Archive for April 2020

Wednesday, April 29, 2020

iPhone SE 2020: Single Image Monocular Depth Estimation

Ben Sandofsky (tweet):

In English, this is the first iPhone that can generate a portrait effect using nothing but a single, 2D image.


The new iPhone SE can’t use focus pixels, because its older sensor doesn’t have enough coverage. Instead, it generates depth entirely through machine learning. It’s easy to test this yourself: take a picture of another picture.


So why does Apple prevent the first party app from shooting non-people? They have a second process that works really well with humans in the frame. Without humans, it sometimes fails in weird ways.


actool Strips Larger Icon Sizes

Max Seelemann’s App Store upload failed because the high-resolution versions of the icon were missing:

It turns out, the icons actually were not there… but obviously we had them in the source asset catalog. We didn’t change the asset catalog or how icons are created in months.


It started dawning on me… if we didn’t notice others might not have as well? A quick check in the app folder… yep, other recently updated apps like @pixelmator, @vectornator, or @dayoneapp show the same problem. It even affects Apple’s own apps like KEYNOTE!


1) iconutil requires images in an “iconset” to be named like “icon_16x16.png” etc. – actool seems to be more flexible (but strips the larger sizes)


2) Seems that Finder no longer takes the app’s icon from the icns file. Instead, it reads the embedded asset catalog (if there is any).

So you can’t just add an .icns file and use it – if you have an asset catalog, the icon must be compiled in.

3) You cannot compile an app icon in an asset catalog without actool also writing the icns file. Whatever you do … you need to replace that icns file in later build phase.

I haven’t been using asset catalogs because, last I checked, they don’t work with frameworks. There’s no public API to look up an image in a given asset catalog; it only checks the one at the top level.

See also:

Update (2020-04-29): I don’t know how I missed this, but the Bundle.image(forResource:) API seems to work for looking up images in a framework.

Update (2020-05-19): Max Seelemann:

Btw my understanding by now is that either all app&document icons must be .icns or all inside asset catalogs. You cannot mix the two. So if I had removed all file icons from the asset catalog, Finder would have fallen back to using the ICNS file.

Not Dogfooding DriverKit

Phil Dennis-Jordan:

I’ve spent a fair bit of the last 2 weeks with DriverKit, i.e. macOS 10.15’s device-drivers-in-userspace tech. I really wanted to like it, but so far I’m not impressed at all. It’s yet another one of those things where Apple clearly has no intention of using it themselves.


The code signing situation is more awkward than it was for iPhone app development back in the iPhoneOS 2.0 SDK days. You have to disable Xcode’s own code signing step and run the codesign command yourself to even get anything to build and load.

Error messages are cryptic, non-specific, and hidden inside the firehose of the unified system log.


I don’t know whether that’s an exhaustive list of services for which to watch the ‘log stream’ because of course documentation is skeletal at best.


WWDC 2019 Session 702 claims that DriverKit makes developing drivers easier compared to kexts. Obviously I’m new to DriverKit, so I’m expecting a learning curve, but even once I get something working, I end up rebooting more often than with kexts.


Presidential Simulation App Removed From the App Store

Justin Proulx:

The scenario pictured mentions a generic disease. This scenario has existed since 2018.

Apple just called me, saying I can’t have it in the App Store anymore due to COVID-19, despite it existing before the virus


Apple is now targeting my app, while allowing games like @NdemicCreations’ Plague, Inc. (which focuses entirely on killing the human race with a contagious disease) to remain on the App Store.


Apple Watch at 5

Joe Rossignol:

Today marks the fifth anniversary of the Apple Watch launching on April 24, 2015. To mark the occasion, below we reflect on some of the key features added to the Apple Watch over the last five years.

Juli Clover:

To celebrate the device’s anniversary, designer Imran Chaudhri, who worked on the original Apple Watch team, shared some interesting tidbits about its development on Twitter (via TechCrunch).


Tuesday, April 28, 2020

APFS Sparse Bundle Bugs

Howard Oakley:

One of the strangest and most irritating bugs with sparse bundles in APFS format is the unreliability of their estimates of size and free space. Whether you look at free space shown in the Finder or in Disk Utility, there is no correlation between what is shown and what is actually available for use in the sparse bundle. For example, the smallest APFS sparse bundle allowed is 8.4 MB, which is stated as having 8 MB of free space. Yet you’ll find it impossible to copy a 7 MB file to that sparse bundle, as you’ll be told that it’s full even when it’s completely empty. macOS simply refuses to let you use the claimed free space on APFS sparse bundles, although HFS+ sparse bundles aren’t as unreliable.


Despite their widespread use and advantages, macOS features supporting the use of APFS-format sparse bundles are at present riddled with bugs (I count 6 above) and have serious shortcomings. Their inability to self-compact is a major failing which makes their use clumsy at best, and Disk Utility’s lack of support for basic maintenance functions through the last 2.5 years reflects badly on Apple’s engineering priorities. Disk Utility remains of early beta-test quality and far from complete.

I don’t see much reason to use APFS disk images, except for testing how an app works with APFS. HFS+ sparse bundles are dependable and can be compacted with DropDMG.

The Disk Utility reliability problems go back to the rewrite in macOS 10.11. Usually the command-line tools work better.


Mac Sandbox Escape via TextEdit

Jeff Johnson (tweet):

Normally, when a sandboxed app writes to a file, the file is quarantined. If the file is a shell script, then the quarantine extended attribute would prevent the script from running. However, when an app such as TextEdit with the “” entitlement saves a file, it removes the quarantine extended attribute!

My sample app opens a shell script in TextEdit, and then it uses the Apple Events permission to tell TextEdit to save the file, thus removing the quarantine and allowing the script to be executed outside the app’s sandbox.

This should appear very innocuous to the user, because nobody thinks that TextEdit is dangerous, so one would think it’s not much of a risk to allow TextEdit to be controlled.

I tried the sample project, and this seems to be legit. The app can save an arbitrary shell script, launder it through TextEdit, and then tell the system to open it, which will make it run outside of the sandbox.

I don’t understand why Apple thinks there are no “actual security implications” (and thus won’t pay the bug bounty). This comes on the heels of the iOS Mail vulnerabilities—which Apple said could not be exploited even though the reporter, ZecOps, claims it has seen them in the wild—and Johnson’s own report about Safari running disabled extensions, where Apple initially didn’t see a problem but later fixed it and credited him.

Jeff Johnson:

Note that Transmit is another sandboxed app, along with BBEdit and TextEdit, that possesses the special “executable” entitlement. These apps can all escape their own sandboxes.

The “user-selected” part of the “” entitlement is extremely misleading. No user action is required to use that entitlement.

It seems to me that the core issue is not the entitlement but that if a shell script has executable permission, macOS will run it when it’s opened. Why not restrict code execution to .app bundles? I’m not even sure it’s a useful feature. I always run scripts via a helper app or from within Terminal.


Update (2020-05-18): Daniel Jalkut:

I just reproduced @lapcatsoftware’s sandbox escape. Incredible find, I can’t believe Apple doesn’t deem this a legitimate security issue that warranted a bounty payment?

Update (2020-06-05): Jeff Johnson:

So I’m writing now to clarify a number of points that I feel have not been broadly understood.

See also: Hacker News and this Twitter thread.

The NTSC Color Hack

Stephen Cass (via Josh Centers):

This hack allows digital systems without specialized graphics hardware to produce color images by exploiting quirks in how TVs decode analog video signals.

NTSC artifact color was used most notably by the Apple II in 1977, where Steve “Woz” Wozniak’s use of the hack brought it to wide attention; it was later used in the IBM PC and TRS-80 Color Computers. But it was unclear where the idea had originally come from, so we were thrilled to see that video game and electrical engineering legend Allan Alcorn left a comment on the article with an answer: the first color computer graphics that many people ever saw owe their origin to a cheap test tool used in a Californian TV repair shop in the 1960s. IEEE Spectrum talked to Alcorn to find out more[…]

Monday, April 27, 2020

Image Capture HEIF Conversion Padding

Norbert Doerner:

If you connect an iPhone or iPad to your Mac, and use Image Capture to transfer the photos you took with the device to the Mac, you have the option to convert the HEIC photos taken by iOS to more standard JPG files. This requires you to uncheck the “Keep Originals” option in the settings for that iOS device, as shown here.

Apples Image Capture will then happily convert the HEIF files to JPG format for you, when they are copied to your Mac.

But what is also does is to add 1.5 MB of totally empty data to every single photo file it creates!

That’s a huge percentage of the total file size.

Update (2020-05-06): Tim Hardwick:

Today, we’re hearing that the bug in macOS 10.14.6 and later is a lot more extensive than was initially believed.


For users with large existing photo libraries, Doerner has suggested using a new beta version of the third-party utility Graphic Converter, which includes an option to remove the unwanted empty data from the JPEG files.

Jeff Johnson:

On investigation, I found that all of my photos imported from iPhone to Mac going back to October 2017 have this giant chunk of empty data.

Gus Mueller:

The current Retrobatch beta has a node for truncating empty data from JPEG files suffering from the Image Capture iOS transfer bug[…]

Nick Heer:

I suspect very few people at Apple use anything other than Photos to transfer images from their iPhones, and it shows. For those who use any other application, however, this is a the kind of relatively minor bug that has lasting consequence.

Update (2020-08-07): Retrobatch:

Oh, and 1.4.2 introduces a new new “Truncate JPEG Data” node, which will remove empty data at the end of JPEG files which could be introduced when transferring files off of an iOS device.

BlockBlock 1.0

BlockBlock 1.0 is a complete rewrite that uses Endpoint Security Framework (tweet).


Thursday, April 23, 2020

Bloomberg: ARM Macs in 2021

Mark Gurman at al. (tweet, Hacker News, Slashdot, AppleInsider, MacRumors):

The Cupertino, California-based technology giant is working on three of its own Mac processors, known as systems-on-a-chip, based on the A14 processor in the next iPhone. The first of these will be much faster than the processors in the iPhone and iPad, the people said.

Apple is preparing to release at least one Mac with its own chip next year, according to the people. But the initiative to develop multiple chips, codenamed Kalamata, suggests the company will transition more of its Mac lineup away from current supplier Intel Corp.


The first Mac processors will have eight high-performance cores, codenamed Firestorm, and at least four energy-efficient cores, known internally as Icestorm. Apple is exploring Mac processors with more than 12 cores for further in the future, the people said.

This is another good reason to postpone or scale back macOS 10.16. We want the software to be in as good a shape as possible before a big hardware transition. Apple will have even less time to fix bugs, and developers less time to work around them.

I expect the ARM transition to be accompanied by removal of lots of APIs, so developers will have to contend with that, as well as porting and testing their own code, and dealing with any dependencies that have broken.

Gus Mueller:

I don’t think unifying the chip architecture would make the app ecosystem any more unified. Apple could do this today if they really wanted to, fat binaries (where different cpu architectures are combined in the same application) have been around forever. Major frameworks are already on both architectures, which is the biggest hurtle. I think the problem is more philosophical, or maybe Apple just lacks the will or vision to actually get it done today, if ever.


Update (2020-04-24): John Gruber:

The $64,000 question is whether they’re going to have an emulator for running x86 code on ARM Macs.

Update (2020-05-06): Raphael Sebbe:

About ARM Macs: that would also enable machine learning on laptops. Like in big ways.

ANE is the new dedicated DSP, and with hardware and software stacks already in place, this gives Apple a significant advantage.

Update (2020-05-18): Jason Snell:

The Motorola 68000 era lasted for the Mac’s first 12 years (non-PowerPC PowerBooks… lingered). In 1994, the PowerPC transition began, and Apple shipped Macs with PowerPC processors for 12 years.

At 14 years and counting, the Intel era is the longest in the Mac’s history. The transition was also the fastest—Apple really cleared out the PowerPC Macs in a hurry and replaced them with Intel models.

I still find it hard to believe that the Intel era is the longest and that the OS X era is longer than the classic Mac OS era.

Throttling Due to Thunderbolt Left Proximity Sensor

Dion Almaer:

Do you charge your Macbook on the left or right side? Turns out right is better!


Occasionally my machine will have a kernel_task instance max out the CPU[…] This can last from minutes to sometimes hours. The machine is effectively unusable in this state. Restarting doesn’t help; a new kernel_task pops up again until it finishes whatever it’s doing.


State C shows that simply having stuff plugged in to TB ports raises their temperature significantly. Both the hub (mouse and keyboard ONLY) and HDMI adapter individually raise the temperature about 10 degrees, and 15 degrees together.

Note that high temperature on the right side appears to be ignored by the OS. Plugging everything into the two right ports instead of the left raised the Right temperatures to over 100 degrees, without the fans coming on. No kernel_task either, but the machine becomes unusable from something throttling.

Joseph Pierini:

Just had this problem on Catalina 10.15.4.

Again, it seems like Apple’s notebooks aren’t designed with enough thermal headroom.

Update (2020-04-23): See also: Hacker News, Igor Kromin.

Update (2020-04-24): Peter Steinberger:

This finally explains what high kernel_task is, and why it happens. I spent so much time on it; wrote radars, escalated to Apple support; replaced hardware (!) to finally see that it’s temperature emergency code because I plugged in the LG 5k monitor left.

It’s maddening. Probably a design compromise [so] it can be 1mm thinner.

It changed the way I work - almost stopped using external screens because of this bug. The back pain this caused...

Update (2020-06-05): Apple (via Lloyd Chambers):

One of the functions of kernel_task is to help manage CPU temperature by making the CPU less available to processes that are using it intensely. In other words, kernel_task responds to conditions that cause your CPU to become too hot, even if your Mac doesn’t feel hot to you. It does not itself cause those conditions. When the CPU temperature decreases, kernel_task automatically reduces its activity.

See also: Howard Oakley.

CS Unplugged

University of Canterbury (via Hacker News):

CS Unplugged is a collection of free teaching material that teaches Computer Science through engaging games and puzzles that use cards, string, crayons and lots of running around.

The activities introduce students to Computational Thinking through concepts such as binary numbers, algorithms and data compression, separated from the distractions and technical details of having to use computers. Importantly, no programming is required to engage with these ideas!

Here’s the textbook (PDF).

WebKit: Inline Caching With Delete

Justin Michaud:

Here, we can see that the addition of a delete statement to a hot section of code can send the performance off a cliff! The primary reason for this is that deletion in JavaScriptCore used to disable all of the inline caching optimizations for an object, including when putting and getting properties of the object.


