Archive for May 5, 2020

Tuesday, May 5, 2020 [Tweets] [Favorites]

WWDC 2020 Announced

Apple: (MacRumors, Hacker News)

Apple today announced it will host its annual Worldwide Developers Conference virtually, beginning June 22, in the Apple Developer app and on the Apple Developer website for free for all developers.

[…]

Developers are encouraged to download the Apple Developer app where additional WWDC20 program information — including keynote and Platforms State of the Union details, session and lab schedules, and more — will be shared in June.

I wonder how they’re going to do labs. The demand will be huge if anyone can go and they’re free.

Craig Hockenberry:

It feels like there’s a lot to read between the lines regarding Apple’s commitment to Mac Catalyst when the app we’ll all be using for WWDC doesn’t run on the platform where we all use Xcode.

Steve Troughton-Smith:

It was surprising that the Apple Developer app wasn’t on macOS for last WWDC, it’s unbelievable that it won’t be by WWDC 2020. Updates for the app don’t go out until nearer WWDC so there’s still time

Previously:

13-inch MacBook Pro 2020

Apple (Phil Schiller, Hacker News):

Cupertino, CaliforniaApple today updated the 13-inch MacBook Pro with the new Magic Keyboard for the best typing experience ever on a Mac notebook and doubled the storage across all standard configurations, delivering even more value to the most popular MacBook Pro. The new lineup also offers 10th-generation processors for up to 80 percent faster graphics performance and makes 16GB of faster 3733MHz memory standard on select configurations. With powerful quad-core processors, the brilliant 13-inch Retina display, Touch Bar and Touch ID, immersive stereo speakers, all-day battery life, and the power of macOS, all in an incredibly portable design, the new 13-inch MacBook Pro is available to order today, starting at $1,299, and $1,199 for education.

So much for “continuing both keyboard designs.”

For me, this model is neither here nor there. The 13-inch MacBook Air has a better trackpad (smaller and therefore more reliable) and keyboard (no Touch Bar). The 16-inch MacBook Pro has a much better display. Why suffer through the “Pro” input methods on the small display?

Dieter Bohn:

After five years, Apple’s era of bad butterfly MacBook keyboards is finally over (except for everybody who still has one.)

Juli Clover:

10th-generation Intel Core processor options are now available, but only on higher-end configurations starting at $1,799. Lower-end configurations still use Intel’s older 8th-generation processors like the previous 13-inch MacBook Pro.

The high-end configuration can be customized with a 2.3GHz quad-core 10th-generation Core i7 chip with Turbo Boost up to 4.1GHz.

Michael Potuck:

Not sure which MacBook to pick up? Read on for a detailed MacBook Pro vs MacBook Air comparison to make the right decision.

Previously:

Update (2020-11-27): Jason Snell:

Beyond the new keyboard, these are very modest revisions to the existing 13-inch MacBook Pro designs. The 13-inch model has not gotten the revamp that the 15-inch model did when it transformed into a 16-inch laptop last fall.

John Gruber:

The low-end models are something else altogether. They’re not bad MacBooks by any sense — but I genuinely wonder who they’re for. Most people who want a 13-inch MacBook should definitely get the new Air; those who want or need more performance should get the high-end MacBook Pro. I’m not sure who the people in the middle are, other than those who feel they should buy a MacBook with “Pro” in the name because that sounds better.

Psychic Paper

Siguza (via Steve Troughton-Smith, Hacker News):

Yesterday Apple released iOS 13.5 beta 3 (seemingly renaming iOS 13.4.5 to 13.5 there), and that killed one of my bugs. It wasn’t just any bug though, it was the first 0day I had ever found. And it was probably also the best one. Not necessarily for how much it gives you, but certainly for how much I’ve used it for, and also for how ridiculously simple it is. So simple, in fact, that the PoC I tweeted out looks like an absolute joke. But it’s 100% real.

[…]

A very interesting thing about this bug is that I couldn’t point you at any particular piece of code and say “there’s my bug”. The reason for that is that, of course, iOS doesn’t have just one, or two, or even three plist parsers, it has at least four!

[…]

Because it’s very hard to parse XML correctly, valid XML makes all parsers return the same data, but slightly invalid XML makes them return just slightly not the same data. :D In other words, any parser difference can be exploited to make different parsers see different things. This is the very heart of this bug, making it not just a logic flaw, but a system-spanning design flaw.

[…]

This means that while IOKit considers <!---> as just the start of a comment, CF considers it as both start and end. After that, we feed both parsers the <!--> token, which is now too short to be interpreted as a full comment by either of them. However, the difference in states (in a comment vs. not in a comment) causes a very interesting behaviour: if we’re currently inside a comment, both parsers see the --> ending a comment, otherwise they both just see the <!-- starting one.

John Gruber (tweet):

So Siguza’s exploit — which granted an app full access to the entire file system, and more — uses malformed XML comments constructed in a way that one of iOS’s XML parsers sees its declaration of entitlements one way, and another XML parser sees it another way. The XML parser used to check whether an application should be allowed to launch doesn’t see the fishy entitlements because it thinks they’re inside a comment. The XML parser used to determine whether an already running application has permission to do things that require entitlements sees the fishy entitlements and grants permission.

Rob Hiller:

Implementing 4 different parsers is just asking for trouble, and the ‘fix’ is of the crappiest sort, bolting on more crap to check they’re doing the right thing in this single case. None of this is encouraging.

This reminds me of the time last year when I spent several months going back and forth with App Review and DTS because my app wouldn’t launch in the App Review environment, even though it worked fine for me. It turns out that, after uploading your submission, they post-process the entitlements plist, and that particular XML parser discards everything after the first comment. My app wouldn’t launch because the entitlements needed for the hardened runtime got stripped. This was apparently an old bug that got fixed and then came back.

iPhone SE Haptic Touch and Notifications

Juli Clover:

Customers who have purchased the new 2020 iPhone SE have found a surprising missing feature - Haptic Touch does not work with notifications.

On the 2020 iPhone SE, long pressing on a notification in the Notification Center or on the Lock screen does not appear to bring up rich notification options to allow iPhone SE users to interact with incoming content.

Benjamin Mayo:

Apple should let the SE do long press notification previews, no reason for it not to. FWIW the XR didn’t support it at launch either; it was added in a point update.

John Gruber:

A lot of complaints about this, and rightly so, from folks upgrading to the new SE from older iPhones that supported 3D Touch.

[…]

I’m not even entirely sure that that’s the full explanation for why this is, and it’s my job to stay on top of stuff like this. All I know is that there is only one iPhone in Apple’s current lineup that doesn’t support long-pressing notifications and that phone is the SE, the very newest model, and that doesn’t make sense.

Nick Heer:

This is such a bizarre and seemingly arbitrary limitation. There is no reference to it in the iPhone user guide, and it is the only iPhone model with either 3D Touch or Haptic Touch where this specific interaction and no other is not present.

Meek Geek:

Also: No reason why swipe-from-bottom multitasking gestures available on iPads with Touch ID are held back from iPhones, except for upsell & profit.

Previously: