Archive for January 2020

Friday, January 31, 2020

Overcast 2020.1

Marco Arment (tweet):

Voice Boost 2 achieves the same goal as the original Voice Boost, but with dramatically more sophisticated methods, leading to more consistent results and much better sound quality.


I had to write every component from scratch, without using AudioUnits, because I wanted to understand and control everything, ensure the highest performance and sound quality, and avoid Apple’s platform-specific API limits.


Voice Boost 2 normalizes all podcasts to –14 LUFS — a level I chose because it closely matches the volume of Siri and most iOS turn-by-turn navigation voices, so when you’re listening to a podcast while driving, navigation interruptions are less jarring.


There’s a new per-podcast setting to skip a given number of seconds from the start and/or end of its episodes.


Going 13-only so soon was a mistake. Hear why on Under The Radar 181 and 183.


2019 Six Colors Apple Report Card

Jason Snell (tweet):

Glenn Fleishman said, “Catalina was a disastrous release.” John Siracusa said, “Apple has not done a good job communicating the benefits of Catalina, an update that… comes with more pitfalls than the average macOS update.” Joe Kissell said, “Catalina was, and continues to be, a real downer in terms of missing features, bugs, and overall quality.” Andrew Laurence said, “For the first time in my career, this IT professional warns users away from the new macOS, and took action to prevent users from installing it.”


John Gruber said, “Catalina clearly bends too far in the direction of security. By design, it’s just too inconvenient […] I don’t know a single expert Mac user who is not seriously annoyed by the heavy-handed security design of Catalina… I genuinely fear for the future of the Mac as a platform for serious computer users…. Not one thing about Mac software got better in 2019 and everything that did change made it worse.”


Rich Mogull said, “The new [iPhone] models are home runs.” […] Finally, several panelists mentioned the idea that Apple needs to add a smaller phone to its portfolio.


Dr. Drang said, “Despite years of urging from iPad users, Apple still doesn’t seem to understand how much we want to do ‘real computer things’ on this device.”


In any event, the iOS 13 and macOS Catalina release cycles… were not appreciated by the panel. If this survey measures general sentiment, the general sentiment is that Apple needs to turn around its flailing software process in 2020.


Paul Kafasis said, “Notarization [of macOS apps] has thus far worked better than I might have expected…. So long as Apple uses a very, very light touch with this, it can be a win for users and developers. Nevertheless, I live in fear of a capricious use of this to kill something legitimate that Apple simply dislikes.”


Update (2020-02-04): Zac Hall:

I thought I’d share my verbatim responses with 9to5Mac readers.

Federico Viticci:

I’ve included my full responses to Snell’s questionnaire below.

Dr. Drang:

There is a small but admirable thing Jason does with his graph of overall scores. I didn’t notice it until this year, but it’s been the case for as long as he’s been doing the report card.

Update (2020-02-06): See also: John Gruber.

How to Search Your Music Library in Catalina

Glenn Fleishman:

When I tested this, typing any search into the Search field in the upper-left corner of the Music app produced results that I could switch by clicking one of three buttons in a lozenge in the upper-right corner: Apple Music, Your Library, and iTunes Store.


However, after searching, clicking on an album, and clicking play, which brings up a new playback bar at the top of Music, the buttons were obscured. I had to click the < (back) button at the upper-left corner of the screen a few times, and then the lozenge reappeared.


SwiftUI for Mac

Sarah Reichelt (via Ole Begemann):

So far, nearly all the articles I have seen about SwiftUI show it being used for iOS, more particularly for iPhone. But SwiftUI works on all Apple’s platforms, and as I am primarily a Mac developer, I decided to try out a Mac app and see what happened.


If I changed the structure of the view, the app closed and re-opened immediately with the new content. This is amazing and shows that the Xcode & SwiftUI teams really thought about how to use these new features in Mac apps as well as iOS.

Sarah Reichelt:

I had already discovered that the menu bar is configured in the Main.storyboard file.


In this case, it would make more sense to have the DetailView respond to the menu, since it contains the image. But trying to add an @IBAction to a SwiftUI View struct gives this error: Only instance methods can be declared @IBAction so I am using the App Delegate instead. I feel like this is a problem I need to solve, or the AppDelegate is going to end up filled with @IBActions, but for now, let’s keep going.


Not all the expected user interface elements are available in SwiftUI and some of the ones that are implemented are using different names. Again this is a point at which iOS development has got all the attention, so there are conversion tables out there listing UIKit elements and their SwiftUI equivalents, but I was not able to find a similar listing for AppKit. If you find one, please let me know.


And I was not able to set a button as the default button and I could not work out how to set a keyboard equivalent for a button.

Sarah Reichelt:

In this third and final part, I want to look at the various ways to present dialogs to the user.


To make an Alert, I need an @State Bool which sets whether the alert is visible or not. All the button has to do is toggle that Bool.


The trick to dismissing the sheet is to pass it a Binding to the Bool that triggered it to open in the first place. If a button in the sheet sets this Bool back to false, the parent view will hide the sheet. That sounds confusing, but it works.

Sarah Reichelt:

I would like to thank everyone who contacted me about this series. It was received very well and revealed that there is still a large amount of interest in programming for the Mac.

Some of the responses I got were pointing out different or better ways to do things, so I am going to list them here, adding to this post as I get new information.

See also: SwiftUI First Thoughts and SwiftUI Data Flow.

Thursday, January 30, 2020

LastPass to Drop Support for Native Mac App

Chaim Gartenberg (via MacRumors):

Password management app LastPass has announced it will be discontinuing its native macOS app on February 29th, directing users in an email to switch over to the new web-based version of the app that will replace it.


To replace it, LastPass will be offering a new Mac app that will support the new extension system. However, instead of being a fully native piece of Apple software, it’ll be more of a web app that’s “built with technologies shared with our other LastPass apps,” which the company says will make it easier to maintain its apps across multiple platforms.

I wonder why they didn’t choose Catalyst.

Dropbox Ignore Feature in Beta

Dropbox (via Hacker News):

You can set a file or folder to be “ignored” by Dropbox. This allows you to organize files and folders in the Dropbox folder on your computer without storing them on or on the Dropbox server at all.


  1. Open the Terminal application on your computer.
  2. Type
    xattr -w com.dropbox.ignored 1. 
  3. Type the location of the file next to that.
    • You can also drag and drop the file or folder that you want to ignore from your file browser into the Terminal and it will populate with the location of the file.
    • It should look something like this:
      xattr -w com.dropbox.ignored 1 /Users/yourname/Dropbox\ \(Personal\)/YourFileName.pdf

It’s hard to believe that Dropbox has lacked this feature for 12 years.

I think it would have been better to use a .dropboxignore file rather than an xattr:


Update (2020-02-04): Dave Wood:

Also, this would make the process the same regardless of platform.

Behind the Scenes on Apple’s Aperture Team

Chris “cricket” Hynes (via John Gruber):

There were several unique things about how the team worked which differed from Apple practice. Even before writing any code for feature, a software engineer and a QA engineering would collaborate on a document detailing a test plan. Both parties learned a lot, and it created a great relationship.


We had a reasonable number of QA engineers, which is very rare in any software product. Since this was a professional product, they knew the quality had to be high.


So we went to IL1, right across from the executive suite. Given how close Steve (Jobs) was to our offices, I saw him only once in our area. It was clear that Pro Apps were not his thing and Aperture was not on his radar.


They seriously yelled at us for writing bugs. ‘This bug should never have been written!’ they shouted. They argued that we shouldn’t write bugs on incomplete features. But that’s what the engineers wanted, and we felt we worked for them on a day-to-day basis. […] I was considered a risk to the project because of the number of bugs I filed.


So they tried cutting finished features, yelling at people, and working people to the point of nervous breakdowns. Then they came upon a brilliant idea: let’s steal over a hundred engineers from other teams and then the project will magically get done on time.

Cabel Sasser:

Although @gruber described this as a “delight to read”, I felt like I was reading a slow-motion car crash!! These recollections make me extremely thankful of the life I have and the company I work for, as this team’s environment is my precise idea of hell.

Buzz Andersen:

I worked in Apple Pro Apps at the time this was going on and can confirm that it was a fairly miserable place.

Andrew Abernathy:

As someone who loved Aperture (and still uses it — can’t find anything with comparable workflow), I extra-hate reading about the horribleness the team was put through.

Nick Heer:

I miss Aperture greatly. It is perhaps the piece of software I would choose to resurrect if I could make such a decision. The earliest versions may have been slow and buggy, but I remember running Aperture 1.5 (or thereabouts) on a Core 2 Duo MacBook Pro with a spinning hard disk and it was fast. And it wasn’t just the speed with which Aperture rendered photos or adjustments; it was everything about the app — every interaction, every UI component, every menu, and every panel. Every action felt deliberate and precise. The whole app also looked and felt damn near perfect.

Another post from Hynes:

It’s a sad thought to be certain that your best days are behind you. The sheer size of Apple has been difficult to adjust to. Teams are too big, organizations are too big, and sometimes even the products are too vast for my brain to comprehend. Things that used to be personal are now impersonal. Apple did not scale well.

In the first 12 years or so, I was fortunate to be given the freedom to influence products to a degree far exceeded my position, a testament to the Apple management I worked under. As the company got bigger, my influence declined from a very high point to effectively zero.


Apple Finishes New U.S. Map

Apple (MacRumors, Hacker News):

Apple today announced that all users in the United States can now experience a redesigned Maps with faster and more accurate navigation and comprehensive views of roads, buildings, parks, airports, malls and more, making it easier and more enjoyable to map out any journey. Apple completed the rollout of this new Maps experience in the United States and will begin rolling it out across Europe in the coming months.

Justin O’Beirne has lots of before/after comparisons.

Matthew Panzarino:

Maps is probably the biggest software turnaround in Apple’s modern era — an interesting case study for a company that rarely needs turnaround efforts.


Apple Maps has given me the wrong directions so many times, that I have completely forsaken it. I feel like I see a tweet like this every year, and every year I try to give it another chance. And alas, I’ve arrived at the complete wrong destination.

Alessio Maffeis:

I use Apple Maps all the time, but if I want to check opening hours of some business, I have to open Google Maps, and then I also find foot traffic stats, reviews and photos. So much work to do in that respect for Apple.

Josh Centers:

I prefer Apple Maps over Google Maps for a lot of things these days, but local business information is still sorely lacking. And it drives me crazy when I search for a business and it tries to direct me to one hours away.


Update (2020-02-04): Lauren Goode:

In a prepared statement Apple senior vice president Eddy Cue said that the completion of the US map and delivery of the new features are “important steps” in creating what he referred to as the best and most private maps in the world. He added that Apple will “bring this new map to the rest of the world starting with Europe” sometime in 2020.


Despite Apple’s efforts, it’s still playing catch-up to Google Maps in many regions around the globe. (The notable exception is China, where Google Maps is unavailable and Apple Maps relies on data from Chinese provider AutoNavi.)

Nick Heer:

I use Apple Maps almost exclusively for finding places and getting directions; I know it’s highly variable around the world, but its wayfinding abilities and read-aloud instructions have been tremendous in the past year. When I’m monkeying around and trying to figure out what a place looks like, however, I still turn to Google Maps.

See also: Hacker News.

Wednesday, January 29, 2020

Fantastical 3


A beautiful new user interface. Feature parity on every platform. Beautiful full screen modes on iPhone and iPad (and the Mac has never looked better). Synced calendar sets (🎉). Weather. Interesting Calendars. Proposals with automatic scheduling. Even better tasks support. And so much more.

But let’s talk about the thing that’s likely on everyone’s mind, the Fantastical Premium subscription.

I previously paid:

The new version is $39.96 per year for all platforms. It also works in free mode, which includes most if not all of the features I regularly use. And if you had previously purchased version 2, you can keep using the non-free features that you had before.

I’m not interested in the syncing or collaboration features, so I was pleased to see that at least the Mac app seems to work just fine without creating a Flexibits account.

Jason Snell:

With this release, Fantastical is now stepping away from its attachment to Apple’s built-in calendar database, adding the ability to connect to all sorts of calendar and task services. It’s also connecting with Flexibits’s own new cloud service, which adds a slew of new features—and further possibilities down the line.


I’m a fan of the direct connection to calendar services, because a lot of the weird quirks I’ve experienced with my calendars end up being quirks of Apple’s calendar syncing system, including random duplicate alerts from both Calendar and Fantastical.


To use Fantastical 3, you have to sign up for a free Flexibits account, whether or not you subscribe to the new features.


I’m also thrilled to report that Fantastical’s natural-language parser has finally been upgraded to intelligently parse repeating events, something that I could never get to work right.


While the Mac version of Fantastical has tended to be more full featured than its iOS variants, with this release the iOS apps are more or less at parity with the Mac version.

See also: Zac Hall, Ryan Jones, Eric Slivka, David Sparks, Federico Viticci.


Update (2020-02-06): John Gruber (tweet):

Lots of complaining on Twitter, and Fantastical 3’s App Store reviews have been dragged down by angry users complaining about the pricing change. […] And if, like me, you used Fantastical across iPhone, iPad, and Mac (they previously sold the iPad app as a separate version from iPhone), $40 a year is quite reasonable. Fantastical is a professional calendaring (and now task management) app, and as Bohn points out, subscriptions are the best way for a developer like Flexibits to succeed in the App Store.

David Lynch:

Weirdly, I think the way flexibits has let themselves down with the upgrade level for previous users is that there’s no in-app indication of “you’re getting X for free because you bought the app”. So existing users only see the places they’re being asked to pay more...

Whereas if they’d swapped some of the “you need pro” stars into “loyal customer” icons, we’d all have a better sense of what we’re getting.

Bernd Pörner:

In re: to Fantastical 3 being a “pro” app, European business users would break GDPR by using Fantastical’s “pro” features, b/c other people’s personal data would be stored on Flexibits’ cloud servers, without businesses having an explicit order processing contract with Flexibits.

Sorting My TV

John Siracusa:

For a few years now, I’ve tracked the TV shows I’m watching using the iOS app Couchy, which integrates with the service. Sadly, Couchy ceased development last year. I’ve kept using it since then, but in the past few weeks it’s finally started to fail.

I looked at (and purchased) many, many alternative apps back when Couchy’s demise was announced, but I could never find one that I liked as much. In particular, I haven’t found a match for the information density of Couchy’s main screen combined with its “smart” sort order.

He has a great sketch of how an algorithm might work.

Apple TV already knows what I watch, and I trust Apple more than most companies with my data. Why does it still offer so little help in finding the episode I want to watch next?


Update (2020-02-22): Louie Mantia:

Basically all I want my AppleTV to do is this:

• Episodes I can watch right now up top.
• Next week’s episodes in the second row, with an indication of the day it’s available to watch.
• Display upcoming seasons of shows I watch on a third row, with expected release dates.

Via Dan Grover:

This is totally how streaming devices should work. Why do we have apps there?

Update (2020-02-24): Tyler Hall:

I feel like a complete and hypocritical shithead saying this as someone who charges money for the things I create, but I simply went back to piracy last Summer for TV shows. The UX is just light years better than what any major media company offers 🤷‍♂️😔

Tuesday, January 28, 2020

iPad at 10

John Gruber (tweet, Hacker News):

Ten years later, though, I don’t think the iPad has come close to living up to its potential. By the time the Mac turned 10, it had redefined multiple industries. In 1984 almost no graphic designers or illustrators were using computers for work. By 1994 almost all graphic designers and illustrators were using computers for work. The Mac was a revolution. The iPhone was a revolution. The iPad has been a spectacular success, and to tens of millions it is a beloved part of their daily lives, but it has, to date, fallen short of revolutionary.


