Archive for February 2020

Friday, February 28, 2020

Swift Argument Parser

Nate Cook:

We’re delighted to announce ArgumentParser, a new open-source library that makes it straightforward — even enjoyable! — to parse command-line arguments in Swift.

[…]

In addition to what we’ve seen so far, ArgumentParser supports --flag arguments for Boolean or enumerable properties, multiple names for options and flags, encapsulating groups of arguments, and much more. You can learn more by visiting the repository’s README, browsing the guides in the documentation folder, and reading the in-source symbol documentation.

You can also explore the Swift project’s in-flight adoption of ArgumentParser:

  • indexstore-db is a simple utility with two commands.
  • swift-format uses some advanced features, like custom option values and hidden flags.

This looks both full featured and easy to use. It’s also interesting to see how it was implemented using property wrappers (to associate metadata with the instance variables that represent each option) and reflection (so that it can get the name of the instance variable from its declaration, without your having to retype it).

Hopefully this will eventually be built into the standard library so that single-file scripts can use it without needing to manage any dependencies.

See also: getopt_long, argparse.

Previously:

How Crash Bandicoot Hacked the Original Playstation

Ars Technica (via Hacker News):

For today’s episode of War Stories, Ars Technica sat down with Naughty Dog Co-founder Andy Gavin to talk about the hurdles in bringing the original Crash Bandicoot to gamers around the world. When Andy and his partner Jason Rubin made the decision to bring the action platforming genre into three dimensions, it required living up to their company ethos of “leaving no stone unturned” in the search for memory - even if it meant hacking Sony’s library code.

Previously:

Shadow Cloud Gaming Service Removed From the App Store

Tim Hardwick (Reddit):

Cloud gaming service Shadow has had its apps removed from the App Store after it was found to be in violation of Apple’s guidelines.

For those unfamiliar with the service, Shadow allows subscribers to play triple-A titles on their smartphones, tablets, set-top boxes and computers, while high-end remote servers take the burden of processing the graphically intensive games.

Is this another case where Apple wants them to remove In-App Purchase? If so, how was it approved the first time?

Previously:

Plague Inc. Removed From the China App Store

Eliza Gkritsi (via Cabel Sasser):

Popular infection simulation game Plague Inc. has been removed from Chinese app stores, Apple and Xiaomi users noticed today, after enjoying renewed popularity during the Covid-19 outbreak.

[…]

Chinese authorities have been known to ban adult content and games with politically sensitive hidden messages. Plague Inc. has been praised for its educational value and scientific approach.

[…]

The internet regulator informed Ndemic Creations that the game was removed from app stores for “illegal” content, the developers said in a statement released on their website on Thursday evening.

It remains in the US App Store, where it’s an Editors’ Choice.

Chris Kerr:

The studio explained it doesn’t know whether the game has been pulled because of its newfound coronavirus connection, and indicated the Cyberspace Administration has yet to offer a concrete explanation for the game’s sudden removal.

Previously:

Google Earth Beta Supports Other Browsers

Tom Warren (via Hacker News):

Google is opening up its web-based version of Earth to browsers like Firefox, Edge, and Opera today. The search giant originally launched Google Earth on the web back in 2017, and axed its desktop apps at the same time. Google says “we are big supporters of open web standards,” but Earth launched on the web with Chrome-only Native Client (NaCl) technology as there wasn’t a standard available to support what it wanted to do. This resulted in Earth becoming one of the first of many Chrome-only sites from Google.

NaCI allowed Google to bring its native C++ app code and run it directly in a Chrome browser, with all the performance required to let you zoom in and out of locations on a virtual globe. Google has spent the past three years contributing to emerging web standards like WebAssembly, which allows developers to bring native code to the web.

Now it seems to work in every major browser except Safari.

Previously:

Craig Federighi’s Advice

UC Berkeley (via Scott):

Craig Federighi (B.S. ’91, M.S. ’93 CS), the senior vice president of software engineering at Apple, Inc., delivers some “Questionable Advice from One Very Lucky Berkeley Engineer.”

This View from the Top conversation with Dean Tsu-Jae King Liu was delivered Nov. 21, 2019, in Banatao Auditorium at UC Berkeley.

He doesn’t spill any beans about NeXT or Apple, but the video gives some insights into the person in charge of Apple’s software and how he got to that position.

Thursday, February 27, 2020

MarkdownAttributedString

Craig Hockenberry (tweet):

This project is an Objective-C category that generates rich text by reading Markdown as the source code. It also allows you to write Markdown using attributed strings. The code only processes link and emphasis span elements in Markdown. There is experimental support for code spans.

[…]

One of the potential uses I see for this code is with localization. Putting Markdown into your .strings files will be a lot easier than juggling separate RTF files.

It’s just a pair of .h/.m files with no dependencies, and (unlike NSAttributeString’s HTML converter) it works from any thread.

Kr00k Wi-Fi Vulnerability

Dan Goodin (via Juli Clover):

Billions of devices—many of them already patched—are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference.

[…]

Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.

Disassociation typically happens when a client device roams from one Wi-Fi access point to another, encounters signal interference, or has its Wi-Fi turned off. Hackers within range of a vulnerable client device or access point can easily send disassociation frames to trigger the vulnerability because these frames aren’t authenticated.

Apple has fixed this in macOS 10.15.1, but there doesn’t seem to be an update for Mojave. As Goodin says, most sensitive traffic should already use its own encryption rather than relying on the Wi-Fi network’s, but DNS queries are usually unencrypted.

Update (2020-03-06): Robert Barat:

It looks like they finally put out a fix for Mojave and High Sierra on the 27th

Wednesday, February 26, 2020

What You See in the Finder Should Always Be Correct

John Gruber (tweet):

I know from talking to Arment privately that about 30 seconds after he took the screenshot, the Inspector updated to show the actual folder size. But that’s still very wrong. The Finder should never show inaccurate information regarding the state of the file system. Never.

This is the sort of problem in recent versions of MacOS that clearly isn’t getting enough attention within Apple. John Moltz and I discussed this on yesterday’s episode of my podcast, and Moltz mentioned a similar problem I’ve seen too: you put some large files in the Trash, then empty the Trash, and the available space shown in Finder windows (View → Show Status Bar) doesn’t change at all for an indeterminate amount of time.

Remember how Windows had a Refresh command, but Macs didn’t need one?

The free space issue dates to at least High Sierra. And, starting with Mojave, I’ve been having all sorts of problems with Finder showing stale information: incorrect metadata, continuing to show files that were already deleted, and failing to show new files. Sometimes I can click on a file or folder to refresh the display. Other times, it gets stuck showing hours-old filesystem state, and I reboot.

Jeff Johnson:

Unpopular opinion: APFS is a disaster on the Mac

1) Almost impossible to get accurate free space on a disk
2) Super fast HFS FSCatalogSearch file system search is gone
3) Bizarre long delays in moving files to the Trash

I think “disaster” is going too far, and there have been benefits. But it’s true that some basic stuff just doesn’t work as well since the switch to APFS.

Maxwell Swadling:

Free space is my big missing feature. You can’t copy a file to an APFS partition that is bigger than true free space but smaller than available space. I have to use an external drive to work with final cut / large videos

Tom Harrington:

When my Mac tells me I can’t download a new Xcode because there isn’t enough room, but then Finder says there’s like 10x more space than I need, something is not working right.

John Gruber:

Someone said that going to System Information: Storage Management triggers something that updates available free space everywhere, including Finder and Disk Utility. I’ll try that the next time I think the numbers are wrong, but of course this should happen automatically.

Previously:

Update (2020-02-28): Adam Maxwell:

I regularly take a screenshot and can’t find it on my Desktop, but it shows up in Finder’s list or column view. I never associated it with AFPS, but it’s definitely a recent problem for me (on High Sierra). In the old days I’d have filed a bug report. Now? Work around.

Kyle Howells:

The latest issue: trying to put a 4GB file on my iPad.

iOS: Error: Not enough free space.
Ok how much space is free?
iOS: 451/512GB free
Me: ?!?!???
Tries via an app & network share. App: Error not enough space

So my device really is full, but REALLY doesn’t want to show me.

I plugged into a Windows PC running iTunes desktop app, open it and.... photos is using all the space, but because it theoretically could purge it if needed doesn’t count as used. Except that is if you actually try and use that ‘free’ space.

[…]

A week or so ago my Mac did the same thing.

I was downloading some large files and started getting ‘free space low’ warnings. Looked at Finder, and 60-ish GB free, nothing to worry about.

Then more warnings and finally new file creation failed with ‘no space available’.

Update (2020-03-27): Gus Mueller:

Kind of getting tired of having to reboot my mac after emptying the trash, in order to see my disk space come back. At least HFS mostly got that part right.

Tom Harrington:

It leads to weird and confusing states. Like, Finder says I have plenty of space but un-xipping Xcode fails due to lack of space. There’s a lot of purgeable data, but it doesn’t get purged. If it were purged, there’d be plenty available.

Pythonista 3.3 Includes a Keyboard Extension

Ole Zorn (tweet):

First off, this is not intended to replace the system keyboard or your preferred third-party keyboard for most of your typing. It’s much more like the emoji picker, i.e. you’d typically switch to it just for specific tasks.

[…]

You can use the keyboard for simple things, like quickly inserting the current date/time in your favorite format, or even show a custom UI, like a calculator, in the keyboard view (or above a standard QWERTY keyboard).

[…]

The keyboard module includes keyboard-specific functionality for inserting text, modifying the cursor position, showing user interfaces in the keyboard, and more.

With no global menus or keyboard shortcuts, keyboard extensions and Siri are the ways to add functionality to an app on iOS.

Previously:

Update (2020-02-28): Tony Meyer:

New Pythonista custom keyboard gives me a repl in the keyboard, even in Textastic!

And I can add practically any script as a new keyboard button. Tempted to use a third-party keyboard for the first time ever.

Update (2020-03-12): Dr. Drang:

Because only modules written entirely in Python can be installed by the user, the number of non-native libraries that come with an iOS Python app determines how broadly useful the app can be. That’s why, despite its many flaws, I have hopes for Pyto and don’t regret buying it. Giving me the ability to write the kinds of scripts I need to for work covers up a lot of shortcomings.

And seeing Pythonista back in development again has made me cautiously optimistic about it again. The developer clearly knows he needs to get on the Shortcuts bandwagon if he wants his app to be a significant player in the iOS automation world again. I think a lot of ground has been lost to Scriptable.

My dream would be for these two apps get into a competition with each other. If that happened, I might be able to put off learning JavaScript for another decade.

ShortcutDetective

John Gruber:

ShortcutDetective, a free utility from Irradiated Software, is designed specifically to track down which app is receiving a shortcut. Just run the app (after granting it Accessibility permissions), type the shortcut, and in most cases ShortcutDetective will tell you which app is receiving it. Saved me a lot of troubleshooting effort today.

The app is available here.

Google Sent Private Videos in Google Photos to Strangers

Abner Li (via Hacker News):

Google this evening began alerting Takeout users about the “technical issue.” From November 21-25, 2019, those that requested backups could have had videos in Google Photos “incorrectly exported to unrelated users’ archives.”

In requesting a backup, some of your videos — but not pictures — might be visible to random users that were also downloading their data through Google Takeout. The company did not specify what media was affected beyond “one or more videos in your Google Photos account was affected by this issue.”

[…]

Another implication is that the Google Photos archive you downloaded during that five-day period is incomplete and missing some of your videos, while strangers’ media might be present.

Tom Warren:

Google’s nonchalant email alerting users doesn’t provide any details on how many people were affected, nor the amount of individual videos that were distributed incorrectly per account. Google fixed the issue after five days, and 9to5Google reports that less than 0.01 percent of Google Photos users who used Takeout were affected. Google Photos has over 1 billion users, so even a small percentage will impact a significant number of people. Google has apologized “for any inconvenience this may have caused.”

brenden2:

The usual argument for using “cloud” over managing your own files/data is that it’s very hard to safely manage your own data without making mistakes (data loss, etc). However, this is an example of how companies like Google also make mistakes. Furthermore, when Google/FB makes a mistake (like leaking your private data) they do it at a global scale.

I offboarded myself from all of Google’s services a while ago, but I also think “cloud” is dead, at least in the cases where the cloud service holds the encryption keys on my behalf. I don’t trust, and never will trust, any company to hold on to my data without either selling it to a third party or accidentally leaking it.

Recording All the Melodies

Jason Kottke:

In this recent TED Talk, lawyer, musician, and technologist Damien Riehl talks about the rapidly diminishing number of melodies available to songwriters under the current system of copyright. In order to help songwriters avoid these melodic legal landmines (some of which are documented here), Riehl and his pal Noah Rubin designed and wrote a program to record every possible 8-note, 12-beat melody and released the results — all 68+ billion melodies, 2.6 terabytes of data — into the public domain.

Monday, February 24, 2020

Restoring the Mac Startup Chime

Waly Kerkeboom:

Got a new Mac (like I did) and miss the old boot chime?

sudo nvram StartupMute=%00

See also: Mr. Macintosh and Howard Oakley.

Previously:

Update (2020-02-26): Paul McGrane:

It will be interesting to see what this is like on a T1 or T2 Mac during a system software update. I was assuming the main reason it was disabled is there would probably be quite a lot of chimes, to the point of being silly or annoying.

Adam Engst:

When Apple disabled the startup sound by default in 2016, someone discovered that a Terminal command could bring it back […] Unfortunately, that approach stopped working with Mac models in 2017, presumably due to Apple removing the option in a macOS update, and since then, new Macs have started up silently.

[…]

I don’t understand what modern-day Apple has against the startup sound. Sure, make it an option for those who need their Macs to be silent at all times, but it’s a useful indication that the Mac is working as expected—at least to that point in the boot process. Perhaps Apple is trying to encourage the belief that Macs are always available like iPhone and iPads, but reality doesn’t support that.

John Gruber:

Use “01” in place of “00” to turn the chime off.

Update (2020-03-06): Marco Arment:

Finally heard the startup chime on my 16” and I’m so glad I enabled it.

Olivier Roux:

Also very useful as since there is no status light anymore, sometimes you had no way to know whether you had successfully managed to hard reboot your laptop if the screen remained black... startup sound fixes that

Tony Smith:

I had problems with this enabled. If I restart it does the startup chime then powers off again and then back on and played the chime again. Every time I rebooted it did this until I turned the chime off again

Safari to Reject HTTPS Certificates Longer Than a Year

Ivan Mehta:

Last week, at the 49th CA/Browser Forum, a voluntary consortium of certification authorities, Apple announced that it’ll stop allowing HTTPS certificates on Safari with more than 13 months of validity, later this year.

[…]

As the Register noted, sites like GitHub and Microsoft have certificates with two-year validity. Under Apple’s new rule, these sites will be rejected if these companies will get another two-year certificate after August.

Jason Snell:

The rationale? Shorter certificate lifetimes are safer, for a variety of reasons. For one thing, it prevents a valid (and perhaps abandoned) certificate from being stolen or misappropriated by a bad actor, then used to trick consumers. While there is a process for revoking known bad certificates, it’s cumbersome and many browsers don’t even check the revocation lists.

