Archive for June 2020

Tuesday, June 30, 2020

2020 Apple Design Awards

Josh Centers:

Taking the recent years’ trend toward ignoring Mac apps to its logical extreme (see our Apple Design Award series), there wasn’t a single winner for the Mac.

John Gruber:

Such a great year for the Mac at WWDC, but not one ADA winner. But yet the ADAs are currently the top feature story in the Mac App Store app.

Jeff Johnson:

Except all the download buttons are disabled, because none of the apps are available on the Mac.


Update (2020-07-09): Craig Grannell:

I’m surprised people are surprised by this. The same thing happened at WWDC 2019 and 2018. (I don’t remember the awards further back than that.)

One might have expected this year to be different given Apple’s strong rhetoric about how much it cares about the Mac.

Why AnyList Won’t Be Supporting Sign in With Apple

Jeff Hunter (Hacker News):

We agree with Apple that privacy is a fundamental human right, and understand that the “Hide My Email” option in Sign in with Apple is well-intentioned, but it feels like Apple didn’t really think through all of the implications for basic user experience, customer support, and collaboration.


Finally, from a policy perspective, Apple explicitly states in their usage guidelines, “Apple reserves the right to disable Sign in with Apple on a website or app for any reason at any time.” If customers cannot log into their accounts, then they can’t use our service. Giving a third-party such powerful control over a core part of our service when it’s not absolutely required is unnecessarily risky, in our view.

Because of the App Store Guidelines and other problems with Facebook, they will no longer be supporting Facebook login, either.

Jeff Hunter:

Creating an account will still be fast and easy, though, because we’ve implemented support for iCloud Keychain and strong password AutoFill, which is a nice enhancement made by Apple in iOS 12 (and improved in iOS 13).


Update (2020-07-03): Matt Birchler:

The App Store has done tons of good for the world of software, and more people buy software today than ever before, and the App Store gets tons of credit for making that possible, but I think that ignoring the costs to merchant/customer relationships is unwise.

We’re now moving closer to the big big retailer model we had 20 years ago. The rules are less restrictive, but merchants must still work out deals with Apple and make software the way Apple dictates it should be made.


Putting Apple between the merchant and the consumer has benefits, but it’s disingenuous to ignore its costs. And while things today are far better for merchants and developers than they were in the big box retail days, I think the “at least it’s better than 20 years ago” argument is pretty weak.

Dan Moren:

I think, for the most part, AnyList’s concerns are well-founded for their particular offering.

APFS and Time Machine in Big Sur

Howard Oakley:

APFS in macOS 11 changes volume roles substantially. The System volume within a boot Volume Group is now sealed using a tree of cryptographic hashes, as I have detailed here.


As 9to5Mac has already reported, Big Sur is the first version of macOS which can make Time Machine backups to APFS volumes without using a virtual HFS+ file system on a sparse bundle. However, to do so requires the destination APFS volume to be assigned the role of Backup, and allocation of storage space as a Physical Store.


APFS doesn’t support directory hard links, so can’t use the same mechanism when storing Time Machine backups. Instead, what appears to function as a form of virtual file system is created using new features in APFS. The volume assigned the role of Backup appears to be a regular APFS volume, and is protected from normal access, even by root. File data is kept as usual in the container’s Physical Store, to which file data is copied during each backup. […] This is synthesised into what is presented by the Finder as the customary hierarchy of files and folders, just as with HFS+ backups. However, matching unchanged folders have different volume numbers, as if they were stored on separate mounted volumes.

The updated APFS reference is here. I plan to keep my Time Machine backups using HFS+ because of APFS’s slow performance with spinning disks. Also, it’s not clear to me whether this synthesized display will cause problems accessing the backed up files using other apps or cloning the backup drive.


Update (2020-09-30): See also: Hacker News.

Monday, June 29, 2020

as, as?, and as! in Swift

Ole Begemann:

as? and as! perform downcasting at runtime.


as? and as! are the same operation, the only difference being that as! force-unwraps its result.