Software is where the iPad has gotten lost. iPadOS’s “multitasking” model is far more capable than the iPhone’s, yes, but somehow Apple has painted it into a corner in which it is far less consistent and coherent than the Mac’s, while also being far less capable. iPad multitasking: more complex, less powerful. That’s quite a combination.


The iPad at 10 is, to me, a grave disappointment. Not because it’s “bad”, because it’s not bad — it’s great even — but because great though it is in so many ways, overall it has fallen so far short of the grand potential it showed on day one. To reach that potential, Apple needs to recognize they have made profound conceptual mistakes in the iPad user interface, mistakes that need to be scrapped and replaced, not polished and refined.

John Gruber:

This is so convoluted, so undiscoverable, so easy to make a mistake with, that it proves my point that the multitasking interaction model on iPadOS is a shambles far better than if it weren’t possible at all. Just try doing this while hold your iPad in your hand, not resting it on a table. It’s like playing Twister with your hands. This reads like a joke and in practice it’s worse than it sounds. It’s embarrassing.

Mike Rundle:

A snapshot of Techmeme on the day of the original iPad announcement, ten years ago. It’s so incredible that @gaberivera built a website with this capability.

Benjamin Mayo:

Cool interview with Imran Chaudhri and Bethany Bongiorno on the iPad during their tenure. A noted ‘regret’ is letting the iPhone dominate resources and attention too much.

Steve Troughton-Smith:

Of all Apple’s products, I feel iPad was the one most damaged by the loss of Steve; it took years until Apple figured out a path forward (: copy what MS was doing in Windows 8 & Surface). I’ve always feared that Apple squandered an opportunity to build a true successor to macOS

Steven Sinofsky:

The announcement 10 years ago today of the “magical” iPad was clearly a milestone in computing. It was billed to be the “next” computer. For me, managing Windows, just weeks after the launch of Microsoft’s “latest creation” Windows 7, it was a as much a challenge as magical.

Federico Viticci:

Writing about the iPad over the last 10 years has fundamentally changed MacStories and my career.

Here’s a thread with some highlights on a decade of iPad stories.

Chris Espinosa:

And I will now admit I was wrong: ten years ago today I tweeted that the personal computer was dead.

It didn’t die. Maybe it won’t. But I’ve been tablet-primary for 8 years now and would never go back to carrying a non-touch device.

Matt Birchler:

10 years ago the iPad was “about to replace the personal computer.”

Today the iPad is “about to replace the personal computer.”

10 years from now I suspect the iPad will be “about to replace the personal computer.”

Meanwhile, people like me and millions of others will continue to work on an iPad, not really trying to prove a point, just trying to use the best tool for us.

Jeff Johnson:

iPad’s inherent limiting factor is its form factor. You canna change the laws of physics, or the laws of ergonomics. Replacing laptops makes about as much sense as replacing human laps.

Power and convenience comes at a price, both in money and in physical space.

Dominik Wagner:

Sadly the Apple platform departed from being an easy thing to recommend and give to anyone disregarding of computer experience. Instead it morphed into something that has many quirks that are hard to explain and discover, and sometimes even hard to be the helpline for. Essentially this trend started since iOS 7 and never reversed.

One of the other symptoms of this is that you no longer can hand your iPad to a toddler without putting it into guided access. Otherwise they just trigger a lot of weird app switching based behavior.

Kirk McElhearn:

I don’t use my iPad a lot, but I know there are people who use it as their main computing device. While some of them leverage every possible feature of multitasking, shortcuts, etc., most probably just use a one-app-at-a-time approach. Why? Because it’s not confusing. When I have used multitasking, I’ve never felt that I accomplished any app-arranging actions by anything other than luck.

It’s not Apple’s fault that they couldn’t come up with a better system, it’s just the limitations of the device and its interface. If they want people to use these features, they need to figure out a way to make them easy to use, and, above all, easy to discover.

Rui Carmo:

And yet, after a full decade, it is still nigh on impossible to use an iPad for self-hosted development of anything but JavaScript. Pythonista, Codea and the like are amazing, but for me the lack of a shell (and a UNIX userland, even if sandboxed) is something I just can’t quite get over.

Nick Heer:

I find myself increasingly frustrated by the myriad ways using an iPad makes simple tasks needlessly difficult — difficulties that should not remain ten years on.

There are small elements of friction, like how the iPad does not have paged memory, so the system tends to boot applications from memory when it runs out. There are developer limitations that make it difficult for apps to interact with each other. There are still system features that occupy the entire display. Put all of these issues together and it makes a chore of something as ostensibly simple as writing.


No device or product I own has inspired such a maddening blend of adoration and frustration for me as the iPad, and certainly not for as long in so many of the same ways.


My single biggest problem on the iPad is the way Safari just randomly kills your background tabs. Filling out a web form? You’d better hope that their half-baked tab state saving worked! (Spoiler alert: it probably didn’t)

If iOS isn’t going to have virtual memory, why can’t Safari at least save the page contents itself? I have to screenshot a page that’s open just be sure I’ll be able to view it later.

Craig Hockenberry:

Universal apps are the worst thing that ever happened to the iPad.

The economics for developers are to make a big iPhone app or ignore the device altogether. No business model = no innovation.


After years of Apple insisting it won’t add touch inputs to macOS because it’s not ergonomic to reach up to your screen, that’s exactly how you have to control an iPad when you have it in ‘laptop mode’ (ie. w/ the keyboard case).

See also: Rene Ritchie, Joe Rossignol, Jason Snell, John Voorhees.


Update (2020-01-30): John Gruber:

I’m aware of no other graphical user interface that offers a setting like this. The existence of this setting — and that it is not tucked away under Accessibility — feels like proof that Apple knows iPad multitasking is often invoked by accident and can be confusing.

Fraser Speirs:

Brilliantly expressed article by @gruber - captures my feelings exactly. iOS multitasking took a serious wrong turn with iOS 11 and more and more has been heaped upon its creaking foundations ever since.

Ben Thompson:

In my opinion, multi-tasking on the iPad is an absolute mess, and it has ruined the entire interface; I actively dislike using the iPad now, and use it exclusively to watch video and make the drawings for Stratechery. Its saving grace is that it is hard to discover.


It’s tempting to dwell on the Jobs point — I really do think the iPad is the product that misses him the most — but the truth is that the long-term sustainable source of innovation on the iPad should have come from 3rd-party developers. Look at Gruber’s example for the Mac of graphic designers and illustrators: while MacPaint showed what was possible, the revolution was led by software from Aldus (PageMaker), Quark (QuarkXPress), and Adobe (Illustrator, Photoshop, Acrobat). By the time the Mac turned 10, Apple was a $2 billion company, while Adobe was worth $1 billion.

There are, needless to say, no companies built on the iPad that are worth anything approaching $1 billion in 2020 dollars, much less in 1994 dollars, even as the total addressable market has exploded, and one big reason is that $4.99 price point. Apple set the standard that highly complex, innovative software that was only possible on the iPad could only ever earn 5 bucks from a customer forever (updates, of course, were free).

Ben Bajarin:

I remember when we talked about this early on and debated it’s upside. I think you succinctly made the ultimate point which was iPad was a luxury not necessity.

iPhone is the indispensable platform which is why it has always had the most momentum.

Francisco Tolmasky:

I don’t think if I went back in time 10 years & gave myself an iPad Pro that I’d be blown away by the progress. I think I’d say the hardware is nice but be shocked that that’s all the progress the software had made.

Compare that to showing devices from 2010 to people in 2000.

The thing is, I don’t think it’s because we reached a “natural” plateau in these areas. Sometimes you really fully exercise the capabilities of a technology or fully saturate the market. Not the case here in my opinion. I think a bunch of (bad?) business decisions led to this.


As someone who worked on the iPad v1, I can tell you, it was a product built in search of a problem.

Alexander Griekspoor:

I still feel a lot of the failure is due to restricting developers so much when it comes to sandboxing, private APIs, etc, it’s those gray areas where the innovation is, or better used to be (on the mac)

Daniel Cook:

Ten years ago I thought the iPad was going to change the world, now in my family we have Chromebooks to solve the same use-cases. I’m not sure if it is the multi-user or the keyboard but they fit the need for a simple, small computer in ways the iPad never did.

Lukas Mathis:

The fact that [iPadOS] is based on Apps as first-level objects, instead of files, is what hurts it most as a productivity device. An App-oriented user interface works well for playing games, browsing the web, and answering an email once in a while, but real work is typically file-centric.


Who is going to write something like Switcher for the iPad? Nobody, because it can’t get on the App Store, so it can’t be sold.

Who is going to write a real, truly integrated file manager for the iPad? Nobody.

Who is going to invest a year - or more - into creating an incredible, groundbreaking new app, the killer app, the desktop publishing equivalent for the iPad? Knowing that Apple could (and probably will) just decide to not put in the App Store, destroying all of that work?

Nick Heer:

The other thing that stood out to me was a year-over-year decline in iPad sales. It may have been the tenth anniversary of the iPad yesterday, but this was its fourth-lowest holiday quarter. I imagine that many users are hanging onto their older iPads, as iPadOS 13 supports models all the way back to the five-year-old iPad Air 2. But I imagine that not updating the iPad Pro at all in 2019 muted sales somewhat.

Riccardo Mori:

What I believe is that the iPad and its OS could have been so much more than a reinvention of the computing wheel adapted for a touch interface. What I believe is that Mac OS could be so much better if it kept evolving on an ‘open’ path, not a progressively locked-down one.

Update (2020-01-31): Matt Birchler:

Most people get maybe 2% of the potential of their Macs and Windows PCs today. Have you watched most people use a computer laterly? Most people I see have all apps in full screen all the time, no matter how big their screen is. Most people I see use keyboard shortcuts for copy and paste, opening new tabs, but basically nothing else.


I could go on, but my point is that most people don’t use computers like we do, and for us, I think we have the tendency to look at a platform and UI paradigm that we’ve been ising for 30 years and say "look how natural this is!" when of course it’s natural in large part because we’ve gotten used to it over 3 decades. I don’t mean to throw shade at the Mac and say it’s trash, but there is a ton there that is far from intuitive.

John Gruber (tweet):

But how many people think iPadOS has a good interface for managing files? Crickets. The Mac interface for managing files is too overwhelming for typical users to understand, but somehow iPadOS offers something worse.


The problems with the iPad are about consistency, coherence, and discoverability.


Affordances are not clutter.

Matt Birchler:

The points John and Dieter Bohn brought up are valid, too.

  1. The iPad’s multitasking interface requires too much fine grain motor movements, and it’s too likely you’ll make a mistake.
  2. The iPad’s multitasking is hard to learn inside iPadOS, you really need to watch/read a tutorial to see how it works.

My feelings are this is an opportunity for refinement, not a “throw it in a fire and start over” situation.

Steve Troughton-Smith:

There’s plenty of iPad’s multitasking UI that I think is great at a conceptual level, but affordances (like a tab bar, or window controls) just aren’t there for users who don’t want to have to learn arcane gestures. Even I lose track of what windows are open in iPad’s junk-drawer

Loren Brichter:

Also, the App Store is what killed the iPad.

Update (2020-02-04): Dave Nanian:

My only real comment on the iPad anniversary/success:

If I had to give up one Apple “computer”—iMac, Laptop, iPhone, iPad—it wouldn’t even be a difficult choice. Three out of four are essential.

Dave Nanian:

Most of my other writing is support email, and that’s what I tried to do on vacation. It was damn near impossible. Wasted so much time.

The next year I was able to do it no problem, though, on a Surface Go. (“Go” figure.)


So want to use the iPad for this…

Jean-Louis Gassée:

The trap Apple seems to have fallen into is in trying to ape some of the features of the old UI model without quite duplicating them entirely. Not as powerful as a classic PC UI, but without the simplicity of the original iPad.


The iPad situation is serious. As an old warrior of the early Mac years recently said, one worries that Apple’s current leadership is unable to say No to bad ideas. Do Apple senior execs actually use the iPad’s undiscoverable and, once discovered, confusing multitasking features? Did they sincerely like them? Perhaps they suffer a lack of empathy for the common user: They’ve learned how to use their favorite multitasking gestures, but never built an internal representation of what we peons would feel when facing the iPad’s “improvements”.

Marc Verstaen:

Excellent opinion on the iPad by @gassee. Ten years ago, I was part of the team working on the iPad (delivering the tools to build third party apps). Today, I don’t use an iPad anymore. There is something not right here.

Craig Mod (via John Gruber):

Having used the heck out of iPads these past few years, I believe there are two big software flaws that both make iOS great, and keep it from succeeding as a “pro” device:

  1. iOS is primarily designed for — and overly dependent on — single-context computing
  2. Access to lower level (i.e., a file-like system) components is necessary for professional edge-tasks

And one big general flaw that keeps it from being superb:

  1. Many software companies still don’t treat the iPad as a first class computing platform

Update (2020-02-17): See also: The Talk Show.

Update (2020-02-22): Mike Rockwell:

I have a more optimistic outlook on the iPad than many of the bigger influencers within the community. It’s far from perfect, but I think the state of iPad is overall positive. There are issues with the multitasking interface, text selection, mediocre mouse support, and more — I trust that these annoyances will be smoothed out over time, though.

And even with these issues, my iPad is still my primary personal computing device.


There are still plenty of limitations on the iPad, but the ceiling feels higher for me than it does on macOS. The key is access to automation through Shortcuts. On macOS, I’ve used Alfred, Quicksilver, Automator, and countless other apps within the category, but I’ve never been able to build anything quite as advanced as I have with Shortcuts.

Jason Snell:

Yes, iPad file management finally exists. But it needs to be a lot better.

Update (2020-03-12): The Talk Show:

First-time guest Federico Viticci joins the show. Topics include how the coronavirus outbreak might affect WWDC, speculation on a possible March Apple event, the state of iPad keyboard (and trackpad) support, and iPadOS multitasking.

Above Avalon Podcast:

A discussion of the iPad’s first decade and why we shouldn’t feel bad for the iPad. Additional topics include a diff. way of looking at the iPad unveiling in 2010, how the iPad foreshadowed iPhone success, and the iPad pivot.


It was an interesting point I hadn’t really thought of.

Essentially, the iPad revolution did happen; it just happened on 4.7-6.5” screens rather than 9.7”.

Kind of interesting how that played out. Instead of 3.5” phones & 9.7” computers, we have 4.7 to 6.5” phone-computers.


Update (2021-03-22): Greg Morris:

This is all after spending weeks getting my head around the new multitasking and app pairing because they changed the way the iPad worked AGAIN. I feel like I’m splitting up with my long term partner now they have their stuff sorted and I’ve realised it wasn’t worth the pain after all.

Jack Wellborn:

The problem is the iOS paradigm completely breaks down as soon as the one-to-one relationship between screens and apps is lost.


I first assumed that iPadOS’s command-tab was just poorly thought out because app switching should be conceptually simple. The reality is app switching isn’t conceptually simple on iPadOS. This becomes obvious when comparing app switching on iPadOS to other platforms.

Update (2021-04-16): Jack Wellborn:

This screenshot perfectly illustrates just how incompatible a macOS-style app switcher is on iPadOS, where the primary user interface element is screens.

macOS 10.15.3


The macOS Catalina 10.15.3 update improves the stability, reliability, and security of your Mac, and is recommended for all users.

  • Optimizes gamma handling of low gray levels on Pro Display XDR for SDR workflows when using macOS
  • Improves multi-stream video editing performance for HEVC and H.264-encoded 4K video on the MacBook Pro (16-inch, 2019)

The security notes are here. The combo update is here, but the Download button currently downloads the macOS 10.15.2 file.