For another, quick turnaround helps ensure that the certificates are always secured using the latest cryptographic standards.

[…]

The major downside for certificates that expire more often is that it means more work for organizations that have a large number of certificates that they will now need to renew more often.

[…]

At least one previous proposal to reduce the life of accepted certificates has been put to the CA/Browser Forum, but while it was widely supported by browser makers, it didn’t garner enough support from Certificate Authorities to make any head way. So Apple, in its own tried and true fashion, has apparently decided to make a unilateral change for what it believes is the best for users.

Previously:

Update (2020-03-06): Apple:

TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC must not have a validity period greater than 398 days.

This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS.

Rosyna Keller:

The complaints I’ve heard regarding Apple’s move to 13 month or less TLS cert validity are perfect examples of why the current validity window is too damn long.

For example, “Before, I could completely ignore my site’s security for 5 years and then forget to renew!”

Catalin Cimpanu (via Rosyna Keller):

Google wants to reduce the lifespan of SSL certificates (used to secure HTTPS encrypted traffic) from the current two years to just over a year.

Troy Hunt:

Which brings me to the second point: certificate renewal should be automated and that’s something that you simply can’t do once identity verification is required. DV is easy and indeed automation is a cornerstone of Let’s Encrypt which is a really important attribute of it. I recently spent some time with the development team in a major European bank and they were seriously considering ditching EV for precisely this reason. Actually, it was more than that reason alone, it was also the risk presented if they needed to quickly get themselves a new cert (i.e. due to key compromise) as the hurdles you have jump over are so much higher for EV than they are DV. Plus, long-lived certs actually create other risks due to the fact that revocation is broken so iterating quickly (for example, Let’s Encrypt certs last for 3 months) is a virtue. Certs lasting for 2 years is not a virtue, unless you’re coming from the perspective of being able to cash in on them...

See also: Accidental Tech Podcast and Rich Trouton.

Update (2020-06-11): Dean Coclin:

Chrome joins Apple in limiting public TLS certificates to 398 days starting Sept 1st.

EU Wants All Phones to Work With Interoperable Chargers

Tim Hardwick:

Despite pushback from Apple, the European Parliament in January voted overwhelmingly for new rules to establish a common charging standard for mobile device makers across the European Union. This article explores what form the EU laws might ultimately take and how they could affect Apple device users in Europe and elsewhere.

To reduce cost, electronic waste and make consumers’ lives easier, Members of the European Parliament (MEPs) want “binding measures” that ensure chargers fit all smartphones, tablets, and other portable devices.

[…]

A progress report provided by the MoU signatories in February 2013 indicated that 90 percent of the new devices placed on the market by the signatories and other manufacturers by the end of 2012 supported the common charging capability. But that statistic was so high only because it took into account the fact that Apple offered a Lightning to micro-USB adapter.

One member of the Commission would note: “[…] The future MoU must be clear in its outcome, we cannot afford to admit adaptors.”

Matt Birchler:

Second, this is addressing a problem that I think we all suspect is going away shortly anyway. Every Apple laptop charges with USB-C. The new iPad Pros released in 2018 use USB-C. Every Mac they sell is all in on USB-C (some would say to a fault). It’s just the iPhone that’s not using the standard, and we all pretty much agree that it’s only a matter of time (1-2 year max) before they switch over there too.

Third, what do we do in 5 years when there is a successor to USB-C that is better in every way? Are phone makers expected to wait for the EU to approve that new connector before they can use it?

Previously:

iOS Developer Survey

Dave Verwer:

The iOS Developer Community Survey is the largest public survey of Apple platform developers ever undertaken. Data collection happened over four weeks between 6th December 2019 and the 7th January 2020. In that month, 2,290 people filled in the questionnaire. This site presents the raw data collected, along with analysis and opinion based on that data.

Dave Verwer:

Almost 70% of people are writing 100% of their personal/hobby Apple platform code in Swift. Given that company/team restrictions and the impact of an existing codebase is much less of an issue in personal/hobby projects. I think this question is a good indicator of developer interest in the language, and what this tells me is that Swift is dominating.

When it comes to apps written for a company, you might expect the number to fall. It does, but not by much.

Larger companies seem to use more Swift than smaller ones.

Dave Verwer:

An average satisfaction of 8.3 is obviously very high, even more so when you think of how critical we developers can be about the languages we use!

[…]

But I believe there are some slightly worrying signals revealed by this question. Only ~66% of people think that Swift is in good hands at Apple? Only ~59% of people believe that the evolution process is working well?

I’m generally like how the language has been evolving, but the progress on tooling and reliability have been frustrating.

The most interesting questions to me are that 75.5% say that they have a “Completely separate/independent codebases for each mobile platform” (I expected much lower) and that 60% say they would use SwiftUI in a new app to ship soon (also expected lower).

Interest in Mac development seems to be low, and respondents who were interested in Mac development preferred Catalyst and SwiftUI to AppKit, which does not bode well for the quality of future apps.

Apple has been talking a lot about machine learning and augmented reality and adding lots of stuff to the frameworks, but interest seems relatively low.

42% of apps were completely free or donationware, with 21% using subscriptions.

Friday, February 21, 2020

Git Tower 4.2

Tobias Günther:

And finally, with version 4 of Tower for Mac, we’ve reached another huge milestone in our mission to make version control with Git easier and more productive for everyone. Why, you ask? Because undoing mistakes in your daily work has now become as easy as pressing CMD+Z!

Cool!

I don’t understand their version numbers. Version 4.2 was released just 2 days after version 4.1, and the only documented change is a single bug fix.

Previously:

Update (2020-05-25): Kristian Lumme:

There's a wide gap between implementing a feature as a gimmick and actually making it feel natural, intuitive and solid. In Tower, actions happen asynchronously relative to the UI, so right away, we had the challenge of making sure the undo feature could handle this — for example, repeatedly undoing and redoing some action could not result in something breaking or data being lost.

In order to undo some more complicated actions, we had to save additional data for each step undertaken by the user, so that we would have all the information necessary to get back to the previous state in case the user decided to undo. An example of this occurs with some operations involving the working tree. The working tree is complicated, with many different potential states for files: files can be modified, staged, they can have merge conflicts and so on.

App Store Confidential

Juli Clover:

Apple is aiming to stop the sale of a new insider book called “App Store Confidential,” written by former Apple employee Tom Sadowski who ran Apple’s App Store business in Germany until November 2019.

[…]

Apple claims that the book reveals “business secrets” that are of “considerable economic value,” but Sadowski denies the inclusion of proprietary information. Apple also says that Sadowski has violated his employment agreement.

Malcolm Owen:

Lawyers working for Apple have ordered Sadowski and his publisher to cease deliveries of book orders, to recall all copies of the book that are already in circulation, and to destroy all manuscripts of the book. Publisher Murmann and the author have so far resisted the demands from the iPhone maker.

Previously:

Identifying Monopolistic Moves

Benjamin Mayo:

In the hearing, Daru complains that iOS 13’s repeated location permission alerts disfavours Tile, imposing hurdles on third-party apps that Apple’s Find My don’t have to contend with. I’d say that is indeed unfair and anticompetitive; third-party apps should be treated the same as Apple’s. The problem is how far do you take this. If Apple’s apps and third-party apps must be concomitant partners, should Apple then be forced to remove Find My as a built-in installed-by-default application? That seems like a step too far, beyond what would be deemed reasonable.

Daru also voices her company’s frustration that the U1 chip does not have a public API and therefore unavailable to developers. She argues that anyone should be able to use the ultra-wide band technology in the iPhone, saying that UWB is a standard and the only thing that makes it proprietary is Apple’s decision not to expose an API for it. […] Personally, I don’t think that a manufacturer should be required to allow access to every component of the products they make.

[…]

But it’s that exact freedom to lock the platform down that allows the platform proprietor to make choices that benefit itself. Let’s say Apple never provides an API for ultra-wide band. That means every other company will never be able to match the AirTags on features. Is that a monopolistic move, or just inherent to the state of play? I really don’t know how you can distinguish the two.

AdSense Extortion Scheme

Brian Krebs (Hacker News):

Google declined to discuss this reader’s account, saying its contracts prevent the company from commenting publicly on a specific partner’s status or enforcement actions. But in a statement shared with KrebsOnSecurity, the company said the message appears to be a classic threat of sabotage, wherein an actor attempts to trigger an enforcement action against a publisher by sending invalid traffic to their inventory.

“We hear a lot about the potential for sabotage, it’s extremely rare in practice, and we have built some safeguards in place to prevent sabotage from succeeding,” the statement explained. “For example, we have detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems.”

I don’t really believe that because even without bad actors the AdSense/AdWords system seems untrustworthy. The amounts you have to bid often don’t make sense, and there’s no one to help you.

dpcan:

However, it seems that as soon as we went over a certain amount, our budgets started getting exceeded by about 10am in the morning.

But our competitors ads kept going.

We contacted Google to find out what was going on. None of these clicks were even resulting in business, contacts, nothing. So we assumed the worst, our competitor was having someone click all our ads.

This process started the downward spiral for our business. Not being able to stay live in Adwords long enough to get any new business was devastating and I sure as heck wasn’t going to participate in clicking on my competitors ads because that’s fraud as far as I know. SO, we just suffered and I couldn’t get any support from Google.

Mac Backups and the Versions Database

Howard Oakley:

What that doesn’t tell you is that, without that Versioning database, all old versions of your documents are lost forever from your cloned volume. And that can be a very significant loss indeed.

So, Time Machine goes out of its way, and your time, to ensure that the Versioning database is copied for each volume it backs up. You might therefore presume that when you restore a document from a Time Machine backup, that restores all its old versions too. Only you’d be wrong: restored documents from Time Machine backups also lose all their old versions. You might consider that to be a bug, and I’d agree with you.

As far as I can tell, in recent versions of macOS including 10.15.3, the only way that you might get access to the old versions of a document is when you perform a full volume restore, which isn’t sensible when all you want are previous versions of a single document.

This is a general problem with storing data out of band. macOS goes to all this trouble to efficiently store the file versions in a location and format where apps can’t access them. And it never developed its own tools for working with them, so the versions system ends up not working with other parts of macOS like Time Machine.

I find low-tech methods, such as those employed by BBEdit and MarsEdit, that rely on saving actual files for each version to be more useful. For example, their backups can be backed up and restored, and I can use other tools with them, e.g. to search for which version has the text I’m looking for.

I wonder how much more efficient the versions database is than APFS file clones. Is it still worth it?

Howard Oakley:

If you find the macOS feature to keep previous versions of documents useful, you may have been disappointed when you looked for previous versions only to find there weren’t any. This article explains why that might be, and what you can do to preserve those versions.

[…]

The most robust and reliable way to preserve previous versions is to convert the document into a folder containing each version using my free apps in DeepTools, or Revisionist, which is a complete toolkit for accessing versions and the macOS Versioning system.

Previously:

Wednesday, February 19, 2020

Larry Tesler, RIP

William Gallagher (mhaeberli, Hacker News, Reddit):

From 1980 to 1997, he worked for Apple, recruited by Steve Jobs, and ultimately rising to become vice president and chief scientist. In his 17 years at Apple, he began on the Apple Lisa, ran the development of the Newton, and invented Copy and Paste.

He was also a major contributor to key Macintosh software including QuickTime, AppleScript and Bill Atkinson’s HyperCard.

Tesler was the person Xerox assigned to show Steve Jobs around its Palo Alto Research Center in late 1979.

[…]

Tesler advised Amelio to buy NeXT, but also warned him.

Luke Dormehl:

Tesler was passionate about something called modeless computing, meaning a type of computing (now taken for granted) in which the user doesn’t have to switch constantly between different input states. His Dodge Valiant bore a customized license plate reading “NO MODES.” He regularly wore a T-shirt warning colleagues not to “Mode Me In.” And his Twitter handle was @nomodes.

Previously:

Update (2020-02-28): Chris Espinosa:

In memory of Larry Tesler, here is a video of a session we did together in 1997.

Chris Espinosa:

We were content to literally put a string on the clipboard and insert it at the insertion point. As a 20-year-old college dropout tech writer I was not going to argue with Steve Capps. But Larry wanted it done better.

He wanted the spacing around words to adjust automatically.

[…]

He produced a simple formula for when to add or strip space when pasting to make sure that words and sentences had not too many, not too few spaces.

Larry taught me the value of taking the user’s point of view; using heuristics to work magic; to look at all the cases. Much more than inventing copy and paste, he invented it as a writing tool, not a code-editing tool, for people who didn’t understand computers.

Gus Mueller:

Larry’s heuristic lives on in the Cocoa frameworks via the property smartInsertDeleteEnabled in NSTextView. There’s actually a handful of methods related to it, which you can find by searching for “smart” in the NSTextView headers or documentation.

Tom Conrad:

When I was 24 and working at Apple I found myself in a heated debate with an engineer that I’d not met before.

Since I was young and knew everything, I was lecturing this man on some nuances of how drag and drop should behave when activated on a text selection.

Dr. Drang:

His ACM article, “A Personal History of Modeless Text Editing and Cut/Copy-Paste,” is probably the best distillation of the ideas he’s known for and the connection between them. The main thread is a fun historical narrative, but don’t skip over the sidebars in the article. In “How Modes Degrade Usability,” he ties modes to the once-predominant verb/object method of telling a computer what to do. In verb/object computing, you give the computer an action command and follow that with the item(s) on which to perform the action. On a computer of today, that would be like selecting Copy from the Edit menu and then selecting the text to copy.

That may sound insane, but one of the things that made the Mac initially puzzling to people who were heavy users of PCs and mainframes back in the mid-80s was that it flipped verb/object around.

Adam Engst:

It was at the end of his tenure there that I corresponded with him, since he and I were both on a private Net-Thinkers mailing list that discussed issues relating to Apple and the Internet.

It’s telling how much things have changed, I think, that an Apple vice president would speak freely on even a private mailing list that included a writer like me. (At that time, apart from publishing TidBITS, my Internet Starter Kit for Macintosh book had sold about 400,000 copies, and I had just penned a MacWEEK column entitled “The Emperor Has No Strategy” that had ruffled feathers with Apple executives.)

Bruce Horn:

Larry was one of my favorite PARC colleagues and we worked on the Notetaker together before I followed him to Apple.

Brian Arnold:

From 1986 and all the way through 2005, my career was launched and propelled by the Macintosh, almost exclusively using the MacApp framework, that Larry Tesler was basically responsible for creating.

[…]

Among the people who had RSVP’ed to this hack session was none other than Larry Tesler, who was Chief Scientist at Apple at the time. Larry $%#&!! Tesler. And, I had no clue who he was, until after he had RSVP’ed, and someone else filled me in.

What I did know was, as with everyone else who came, he was there help finish the port, and to port some applications with his wife, that were written in Object Pascal with MacApp. He spoke with me several times briefly, and with others, and he was there the whole weekend. He picked up tasks that needed to be completed, and he ported code.

Daniel Jalkut:

I was lucky to have Larry Tesler as a customer. He gave me some really good feedback on my apps. He was always critical yet empathetic in the way he suggested changes.

I was also lucky to have him as a customer, though he never sent me any feedback.