In contrast, as coerces a value to a type at compile time.


A syntactic nuance: when using as in pattern matching contexts, the check is performed at runtime (it has to be).


Git Tower 5

Julian Rothkamp:

Tower now lets you show or hide whitespace changes with a single click.


Tower not only displays diffs of new/untracked files, it even allows you to stage/unstage/discard parts of their changes - even though they are still untracked!


In our endless quest of making you more productive, the highlighting of inline changes will make it super convenient for you to spot changes at first glance.

Good stuff!


Developer Transition Kit Benchmarks

Mike Wuerthele (also: MacRumors):

This Mac mini is outfitted with Apple’s A12Z processor which was originally designed for the 2018 iPad Pro and then reused with the 2020 iPad Pro.


To get more specific on performance, let’s take a look at Geekbench 5 results. Right now, with Rosetta 2 translation of the benchmark suite, the developer kit with the A12Z Bionic pulls down a score of about 845 for the single-core benchmark and around 2960 for the multi-core tests.

To compare, in the Core i3 Mac mini, we saw Geekbench results of 949 for single-core tests and 3,197 for multi-core test. Benchmarks for the same A12Z Bionic in the iPad Pro put it at 1,118 points for single-core tests, and 4,625 for multi-core.

The DTK is probably a lower bound for the performance we’re likely to see with actual Apple Silicon Macs, so it’s encouraging that running x86 apps in Rosetta is faster than a 2012 iMac or Surface Pro X running native code.

Apple has, in recent years, allowed screenshots and discussions of prerelease OS versions, but the Universal App Quick Start agreement specifically says not to:

(d) display, demonstrate, video, photograph, make any drawings or renderings of, or take any images or measurements of or run any benchmark tests on the Developer Transition Kit (or allow anyone else to do any of the foregoing), unless separately authorized in writing by Apple;

(e) discuss, publicly write about, or post any reactions to or about the Developer Transition Kit (or Your use of the Developer Transition Kit), whether online, in print, in person, or on social media, unless separately authorized in writing by Apple;

My DTK is now in transit, so I’m planning not to write further on this topic.


The New York Times Pulls Out of Apple News

Kellen Browning and Jack Nicas (via MacRumors, 9to5Mac):

The Times is one of the first media organizations to pull out of Apple News. The Times, which has made adding new subscribers a key business goal, said Apple had given it little in the way of direct relationships with readers and little control over the business. It said it hoped to instead drive readers directly to its own website and mobile app so that it could “fund quality journalism.”

“Core to a healthy model between The Times and the platforms is a direct path for sending those readers back into our environments, where we control the presentation of our report, the relationships with our readers and the nature of our business rules,” Meredith Kopit Levien, chief operating officer, wrote in a memo to employees. “Our relationship with Apple News does not fit within these parameters.”

An Apple spokesman said that The Times “only offered Apple News a few stories a day,” […]

They never joined Apple News+, and their subscription business seems to be doing well.


Update (2020-07-03): Dave Winer:

Colin Nederkoorn reminds us that the NY Times, even though they’ve opted out of Apple News still has a full complement of RSS feeds. The feeds are perfect. A headline, a synopsis and a link to the paywall’d article.

How to Remove YouTube Tracking

Dries Buytaert (via John Gruber):

I learned that when I embed a YouTube video in my blog posts, Google sends an HTTP cookie to track my site’s visitors.


After some research, I discovered that YouTube offers a privacy-enhanced way of embedding videos. Instead of linking to, link to, and no data-collecting HTTP cookie will be sent. This is Google’s way of providing GDPR-compliant YouTube videos.

It makes his site faster, too. I always liked how the iCab browser would report whether a site was using valid HTML, but I’m not sure how influential it was because of the relatively low marketshare. Safari’s new Privacy Report will hopefully have a big impact.


Friday, June 26, 2020

MKBHD Interviews Craig Federighi

Marques Brownlee (tweet, MacRumors):

Some insight with Craig Federighi about the iOS 14 and the more controversial 2020 announcements!