For performance, JavaScriptCore uses multiple internal representations for objects, choosing between them at runtime based on how a program uses them. The default representation of objects use something called a Structure to hold the general shape of an object, allowing many instances that have the same shape to share a structure. If two objects have the same structure ID, we can quickly tell that they have the same shape.


In previous versions of JavaScriptCore, this is the representation that was chosen for any object that had a deleted property. This is why we see such a large performance difference when a delete is performed on a hot object.


Now that we can cache deletion transitions, we can further optimize the act of property deletion itself. Getting and putting properties both use something called an inline cache to do this, and now deletion does too. The way this works is by emitting a generic version of these operations that modifies itself over time to handle frequent cases faster.

The Most Impactful iPad Apps of the Decade


Some forged a path by adopting the latest Apple technologies in a unique way that set an example for apps that followed. Others are apps that define a category that takes unique advantage of the iPad’s hardware. These are also apps that work on the iPhone or Mac too, but are most at home on the iPad’s unique platform.


Wednesday, April 22, 2020

iPhone SE 2020 Reviews

Rene Ritchie:

The iPhone SE’s main camera is a hybrid, a chimera. It has the same sensor and lens system as the iPhone 8 but uses the image signal processor, the ISP, of the A13.


It’s especially fascinating to see the new iPhone SE out-shoot the iPhone XR, which has a slightly bigger sensor. That’s all part of the transition from big glass and big sensor to big compute.

In almost every case, the results between the last two generations of iPhones is so close that I’d have to pixel peep to see differences in most situations, which is not something normal humans do.

Lauren Goode:

A smaller phone body also means a smaller battery. This iPhone SE has essentially the same size battery as the iPhone 8; thanks to a much more efficient processor, the SE’s battery should perform better than the iPhone 8’s. And yet, relative to larger iPhones—the “Pro” or “Max” models, the iPhone XR, my iPhone 11—the iPhone SE’s battery life is middling.

Dieter Bohn:

I also get that this design looks tired in 2020. There are many comparably priced Android phones that have managed to reduce their bezels. That’s not just an aesthetic consideration, either. Smaller bezels mean you can fit a bigger screen in a smaller phone body.


The first is, for a $399 phone, the cameras are absolutely great, and any complaints or gripes should be promptly dismissed given that price. The second is that they’re quite good but have some baffling shortcomings that Apple could have overcome, even at this price point.


I’m not sure why the A13 Bionic allows the iPhone SE to gain all of those other benefits but not better night shots. I’m not going to say that night mode is a solved problem by any stretch, but Google has been doing it on cut-rate hardware for a couple of years now, so it’s certainly possible. And Apple’s camera would, in theory, be up to it, given the processor is the same as its more expensive phones.

Matthew Panzarino:

The biggest practical benefit of the pipeline, though, is the improved Smart HDR feature, which I covered in my iPhone 11 review. This really improves detail across massive tonal ranges from bright highlights to shadow detail. While it does not magically make the iPhone SE the same class of image-making device that the iPhone 11 is, it goes a long way to making your average snapshot look the best it can.

See also: MacRumors.


Update (2020-04-23): John Gruber (tweet):

The black front face is simply a better look, to my eyes. And it doesn’t hurt that when the display is off, the black front disguises the now-dated forehead and chin above and below the screen.


Like its iPhone 11 brethren models, the iPhone SE’s back panel markings have been reduced to the essential minimum: just the Apple logo, perfectly centered.


It has just one rear-facing camera lens and sensor, and that sensor (but not the lens) is apparently the same as that in the iPhone XR.


It’s clear to me, but well beyond the scope of this review to examine in detail, that the iPhone SE’s rear-facing camera is capable of much more accurate depth maps than the iPhone XR’s. Since they’re both single-imaging systems and the same (or very similar) sensors, the SE’s superior depth mapping can only be attributed to the A13’s much more powerful neural engine.


I strongly advise buying an iPhone SE while the getting is good. I would wager, heavily, that this is the last iPhone Apple will ever make with a home button and the old-style user interface.

Update (2020-05-06): Juli Clover:

We did a full hands-on video back on Friday, but we took the weekend to see how the iPhone SE’s camera measures up to the iPhone 8 and iPhone 11 Pro.

Based on an iFixit teardown that looked at the base camera hardware, the iPhone SE is using the same camera sensor as the iPhone 8, a 12-megapixel lens that features an f/1.8 aperture and a 28mm focal length, narrower than the 26mm focal length of the 12-megapixel wide-angle in Apple’s flagships.

Update (2020-05-14): John Moltz:

Let’s be clear right off the bat: the 2020 iPhone SE is not a real iPhone SE. And rather than keep referring to it as the iPhone SE Second Generation throughout this review, I’m going to just call it what it is: the iPhone 9. In fact, that’s what I’ve named mine.

Yeah, yeah, yeah, I know what Apple calls it and I know that “SE” is an acronym that stands for “sell [it] e-gain”, but the reason I bought the original iPhone SE after owning an iPhone 6 and then an iPhone 6S was not because it was cheap, although that was nice. It was because it was small. Wonderfully, perfectly small.

Update (2020-07-06) Paul Carroll (via Hacker News):

Achieving an overall DXOMARK Camera score of 101, the Apple iPhone SE (2020) places near the center of our smartphone image quality database. While the budget-friendly Apple device offers comparable quality in many respects to the more expensive iPhone 11, its single camera setup falls short for zoom and bokeh shots compared to our top performers. The lack of an ultra-wide camera is also a disadvantage and is the main difference between it and the iPhone 11.


The iPhone SE (2020) achieves a good score for exposure and contrast, which is one of the device’s main strengths. Target exposures are accurate in most lighting conditions and performance is consistent. In our lab analysis we found contrast to be generally excellent, with bright target exposures in simulated indoor and outdoor lighting. It’s not as good in low light as the best performers, however, with some obvious underexposure in very low light.

iOS Mail Vulnerabilities in MFMutableData

Thomas Reed:

On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact that even the most current version of iOS, 13.4.1, is vulnerable.

The way the attack works is that the threat actor sends an email message designed to cause a buffer overflow in Mail (or maild).


As for precautions to avoid infection, there are a couple things you can do. One would be to install the iOS 13.4.5 beta, which contains a fix for the bug.

ZecOps (Hacker News):

ZecOps found that the implementation of MFMutableData in the MIME library lacks error checking for system call ftruncate() which leads to the Out-Of-Bounds write. We also found a way to trigger the OOB-Write without waiting for the failure of the system call ftruncate. In addition, we found a heap-overflow that can be triggered remotely.

We are aware of remote triggers of both vulnerabilities in the wild.

Both the OOB Write bug, and the Heap-Overflow bug, occurred due to the same problem: not handling the return value of the system calls correctly.


Update (2020-04-23): Thom Holwerda:

This can be easily mitigated - just uninstall the Apple mail client and set another mail client as the default mail handler.

Oh wait.


Update (2020-04-24): Ben Lovejoy:

Bloomberg reports that Apple not only says it can find no evidence to support this claim, but that the vulnerabilities are not sufficient to allow the reported attacks to succeed.

ZecOps had said “with high confidence” that the vulnerabilities were “widely exploited in the wild” and stands by that.

Update (2020-05-28): TheHackersNews:

Apple is rolling out #iOS 13.5 & iPadOS 13.5 with patches for recently disclosed MailDemon flaws (under active attack), which, if exploited, could let attackers hijack devices just by sending emails.

NativeConnect in the Mac App Store

Vadim Shpakovski (9to5Mac):

We are excited to announce that NativeConnect has passed the review in the Mac App Store. As a result, we’re opening one more distribution channel for indie developers. So if you prefer the Mac App Store, as of today, our app is available for downloading!


NativeConnect uses proprietary APIs for accessing some features of the App Store Connect, and we’re happy that Apple is supportive and wants to extend the Developer Tools category with our lightweight client for their service.

The App Store version is a one-time purchase, whereas the direct sale version is a subscription.


Facecharm Rejected From the App Store

Filipe Espósito (tweet):

His idea was to allow users to send anonymous messages, not directly to each other, but through a third person who would intermediate the conversation. Basically, like when you send a message to someone through another person, but now in a digital way.

The app was submitted to the App Store review process on January 9, 2020, and the first rejection came a week later. Apple has argued apps that allow anonymous messages and calls are not appropriate for the App Store. Martin thought the idea of the app might not have been clear to the testers it since the app works based on mutual friends, so the messages are not entirely anonymous.

Even so, he was intrigued by Apple’s first response, as there are other apps on the App Store that allow users to send anonymous messages. The developer made some interface changes, and he then sent the app back to Apple, but it was rejected again.

Martin Otyeka:

You can forward an iMessage but the recipient is not informed that you didn’t author the message, and the original author is not identified.

You can forward messages on WhatsApp but they explicitly tell the receiver that it was “Forwarded” implying that you are not the original author.


A representative from the App Review Board called once again to explain the rationale behind my last rejection. I told them that Facecharm complies with all the requirements of Guideline 1.2 and asked if they can point to a specific guideline that I was breaking. I did not receive a direct response, only told that the App Review guidelines can’t possibly list all the reasons why an app can be rejected. They reasoned that the concept behind the app was “new”, the behavior “inappropriate” and that I should instead make the app like “every other messaging app where users communicate without a 3rd party”. In other words, don’t innovate–just conform to existing paradigms.

Damien Petrilli:

Step 1. Tell the developers to do an app like everybody else

Step 2. Reject it again because it’s “too similar with other Apps” and thus “doesn’t add any value”

Tuesday, April 21, 2020

Magic Keyboard for iPad

John Gruber:

What I was hoping for was something approximating the feel and experience of a MacBook — a little more top heavy, a little stiffer at the hinge to accommodate that extra top-heaviness — but basically I wanted an iPad-as-laptop that feels like a MacBook Air.

It doesn’t feel like that at all.


Once I let go of my preconceptions, I fell in love. This took all of 15 minutes. I went from that “I don’t like the way this thing feels at all” first impression to “I can’t wait to start raving about how great this thing is” in 15 minutes. The iPad Magic Keyboard is to iPad-as-laptop accessories what AirPods were to earbuds: a game changer.


At their widest viewing angles, the Magic Keyboard feels noticeably more open than the Smart Keyboard, and the MacBook Air feels noticeably more open than the Magic Keyboard.


The MacBook Air trackpad is about 120 × 80 mm. The 12.9-inch Magic Keyboard trackpad is just 100 × 50 mm — by area it’s just a hair over half the size. (The 16-inch MacBook Pro keyboard is the size of a small studio apartment in comparison — 160 × 100 mm — as tall as the iPad Magic Keyboard trackpad is wide and over 3x the size by area.)

The MacBook Pro’s trackpad is way too big.

Federico Viticci:

This is Apple’s answer to users who have been asking for years for a “pro Smart Keyboard” to turn the iPad into a quasi-laptop device, and it doesn’t try to replicate all the features from the Smart Keyboard Folio or regular Smart Folio. I would have liked to see the option to fold the Magic Keyboard in the back of the iPad; I’m just not sure how that could be physically possible given Apple’s design direction for the Magic Keyboard (more on this later).


Here’s where the Magic Keyboard’s design differs from traditional laptops though: when lifting the iPad’s display, you’ll feel a first snap when the bottom hinge (the cylinder-shaped one that comes with a built-in USB-C port) has reached its open position; keep pushing on the iPad’s display, and the iPad will detach from the second hinge, which is located in the Magic Keyboard’s back cover and lets you adjust the iPad’s viewing angle. It’s the horizontal line that separates the two halves of the Magic Keyboard’s cover.


The Magic Keyboard turns an iPad Pro into a laptop, but it does so in a way that isn’t definitive – the transformation can always be reversed by the simple act of pulling the “computing core” away from it. This is also where the Magic Keyboard differs from competing accessories[…]

Tim Nahumck:

Looking at all of those use cases together, it really is apparent to me that using my iPad Pro with the Smart Keyboard Folio is my best opportunity to meet all things. I can augment the experience when docked, or I can carry around the Magic Mouse 2 when I need to be mobile. It’s not always going to be the ideal experience, but it does what I need to get the job done. Also, I already have the components I need, and don’t need to spend an additional $300 on something that would be a limited use case for me.

See also: Nick Heer.


Update (2020-04-23): Ben Lovejoy:

First – and I find it hard to believe this is true – there’s no Escape key! I’m so used to using that to exit from full-screen video viewing, it seems such a fundamental element on a keyboard, and yet it’s true: it really is missing.

Second, the lack of function keys. I hadn’t been sure how much I would miss them. I don’t often play music on my iPad, so wasn’t bothered about the lack of music controls. I find the on-screen brightness control of the iPad faster to use than keys, so didn’t mind the lack of those. I almost never adjust keyboard backlighting, so no problem there. But there was one immediate and obvious weakness when watching video: no volume controls.

Update (2020-04-24): See also: Jason Snell, Stephen Hackett, David Sparks.

Update (2020-05-20): Steve Streza:

Got the Magic Keyboard. Way too top-heavy. The keyboard is very good. The trackpad is pretty good. The texture on the sides of the trackpad are very unpleasant to the touch. Using a mouse makes an iPad much nicer to use. Turns out having a touchscreen on a tilted surface is fine.

This is really for people who use iPad on a desk. Using it on the lap is still not great.

It’s weird that the iPad now has a better keyboard than literally every laptop Apple was shipping up until about 6 month ago. The keys feel great, and travel is surprisingly deep. I can type very comfortably on this.

Joe Cieplinski:

I would like if there were a bit more of an angle of view. It’s way nicer than the old Smart Keyboard folio in terms of adjustability. But I’m a tall person. Being able to tilt back even further would be nice.


The keys are not full-sized, of course, so I still find myself, as I always have on iPad keyboards, typing with three fingers and thumb on each hand, rather than using both pinkies. I’ve gotten used to it by now, but I’m never going to be quite as fast on an iPad keyboard as I can be on my laptop. If I moved to the 13-inch iPad, this would not be an issue, of course.


It’s amazing how fast you get used to using a trackpad on iOS. It feels way more natural than I would have expected.

Update (2020-07-30): John Gruber:

One of the weird things about an iPad with Magic Keyboard is that iPadOS still runs iPhone-only apps and they are only run length-wise on the display, so, in laptop mode, they are sideways. And once on screen, everything else is sideways too: the dock, ⌘Tab switcher, everything.

Update (2020-08-27): Matthew Panzarino:

In order to dive a bit deeper on the brand new cursor and its interaction models, I spoke to Apple SVP Craig Federighi about its development and some of the choices by the teams at Apple that made it.

See also: Dave B.