Ernie Smith:

Tesler also is credited for inventing the term “browser” for the groundbreaking Smalltalk interface decades before it became associated with the web.

[…]

In the early 1990s, Tesler convinced Apple executives to offer financial support to ARM, a new type of chipset that devised by the British company Acorn, so it could be developed as a separate company in a joint venture. This technology was then used to develop the unsuccessful Apple Newton, whose development he helped to lead.

However, the RISC-based chip technology had a lot of potential beyond Apple’s doors—and that came in handy for Apple at a pivotal time.

Andrew Liszewski:

After leaving Apple in 1997, Tesler co-founded a company called Stagecast Software which developed applications that made it easier and more accessible for children to learn programming concepts. In 2001 he joined Amazon and eventually became the VP of Shopping Experience there, in 2005 he switched to Yahoo where he headed up that company’s user experience and design group, and then in 2008 he became a product fellow at 23andMe. According to his CV, Tesler left 23andMe in 2009 and from then on mostly focused on consulting work.

See also: Of Modes and Men (Hacker News), The Law of Conservation of Complexity, The Talk Show, The History of Computing, Tesler’s interview with the Computer History Museum (parts 1, 2, and 3).

Which OS Services Are App Store–only?

Drew McCormack:

OK, I was sure I must have been messing up somehow, but it turns out Sign In with Apple is not supported in Developer ID signed apps (source DTS). Must be the only entitlement that requires the Mac App Store. It is undocumented and portal never gives an appropriate error.

Adrian Thomas found that there is actually a Supported capabilities (macOS) help page that lists which APIs work with a free developer account, a Developer ID app, and a Mac App Store app. The latter two require a paid developer account. Aside from Sign in with Apple, Low Latency HLS and Game Center are exclusive to the Mac App Store.

Previously:

Update (2022-09-14): Drew McCormack:

Gah! Looks like Shared with You is only supported in the Mac App Store, just like Sign in with Apple. Wish these things were documented. Last time cost me a week trying to get the provisioning to work, only to find out the entitlement was deliberately stripped out.

Update (2023-05-22): The NSUbiquitousKeyValueStore documentation:

To use this class, you must distribute your app through the App Store or Mac App Store[…]

The (moved) Supported capabilities (macOS) page says that it’s available for Developer ID apps, though.

Developer Laws

Dave Kerr (via Gus Mueller):

There are lots of laws which people discuss when talking about development. This repository is a reference and overview of some of the most common ones.

For example: Amdahl’s Law about optimization, Brooks’ Law about staffing, and Tesler’s Law about complexity, along with principles such as the Liskov Substitution Principle, YAGNI, and The Fallacies of Distributed Computing.

A possible addition: the Lindy Effect.

Update (2020-03-27): Ryan Reeves:

Some great “laws.”

Stein’s Law: “If something cannot go on forever, it will stop.”

Betteridge’s Law: “Any headline which ends in a question mark can be answered by the word ‘no’”

Shirky Principle: “Institutions will try to preserve the problem to which they are the solution.”

Update (2020-07-30): See also: Laws for hackers to live by.

Update (2021-03-02): See also: 10 Software Engineering Laws Everybody Loves to Ignore (via Hacker News).

Update (2022-03-09): Tim Sommer (via Hacker News):

In this post I am going to share my collection, interpretation and thoughts on the most famous and most used laws in Software Development.

Tuesday, February 18, 2020

Catalina Data Protections Break File Sharing

WillyC:

The new data protections in Catalina make some folders inaccessible by default (for example the ‘Documents’ folder). When an application tries to access one of these folders the OS presents the user with a dialog box to ensure they intended the access.

This seems to have had the effect of breaking home folder network shares. If you enable file sharing in macOS, any registered user is able to access their home folder using their own credentials. This works in Catalina, but the special private folders (Documents, Downloads, Desktop) can’t be interacted with. Attempts to interact with them result in an ‘access denied’ error and no dialog is presented to the user on the server machine that would allow access. On the client machine, in both Finder and Terminal these folders simply appear empty and you get a permissions error if you attempt to create a file.

You log into your Mac with file sharing but can’t access your own folders. The server Mac doesn’t prompt to allow access, and there doesn’t seem to be a way to manually grant it. I found that sometimes toggling file sharing off and then on again helps. But this may not be easy to do while you’re sitting at the client Mac. And the problem eventually comes back.

Previously:

iOS Optimization Tips

Rony Fadel (tweet):

We’re tempted to think of labels as lightweight in terms of memory usage. In the end, they just display text. UILabels are actually stored as bitmaps, which could easily consume megabytes of memory.

[…]

When you dispatch_async a block onto a concurrent queue, GCD will attempt to find an idle thread in its thread pool to run the block on. If it can’t find an idle thread, it will have to create a new thread for the work item. Quickly dispatching blocks to a concurrent queue could leads to quickly creating new threads.

[…]

The concurrent queues you get from dispatch_get_global_queue are bad at forwarding QoS information to the system and should be avoided.

[…]

Avoid using dispatch_semaphore_t to wait for asynchronous work

[…]

UIKit implements tags using objc_get/setAssociatedObject(), meaning that every time you set or get a tag, you’re doing a dictionary lookup, which will show up in Instruments[…]

Jared Sorge:

I don’t know how many times I have kept text in a label when I perhaps didn’t need to. I also didn’t know that the right place to nil-out text in reusable views (UI{Table|Collection}ViewCell) is not in their prepareForReuse() method but in the delegate’s didEndDisplaying method instead.

Previously:

Update (2020-02-24): Pierre Habouzit explains how to avoid semaphores (thread):

QoS is a label, its rules of propagation are semi complex, but DO NOT depend on the state of the system.

It’s propagated by only 2 mechanisms (and anything built atop of it), and one secondary obsolete subsystem.

[…]

So what you need for priority inversion to kick in, is a wait primitive that has ownership information, IO primitives that record ownership

The list is pretty short:

- pthread mutexes and os unfair locks (and things built on top)

- dispatch_sync() (but for reasons not onto the main queue, but that doesn’t matter for apps)

- xpc_connection_send_with_message_sync()

[…]

dispatch_block_wait() isn’t multi-hop. It works for the main thread to wait in certain circumstances (if what you wait on has been asynced before you start to wait on is an important one), because in an app it’s the highest priority you can have, so the likelyhood of requiring more than 1 hop to resolve an inversion is super low. It doesn’t work nearly as well in other cases, for which a better pattern is to share a lock around your work, and have the waiter take that lock to see if the work was done or being done in which case the work will be boosted then. and if it hasn’t been done yet, then do it yourself.

Pierre Habouzit:

If you wait from the main thread, and that the thing you wait on was dispatched onto a serial queue before you wait, then [dispatch_block_wait()] does a good job.

For other more complex cases, use locks the way I explained in the thread.

Goodbye, Mac360

Ron McElfresh:

Mac360 started life back in mid-2004 as a test among friends to get into blogging and to try out Mac OS X Panther Server on an old, unused goose-neck iMac.

[…]

Through the years we saw it all. The Mac moved to Intel Inside. The iPhone arrived. The App Store. iPad. Apple Pay, Apple Music, AirPods, and much more. We saw Apple’s stock price and valuation rise to record levels. We graced Mac360 with advertising to help pay some bills and give the growing staff an incentive to continue to write about all things Apple.

[…]

Yes, all good things come to an end.

A few years ago I came down with an odd neuromuscular disorder that has slowly become debilitating. After 18 months of tests with a dozen different doctors I was referred to Mayo Clinic in Minnesota. More doctors and extensive tests confirmed a preliminary diagnosis of ALS.

Thanks to Ron and crew for all they’ve done. I hope there’s a way to preserve the archive.

Via Dave Mark:

Here’s a link to a GoFundMe to help defray Ron’s medical expenses.

YouTube App Ending In-App Purchase

Juli Clover:

YouTube today sent out emails to customers who are subscribed to its YouTube TV service through Apple’s App Store, letting them know that App Store subscriptions are going to be discontinued in March.

[…]

The YouTube TV app will need to remove all references to subscribing and signing up from its app when in-app purchases disappear, as Apple does not allow apps to link out to third-party subscription purchase options.

Chris Welch (tweet):

Other streaming TV services like Sling TV and Hulu with Live TV don’t offer in-app subscriptions. (Hulu does for its regular on-demand service, however.)

An increasing number of popular services, including Spotify, have stopped accepting new subscriptions through in-app purchases. But in Spotify’s case, the company allows existing customers to keep paying through Apple.

Apple’s developer terms require a 70 / 30 split in a customer’s first year of paying for a subscription through the App Store. After that, the developer gets 85 percent, and Apple takes 15. YouTube TV regularly costs $49.99, but subscribers who pay through Apple are charged a higher $54.99 to help offset Apple’s rules. But apparently, YouTube no longer wants to bother with that, either.

Even with the multi-year discount and charging iOS users $5 extra, Google was still ending up with less by using IAP. Prioritizing services revenue means Apple gets 30/15% of $0, customers get a worse experience, and Google gets their personal information.

Russell Ivanovic:

Let’s be honest. Apple taking a 30% cut for simply processing a transaction is beyond ridiculous. That it drops to 15% in year 2 isn’t better. Other payment processors charge 2.5% 🤪

Or put another way: if Apple gave you the option to use someone else how many people would keep using their service at the current pricing? If the answer is “almost no one” then it’s not a competitive or good service. It’s a monopoly

Previously:

Monday, February 17, 2020

Why There’s No Instagram iPad App

Mitchel Broussard (Reddit):

Instagram CEO Adam Mosseri took to the platform over the weekend to answer a few user questions on his story, shared by The Verge’s Chris Welch. Among the many things asked, the topic of an official iPad app for Instagram was brought up, and Mosseri explained why we haven’t seen one yet.

According to Mosseri, the company “would like to build an iPad app” for Instagram, “But we only have so many people, and lots to do, and it hasn’t bubbled up as the next best thing to do yet.”

It seems like there must be more to it than that. Even if they didn’t want to reimagine the app for iPad, they could tweak the iPhone app to make it fill the whole screen. So either they predict so little value for an iPad app—even multiplied by the huge size of their userbase—or an iPad app would somehow be a negative. Do they get more tracking and user data if you browse on an iPad in Safari?

Previously:

Update (2020-02-22): Chen Li:

Half baked is still a ton of effort - thinks all the basic features that need supporting: feed, creation, direct, stories, security. People would rate one star without any of these features. It’s basically another IG app for a super small % of people

Update (2020-02-24): Tanner Bennett:

All of these exist in the iPhone app. Can you elaborate on what exactly is wrong with just blowing these up with a few split view controllers here and there, etc?

Update (2020-02-28): John Gruber:

My best guess is they think engagement on the phone is worth more, so they do everything they can to drive you to the phone app.

The Paywalled Garden: iOS Is Adware

Steve Streza (tweet):

All that money comes from the wallets of 480 million subscribers, and their goal is to grow that number to 600 million this year. But to do that, Apple has resorted to insidious tactics to get those people: ads. Lots and lots of ads, on devices that you pay for. iOS 13 has an abundance of ads from Apple marketing Apple services, from the moment you set it up and all throughout the experience. These ads cannot be hidden through the iOS content blocker extension system. Some can be dismissed or hidden, but most cannot, and are purposefully designed into core apps like Music and the App Store. There’s a term to describe software that has lots of unremovable ads: adware, which what iOS has sadly become.

If you don’t subscribe to these services, you’ll be forced to look at these ads constantly, either in the apps you use or the push notifications they have turned on by default. The pervasiveness of ads in iOS is a topic largely unexplored, perhaps due to these services having a lot of adoption among the early adopter crowd that tends to discuss Apple and their design. This isn’t a value call on the services themselves, but a look at how aggressively Apple pushes you to pay for them, and how that growth-hack-style design comes at the expense of the user experience.

M.G. Siegler:

Wow, this is... aggressive. An almost full-screen self-ad on launch of the Apple Wallet app...

Oliver Haslam:

Emails, I don’t mind. It’s the location of the ad that’s the issue. The Wallet app is no place for an ad.

Marco Arment:

Neither is the Music app, but it’s often an Apple Music ad.

Same will happen to the TV app for TV+. They’ve already compromised Wallet (Card), App Store (Arcade), News (News+), and notifications.

The system UI doesn’t purely serve us anymore — it’s Apple’s upselling machine.

Daan Odinot:

Apple leveraging the shit out of the fact that they control the platform. They must know that they’re playing with fire here.

Marco Arment:

Are they? What can we really do about it?

Apple first let other apps turn our phones into marketing machines by non-enforcement of their rule against marketing/promotional push notifications.

Then they started routinely violating it themselves.

Actions speak: they don’t care.

Kyle Howells:

Apple’s services push is ruining the company.

Apple’s high quality and user focused design wasn’t inherently built into the company. It was a result of the companies incentives being to please their customers so they buy more hardware.

Once you switch to selling services the incentives switch too and so the quality disappears

This was completely predictable, and immensely disappointing.

Apple is destroying all the premium, high quality things we liked about them in pursuit of the myth of infinite growth modern companies have blinded themselves into believing in.

David Chartier:

Have we talked about how the TV app in tvOS 13 now just displays a bunch of ads for shows we haven’t heard of or don’t care about?

It used to display our most recently watched shows and films, making it super easy to get back to them.

This is an awful change.

Steve Troughton-Smith:

Really though I’m pretty unhappy Apple’s TV+ service is going to debut in an app with mixed free/streaming and paid/rental movies, especially with Family Sharing where everything is linked to my credit card. I can’t stand that it mixes both kinds of content in recommendations

Josh Centers:

The Apple TV app on the Apple TV is currently the bane of my existence. In theory, it should be a tidy way to manage everything you watch, bringing together content from Apple, Disney+, HBO, Hulu, and other streaming services (but still not Netflix, for some reason), plus live news and even sports. It sort of does that, but over time, Apple has started using the app to push the company’s own paid content, especially its Apple TV+ service.

Michael Rockwell (tweet):

It’s becoming clear that Apple is more than happy promoting their services through apps like Apple TV. And because of this, I’ve slowly moved away from using Apple’s apps and services toward alternatives. =

Dave:

Besides the blatant ads that we’re seeing more frequently in the UI, the issue that’s perhaps even more egregious is that entire app UIs are designed as ads.

They like to refer to it as “curation” but that’s really just another word for “advertisements”.

Dave (Reddit):

The reason this was controversial is that unlike the Up Next items, which were useful in showing you what’s on deck, the new full screen previews served no functional purpose and were essentially advertisements for content to watch. Firstly, this is a problem because it frequently suggests content you don’t even have access to without paying extra. But even more importantly, this speaks to a much bigger issue that has spread across the tech world — curation is destroying the user interface.

This may be the single biggest design problem in the tech world today.

I mean that sincerely. There is this ubiquitous tendency where “recommendation” has become another word for “advertisement”. Entire UIs are designed around how curators (both human and algorithmic) can suggest content for you.

Steve Streza:

The Apple News app is an obscene unending ad for News+ and it makes me want to yeet the app clean off every device it’s on.

Thom Holwerda:

The weird reality nobody wants to talk about: Apple, claiming not to be an ad company, puts tons of ads on its devices, while Google, definitely an ad company, puts effectively zero ads on Android.