There’s nothing about it in Apple’s release notes, but from what I’ve heard macOS 10.15.3 fixes the bug where large numbers of messages stored “On My Mac” could be deleted when updating to Catalina or rebuilding Mail’s database. It does not fix the bugs where moving messages between mailboxes (via drag and drop, rules, or AppleScript) can delete them, duplicate them, or simply not move them at all.


Update (2020-01-31): Mr. Macintosh:

The macOS Catalina 10.15.3 Update is only about two days old and is already receiving mixed reviews.

Update (2020-02-04): Howard Oakley:

Your mileage may vary, of course, and there are some irritating effects which can mar this update for some.

Howard Oakley (Hacker News):

We’re now past Catalina’s midpoint: with four versions already released, there’s only three more to go before we prepare for the first release of 10.16. That’s a stark fact, that we’re now at the point where the more cautious should consider whether they’ll run 10.15.


The upshot is that there are going to be many Mac users who simply can’t risk upgrading to Catalina, and will be stuck running High Sierra, whose support is expected to end later this year, or Mojave, whose support should expire in just over 18 months. Apple needs to reconsider whether its current support policy is realistic if there’s a growing number of users of currently-sold Macs who are stuck running older versions of macOS in the future.


For many users, the drawbacks in Catalina are largely the result of Apple becoming over-extended: Catalina runs best on Macs with hardware specifications that Apple marketing isn’t yet prepared to make the baseline for models such as the iMac.

Lloyd Chambers:

Photoshop benchmarks are consistently a little slower to a lot slower (15%).

I always follow a strict procedure/protocol to get consistent repeatable results and there can be no mistake about this downgraded performance.

Because there are two changes (macOS and Photoshop), I don’t know if macOS is to blame, or Photoshop, or both.

See also: philux.

Lloyd Chambers:

Today, I received a new 28-core Mac Pro and it fails to be able to update to 10.15.3 repeatedly as part of the Migration Assistant process, WiFi or Ethernet. It never succeeeded so I did “skip” and updated separely. There seems to be ZERO quality control in place.

I also learned today that it is IMPOSSIBLE to uninstall some kernel extensions with 10.15.3.

Update (2020-02-06): Jon Alper:

Running the 10.5.3 Updater bricked my 16 Core Mac Pro (black screen w/back light). Then in recovery mode it triggered activation lock and then couldn’t find a user when attempting a reboot. The ultimate cure was a Recovery Mode OS install whereupon users/data & config welre back.

See also: Siri Stores Encrypted E-mails in Plain Text.

Disk Prices on Amazon

Disk Prices has a nice filterable table of hard drives and SSDs by price, capacity, and warranty (via Hacker News).

See also: Price per TB.

Monday, January 27, 2020

Core Data Lab 1.0

Ron Elemans (via Mike Rundle):

The Core Data viewer app we had in mind should be able to filter data in any way we like, show related data defined by Core Data relationships, allow to edit and delete data, show any type of web data automatically, and present all data conform the object model including binary and transient fields.

A database viewer is of course not complete without obvious features like a metadata viewer, which allows you to inspect all aspects of the Core Data Object model, and export functions, which allow you to export any data selection as CSV or JSON file.

But there is more. The app should also be able to show all Core Data apps that we ever started in an iOS, iPadOS, tvOS or watchOS simulator in a handy overview, together of course with the related database. And we are always curious how ‘other’ apps uses Core Data. So our Core Data app should be able to find the database for a given Core Data app, and the other way around.


Another nice feature we implemented is a data change tracker, which lets you see in a graphical way how a Core Data app mutates a database.

The initial version already looks better than the previous such apps I tried. I can’t believe it’s only $10. The developer was very responsive to the feature requests and bugs that I sent in.

See also: CoreDataUtility, Core Data Explorer.


Safari Runs Disabled Extensions

Jeff Johnson (tweet):

I reported this issue to Apple Product Security on November 17 2019. I received a reply from Apple Product Security on December 16 that said they do not see any actual security implications from my report. I replied, arguing that it was a privacy violation. A disabled extension can phone home without the consent of the user, indeed without the knowledge of the user, and expose information about the user: the user’s IP address, the user’s username (which is probably their real name), the fact that the user has installed the extension, the exact time that the user launches Safari, every time the user launches Safari, etc. I also suggested to Apple Product Security that executing native Mac code without any action by the user is a security problem, and furthermore that a maliciously crafted app extension could exploit any vulnerabilities in the SafariServices API that may exist, or exploit any sandbox escapes that may exist, despite being disabled in Safari, and again without any action at all by the user, except for installing the app. I received another reply from Apple Product Security on January 24 2020 reiterating that they do not see any actual security implications.

This does seem like something Apple should fix.

Update (2020-03-27): Jeff Johnson:

After installing Safari 13.1, I can no longer reproduce the issue with my sample Safari app extension, which I made available for download in my previous blog post. As far as I can tell, the issue is completely resolved.

Friday, January 24, 2020

Federico’s Must-Have iOS Apps

Federico Viticci:

Two themes emerged over the second half of 2019, though. First, thanks to various improvements in iOS and iPadOS 13, I increased my reliance on “first-party” Apple apps: I embraced the new Reminders app and its exclusive features, stopped using third-party note-taking apps and moved everything to Notes, and switched back to Apple Mail as my default email client. I’ve written about the idea of comfort in the Apple ecosystem before, and I’ve seen that concept work its way into my app preferences more and more over the course of 2019.


Following changes to running shortcuts from the Home screen in iOS 13, I realized how much I was going to benefit from the ability to execute commands with the tap of an icon, so I decided to mix and match apps and shortcuts on my Home screens to maximize efficiency.


This entire story features a collection of the 50 apps I consider my must-haves on the iPhone and iPad, organized in seven categories; whenever possible, I included links to original reviews and past coverage on MacStories.

On the Road to Swift 6

Ted Kremenek:

There are major investments currently underway to improve the core developer experience, such as:

  • Faster builds

  • More informative and accurate diagnostics

  • Responsive code completion

  • Reliable and fluid debugging experience

And many others.

These are crucial endeavors, and they represent most engineering work that is happening in the project right now. They will remain an area of focus until these are nothing short of excellent.


[There] are three language areas which are particularly important to focus on:

  • Round out capabilities in the language that support building expressive and elegant APIs such as variadic generics and DSL capabilities like function builders

  • Refine Swift’s implementation and capabilities to allow it to be used for low-level systems programming (or in constrained environments) and in important domains like services and machine learning

  • Provide excellent solutions for major language features such as memory ownership and concurrency


Setting Up Gitweb on Shared Hosting

Jordan Rose (tweet):

I did get a few recommendations for other places to host Git repositories, but—at least partly inspired by Tom Ryder’s “Why Not GitHub?”—I decided to take the plunge and set up my own hosting.


According to the Git Book, you’re supposed to grab the latest sources and generate a custom version of the script yourself. What they don’t mention is that pretty much everything you’d customize by generating it yourself is already customizable with a config file.


The idea to use a RewriteRule is adapted from the gitweb man page, but I’ve made one important change: paths that resolve to real directories are still sent to gitweb.cgi.


Basically, git doesn’t normally keep around info for clones to work over plain HTTP, but we can generate it up front whenever there’s a push. We use a post-update hook for that.


Logitech Limits Harmony Hub Resets

techuck_ (via Hacker News):

After resetting my Hub last night, I was shown a message in the desktop + mobile apps saying my Hub had been disabled and to contact Customer Service. I tried several additional resets, a new Harmony account app re-installs, etc. and the message wouldn’t go away.


Our system will lock out a remote when it has detected excessive additions and deletions of devices to your remote account. Expected use would require only periodic additions/deletions of devices. This time I’ve enabled your remote account. So avoid deleting and adding the devices frequently.

Due to the product Terms of Use. Next time, your remote will no longer be able to make further updates to its configuration, when it gets disabled.

I guess this is to get you to buy the hub that supports more devices, instead of rotating them on the smaller hub.

Shane Morris:

My fridge has an RFID chip in the water filter, which means the generic water filter I ordered for $19 doesn’t work. My fridge will literally not dispense ice, or water.

I have to pay @generalelectric $55 for a water filter from them.

Ryan Sullivan:

Last month I canceled a random charge for $4.99 per month from HP called “InstantInk”. Wasn’t sure what it was for. I’ve had it for over a year but had no idea what it did.

I just found out what it did


Apparently HP remotely disabled perfectly good ink cartridges because I don’t pay a monthly fee?


Using Breakpoints As Bookmarks

Jesse Squires:

Any time I am exploring or getting familiar with a new codebase in Xcode, especially very large projects, I use disabled breakpoints as “bookmarks” to keep track of where I am, where I have been, and things I want to remember or need to revisit. Sometimes I even do this when debugging issues in codebases that I know well.


Information Leaks via Safari’s Intelligent Tracking Prevention

Artur Janc et al. (PDF, Hacker News, MacRumors, 9to5Mac):

As part of a routine security review, the Information Security Engineering team at Google has identified multiple security and privacy issues in Safari’s ITP design. These issues have a number of unexpected consequences, including the disclosure of the user’s web browsing habits, allowing persistent cross-site tracking, and enabling cross-site information leaks (including cross-site search). This report is a modestly expanded version of our original vulnerability submission to Apple (WebKit bug #201319), providing additional context and edited for clarity. A number of the issues discussed here have been addressed in Safari 13.0.4 and iOS 13.3, released in December 2019.

This is really clever.

Maciej Stachowiak:

If you’ve seen articles advising you to turn off Intelligent Tracking Prevention in Safari, don’t do it. That is terrible advice. Even if we had no fix for the issues recently disclosed by Google, cookies are a way worse tracking vector than a flaw in ITP could ever be.

On top of that, we have in fact patched the specific vulnerabilities reported to us, and have confirmed this with the researchers.

John Wilander:

We’d like to thank Google for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection. Their responsible disclosure practice allowed us to design and test the changes detailed above.

Justin Schuh:

It has not [been addressed]. I explained elsewhere that Apple’s blog post was confusing to the team that provided the report. The post was made during a disclosure extension Apple had requested, but didn’t disclose the vulnerabilities, and the changes mentioned didn’t fix the reported issues.


Wednesday, January 22, 2020

The Hunt for the Fastest Zero

Daniel Lemire (via Raffaele Fragapane, Hacker News):

Typically, to fill an array with some value, C++ programmers invoke the std::fill. We might assume that for a task as simple as filling an array with zeroes, the C++ standard library would provide the absolute best performance. However, with GNU GCC compilers, that is not the case.

The following line of C++ code gets compiled as a loop that fills each individual byte with zeroes when applying the conventional -O2 optimization flag.

std::fill(p, p + n, 0);

When the array is large, it can become inefficient compared to a highly efficient implementation like the C function like memset.

memset(p, 0, n);

Zeroing memory can actually become a bottleneck.

Travis Downs (Hacker News):

Now we see how the memset appears. It is called explicitly by the second implementation shown above, selected by enable_if when the SFINAE condition __is_byte<_Tp> is true. Note, however, that unlike the general function, this variant has a single template argument: template<typename _Tp>, and the function signature is:

__fill_a(_Tp* __first, _Tp* __last, const_Tp& __c)

Hence, it will only be considered when the __first and __last pointers which delimit the range have the exact same type as the value being filled. When when you write std::fill(p, p + n, 0) where p is char *, you rely on template type deduction for the parameters, which ends up deducing char * and int for the iterator type and value-to-fill type, because 0 is an integer constant.

Every Google Result Now Looks Like an Ad

Craig Mod (via Hacker News):

There’s something strange about the recent design change to google search results, favicons and extra header text: they all look like ads, which is perhaps the point?

Ginny Marvin:

In 2007, Google changed the long-standing shaded background indicating the ads section of the page from blue to yellow. In 2008, it then briefly tried a green background before reverting back to yellow. Google continued to test variations of background colors including bright blue and a light violet. In 2010, violet officially replaced the yellow, but only lasted about a year before yellow reappeared in 2011. In 2013, Google tweaked the yellow to a paler shade, which would close out the era of background shading.

At the end of 2013, Google removed the background shading and began testing a yellow ad label next to each text ad. The yellow “Ad” label rolled out globally in 2014 in a much smaller size than first appeared in the initial testing. In 2016, a new green label marked the first time the color of an ad demarcation matched the color of an element in both the ads and organic listings: the display URL. A year later, Google kept the green, but inverted the treatments so that the font was green with a thin green border on a white background. This year’s update to the black label does away with the border altogether. The display URL is now black to match the label.

Here’s a timeline.

Update (2020-01-24): John Gruber:

To say that this design blurs the line between real search results and sponsored items is an understatement.

Natasha Lomas:

Last week, in its own breezy tweet, Google sought to spin the shift as quite the opposite — saying the “new look” presents “site domain names and brand icons prominently, along with a bolded ‘Ad’ label for ads”[…] But Google’s explainer is almost a dark pattern in itself.

Jon Porter:

Early data collected by Digiday suggests that the changes may already be causing people to click on more ads.

Dieter Bohn (via Hacker News):

Today, I still trust Google to not allow business dealings to affect the rankings of its organic results, but how much does that matter if most people can’t visually tell the difference at first glance? And how much does that matter when certain sections of Google, like hotels and flights, do use paid inclusion? And how much does that matter when business dealings very likely do affect the outcome of what you get when you use the next generation of search, the Google Assistant?

And most of all: if Google is willing to visually muddle ads, how long until its users lose trust in the algorithm itself?

Update (2020-02-22): Luke Kling:

I’m old enough to remember when Google was pushing us to not show ads above the fold and focus on good content for the user.

Here is everything above the fold on my latest Google search.

Update (2020-02-26): Damien Petrilli:

Google rolled back their new Ad design my ass.

Literally NO difference between results outside the little “Ad”.

Farewell, Tetris

Juli Clover:

EA is ending support for its Tetris for iOS apps starting on April 21, 2020, the company announced today in app updates to Tetris Premium, Tetris 2011, and Tetris Blitz.


It seems that this post on Reddit explains the situation better; EA had a 15 year license to distribute Tetris games on mobile and that license expires... You guessed it, April 2020.

I’m still irritated that they may kill off existing installs, though. The least they can do is just remove the online components of the game and leave the app playable for those who already have it.


Sonos Will Stop Providing Software Updates for Its Oldest Products in May

Chris Welch:

“Without new software updates, access to services and overall functionality of your sound system will eventually be disrupted, particularly as partners evolve their technology,” Sonos warned in a blog post today. The company says customers can choose to either keep using these products after support ends — they should continue functioning in the near-term — or replace them with a modern Sonos product at a discount.


Sonos is again stressing that these products have been stretched to their absolute limit, noting that many of them — the oldest were introduced in 2006 — predate the iPhone and streaming music services altogether. Sonos has said it’s committed to providing software updates for five years after it last sold a device directly.

Apple tends to be better at stuff like this.

Kirk McElhearn:

It’s worth noting that there is a lot of ire among Sonos users. I follow a Facebook group, and there are a lot of people who bought devices just a year ago that are affected. I also heard from someone on Twitter who had hard-wired a bunch of Sonos stuff in a house, juts five years ago, and it will all be affected.


I have a bunch of Sonos stuff and I use it only with AirPlay, but the company still doesn’t support music libraries over 60,000 tracks (if you point the Sonos app at a folder containing your music files). Yet in practice, this number is much smaller. When I tried – about five years ago – it only managed to see about 40,000 tracks. This is because a lot of my music library is classical, and has a lot of metadata. The library size is limited by the amount of text that can be stored in a database, and with classical music, you can use fewer tracks because the metadata is often larger. Seriously.

See also: Omar.


Update (2020-01-24): Landon Fuller:

My “obsolete” Sonos hardware is only 6 years old. I refuse to pay them more just to stay on a wasteful upgrade treadmill.