He starts off with a question about why iOS 14 doesn’t let you set the default maps app. I like the way he intersperses additional commentary and reactions with clips from the interview itself.


Closing Microsoft Retail Stores

Microsoft (via MacRumors, Hacker News):

The company’s retail team members will continue to serve customers from Microsoft corporate facilities and remotely providing sales, training, and support. Microsoft will continue to invest in its digital storefronts on, and stores in Xbox and Windows, reaching more than 1.2 billion people every month in 190 markets. The company will also reimagine spaces that serve all customers, including operating Microsoft Experience Centers in London, NYC, Sydney, and Redmond campus locations. The closing of Microsoft Store physical locations will result in a pre-tax charge of approximately $450M, or $0.05 per share, to be recorded in the current quarter ending June 30, 2020.

I will miss the stores as an easy way to try out Microsoft’s new hardware products. Perhaps Apple can lease some of those spaces, to help deal with overcrowding and increase Genius Bar capacity. Many of the locations are within eyesight of the Apple store in the same mall.


Reverse Engineering macOS 11.0


New in macOS Big Sur 11 beta, the system ships with a built-in dynamic linker cache of all system-provided libraries. As part of this change, copies of dynamic libraries are no longer present on the filesystem. Code that attempts to check for dynamic library presence by looking for a file at a path or enumerating a directory will fail. Instead, check for library presence by attempting to dlopen() the path, which will correctly check for the library in the cache.

Pierre Habouzit:

The only impact is if you are doing runtime detection/search of library by path yourself. Which is a terrible idea for perf anyway.

iOS has been like that for a decade already.

The goal was optimization, but unfortunately it does make reverse engineering more difficult.

Joe Groff:

The shared cache isn’t encrypted or anything, and dyld is in the Darwin source dumps. The shared cache format may not be stable, but isn’t secret either

The data is there, but there currently aren’t tools that can get it into a useful format like we had before.

Steve Troughton-Smith:

Incidentally, the new stripped framework cache on macOS 11 is horrendous for disassembly. If you’re trying to track down why there’s a bug in your app, or how a system implementation works, you are screwed. This is going to hurt developers more than the ARM transition

Jeff Johnson (tweet, also: zhuowei):

If the libraries are no longer present on the filesystem, that makes it awfully hard to disassemble them! Fortunately, there are ways to extract the system libraries from the cache. One way is provided by Apple itself: the dyld_shared_cache_util command-line tool. Unfortunately, this tool does not come installed with macOS Big Sur. However, the tool is open source, so we can build it ourselves.

Jeff Johnson (tweet):

Let’s take a look at an example from my favorite framework, AppKit.


It seems that prior to Big Sur, Objective-C references in a Mach-O file are offsets from the beginning on the file, whereas on Big Sur, Objective-C references in a Mach-O file are offsets from the beginning of the dyld shared cache. Roughly speaking.

You can also point Hopper at the shared cache in the folder /System/Library/dyld/, and it will let you choose which library to load. But, as with dyld_shared_cache_util, what you end up with is difficult to work with because the tools don’t know how to find the Objective-C selector information.

Big Sur also adds another optimization that gets in the way of reverse engineering. Leo Natan:

A lot of Apple’s private APIs are now peppered with direct and can no longer be swizzled.

This makes it harder to debug and work around bugs. Unlike with the shared cache, this can’t be worked around with better tools. The information (and indirection) have been removed from the library entirely.


Update (2020-07-06): Anton Sotkov:

Modifications to Apple’s dyld project to fix Objective-C information when extracting dyld_shared_cache from macOS Big Sur to help Hopper generate readable pseudocode.

Update (2020-07-27): Jeff Johnson:

Static disassembly tools such as otool and llvm-objdump have not been updated to handle the dyld shared cache on Big Sur. However, one tool that does handle it is lldb, the debugger.


I hope that my little hack helps you to disassemble system libraries on Big Sur. It’s a bid tedious, but it mostly works, and you only have to do it once for each library you’re interested in.

See also: Hopper for Apple Silicon and Big Sur

Update (2020-11-25): nevyn Bengtsson:

Remember when I complained months ago how bad it would be for everyone if Big Sur really did ship without system library binaries? Less open, harder to develop, etc etc. Well, now even the latest version of CMake doesn’t understand how to make Big Sur apps, it seems.

Here’s the solution. Replace -framework AVFoundation with FIND_LIBRARIES. Now it finds the .tbd and links with that INSTEAD.

But I find it absurd to break decades-old foundations in every build tool that isn’t Xcode >12.2.

Update (2021-09-08): Steve Troughton-Smith:

Apple’s changes to how its system frameworks are packaged in macOS 11+, rendering them stripped & extremely difficult to reverse-engineer, is proving disastrous for finding & fixing framework-level bugs 😪

Update (2024-02-01): Wade Tregaskis:

The good news for Hopper is that it has since been updated to work around this – you can access the Apple framework binaries through File > Read File from DYLD Cache… There’s also tools like dyld-shared-cache-extractor which can resurrect the binaries from the cache.

Note also that in Sonoma, at least, the cache lives at /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/ (in previous macOS releases it was apparently in /System/Library/dyld/).

Console, the Vital Tool That Apple Abandoned

Howard Oakley:

What makes me most angry at what has happened to the log and Console is that Apple’s concepts and engineering are outstanding: the log has a remarkably low latency, retains a great deal of invaluable data in structured and compact format, and should be an essential resource to anyone who takes their Mac seriously. Instead of building on those unique strengths, Apple has provided token support which must leave even its own engineers wishing for better, as they wade through the logarchives supplied in sysdiagnose dumps.

macOS 11 continues to improve the logging APIs, but from what I can tell it’s still difficult to actually use the log from Console.


Thursday, June 25, 2020

The Talk Show Remote From WWDC 2020

The Talk Show:

John Gruber is joined by Craig Federighi and Greg Joswiak to discuss the news from WWDC 2020: the Mac’s transition to Apple silicon, MacOS 11 Big Sur, iOS and iPadOS 14, and more.

John Vorhees:

In response to commentators who believe that Apple is merging iOS and macOS or abandoning the Mac, Federighi rattled off a long list of projects related to the Mac, commenting, “We love the Mac and we’re all in.” Joswiak added, “We’re far from bored with the Mac; it’s in our DNA.”

Federighi also addressed the relationship of Catalyst, SwiftUI, AppKit, and UIKit for developers, explaining that there is no single correct path. He said that the best path depends on where developers start. For example, some developers have invested heavily in AppKit and will probably want to stick with it, while UIKit developers may want to bring their apps to the Mac using Catalyst, whereas a new developer may want to start fresh with SwiftUI.


Update (2020-07-09): John Gruber (tweet):

It doesn’t look or sound like a Zoom or FaceTime call that was simply recorded and played back.

A lot of folks noticed that, and have asked how we made it. I have good news and bad news. The good news is the answer is very simple and doesn’t require any expensive equipment. The bad news is it’s a lot of work.

Update (2020-07-27): Jesper:

Apple is judged by their actions, by their behavior and by their history, and in the absence of roadmaps and rationalizations, and in the recurring presence of re-contextualizations as new changes happen, the guessing game is the result. Every change turns into a proposed Chekov’s gun.


If you meet a person and they act a certain way, over time you learn to recognize that pattern in them. If you develop for Apple platforms and every year is a series of new inconveniences to manage just as much as it is new technology to consider adopting, you learn to assume a negative progression in convenience, utility and freedom, just as much as you have hopes for the advances in frameworks and hardware.

The “tools” Craig’s talking about have all seen the beginning of, effectively, the closing of the Mac as a platform. We know that Apple doesn’t like to dwell on the bets they make, and we know that Apple doesn’t usually back out of things. We’re waiting anxiously for the moment where the hammer drops. […] This bed is of Apple's own making.