Steve Streza:

More of the adware that permeates every corner of iOS. If you search for something in the Music app, it shows you an ad for Apple Music with no option to buy. Then if you go to the iTunes Store, it shows you... another ad for Apple Music.

Corbin Dunn:

Apple’s full size ad for News+ in the News “Mac” app. I don’t want to see any News+ stuff. How do I disable this?

Marco Arment:

After installing Catalina, EVERY app on my Mac had to re-ask for notification permission, even those I’d granted before.

Except fucking Apple News, which I never granted notification permission to, and enables itself for banners and sounds by default.

Zero respect for users.

Daniel J. Wilson:

Third-party apps have to be granted explicit permission to display notifications (even if they were already in use on your Mac), but Apple can display a marketing message for their browser when rival Chrome is launched for the first time on Catalina. Cool.

David Chapman:

iOS 13 has crippled the Health app and turned it into an ad platform.

Yes, I will probably buy a $3 app from the store in order to get the functionality back, so Apple will get $1 now. It will lose ~$100 in lifetime customer value by making me less likely to buy Apple products.

Ryan Jones:

Apple’s email receipts are killing me / customer support.

They don’t even have the app’s name, but an Apple Card ad made the cut! 🙄

Ben Szymanski:

I can’t believe that this is what the first party Mac software looks like now.

Ruffin Bailey:

I continually get bombarded now with what amount to advertisements asking for me to either buy more space now or, the other button says, “Not now”, implying, “Sure, I’ll do this later”. There is no, “I realize I’m out of space and I’ll handle it on my own danged time, thanks,” option. There was a time a week or two ago where, no lie, I was getting notifications about being out of space every 10-15 minutes on my iPhone.

[…]

That is, the only solution Apple provides for you when you’re out of iCloud space is for you to buy more iCloud space. That’s broken. That’s the wrong attitude. What is that space being used for? Are there smart ways to do these things another way?

rth.wtf:

The new push for services revenue feels totally off-brand for Apple. Or at least the old Apple. Maybe we’ve entered a new era for the company where growth-at-all-costs is the chief motivator for how they’re going to treat customers going forward.

John Gruber (tweet):

But I worry that with its services push, Apple is turning into an advertising company too. It’s just advertising its own services. In iOS 13 they put an ad for AppleCare at the very top of Settings. They use push notifications to ask you to sign up for Apple Pay and Apple Card, and subscribe to Apple Music, TV, and Arcade. The free tier of Apple News is now a non-stop barrage of ads for Apple News+ subscriptions. Are we at the “hellscape” stage with Apple? No, not even close. But it’s a slippery slope. What made Apple Apple is this mindset: “Ship great products and the profits will follow” — not “Ship products that will generate great profits”.

It is essential that product people remain in charge of these decisions at Apple, not services people.

Previously:

Update (2020-02-18): Dave Wood:

This sort of thing has me recommending friends/family look at Windows instead of macOS. It hurts my soul, but if you’re going to be treated like an animal by the vendor, you may as well get the cheap hardware and save some $.

Ed Cormany:

this is…not even close to the accepted meaning of the word “adware”.

Nick Heer:

Streza calls iOS “adware”, which I think is hyperbolic. But there’s no denying that using Apple’s products is starting to feel like visiting a department store that’s more intent on pushing its credit card than selling you a pair of shoes.

For me, the result has been plainly obvious: I treat many of Apple’s first-party apps as mere containers for their subscription services.

[…]

Some of these things are utilities; music shouldn’t feel like a utility, but it does now.

[…]

I don’t think it’s necessarily wrong for Apple to use its platform owner advantage to push its services, but I do think that, currently, it is making those products worse.

Tyler Hall:

I happily and enthusiastically paid for all that music. But now? Every time I see the $14.99 charge for our Apple Music family plan hit my checking account, I wince. I pay it begrudgingly because I feel like I have no other choice.

Let me be 100% crystal clear about this. The only reason I subscribe to Apple Music over Spotify or Tidal – or, hell, – Amazon Music or god-knows-what thing YouTube is currently offering, is because it’s the first-party, default service on macOS and iOS. The friction to use any other app that competes with a pre-installed, first party app on iOS (and increasingly macOS) is just too damn high.

Cameron Braun:

It’s been a slow, steady change, so I hadn’t really noticed it. But @SteveStreza is right here... @Apple is pushing its limits and it’s making the user experience worse...

Dare Obasanjo:

This is an amazing graphic from @SteveStreza that shows how iOS is now nagware constantly upselling you to services from an Apple credit card to music subscriptions. Apple does this while cracking down on Google’s ad business in the name of privacy.

We live in an interesting world where Apple has convinced the tech press that seeing targeted ads while using Google products is bad but seeing ads for Apple branded high interest credit cards in the native iOS wallet app is the moral high ground. 🤷🏾‍♂️

Ben Lovejoy (tweet):

Apple-focused writers don’t call Apple out, he suggests, because we mostly subscribe to Apple services so don’t see the promos. I’m not sure that’s the case. Personally, I subscribe to Apple Music; have a free one-year trial to Apple TV+ that I’m unlikely to ever pay for; can’t get the Apple Card in the UK; don’t subscribe to Apple Arcade; and rarely if ever notice app promos in the App Store.

nz:

This is absolutely a problem—I didn’t pay a thousand bucks for a phone, just to have Tim Cook use it as a billboard. I’d I wanted to be a tool for advertising, I’d use Android.

Most insidious by far are the push notifications. I could maybe live with having to dismiss a subscribe dialog when opening the app. Having the system interrupt me to try to sell something is so wrong Apple even has rules against it … not that they or anyone follow those rules. Frankly, that alone has made notifications worthless, since the lack of granularity means I’m just turning off everything.

Dave Mark:

We’ve all seen the wave of ads, seemingly everywhere you turn. Especially if you have not subscribed to a particular service. […] I get it. Apple’s market is maturing, and shareholders demand growth. Apple has turned to services for that growth and these ads are a necessary evil.

Kirk McElhearn:

What I don’t understand is why I see these ads in the iTunes Store, even though I subscribe to Apple Music.

Brian Webster:

Apple: Let’s see how many ads for our services we can get away with putting in our built-in apps.

Samsung: hold my beer.

Steve Streza:

To address some common rebuttals. […]

See also: Hacker News.

Update (2020-02-26): Tom Hagopian:

I thought this was fun. Also when I got an ad begging me to come back to @AppleMusic in the TV app.

William Gallagher:

Apple has not turned iOS into adware, yet we do get get more notifications of services than we did. That’s still a long way from having Mail’s inbox showing us banner ads for golf games and dating sites, though.

The Macalope:

While “adware” might be an exaggeration, particularly if you’re thinking about malicious adware, the textbook definition includes ad-supported software. You could argue that you opt in to the ads when you buy an iOS device and you can turn many of them off if you can find the settings, but is that the experience we’ve come to expect from Apple?

The Macalope wouldn’t say iOS is adware as it’s commonly known, but it does have too many ads. Streza’s more right than he is wrong.

Cory Doctorow:

The whole basis of Ios is not “walled garden” but “benevolent dictatorship.”

In exchange for irrevocably locking yourself to a platform defined by DRM and aggressive litigation to prevent interoperability, Apple implicitly promises that it won’t abuse that privilege.

This is a system that works well, but fails badly.

It requires that you rely on the outcomes of goings-on between executives and shareholders at one of the world’s most secretive corporations, a company that has threatened to sue journalists who refuse to narc on their sources.

But lock-in creates a distinctive microeconomic culture within a board-room or a company. Absent any lock-in, when one exec proposes something profitable (but bad for users), others can warn that this course of action is bad for the firm’s long-term health.

Once customers are locked into the system, though, the managers who have abusive ideas win the argument, provided that it’s a tiny, incremental wickedness that only makes things a LITTLE worse and holds out the promise of a LOT of money.

See also: TidBITS-Talk.

Update (2020-03-27): Austin Evans:

I don’t need Apple TV+ ads in the Settings app please stop

Update (2021-04-07): James White:

Apple: Your app’s launch screen isn’t a branding opportunity. Make it minimal and reflective of the app UI in its starting state, to create the illusion of the app starting instantly.

Also Apple: Plays an animated Apple Arcade splash screen at every launch of every game.

Ruffin Bailey:

That’s a notification on my Mac. Apparently iCloud is going to go away. This implies I can’t even use it, though of course all the stuff I have in iCloud continues to work now. I’m just headed to the state where I can’t add anything new until something is deleted. But why be measured when you can yell the sky is falling?

[…]

This little red warning stares at me every time I open Mail. The clear implication is that all of my email is about to go kaput.

[…]

As a whole, these seem like horribly unpolished, crass, rushed, used-car lot sales techniques.

Previously:

Update (2021-10-28): Rob Griffiths:

Because I’ve chosen not to give Apple $10 a month for Apple Music, this is my reward in macOS Monterey: A huge non-removable ad for Apple Music, and the top section of my Music app is reserved for something I don’t have.

Talk about pushy.

Previously, you could turn off Apple Music and hide it.

Update (2021-11-29): See also: Hacker News.

Update (2022-05-24): Dominik Wagner:

Hey @Apple,

We need to talk. What has happened to you? These kind of banners used to be the sort of stuff that drove us from other platforms. Now every system App start can be a minefield for accidental additional subscriptions.

Not cool.

Update (2022-05-31): Jim Dalrymple:

Apple says @AppleMusic is ad free, yet I’m hearing 40 second ads for some shitty radio shows when I listen to Classic Rock. I’m paying for the service, you can’t have my money and put in ads too. Anything that interrupts my music is ad! You are better than this Apple! I hope!

Update (2022-06-06): Jason Snell:

Apple has taken to inserting ads into its “ad-free” on-demand radio stations. Yes, they’re ads for other Apple Music radio shows, but does it matter? The fact remains that if you listen to an Apple Music streaming radio station like Classic Rock or Alternative, you will eventually hear a 40-second ad for Zane Lowe or Strombo or other pre-recorded Apple Music radio episodes. What was once an ad-free music experience is now punctuated by… promo copy.

Update (2022-08-02): Casey Liss:

  1. this is gross
  2. it’s spam
  3. I was just listening to Apple Music an hour ago, on this device.

Update (2022-08-05): Ken Kocienda:

Settings in iOS is now a place for ads. Just awful. The part I care about is pushed to third place. This is what happens when pushing services becomes more important than providing me with the best computing experience.

I don’t want Apple TV+ ever, but I guess I can’t even decline it here for good. Options are “Yes” and “We’ll nag you again on another device”. Ugh!

Dave Wood:

It never goes away either. Keeps prompting me even though the deal expired. Even shows an expired date right in the ad.

Update (2023-09-04): Timothy Perfitt:

This happens multiple times a day:

  1. Open Mac
  2. Mac show air pods connected.
  3. A bit later, i press the air pods to continue playing my slapping music from the iPhone on Amazon Music.
  4. Music.app opens on my Mac and throws an ad in my face.

My Mac knows my intent but wants to sell me Music++ instead.

Friday, February 14, 2020

SwitchGlass 1.0

John Siracusa:

SwitchGlass adds a dedicated application switcher to your Mac.

[…]

Apple provides APIs to activate applications, optionally also bringing all of their windows to the front. Sometimes, when a call is made to one of these APIs, nothing happens. Or sometimes the app activates but none of its windows come to the front, even though the API call asked for all windows to come to the front. These bugs have existed in macOS for many years, and I’ve not yet found workaround for them in SwitchGlass.

[…]

Q: Why can’t I use SwitchGlass to quit apps?

Sandboxed Mac apps cannot tell arbitrary other applications to quit.

[…]

The area of the preferences window used to set the app switcher’s positon on the screen is meant to show a tiny version of each display’s desktop background image. Unfortunately, sandboxed Mac apps cannot read images from arbitrary locations without asking for permission first. SwitchGlass can access the desktop pictures that come bundled with macOS, but it cannot see any of your personal pictures. I decided it wasn’t worth prompting for permission for this visual frill, so if SwitchGlass cannot read your desktop background image, it will just show a gray box instead.

Brad Ellis discusses designing the icon.

Companies that Scrape Your E-mail

Joseph Cox (via Bruce Schneier, Hacker News):

The popular Edison email app, which is in the top 100 productivity apps on the Apple app store, scrapes users’ email inboxes and sells products based off that information to clients in the finance, travel, and e-Commerce sectors. The contents of Edison users’ inboxes are of particular interest to companies who can buy the data to make better investment decisions, according to a J.P. Morgan document obtained by Motherboard.

[…]

Some of the companies listed in the J.P. Morgan document sell data sourced from “personal inboxes,” the document adds. A spokesperson for J.P. Morgan Research, the part of the company that created the document, told Motherboard that the research “is intended for institutional clients.”

[…]

Edison is just one of several companies that offer free email apps which then sell anonymized or pseudonymised data derived from users’ inboxes. Another company that mines inboxes called Foxintelligence has data that comes from users of the Cleanfox app, which tidies up users’ inboxes.

Edison:

To keep our Edison Mail app free, and to protect your privacy by rejecting an advertising-based business model, our company Edison Software, measures e-commerce through a technology that automatically recognizes commercial emails and extracts anonymous purchase information from them. Our technology is designed to ignore personal and work email, which does not help us measure market trends.

Michael Potuck:

While the developer says on its website that it does “process” its users’ emails, Edison customers that Motherboard interviewed said they didn’t realize what was happening.

And when looking at the big picture, Edison having phrases like “privacy by design” and “privacy first” on its website can feel misleading after learning about how they scrape and sell personal data.

Joe Rossignol:

Edison’s privacy policy and support website also indicate that users can opt out of having their anonymized data shared with Edison Trends partners by navigating to Account > Settings > Manage Privacy in the app.

Nick Heer:

Slice is owned by Rakuten, a Japanese e-commerce conglomerate that also owns Unroll.me. A few years ago, the latter company was at the centre of a similar controversy over the appropriateness of scraping users’ inboxes for marketing data that can be sold.

Previously:

Unpaid Apple Store Bag Checks Ruled Illegal

Mikey Campbell (L.A. Times, Hacker News, Reddit):

The California Supreme Court in a decision delivered on Thursday found Apple broke state law by not paying retail workers for the time they spent participating in mandatory bag and device searches, leaving the company liable for millions in unpaid wages.

In a unanimous ruling (PDF link), the court holds employees were and are in Apple’s control during mandatory exit searches of bags, packages, devices and other items. As such, Apple is required to compensate its employees for time spent on the anti-theft program, which in this case allegedly amounted to up to 20 minutes worth hundreds or thousands of dollars a year.

Juli Clover:

Apple requires all personal packages, bags, and Apple devices that belong to retail employees to be checked by a manager or security before an employee is allowed to leave the store for any reason, including breaks, lunch, and the end of shifts.

Employees are also required to clock out before submitting to an exit search, and have estimated that the time spent waiting and undergoing searches ranges from five to 20 minutes. On busy days, some employees have waited for up to 45 minutes waiting for a bag check.