Meanwhile, the company that made my 40-year-old smart lighting system is still selling replacement parts and upgrades along-side their modern products.

Sonos (via Hacker News):

First, rest assured that come May, when we end new software updates for our legacy products, they will continue to work as they do today. […] While legacy Sonos products won’t get new software features, we pledge to keep them updated with bug fixes and security patches for as long as possible.


Secondly, we heard you on the issue of legacy products and modern products not being able to coexist in your home. We are working on a way to split your system so that modern products work together and get the latest features, while legacy products work together and remain in their current state.

Tuesday, January 21, 2020

Apple Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected

Benjamin Mayo:

In a 2018 interview, Cook’s comments to a German website heavily implied they are working on iCloud backups without a key (i.e. end-to-end encrypted).

Tim Cook (translation):

Our users have a key there, and we have one. We do this because some users lose or forget their key and then expect help from us to get their data back. It is difficult to estimate when we will change this practice. But I think that in the future it will be regulated like the devices. We will therefore no longer have a key for this in the future.

Joseph Menn (MacRumors, Hacker News):

Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information.

Two years ago would be about 9 months before that interview with Cook was published.

As Apple explains, most iCloud data is not end-to-end encrypted. And, despite Apple’s marketing, iMessage has effectively never been end-to-end encrypted, either, unless all the parties in a conversation have turned off iCloud backup. I’ve been writing about this for years, but most reporting continues to ignore the backup loophole.

In October 2018, Alphabet Inc’s Google announced a similar system to Apple’s dropped plan for secure backups. The maker of Android software, which runs on about three-quarters of the world’s mobile devices, said users could back up their data to its own cloud without trusting the company with the key.


The company continues to offer the service but declined to comment on how many users have taken up the option.

John Gruber:

Apple, the privacy company

Ryan Jones:

We all need to remember and repeat often: “Apple has a master key for all iCloud backups”.

Matthew Green:

Notice as well that Apple didn’t just abandon plans to encrypt iCloud backups by default. They even abandoned giving users the option to encrypt those backups. And due to the walled garden nature of iOS, there’s nothing you can do about it.

Benjamin Mayo:

If Apple wants to be taken seriously as the ‘privacy’ company, then they should offer end-to-end encrypted iCloud backups.

Hide it behind ten warning dialogs, whatever. It should be an option, plain and simple.

The iOS security model (rightly) won’t let any other company have privileged access to the complete filesystem and user data, so a third-party solution isn’t possible. It falls on Apple to do it.

Matthew Green:

I was going to write something about iCloud backup and encryption but I realize that I’ve written it all. So here are a bunch of old posts[…]

Walt Mossberg:

As most of you know, you can back up an iPhone or iPad locally, to your own computer, using Apple’s iTunes program. In fact, that was the only way to back up your iPhone before Apple introduced iCloud Backup in iOS 5 in 2011. It was originally introduced with the iPod many years before.

This method is clumsy, slow, and requires you to remember to use it. But it still works. You can even opt to encrypt this local backup. And it keeps the contents of your phone available for restoring, but out of the cloud and out of Apple’s control.

Royce Ausburn:

It’s interesting that they choose to make iPhones unbreakable but not the backups. I’d prefer it the other way around given a choice. Better for law enforcement too, they get iCloud backups without the suspect’s knowledge, but the suspect would know if their iPhone is seized.

Eric Young:

I think this entire debate is purposefully vague and abstract

Apple doesn’t want to and cannot take firm stances on “privacy”

Because they can’t. Their statements are purposefully vague and abstract - and what many will come realize: misdirection/and somewhat dishonest


The idea that a for-profit company jumped into this un-winnable and resource draining war - is shocking to me

This is Apple’s war on drugs. It’s their lost decade. And we all suffer because of it

I’m not sure it’s true that Apple’s privacy stance is the reason for their poor services, but fighting governments on encryption is difficult. At present, Apple seems focused on putting up a smokescreen so that customers think their data is more secure than it actually is. The way to win, if that’s even possible, would be to educate the public about what’s actually going on, so that they can lobby their representatives to change government policy in favor of privacy.


Update (2020-01-21): AAPL of Discord:

Steve Jobs responding to Walt Mossberg on Privacy at D8 2010:

“No! Privacy means that people know what they’re signing up for. In plain English, and repeatedly. That’s what it means.”

At the very least, Apple is failing on the “plain English” bit.


You need to be extremely technical to understand the difference between “Encryption: Yes” and not end-to-end encrypted. To the lay user, Apple is explicitly telling you that they’re encrypted.

And to understand that “Messages in iCloud also uses end-to-end encryption” actually means that Apple can access the messages if they are backed up and could access future messages without a backup if they added a fake device to your account.

David Sparks:

So Apple is holding the line on our devices but not on our backups. That seems like a great way to upset everyone. Do they think giving the government user just iCloud backups will satisfy them? Do they think that privacy-minded users will say “good enough” when they realize their device is encrypted but not their backups? Seems to me like it is time for Apple to fish or cut bait.

Nick Heer:

Even though Apple attempts to explain how iCloud backups work, I don’t think they do a good job, and it is one reason the Reuters report today had such a profound impact: a lot of people have been surprised that their iCloud backups are less private than their phone. Yet, as bad as this is for Apple, it is equally a poor look for the Department of Justice, who have publicly been whining about their inability to extract device data while privately accepting Apple’s cooperation.

John Gruber (tweet):

It’s essential that Apple still supports local backups, for many reasons, but for most iPhone and iPad users it’s irrelevant, because they never connect their devices to a Mac or PC, and the overwhelming majority of them surely have no idea that the feature even exists. iCloud backups are the only backups most iOS users ever use, and it is a fact that there is no option to truly encrypt them.


In fact, it’s so contrary to Apple’s stance as The Privacy Company that I’ve already heard from several tech-savvy users today, in the wake of Reuters’s report, that they had assumed until now that their iCloud backups were encrypted.


If that is the case — that Apple’s legal department killed the project to avoid “poking the bear” — then it’s ultimately irrelevant whether Apple briefed the FBI in advance or not. It’s acquiescence, and users will be left unprotected. Not just in the U.S., where the FBI has jurisdiction, but everywhere in the world where encryption is legal.

Apple Legal is afraid to poke the bear, which Google has been doing since 2018?

Starting in Android Pie, devices can take advantage of a new capability where backed-up application data can only be decrypted by a key that is randomly generated at the client. This decryption key is encrypted using the user’s lockscreen PIN/pattern/passcode, which isn’t known by Google. Then, this passcode-protected key material is encrypted to a Titan security chip on our datacenter floor. The Titan chip is configured to only release the backup decryption key when presented with a correct claim derived from the user’s passcode. Because the Titan chip must authorize every access to the decryption key, it can permanently block access after too many incorrect attempts at guessing the user’s passcode, thus mitigating brute force attacks. The limited number of incorrect attempts is strictly enforced by a custom Titan firmware that cannot be updated without erasing the contents of the chip. By design, this means that no one (including Google) can access a user’s backed-up application data without specifically knowing their passcode.

Ryan Jones:

We must stop using “encrypted” and especially “end-to-end encrypted”.

ICloud backups are encrypted, but Apple has a master key.

All that matters is accessible. Are iCloud backups accessible by Apple? Yes.

Why does Apple have a master key? Because people forget their passwords every day.

I believe that’s a valid reason and why they have access (not for some FBI conspiracy).

The problem is Apple hides it.

You have to read this like a detective to know.

Not just backups, but also the Safari browsing history for all your devices.

Update (2020-01-24): John Gruber:

Via my friend Glenn Fleishman, who speaks German: “You are correct about the Spiegel story. The machine translation is quite good, but ‘regulated’ was translated from the verb ‘regeln’ which can be regulated, but also controlled/set/etc. So it would be better to say, ‘I believe that in the future, it will be handled like on devices.’ ”


Something in the timeline doesn’t add up there.

Damien Petrilli:

The limitations of the Apple closed ecosystem: your state is against encryption, as iOS is closed, nothing you can do.

Can’t backup to your own cloud, can’t set third party photo as default, nothing.

If Apple cared about security, they would actually open the system.

Damien Petrilli:

SeeAnd BTW, easy fix to reduce the iCloud Backup issue: let people pick what they want to backup instead of all or nothing.

That way you could exclude Messages for example, which are encrypted end-to-end but the private key is uploaded by the iCloud backup system if ON...

John Gruber:

First, while Android runs on 75 percent of mobile devices worldwide, not all of those devices use Google services like backup. None of the Android phones in China, for example — which is a lot of phones. It’s lazy to conflate Android phones with Google Android phones.

Second, I wasn’t aware of this until today. And it makes iCloud’s lack of backup encryption look bad.


Not sure why the Department of Justice isn’t publicly complaining about this.

Rosyna Keller:

[Google] App Data backups are limited to 25MB per app, anything over isn’t backed up.

Alex Stamos:

What we really need is a detailed accounting of what data is available to the governments of the United States and the People’s Republic of China and under what circumstances. Apple continues to obfuscate by using “encryption” when they mean “encrypted with a key we hold”.

See also: TidBITS Talk, Bruce Schneier, Rene Ritchie, The Talk Show.

Monday, January 20, 2020

Creating Root-level Directories and Symbolic Links in Catalina

Rich Trouton:

The use of firmlinks is exclusively reserved for the OS’s own use, but Apple has also made available what are called synthetic firmlinks. These synthetic firmlinks are how the OS enables folks to create directories and symbolic links on the read-only boot volume.


Whomever designed this came down on the “tabs” side of the “tabs vs. spaces” debate. When creating the separation between installers and Users/Shared/installers in the /etc/synthetic.conf file, you need to use tabs. If you use spaces instead, the synthetic firmlink won’t be created.


For more information, please see the synthetic.conf man page.


Farewell, Carcassonne

The Coding Monkeys (tweet):

With a heavy heart we have to announce that our rendition of Carcassonne will no longer be available for purchase as of March 1st 2020. Our contract with the Company behind Carcassonne, Hans im Glück, has come to an end. Shortly after that, the interpretation by Asmodee will be available for purchase for Mac and iPhone/iPad, so your Carcassonne needs will be catered for in the future.


This has been an amazing ride for us. Our online service catered for over 2 Million active devices at peak times. You finished over 8.5 Million games, and on average there are around 3.500 games up and running at any point in time. We launched on non-retina iPhones, and expanded and supported over 20 models of iPhone and 19 models of iPads. From iPhone OS 3 up to iOS 13 today. We proudly have a service uptime of over 99,999% during that decade, thanks to our erlang-based technology.


Update (2020-02-18): The Coding Monkeys (tweet):

Instead of just putting our head in the sand we decided that we will do one last Update to put as much life into our rendition as we can. And here it is, with 2 weeks left on sale, Carcassonne 4.40. It might not look like much, but making Carcassonne finally™ adjust fully to the extended screen estate of the newer iPads was quite a bit of (scary) work.

Profiling Mac Unit Tests

Ilja A. Iwas:

Mac Devs: Is it just me, or is the “Profile ‘Test XYZ’” command in Xcode 11.3 broken? Instruments launches the main app, but does not run any tests. 🤷‍♂️

He’s filed bug FB7543911.

There was a brief period of time where running tests under Instruments worked for me, and it was glorious. Then the handy “Profile [test]” command stopped working—Instruments would launch but not record anything from the test. I reverted to the old method of setting a breakpoint and manually attaching Instruments to the test process while it was paused. Lately, that no longer works for me, either.

Mostly, I use Instruments to track down memory leaks. An alternative tool is the Memory Graph Debugger, which works within Xcode itself and never seems to have trouble attaching/recording.

Rejected for Working Around macOS Bugs

Daniel Jalkut:

It’s a dramatic day for @MarsEdit and compatiblity, as App Review has suddenly become more interested in private WebKit SPI. I patch WebHTMLView to work around serious bugs which I have filed. One of them is a crasher. I don’t think WebKit1 is the best focus for App Review?

A truly unfortunate situation to be in as a developer. Apple will likely never fix the bugs, as WebView is now deprecated. Its replacement, WKWebView, is not fully ready yet, and will require a complete rewrite in a different language to get the same functionality, if that’s even possible.

Daniel Jalkut:

Spending my whole weekend, apart from celebrating the delightful birthday of my little baby 8yo, working around issues that App Store review put on my plate. The price I pay for playing this game, I know. I just wish the game were a little different.


Overall I am pretty chill about App Store review and the goals of bringing developers into line. I do think it would be massively improved by a graduated system of warning of future rejection while allowing immediate fixes to pass through.

As a Mac App Store developer whose apps have been in the store since the beginning, it’s not a great feeling to know that any critical update might be held up because Apple decided to get more uptight about something that was OK for the past 8 years.

Daniel Jalkut:

Generally I would say the thing for other developers to look out for is Apple may be improving its ability to detect things like patches as opposed to outright “use” of private API, and they may also be getting less forgiving of some behaviors, even if in the name of better UX.

This is the thanks you get for filing Radars and putting up with bugs for all those years.

It’s not exactly altering the deal because the Mac App Store has always banned private API. As was said at the outset, this is not realistic. There will always be (different) OS bugs. Even in the best case, they will take time to fix. Nobody—not customers, developers, nor Apple—wants apps to exhibit bugs, but that’s the inevitable result of a policy that forbids patching to work around buggy API.

When the Mac App Store debuted with this policy, some people said it would force Apple to fix the bugs faster. I don’t think that’s happened. Rather, developers kept doing what they were doing—I bet most large or popular apps are using private API to work around bugs—and Apple either failed to detect this or chose to look the other way.

Now, the rules haven’t changed, but perhaps enforcement has. This is a problem both because of increased user-visible bugs and fairness. Some apps like MarsEdit will eat up development time to end up with something buggier than they started with. Other apps will get a different reviewer and slide right through. Apps that Apple deems sufficiently important will be exempt from the rule.

With out-of-process Web views, increasing use of Swift, and direct Objective-C properties, patching will be more difficult. This will level the playing field—but to the lowest common denominator.

Daniel Jalkut:

My compromise build was approved by Apple this afternoon. I found another way around one of the bugs I was fixing, but have no fix for the other one, yet. It’s a fairly minor thing, but the Mac App Store version is now buggier than it was, thanks to App Review.


Update (2020-01-20): Jeff Johnson:

Apple currently lets Catalyst apps use private API as workarounds, but at some unpredictable time they’ll get rejected for it.

Update (2020-01-24): Jesse Squires:

Anyone who's worked at any big company knows Apple lets private API use slide.

IG and FB both used private iOS APIs. Appple knew and always approved. Big Apps™ are too important to reject.

Friday, January 17, 2020

The Flask Mega-Tutorial

Miguel Grinberg:

Welcome! You are about to start on a journey to learn how to create web applications with Python and the Flask framework. The video above will give you an overview of the contents of this tutorial. In this first chapter, you are going to learn how to set up a Flask project. By the end of this chapter you are going to have a simple Flask web application running on your computer!

Via Sean Heber:

[It] is quite possibly the best and most complete technical tutorial I’ve ever come across.

Malicious WebAssembly

Catalin Cimpanu:

In an academic research project that was carried out last year, four researchers from the Technical University in Braunschweig, Germany, looked at WebAssembly’s use on the Alexa Top 1 Million popular sites on the internet, in an attempt to gauge the popularity of this new technology.


However, while the vast majority of samples were used for legitimate purposes, two categories of Wasm code stood out as inherently malicious.

The first category was WebAssembly code used for cryptocurrency-mining. These types of Wasm modules were often found on hacked sites, part of so-called cryptojacking (drive-by mining) attacks.

The second category referred to WebAssembly code packed inside obfuscated Wasm modules that intentionally hid their content. These modules, the research team said, were found part of malvertising campaigns.

Via Kyle Howells:

WebAssembly should be a user opt-in per website feature.

App Movement Monitoring

Daniel Jalkut:

Essentially, when a Mac app is launched, the location of that app on disk is saved, and used repeatedly whenever an internal component needs to located. The dynamic nature of resource loading in Mac apps means that these components are not typically loaded until they are need. For example, if you never show the Preferences window in a typical Mac app, the resources that define that window will never be loaded.

If, on the other hand, you decide to show the Preferences window, but you’ve moved the app since it was launched, things have a tendency to go haywire. The app will go searching for its Preferences resources in the location on disk where they used to be, and it won’t find anything.

Why doesn’t Cocoa use file reference URLs to delay resolving the path until it’s actually needed, like it does for the document architecture? Or at least try to prevent users from moving apps that are open?

Paul Kafasis:

To avoid these issues, the Finder already works to avoid multiple types of changes to running applications. For instance, if you try to delete an application that’s open, the Finder stops you[…] As well, if you attempt to rename an open application, the Finder will warn against it[…] However, while any Unix geek can tell you that a rename is really just a move by another name, the Finder does nothing to stop you from actually moving the app.

Paul Kafasis:

I discussed this issue with Daniel and Brent, and provided them with the code we’d been using to watch for this issue. This actually led us to make several changes and tweaks, and a simplified implementation of this “Application Moved” watcher can be found below[…]


RSAppMovementMonitor handles the nuanced details of monitoring for the movement, prompting the user, and relaunching the app[…]

This is more complicated than it seems, due to quarantine, translocation, sandboxing, and need to preload any localized strings before the app is moved.

The latter was surprising to me, but I recently ran into a similar issue when updating my apps to en.lproj instead of English.lproj.


Thursday, January 16, 2020

YouTube RSS Feeds

Thomas Brand:

In 2020 I am watching less stupid on YouTube by skipping the algorithm. Instead of letting the YouTube decide which videos it wants to show me, I am watching only the videos I want to see by subscribing to my favorite content creators via RSS.


[Append] the Channel ID to the end of this URL

The combined URL + Channel ID is the Feed URL of that YouTube channel, and can be added to my feed reader.

Too bad there’s no way to do this for Twitter.

Nick Heer:

YouTube isn’t the only website that buries its RSS feeds in this manner. I don’t know that it’s deliberate — in the sense that they’re trying to discourage the use of RSS. I think it might be a result of product teams convincing themselves that RSS is something used only by the technically-proficient, so it’s put in a place where that group can find it. The trouble is that only the technically-proficient will end up using it, so it’s cyclical.

Why not just put it in a <link> tag?


Update (2020-04-20): Vítor Galvão:

In several feed readers (e.g. Reeder) you don’t need to figure out the feed yourself: paste the channels’s URL and it’ll auto-detect the feed

If you want the feed for a specific youtube playlist, use

It works in News Explorer, too.

Optionals in Swift Objective-C Interoperability

Fabián Cañas (tweet):

The problem is that since Swift doesn’t think this value can be nil, it’s not trivial to check.


It says the non-optional value shouldn’t be compared to nil, and that it’s always false. But at run time, the nil is detected, and we print the statement.


What’s interesting here is that the argument to the bridge function is an Optional<NSCalendar>. The static method, by its signature, accepts nil. What’s happening then? In this case, The culprit for the crash and what saves us from unexpected behavior later on is a force unwrap. Though the value that’s actually passed in to the function is Optional<NSCalendar>.some(nil), which is still not a valid value and we’re still in undefined behavior territory, so it’s pleasantly surprising that a force unwrap catches this case.


Having the the compiler automatically check and assert that nonnull Objective-C types returned by Objective-C methods are indeed present would be fantastic, whether for debug builds or as an independent flag.

Brent Royal-Gordon:

To make sure we’re all on the same page: returning null from a nonnull imported API is full-on, demons-flying-out-of-your-nose undefined behavior. There’s no guarantee that it will do what you saw.

Unfortunately, it’s rather easy to get the annotations wrong, and even Apple does this. For example, the SecDigestTransformCreate() and SecTransformExecute() calls can return NULL in Objective-C, but Swift acts as if they can’t fail. I filed a bug about about this, which Apple recently said was so old that they wanted to close it and have me open a new one. Meanwhile, I’m able the work around the issue because these two APIs have a separate error pointer that can be examined. Without that, I think you would need an Objective-C wrapper to safely detect whether an error has occurred.

Update (2020-01-24): Quinn the Eskimo (via Thomas Clement):

The SecTransform API is effectively deprecated, and has been so since 10.12. Unfortunately it’s taken a while for us to formally deprecate it (r. 25183002).

Is Git Irreplaceable?

wyoung (Hacker News):

I worry that Git might be the last mass-market DVCS within my lifetime. Git effectively has a global monopoly on DVCSes, and I don’t see how you replace such a thing.

Replacing RCS with CVS was easy. Replacing CVS with Subversion was a big fight in many places. Replacing the remaining CVS and Subversion repos with something modern may never happen. Replacing Git with something better looks impossible.

Via Greg Hurrell:

My take: scalability is the biggest hurdle (weak spot) that must be overcome; complaints about usability are majorly exaggerated – version control has some inherent complexity that can’t be elided.

I think that’s right. The command-line weirdness is gradually being addressed, and you can mostly avoid it by using a GUI, anyway. The alternatives I’ve seen are also inherently complex.


Composite Mac Desktop Picture


No one asked for this. But here it is: every macOS wallpaper from Mac OS X 10.0 Cheetah to macOS 10.15 Catalina combined.

The full-resolution image is here, and there’s also one for iOS.


Which Emoji Scissors Close?

wh0 (via Nick Heer):

Conveniently, the emojis studied in this post depict the scissors from a viewpoint parallel to the axis of the hinge. This allows us to simulate swinging the blades with basic image rotations. I collected a dataset of emojis from different vendors from Emojipedia. In the following experiments, I swing the blades around the hinge until the handles collide with each other.

Wednesday, January 15, 2020

AppleScript to Export Open Safari Tabs to OmniFocus

Jesse Squires:

I am often in a situation where I have a number of tabs open in Safari. I may be reading a collection of blog posts about how to implement a new iOS API, or I may be researching something I need, like new running shoes. I cannot always complete the task in that moment and I want to revisit it another time, or I want to save all the links for later. If they stay in Safari (even as bookmarks) they will be lost forever to me. I need to save them into OmniFocus. So I wrote an AppleScript to do that.

Typewriter Keylogger

Kyle Mizokami (via Espionage News):

The NSA eventually shipped all of the electronics located at the embassy back to the U.S. for study. They struck gold: parts inside an IBM Selectric typewriter had been cleverly duplicated but rigged to transmit the typist’s keystrokes. The typewriter still worked, but it also quietly broadcast the keystrokes, using Soviet over-the-air TV signals as a form of electronic camouflage. It was in effect a non-digital form of the keylogging malware that hackers install on PCs.

Robert W. Lucky:

A solid aluminum bar, part of the structural support of the typewriter, had been replaced with one that looked identical but was hollow. Inside the cavity was a circuit board and six magnetometers. The magnetometers sensed movements of tiny magnets that had been embedded in the transposers that moved the typing “golf ball” into position for striking a given letter.

Other components of the typewriters, such as springs and screws, had been repurposed to deliver power to the hidden circuits and to act as antennas. Keystroke information was stored and sent in encrypted burst transmissions that hopped across multiple frequencies.


Why Wireless Networks Pose No Known Health Risk

Glenn Fleishman:

More recently, the Chicago Tribune published the results of testing from a firm it had hired to check if emissions from modern smartphones truly fell below FCC safety limits. In those tests, many appeared to exceed regulatory limits. The Tribune didn’t overstate its results, but the bottom line was, more or less, positing that smartphone makers were all deceiving the FCC and the general public. This plays into our fears, even though the work was presented rigorously. (Smartphone makers dispute the methodology of the testing; the Tribune stands by its research. Regardless, there’s a big difference between detecting higher-than-approved emission levels and proving a link between those levels and cancer.)


To achieve the promised high rates of speed and serve new categories of devices, 5G networks will draw from a much broader range of frequencies, some far higher (or shorter) wavelengths than current technologies. And many times as many base stations will need to be deployed.

But the newness and differentness of 5G don’t matter. Whether we’re talking about 5G, 4G, 3G, Wi-Fi, or other consumer-level wireless technologies, the sum total of results from many studies and many years of research paints a straightforward picture—there’s nothing to worry about.

Bluetooth LE Audio

Bluetooth SIG (MacRumors, Hacker News):

As the names suggest, Classic Audio operates on the Bluetooth Classic radio while LE Audio operates on the Bluetooth Low Energy radio.


LE Audio will include a new high-quality, low-power audio codec, the Low Complexity Communications Codec (LC3). Providing high quality even at low data rates, LC3 will bring tremendous flexibility to developers, allowing them to make better design tradeoffs between key product attributes such as audio quality and power consumption.


LE Audio will enable the development of Bluetooth hearing aids that bring all the benefits of Bluetooth audio to the growing number of people with hearing loss.


LE Audio will also add Broadcast Audio, enabling an audio source device to broadcast one or more audio streams to an unlimited number of audio sink devices. Broadcast Audio opens significant new opportunities for innovation, including the enablement of a new Bluetooth use case, Audio Sharing.

Andrew Liszewski (via John Gordon):

[One] of the biggest improvements it will include will be a feature called Multi-Stream Audio. Bluetooth is currently limited to streaming audio to just a single device. That’s fine for portable speakers and headphones where both sides are connected with a wire, but for wireless earbuds, such as Apple’s AirPods, your smartphone can actually only connect to one side. That earbud then has to forward the audio stream onto the one in your other ear, which requires some clever software tricks to ensure everything remains in sync.

Tuesday, January 14, 2020

Low Power Mode for Mac Laptops

Marco Arment (tweet):

In light of today’s rumor that a Pro Mode may be coming that seems to offer benefits in the opposite direction, I wanted to re-make the case for a Low Power Mode on macOS — and explain why now is the time.


Apple’s customers don’t usually have control over these balances, and they’re usually fixed at design time with little opportunity to adapt to changing circumstances or customer priorities.


Turbo Boost Switcher Pro relies on a kernel extension that’s grandfathered into Apple’s latest security requirements, but it can never be updated — and when macOS Catalina loads it for the first time, it warns that it’ll be “incompatible with a future version of macOS.” I suspect that this is the last year I’ll get to run the latest OS and be able to turn off Turbo Boost at will, making all of my future laptop usage significantly worse.


Update (2020-01-24): John Gruber:

Note too that iOS’s Low Power Mode is for iPhones only — iPads don’t have it. That bodes poorly for the odds of a Low Power Mode for MacBooks — it feels like a feature Apple believes is needed only for phones.

Jason Snell:

I’m all for the idea of a low-power mode for Macs, and it’s a bit perplexing to see Apple prioritize turning off all battery-saving features and cranking the fans over letting users maximize battery life.

I do have a wacky idea, though. (You knew I would.) What if Apple used the introduction of Pro Mode to adjust the default performance settings of macOS laptops?

Macro Arment:

My guess for why iPad doesn’t have Low Power mode:

An iPad’s CPU, where much of LPM’s savings comes from (downclocking, avoiding background tasks) is a much smaller percentage of its power usage than its (way larger) screen.

Same isn’t true for laptops.

See also: MacRumors.

Kyle Howells:

A real “Pro Mode” would disable the ridiculous sandboxing, permission dialogs and restrictions.

But developers wouldn’t really be able to use it, if they wanted to dogfood their own apps.

Jeff Johnson:

I’ve learned that Apple engineers have internal tools which allow them to delete macl xattr as well as to bypass other Catalina privacy and sandbox protections without rebooting and disabling SIP.

Inside Apple they don’t suffer the same problems as external users and developers.

That would help explain why they aren’t catching the security/privacy protection bugs before release.


The Security of Safari Extensions

Jeff Johnson:

Every Safari extension that runs JavaScript — in other words, almost every Safari extension — will have these same warnings, so what are users supposed to do with the warnings? Avoid Safari extensions entirely? Then why does Apple provide a developer API for Safari extensions, if they aren’t meant to be used? Why are Safari extensions available in the Mac App Store? Why does Apple advertise that they’re available in the Mac App Store? You get the feeling that different teams within Apple are not on the same page here, and they’re giving unhelpful mixed messages to users.


In general, my view is that you shouldn’t install software on your Mac unless you trust the developer. You can’t rely on the system to protect you from malicious software, because there are always vulnerabilities and ways to get around the system.

It’s a recurring theme. Without the scary warning, Apple gets blamed for any problems. With the warning, developers blame Apple for scaring customers away from their products, and if anything bad happens everyone blames the customer for ignoring the warning that they had no way to evaluate.


Aerial Screensaver and Catalina

Guillaume Louel (via Tanner Bennett):

In macOS Catalina, 3rd party screensavers are now running in a sandboxed container which limits everything. As of right now there are no workarounds for many of the restrictions.


Aerial can only write in the legacyScreenSaver.appex sandbox container, which means in Catalina, JSON files and videos can only be downloaded in ~/Library/Containers/ Support/Aerial. Aerial can still read (only) the rest of your system disk so you can still store the videos in another folder after they are downloaded by manually setting the Cache. But Aerial cannot download videos to this cache.


Your cache may be wiped by the Catalina installer


[Because] a screen saver is not an app (we are a plugin run by legacyScreenSaver) we can’t ask for entitlements for, say, accessing filesystem.


Some (not all) of Apple screensavers are now bundled as an .appex too, with their own permissions. As far as I know that format is still not documented to this day nor available to 3rd parties.


Update (2020-01-24): Dennis:

Yesterday I thought it would be a good idea to clean up my certificates under Turned out I broke everything since it broke the notarized binary. Guess I need to pay forever too support it.

The Dark Side of Dark Mode and Night Shift

Adam Engst (tweet, Hacker News):

Unfortunately, Apple’s marketing claims about Dark Mode’s benefits fly in the face of the science of human visual perception. Except in extraordinary situations, Dark Mode is not easy on the eyes, in any way. The human eyes and brain prefer dark-on-light, and reversing that forces them to work harder to read text, parse controls, and comprehend what you’re seeing.


In the scientific literature, black on white is called “positive polarity,” whereas white on black is called “negative polarity.” Numerous studies over decades of research have found that positive polarity displays provide improved performance in a variety of areas.


When there’s a mismatch between the two—the screen is too dim outside or too bright inside—it’s hard to look at. That’s why Apple implemented automatic brightness control in iOS (find it in Settings > General > Accessibility > Display Accommodations) to reduce the screen brightness when you’re reading in a dark bedroom and increase it when you’re trying to take a picture on a sunny day.

I haven’t personally found any use for Dark Mode on my Mac. I don’t like the way it looks, and it feels like it slows me down. I have always preferred light text on a dark background for code, though. My sense is that this is not because I like light-on-dark better than dark-on-light for the primary text, but rather because most of the other colors work better on a dark background. With multi-color themes, the secondary colors tend to be easier to see on a dark background.

I don’t like how Dark Mode looks on iOS, either, except that I’ve always preferred Tweetbot in dark. I also like to run OmniFocus in dark so that the screen isn’t so bright if I’m making a note at night. Automatic brightness control just doesn’t cut it.

I continue to like Night Shift.

Jonathan Wight:

Giving on up dark mode.

Don’t like.

I get double vision due to my eye condition on most text and in almost all dark mode implementations it’s far more pronounced.

John Gruber found that Dark Mode helps with his eye condition.

Chance Miller:

These features are designed to change the temperature and color of your display based on what time of day it is. New research suggests, however, that features designed to reduce blue light before bedtime might not be as effective as initially thought.