Testing Sync at Dropbox

Isaac Goldberg (Hacker News):

Sync Engine Classic and Nucleus have fundamentally distinct data models. The legacy system persists the outstanding work required to sync each file or folder to disk. For example, it stores whether a given file needs to be created locally or if it needs to be uploaded to the server. By comparison, Nucleus persists observations. Instead of representing the outstanding sync activity directly, it maintains just three trees, each of which represents an individually-consistent filesystem state, from which the right sync behavior can be derived[…]


We arrived at this data model because it is extremely testable! With this data model, it is easy to express a key goal of the system: to converge all three trees to the same state. When the user’s local disk looks the same as (i.e., Local Tree matches Remote Tree), sync is complete! It allows us to enforce strict invariants—for example, no matter how the three trees are configured at the beginning of a test, all three trees must still converge.


Every night we run tens of millions of randomized test runs. In general, they are 100% green on the latest master. When a regression sneaks in, CI automatically creates a tracking task for each failing seed, including also the hash of the latest commit at the time. If an engineer needs more logging to understand what happened in the test run, they can simply add it inline and re-run the test locally! It’s guaranteed to fail again.


Macintosh Y2020

Basal Gangster (via Keith Kaisershot, Hacker News):

Macintosh clock time expires at 06:28:16 GMT Monday February 6, 2040. That’s going to be a problem for users of the old Macintosh, but it is a problem for 20 years from now. Fixing that will be possible, but it will require some deeper cutting than we need to do now. The problem now is just setting the clock.


When the clock struck Midnight on Jan 1 the clocks in most old Macintoshes just ticked right on into 2020, the correct date continued to be shown in the control panel and on any files created or changed. Many retro-computing hobbyists and other who use the old machines may not know there is any problem, until they try to set the date in the Alarm Clock or Date & Time control panel.


Any value between 20 and 99 results in a 20th century date. Entries between 00 and 19 (inclusive), gives 21st century results. This is the problem being encountered by users now. It is like the Y2k bug, except that Apple windowed years into the range 1920-2019 instead of 1900-1999.


Just change 20 ($14) in the comparison to 40 ($28), and 2-digit years will be interpreted as being between 1939 and 2040. I can try and test this patch in TMON, but any change in TMON is applied to the program in memory, not in the code on disk, and it will not stick. It is necessary to change the Control Panel code on disk.

How to Restart the Touch Bar

Filipe Espósito:

The Touch Bar on the MacBook Pro offers a variety of shortcuts according to each application, but sometimes it doesn’t work as expected. Users may eventually experience unexpected behaviors with it such as freezes or specific buttons not responding.

The Terminal commands are:

sudo pkill TouchBarServer
sudo killall ControlStrip

Monday, April 20, 2020

There Should Be an iCloud Keychain App

Bradley Chambers:

The problem with managing passwords on iOS and macOS at the moment is the functions are scattered around. Some of the syncing happens on in the backend with no way to quickly see (especially on iOS). A prime example of this is the syncing of Wi-Fi passwords. It’s easy to remove old networks on the Mac, but on iOS, it’s all happened without being able to remove anything.


As our devices continue to store ever more personal information, Apple should release a dedicated app to view, add, change, or delete anything being stored in iCloud Keychain.

Update (2020-04-22): R0MK1N:

And also api for other apps to use that. What’s the point of keychain if I can’t use it in Firefox on a Mac.

What does a browser need that the regular keychain API can’t do?

Adam Maxwell:

I live in terror of accidentally enabling iCloud Keychain with an OS update. Last time that happened it deleted a bunch of passwords and imported a bunch of prior ones from God knows when.

Matt Birchler:

A standalone app would do a couple things.

Privileged Operations on macOS

Objective by the Sea has posted slides from Julia Vashchenko’s talk on SMJobBless() and XPC:

Operation system’s security depends a lot on the way developers handle privileged operations. Is it easy to make a mistake? Is the recommended way actually better than a deprecated API?

Recently, we gained insight into these questions during our company’s bug bounty program, which led to some surprising conclusions, which we’ll share today.

This stuff is under-documented, and the sample code is buggy.

See also: Csaba Fitzl (tweet).


Update (2020-08-28): Ilya Kulakov:

A refined advice was published by @justkwin regarding XPC peer validation. There is an interesting detail regarding “the second message”. I’m still confused how this solves peer validation though.

Csaba Fitzl:

This is the third post in my series which is trying to help Apple developers to avoid typical insecure coding practices. This one will highlight why XPC client hardening and proper verification is extremely important when we use XPC messaging on macOS between clients that run as a normal user and services that run as root. If this validation is not right, it opens up the possibility for an attacker to run privileged commands or worse case, achieve full privilege escalation on the system.

Update (2021-01-22): Alexis Bridoux:

I will make some research to better understand the possible exploits to know what is the best thing to do. Meanwhile, here are some advices:

  • The Helper should be removed when the application is removed. A Helper left behind has no use and it’s a risk that can be avoided. This post explains that.
  • The current preferred solution to prevent a malicious attack is to check the calling code identity. This post is great to understand the problem and applies this solution.
  • This repository also offers a ready-to-use solution in Swift.

Update (2021-06-13): Thomas Clement:

lo and behold, seems like finally Apple is adding a public API to validate xpc connections.

Previously: is an interactive reference for date format strings and has some good tips (via Kyle Howells):

  • Use dateStyle and timeStyle over dateFormat whenever you can. Explain the date fallacies to your designer if you need to.
  • If you can’t find a fitting dateStyle/timeStyle to format your UI dates, then at least use dateFormatter.setLocalizedDateFormatFromTemplate(…) to account for the user’s locale.
  • When parsing ISO8601 internet dates, always use ISO8601DateFormatter
  • If you can’t because your API format doesn’t fit ISO8601 and you still absolutely need to use a custom dateFormat, then be sure to also set your dateFormatter.locale to the special value Locale(identifier: "en_US_POSIX").

See also:,


Update (2020-04-22): Tyler Hall:

Why wasn’t it crashing for us in our testing?


Apple’s documentation for that method says…

Returns a date representation of a given string interpreted using the receiver’s current settings.


The customer dictated their bug report to us via email using Siri. They speak English, live outside Boston, but their phone’s region was set to Uzbekistan instead of United States (or anything else more common).

Malicious RubyGems Packages

Dan Goodin (via Hacker News):

More than 725 malicious packages downloaded thousands of times were recently found populating RubyGems, the official channel for distributing programs and code libraries for the Ruby programming language.


The accounts, which ReversingLabs suspects may be the work of a single individual, used a variation of typosquatting—the technique of giving a malicious file or domain a name that’s similar to a commonly recognizable name—to give the impression they were legitimate. For instance, “atlas-client,” a booby-trapped package with 2,100 downloads, was a stand-in for the authentic “atlas_client” package.


Once installed, the packages executed a script that attempted to intercept Bitcoin payments made on Windows devices.


Friday, April 17, 2020

iWork 10 in WebAssembly

Laurent Sansonetti (via Peter Steinberger):

Just a few days ago, iWork 10.0 shipped with iCloud apps that now include features extracted from the native codebase (C++/ObjC), using WebAssembly!

I wrote a dedicated toolchain for the team, based on LLVM and its WebAssembly backend. It includes a custom compiler/linker, ObjC runtime, some Foundation layer, and a TypeScript bridge.

If you’re curious, this feature is written in WebAssembly (article mentions Keynote but it works on Pages and Numbers too!)

Here’s what some of the code looks like.


Battery Health Management for Mac

Apple (MacRumors):

The battery health management feature in macOS 10.15.5 is designed to improve your battery’s lifespan by reducing the rate at which it chemically ages. The feature does this by monitoring your battery’s temperature history and its charging patterns.

Based on the measurements that it collects, battery health management may reduce your battery’s maximum charge when in this mode. This happens as needed to ensure that your battery charges to a level that’s optimized for your usage—reducing wear on the battery, and slowing its chemical aging.

While battery health management benefits your battery’s long-term lifespan, it can also reduce the amount of time your Mac runs on one battery charge when capacity limits are applied. If your priority is making your Mac notebook last as long as possible before recharging, you can turn the feature off.

This seems like a good idea, although I don’t understand why Apple keeps making significant non-bug-fix changes in 0.0.1 updates.

Dieter Bohn and Jacob Kastrenakes:

What that means for your laptop is that in certain cases, seeing 100 percent battery life in your menu bar may not necessarily mean it’s the maximum your battery could charge to. Instead of meaning that it’s charged to 100 percent of what the battery could take, it will now mean it’s charged to 100 percent of what the battery should take to maximize it’s lifespan.

They probably had to do it this way, because people wouldn’t like to stare at a battery gauge that doesn’t charge above 80%. However, this also means that some people who aren’t aware of the feature, or simply forgot to turn it off, may get on a plane without realizing their battery is only at 80%.

Jason Snell (tweet, Hacker News):

Charging a modern laptop battery to 100% and leaving it there for extended periods of time—especially at warm temperatures—can dramatically reduce the battery’s usable life. This is hardly limited to laptops: I own an electric car, and the manufacturer makes it very clear that it should be routinely charged to only 80 percent to extend its battery lifespan.


Update (2020-04-22): Benjamin Mayo:

I do think the feature could be implemented a bit more effectively though. In cases when you do want to charge to full, like if you know you are going to be away from a power adapter for a while, Apple’s answer appears to be to dive into System Preferences and disable the checkbox. This is functional but a bit inelegant. When I’m no longer mobile, I’ll have to remember to re-enable automatic battery health management. I’d prefer it if the Battery menu in the menubar had a one-click ‘charge to full’ button. This would allow the MacBook to reach 100% impromptu, but default back to the 80% behaviour for subsequent recharges.

Secondly, I find it curious that Apple chose to brand this setting as battery health management. This terminology closely overlaps with the iOS suite of Battery Health features, which encompasses things like the infamous performance throttling policies. The Mac behaviour has nothing to do with unexpected shutdowns or performance, though, it’s solely motivated by the desire to maximise the MacBook’s lifespan. As of iOS 13, iPhone and iPads do this too with a feature called “Optimized Battery Charging”. It would be more sensible if Apple used that exact term on the Mac too.

Glitch Launches Subscriptions

Jacob Kastrenakes:

The coding platform Glitch is formally launching its first paid product today: a subscription that lets you pay to upgrade the bite-sized apps you can run on its platform.

Since it launched in 2017, Glitch has let anyone write and remix code and then publish bots, web apps, and other projects that it would host for free. But that free hosting came with strict limitations. Apps had limited RAM and storage, and more importantly, they would be shut down if they went dormant for just a few minutes, meaning you often had to wait through a sluggish start up before using them.


Plenty of Slack and Discord bots are hosted on Glitch, and Glitch says it hosts a lot of small tools that companies found were just easier to make on its site. For those users, these paid features may be more important than just participating in the community — they’re about making sure apps built on Glitch’s site are reliable.

See also: Dave Winer.

Trello Account Claimed Using Secondary E-mail

shashanktomar (via Hacker News):

My login to trello is with my personal gmail account. With the new SSO login screen, as soon as I enter my gmail address, it redirects me to my previous company sso page (which i left 5 years ago btw). The email address is clearly It being claimed by an SSO without my consent is extremely scary. Now I am completely locked out of my account.

Blair at Atlassian:

Since Acme has claimed the domain that you’re using as one of your saved email credentials, and they have recently enforced SSO for all Trello users in their domain, this means your Trello account is now managed by the Trello Enterprise Acme by way of their SSO enforcement.


I created my personal account long before Trello was acquired by Atlassian. It did not have any SSO at that point and the login was with username and password. At some point, while working on a side project and to share it with a teammate, I attached a secondary email to my account and created few boards under it.


The multiple account login used to work the same way it works for github now. The boards were very clearly labeled under the email/username they were created and clearly had the ownership well defined. As soon as I left the company and my email was disabled, all the boards under that email disappeared from my account. This was expected and kept using my primary email (i always used to login with my username) and completely forgot about an attached secondary email (which anyways is now deactivated). Fast forward 5 years with tons of personal boards under this account, one morning it stopped working without any notification (yes i revised my spam to be sure about it) with all my data gone.

Chrome vs. Safari: Energy Use and Compatibility

Walt Mossberg:

If you use a Mac, and you insist on using Chrome, stop complaining about speed, fan noise, or battery life. It’s well known that Chrome is a resource and battery hog, especially on Macs. Safari is fully capable, quite fast and very privacy & security focused. Just use Safari.

If you’re a Firefox fan, that’s good too. My point is just that Chrome, which years ago worked great on Macs, is now a big problem, and that Chrome users with degraded Mac performance or weaker battery life should look to their browser choice, and not blame the hardware.

Safari is generally capable, but I’ve been increasingly running into compatibility problems. I think it’s fair to say that if your top priority is a Mac browser that works with the most sites, you should pick Chrome, followed by Firefox. I have other priorities, so I’m still using Safari. But lately it feels like a compromise to get a good Mac app and privacy. It used to feel like I was simply getting the best browser.

John Gruber:

It’s also funny how angry some Chrome fans are about this, particularly web developers. They argue that the problem is that Safari is slow to adopt Chrome-first web technologies without acknowledging that the reason Safari has better performance and stronger privacy goes hand-in-hand with the fact that these technologies Safari hasn’t adopted are resource-heavy and potentially privacy-invasive.

I don’t think it’s that simple. First, performance and privacy aside, Apple has a strategic interest in some of these technologies not taking off. Or, more charitably, it makes sense that they wouldn’t be high priorities to implement.

Second, the compatibility issues I’m seeing are not, as far as I can tell, because of new technologies that Safari doesn’t support yet. Rather, the engines are diverging such that even older technologies don’t behave consistently. Unfortunately, some sites don’t adequately test with Safari.

Third, I thought the idea was that Safari’s efficiency comes not just from absent features but also from more efficient implementations of the common features. But even that is not clear-cut. Recently, as we physically isolate, we’ve been doing board game nights online at Board Game Arena. It’s amazing how many games this site supports and how well they work in a browser. But what really surprised me was how much better it performs in Chrome. The 7 Wonders game was almost unusable on my iMac in Safari, with multi-second pauses and animations that lost so many frames I couldn’t see what was happening. The fans were always running at full blast. Meanwhile, on my wife’s 2018 MacBook Air, which I normally find a bit pokey, the animations were smooth and the fans were silent. The difference is that she uses Chrome. Once I fired up Chrome on the iMac, the site worked great there, too.


Update (2020-04-20): Simon Cahuk:

You still can’t watch 4K Youtube videos in Safari. So I opened a 4K Youtube video in Google Chrome to watch it in 4K.

