudulent Website Warning feature and verified that it only uses Tencent (instead of Google) if the region code is set to mainland China.

Previously:

Update (2019-12-16): Rosyna Keller:

Oh yeah, the Safari Privacy statement was updated in iOS 13.3 to more accurately describe how fraudulent websites work.