Update (2020-06-05): Isaiah Carew:

i’ve been using the pseudo-dark mode in the accessibility controls for years. on the mac too.

i don’t care what the studies say, it is one of the few things that has made a noticeable difference in my dyslexia.

dyslexic fonts and retina monitors are pretty great too.

Update (2020-11-27): Kev Quirk (via Greg Hurrell, Hacker News):

According to the reading I’ve done, dark mode isn’t easier to read and it doesn’t prevent eye strain. However, in very specific circumstances it can improve battery life.

I’m sure there are people out there who genuinely need dark mode for a specific health condition. For that reason, there will continue to be a dark mode on this site.

But if you’re like me, and just prefer dark mode, you may be making things more difficult for yourself and actually damaging your eyes in the long run.

Monday, January 13, 2020

macOS Filename Homoglyphs Revisited

Adam Chester (tweet):

Last year I posted a few tricks to help when targeting MacOS users, and included a technique useful for spoofing file extensions with the aim of taking advantage of Finder’s removal of the .app extension from certain filenames.

A few weeks ago I was about to use this on an engagement and found that Apple had patched the tricks presented previously. While this was frustrating for me as an attacker, it did provide an opportunity to dig into the fix, understand just how filenames are now being sanitised by MacOS Catalina, and see if I could bypass this again.

See also: Howard Oakley.

Lambda the Ultimate Pattern Factory

thma (via Heath Matlock):

One of my earliest findings was that several of the GoF-Patterns had a stark resemblance of structures that are built into in functional languages: for instance the strategy pattern corresponds to higher order functions in fp[…]

Recently, while re-reading through the Typeclassopedia I thought it would be a good exercise to map the structure of software design-patterns to the concepts found in the Haskell type class library and in functional programming in general.

iPod and Other History via Tony Fadell

Tony Fadell:

It took 4+ yrs to ship Magic Cap v1.0 - our leaders wanted to avoid making the same mistakes they had made with MacOS v1.0 We all learned how important it is to stick to a schedule. The “new” internet crushed GM. Real artists ship - fast & iterate fast!

Tony Fadell:

The real reason why iPod & iPhone were successful was based on the market timing & the complete ground up design (HW+SW) That said, I pushed to ship the 1st iPod in <10 months. Long timelines are the death of daring projects inside (struggling) companies. We even surprised SJ!

Tony Fadell:

[The small Toshiba hard drive] was a critical component no doubt. But even more important was the “exclusive supply” agreement I/we negotiated to enable us to get the hdd for 3+ years before any of our competitors could… Toshiba didn’t think MP3 players were a big market - they thought it was laptops.

Benedict Evans:

At 3GSM in 2005 a Motorola exec explained to me how hard they were working to put an HDD into a phone to compete with you. Six months later the Nano came out...

Tony Fadell:

I bet the whole product & business on a processor from a tiny unknown startup who had failed once to deliver. Most big companies would NEVER do such a risky thing.

Tony Fadell:

Design + HW + SW + App (then later + Content)

But even more importantly - continually introducing new products at lower price points while adding new features at the high end. That was the way iPod locked up the market with consumers.

Tony Fadell:

Many sleepless nights worrying about Sony. It was one of my biggest questions I asked Steve during the first pitch “Sony owns every audio market category.…”

MSFT - no worries - they weren’t a SW+HW innovator like they are today. I would worry about them now however.

Tony Fadell:

I was at the starting point of first 18 gens of iPod that shipped (& a few generations that didn’t ship). Was a team effort, but mainly technology driven since we could only deliver what we could push the tech to do.

You are defined by what you do & also by what you don’t do.

Tony Fadell:

I remember the day when Steve called me to the Board Room to personally sign a $4B purchase order for Samsung Flash for the Nano. “Are you sure we are ordering the right stuff? It’s going to work, right?” It was the biggest single order Apple had ever placed at the time.

Tony Fadell:

iPod Nano, yet-to-be-launched, was about to use >40% of the world’s flash. Samsung would build new factories to support our, what we hoped, incredible sales volume.

Tony Fadell:

Sony Corp was too concerned about the declining CD music sales in the Sony Music Entertainment business. They didn’t want to appear to embrace MP3s - since that implied the music was stolen. Corporate politics. Reminds me of Kodak who invented the digital camera…

Tony Fadell:

Luckily our good friend @waltmossberg helped us (or should I say “convinced the non-believer, Steve”) make the (highly religious) decision ship the iPod for PC!

Walt Mossberg:

Just to be clear: I had no agenda, owned no Apple or Microsoft stock and took no money or goods from either. As I recall, Jobs and I were in the middle of a long chat, and he asked what I thought of putting iTunes on Windows. I asked if he was considering it. He said yes.

I merely said two true things: (a) some readers had been emailing me to ask if this was going to happen and (b) there was a low upper limit to Mac owners. I wasn’t trying to “convince” him and left thinking only that I’d learned, off the record, that he was considering it.

Steve Jarrett:

We started working on Windows sync earlier, right after xpod. There even was a secret iPod Windows Connectivity SDK for any app to sync. MusicMatch used that. Steve changed his mind, killed the SDK, and decided instead to port iTunes to Windows. Fateful.

Walt Mossberg:

I recall him actually asking me if MusicMatch was a good Windows app. I said yes and pointed out that I had given it favorable reviews in my column. I had the impression he was going to sort of designate it as the Windows software for the iPod.

Tony Fadell:

This was the exact conversation I referred to & that @waltmossberg didn’t know about. Afterwards we committed to shipping iPod on the PC… the rest is history.

This was Steve’s way of settling this highly contentious decision. He didn’t want to say YES to us & we wouldn’t take NO from him. So SJ said, well let’s get someone external, who we trust, to help us get to the right answer…


What do you get when the creators of the Macintosh, iPod, Android, Ebay, Linked In, Nest, Flash, and the future CTO of the United States try to invent the iPhone a decade before its time? General Magic was a spin-off of Apple tasked with creating the ultimate personal digital assistant. It failed. Filmmakers Matt Maude and Sarah Kerruish join Leo Laporte to talk about their new documentary, General Magic, which chronicles the rise and fall of the greatest failed company in Silicon Valley.

See also: Tony Fadell on The Tim Ferriss Show (tweet).


Friday, January 10, 2020

Project Zero Remote iPhone Exploitation

Samuel Groß (Hacker News):

This is the first blog post in a three-part series that will detail how a vulnerability in iMessage can be exploited remotely without any user interaction on iOS 12.4 (fixed in iOS 12.4.1 in August 2019).


This research was mainly motivated by the following question: given only a remote memory corruption vulnerability, is it possible to achieve remote code execution on an iPhone without further vulnerabilities and without any form of user interaction? This blog post series shows that this is in fact possible.


For the purpose of this blog post series, it is important to realize that a vulnerability in the NSKeyedUnarchiver API can generally be triggered in two different contexts: in the sandboxed imagent and in the unsandboxed SpringBoard process (which manages the main iOS UI, including the homescreen).

Samuel Groß (Hacker News):

The initial primitive gained from the vulnerability is an absolute address dereference in which the read value is afterwards used as an ObjC object. As such, some knowledge of the target address space is required in order to exploit this vulnerability for remote code execution. This blog post describes a way to defeat ASLR remotely without any additional information disclosure vulnerabilities.

First off, the effectiveness of an old technique, heap spraying, is evaluated. Afterwards, a technique is described through which it is possible to infer the base address of the dyld shared cache region given only a memory corruption bug. The released code implements the presented attack and can infer the shared cache base address remotely on vulnerable devices within a couple of minutes.

Samuel Groß (Hacker News):

At this point, ASLR has been broken as the shared cache’s base address is known and controlled data can be placed at a known address with the heap spray. What remains is to exploit the vulnerability one more time to gain code execution.

After a short introduction to some relevant ObjC internals, an exploit for devices without pointer authentication (PAC) will be outlined. It involves creating code pointers, so it no longer works with pointer authentication enabled. Afterwards, a different exploit that works against PAC and non-PAC devices will be presented. Finally, a technique to chain the presented attack with a kernel exploit, which involves implementing the kernel exploit in JavaScript, will be shown.


Observing Appearance Changes

Jesse Squires:

I needed to get notified when the system appearance changed. On iOS, this is very straight-forward and a first-class API. On iOS 13, the interface style is part of UITraitCollection.


[On macOS,] you can KVO on NSApp.effectiveappearance. […] Using KVO still does not feel great, but this is the best solution I could find without having an explicit API like iOS.


KVO, My Enemy

Brent Simmons:

One of the keys to the stability of the shipping versions of NetNewsWire is that we don’t allow KVO (Key-Value Observing).

KVO is a false convenience — it’s often easier than setting up a delegate or old-fashioned notification. But to use KVO is to just ask for your app to crash.

And not just crash, but crash in hard-to-figure-out ways.

Drew McCormack:

As others point out, there are a bunch of issues with the FeedlyOperation class, such as the isAsynchronous override, and not changing to the final state atomically. But I think maybe the biggest problem is the use of Swift key paths. Not sure if that should be supported, but in my testing, it doesn’t work. Changing to strings for the key paths fixed things for me.

I’m not sure what the issue is—perhaps a Swift bug or incorrect property declarations so that there’s disagreement about whether is is part of the property name—but Swift key paths seem to be a common source of problems.

Brent Simmons:

We’re going to write a replacement for OperationQueue.


Update (2020-01-24): Adam Maxwell:

If @brentsimmons is writing an NSOperationQueue replacement, I did that a few years ago, for deployment to Leopard.

Brent Simmons (tweet):

We fixed our mystery KVO crash by writing a replacement for OperationQueue.


MainThreadOperationQueue and MainThreadOperation are part of our RSCore framework.

How to Downgrade a New Mac to Mojave From Catalina

Armin Briegel:

Apple has started shipping Mac models that used to come with Mojave pre-installed with Catalina. If your organization has blockers for Catalina (incompatible software, etc.) you may want to install Mojave on these Macs. Unfortunately, this is not so easy.


Directly downgrading from Catalina to Mojave with the startosinstall --eraseinstall command will fail. Attempts to run the Mojave installer from a Catalina Recovery (local or Internet) will also fail. The reason seems to be that the Mojave Installer application chokes on some aspect of Catalina APFS.


The solution requires a Mojave Installer USB disk.


To boot a new Mac with a T2 chip off an external drive, you need to allow external boot from the Security Utility in the Recovery partition.

Via Josh Centers:

We’re still hesitant to recommend upgrading to Catalina, particularly if you use Mail, since reports of email data loss continue.

I continue to receive reports of Mail messages lost when upgrading/migrating/rebuilding and when moving messages between mailboxes (particularly between different accounts). There also seem to be a bunch of new crashing bugs affecting Exchange users, as well as problems with messages not moving (but, thankfully, not disappearing either). Yet many customers are also using Catalina without these issues. It’s not yet clear why some are affected and others aren’t, but it’s good to know that downgrading is possible (unless you have a 16-inch MacBook Pro or a 2019 Mac Pro).


Thursday, January 9, 2020

End & Accept, Decline, Hold & Accept

Brenden Mulligan, on the three choices given when you’re on an iPhone call and a new call comes in:

These options break my brain every time.

iOS 11

The issues:

1. It’s unnecessary decision making in the 10 seconds before the new call goes to voicemail

2. It’s too specific about what’s going to happen to the current call


This is an interesting one because you don’t see this in a stress free state. You see it while juggling at least one other task, and you have time pressures, etc. and you don’t see this UI very often.

I find this confusing, too. One issue is that the language isn’t parallel. In two of the choices, the first word applies to the current call, but in the other one it applies to the new call. Keeping the current structure, I think it would be clearer to have either:

I also find the icons too hard to interpret quickly. One issue is that the red circle with the hung-up phone doesn’t mean the same thing in both cases.

Shekhar Somani:

[This] screen breaks the muscle memory. We don’t panic when the first call arrives because there are two clear options (if the phone is unlocked) – Accept on the right and Decline on the left.

Whereas, now Decline is in the middle.

John Gruber:

[It’s] the same exact location as the big red end button that does end the current call before (and after) the incoming call arrives.

Willi Kampmann:

The big red phone button in the middle is deeply encoded into my brain as “end call”. I’d rather see a big X or sth to signify declining another call.

John Gruber:

Took me a while to find it, but I knew in my gut that Apple had completely knocked this one out of the park — in 2007.

iOS 1


Watching and listening to the incoming call in the video, it is even more clear. You have a thing — the current call. The current call has an End Call button. A new thing arrives — the incoming call. Two options for new thing that don’t end the existing thing are grouped.

This is so much better. No confusing icons, and the red button consistently means to end the current call.

Update (2021-12-13): Panagis Galiatsatos:

Why count backwards by 7 when this is the true test of attention and cognition 🤦🏻‍♂️

Update (2023-01-05): See also: Felix Krause.

Dark Patterns on Travel Websites

Chris Baraniuk:

Being a cyber-security researcher, she was familiar with web code so she decided to examine how OneTravel displayed its web pages. (Anyone can do this by using the “inspect” function on web browsers like Firefox and Chrome.) After a little bit of digging she made a startling discovery – the number wasn’t genuine. The OneTravel web page she was browsing was simply designed to claim that between 28 and 45 people were viewing a flight at any given moment. The exact figure was chosen at random.

Via Nick Heer:

Also, many of the biggest travel booking websites are owned by just a couple of companies: Bookings Holdings runs, Priceline, Kayak, and Cheapflights; the Expedia Group owns Expedia,, Hotwire, Orbitz, Travelocity, and Trivago. Each group shares the same inventory, and they all use the same tactics. Users simultaneously get the impression that they’re shopping around and competing with other users, when neither is true.

Front and Center 1.0.1

John Siracusa (tweet):

In classic, when you click on a window that belongs to an application that’s not currently active, all the windows that belong to that application come to the front. In Mac OS X (and macOS), only the window that you click comes to the front.


Sadly, macOS Catalina’s lack of support for 32-bit apps finally killed the last of the apps that implemented this feature. I was alone in a cold, barren world where I had to click on a Dock icon to switch to an app and bring all its windows to the front.

His Front and Center app lets you choose the classic behavior or, as I prefer, choose the modern behavior and selectively override it by holding down the Shift key when you do want all the windows. There are ways to do this without the app:

But a modified click is more elegant.

Lee Fyock:

Gus knew of a deprecated API that does the process-switching much more efficiently, that doesn’t exhibit the same bug, and makes the code much simpler. Given that the impetus of writing the app was to make the 32-bit to 64-bit transition cleanly, I wasn’t a fan of using an API that had been deprecated in OS X 10.9, but it works well.

Carbon for the win. I, too, have had issues with the newer process APIs.


Update (2020-01-10): John Gruber:

So why Shift-click? There really wasn’t any choice — the other single modifier keys are all spoken for by the system.

See also: Accidental Tech Podcast.

Wednesday, January 8, 2020


Federico Viticci:

Like the aforementioned Shortcuts utilities, LaunchCuts was born of its developer’s frustration with the lack of folders in Shortcuts – a basic feature that is still bafflingly absent from the app in 2020.


LaunchCuts can only read data from your local Shortcuts library by running an additional helper shortcut inside the Shortcuts app. This shortcut is based on an advanced technique that uses the native, Apple-developed ‘Get My Shortcuts’ action to generate a list of all your installed shortcuts and extract metadata from each. I’m oversimplifying what the LaunchCuts Helper does, but, essentially, the shortcut scans the entire contents of the Shortcuts app and parses details such as the names of your shortcuts, their colors and glyphs, whether you’re using them as widgets or action extensions in the share sheet, and even the contents of certain actions contained inside them (more on this later).