Microsoft Buys

Brian Krebs (via Hacker News, Bruce Schneier):

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain for the starting price of $1.7 million. Domain experts called dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe. This week, Microsoft Corp. agreed to buy the domain in a bid to keep it out of the hands of those who might abuse its awesome power.

Brian Krebs:

O’Connor said Microsoft actually offered to buy the domain several years back for $20,000. He turned them down, saying that at the time he thought it was too low and didn’t reflect the market value of the domain.

Wednesday, April 15, 2020

Cloudflare Dumps reCAPTCHA

Matthew Prince and Sergi Isasi (via Hacker News:

We recently migrated the CAPTCHA provider we use from Google’s reCAPTCHA to a service provided by the independent hCaptcha. We’re excited about this change because it helps address a privacy concern inherent to relying on a Google service that we’ve had for some time and also gives us more flexibility to customize the CAPTCHAs we show.


Earlier this year, Google informed us that they were going to begin charging for reCAPTCHA. […] In our case, that would have added millions of dollars in annual costs just to continue to use reCAPTCHA for our free users. That was finally enough of an impetus for us to look for a better alternative.

Nick Heer:

In general, it is a good thing to see fewer elements of the web’s infrastructure being controlled by the same handful of companies. I am painfully aware of how limited that line of argument is when the company that runs hCAPTCHA is touting in its press release that Cloudflare controls 12% of the web’s traffic. But, still, at least all that traffic is not being protected by the web’s biggest advertising network, too.

See also: Uncaptcha: Defeating Google’s audio reCaptcha with 85% accuracy (via Hacker News).


Intercepting Economic Impact Payments

Brian Krebs:

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return.


However, the possibility that fraudsters may intercept payments to these individuals seems very real, given the relatively lax identification requirements of this non-filer portal and the high incidence of tax refund fraud in years past.

It sounds like the only defense is to register yourself first.


AirPods Pro Thoughts

I’ve been using AirPods Pro since early December. There are several aspects of them that I haven’t seen much coverage of, so I decided to write up my notes:

Overall, I find it difficult to evaluate AirPods Pro because I have such mixed feelings about them. If I had to pick one model, I would buy the Pros because the seal and noise cancellation make them usable in situations where I couldn’t use the regular AirPods. That said, in situations where I don’t need noise cancellation or a long battery life, I always reach for my original AirPods. They feel better in my ears, and the case makes me happy.

Currently the regular AirPods are on sale for $130 or $150 with wireless charging case, with the Pros going for $235 (via MacRumors).


Update (2020-04-17): Kyle Howells:

I don’t actually like my AirPods Pro very much. I use my normal AirPods for everything and live them! Unless that is I’m going to be traveling and want the noise cancelling, then I use the Pros.

I use them instead of over ear noise cancelling headphones, not instead of AirPods.

Update (2020-04-23): David Roth:

I’m so glad Apple makes 2 models of AirPods, for people with differently sized and shaped ears, and different needs. AirPods Pro itch once in a while, but generally feel much more comfortable and secure than regular AirPods. They’ve essentially ended my quest for a perfect pair

Crafting Interpreters

Bob Nystrom (via Gus Mueller):

This book contains everything you need to implement a full-featured, efficient scripting language. You’ll learn both high-level concepts around parsing and semantics and gritty details like bytecode representation and garbage collection. Your brain will light up with new ideas, and your hands will get dirty and calloused. It’s a blast.

Starting from main(), you build a language that features rich syntax, dynamic typing, garbage collection, lexical scope, first-class functions, closures, classes, and inheritance. All packed into a few thousand lines of clean, fast code that you thoroughly understand because you write each one yourself.

See also: Crafting “Crafting Interpreters”, Jordan Rose.

iPhone SE 2020

Apple (Phil Schiller, MacRumors, Hacker News):

Apple today announced the second-generation iPhone SE, a powerful new iPhone featuring a 4.7-inch Retina HD display, paired with Touch ID for industry-leading security. iPhone SE comes in a compact design, reinvented from the inside out, and is the most affordable iPhone. The new iPhone SE is powered by the Apple-designed A13 Bionic, the fastest chip in a smartphone, to handle the most demanding tasks. iPhone SE also features the best single-camera system ever in an iPhone, which unlocks the benefits of computational photography including Portrait mode, and is designed to withstand the elements with dust and water resistance.

iPhone SE comes in three beautiful colors — black, white and (PRODUCT)RED — and will be available for pre-order beginning Friday, April 17, starting at just $399 (US).

When the original iPhone SE came out, I loved it because it had the easy pocketability and the comfortable, square edges of the iPhone 5s, combined with the processor and camera of the then-flagship iPhone 6s. The 2020 iPhone SE has the hard-to-hold shape of the iPhone 6–8, the processor of the flagship iPhone 11 Pro, and the camera (it seems) of the previous-generation iPhone XR.

So, this is a better, cheaper iPhone 8, but unlike the original SE it seems unlikely to inspire down-switchers. The wildcard is that, if we all end up wearing face masks for an extended time, Touch ID could end up being more important than any new feature in the forthcoming iPhone 12.


Update (2020-04-17): Loren Brichter:

Also if I was Steve Jobs coming back from the dead the iPhone lineup would look like this. No more of this iPhone 11 XR XS PROMAXX Dell-circa-1999 shit.

S/M/L :: Consumer/Pro

John Gruber:

We’ve had size choices ever since the iPhone 6 and 6 Plus in 2014. But those choices have always felt like a choice between big and bigger, not between small and big. And it’s not just about how it feels in your hand, or how it fits in your pocket or purse. There’s a philosophical aspect to it, which was evident even back in 2016, when the 4.7-inch size still felt “big”, and it’s why that Obi Wan quote still feels so apt. It’s about the role our phones play in our lives — how big a chunk of our attention they consume, how big a space they occupy in our minds. We are all cognizant of how ever-present phones now are in our lives. Cutting back on the time we spend staring at, poking, and swiping them — paying more attention to the world and to the people around us rather than the content on our phones — is something most of us try to be mindful of.


The new SE betters the iPhone 8 with a main camera that is physically — sensor and lens — equivalent to that of the iPhone XR. But in practice the SE should be more capable than the XR as a camera system because of the A13 imaging pipeline (compared to the XR’s A12). This is evident from the fact that the new SE supports Portrait mode features the XR does not — the background-masking “stage light” and “high-key light” effects.

Mike Rockwell:

As the commenter points out, the $399 iPhone SE is more powerful than every flagship Android phone released last year, this year, and likely next year too. Yes, the $399 iPhone will be more powerful than the entire Android ecosystem into at least early 2022.

Nick Heer:

Even after carrying it every day for the last two and a half years, I still find that my iPhone X feels uncomfortable in my pocket.

Joe Fabisevich:

Worth noting that 4.7” screen that’s zoomed in for accessibility will have the same screen size as a 4.0” phone, so it’s something you should still support.


Update (2020-04-22): Philip Michaels:

There’s not much at this point that could dissuade me from buying an iPhone SE 2020. The size is right, and so is the feature set. Apple may have bigger and better phones coming down the pipeline in 2020, but there’s unlikely to be a phone better suited for me.

David Heinemeier Hansson:

In celebration of the SE2, I switched to my original SE for the weekend. It still feels like a completely magical device. You’d think if there’s room for fifteen different iPads, there’s room for a 4” SE with an A13 and a proper camera?

John Gruber:

The way Apple’s iPhone lineup has shaken out over the years, device size has correlated to camera quality to some degree.


I think what makes truly small phones — let’s say iPhone 5S-sized phones — hard to gauge the demand for is that no one has made one since the original iPhone SE 4 years ago.

Tuesday, April 14, 2020

Service Station 1.0

Service Station (via Peter Kamb):

Customize your Finder context menu with applications and scripts.

Set up Rules for different sets of file types. Show custom menus depending on which types of files and folders you right-clicked.

I’m a keyboard person, so I have done this sort of thing by writing AppleScripts (BBEdit, Preview, Terminal) and invoking them via FastScripts. This app seems very well done, though, and makes it easy to configure different apps for different situations. It’s free with a $15 IAP to enable unlimited menus/apps and to run scripts.

(Note: Despite the name, it doesn’t seem like this relates to the Services menu.)

Update (2020-05-06): Jason Snell:

So if you want, for example, all image files to feature Photoshop and Preview at the top of the Finder contextual menu when you right-click on them, you can do that. Select the app, and the file will be opened in that app. (Yes, you can navigate to the Open With submenu to do this—but the entire point of Service Station is to float the items you want to see to the very top of that menu.)

It took me a little while to figure out how to adapt my homebrewed automations for use with Service Station. My complex Automator actions that had been saved as Services needed to be re-saved as standard Automator Workflows, but then worked unmodified. Because Automator is the only approved way to build a Quick Action, a bunch of mine were actually just AppleScripts or shell scripts wrapped in a single Automator “do script” block. I pulled that code back out of Automator, made a couple of small changes, saved it in Service Station’s scripts folder, and everything worked just fine.

Bar None 1.0

Shaun Inman (via Bradley Chambers):

Anyway, after Apple regressed the keyboard to a functional design, it was finally time to upgrade. Enter the Touch Bar. One step forward, two steps back.

A week later, I’m still regularly accidentally brushing or resting my finger on it. As a developer my left thumb naturally rests on the command key, my index on the R key, which leads to my middle hovering over or resting on the former home of the function keys. The same thing happens in Photoshop with my right hand, thumb on command, index on the plus or minus key, and middle wandering into Touch Bar territory.


Bar None is an app that lives in your menu bar and ignores all Touch Bar input unless you’re holding the fn key. That’s it. (This effectively nukes the function keys but let’s be honest, Apple did that by introducing the Touch Bar.)


Linea Sketch 3

Ged Maheux (tweet):

Linea’s new Time-Lapse feature keeps a running record of your drawing while you work. When you’ve finished drawing, save a video of the result as either a compressed 30 second clip or a full length movie.


When you draw a line and pause to create a ZipLine, you can now place a single finger anywhere on the canvas to snap the end point of the line to isometric and oblique angles. It’s great for technical drawing or those who want perfectly angled strokes.


Today’s release changes Linea to a subscription model. We’ve received a great deal of feedback on our original plan and have removed limits on canvas creation. Instead, we’ll be using less restrictive reminders and badging. […] Lastly, if you purchased Linea Sketch in 2019 or later, your first year is free.

It now works on iPhones, too. People are not happy about the switch to subscription.


Update (2020-04-15): John Voorhees:

This is one of the mildest reactions I’ve seen to a paid-up-front app converting to subscription. Yes, there are more 1-star reviews, but the reaction on Twitter has been mild. The Iconfactory did a good job by announcing the switch in December.

Ged Maheux:

We tried to give users as much notice as possible instead of springing it on them which was a mistake with Twitterrific. In addition we gave anyone who bought it in the last year a free year without reminders. All these things helped I think.

It still leaves a bad taste because, as with Twitterrific, they took away a working app from people who had already paid. Ideally, customers who didn’t want the new version could keep using the old one, without updates, but because of the way the App Store works, the only way to do that would be to read that the new version was coming, turn off auto-updates, manually update every other app, and never get a new phone or restore from backup. Alternatively, Iconfactory could have segmented the available features based on when you purchased, like Fantastical did.

John Conway, RIP

Sue Gee:

John Conway, the mathematician who will be forever known to many programmers as the man who invented The Game of Life, died on April 11, 2020 at the age of 82, a victim of COVID-19.


As we reported back in 2014, see Does John Conway Hate Life, the popularity of GOL had been something of a millstone to to Conway himself - he regretted the way it overshadowed his other, more important, achievements.

Siobhan Roberts (book, excerpt):

For the last quarter century Conway has held the position of Princeton’s John von Neumann distinguished professor in applied and computational mathematics, now emeritus. Before that, he spent three decades at Cambridge, where in the 1970s, he dived deep into the vast ocean of mathematical symmetry. He discovered a 24-dimensional symmetry group that came to bear his name, and, with his colleague Simon Norton, he illuminated the 196,883-dimensional Monster group with a paper titled “Monstrous Moonshine”. Conway also discovered a new class of numbers, infinitely large and infinitesimally small, which are now known as “surreal numbers”.


In 1993, Conway attracted the attention of a New York Times reporter. The resulting profile opened with what Conway calls his “doomsday rule”, an algorithm by which he can calculate the day of the week for any given date[…]

John Gruber:

The Wikipedia entry on Conway’s Game of Life is excellent. Google has a good Easter egg for the query “Conway’s Game of Life”.

David Smith:

I distinctly recall the very first ‘genuinely cool’ program I ever wrote, Conway’s Game of Life in Computer Science 101. It seemed like magic that something so simple could be so beautiful. I wanted to pay a little tribute to him, so I’m adding this is an option in v1.0.4 [of Watchsmith].

See also:

Update (2020-05-14): Reg Braithwaite (via Hacker News):

Like so very, very many, I mourn Conway’s passing, and yet I also celebrate his life. I celebrate his accomplishments, I celebrate his curiosity, and I celebrate his skill at making important topics in mathematics engaging and interesting.

One of the finest examples of that skill is the programming language FRACTRAN, the subject of this essay.

Update (2021-01-07): zverok (via Hacker News):

At this point, I felt that probably some of APL approaches and examples could be translated to Ruby pretty straightforwardly, and that would be an idiomatic Ruby. To challenge this feeling, I experimented with translating the (in)famous APL’s one-line Conway’s Game of Life implementation—and succeeded to implement GoL in exactly one Ruby statement.

Siobhan Roberts (via Hacker News):

Dr. Conway was partial to the triangle, for which he discovered the Conway circle theorem: If you extend the sides of any triangle beyond each vertex, at a distance equal to the length of the opposite side, the resulting six points lie on a circle.

Siobhan Roberts:

“I used to go around saying, ‘I hate Life,’” Dr. Conway says in the film. “But then I was giving a lecture somewhere, and I was introduced as ‘John Conway, Creator of Life.’ And I thought, ‘Oh, that’s quite a nice way to be known.’ So I stopped saying ‘I hate Life’ after that.”

Recently, some of Life’s most steadfast friends reflected upon its influence and lessons over half a century.

Monday, April 13, 2020

SoundSource From Rogue Amoeba (Sponsor)

My thanks to Rogue Amoeba for sponsoring the blog this week.

Do you ever listen to audio on your Mac? Then SoundSource is for you. It lives in your menu bar and provides you with superior control over all your audio.

SoundSource From Rogue Amoeba

Take control of audio on a per-application basis. Now you can change the volume of any app relative to others and play individual apps to different audio devices.