Apple has argued that allowing employees to bring bags and devices to work is a convenience and has positioned the searches as a “benefit” because employees could prevent searches by not bringing personal items or could be banned from bringing personal items all together. The California Supreme Court says that such a ban would be “draconian” and that Apple’s arguments that employee iPhones are a convenience are “at odds” with how the iPhone is described in marketing materials.

Update (2020-02-18): John Gruber:

This whole thing is an embarrassment for the richest company in the world. I can see how it happened in the first place, but once it got to court, Apple should have recognized that the policy was flatly wrong and settled it by fully paying wages for time spent in these checks to retail employees worldwide.

[…]

Second, taking this lawsuit to the state supreme court left Apple’s lawyers arguing that employees don’t need to take their Apple devices to work. Who doesn’t take their phone to work? I literally don’t know anyone who leaves the house for anything without their phone.

David Heinemeier Hansson:

Really a stain on the company. And they took it to the California supreme court? WAT?

Still can’t get over how Cook signed off on the gaslighting argument that getting frisked at work is a “benefit” to employees, and if they didn’t want that “benefit”, they could leave their iPhones at home.

Update (2020-09-07): Tim Hardwick:

The 9th U.S. Circuit Court of Appeals on Wednesday said Apple must pay over 12,000 retail workers in California for the time spent waiting for compulsory bag searches at the end of their shifts (via Reuters).

The ruling is here. See also: Hacker News.

Update (2021-08-21): See also: Integrity Staffing Solutions, Inc. v. Busk (via Simone Manganelli).

Update (2022-08-29): Juli Clover:

Apple will pay $30.5 million to settle a long-running lawsuit over employee bag checks, reports Bloomberg Law. Apple initially agreed to the sum in November 2021, and now a judge has given final approval to the settlement amount.

macOS 10.15.3 Time Machine Problems

Howard Oakley:

In yesterday’s article, I described how I discovered that two of my Time Machine snapshots had apparently got stuck, and couldn’t be deleted when automatic backups tried to ‘thin’ those snapshots. That in turn was filling my log with error messages every time that Time Machine made an automatic backup. This article explains what happened, and how I fixed the problem.

Howard Oakley (Hacker News):

If you’re intending to rely on Time Machine backups in macOS 10.15.3, you might want to use an alternative as well. I can now confirm that making the first full backup using Time Machine can take so long that it may not be feasible, and that some users are also experiencing failure to restore from an existing backup.

[…]

If you are intending to make a full first backup using Time Machine in 10.15.3, you should be wary of its potential to never complete, and be prepared to fall back to a substitute backup system. If you do encounter very slow progress during the first backup, cancel it, remove the incomplete backup, add the .DocumentRevisions-V100 folder at the root of each volume to be backed up to Time Machine’s exclude list (press Command-Shift-. to see hidden items in the file selector dialog), then try again.

Previously:

Update (2020-02-17): Howard Oakley:

This article explains how you might determine if this is the cause of your Mac backing up slowly, and if it is, what you might do about it.

macOS 10.15.3 Update Erases Log Files, Too

Mr. Macintosh:

Almost all the /var/log files have been erased and start over the minute after the 10.15.3 update finished installing.

[…]

This is my 4th article on 10.15.3 Combo Update issues. If you have not seen them yet, you can view them below.

Previously:

Thursday, February 13, 2020

How Important Our Phones Are

John Gruber:

Yes, phones that cost $1,000 or more are expensive. Yes, that’s outside the budget for most people. But why in the world would anyone argue this is ”hard to justify”? Phones are, for most people, the most-used computing device in their lives.

[…]

There are way more people on the planet who’d rather have a $1,400 phone and a $400 laptop than the other way around.

Phones are too important to be limited to software approved and sold by their platform vendor.

macOS 10.15.3 Update Doesn’t Create APFS Snapshot

Mr. Macintosh:

Something happened in the latest set of Apple updates released on January 28th. The Automatic Backup Snapshots are no longer working!!! At first, I thought it only happened on the 10.15.3 Combo update. I then checked the 2020-001 Security Update on High Sierra and it’s not working either!

I found this out while I was writing another article on Catalina Logs. I built a 10.15.2 device and updated it to 10.15.3. I booted to recovery to restore the from the automatic snapshot only to find that it was missing!

[…]

I am not totally sure what’s going on here, if I had to guess this a bug. I wanted to let you know about this. The last thing you want to do is rely on that automatic backup snapshot only to find out it was never created.

Plus, the installer apparently purges any snapshots that you made manually.

Previously:

2020 State of Mac Malware

Malwarebytes Labs:

Mac threats increased exponentially in comparison to those against Windows PCs. While overall volume of Mac threats increased year-over-year by more than 400 percent, that number is somewhat impacted by a larger Malwarebytes for Mac userbase in 2019. However, when calculated in threats per endpoint, Macs still outpaced Windows by nearly 2:1.

Emphasis added. This sounds really bad at first, like the number of Mac threats is growing in proportion to the (larger) number of Windows threats. But I guess they are just using the non-technical meaning of “exponential,” so the whole thing boils down to “more than.”

The full PDF report:

Of all the threats seen this year, only one incident involved anything other than tricking the user into downloading and opening something they shouldn’t. That is the incident in which Coinbase, and several other cryptocurrency companies, were targeted with malware that infected systems through a Firefox zero-day vulnerability. Affected systems were infected with the older Wirenet and Mokes malware. This was the first time such a vulnerability had been used to infect Macs in any significant way since 2012, when Java vulnerabilities were used repeatedly to infect Macs (until Apple ripped Java out of the system, ending the threats). Beyond that what we saw was a virtual landslide of adware and PUP detections, far outpacing growth on the Windows side. While these threats are not considered as dangerous as traditional malware[…]

[…]

We define “traditional malware” as malicious software such as backdoors, Trojans, and spyware.

[…]

Among the top 10 Mac threats (for both consumers and businesses) are a mix of PUPs and adware. The PUPs are a variety of mostly “cleaning” apps that have been determined as unwanted[…]

So the words “threat” and “malware” also have unexpected definitions that include potentially unwanted apps and adware.

Sara Morrison:

The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst enemy.

“People need to understand that they’re not safe just because they’re using a Mac,” Thomas Reed, Malwarebytes’ director of Mac and mobile and contributor to the report, told Recode.

[…]

“There is a rising tide of Mac threats hitting a population that still believes that ‘Macs don’t get viruses,’” Reed said. “I still frequently encounter people who firmly believe this, and who believe that using any kind of security software is not necessary, or even harmful. This makes macOS a fertile ground for the influx of new threats, whereas it’s common knowledge that Windows PCs need security software.”

This sounds unnecessarily alarmist compared with the contents of the report, and I remain convinced that for most users Apple’s built-in security measures are sufficient. I’ve seen far more Mac problems caused by anti-virus software than actual viruses.

Ben Lovejoy:

Third, and most crucially of all, Mac malware is not a virus. These are not apps that can spread from machine to machine, installing themselves. macOS doesn’t allow unsigned apps to be installed without user permission.

Previously:

Update (2020-02-14): Apple:

Apple is committed to providing great experiences that respect customer privacy and security. When joining the Apple Developer Program and accepting the Program License Agreement, developers agree to ensure that their software is safe and secure for their users. They also agree to cooperate with Apple systems, such as the notary service, designed to help protect users from malware (e.g., viruses, trojan horses, backdoors, ransomware, spyware) or malicious, suspicious, or harmful code or components when distributing Developer ID–signed Mac software outside the Mac App Store. The examples below are provided to help clarify some of the behavior that is not permitted for Mac software distributed in this way.

Via Jason Snell:

It seems that many of the items in Malwarebytes’ report have gotten the hammer from Apple and are no longer actively circulating. The report’s long list of Mac software is an alert that the Mac is now a much more enticing target for makers of adware and other scam software. It certainly can’t be a coincidence that Apple is stepping up enforcement of its policies at the same time that the number of these sleazy apps is increasing.

[…]

It’s valid to wonder if the Mac’s reputation for being a safe harbor leads some Mac users to make bad security choices. But “Macs don’t get viruses” is a statement that is still overwhelmingly true. Even if it makes it awfully hard to sell Mac anti-malware software.

Update (2020-02-17): Nick Heer:

So the chance of experiencing malware — not adware or what Malwarebytes calls “potentially unwanted programs”, but malware — on a Mac actually fell in 2019, according to this report.

Michael Nordmeyer:

Cleanfox and Unroll.me are still being featured on the iOS app store in a “Declutter Your Digital Life” story

Thomas Reed:

“Macs don’t get viruses” is a statement that is still overwhelmingly true.

I see so many people getting infected because they believe this...

Also, keep in mind that adware and PUPs are not harmless. They engage in scams, intercept network traffic, exfiltrate sensitive user data (like browser history), and open all kinds of security holes that could be taken advantage of by more malicious software.

Jason Snell:

As I wrote, “It’s valid to wonder if the Mac’s reputation for being a safe harbor leads some Mac users to make bad security choices.”

That said, I do think you and your employer are stoking fear and that Malwarebytes benefits from that fear. I’m not surprised you take exception.

Apple has multiple methods of stopping bad actors and has stepped up its game in recent months. This third party stuff is almost worthless unless you are making some very bad decisions

Update (2020-02-22): Matt Deatherage:

“Corresponding” in this context means “we saw five times as many things we considered threats in 2019, but we also had five times as many copies of our software running.” Similarly, there is no real way for readers to know if detecting more malware per “endpoint” (a single computer running Malwarebytes for Mac) means that there was more malware out there, or if Malwarebytes just got better at detecting it.

Or maybe it just aggressively blocked more programs. Installing antivirus software means substituting the vendor’s judgment for your own. For example, Malwarebytes says the fourth-most detected item on Macs was the “potentially unwanted program,” or PUP, called “JDI.” That’s the name the company gives to a few launch daemons belonging to TotalAV—an antivirus vendor and competitor to Malwarebytes.

There’s a lot in the report that doesn’t quite add up when examined.

Patrick Wardle:

Well that’s a wrap! Thanks for joining our “journey” as we wandered through the macOS malware of 2019.

Looking forward, maybe we’ll see a drop in malware affecting the latest version of macOS (Catalina), due to its stringent notarization requirements …though word on the street is it’s already bypassed[…]

John Gruber (tweet):

Dan Goodin had a piece at Ars Technica last month about the scourge of fake Adobe Flash installers — which work because unsophisticated Mac users had been truthfully told they needed to upgrade their version of Flash for a decade. It’s a real problem — but third-party antivirus software is not the answer.

See also: Accidental Tech Podcast.

Update (2020-02-28): Thomas Reed (tweet):

However, adware and PUPs can actually be far more invasive and dangerous on the Mac than “real” malware. They can intercept and decrypt all network traffic, create hidden users with static passwords, make insecure changes to system settings, and generally dig their roots deep into the system so that it is incredibly challenging to eradicate completely.

To demonstrate our meaning, what follows is a detailed analysis of what may be the most sophisticated threat on macOS—called Crossrider—a threat that is “just adware.”

Be careful when entering your admin password, and run Little Snitch.

Update (2020-03-06): Howard Oakley:

One very good reason for a user choosing to pay for third-party protection is the lack of information provided about what Apple’s tools do. When it comes to security, bland assurances of protection are now worthless to those Mac users who take security seriously. We’re long past the day when a verbal pat on the back is sufficient. Who should you trust more: the third-party vendor whose articles explain which PUPs and malware their product detects and removes, or Apple’s generic statements about detecting “known malware”? And what does macOS do about PUPs?

Equally, third-party vendors of security products do try to scare users into becoming customers. I don’t know of an industry sector which doesn’t, to some extent, oversell its products.

BlueMail Back in Mac App Store

Joe Rossignol:

Last week, after months of making little to no progress with Apple towards having its Mac app reinstated, BlueMail co-founders Ben Volach and Dan Volach penned an open letter to the developer community that encouraged any developers who feel that Apple has kicked them out of the App Store or otherwise treated them unfairly to reach out to them and share their stories.

Just days later, the BlueMail app has returned to the Mac App Store. In a press release, BlueMail parent company Blix said it has no intention of dropping its legal case against Apple, which it believes extends beyond the removal of BlueMail on the Mac App Store to the “suppression of its iOS app and the infringement of Blix’s patented technology through ‘Sign in with Apple.’”

Joe Rossignol:

In a statement last week, shared with MacRumors, Apple said it “attempted on multiple occasions to assist them in getting their BlueMail app back on the Mac App Store,” but said “they have refused our help.” Apple added that BlueMail was “proposing to override basic data security protections which can expose users’ computers to malware that can harm their Macs and threaten their privacy.”

[…]

Specifically, Apple says its Developer Technical Support team advised the BlueMail team to make changes to how it packages its Mac app in order to resolve a security and privacy warnings issue related to the app creating a new binary with a bundle ID that changes on each launch.

Of course, it’s perfectly normal for an e-mail client to run up against section 3.3.2. So, if I understand this correctly, they made a sketchy app and refused to fix the obvious problem because they wanted to do a PR stunt?

Previously:

Wednesday, February 12, 2020

KVO Reentrancy Canary

Ilya Kulakov (tweet):

While possibility of race conditions in the multithreaded code is a side effect of the desired behavior when multiple processing units compute result based on the shared data, Same-Stack Race Conditions are outright incorrect.

KVO, while often a hated victim, is not the only troubled technology. Everything that uses same-stack callbacks, including Delegates and Notifications, is susceptible.

[…]

In Objective-C and Cocoa I use the following lock-like approach that relies on RAII scopes (and relatively “modern” Clang and GCC that support the cleanup attribute) to detect the errors[…]

Previously:

iOS 13 UTI Bug

Brent Simmons (tweet):

But in NetNewsWire for iOS (currently in beta) this sometimes doesn’t work because, for some people, the system won’t let you select an OPML file to import. (This does not happen on Macs.)

[…]

We found that if a user has another app that declares an OPML UTI — and that UTI doesn’t match ours — then the document picker will not see those OPML files as the type we accept (org.opml.opml) but as something else.

The workaround is to let the user select any text file, which is not great.

Guy English:

Remember when Apple maintained a register for type/creator codes. This was supposed to get away from that and yet... It does seem like some simple web registry system (optional) would help developers who want to do the right thing (the vast majority) be able to do so more easily.

Jake Carter:

That was a fun one I hit when working on OmniOutliner. After hitting other issues I believe we settled on declaring ourselves as able to read ALL file types and just screen them at the time we try to open them. Not great, but it worked.

Kyle Howells:

I ran into the exact same problem the very first time I tried to use the iOS file pocket APIs.

Apple doesn’t like how messy and imprecise file extensions are so they don’t let iOS apps use them. Instead you have to use a much more complex API involving UTI definitions. Except iOS doesn’t handle conflicts well, making the entire thing useless.

I ended up giving up asking for ‘public.data’ (everything) and then just filtering the selected file name in app.

That was the only way I could guarantee the user would actually be able to use my app without another apps UTI definition breaking my app completely.

Especially as iOS is designed that the system knows best and doesn’t allow the user any sort of override or control.

iOS doesn’t have an option to allow the user to even see the file extensions, let alone change them.

Peter Steinberger:

We‘re running into a similar problem where apps override the public PDF. Been hunting them down and explaining them the error one by one, but it‘s like Don Quijote.