There are caveats to this approach. In addition to being dependent on a technique that Apple may easily close off in the future (see footnote above), it means you’ll need to run the LaunchCuts Helper shortcut manually and periodically to give the LaunchCuts app a fresh database with your latest shortcuts and modifications to existing ones.

Twitter Will Add Options to Limit Replies

Dieter Bohn (via MacRumors):

Xie says Twitter is adding a new setting for “conversation participants” right on the compose screen. It has four options: “Global, Group, Panel, and Statement.” Global lets anybody reply, Group is for people you follow and mention, Panel is people you specifically mention in the tweet, and Statement simply allows you to post a tweet and receive no replies.

“Getting ratio’d, getting dunked on, the dynamics that happen that we think aren’t as healthy are definitely part of ... our thinking about this,” Xie says. When asked if there’s a concern if the ability to limit replies could mean misinformation couldn’t be as easily rebutted, Xie gestured to the ability to quote tweet as one possible resolution, but it’s “something we’re going to be watching really closely as we experiment.”

I don’t see how quote tweets would really help with that problem, since people would have no way of finding them.


Update (2020-01-10): Mike Rockwell:

I mean, this does seem incredibly easy to bypass. Presumably, you could simply mention the person who published the Statement and not give your tweet the reply distinction. You could also just add a link to the statement to specifically reference what you’re “replying” to.

Benjamin Mayo:

Brands are definitely going to be making use out of the Statements mode. Below almost every brand tweet I see, often when the brand has paid for the tweet to be promoted to a wider audience, are replies from people complaining about something about the company’s products that is completely unrelated to the tweet content.


A Statement option would close that hole and make promoted posts much more like traditional display advertising. A public placard with no interaction.

Separately, I think Twitter certainly risks losing some of its ‘community’ if all celebrities suddenly switch to posting in Statement mode and thereby hiding all reactions to their tweets. I find a lot of the fun of Twitter is that feeling of everyone being able to jump in the same conversation.

Chosen-Prefix Collision for SHA-1

SHA-1 is a Shambles (via Hacker News):

We have computed the very first chosen-prefix collision for SHA-1. In a nutshell, this means a complete and practical break of the SHA-1 hash function, with dangerous practical implications if you are still using this hash function. To put it in another way: all attacks that are practical on MD5 are now also practical on SHA-1. Check our paper here for more details.

See also: Bruce Schneier.


Update (2020-01-10): Git has been working on the SHA-1 problem since 2017, but it seems like the default behavior is still to use it. Here’s some information on the efforts. A recent post on the Git mailing list about the chosen-prefix collision did not generate much interest or a definitive statement.

Xcode Preview Snips

Jordan Morgan:

Look, you know where I’m going with this. If you’ve adopted SwiftUI (or even if you haven’t - view controllers apply here too) then you know Xcode Previews are more than a time saver. They are a fork in the road. There’s no going back once you get hooked on that instant feedback.

Today, I’ll share a few quick snips of my go-to previews. Some of these are already well known, tweeted and blogged about - but my topic for this post is my favorite things to use with PreviewProvider, so I’ve included them anyways for posterity’s sake. Let’s take a look.

Tuesday, January 7, 2020

Ten Years of Apple on One Page

Benjamin Mayo:

Apple entered the 2010s just as the iPhone began to explode in popularity. The iPhone became the most successful consumer product, ever. Sales surged for another five years and still make up a majority of Apple’s revenues.


In an on-stage interview a couple months after the iPad was released, Jobs told Walt Mossberg and Kara Swisher his vision of the future of the computer industry, comparing PCs to ‘specialist’ trucks and iPads to mainstream cars.


The first-generation MacBook Air was sleek but slow and expensive. Apple’s second stab at the ultrabook was a huge success.


iCloud is now a foundational feature across all of Apple’s platforms but it didn’t start to become a thing until 2011 with iOS 5.


Apple brought Retina to the iPhone in 2010 but it took another two years for the high-density screens to make their way to the iPad and the Mac.


The culmination of Jobs demise, Forstall’s ousting and Ive’s new found mandate over all of Apple human interface resulted in iOS 7. Apple redesigned the entire aesthetic of its mobile operating system in about eight months.


Swift debuted with big ambitions to be a universal programming language spanning app development to low-level systems programming, with expressive syntax and more safety guarantees than Objective-C could provide, whilst also pushing for bare metal performance and efficiency goals.


The 15-inch MacBook Pro was the straw that broke the camel’s back, as far as Apple’s alignment with the professional market. It would begin to rectify the relationship and appeal of its pro products in 2017 but a ‘truly great’ MacBook Pro would not be available for another three years.


As a financial event, this would just be an amusing statistic of history but of course this result had ramifications on Apple’s product plans. Apple doubled down on Services initiatives as a way to show investors underlying long-term growth potential in its business.


OpenDrop (via André Staltz):

OpenDrop is a command-line tool that allows sharing files between devices directly over Wi-Fi. Its unique feature is that it is protocol-compatible with Apple AirDrop which allows to share files with Apple devices running iOS and macOS. Currently (and probably also for the foreseeable future), OpenDrop only supports sending to Apple devices that are discoverable by everybody as the default contacts only mode requires Apple-signed certificates.


OpenDrop is experimental software and is the result of reverse engineering efforts by the Open Wireless Link project.

Safari’s “Reload Page From Origin”

Jeff Johnson (tweet):

It turns out that “Reload Page” does not actually reload the page in the way you expect. I’m not sure exactly what “Reload Page” does, but it still seems to rely on the disk cache. If you hold down the option key, you see “Reload Page” replaced in the menu by “Reload Page From Origin”, which is the reload you expect, the one that ignores the disk cache and loads everything again from the web.

I’m not sure how to do this in iOS. I thought may be a long-press would give me options, but it doesn’t.

I wish that Safari would take a cue from Firefox and Google Chrome in allowing fine-grained control over cookies. Safari has per-site preferences for Auto-Play, Downloads, Notifications, etc., but it doesn’t have per-site preferences for cookies. Compare with Firefox and Google Chrome shown below. The best feature they have is to clear cookies when you quit the app, a feature I wish that Safari would adopt too.

See also: Melissa Holt.

Monday, January 6, 2020

Mystery Scrollwheel Crash

Brent Simmons:

For NetNewsWire for Mac, I get one or two crash logs a week referencing scrollView:​scrollWheelWithEvent:.

Here’s the bug for it.

I’ve been getting these crashes in my app, too, but only on macOS 10.14. On previous macOS versions, the app is not using responsive scrolling. And I’ve yet to see this crash from anyone using macOS 10.15. I’ve never seen it on my Macs.

Beware Spinlocks in User Space

Malte Skarupke (via Shantonu Sen, Niels Broekhuijsen):

I overheard somebody at work complaining about mysterious stalls while porting Rage 2 to Stadia. […] The only thing those mysterious stalls had in common was that they were all using spinlocks. I was curious about that because I happened to be the person who wrote the spinlock we were using. The problem was that there was a thread that spent several milliseconds trying to acquire a spinlock at a time when no other thread was holding the spinlock. Let me repeat that: The spinlock was free to take yet a thread took multiple milliseconds to acquire it. […] In our case we were able to make the problem go away by replacing spinlocks with mutexes, but that leads to the question: How do you even measure whether a spinlock is better than a mutex, and what makes a good spinlock?

Linus Torvalds (Hacker News):

So now you still hold the lock, but you got scheduled away from the CPU, because you had used up your time slice. The “current time” you read is basically now stale, and has nothing to do with the (future) time when you are actually going to release the lock.

Somebody else comes in and wants that “spinlock”, and that somebody will now spin for a long while, since nobody is releasing it - it’s still held by that other thread entirely that was just scheduled out. At some point, the scheduler says “ok, now you’ve used your time slice”, and schedules the original thread, and now the lock is actually released. Then another thread comes in, gets the lock again, and then it looks at the time and says “oh, a long time passed without the lock being held at all”.


You’re just getting random values because different schedulers have different heuristics for “do I want to let CPU bound processes use long time slices or not”?


Notice, how when the author uses an actual std::mutex, things just work fairly well, and regardless of scheduler. Because now you’re doing what you’re supposed to do. Yeah, the timing values might still be off - bad luck is bad luck - but at least now the scheduler is aware that you’re “spinning” on a lock.

Malte Skarupke:

Once we break it down like that we realize that actually these are all the same case. In all of these cases one thread can run, all others are calling yield(). The only difference between the case that I wanted to measure and the other two accidental cases is whether the scheduler is incorrectly not running thread C or incorrectly not running thread N. In either case all other fifteen threads are just calling yield().

So your claim is that it’s a problem that I try to measure how long it takes for thread N to run even though I might accidentally be measuring how long it takes for thread C to run. But I claim that that’s fine because these are all equally problematic. One thread could run, all other threads are yielding, yet that one thread is not running. And we don’t care whether the thread that could run is thread N or thread C.

Linus Torvalds:

The problem with that is “yield” is pretty much undefined. The definition of it is literally about single queue of a real-time behavior with a real-time scheduler with priorities.


What you want to use it for is “schedule the right process”. But you don’t even know what the right process is, or if you do you don’t tell the system (because sched_yield() literally doesn’t have that interface), so the kernel has to guess.


Testing the 2019 Mac Pro and Pro Display XDR

Lloyd Chambers:

Thus my updated advice is to buy ONLY a 16-core (or 24/28 core if warranted). An 8-core or 12-core Mac Pro is marginal in terms of CPU performance relative to the 2019 iMac 5K.

My testing shows that for single-threaded stuff, a CPU core in the 16-core 2019 Mac Pro is up to 30% slower per core than the 2019 iMac 5K.


I’m an app developer/designer and recently got a new mac pro for my business and wanted to see how it stacked up with my other machines. The results are interesting; the Mac Pro does not do so hot when making clean compiles, but does deliver consistently faster incremental builds.


It seems the best bang for your buck right now when it comes to compiling projects is the Mac mini. I’m certainly disappointed in the Mac Pro results, especially since it seems that Xcode completely pegs all the 16 cores during a compile, but even at 3.2GHz fails to outperform a 3.0 GHZ i5 with 6 cores.

Note that these tests were performed with Xcode 10.3 rather than Xcode 11.

Juan Salvo:

For folks considering the Apple Pro XDR monitor as a reference screen. Here is it, side by side with a couple of actual reference monitors.


Like the 310K the XDR uses local dimming zones. 576 of them to be exact. So a grid of 32x18. Now there’s a lot of factors to how effectively they zone. But 576 is not very many zones and the result is that you can clearly see the haloing.


Update (2020-01-07): Mike Rundle:

At the XDR display introduction event, Apple did go out of their way to compare it to reference monitors that cost $30-50K, so this is a fair comparison.

Vitaly Ishkulov:

Apple’s 1:1,000,000 contrast ratio on the new Pro Display XDR. It’s just a white line on a black canvas. Also see the glow around the perimeter of the canvas.

Update (2020-01-10): Quinn Nelson:

I’ve only been using the ProDisplay XDR for a day, but I’m getting pretty extreme color and light roll-off in all four corners of the display. Almost like vignetting. When I readjust my head it’s fine, but viewing angles on this monitor are not very good which is disappointing.

I will say however that even though I didn’t opt for the +$1,000 matte option, this “glossy” option is very much not glossy. The glare is unbelievably low and makes my iMac Pro look like a mirror. I hope Apple brings this across the entire Mac lineup. It’s awesome.

Quinn Nelson:

I, for one, am glad that Apple doesn’t include the Pro Stand in the price of the ProDisplay XDR (as many have said Apple should have done) because I don’t think it’s actually a very great stand and anybody buying the monitor should VESA mount it instead.

Quinn Nelson:

Tilt doesn’t lock to perfect 180 deg and the tilt radius is not even. Tilts way more to the left than to the right. No height adjustability in vertical position sucks. No axis control.

Update (2020-02-06): lutaround:

Source is the XDR is exhibiting some serious early signs of... marketing #apple #xdr #display #poor

Quinn Nelson:

Viewing angles are so bad that you get corner vignetting looking head on. That’s the most disappointing part to me. It messes with the light roll off and color even!

Juli Clover:

PCMag this week published its full review of the Pro Display XDR, doing a deep dive into its color accuracy and HDR capabilities.


In a nutshell, PCMag believes that the Pro Display XDR successfully does what it was meant to do, offer up “reference-quality production capabilities” to those who work on Macs. “The Pro Display XDR is a beautifully made, well-designed, hyper-accurate content creation monitor that--say it with me now--‘just works,’” reads the review.

Update (2020-02-14): Oliver Haslam:

Teoh has a great YouTube channel where he reviews displays and TVs, with technical analysis married with more subjective reporting. So when he turned his attention to Pro Display XDR I knew things could get interesting. And that’s exactly what happened when Teoh compared the display with Sony’s $43,000 monitor.

At first, you might think that’s unfair. Pro Display XDR might be costly at $4,999, but it’s a fraction of the cost of Sony’s own reference monitor. But this is the same monitor Apple called out at WWDC when it first announced Pro Display XDR. And it made a big song and dance about the new screen being “the world’s best pro display”. So, is it?

Update (2020-02-26): Craig A. Hunter:

Apple was kind enough to lend me a 28-core Mac Pro, decked out with a 2.5GHz Intel Xeon W (turbo boost to 4.4GHz) having a single 38.5MB L3 cache, 1MB L2 cache per core, 384GB of 2933MHz DDR4 ECC memory, a 4TB SSD, and two AMD Radeon Pro Vega II Duo 2x32GB graphics cards (each with two GPUs, for a total of four GPUs). Priced out on Apple’s website, this configuration goes for an eye-popping $31,199 ($10,800 of that is for the GPUs alone).


Whereas the iMac Pro tops out at 970 gigaflops with all 18 cores, the Mac Pro surpasses that level with just 13 cores and goes on to top out at 1.5 teraflops on 28 cores.


While running this test, all 28 cores were pegged at 100% for the full 42 minutes, but the Mac Pro’s fans never got loud, airflow never got excessive, and temperature stayed comfortable. The Mac Pro operated with a very quiet low frequency whoosh that is leagues ahead of similar workstations I have used, and would be well suited to an office environment.

Update (2020-02-28): Juli Clover:

As pointed out by MKBHD in a review published this morning, those super pricy wheels have no locking mechanism, which could be major problem if a wheel-equipped Mac Pro is placed on a desk or a slick floor.

Update (2020-03-12): Nilay Patel:

Because ultimately, that’s the story with the Mac Pro: the hardware is way, way ahead of software support. When we ran benchmark tests that pushed the GPUs, they turned in solid numbers, but so few apps were optimized to use Apple’s Metal graphics system that we basically never saw that performance in action during our day-to-day work.


In certain situations, the Mac Pro offered a clear speed boost by virtue of having so many more CPU cores than our other Macs, but you need apps that really take advantage of multithreading for that, and, well, Creative Cloud’s multithreaded performance is, at best, controversial. I mean, look, we tried to edit the video for this review on our Mac Pro using the full-res 4K video files in Premiere instead of lower-res proxies, and it dropped frames. That’s exactly the sort of thing Apple promotes the Mac Pro as being designed to overcome… if you’re using Final Cut Pro. You see the problem.


But in terms of bang for the buck, the PC trounced our Mac Pro. In nearly every benchmark save Premiere Pro playback tests, the PC came out ahead, and usually by significant margins. (We were not able to run After Effect benchmarks because the test suite gave us errors on the Mac Pro. Catalina!)

Update (2021-04-15): Sami Fathi:

Apple has adjusted the marketing of its high-end Pro Display XDR in the UK following complaints to the country’s Advertising Standards Authority that it was misleading customers.