Add effects to any audio, too. The Magic Boost and Volume Overdrive features let you hear your audio even in loud environments, and the built-in equalizer can sweeten the sound. Advanced users will love the ability to apply Audio Units to any audio.

SoundSource also provides fast access to the settings for your Mac’s Output, Input, and Sound Effects audio devices. Adjust levels, tweak the balance, and even switch sample rates, right from the menu bar. You may never need to open the Sound System Preference again!

SoundSource is made by Rogue Amoeba, the masters of Mac audio who bring you Audio Hijack, Airfoil, and more. Download the free SoundSource trial today. Through the end of April, readers of this excellent blog can save 20% with coupon code MJT20.

Arq 6

Stefan Reitshamer (tweet):

It’s been 4 years since Arq 5 first came out (although we’ve shipped 155 updates to Arq 5 in the meantime).

Our goal with Arq 6 was to make it work with the latest operating system features and the latest cloud storage options, make it more secure, and add the features people have been asking for, all while keeping it very simple to use, with smart default settings.

It’s $50 or $25 to upgrade. Lifetime licenses are no longer for sale, but they’re honored if you had already purchased one.

We worked with Apple to get access to the APFS API, so Arq 6 has native support for creating and using APFS snapshots.

This is great because it means Arq’s backup will be a perfectly consistent view of your files at a point in time, even if you’re modifying files as Arq is backing them up.

Backing up from a snapshot is great, and it’s one of several important enhancements to Arq’s backup engine:

The user interface has been completely redone. The good news is that the new design makes much more logical sense. It is easier to find things and to see what the app is currently doing. You can view the log for a backup right in the activity display, without having to go to a separate app. There are finally progress bars.

The bad news is that the app you interact with is now built with Electron. (The background agent process that does the work remains Objective-C.) The problems with Electron range from the superficial (everything just looks and feels off) to the functional (you can’t navigate outline views with the arrow keys or type-selection).

There are also areas where the new interface is designed in a less useful way. For example, when selecting which files to exclude, there used to be an outline view showing a live view of the file system, with checkboxes to mark items for exclusion. And there was a rule-criterion-like interface for excluding items based on patterns in their names. With Arq 6, this is all replaced by a text box filled with a mix of paths and globs. It’s short and narrow, with no indented wrapping, so I pretty much need to copy the text to BBEdit to see what’s going on. Even then, it’s cumbersome enough that I need to invert my backup selection model: instead of including a few big folders with lots of exclusions, it now makes more sense to selectively include smaller folders.

Other useful features from Arq 5 are absent. It no longer shows the amount of cloud storage used. You have to enter the backup password every time you change a setting. The log and status e-mails no longer tell you what was backed up. You can no longer see a preview of which items will be backed up. You can no longer start and stop backups from the menu bar. You can no longer quit the agent process—I now regularly force-quit it, as it swells to 25 GB of RAM. You can no longer control the software updater, which now updates to the latest version without even telling you. The data format specification and documentation are not available yet.

Overall, it just seems like the app was shipped before it was ready. After upgrading, all four of my backups (1 Amazon, 1 Google, 2 to hard drives) encountered problems importing the old backup data. One import reported 1.7 million errors, which ground the Electron interface to a halt and consumed 5.3 GB of RAM. I ran into a cascade of issues, and none of the original backups is yet working properly. Some backups got stuck and don’t do anything. Others seemingly want to upload all the files again, even though only a few have been modified.

I don’t think I’ve lost any data (though apparently some users have). The import process doesn’t delete the Arq 5 metadata, so it should still be possible to access all the snapshots with Arq 5. And Arq 5 snapshots are also restorable within Arq 6, although I ran into interface glitches with both the snapshot list and the file outline that made it impossible to actually access most of the data because the view wouldn’t scroll.

Still, to be on the safe side, I decided to put my old backups on pause and create all-new ones for Arq 6. The developer is normally very helpful and responsive but seems to be completely swamped making a flurry of fixes. It’s not really possible to get help at the moment, so I don’t want to mess anything up. New backups also make sense, anyway, because it’s the only way to take advantage of the new cloud storage classes, and because of the changes to selection/exclusion.

Arq Backup:

I’ve fixed a lot of issues in the past 5 days. I think importing is quite stable at this point. I apologize again for the problems. I will keep fixing issues as quickly as possible. And I’m going to rework the UI to look a lot more like Arq 5.

This is a sad situation because Arq is one of my favorite Mac apps of all time, and I don’t like to see it struggle. Plus, as a developer, it’s my nightmare to ship a build that I thought was stable only to find major bugs that no one encountered during testing. And then to have to choose between fixing the bugs ASAP and being responsive to the customers who are hitting them.

I still think that Arq, uniquely, gets the overall backup architecture right. Arq 6 makes major progress, but it also has some serious regressions. Most importantly, it needs more testing and refinement. I do not recommend updating right now. Arq 5 still works great. There’s no rush.

I remain positive about the long-term prospects for the app. There is, unfortunately, a history of major releases shipped with inadequate testing. But the developer has always worked hard to fix everything. Most of the time, Arq has been incredibly stable with everything just working as it should.


Update (2020-04-15): Stefan Reitshamer:

Unfortunately quite a few people experienced problems with importing Arq 5 settings and data.

I sincerely apologize for that. We’re doing everything we can, as quickly as we can, to fix the issues.


We’ve gotten a lot of feedback on the UI and have taken it to heart. We’re going to rework the UI to be cleaner, more compact, and laid out more like Arq 5.

I think the new layout is fine. I just prefer having native controls and button ordering.

Update (2020-04-17): Arq Backup:

We’ve removed the feature for importing Arq 5 data into Arq 6 format because of too much incompatibility between the 2 apps’ configuration approaches. Instead we’re working on adding an Arq 5 compatibility mode which will function just as Arq did -- same folder structure etc.

We plan to deliver compatibility mode before end of June 2020.

Git Tower 4.3

Julian Rothkamp (tweet):

Wouldn’t it be great if you could select individual files for stashing instead of all files - which is the default when using stashing? Now you can! Directly in Tower. Save Partial Stash enables you to do exactly that - stash only selected changed files from the Working Copy.


The new version includes another handy feature: Filtering the History by first parent. Doing so will hide merged commits in the history view. This is super useful if you are just interested in the mainline history and not the commits on a feature branch.

Lukas Kubanek:

Partial stashing in @gittower is much more helpful than I have initially thought. Instead of picking and committing the desired changes and stashing the rest, it’s now possible to go the other way around by picking the unwanted changes and stashing them first. Great addition!


Temporarily Free Content


Update (2020-04-15): See also: Pluralsight (via Cesare D. Forelli).

Resources for Learning Objective-C and AppKit

Jeff Johnson:

Back then, about 15 years ago, if you wanted to develop for the Mac, the recommended programming language was Objective-C, and the recommended application framework was AppKit, so I learned them. […] Since these technologies have unfortunately fallen out of favor, the resources for learning them are not as readily available as before. It appears that many would-be Mac developers don’t even know where to start learning. That’s where I come in, as someone who has been there before. There’s no definitive way to learn, but I can offer some suggestions from my own experience.

There’s also lots of great information in the Apple and Omni Group mailing list archives.

Update (2020-12-08): Isaac Halvorson:

I started cataloging some macOS dev resources in a git repo a while back.

Friday, April 10, 2020

Contact Tracing

Russell Brandom and Adi Robertson (Hacker News, MacRumors):

Apple and Google announced a system for tracking the spread of the new coronavirus, allowing users to share data through Bluetooth Low Energy (BLE) transmissions and approved apps from health organizations.

The new system, which is laid out in a series of documents and whitepapers, would use short-range Bluetooth communications to establish a voluntary contact-tracing network, keeping extensive data on phones that have been in close proximity with each other. Official apps from public health authorities will get access to this data, and users who download them can report if they’ve been diagnosed with COVID-19. The system will also alert people who download them to whether they were in close contact with an infected person.

Matthew Panzarino:

A quick example of how a system like this might work:

  1. Two people happen to be near each other for a period of time, let’s say 10 minutes. Their phones exchange the anonymous identifiers (which change every 15 minutes).
  2. Later on, one of those people is diagnosed with COVID-19 and enters it into the system via a Public Health Authority app that has integrated the API.
  3. With an additional consent, the diagnosed user allows his anonymous identifiers for the last 14 days to be transmitted to the system.
  4. The person they came into contact with has a Public Health app on their phone that downloads the broadcast keys of positive tests and alerts them to a match.
  5. The app gives them more information on how to proceed from there.


All identification of matches is done on your device, allowing you to see — within a 14-day window — whether your device has been near the device of a person who has self-identified as having tested positive for COVID-19.

Mark Gurman:

Apple and Google stressed on Friday that their system preserves users’ privacy. Consent is required and location data is not collected. The technology also won’t notify users who they came into contact with, or where that happened. The companies said they can’t see this data either, and noted that the whole system can be shut down when needed.

Steve Troughton-Smith:

Contact Tracing framework preliminary API reference (!)

Surprisingly, it’s in Objective-C.

Update (2020-04-17): Ross Anderson:

There have recently been several proposals for pseudonymous contact tracing, including from Apple and Google. To both cryptographers and privacy advocates, this might seem the obvious way to protect public health and privacy at the same time. Meanwhile other cryptographers have been pointing out some of the flaws.

There are also real systems being built by governments. Singapore has already deployed and open-sourced one that uses contact tracing based on bluetooth beacons. Most of the academic and tech industry proposals follow this strategy, as the “obvious” way to tell who’s been within a few metres of you and for how long.


But contact tracing in the real world is not quite as many of the academic and industry proposals assume.


Fifth, although the cryptographers - and now Google and Apple - are discussing more anonymous variants of the Singapore app, that’s not the problem. Anyone who’s worked on abuse will instantly realise that a voluntary app operated by anonymous actors is wide open to trolling.

Via Bruce Schneier:

So I agree with Ross that this is primarily an exercise in that false syllogism: Something must be done. This is something. Therefore, we must do it. It’s techies proposing tech solutions to what is primarily a social problem.


As long as 1) every contact does not result in an infection, and 2) a large percentage of people with the disease are asymptomatic and don’t realize they have it, I can’t see how this sort of app is valuable. If we had cheap, fast, and accurate testing for everyone on demand...maybe.

Joe Rossignol:

Apple today in a press briefing indicated that its upcoming COVID-19 contact tracing system with Google will have a verification flow, meaning that users will be required to submit proof in order to report that they have tested positive for the disease.


Regularly rotating identifiers used by the phone is a start, but if an adversary can learn that multiple identifiers belong to the same user, it greatly increases the risk that they can tie that activity to a real person. As we understand Apple and Google’s proposal, users who test positive are asked to upload keys that tie together all their identifiers for a 24-hour period. (We have asked Apple and Google for clarification.) This could allow trackers to collect rotating identifiers if they had access to a widespread network of bluetooth readers, then track the movements of infected users over time. This breaks the safeguards created by using rotating identifiers in the first place. For that reason, rotating identifiers must be uploaded to any central authority or database in a way that doesn’t reveal the fact that many identifiers belong to the same person. This may require that the upload of a single user’s tokens are batched with other user data or spread out over time.


When the COVID-19 crisis ends, any application built to fight the disease should end as well. Defining the end of the crisis will be a difficult question, so developers should ensure that users can opt out at any point. They should also consider building time limits into their applications themselves, along with regular check-ins with the users as to whether they want to continue broadcasting. Furthermore, as major providers like Apple and Google throw their weight behind these applications, they should articulate the circumstances under which they will and will not build similar products in the future.

Ben Thompson:

The reality that tech companies, particularly the big five (Apple, Microsoft, Google, Amazon, and Facebook), effectively set the rules for their respective domains has been apparent for some time. You see this in debates about what content to police on Facebook or YouTube, what apps to allow and what rules to apply to them on iOS and Android, and the increasing essentiality of AWS and Azure to enterprise. What is critical to understand about this dominance is why it arises, why current laws and regulations don’t seem to matter, and what signal it is that actually drives big company decision-making.


Moreover, it is baldly obvious that the only obstacle to this being involuntary is not the government, but rather Apple and Google. What is especially noteworthy is that the coronavirus crisis is the one time we might actually wish for central authorities to overcome privacy concerns, but these companies — at least for now — won’t do it.

Mattt Thompson:

In this article, we’ll take a first look at these specifications — particularly Apple’s proposed ContactTracing framework — and use what we’ve learned to anticipate what this will all look like in practice.

Ben Adida:

Last night, I spent some quality time with the Apple docs on the new contact tracing protocol and APIs they and Google are preparing.

I’m quite optimistic about this effort. Here’s why.

CloudKit Impressions From a NetNewsWire Developer

Maurice Parker (tweet):

One area that CloudKit outshines our RESTful service implementations is that it gets notifications when the data changes. This keeps our data more up to date. In the RESTful services, we sync which feeds you are subscribed to every so often via polling. This happens at shortest around every 15 minutes. Realtime updates to your subscription information isn’t necessary, but it is fun to add a feed on your phone and watch it appear in realtime on the desktop.


One thing I wanted to do was provide a centralized repository that knew which feeds had been updated and when. I planned to have a system that would use the various NetNewsWire clients to update this data and notify the clients. My theory was that checking one site for updated feeds would be faster than testing all the sites to see if their feeds had updated.

I ended up giving up on this task. I think it would have been possible to implement in CloudKit, but would not have been faster than checking all the sites for their feed updates. […] There is no such thing as a “JOIN” between CloudKit records. If I could have connected data from more than one record per query I could have done some data driven logic.

I’d like to switch (back) to NetNewsWire when this ships, although I haven’t decided what I’ll do about the smart folder and Pocket features I use in ReadKit.


The Windmill Source Code Is Now Public

Markos Charatzas:

Effectively, by Apple putting Windmill on notice, the only way I can distribute Windmill on the Apple platforms is at the source code level. Even though this does not serve the mission to make continuous delivery accessible, whatever value Windmill brings even as source code, is better than none at all.

The development of Windmill did come to an abrupt end and didn’t get a fair chance to become what I had envisioned. It would bring me joy to know that developers will benefit from it by learning something new. It’s a way to give back to the community.

Windmill is not some example software after all. It is production grade that spans across the desktop, mobile and the server. The software engineering behind it is still relevant and the technologies used modern.


Releasing the source code of Windmill does not make it open-source. I don’t plan on contributing any time or energy developing it further.


Every Zoom Security and Privacy Flaw So Far

Glenn Fleishman:

TidBITS contacted Zoom for its insights about how it has handled security and privacy issues, but the company didn’t reply. As I finished this article and in a few days that followed, however, Zoom publicly responded to disclosures of new security problems. The first response, unlike most previous ones, was a blog post with an apology and a full explanation. A subsequent post laid out the company’s plans for how it will improve its software and its culture around security and privacy. It’s a glimmer of hope for the future. A third responded to a privacy group’s investigation into the company’s weak choices in encryption algorithms and in routing some meeting traffic through China for non-Chinese participants. The rapid response and general frankness was in stark contrast to earlier behavior.

In this article, I walk through the many software, security, and privacy issues Zoom has encountered and its response to each.

This is really thorough.

See also: Hacker News (2, 3, 4).

Barbara Krasnoff:

We recently ran a roundup of some of the free videoconferencing apps available, including Zoom. Since so many questions have come up about Zoom’s security, we’ve decided to run the roundup again, this time excluding Zoom and adding other apps that you can use instead.


There are a number of apps we have not included, such as Facebook, WhatsApp, and FaceTime, that allow you to do video chats; they either require that all participants be members (Facebook, WhatsApp) or that you use a specific type of device (FaceTime, which is Apple-only). The following list includes more generalized applications that allow you to participate without having to actually register for the app (unless you’re the host).

Nick Heer:

It’s right to more heavily scrutinize Zoom as it plays a pivotal role in our self-isolated current state of affairs. But what are the alternatives? Fleishman compiled those, too, but even he acknowledged at the time that it “has emerged as the clear winner for large groups”. Competing options can be pricey — particularly for underfunded organizations like charities and schools. Most of these tools are also designed for businesses; they may not work as well as Zoom in a classroom context. It is critically important that Zoom gets this right, or security professionals are going to increasingly recommend that it be avoided entirely.

Pranav Dixit (via Hacker News):

Last week, Google sent an email to employees whose work laptops had the Zoom app installed that cited its “security vulnerabilities” and warned that the videoconferencing software on employee laptops would stop working starting this week.


Update (2020-04-15): Ben Matasar (via Eric Blair):

Problems with Zoom:

- don’t always take security and privacy as seriously as I’d like
- privacy features aren’t very discoverable

Problems with alternatives to Zoom:

- hearing people
- seeing people
- connecting to calls

George Snow has posted some AppleScripts for adding and removing permissions for the camera and mic. He uses FastScripts to override Command-Q in Zoom so that he can quit the app and prevent it from recording anything with a single command.

Update (2020-04-23): Natasha Singer and Nicole Perlroth (Hacker News, Slashdot):

One year ago, two Australian hackers found themselves on an eight-hour flight to Singapore to attend a live hacking competition sponsored by Dropbox. At 30,000 feet, with nothing but a slow internet connection, they decided to get a head start by hacking Zoom, a videoconferencing service that they knew was used by many Dropbox employees. The hackers soon uncovered a major security vulnerability in Zoom’s software that could have allowed attackers to covertly control certain users’ Mac computers. It was precisely the type of bug that security engineers at Dropbox had come to dread from Zoom, according to three former Dropbox engineers.


The former Dropbox engineers, however, say Zoom’s current woes can be traced back two years or more, and they argue that the company’s failure to overhaul its security practices back then put its business clients at risk. Dropbox grew so concerned that vulnerabilities in the videoconferencing system might compromise its own corporate security that the file-hosting giant took on the unusual step of policing Zoom’s security practices itself, according to the former engineers, who spoke on the condition of anonymity because they were not authorized to publicly discuss their work. As part of a novel security assessment program for its vendors and partners, Dropbox in 2018 began privately offering rewards to top hackers to find holes in Zoom’s software code and that of a few other companies.

Joe Basirico:

Zoom is an interesting case study in the various ways that software can fail. The Zoom team has had to learn a lot of lessons quickly, including the pitfalls of reusing components, figuring out how to make security engineering improvements to their SDLC and DevOps processes, and the need for a CISO leadership team.

In this article I want to walk you through some of the issues that were recently publicized. I’ll break them into categories to understand the mistakes made and the subsequent decisions that were necessary. There has been a bit of a pile-on with security professionals each taking their turn to tell Zoom how they could have done better. Some of the issues that were uncovered are truly concerning, while others are natural tradeoffs between security and usability. In some cases, Zoom was actually following best practices (like reusing components), but got bitten anyway.

See also: Lessons for Zoom from Chatroulette, the original live video site.

Zoom Installation

Felix Seele (Hacker News):

Ever wondered how the @zoom_us macOS installer does it’s job without you ever clicking install? Turns out they (ab)use preinstallation scripts, manually unpack the app using a bundled 7zip and install it to /Applications if the current user is in the admin group (no root needed).

Cabel Sasser:

The true Zoom experience begins with the installer. You have the standard list of steps on the left. The sheet comes down that says “This package will run a program to determine if the software can be installed.” You click Continue. The installer quits. It’s done. WTFFFFF

Kyle Howells:

This, and every Zoom controversy, makes sense if you think of it this way. They value easy of use above all else. Above being a good platform citizen, above security, above everything.

Like most start ups maximise engagement and growth above all, Zoom maximises ease of use.

Eric Slivka:

Zoom CEO Eric Yuan responded to Seele, noting that while the installation method was “implemented to balance the number of clicks given the limitations of the standard technology,” he recognized the issue and promised to “continue to improve.”

Zoom has now updated its Mac app installer to no longer use the preflight installation method, instead using a traditional installation authorization process, as noted by The Verge.


I noticed while installing WebEx today that the installer immediately terminated itself after popping up the pre-installation script.

Running strings on the installation plugin (CWSPkgPlugin.bundle) shows why - it’s using a similar process to what Zoom does

Oliver Hunt:

Ok, so given sandboxing exists, I feel it should be possible to make it so that installers can’t write to the file system (or poll the network) while the preinstall scripts are running[…]

Cabel Sasser:

One thing that freaks me out about Zoom is that there are no Retina images on first launch, but later they just kind of… appear. I do wonder if they’re not there in the first place because of this “Reitna” typo

Charlie Fish:

Is there ANY legit reason why @zoom_us needs admin privileges to support retina display on macOS? Never seen an application require admin privileges to use retina display.

Guilherme Rambo:

The initial download of the app doesn’t include retina assets, so they have to be downloaded and installed separately (why that requires admin privileges, I don’t know). Yet another “feature” they implemented without thinking about the implications.

Dan Amodio (Hacker News):

zoomAutenticationTool will run whatever script you give it, and ask you to authenticate as System. It’s like they wrote their own sudo tool.. Don’t think you can weaponize but weird practice.


Update (2020-11-27): Pedro José Pereira Vieito:

Introducing InstaZoom: A Safari Extension that transparently redirects Zoom meeting links to Zoom in-browser web client so you can avoid installing the Zoom application.

Thursday, April 9, 2020

macOS 10.15.4 Supplemental Update

Joe Rossignol (tweet):

Newer devices running Apple’s recently released iOS 13.4 and macOS 10.15.4 software updates are currently unable to make FaceTime audio and video calls with older devices running iOS 9.3.5 or iOS 9.3.6, according to numerous users across the Apple Support Communities, MacRumors Forums, Reddit, and Twitter.

Juli Clover:

The macOS Catalina 10.15.4 Supplemental Update can be downloaded from the Mac App Store for free using the Update feature in the System Preferences app.

The new software introduces a fix that caused Mac computers running macOS Catalina 10.15.4 to be unable to participate in FaceTime calls with devices running iOS 9.3.6 and earlier or OS X El Capitan 10.11.6 and earlier.

The combo update is available here. See also: Mr. Macintosh, Howard Oakley.

Mr. Macintosh:

I have seen some reports of the macOS Catalina 10.15.4 Update or the 10.15.4 Supplemental update bricking Macs. If your Mac has one of the following symptoms below restoring BridgeOS on your T2 Mac might help you.


Update (2020-04-10): Joe Rossignol (tweet):

A sizeable number of Mac users are experiencing occasional system crashes after updating to macOS Catalina version 10.15.4, released a few weeks ago.

The crashing issue appears to be most prominent when users attempt to make large file transfers.


Other users on macOS 10.15.4 have experienced crashes after waking their Mac from sleep, with affected systems suffering a kernel panic and rebooting to the Apple logo, according to comments shared on the Apple Support Communities, MacRumors Forums, Reddit, and Twitter.


3 and 4 finger gestures no longer work for me after the update :/ (2015 MBP). Reseting SMC/PRAM did not help unfortunately.

Update (2020-04-23): Mr. Macintosh:

I ran a few tests tonight as I was seeing some inconsistencies with some new user reports. MrMacintosh reader Neo mentioned that he saw a warning message before BridgeOS Restore. “All your media and other data will be erased from the primary disk”. Wait what??? This message did NOT show up before, when I restored BridgeOS on multiple devices. I looked back and sure enough, If you look at the 2nd screen shot under section #9 the message says nothing about losing all your user data!

Mr. Macintosh:

The Catalina 10.15.4 Update is causing kernel panics in some 16″ 2019 MacBook Pros.

Tim Standing:

A few days after the macOS 10.15 update was released, we began to hear of “Finder hangs” from DITs (Digital Imaging Technician) on movie sets. They were having their Macs stall when transferring hundreds of gigabytes of video from their 4K and 8K camera cards to their OWC ThunderBlades and ThunderBays. Anytime we hear about this type of problem, we immediately start looking for a cause.

A day later, we were able to reproduce the problem 100% of the time by copying 300 GB of large (10 GB) files from one SoftRAID RAID volume to another. Using a kernel debugger, we determined that the hang was not caused by an error in the SoftRAID driver. We then were able to reproduce the hang on an AppleRAID volume, using the AJA System Test Lite test application.

Mr. Macintosh:

Did you Install the 10.15.4 Supplemental Update on your T2 Mac, only to find that it will not power up after the Install?


This issue is similar to the 2019-001 Security Update last November that cause Data loss. The Reports are very close as it was first thought that the problem was the users fault for shutting down the Mac during the BridgeOS update.

What actually happened was, the BridgeOS Update Failed and destroyed the encryption keys.

Paul Wagenseil (Hacker News):

Supplemental Catalina update was supposed to fix problems, but just created more

Mr. Macintosh:

The 10.15.4 Supplemental Update resets the ComputerName & HostName back to default on some Macs.

Oliver Haslam:

The problem started after installing macOS 10.15.4. One fix seems to be working for most people. Some owners of the 16-inch MacBook Pro have reported that their machine restarts when asleep – often while left alone and plugged in. And the problem only started to happen once they updated to macOS 10.15.4. Thankfully, there’s a fix. In fact, it’s more of a workaround.

iPad Main Menu

Alexander Käßner (via Kontra):

This concept brings the main menu we know and love from Mac to iPad. It keeps the numerous advantages of a written menu, redesigned with touch devices in mind.

iPad Main Menu helps bring a vast amount of features to iPadOS for people who seek out this power, while keeping the OS accessible for users who prefer a simpler experience.

Riccardo Mori:

Every concept I’ve seen to ‘improve the iPad’s UI’ adds Mac-like elements/ideas to the interface. […] Some ideas are not bad, per se, but I keep wondering, Will we ever think outside of this box?

At what point do you give up waiting for a revolutionary idea that may never come and go with an old idea that works?

Meanwhile, third-party developers try to make the existing design work better.


Podcasts During Pandemic


Podcast listening is down, but not as much as you’d think. Here’s my daily and weekly app sessions.

Weekends are always about 30% lower than weekdays.

Quarantine reduced the weekdays by 20% (likely commuters), but weekends are unchanged.

Total usage is only down about 15%.

Jason Snell:

This actually matches what I’ve heard - some people are listening to way more podcasts now, while others no longer have all that listening time because their commutes are gone. Net result seems to be slightly reduced listenership, but not as dramatic as you might think.

I hope the advertising holds up.

Update (2020-04-15): Podtrac:

Podcast streams and downloads during peak weekday morning commute times were down an average of 26% for the week of April 6-12 compared to the week of March 2-8 across all Podtrac measured podcasts.

Update (2020-05-22): Overcast:

Podcast listenership is slowly increasing toward pre-quarantine levels.

Here’s graphs of Overcast’s daily (valleys are weekends) and weekly sessions.

The first few weeks of quarantine were down about 16% from the prior average.

Last week was down only 12%.

Wednesday, April 8, 2020


David Smith (tweet):

Watchsmith is an application that seeks to give you complete control over the appearance and utility of your Apple Watch.

First, it provides a wide array of complications. Each of these is completely customizable, with controls for things like font, color, hand type and location. The initial set is just over 50 unique complications, with dozens more planned down the road. My goal is to provide a complication for just about every use and let you make it look just how you want. In the absence of 3rd-party watch faces, this is the closest I can get to making my own watch faces.

Second, rather than simply providing a static display of the complication you configure, Watchsmith lets you dynamically schedule the complications to appear on your watch face. This is done using time based triggers (with plans for additional trigger types down the road).

This looks really cool. The app is free with a $20/year subscription to enable additional options and use data sources that have recurring costs.

Ryan Christoffel:

As Smith has previously explained, while third-party faces may never be possible, several first-party faces already offer significant room for customization. The Infograph face, for example, contains eight different complication slots; if a rich array of third-party complications were available, you could build a highly customized watch face using the existing faces provided by Apple.


The iPhone version of Watchsmith is all about creating your custom complications.


Having complications automatically cycle through the same slot was pioneered in HomeRun by Aaron Pearce last year, and I’m thrilled to see another app follow HomeRun’s example. Although Apple itself doesn’t enable scheduling complications through a native feature, I wouldn’t be surprised to see that change in a future version of watchOS.

HBO to Drop Support for Apple TV 2 & 3

Joe Rossignol:

HBO today announced that its HBO GO and HBO NOW streaming services will no longer be available on second-generation and third-generation Apple TV models starting April 30, 2020.

Since iOS 13, the Remote app has been unreliable with my Apple TV 3. It gets stuck in different modes, and sometimes the keyboard won’t come up or won’t dismiss. I guess the writing is on the wall for my Apple TV. I want a working Remote app, AirPlay, etc., but this doesn’t seem like a good time to buy a nearly three-year-old Apple TV 4K. Or the even older Apple TV 4 for $150.


Update (2020-04-10): Mitchel Broussard:

The company has now extended this deadline, and will remove HBO NOW from these platforms on May 15, 2020 and HBO GO will remain available for “a few additional months.”

Masks and Face ID

John Gruber:

It’s nonsense to argue about the fact that wearing a mask — even a homemade one — is less than 100 percent effective. Nothing is 100 percent effective, and all evidence suggests that masks are, at the very least, quite effective.