Curtis Herbert:

This has been a blight in the GPS world for apps that import GPX files. Apple’s suggestion in the dev forums was ... less than practical.

Annoyingly, this wasn’t a problem until iOS 13. It’s really annoying that Apple opted for the “technically correct” way that lets one rogue app break the user experience.

Douglas Hill:

It looks like UIKit’s document picker and browser use UTTypeCreatePreferredIdentifierForTag. It’s behaviour is documented as being undefined, so some random type wins.

Audit your code! Use UTTypeCreateAllIdentifiersForTag instead to handle all possibilities.

Update (2020-02-14): Adam Maxwell:

This has been a problem on the Mac for years. I even wrote a whitepaper about it, trying to get Mac TeX developers to coordinate our own set of common UTIs.

Jonathan Grynspan:

Re the “UTI bug”: if people are still seeing issues in the latest seeds, please file bugs so the right folks know what’s not working.

Tuesday, February 11, 2020

Google Maps at 15

Lauren Goode (tweet):

Jen Fitzpatrick leads the Google Maps team, and also happens to be one of the earliest Googlers. She first joined the company as a software coding intern in 1999, and worked on Google’s search, advertising, and news products before finding her way to Maps. Fitzpatrick sat down with WIRED ahead of the app’s 15th birthday to talk about the evolution of digital maps, how she plans to keep advertising from being as confusing on maps as it is in search, and a future in which Google Maps is more than just a driving app.

[…]

I think we had a hypothesis going into the AR-based walking navigation effort that it would be most helpful for people when they were in very unfamiliar settings, in a travel kind of scenario. And I think we’ve seen that to be the case.

[…]

I think you’ll see Google Maps evolve to be an application that’s much, much better at getting you from here or there no matter what mode of transportation you’re using, even if you’re chaining together multiple modes of transportation.

Alexandra Erin:

If you find yourself using AirBNB, here’s what I would suggest, based on the past ~5 years of scammer stories:

1. Plug the address into Google Maps first.
2. Compare Street View pictures of the property to the interior photos.
3. Verify the hosts exist.

Eric Young:

Apple Maps vs Google Maps in an emergency

Los Angeles county already received the Apple Maps revamp that supposedly made it on par or better than Google Maps

This can have deadly consequences for anyone relying on Apple Maps during an emergency

Previously:

More About SwiftUI

Apple (via Tony Arnold):

You’ll start by adding a macOS target to your project, and then reusing the shared data you created for the iOS app. With all of the assets in place, you’ll create SwiftUI views to display list and detail views on macOS.

Follow the steps to build this project, or download the finished project to explore on your own.

Chris Eidhof:

After a few months spent delving into SwiftUI, we decided to write a short book: it’s called Thinking in SwiftUI. Since SwiftUI is still in its early days, the book focuses on the concepts behind the framework that we believe are essential to understand. It is not a reference for SwiftUI’s platform-specific APIs, but rather a guide to honing your intuition about how SwiftUI works.

Nikita Prokopov (Hacker News):

First, the general approach SwiftUI is taking (reactive declarative data-driven UI framework) is really solid and considered state-of-the-art as of the current day of the year. No complaints here, great job, we all needed that, thank you Apple for releasing it. No, seriously. It’s a great tool and I’m looking forward to using it.

But, a few things I noticed in SwiftUI concern me. I think they could illustrate points in the UI framework design that future systems could handle better. Without further ado, let’s start with the biggest problem in API design: commas!

Will Townsend:

Today I’ll explain how to create your own Button Styles, and hopefully show you the difference between ButtonStyle and PrimitiveButtonStyle, and why you’d use one or the others.

Scott James Remnant (via Joshua Emmons):

One of the first things presented about SwiftUI is that its views choose their own sizes, and that once chosen, those choices cannot be overridden. This is such a simple statement that it would be easy to move on quickly to get to the good stuff.

This would be a mistake, because this simple statement fundamentally changes everything you know about layout.

[…]

This doesn’t contradict what we’ve just learned about chosen sizes not being able to be overridden, it actually demonstrates another key principle we haven’t learned yet: a view receives a proposed size from its parent before it chooses its own size.

Alexander Grebenyuk:

SwiftUI no longer uses Auto Layout, gone all of the cruft introduced over the years. SwiftUI has a completely new layout system designed from the ground up to make it easy to write adaptive cross-platform apps. […] I can’t be more excited to dig deep into the SwiftUI layout system to see what it has to offer.

Ole Begemann:

SwiftUI’s layout algorithm may be simple on the surface, but the way the built-in views and view modifiers interact is tremendously complex (and largely undocumented).

Javier:

After spending some time testing the limits of alignment guides, I arrived at the conclusion that they do work. However, there’s confusion about what we expect from them. This confusion comes from not realizing there’s a whole set of implicit alignment guides in effect. When we ignore them, things do not go our way.

Javier:

In this short article, we are going to explore several aspects of View equality. We’ll see what happens when we make a view conform to Equatable, and what is the purpose of EquatableView and the .equatable() modifier.

Javier:

If you’ve been using SwiftUI for a while now, you probably hit the problem where you find yourself trying to update the state of a view from inside its body. Usually, Xcode complains during runtime. When it does, you are forced to put your update inside a DispatchQueue closure (not feeling too good about yourself) but you carry on anyway. Does this sound familiar? In this article, we’ll discuss why it sometimes is perfectly fine to apply that technique, but some other times, it’s a no-no (leading to CPU spikes or app crashes).

Jared Sorge:

In my last post I talked about some of the struggles I’m having getting up to speed with SwiftUI. Let’s dive in to a couple of examples.

Rob Whitaker:

Apple has taken the chance to re-think how some of their accessibility tools work for developers, and they’ve baked in accessibility right from the very beginning. Apple’s accessibility teams have been an integral part of some of the decisions that have shaped SwiftUI. You can see this throughout your SwiftUI code.

Mattt Thompson:

It’s hard to overstate how much of a game-changer Xcode Previews are for iOS development, and we couldn’t be happier to incorporate them into our workflow.

Kishikawa Katsumi:

I published SwiftUI online playground.

You can try SwiftUI and see the rendering results insanely easily.😊

Thomas:

I tried to replicate my app’s GUI using SwiftUI. Couldn’t get the basic layout right: standard controls do not size themselves correctly. Also, popup buttons do not draw their menu correctly. SwiftUI is plain broken on macOS.

I continue to hear about problems like this.

Wooji Juice:

If you want to make a Mac app, there are 4 primary APIs you could be using, in a sorta 2x2 grid: AppKit, UIKit (w/Catalyst), SwiftUI-in-AppKit, SwiftUI-in-UIKit. It’s a complex mess of what each does/doesn’t support — figuring out which to use for any given UI is trial & error

I’ve been trying to make one relatively simple bit of UI (in a standalone testbed app) for days. Every time I think I’m on a roll, I bump into a different wall of missing functionality. I try different implementations. I try different designs that don’t need same features.

It’s not even like you can say “Screw it, I’ll do everything old-school pure native AppKit and get access to everything”, cuz you’ll still be missing some things (e.g. SF Symbols aren’t supported, even tho they are all available on Mac since Catalyst apps can use them).

Previously:

Rejecting and Accepting an Appfigures Client

Vojtech Rinik:

I’ve always wanted to build a desktop app that would let me access my most important data quickly. Like those old dashboard widgets used to.

I finally got around to it, and started with Appfigures, my favorite service to track App Store sales.

[…]

We noticed that your app offers a subscription with a mechanism other than the in-app purchase API.

Can anyone explain to me, how did they let the official Appfigures app into the App Store? It’s the same thing, and I’m pretty sure they don’t have IAPs. It’s just a dumb viewer of the data.

Vojtech Rinik:

Right after the rejection, I submitted an appeal. I didn’t expect much. I heard the stories. Once your app gets rejected, there’s nothing you can do, I thought. Especially if you’re small and irrelevant.

[…]

To my surprise, I got a reply to my appeal. (At this point, I wasn’t expecting one.) Just two days later I received a response, which basically said “Yup, we checked again, you’re fine, actually.”

Unbelievable, I thought. The best part? This heart warming message at the end: “Thank you for your commitment to Mac app development.”

Monday, February 10, 2020

Avalanche for Lightroom 1.0.5

Ric Ford:

Avalanche is a native Mac app from CYME that promises to quickly migrate Aperture photo libraries to Adobe Lightroom or Lightroom catalogs to folders of files while using AI for some processing assistance…

Claudia Zimmer:

Avalanche was born out of our need to move massive amounts of photos from Aperture to Adobe Lightroom. We tried many different ways to achieve this and it was frustrating because it was often incredibly slow, and lots of edits were lost in the process.  Then we started to work on CYME’s ambitious photo project and realized that the first building block was a component that would understand the inner structure of all major photo cataloging apps (Aperture, Photos, Lightroom, Luminar, CaptureOne,…). Having this component to read from and write into any catalog format, would indeed allow us to convert between them. So we decided to release a first product that would be that converter and gradually add more input and output formats to it.

Claudia Zimmer:

One of the promises of Avalanche is to preserve the visual aspect of the migrated images by applying some clever algorithms to derive the adjustments in Lightroom (for example) from the adjustments in Aperture.

[…]

The idea behind ML is to learn from a set of images that have been adjusted in Aperture and Lightroom, what are the “functions” to apply to the set of parameters in Aperture, in order to find, one by one, the value of each parameter in Lightroom.

Other migration tools simply bake the adjustments and metadata into the image. Avalanche tries to migrate the master images and then set up equivalent non-destructive edits. Of course, this won’t always be possible, as the Aperture and Lightroom engines are not documented and don’t support all the same features.

CYME:

But Avalanche goes one step further by attempting to migrate all the adjustments made to images into the destination catalog.

[…]

Avalanche does not require Aperture to run on the Mac. It can read the Aperture Catalog format natively.

Whereas Aperture Exporter needs to talk to Aperture via AppleScript.

Previously:

Update (2020-02-17): See also: Matthieu (via John Gordon).

macOS 10.15.4 to Warn About Deprecated KPIs

Apple:

At WWDC19, we announced the deprecation of kernel extensions as part of our ongoing effort to modernize the platform, improve security and reliability, and enable more user-friendly distribution methods. Kernel programming interfaces (KPIs) will be deprecated as alternatives become available, and future OS releases will no longer load kernel extensions that use deprecated KPIs by default.

[…]

Below is a list of deprecated KPIs as of macOS 10.15. In macOS 10.15.4, use of deprecated KPIs triggers a notification to the user that the software includes a deprecated API and asks the user to contact the developer for alternatives.

Via Howard Oakley:

Normally, this requires you to run the app (or its installer), during which it and macOS should prompt you to open the General tab of the Security & Privacy pane, authenticate, and agree to the kernel extension being installed. This consent is only available for a relatively short time: if it occurs when you’re out, it’s possible that it will vanish, and you may have to repeat the process to catch it. This is what Apple calls User-Approved Kernel Extension Loading, and doesn’t involve the Privacy tab, with which you’re probably now more familiar.

[…]

Sometimes, even after closing the app or installer and restarting, the kernel extension doesn’t get installed properly. You can repeat the process, maybe even a couple of times, restarting after each attempt. But in some cases – in Macs with a T2 chip only – the kernel extension won’t load properly unless you disable Secure Boot.

Previously:

Taika Waititi on MacBook Keyboards

Sam Byford (video, Hacker News, Reddit, MacRumors):

“Apple needs to fix those keyboards,” he said. “They are impossible to write on — they’ve gotten worse. It makes me want to go back to PCs. Because PC keyboards, the bounce-back for your fingers is way better. Hands up who still uses a PC? You know what I’m talking about. It’s a way better keyboard. Those Apple keyboards are horrendous.”

“I’ve got some shoulder problems,” Waititi continued. “I’ve got OOS [Occupational Overuse Syndrome, a term used in New Zealand for RSI] — I don’t know what you call it over here, this sort of thing here (gestures to arm), that tendon which goes down your forearm down into the thumb? You know what I’m talking about, if you guys are ever writing.

Daniel Jalkut:

It’s only because Apple allowed the MacBook Pro keyboard problem to go on SO LONG that it could possibly have become a talking point in an Oscar awards interview. I hope some lessons have been learned.

John Gruber (tweet):

Yes, there’s a new keyboard with scissor-switch mechanisms in the 16-inch MacBook Pro. It’s a pleasure to type on. But we’re still months away from the rest of the MacBook lineup being updated to use that new keyboard. And that’s a presumption on my part, that all MacBooks will get the new keyboard sooner rather than later. It certainly wouldn’t make any sense if they didn’t — but the whole butterfly-switch saga has never made any sense.

The 16-inch Macbook Pro’s keyboard is apparently more reliable and has more travel, but I think it’s still inferior to the pre-2016 keyboards. It’s less comfortable to type on because the keys feel hard, perhaps due to the reduced travel. And the Touch Bar makes it harder to type the F keys because you can’t feel where the key is, can’t be sure when you’ve pressed it, and can “press” it accidentally just by touching it.

Todd Ditchendorf:

From his description, I’m remotely diagnosing this guy with “Radial Tunnel.” Ergonomically speaking, Apple’s input devices are criminally bad.

Previously:

Update (2020-02-14): Edgar Wright:

The funny thing is though he’s not joking. And he’s right!

TDFKA:

Oh my god, I’m glad to know someone else feels my pain. This is my current keyboard, I ended up taping over several keys because they’re a nightmare when writing.

France Fines Apple for Throttling iPhones Without Telling Users

Romain Dillet (Hacker News):

France’s competition watchdog DGCCRF announced earlier today that Apple will pay a $27.4 million (€25 million) fine due to an iOS update that capped performance of aging devices. The company will also have to display a statement on its website for a month.

[…]

Many users may have noticed that their phone would get slower when they play a game, for instance. But they didn’t know that replacing the battery would fix that. Some users may have bought new phones even though their existing phone was working fine.

France’s DGCCRF also notes that iPhone users can’t downgrade to a previous version of iOS, which means that iPhone users had no way to lift the performance capping feature.

Via Nick Heer:

I don’t know — or, frankly, care — if €25 million is a fine that is too small, too big, or not worth issuing at all. What I do know is that it is ridiculous to defend Apple’s decision not to explain this to users at the time.

[…]

Of course it would not have been easy for Apple to explain why this decision made sense — Warwick alone spent about a thousand words retelling this saga. But it would have been right, and avoided accusations that the company was being underhanded and sneaky.

[…]

To be clear, there’s no indication that this wasn’t publicized at the time to avoid poor PR; that’s something Warwick implied. If anything, this seems like an example of stupidity, not malice.

It’s such an odd story. Recall that, after it became clear what was happening, Tim Cook said that people who didn’t know about the throttling weren’t “paying attention.” I’ve seen no evidence that anything was ever reported that people could have paid attention to. Then Apple retroactively added “improves power management” to the iOS 10.2.1 release notes, still without any indication that this meant it might slow down your phone.