HEY Approved With Trial

Marco Arment:

I bet they come to a compromise where neither side has to lose face and “back down”, such as Hey adding some free functionality such that the app can do something without a purchase but also without adding IAP. (Apple’s letter effectively invited them to do this.)

Jason Fried (also: David Heinemeier Hansson, Hacker News):

Phil Schiller, Apple’s Senior Vice President of Worldwide Marketing, told us the kind of changes he’d love to see us make. His primary objection was “You download the app and it doesn’t work, that’s not what we want on the store.”


This new version introduces a new free option for the iOS app. Now users can sign up directly in-app for a free, temporary, randomized email address that works for 14 days. Think of it like a temporary SIM card you buy when traveling. Or for when you don’t want to give out your real email address, like a short term “for sale” listing, like Craigslist does it.

Rory Prior:

This is not really a great look for either Apple or Hey. If the solution was just ‘add a demo’ (in all but name) then it’s more contorting of the rules to save face. Very much doubt this will become a blanket exception for other developers.

It’s especially weird because the guidelines have always forbidden demos. So why would adding a demo give the app an out for the obligation to use IAP? If you accept Apple’s reading of the guidelines for reader apps and business vs. consumer, the proposed changes address none of the violations. Absent the controversy, it seems unlikely that this would lead to approval. But what Basecamp has done is clever, because (I guess) you can keep signing up for temporary addresses. Instead of being a time-limited demo for a regular e-mail provider, the spin is that it’s a fully-featured client for a temporary e-mail service.

David Heinemeier Hansson:

Apple has definitively approved HEY in the App Store!! No IAP, no 30% cut, but we’ve opened the door to a free temp address service, and use same app for work accounts.

Good for them, but it’s now even less clear what the guidelines mean. I expect that other apps that try to just “add a demo” or unrelated functionality will be rejected, although perhaps FastMail could create a similar randomized e-mail service.


Skylake QA Drove Apple Away

Dave James (via Slashdot, MacRumors):

The “bad quality assurance of Skylake” was responsible for Apple finally making the decision to ditch Intel and focus on its own ARM-based processors for high-performance machines. That’s the claim made by outspoken former Intel principal engineer, François Piednoël.


“The quality assurance of Skylake was more than a problem,” says Piednoël during a casual Xplane chat and stream session. “It was abnormally bad. We were getting way too much citing for little things inside Skylake. Basically our buddies at Apple became the number one filer of problems in the architecture. And that went really, really bad.

“When your customer starts finding almost as much bugs as you found yourself, you’re not leading into the right place.”


Wednesday, June 24, 2020

Perl 7

Brian D Foy (via Hacker News):

Perl 7.0 is going to be v5.32 but with different, saner, more modern defaults. You won’t have to enable most of the things you are already doing because they are enabled for you. The major version jump sets the boundary between how we have been doing things and what we can do in the future.

Remember, Perl was the “Do what I mean” language where the defaults were probably what you wanted to do. In Perl 4 and the early days of Perl 5, that was easy. But, it’s been a couple of decades and the world is more complicated now. We kept adding pragmas, but with Perl’s commitment to backward compatibility, we can’t change the default settings.


Perl 7 is a chance to make some of these the default even without specifying the version. Perl 5 still has Perl 5’s extreme backward compatibility behavior, but Perl 7 gets modern practice with minimal historical baggage.


App Clips for iOS

Apple (also: Hacker News):

App clips are a great way for users to quickly access and experience what your app has to offer. An app clip is a small part of your app that’s discoverable at the moment it’s needed. App clips are fast and lightweight so a user can open them quickly. Whether they’re ordering take-out from a restaurant, renting a scooter, or setting up a new connected appliance for the first time, users will be able to start and finish an experience from your app in seconds. And when they’re done, you can offer the opportunity to download your full app.


App clips can adopt a new type of notification that can be presented within eight hours of a user launching your app clip.