Maciej Ceglowski (tweet):

I want to persuade you not just to wear a mask, but to go beyond the new CDC guidelines and help make mask wearing a social norm. That means always wearing a mask when you go out in public, and becoming a pest and nuisance to the people in your life until they do the same.


Masks are in short supply, but you can MacGuyver one out of practically anything, including paper towels, cotton, vaccum cleaner bags. Expect the number of online tutorials to proliferate. Here are some I am partial to[…]

Tim Cook:

Apple is dedicated to supporting the worldwide response to COVID-19. We’ve now sourced over 20M masks through our supply chain. Our design, engineering, operations and packaging teams are also working with suppliers to design, produce and ship face shields for medical workers.

Unfortunately, modern iPhones don’t work well with masks. If you’re wearing a mask, Face ID won’t let you unlock your phone. Setting up an alternate appearance wearing a mask doesn’t work because it will complain that something is obstructing your face.

You can set up the alternate appearance up while wearing half a mask, and I was eventually able to get this to work and complete the full scan. It would then let me unlock the phone while wearing the full mask, although it would often take multiple tries. I’m not sure whether this totally ruined the security so that it would have unlocked for anyone wearing a mask. Anyway, it’s moot because by the next day the iPhone was no longer recognizing me with the mask at all, and I was unable to even set it up with the half mask again.

So, what to do:


Update (2020-04-24): Felix Krause:

I’m really surprised Apple didn’t yet ship an iOS update properly supporting face masks.

I see people trying to unlock their phones in grocery stores, and you can guess what they do next when they notice their phone doesn’t unlock.

Calling for COBOL Programmers

Kif Leswing (tweet, Hacker News):

New Jersey Gov. Phil Murphy says that the state is looking for volunteers with skills that can be used to help in the COVID-19 coronavirus outbreak, and one of those skills is knowing your way around a 61-year-old programming language used on big, old, mainframe computers.


New Jersey needs COBOL programmers because many of the state’s systems use older mainframes, and those systems are now seeing record demand for services as the coronavirus outbreak disrupts the economy.

For example, an unprecedented 362,000 people have applied for unemployment in New Jersey as a result of the coronavirus outbreak, and the state’s IT department is working to have the 40-year-old mainframes that power that service up and running, New Jersey’s commissioner of labor Rob Asaro-Angelo said on Saturday.

Brian Roemmele:

Folks laughed when I said there is more 200 times of COBOL transactions each day then Google searches.


I used to work on mainframe COBOL during the Y2K times. While the language is easy to pick up and the OS specific things are not too hard, the style of programming can lead to issues. Typically, shared data structures are often stored in separate files called copybooks and they can be hard to track down. Most of the code is not in any source control repositories which means no one knows which is the actual deployed version. It was all fun times then..

Update (2020-04-17): Dave Gershgorn (via John Feminella):

“I show COBOL programs written in 1960 that you can still compile and run today,” says J. Ray Scott, a professor at Carnegie Mellon University, and one of the few professors who still teaches COBOL.


“There was a period of 20 years where people were sure COBOL was dead, so there was nobody teaching it, nobody learning it,” he said. “COBOL started before there were disc drives, let alone the internet.”

A sliver of hope, Scott says, is that COBOL isn’t a particularly complex language to learn. When he was starting his career programming for steel mills in Pittsburgh, he says companies would perform aptitude tests for workers on the floors of the mills. If they passed, they were sent to a two-week COBOL class at IBM and then put onto the job in the IT department.

Zed Shaw:

The east coast governments are riddled with ancient VAX and OpenVMS COBOL systems because there are employees tied to these systems.


A main source of failure in many rewrite projects is the former programmers know that if their code is gone they can be fired, so they try to sabotage it. I’ve seen it over and over, and they’re slick about it. Just little failures all over.

See also: Dilbert.

Input (via Hacker News):

IBM is releasing a free training course next week to teach the 60-year-old programming language COBOL to coders. It is also launching a forum where those with knowledge of the language can be matched with companies in need of help maintaining their critical systems.

Michelle V. Rafter (via Hacker News):

Connecticut’s labor department is bringing back retirees and using IT staff from other departments to upgrade its 40-year-old system, which runs on a Cobol mainframe and connected components. The system is not fully automated, and requires manual actions at multiple points in the process, according to Nancy Steffens, the department’s head of communications. “I don’t have any info to provide to you other than some of the retirees returning to work are programmers knowledgeable in Cobol,” Steffens said.

kristopolous (via Dan Luu):

I asked a few friends about the New Jersey call. They (2 of them, both retired and over 70) claimed there’s no work to be done and it’s actually an incompetently administered administration with human problems who are scapegoating the technology. Also supposedly the New Jersey govt sacked their team and then was trying to contract out the work at $50/hr. Now they are offering $0/hr. And the solution isn’t in software, or so they claimed. This assessment was after both signed up to volunteer to do the work and saw it was a human process failing and not a software issue.

Glenn Fleishman:

There have been efforts in the past to build a full replacement for MOCAS, and they’ve sputtered due to cost, complexity, and transition planning. Because the system handles so much that’s in progress and critical to the DoD, any new system has to overlap and perfectly hand off everything underway. The government is asking vendors once again to submit bids to shed this highly functional vestige of the past.

Dr. Drang:

I wonder what kind of stories we’ll see when word gets out that weather predictions are made using Fortran?

Makena Kelly:

A survey by The Verge found that at least 12 states still use COBOL in some capacity in their unemployment systems. Alaska, Connecticut, California, Iowa, Kansas, and Rhode Island all run on the aging language. According to a spokesperson from the Colorado Department of Labor and Employment, the state was actually only a month or two away from “migrating into a new environment and away from COBOL,” before the COVID-19 pandemic hit.


For the last 25 years, Congress has steadily made cuts to the states’ funding for modernization projects. According to Williams, many government budgets only include enough money for “keeping the lights on.”

John Gruber:

As a sidenote, I’m fascinated at how code has, seemingly all of a sudden, eclipsed program in common usage. Until recently, a programmer was one who programmed using a programming language. Now, you typically hear that a coder is one who codes using a coding language.


iPad Desk Mode

Federico Viticci (tweet):

Ever since I upgraded my home office with a new desk, Mac mini, and UltraFine 4K monitor in November 2018, I’ve been working toward a single goal: building a setup that would allow me to use the same external display and keyboard with two different computers and OSes – the Mac mini and iPad Pro. Same desk, two vastly different experiences. It took me a while, but thanks to the improvements in iPadOS 13.4 (and a late realization on my part), I’m happy to say I finally have the “desktop iPad Pro” setup I’ve long desired.


In practice, the net result of Apple’s pointer efforts is a comprehensive system that lets me fully control the iPadOS UI mirrored on my UltraFine 4K monitor without ever touching the iPad Pro. This has fundamentally altered the ergonomics of my setup and improved how quickly I can get work done with multiple apps in this configuration.

With a native pointer, I can finally select text with higher precision than multitouch without taking my hands off the keyboard and trackpad in front of me.


Tuesday, April 7, 2020

Apple’s Information Systems & Technology Division

Alex Kantrowitz (MacRumors, Hacker News):

IS&T is made up largely of contractors hired by rival consulting companies, and its dysfunction has led to a rolling state of war. “It’s a huge contractor org that handles a crazy amount of infrastructure for the company,” one ex-employee who worked closely with IS&T told me. “That whole organization is a Game of Thrones nightmare.”

Interviews with multiple former IS&T employees and its internal clients paint a picture of a division in turmoil, where infighting regularly prevents the creation of useful software, and whose contract workers are treated as disposable parts.


When IS&T’s projects are finally completed, they can cause even more headaches for Apple employees, who are left with a mess to clean up. Multiple people told me their Apple colleagues were forced to rewrite code after IS&T-built products showed up broken.

From what I’ve heard, this is a longtime problem, and it’s a mystery to me why this group has been immune to the Cook Doctrine. Apple buys forests to manage the paper used in its packaging and designs the desks its employees use and even the pizza boxes for its cafeteria. But when it comes to building the software that runs the company, that’s not considered a core competency.


Update (2020-04-08): chubot:

If you’ve worked in a huge org like Apple or the government, you’ve seen incredible inefficiencies. How can all these smart and often well-paid people be doing something so wrong (i.e. wasting time with political battles, etc.)?

But that’s only true if you look at the “medium view” of the organization. If you look at the large view, how the money actually flows, then it might be beneficial for one part like IS&T to be kind of broken, as long as the rest of the company works.

I have seen this dynamic at other companies. Internal tools can sometimes hold too much leverage over the organization. They can almost “blackmail” people into getting their way because they have a literal monopoly over what they do. It might be better to let multiple teams fight battles amongst themselves, which seems inefficient if you’re working as a regular joe, but could be efficient from the CEO’s perspective.


I was part of a team inside Apple that developed internal-facing tools for the retail teams. Our team was formed because of the extremely high cost in dollars and time that IS&T wanted to charge to develop some fairly straightforward tools. My team was taken from the departments that used the tools, and we developed things that were very custom-fit to what those departments needed.

Eventually politics overcame us, and IS&T finally managed to take over our team. We all became contractors in order to support the migration to their infrastructure, and continue development of the tools. A bit later we all became fired as our project was outsourced to contractors in India, managed by IS&T PMs who had no idea what our tool was used for and had never been inside a retail store. The tools all died shortly after that, some killed by IS&T, some petered out due to lack of use now that they no longer worked correctly or were a good fit for the users.

As far as we could tell, IS&T was run as a unique company inside Apple, which did it’s fair share of price gouging in order to make itself money to keep going. Its purpose never appeared to be helping Apple customers or Apple employees, it was simply to get bigger, absorbing more money and power wherever possible, with no apparent reigning in from the parent org.


I had a similar experience w/Apple. A startup I worked for was brought into Cupertino for a meeting w/their internal business teams. They wanted us to build them an app which seemed relatively simple involving their internal Cafe Mac cafeterias, data centers, and possibly retail locations. It was something that a company like Apple could build in their sleep. But the business folks we met with said that’s how it is at Apple, all the engineering talent goes towards the product side and almost nothing is left for internal IT. They told us how they struggled to get anything done and there were almost no resources available, so the business teams had to go and hire their own IT if they needed things done.


Is there any big consumer product company out there that doesn’t deprioritize management and engineering talent for internal tools and systems ?

Adam Bodnar:

Former IS&T. It’s been that way since 2003 and pretty sure long before then. Cook even made it worse at one point where he forced all non product dev team to be inside IS&T. Not sure if it’s changed, but at the time they were managed by someone that didn’t want to change.

See also: Hacker News, John Gruber, Slashdot.


Personally I find the discussion about IS&T less interesting than how SWE is broken at Apple — e.g., the engineering quality and resources in Eddy-org vs Craig-org, etc

and yes IS&T tools are trash but some of the SWE tools are just as bad

One of my favourite examples about Apple’s broken SWE tooling is the insanely bad crash reporting website that performs like it runs on a Mac Mini on an engineer’s desk.

Meanwhile Uber, with 1/20th of Apple’s resources, has crash analytics and reporting infra that is years ahead

Steve Troughton-Smith:

There’s a lot of talk about Apple’s IS&T group dysfunction without referencing how it’s relevant to any of us: IS&T run Radar. If you’ve wondered why it’s been so hard to improve Radar for external devs, there is a big part of the reason — we’re not IS&T’s customers

See also: John Gruber (tweet).

Marco Luoma:

A “friend” who works at the local Apple Store constantly complains about the bugginess of the POS software on the handheld devices. “Like sending soldiers into battle with rubber swords” is a memorable quote.

Monday, April 6, 2020

App Store Sandbox Dropping Requests

Jacob Eiting (of Revenue Cat):

Alright, it’s been 2 weeks now and the App Store Sandbox environment has been basically in failure mode for 4 hours every day.

About 50% requests are just being dropped with no error code, the server just disconnects before returning anything.

This doesn’t just affect developers building apps. When App Review tests your in-app purchases, they use the Sandbox environment.

We’re seeing tons of apps, new and old, getting rejected for no reason. Causing all sorts of panic and wasted time, costing a ton of money for devs.

We’ve even had customers temporarily remove IAPs from their app just to get through App Review.

Needless to say, the system status page doesn’t show any problems.


Amazon Prime Video Now Allows In-App Rentals and Purchases

Nick Statt:

Prior to the change, Amazon would not allow you to rent or buy content on the Prime Video app, instead, directing users to a web browser to avoid the App Store fee. You could still sign up for a Prime Video subscription through the iOS app if you are not an Amazon Prime subscriber, but even then, you could not make individual content purchases from within the app.

Now, when users log in to the Prime Video app, there should be a message reading, “Browse, rent, or buy new release movies, popular TV shows, and more — now within the app.”

The prices do not appear to have been raised to account for the 30 percent fee, as some platform owners like Spotify have done in the past.

This is one of the biggest changes in the history of the App Store. I don’t see anything in the App Store guidelines about it, though. They still say:

If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc.

Rene Ritchie:

Basically, if Amazon wants 30% from content creators to aggregate videos for Prime, and Apple wants 30% from Amazon to aggregate Prime for the App Store, and the content creator still wants 70%, it breaks the math.

A few years back Apple dropped the second year subscription revenue share down to 15%, but that still makes multiple middle vendors tough. Neither Amazon nor Apple can earn together what they would earn separately, selling directly.


It seems clear, if and when we emerge from COVID-19 and regulatory attention turns back to tech companies, App Store policies will be front and center.

That’s why it would behoove Apple to come up with something more modern, something that lets them defray the cost of hosting the App Store and serving free apps, but also drives revenue based on security, privacy, and convenience, rather than policy, and that allows all these apps to provide better and more convenient experiences for all their mutual customers.

John Gruber (tweet):

If you already subscribe to Prime (full Prime or just Prime Video), when you rent or purchase a movie in the app, the transaction is now handled by Amazon, using your credit card on file with Amazon.


If the Amazon account you’re signed into does not have a Prime subscription, you can purchase or rent movies in the Prime Video app, and they will be processed as Apple In-App Purchases. This is true even if Amazon has a credit card on file for your account. If you are not subscribed to Prime, in-app purchases are Apple’s In-App Purchases.

I wonder how they implemented this. Do they have an IAP SKU for each video in their catalog?

That’s not even the most interesting part. If you don’t subscribe to Prime, you can subscribe to Prime Video in-app for $9/month and it’s an Apple iTunes subscription. Apple gets a cut and your subscription to Prime Video is managed like any other iTunes subscription.