Previously:

iOS 13 Cursor Placement and Text Selection

Federico Viticci:

The new operating systems remove one of iOS’ marquee and historical features – the magnification loupe – in the name of a revised text selection mechanism that lets you directly pick up the cursor and select text with gestures. While it is still possible to press on the keyboard with 3D Touch (or hold the space bar) to move the cursor, you can now simply pick up the blinking cursor and move it onscreen to drop it in a new position. When picked up, the cursor will enlarge slightly; in iOS 13.1, it’ll also subtly snap to the beginning and end of lines.

When you’re moving the cursor this way, iOS 13 will not show you a magnification loupe. The removal of that useful visual detail could be ascribed to the new text selection behavior in iOS 13: now, instead of double-tapping to enter text selection, you can tap, hold, and swipe to start highlighting text.

I like this new text selection gesture (even though it took me a while to get used to it), but I don’t buy the theory that removing the magnification loupe was necessary to avoid conflicts between old and new gestures. iOS could and should still display a magnification loupe when performing text selections: in the months I’ve been using iOS 13, I’ve found myself unable to tell with precision whether I was selecting the right portion of text because my finger was covering it and there was no magnification loupe on the side to double-check the text I was selecting.

Benjamin Mayo:

In the WWDC 2019 presentation, Craig Federighi praised the new UI for text selection, saying “there’s no need to double tap and no magnifying glass getting in your way”. I remember doing a double-take when he said it because that’s not really true at all. The magnifying glass was a convenience, rather than annoyance.

Mike Rockwell:

The text selection system in iOS 13 is absolute garbage. I can never tell if I have my selection point at the right place because my finger is always in the way.

The new design has been widely criticized, but I like it. It feels much faster, and I don’t miss the loupe because I can just slide my finger down after picking up the insertion point so that it doesn’t cover the part I’m looking at.

Rebekka Honeit:

Tap and hold the cursor until the cursor symbol appears bigger. Then drag the cursor to its new position and let it go.

[…]

Selecting a word, sentence, or paragraph has become a lot easier.

[…]

There are also new gestures for copy and paste.

[…]

To undo, swipe to left with three fingers.

To redo, swipe to right with three fingers.

Previously:

Friday, February 7, 2020

YouTube Audio to Overcast

Mike Rockwell:

There’s just so many videos on YouTube that don’t really need the video component. Whether they be information videos or talk shows, often times you can get by without the visuals. For those videos, the YouTube app is a bit heavier than what is necessary for listening. Something like Overcast with its Smart Speed feature, is a much better solution.

[…]

So I put together a shortcut — Push To Overcast — that lets me download a video from YouTube, convert it to an audio file, and then easily upload it to Overcast.

[…]

The shortcut utilizes UPull.me to download the YouTube videos. I don’t know too much about the site or who built it, but it’s the best method I’ve found for downloading videos from YouTube.

I’ve been using Softorino YouTube Converter 2 for this, but it’s cool to see that it can be done from iOS, too.

Tracking Subscriptions

TJ Luoma:

With subscriptions being an important part of modern digital life, it seemed wise to find a way to keep track of them. First I turned to Bobby, which is an iPhone app that has been mentioned a few times on Mac Power Users for managing subscriptions.

Having used it quite a lot now, I can say that Bobby is both great and frustrating.

[…]

But the truth is that App Store subscriptions are easy to find and manage. It’s all of the other subscriptions that are harder to remember, but it’s worth taking the time to pay attention before you get another email thanking you for renewing a subscription that you had entirely forgotten about.

Editorial and Pythonista

Editorial 1.3.4 was just released, with support for modern iPhone screens but not iCloud Drive. Pythonista remains at version 3.2, last updated in 2017.

Ole Zorn:

I’ve just released an update for Editorial on the App Store that has been sitting on Apple’s servers for a while. It’s not the update some of you may have been waiting for, but it addresses some pain points like iPhone X support etc.

[…] I’d honestly feel better making it free (it’s still $4.99), but I’m concerned that this would lead to an influx of new users that I wouldn’t be prepared to handle support-wise, and who would end up disappointed anyway.

I feel terrible stretching this out for so long, but it’s come to a point where I just have to live with my negligence, born out of anxiety, and at least don’t let it die a death it doesn’t deserve.

[…]

The reasons I’ve stretched this out for so long are mostly personal and have to do with my mental health and experiences I’ve made in the last couple of years (mostly last year). I’m truly sorry that I’ve neglected something that quite a few people actually liked…

It’s great to get an update, even if minor. Zorn’s work has been an inspiration, and I wish the best for his health and business.

Ole Zorn:

This whole thing about Editorial also applies to Pythonista of course, with the difference that my income actually depends 100% on that app, so there are also purely selfish reasons that I don’t just put it on GitHub and let others deal with the mess, i.e. it pays the bills…

…I’m not proud of it, but it’s not easy to let go of something like this because it’s become a rarity in today’s App Store to generate meaningful income as one person, and I’m not sure if I’ll be able to recreate something like this in a few years or even now.

Aside from that, I still have love and a drawer full of ideas for the app...

Ole Zorn:

I spent a ton of time on this upgrade screen transition and heart-shaped particles. Just marketing? Sure, but it would have brought Python(ista) to a lot of additional people while still paying my bills – but: Too afraid my app is actually a gimmick and people are happy w/ free.

Previously:

Update (2020-02-14): Ole Zorn:

I completely forgot to post the Editorial 1.3.4 release notes here. It should be clear that this is a maintenance release to keep the app alive for existing users, but this is not the future.

Rui Carmo:

The second is that Pythonista is utterly unique in so many regards. It is an unstated masterpiece, and (at least in my view) pushed the envelope of what it is actually possible to do on an iPad beyond anything anyone else (even Apple) has done, so I really it needs to be future-proofed somehow.

[…]

Apple, in particular, should take note. Swift Playgrounds were cute to begin with, but none of my kids used them after the first couple of weeks because they are too limited to do anything remotely useful, and this pushes forward the notion that the platform itself is, if not borderline hostile to developers, at least fundamentally unsuited for programming in general, even at the most basic levels.

iCloud Drive Changing Empty Files

Anton Sotkov:

iCloud Drive servers recently started reverting all 0 byte files to the last non-empty version. Not a problem for most apps, but all plain text editors now have a bug where it’s impossible to remove all content from a file.

It looks like this has now been fixed, but it’s still scary. Aside from messing up user editable text files (where the problem might be obvious—or not, depending on when you last used the file), the modified files could have semantic meaning for an app, which then misbehaved or corrupted other data as a result.

Timo Hetzel:

Most certainly working around some iCloud bug that emptied files by itself.

Yariv Nissim:

I still have zero bytes files that I lost from Catalina beta. Checked now and they’re still empty. Would love for Apple to restore them because I have no backups of files in iCloud Drive.

Previously:

Update (2020-02-14): Maciej:

This is what one of 13.3.1 betas did to my iCloud main directory. Correct folders were properly displayed below that. Nothing seems to have been lost though.

Thursday, February 6, 2020

Wacom Tablets Track Every App You Open

Robert Heaton (tweet, Hacker News):

But Wacom’s request made me pause. Why does a device that is essentially a mouse need a privacy policy? I wondered. Sensing skullduggery, I decided to make an exception to my anti-privacy-policy-policy and give this one a read.

In Wacom’s defense (that’s the only time you’re going to see that phrase today), the document was short and clear, although as we’ll see it wasn’t entirely open about its more dubious intentions (here’s the full text). In addition, despite its attempts to look like the kind of compulsory agreement that must be accepted in order to unlock the product behind it, as far as I can tell anyone with the presence of mind to decline it could do so with no adverse consequences.

[…]

Some of the events that Wacom were recording were arguably within their purview, such as “driver started” and “driver shutdown”. I still don’t want them to take this information because there’s nothing in it for me, but their attempt to do so feels broadly justifiable. What requires more explanation is why Wacom think it’s acceptable to record every time I open a new application, including the time, a string that presumably uniquely identifies me, and the application’s name.

Update (2020-02-14): Malcolm Owen:

Wacom has responded to allegations drivers for its tablet line are collecting data on its users and passing it on to Google, including the names of macOS applications being used, by claiming it has no access to personal data and what data it collects is anonymized before it is seen by the company.

Apple’s Independent Repair Program Contract

Maddie Stone (tweet, Hacker News, MacRumors):

In order to join the program, the contract states independent repair shops must agree to unannounced audits and inspections by Apple, which are intended, at least in part, to search for and identify the use of “prohibited” repair parts, which Apple can impose fines for. If they leave the program, Apple reserves the right to continue inspecting repair shops for up to five years after a repair shop leaves the program. Apple also requires repair shops in the program to share information about their customers at Apple’s request, including names, phone numbers, and home addresses.

The privacy company.

Furthermore, IRPs must obtain “express written acknowledgement” from customers showing they understand they are not receiving repairs from an authorized service provider[…]

This is kind of confusing because the whole point of being an IRP is to get authorized parts. Shops using unauthorized parts will require no such written acknowledgement.

If Apple determines that more than 2 percent of a repair business’s transactions involved “prohibited products,” it can, per the contract, force the business to pay Apple $1,000 for every transaction that occurred during the audit period, in addition to reimbursing Apple for the cost of its investigation.

This seems risky because what’s prohibited is not well defined.

Colin Cornaby:

I think the most anti-competitive thing Apple does is prevent shops from stocking repair parts. It prevents them from getting out to places like eBay, but puts independent repair shops at a speed disadvantage. They can’t order parts until they start the repair.

Previously:

Update (2020-02-07): See also: Hacker News.

Objective-C Quiz

Robert Widmann:

Objective-C is a simpler language than Swift.

The Ontology around Objective-C is a minefield of complexity far outweighing anything Swift could hope to approach.

Before you argue with me, take a short quiz.

David Smith:

I believe I can probably generate a longer list of hard to answer questions in Swift using only the behavior of the “as?” operator, so I’m not sure I agree with your premise.

Regardless, it’s an interesting quiz, though I have quibbles with some of the wording.

macOS 10.15.4 and iOS 13.4 in Beta

It looks like these updates will be about a lot more than bug fixes.

Steve Troughton-Smith:

UIKey! Are we finally getting keyboard key up/down events on iOS and Catalyst?

Steve Troughton-Smith:

UIDatePickerStyleCompact!

Steve Troughton-Smith:

Home in 10.15.4 does indeed do away with the spinning date pickers. They obviously haven’t finished redesigning for the compact picker — but this is what it looks like. You click, you type a number

Sounds like it will still be inconsistent with NSDatePicker.

Ryan Christoffel:

iOS 13.4 beta restores iCloud Drive Folder Sharing.

Guilherme Rambo:

New “head pointer” accessibility feature in 10.15.4. Control the cursor with head movements.

Benjamin Mayo:

OS 13.4 has reverted a bad design choice made with the iOS 13 Mail app, namely the actions toolbar the bottom of the screen.

The delete and reply buttons now sit at opposite ends of the toolbar, and Apple has added back the quick actions for flagging and moving folders.

Previously:

Update (2020-02-07): Juli Clover:

Below, we’ve rounded up all of the changes that we’ve found in iOS and iPadOS 13.4 so far.

Joe Rossignol:

Over the last few months, an increasing number of references to AMD processors have been uncovered in macOS Catalina code, starting with the 10.15.2 beta in November and now continuing in the 10.15.4 beta.

Wednesday, February 5, 2020

Universal Purchase

Apple:

Starting in March 2020, you’ll be able to distribute iOS, iPadOS, macOS, and tvOS versions of your app as a universal purchase, allowing customers to enjoy your app and in‑app purchases across platforms by purchasing only once. You can choose to create a new app for these platforms using a single app record in App Store Connect or add platforms to your existing app record.

Apple:

Xcode 11.4 supports building and distributing macOS apps as a universal purchase. To distribute your macOS app as a universal purchase, specify the same bundle identifier as your iOS app in the Xcode template assistant when creating a new project. If you have an existing project, edit its bundle identifier in the Project Editor.

Universal purchase is enabled by default for new Mac Catalyst apps created in Xcode 11.4. When you create a new Mac Catalyst app, it will use the same bundle identifier as your iOS app.

It’s great to have the option for universal purchases, but tying it to the bundle identifier seems problematic. What if you’ve already shipped an app for multiple platforms? Apple doesn’t let you change the bundle identifier. Do you have to abandon the old app (losing its links and ratings and migrating its files and AppleScripts) or maintain two separate apps?

From the business side, it’s a great user experience for customers who want to pay once and get everything. But what about customers who only want the iPhone version and may not even own a Mac or Apple TV? They have to pay the same price? And, for developers, this is likely to further devalue software. Get all the versions for one low price, with Apple implying that it didn’t take much extra effort.

Steve Troughton-Smith:

if Apple was actually planning shared purchase this year then you’d think they would have launched it alongside Catalyst instead of making us go through all that now for dead-end bundle IDs and store records

Joe Cieplinski:

Universal purchases for Mac/iOS is yet another reason to go subscription.If you don’t offer universal, people will lob crap at you. If you go subscription, they will too. Might as well take the option that makes more money.

Previously:

Update (2020-02-06): Craig Hockenberry:

Before you change a bundle ID for a macOS app, make sure you understand the implications. If you’re never heard of lsregister, you don’t understand the implications.

Then you need to think about receipts and app ID prefixes: @robotspacer asks some good questions - and without answers, I would not go anywhere near this feature.

Business-wise, I feel like it’s going to be as good for the Mac as Universal apps were for the iPad.

More platform-specific work for less overall revenue, and ultimately a bad move for all involved (especially customers).

Update (2020-02-07): Craig Hockenberry:

One hidden surprise with Universal macOS and iOS apps: you can no longer use the exact same name for different SKUs. Names have to be unique across all platforms.

Use this trick if needed: instead of U+002D for a dash, use something like U+2013, which is visually similar.

Update (2020-02-14): See also: Reddit.

Update (2020-04-17): Jeff Johnson:

It appears that the purpose of Universal Purchase was to encourage developers who didn’t yet have a Mac version of their app to produce one (also the purpose of the Catalyst technology in Catalina). But for developers and customers of apps that already had both Mac and iOS versions, Universal Purchase is an incredibly bad deal. It feels like a betrayal from Apple, because developers who have been “loyal” and did the “right thing” from the beginning, who made native AppKit and UIKit apps, are punished, while developers who never bothered to make a Mac app are rewarded.

Update (2021-07-14): Drew McCormack:

Seems that for Universal Purchase apps, reviews written on iOS/iPadOS are merged, but macOS is separate. Ie. The iOS App Store shows different reviews to the MAS. Is that right? This would be a big barrier to going Universal for us: going back to 0 reviews on one platform.

Xcode 11.4 Beta

Apple:

Build settings have a new evaluation operator, default, which you can use to specify the default value of a build setting if it evaluates to nil in the context of the evaluation.

[…]

View debugging supports showing layers using the Show Layers menu item in the Editor menu.

[…]

The exception reason now surfaces as an editor annotation. You can inspect the Exception object in Variables View and find the backtrace of the original uncaught exception, if any, in the Debug Navigator.

[…]

Selecting a SwiftUI preview in code now highlights the corresponding preview in the canvas, and vice versa.

[…]

You can call values of types that declare func callAsFunction methods like functions.

[…]

Subscripts can now declare default arguments.