Apple previously marketed the Pro Display XDR as featuring P3 wide color gamut without any caveats, however following the complaint, the company has added a footnote to the product page in the UK to indicate it “supports 99% of the P3 wide color gamut.”

No Home Videos in TV App

Jeff Richardson:

I found the solution after digging around for a while on Apple’s online support discussions.  It turns out that in iOS 10.2, you need to install something that you bought from iTunes before you can watch something that you transferred from a computer.  This is obviously a bug, but there is a work-around that you can use until Apple fixes this.  If you go to the bottom of the TV app and tap on the Store icon, you can scroll to the bottom to see buttons to press that will let you buy content from iTunes.  I recommend that you tap Free Episodes.  That opens up the iTunes app, and if you download anything — including something that is free — the TV app works.


Finally, I noticed that after I added more movie content to the iPhone, I would sometimes have to force quit the TV app and launch it again to see the additional downloaded content.

I tried this, but like some other users, I was never able to get it to work. iTunes says that the videos are on the iPhone, but they don’t show up and can’t be played. I eventually gave up and used iTunes to manually transfer them to the VLC app.


Chrome OS Has Stalled Out

David Ruddock (Hacker News):

Chrome’s problems really became apparent to me when Android app compatibility was introduced, around five years ago. (This also isn’t the first time we’ve pointed out that approach’s failings, Corbin did so in an editorial last year.) Getting Android apps to run on Chrome OS was simultaneously one of the Chrome team’s greatest achievements and one of its worst mistakes. In 2019, two things are more obvious than ever about the Android app situation on Chrome. The first is that the “build it and they will come” mantra never panned out. Developers never created an appreciable number of Android app experiences designed for Chrome (just as they never did for Android tablets). The second is that, quite frankly, Android apps are very bad on Chrome OS. Performance is highly variable, and interface bugs are basically unending because most of those apps were never designed for a point-and-click operating system. Sure, they crash less often than they did in the early days, but anyone saying that Android apps on Chrome OS are a good experience is delusional.


I say this even as one of the few people who can do 95% of my job on a Chromebook: that 5%, when you really, really need it, is more than enough reason to avoid a platform entirely. And for many others, it’s much more than 5%: it’s their entire workflow.

John Gruber:

The existence of the “Chrome OS can run Android apps” crutch has stunted Google’s motivation to push the platform forward to solve the remaining tasks that the platform isn’t suited for in ways that are truly native to Chrome.


20 Years Ago: Internet Explorer 5 and iTools

Jimmy Grewal (thread):

Today marks the twentieth anniversary of the introduction of Microsoft’s Internet Explorer 5 for Mac. This was both the most important release of Internet Explorer for the Mac, and the last release.


The standards compliant rendering engine for MacIE 5 was not shared with the Windows version. It was a new, independent code base designed from the ground up by @t and @sfalken to handle both existing web content and newer standards compliant content.


The UI of MacIE 5 was a major departure from any existing MS product, or for that matter any Mac software. Microsoft engineer @MafVosburgh hired UK based Nykris to design the iMac inspired “new look” as it was called internally. […] This “new look” had an uncanny resemblance to Apple’s later Aqua interface for Mac OS X. However it was developed in complete secrecy within Microsoft. When we previewed MacIE 5 with the “new look” to Apple in the Summer of 1999, Jobs was not pleased.


Media Toolbar was based on code licensed from the developers of SoundJam MP, a popular MP3 player. Unbeknownst to us, Steve Jobs too had his eye on SoundJam and it’s lead developer Jeff Robbin. Jobs insisted we cut this feature claiming it undermined QuickTime.


Traditionally, a Microsoft exec would come on stage to unveil and demo our products. In this case, Apple’s insisted that Jobs would do the demo himself. Talking points were agreed, but much to our dismay Jobs didn’t mention a single one.

I really liked Internet Explorer 4.5 for Mac OS 9. It rendered well and quickly and had a good user interface. Version 5 for Mac OS X also worked well, but the faux-Aqua interface and toolbar buttons never felt right to me, and—like nearly everything with 10.0—it felt slow.

Cabel Sasser:

I was a huge IE Mac fan. When they introduced support for .png with alpha — maybe the first browser to do so? — I built a DHTML (lol) Audion Face previewer that let you drag around the faces on our web page, and that really blew a lot of minds.

Bill Davis:

Apple’s original internet strategy turns 20 today. Who remembers iTools? I still use my email that I set up on January 5, 2000.

Update (2020-01-07): John Gruber:

What struck me about this demo is Jobs’s attention to minor UI details — like the fact that the Carbon IE 5 app used the same Aqua scrollbars as a Cocoa app. The pace and conversational tone — and the assumption that everyone watching cares as much as Jobs himself does about nitty-gritty UI details — feels very unlike a modern day Apple software demo. It’s easy to get sucked into the whole video, but the unveiling and demo of Apple Mail that follows has that same thing going for it.

Maf Vosburgh:

I devised and coded the Mac IE 5 media toolbar in the second half of 1999. The toolbar could stream music playlists or play video in a floating movie window, while you browsed the web. It had a lovely UI designed by Nikki Barton. It was cool.

Initially I got it working with QuickTime Streaming and then I got indie developer Jeff Robbin to write me a custom plugin to add support for SHOUTcast stream and decode (MP3 over HTTP), using bits of existing code from his app SoundJam. This was all working in 1999.


The weird thing is that the whole feature was basically a love letter to QuickTime Streaming with open standard SHOUTcast as an after-thought. The people up in Redmond wanted us to be implementing Video for Windows support instead and we didn't want to because we were Mac heads.

Update (2020-02-06): Jimmy Grewal:

I designed the MacIE 5 toolbar customization feature and was surprised when I saw the same implementation a year later in Mac OS X 10.0. Though @siracusa described it as “shamelessly reminiscent” of MacIE 5, I’m happy that it lives on in macOS and iOS.

Friday, January 3, 2020

The Mac Malware of 2019

Patrick Wardle:

I’ve decided to put together a blog post that comprehensively covers all the new Mac malware that appeared during the course of the year. While the specimens may have been briefly reported on before (i.e. by the AV company that discovered them), this blog aims to cumulatively and comprehensively cover all the new Mac malware of 2019 - in one place …yes, with samples of each malware for download!

AppMover Swift Library

Christian Tietze:

Oskar Groth published a modern iteration of the “LetsMove” framework where you can show a dialog at app launch, asking the user if she wants to move the app to /Applications first.

LetsMove uses AuthorizationExecuteWithPrivileges, which has long been deprecated but doesn’t have a good replacement.

AppMover uses NSAppleScript, without escaping the paths in the generated AppleScript string, to invoke rm and cp via do shell script […] with administrator privileges.

Neither works with sandboxed apps.

Why You Can’t Save a logarchive There

Howard Oakley:

I think the problem is that my app is running an AppleScript, which is running a shell script, which in turn actually needs to be entitled to write to this removable storage. Although the user selects the location in which to save the logarchive – which surely establishes user intent, Apple’s reason for permitting the action – that intent isn’t communicated through the AppleScript and shell script chain to give the log command the ability to save the logarchive where the user wants.


Update (2020-01-06): Howard Oakley:

It’s this which is most frustrating of all, that neither the user nor developer gets to know, let alone grok, the rules, nor do they appear able to modify them so that macOS works the way that they expect it to. Controls in the Privacy tab don’t appear to apply to per-file privacy protection accomplished using the extended attribute, and as the extended attribute itself is protected by SIP, neither user nor developer can remove or modify it. There’s no override feature, no off switch, and no way to get your Catalina Mac to forget about per-document privacy protection and its bizarre behaviours. When you’re trapped with a document that’s behaving like a crazed cat, there’s just nowhere to go.


If this is how per-document and folder privacy is going to work, then it turns using files in macOS into a game of chance, and it’s a chance that is only going to deter users. When privacy protection has these unpredictable and obstructive effects, it’s surely time to consider whether it isn’t bringing the whole of macOS, and by association Macs, into disrepute.

Rewriting m4vgalib in Rust

Cliff Biffle (via Bryan Cantrill, Hacker News):

The Rust implementation is simpler, shorter (in lines of code), faster, and smaller (in bytes of Flash) than my heavily-optimized C++ version — and because it’s almost entirely safe code, several types of bugs that I fought regularly, such as race conditions and dangling pointers, are now caught by the compiler.


Rust’s ownership rules produce a sort of bizarro-world of API design.

  • Some (uncommon, but reasonable) API designs won’t make it past the borrow checker. (In nearly every case, these are APIs that were easy to use incorrectly in other languages.

  • Some API patterns that are grossly unsafe or unwise in other languages are routine in Rust because of lifetime checking.


Because of Rust’s ownership and thread-safety rules, you can only share data between threads and ISRs if it’s packaged in one of these thread-safe containers. In Rust terms, the containers convert a type that is Send, or safe to move between threads but not safe to use concurrently, into a type that is Sync, or safe for concurrent use. If you add some new data and attempt to share it without protecting it, your code will simply not compile. This means I don’t have to think about data races except when I’m hacking the internals of a locking primitive, so I can think about other things instead.

MacBook Pro Diary: A Third Failure

Ben Lovejoy (tweet):

My immediate reaction was frustration at the fact that it appeared nobody had carried out a real-life test of the machine. The records showed that it had been put through all the automated tests, and had passed all of them. It also showed that a ‘functional test’ had been performed. This is what is supposed to be a real-life test: starting up and then running some software to ensure that trackpad, keyboard, microphone, speakers, and so on, were all working.

However, what hadn’t been done was to startup or wake the machine on battery, as that’s what resulted in an instant shutdown when the machine was brought in and still resulted in an instant shutdown when I tested it on collection.


A third failure in a three-year-old machine. Put another way, the MacBook Pro has three modular components, and two of them have failed. Additionally, the keyboard is liable to do so again as it’s been replaced with an identical one which has the same inherent design flaw.


I am considering fairly radical action in response: taking the advice of one reader […] to always buy AppleCare, then replace the machine every three years so it’s always under warranty.

Practically speaking, I can see why that might make sense. But it’s a bad signal to send: make unreliable hardware, and we’ll respond by subscribing to it.


Thursday, January 2, 2020

The Falling Ladder of Abstractions

Nikita Prokopov (via Hacker News):

Every year Apple releases a new operating system and every year it needs a flagship feature to promote it. This year it was a long-overdue standalone Music app. Well, what could be simpler, right? List of files, categories, filters, smart lists. All that has been around in iTunes at least since 2001. But even if it wasn’t, how hard is it to build a decent music player? Many companies order of magnitude smaller than Apple have done it successfully in the past.


Yes, these particular bugs are pretty minor and probably do not affect business in the short run, only Apple’s reputation. Still, it is a big deal. Imagine how tall, opaque and unstable that ladder of abstractions is that it’s even possible to fail such a simple thing as selecting an item in a list??? It is a freaking list and if you click it, it should select a thing that you just clicked.


At this point, you might think I’m just picking on Apple or Catalina. God knows what went wrong there. Maybe they did change priorities and re-hired all the programmers. But no. This problem is universal.

Amazon can’t make a screen with two checkboxes[…]


Twitter newly rebuilt UI takes 7× longer to load first tweet, giving you essentially the same stuff but much later and with much more effort[…]

I think this is less a failure of abstractions and knowledge transfer and more a choice these companies have made not to prioritize the user experience.


IRS Reforms Free File Program

Justin Elliott and Paul Kiel (via Hacker News):

But the success of TurboTax rests on a shaky foundation, one that could collapse overnight if the U.S. government did what most wealthy countries did long ago and made tax filing simple and free for most citizens.

For more than 20 years, Intuit has waged a sophisticated, sometimes covert war to prevent the government from doing just that, according to internal company and IRS documents and interviews with insiders. The company unleashed a battalion of lobbyists and hired top officials from the agency that regulates it. From the beginning, Intuit recognized that its success depended on two parallel missions: stoking innovation in Silicon Valley while stifling it in Washington.

Justin Elliott and Paul Kiel (via Hacker News):

The email correspondence sheds light on a pivotal moment for the future of Free File in the fall of 2018: An expert body called the IRS Advisory Council (IRSAC) had spent months investigating the program. It was preparing to publish a blistering report concluding that the IRS’ “deficient oversight and performance standards for the Free File program put vulnerable taxpayers at risk.”


The emails are striking for what they lack: no counterproposals or efforts by IRS officials to push for a better deal. Less than two weeks after the industry proposal, the IRS official who oversees the program, Ken Corbin, signed a new memorandum of understanding.

Justin Elliott and Paul Kiel (via Hacker News):

The IRS announced significant changes Monday to its deal with the tax prep software industry. Now companies are barred from hiding their free products from search engines such as Google, and a years-old prohibition on the IRS creating its own online filing system has been scrapped.


Sonos Recycle Mode

Devin Wilson (via Nick Lockwood, Hacker News):

Sonos states on their website that “sustainability is non-negotiable,” and that they design products to minimize impact, but I work at an e-waste recycler and have demonstrable proof this is false.

Sonos’s “recycle mode” intentionally bricks good devices so they can’t be reused.

Chris Welch:

It works like this: you check if one of your Sonos gadgets is eligible for the trade-up promo. Then you confirm in the Sonos app that you’d like to “trade” your current device toward a new one. Sonos instantly grants you a 30 percent discount, and then automatically starts a 21-day countdown before your old device goes into Recycle Mode (emphasis mine)[…]


But for some reason, selling or giving your aging Sonos gear to someone else isn’t an option under the program. This is a strange pact that doesn’t really exist with any other major electronics manufacturer.

Update (2020-03-06): Juli Clover:

Sonos is eliminating its controversial “Recycle Mode” that was part of the company’s trade-up program that provides a discount of 30 percent on new devices, reports The Verge.


Sonos is still offering the 30 percent discount for customers who want to upgrade to a new speaker, but is no longer requiring existing speakers to be bricked to get the deal. Customers can now choose to keep their speakers, give their speakers to someone else, recycle it at a local facility, or send it to Sonos for recycling.

Brydge Pro+: iPad Keyboard With Trackpad

Jason Snell:

I had a chance to use a prototype of the Brydge Pro+ last summer, and while in many ways it’s the iPad accessory I’ve been dreaming of for some time, it’s still quite limited by iPadOS 13. While the iPad has a real cursor now if you turn on Assistive Touch, it’s really just a virtual finger. (It kills me that external pointing devices can’t control the text editing cursor that’s been a part of iOS for years now.)


Among the issues Brydge has had to deal with is that iPadOS doesn’t actually support trackpads, it supports mice. So Brydge’s trackpad has to translate trackpad touches into mouse movements and send those to the device. The result is a nifty piece of engineering, but one that doesn’t offer the rich, smooth feel of a MacBook trackpad.

Update (2020-01-10): Jason Snell:

While some will consider the mere possibility of adding a mouse or trackpad to an iPad to be sacrilege, I prefer to see it as an additional option that can improve the iPad’s flexibility in certain circumstances. However, Apple’s support for external pointing devices is very much a first draft. It needs to continue pushing this feature forward in iPadOS 14—and in doing so, the platform could reap some surprising rewards.

MacInTouch Switches to WordPress

Ric Ford:

I have now migrated MacInTouch to a new publishing platform (which hasn’t been at all easy…).

Now it supports permalinks. I wonder what the plan is for the forum.

John Gordon:

It’s not documented, but there’s a feed now; here’s what I see when adding to Feedbin[…]


Update (2020-01-24): Ric Ford:

Now the time has finally come to make one change, which is to phase out MacInTouch-hosted discussion forums (FAQ). As unique as our approach has been, and as much as I enjoy productive discussion, there are other alternatives to something I can no longer personally sustain. Specifically, TidBITS Talk looks like a reasonable alternative from folks with a similar history and philosophy, plus a team of people to run the forum.