Guilherme Rambo:

The Prime Video app has a special “” entitlement. This reminds me of the “requestData” property on SKPayment, which has been “Reserved for future use” for a long time. Hmmmm…

Mark Gurman:

Apple says it has had an “established” program for “premium” video apps subscriptions, now including Amazon Prime, to let them use their own payment methods instead of in-app-purchase, which gives Apple a 30% cut. This program has been in use already with Altice One and Canal+

To be clear, Apple says this an an established program. Amazon Prime is new today and most significant partner. I have never heard of this program until today and we all know I’d know about it 😀

Michael Perry:

In speaking to Canal+ friends, this program (at least from a user perspective) has not been their experience. They have not been able to buy directly from Canal in the way it’s implemented here with Amazon. It would seem this ‘existing program’ stuff is very much spin.

Nick Heer:

Apple’s statement does not seem to fully reflect exactly what is going on here. The features described as being part of an “established program for premium subscription video entertainment providers” — a phrase that, I think, needs more words — do not appear to be unique to apps that are allowed to bypass Apple’s in-app purchase mechanism. The Netflix app on tvOS, for instance, is part of universal search; CBC’s Gem app integrates with the Apple TV app but uses standard iOS in-app purchases, not its own. So those “benefits” are not unique to the listed apps: Prime Video, Altice One, and Canal+.


Why is Amazon Prime Video allowed to use a non-Apple payment method for its movie purchases and rentals, but not for subscriptions? Why is this entirely undocumented? Why did it take until today to enable this for Amazon Prime Video, and not something that has been available all along for the app?


No clarification was provided on how a developer would go about joining this program, though it seems like the “benefits” that Apple described in its statement — AirPlay support, universal search, and the like — are something a developer has to agree to integrate in order to get this special entitlement.

Last year, Apple said:

At its core, the App Store is a safe, secure platform where users can have faith in the apps they discover and the transactions they make. And developers, from first-time engineers to larger companies, can rest assured that everyone is playing by the same set of rules.

Dieter Bohn:

Must be nice to be a premium subscription video entertainment provider and be allowed to use your own payment system instead of Apple’s.

I am sure that distinction makes total sense to all developers and other app makers who offer services in other categories like music or apps

Tim Schmitz:

I can’t tell whether this is an encouraging sign of progress toward the end of Apple’s payment processing monopoly or a discouraging sign of special treatment for big developers. Indie devs need a break too, especially now.

David Heinemeier Hansson:

Apple, how about extending this privilege to the rest of us? Not just some special class of huge corporations.

Dieter Bohn:

It’s still dumb as hell that the Kindle app can’t even reference the fact that some books are available for purchase elsewhere, much less include a buy button.

Benjamin Mayo:

The intricate App Store framework of rules now means that game streaming services are disallowed completely, music streaming apps must use In-App Purchase and give Apple 30%, but favoured video streaming apps can evade all of those restrictions. Wacky.

Dieter Bohn (Hacker News):

Anyway, you can suss out the outlines of the deal that was struck. Amazon gets buy buttons inside its app for current Prime Video subscribers, Apple gets Amazon’s complete and total participation in the Apple TV features it cares about the most. Instead of just being yet another icon in the home screen grid, Amazon’s services are now deeply integrated into the user experiences Apple wants to move everybody towards.


But if the rule is you pay Apple a 30-percent cut of your app’s cost unless Apple really needs something from you to bolster its own subscription business, that’s neither fair nor consistent. I asked Apple if there was something other developers could do to qualify for a deal that’s similar to what Amazon now has. The company referred me to its original statement.

Michael Love:

If you assume that one of the main strategic purposes of the money-hemorrhaging TV+ service was to give people a reason to do all their TV viewing through Apple’s centralized UI, it stands to reason they’d also be willing to give up some commissions for that.

Nick Heer:

It does seem like an all-around win. However, the question remains why this policy is something that is seemingly only available through channels not generally available to providers of comparable services, and why it so far seems to apply to just three service providers.

Nick Heer:

The shrewdest quality of this deal is that it allows Amazon to exclude some of its in-app purchases from Apple’s usual cut while incentivizing people to more fully embrace Apple’s ecosystem.


We had a paid chat app for social media celebrities/models to earn money chatting with their fans years back. Apple argued that despite a human being doing the work it ‘took place in the app’ so that makes it a ‘digital service’. That means we had to accept IAP and of course pay them 30%. Made it impossible to to pay our influencers fairly.

One of the many silly rejections we had was due to the images on our influencers profiles being too sexy despite being linked through the Instagram API. After explaining they were the same as you can find in the Instagram app we were told we had to actively censor them anyway. Shame on us for not being as big as Instagram, right?

After a year of making less margin from our own business than Apple they concluded paid chat was no longer appropriate for the app store and decided to just put us out of business one morning. Meanwhile, tons of other apps with the same functionality and far more sexualized are alive and doing well.


Update (2020-04-08): Ben Thompson (Hacker News):

In other words, Apple TV+ was actually about Apple TV Channels: give customers a reason to use the Apple TV app, and then sell subscriptions to HBO, Showtime, Crunchyroll, etc. That is certainly the best way to understand Amazon Prime Video: there is not nearly enough content to seriously challenge Netflix, but there are shows worth watching, which makes the Amazon Fire TV boxes worth owning, and the Prime Video App worth using — and that means more subscriptions on which Amazon can take an ongoing percentage.

In this view, then, Apple is the clear winner: Amazon just made the Apple TV interface better, which means that Apple can sell that many more Apple TV Channels subscriptions — presumably at the expense of Amazon. I think Amazon was willing to make this tradeoff for a few reasons (that I first detailed yesterday)[…]


This is the most compelling lens with which to view Apple and Amazon’s recent partnerships. Both, given their desire to be a platform for over-the-top services, are on the same side when it comes to a potential Netflix-dominated future: neither want it to happen. Netflix dominating means that shows are sold directly to Netflix; channels are pointless. Apple and Amazon both, though, want channels to exist, if only so that they can sell subscriptions to them.

Update (2020-04-10): Benjamin Mayo:

The press statement is masterfully worded in the way that it diverts attention. If you skim it, it sounds like Apple is offering a financial incentive in exchange for supporting Apple’s latest system technologies like AirPlay 2 and TV app integration. I don’t read it that way at all.

If you read it carefully, the statement does not say what the requirements are to “qualify”. I think that’s because they aren’t any; Apple picks who can participate in accordance with what best suits Apple’s business. Those aforementioned features are the benefits of joining the program, not the entrance requirements. The important takeaway is that Apple decides who gets invited.


These deals are a positive outcome from the perspective of an end-user. The inconveniences of being kicked out to Safari to rent something from Amazon Prime have now been removed. However, it does nothing to make the App Store a fairer marketplace. If anything, it has the opposite effect.

No Shortcuts Files

Jordan Merrick:

One of my favorite features of Workflow was its ability to share workflows as files. It was this functionality that made it possible for me to start Workflow Directory and create my own GitHub repository of workflows. Unfortunately, Shortcuts doesn’t support this functionality and I suspect it never will again.

Although it’s possible to jump through some hoops to import workflow or shortcut files, lack of file support makes it impossible to maintain my GitHub repository. Instead, I’ve started the long overdue process of creating iCloud links to my shortcuts and publishing them here instead.

Mike Rockwell:

I understand why Apple made that decision — if there was a malicious shortcut going around, since they can only be shared with an iCloud link, Apple would have the ability to remove the shortcut from their server and prevent it from spreading further.

But this limitation makes backing up your shortcuts a major pain. If you build a shortcut to automatically backup all of your shortcuts to iCloud links and then save the links into a notes app, you have to tap through a prompt for every single shortcut you have.


App Store Rules Limit Rival Gaming Services

Mark Gurman (tweet):

Video-game fans suddenly have their pick of a huge menu of titles thanks to a raft of new mobile subscription services from Apple Inc., Microsoft Corp., Alphabet Inc.’s Google and Nvidia Corp.

But for the more than 1 billion users of Apple’s iPhone and iPad, the only real option is Arcade, the subscription service launched by the company in September.

That’s because Apple imposes strict limits on the kinds of apps users can access on its devices. For example, App Store guidelines ban services that rely on streaming from the cloud. Arcade adheres to the requirements, in part, because it’s included as a feature within the App Store itself.

Tim Sweeney:

Apple can’t go on like this. Their bans on competing apps and competing payment services on iOS is breaking the evolutionary cycle of technology and even economics[…]


Friday, April 3, 2020

iPad Pro 2020 Includes Microphone Hardware Disconnect

Tim Hardwick:

Apple has added an anti-eavesdropping feature to the 2020 iPad Pro that ensures the microphone hardware is disabled when a case is attached to the iPad and closed.

John Gruber:

This is what it looks like when a company is focused on security as an utmost priority.


Swift Bridging of allHeaderFields

Cédric Luthi:

I don’t do a lot of swift. But every time I do, I stumble on obscure quirks. Last case in point: HTTPURLResponse allHeaderFields is now case-sensitive.

This seems to be because the property is implemented using an NSDictionary subclass. Apple notes:

In Objective-C, the returned dictionary of headers is case-preserving during the set operation (unless the key already exists with a different case), and case-insensitive when looking up keys.

But Swift bridging converts it to a regular Swift Dictionary, which is case-sensitive (though looser about Unicode).

In general, you can avoid the bridging by casting:

allHeaderFields as NSDictionary

In this particular case, there is an extra API in Catalina and iOS 13 to look up header fields in a case-insensitive way:

func value(forHTTPHeaderField field: String) -> String?

This is an interesting case study of the current Cocoa documentation because:

I would rather have a single version of the documentation that includes all the information, with the only difference being the syntax used. Otherwise, I have to switch back and forth to make sure I’m not missing anything.


Thursday, April 2, 2020

The Case for Postponing macOS 10.16

John Martellaro:

We’re all struggling to stay safe and secure in macOS 10.15 Catalina or even 10.14 Mojave. And since new apps are being pressed into service for working at home, the last thing we need is a new version of macOS with its traditional teething pains—especially in post WWDC betas. We don’t need any rugs pulled out from under our collaboration apps. Let’s focus on stability and security until the pandemic has completely dissipated.


Our developer heroes have been complaining for years that they just can’t keep up with the fast-evolving structural and security changes in macOS every 12 months. A six month delay in 10.16 would provide critical time to iron out the kinks in their apps due to changes in Catalina. Not to mention relaxing stress on the developers due to concern for their family’s health.

The other big reason: allowing more time to polish Catalina.


Update (2020-04-15): Colin Cornaby:

I’d prefer to see macOS (and iOS) move off the yearly schedule. But we’re also now dependent on these major upgrades for significant SwiftUI advancements.

It’s less maintainable but I kind of wish SwiftUI started as a standalone library, like the Swift Standard Library.

Kyle Howells:

If every release is buggy for 6 months then with a multi year release cycle they are mostly stable. With a yearly release cycle everything is a perpetual mess.

Norbert M. Doerner:

I will skip 10.15.x completely. Far too many bugs and problems. Unbelievable.

Opening Large CSV Files in Numbers 10.0


Numbers 10.0 is optimized for the best possible performance when working with large data sets.

Numbers 10.0 features improved performance for data import, export, and charting. In Numbers 10.0 on iPhone, iPad, iPod touch, and Mac, you can create, edit, and view spreadsheets with tables that contain up to 1,000,000 rows and 1,000 columns. In Numbers for iCloud, you can create and edit spreadsheets with tables that contain up to 65,535 rows or 256 columns, and open and view spreadsheets and tables larger than that.

Previously, the Mac and iOS versions only supported 255 columns. Alas, 1,000 columns still isn’t enough for some people.

To check out Apple’s performance claims, I tried opening a 34 MB CSV file. Numbers 10.0 took 47 seconds and used 2.18 GB of private memory. Microsoft Excel 16.36 took 5 seconds and used 220 MB of private memory.

So Numbers took 9.4 times as long as Excel, which isn’t great. But it’s an improvement over my test of Numbers ’13 and Excel 2011, where Numbers took 102 times as long as Excel.

See also: MacRumors.


altool 4.01

Rosyna Keller:

This is a tweetstorm discussing the new features of altool 4.01 (included with Xcode 11.4), changes to the notarization documentation, and a change to notary service requirements, with the far majority coming directly from user requests


All versions of altool now default to --transport HTTPS, which is much faster and doesn’t require UDP to be unblocked at the firewall.


There’s now an explicit note on what happens to plugins if they’re quarantined but not notarized on a user’s computer box.

Specifically, they’ll have to allow the quarantined plugin in the Security & Privacy preference pane.


The bottom of the Customizing the Notarization Workflow document (see above) now very explicitly gives information on how long notarization can take after an upload is completed and steps you can take to reduce notarization time.


The biggest change is that proper entitlement format is now enforced in the notary service and on macOS 10.15.4 and later.

They must be properly formed ASCII-encoded, BOM-less XML files. Xcode enforces that for you, but the codesign tool doesn’t.

Edovia thinks that macOS 10.15.4 also changed the way certificates are validated:

The problem is that one of our signing certificate expired today. Normally, this would only prevent us to submit an update until we generate a new certificate but it seems like Apple changed the rules with macOS 10.15 where an app that contains an expired certificate may refuse to launch.

However, I am able to launch other apps that were signed with certificates that have expired. It only matters that they were valid at the time of signing.

Keller thinks the crash at launch may be due to the stricter validation of the entitlements plist, and it looks like the same issue affected KeePassXC.

This was an unfriendly change, suddenly crashing apps that had previously been accepted by Apple’s own tools, with no warning period. Customers can’t just auto-update to a version that fixes the problem because the system crashes the app before it can check for updates.


Swift on Mac OS 9

Jordan Rose (tweet, Hacker News):

It’s April 1, and that means it’s both April Fools’ Day and the anniversary of the founding of Apple Inc. While this year is a sober one due to current events, I think a lot of people still appreciate what people are creating and sharing to keep spirits up, whether that be music or art or…impractical programming projects. And while pranks on April Fools’ seem less and less fun, obvious jokes and whimsy, not at anyone’s expense, are still something I believe in…and even better if they actually work.

Last year I implemented the world’s best code visualizer. This year I decided to seriously attempt something that I’d thought about in the past: getting a Swift program to run on Mac OS 9.


Fortunately for me, I’m not the only one interested in building Classic apps on modern macOS. At some point I found about the mpw project: an emulator specifically for running Apple’s Macintosh Programmer’s Workshop tools.


Was it possible that AIX and Classic Mac OS used the same calling conventions for their procedures, and they could just interoperate without any extra work?