[…]

XCTest now includes throwing variants of the setUp() and tearDown() instance methods, allowing tests to throw errors in Swift during set up or tear down. Override the setUpWithError() or tearDownWithError() methods instead of setUp() or tearDown(), respectively.

[…]

Errors thrown by Swift test methods now record the source location where the error was thrown.

[…]

XCTest now supports dynamically skipping tests based on runtime conditions, such as only executing some tests when running on certain device types or when a remote server is accessible.

Looks like some great improvements (including many for the simulator). Too bad it requires Catalina.

Previously:

Update (2020-02-06): Paul Hudson (Hacker News):

The first beta of Swift 5.2 just landed with Xcode 11.4 beta, and it includes a handful of language changes alongside reductions in code size and memory usage, plus a new diagnostic architecture architecture that will help you diagnose errors faster.

Update (2020-02-07): Peter Steinberger:

We benchmarked Xcode 11.3.1 and Xcode 11.4b1 after seeing the reported Swift compiler performance improvements. For ObjC/C++ heavy code Clang became around 10% slower, not faster.

Peter Steinberger:

Xcode 11.4b1 is great overall. Similar stability, much nicer Simulator, everything still compiles, way faster UI tests, amazing view inspector upgrades. Gonna use this as main IDE now. Great work, Xcode team!

Update (2020-02-14): Shai Mishali:

Xcode 11.4b1 mentioned it offers Swift compiler improvements, and yet:

On a ~7 years-old project with mixed Objective-C/Swift (60%/40%)

3 clean (nuked Derived Data, etc.) build-time averages:

Xcode 11.3: ~185 seconds
Xcode 11.4b1: ~230 seconds

About 22% slower

Donny Wals:

I’m pretty sure that the ability to test push notifications in the simulator is my favorite new feature in Xcode 11.4

Update (2020-02-17): Donny Wals:

Swift isn’t the only language to allow its users to call instances of certain types as functions. A language that I have used a lot that allows this kind of behavior is Python. The ability to invoke instances as functions is very interesting in certain applications where you want to represent a stateful calculator, parser or computing object. This is very common in complex math operations and machine learning where certain objects might hold on to some state and only implement a single method.

[…]

In many cases, a simple closure wouldn’t do. The object that ends up handling the route would need to have a database connection, a concept of caching, authenticating and possibly a lot of other functionality. Capturing all of that in a closure just doesn’t seem like a great idea. Instead, you’d want some kind of complex object to handle this route. And that’s exactly the kind of freedom we get with callAsFunction.

Tuesday, February 4, 2020

A New Hash Algorithm for Git

Jonathan Corbet (via Hacker News):

With the hash algorithm abstracted out of the core Git code, the transition is, on the surface, relatively easy. A new version of Git can be made with a different hash algorithm, along with a tool that will convert a repository from the old hash to the new. With a simple command like:

git convert-repo --to-hash=sha-256 --frobnicate-blobs --climb-subtrees \
   	--liability-waiver=none --use-shovels --carbon-offsets

a user can leave SHA‑1 behind (note that the specific command-line options may differ). There is only one problem with this plan, though: most Git repositories do not operate in a vacuum. This sort of flag-day conversion might work for a tiny project, but it’s not going to work well for a project like the kernel. So Git needs to be able to work with both SHA‑1 and SHA‑256 hashes for the foreseeable future. There are a number of implications to this requirement that make themselves felt throughout the system.

One of the transition design goals is that SHA‑256 repositories should be able to interoperate with SHA‑1 repositories managed by older versions of Git. If kernel.org updates to the new format, developers running older versions should still be able to pull from (and push to) that site. That will only happen if Git continues to track the SHA‑1 hashes for each object indefinitely.

Previously:

Alternative Ways to Protect Yourself From Being Spearfished

Ivan Drucker:

We came up with a technique that uses Google Voice text messages as an alternative to authenticator apps—although it requires a bit more setup, we think it’s easier to use and understand, plus it acknowledges some people have to allow trusted assistants or consultants access to their accounts.

[…]

I called my carrier and activated a PIN, and I keep it in my password manager. I strongly advise that you do the same—here are informational links for AT&T, Sprint, T-Mobile, and Verizon. However, I don’t want to rely solely on a carrier transfer lock. I don’t know how well they are implemented, and I assume that some thieves are really good at what they do and may be able to talk their way around it.

[…]

Because the account email address in no way identifies them and is used for nothing other than hosting the Google Voice number, a thief should never come across it. And, even if one did, they wouldn’t know to whom it belongs. (If you do try this Google Voice approach, be sure to remove your real cell phone number from your account, which is added by default during setup. If you don’t, an attacker stealing your cell phone number would still get the Google Voice text message codes. Also disable the default forwarding of text messages to your email address.)

Google Voice accounts are probably more secure than your real phone number, but be careful about your account expiring.

NSErrorDomain, NS_ERROR_ENUM, and NSErrorUserInfoKey

Bertrand Longevialle (via Colin Cornaby):

Objective-C has a few macros to available to make your own NSError+YourDomain.[hm] self-documentingly crystal-clear. 👌

[…]

Because it is imported in Swift as a specific type, properly defined NSError domains and code enums let the client benefit from all the completeness of NSError while writing first-class swift code.

While NSError initing remains very similar, their handling gets shortened and clarified.

Joachim Kurz:

What the Compiler does for the enum cases of an NS_ERROR_ENUM is two-fold:

  • use the name of the enum and remove that prefix from all enum cases before importing them to swift
  • create an enum with the given name to hold those cases. If the given name ends with Code remove that suffix.

See also: Handling Cocoa Errors in Swift.

Delivering Origin-bound One-time Codes Over SMS

Ricky Mondello:

We’ve published an explainer about an idea to harden SMS-delivered one-time passwords by allowing senders to associate the codes with a website. We’ve been talking about the idea with some folks at Google, and would like more feedback.

WebKit (MacRumors):

This proposal attempts to reduce some of the risks associated with SMS delivery of one-time codes. It does not attempt to reduce or solve all of them. For instance, it doesn’t solve the SMS delivery hijacking risk, but it does attempt to reduce the phishing risk.

[…]

But because there is no standard text format for SMS delivery of one-time codes, systems which want to make programmatic use of such codes must rely on heuristics, both to locate the code in the message and to associate the code with a website. Heuristics are prone to failure and may even be hazardous.

[…]

To address this, we propose a lightweight text format that services may adopt for such messages. It’s about as simple as it gets. It begins with (optional) human-readable text. After the human-readable text both the code and the origin appear on a single line, with sigils denoting which is which. This is the last line of the text.

Previously:

Update (2020-04-08): Ricky Mondello:

We’ve moved “Origin-bound one-time codes delivered via SMS” to @wicg_, where we’re working on a shared spec with our collaborators at Google.

Update (2020-08-27): Filipe Espósito:

Earlier this year, Apple’s WebKit team proposed a change to the format of SMS one-time passcodes to make two-factor authentication more secure. Apple confirmed today that developers can already implement these changes with iOS 14 and macOS Big Sur.

Monday, February 3, 2020

Introducing Swift Crypto

Cory Benfield:

I’m thrilled to announce a new open-source project for the Swift ecosystem, Swift Crypto. Swift Crypto is a new Swift package that brings the fantastic APIs of Apple CryptoKit to the wider Swift community. This will allow Swift developers, regardless of the platform on which they deploy their applications, to access these APIs for a common set of cryptographic operations.

[…]

On Apple platforms, Swift Crypto defers directly to CryptoKit, while on all other platforms it uses a brand-new implementation built on top of the BoringSSL library.

[…]

With the exception of APIs requiring specialised hardware, it will always be the case that where an Apple CryptoKit implementation of an API is available, Swift Crypto will use it, but when such an API is not available it will be possible to use the Swift Crypto-based implementation. The core APIs will move in step with Apple CryptoKit, and our test suite is shared with Apple CryptoKit ensuring that both projects must pass each other’s test suites for the API, ensuring that both Swift Crypto and Apple CryptoKit will be completely compatible.

VMware Fusion 10 on macOS Catalina

Boy van Amstel:

Catalina requires apps to request permission for various tasks. Recording the screen is one of them. Apparently Fusion uses this feature, but neglects to ask for permission. Thus the screen stays black.

Some people found a way to get around this by granting permission manually. Here’s how that works.

macOS doesn’t let you add Screen Recording permission in System Preferences if the app hasn’t asked for it. VMware 11 asks; version 10 doesn’t, but it otherwise works fine on Catalina. The solution is to boot into Recovery (to get past System Integrity Protection) and then use SQLite to edit the TCC.db file to grant VMware the access.

There’s a similar problem where sometimes macOS fails to prompt for Automation access (or remember said access). The prompting is supposed to happen automatically—there’s no API that apps need to call. If it doesn’t work, there’s likely something wrong with the TCC.db file and you should probably reset it. Sometimes tccutil reset AppleEvents does the job. But sometimes the database is so messed up that you have to boot into Recovery and delete the file manually. There really should be a way to do that with tccutil.

0x00400000:

I managed to trigger the permission modal for VMware Fusion 10 on Catalina using library injection. After restarting VMWare Fusion 10 it seems to have done the trick.

I created a git repo with a script to trigger the modal.

Previously:

Update (2020-02-03): It’s not clear to me whether VMware is supposed to be calling a certain API to ask for permission or if macOS is supposed to (as with Automation) be noticing that it’s doing something that requires permission. But Catalina shouldn’t be breaking an app that was compiled with an older SDK.

Update (2020-02-06): John Cleary:

I’m still on v8 and just use the built in VNC and screen share to localhost as the VM just shows a black screen.

Google Maps Traffic Hack

Jason Kottke (Steve Crowley, Hacker News):

You’ve got to love little artistic hacks like this. Simon Weckert put 99 second-hand smartphones in a red handcart and walked around a few blocks in Berlin. Each phone was running Google Maps and being tracked for traffic measurements. Their presence and slow rolling around the streets caused Google to display a traffic jam.

Clayton Christensen, RIP

Tad Walch (via Hacker News):

Clayton Christensen, whose theory of disruptive innovation made him a key influence on Silicon Valley powerhouses like Netflix and Intel and twice earned him the title of the world’s most influential living management thinker, died Jan. 23 at age 67.

[…]

Christensen introduced disruptive innovation in the Harvard Business Review in 1995, but the theory and the term burst into the public consciousness in 1997 when he published “The Innovator’s Dilemma: When New Technologies Cause Great Firms to Fail.” Soon afterward, Intel CEO Andy Grove stood up with a copy of the book at COMDEX in Las Vegas and declared it the most important book he’d read in a decade. The two men appeared together on the cover of Forbes magazine in 1999 — and both Christensen and the business world were changed forever.

[…]

Grove told Christensen he mislabeled his theory. Instead of innovative technologies, Grove suggested, Christensen should have used “crummy technologies.”

“A disruptive innovation looks inferior,” Gilbert said, “but only to the incumbent organizations. Then it opens up the ability to consume something that never would have been possible without the innovation.”

See also: Efosa Ojomo, Tren Griffin (tweet), Exponent and The Talk Show.

MacBook Pro 16 Has a Fan Problem

Om Malik (Hacker News):

Every time I awake the device from its slumber, within just a few minutes, the fans come on. And they stay on. The noise they make is very loud, especially in my quiet living room, where I usually work. I am not the only one with this problem. There are multiple comments on this thread on Apple’s message boards, where longtime Apple users are screaming in frustration. It is a problem that is big enough to merit its own complaint thread on Macrumors.

Some mention that external monitors make the fans go wild. Well, this $7,000 Apple xPro Display on loan from Apple is supposed to showcase the marital bliss between MacBook Pro 16 and the new screen. Oops! […] Some suggest an SMC reset. I did that but to no avail.

[…]

Earlier this morning, the problem really got my goat. I had only three applications running on the machine: Apple Mail, Apple Messages, and Apple Safari. All native Apple apps, and yet, the fans were running like afterburners on Dom Toretto’s 1970 Dodge Charger.

I’m using a 16-inch MacBook Pro without an external display and have not seen this problem. However, sometimes there is a short burst of very loud fan activity when powering on the Mac. This also happened with previous MacBook Pros.

Previously:

macOS Display Problems

Lloyd Chambers:

After every reboot, the LG 5K display goes to maximum brightness.

John Gruber:

Is this the worst bug in the world? Not even close. It’s a paper-cut bug. No data loss, no crash, not something sort of thing where something doesn’t even work — just an annoyance. But no one wants to use a tool that gives you half dozen paper cuts every day. And MacOS 10.15 is chockablock with paper-cut bugs.

I don’t have an LG 5K, but I’ve been having problems with multiple external displays ever since getting a USB-C Mac. Sometimes the Mac sees the external display, and puts windows on it, but the display itself shows only black (yet isn’t asleep). Rebooting the Mac doesn’t help. Shutting down the Mac and unplugging/replugging the display doesn’t help. Rebooting the Mac without the display and then shutting down and plugging it in doesn’t help. The only thing that seems to help is swapping the display to another USB-C port—thankfully, I have more than one. Then, a while later, the problem repeats and I have to switch back to the first USB-C port.

Craig Hockenberry:

My 16” MBP is waking itself up hundreds of times overnight, probably with the display on. Catalina is draining about 1/4 of the battery because of it.

Maxwell Swadling:

The strangest bug with Apple’s USB-C stack is power saving will happily put the display to sleep, which disables USB hub power, causing force ejection of any external drives you have, potentially corrupting them.

Simon Wolf:

Any chance this is why external monitors cause a watchdog panic and reboot when my iMac sleeps under Catalina? I’ve heard that external drives can cause it too.

John Gruber:

I didn’t even mention it in my post, but I’d say about 1 in 10 times I open my 16-inch MBP, the built-in display contrast is waaaaay off. Way too much contrast. I can fix it either by moving brightness all the way down then back up again, or by closing and reopening the lid.

Peter Steinberger:

The LG 5K is C U R S E D

We bought 10 for the company and it was the single dumbest hardware purchase decision I ever made.

Howard Oakley:

An external display can be a good way of adding more USB-C ports to a Mac, but a strange bug can cause a lot of trouble with this otherwise excellent solution.

As I wrote back in November last year, letting an external display sleep can precipitate a kernel panic or other problem when the display goes to sleep, or the Mac tries to wake it up.

Lloyd Chambers:

But it is much worse than I realized: when I reboot after some time, Crapalina 10.15.3:

  • Reverses the Arrangement of the displays left vs right.
  • Moves the menu bar to the wrong display.
  • Makes 2560 X 1600 resolution unavailable on my NEC PA302W—I have to reboot a 2nd time, which somehow retains the menu bar and Arrangement and I can then use 2560 X 1600.

Previously:

Update (2020-02-18): Collin Allen:

Catalina bug: Coming out of sleep or screensaver, my whole display (except for the mouse cursor!) is washed out. Closing and re-opening the lid fixes it. A reboot makes it go away for a few days. 🤷‍♂️

Update (2020-02-26): John Gruber:

For me (16” MBP), more commonly, the problem is over-saturation, not under-saturation. But I’ve seen both, and in both cases you can “fix” it by either closing/reopening lid, or by sliding the brightness slider all the way down and then back up.