Erica Sadun:

All App Clips are accessed via URLs and limited to 10MB or less in size. Their job is to move a user through a quick transaction and then either return control to the user or solicit the user to download the full application. So if you’re selling cupcakes, you can “upsell” the experience from a single purchase to a loyalty program app.


When I first saw this feature, I wasn’t all that excited. Now that I’ve dived in a little more I’m much more impressed by the thought care and clever delivery mechanism Apple. has put together.

Update (2020-07-27): Curtis Herbert:

Interesting to think about the parallels between AMP and App Clips (at least for URL triggering). Both are an attempt to keep people in the platform’s ecosystem, and focus on small footprints / focused tasks, without sending them to some JS-loaded BS web page.

If we get enough App Clips registered for URLs, Apple has it’s own mini App-web.

Struck Rejected From the App Store

David Farrier (via Hacker News):

“Nine rejections, on the basis of their guideline “4.3 Design - Spam.”

Offensively, this guideline groups astrology (“fortune telling” in their words) alongside “burp and fart apps” under the umbrella of “spam.”

And when we finally stripped out each astrology feature piece by piece as requested by the Apple employees we spoke to on the phone, we were met by backpedaling and new excuses that didn’t make sense.

Most recently, we were told dating apps aren’t being allowed despite the fact that (1) two Apple employees told us verbally that dating apps were acceptable and (2) we know of multiple dating apps that have been accepted over this timeframe, demonstrating an apparent bias against us specifically.”

Update (2020-09-08): David Farrier (in June, tweet):

We received a call from the App Review team this morning saying they were confused at how we did it, but that the decision (which had been standing for over a month and through 9 rounds of rejections) has been REVERSED!!

Good news, but it’s frustrating to never get a real explanation for these cases. Who knows whether a similar app submitted today would be accepted or rejected?

New App Store Review Processes

Apple (also: MacRumors):

Additionally, two changes are coming to the app review process and will be implemented this summer. First, developers will not only be able to appeal decisions about whether an app violates a given guideline of the App Store Review Guidelines, but will also have a mechanism to challenge the guideline itself. Second, for apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal issues. Developers will instead be able to address the issue in their next submission.

David Heinemeier Hansson:

This is pretty significant. Apple will no longer ransom your bug fixes, and there’s a new process coming for challenging the guidelines themselves. This is of course still Apple policing Apple, but it’s an opening none the less for all developers ✌️

Peter N Lewis:

I somehow doubt I can challenge the requirement to be sandboxed which excludes Keyboard Maestro from the Mac App Store.

Josh Avant:

But…. how will Apple reliably enforce that an update is only ‘bug fixes’? What are ‘bug fixes’?

Challenging a guideline itself is interesting but how much does it really matter when Apple is the judge, jury, and executioner?

John Gruber:

Both of these changes sound great[…] but let’s see how it works in practice. If this is more than just lip service, wow, that’s huge.


Update (2020-08-03): Allen Pike:

While it’s great that Apple is open to these rules being challenged, it seems that the things most worth reconsidering about App Review aren’t even part of the public guidelines. Will Hey be able to challenge the secret rule that says they need to follow the IAP guideline, but that Slack doesn’t? What about the policy that iOS apps can’t be distributed directly to customers? Or Apple’s habit of quietly changing the undocumented approval policies, without notifying people that apps that used to be approved will now be rejected?

Max Seelemann:

Aaaaand App Review is running another shit show with shady arguments keeping our bugfix release in limbo for no sane reason.

This refuted wording has been approved dozens of times, and it has been at the exact same hour on the other platform.

You can’t make that up…

Max Seelemann:

I can confirm the new handling of non-legal rejections works. Our previously rejected update has now been approved and we got two weeks to address the issue.

Zach Bruhnke:

Legit feel like I am living @dhh’s life right now! @Apple just rejected an update of our app because it had a signup link leading to our site. Removed,rejected! It’s a free bank account but the app is only for customers, it has a bugfix for updating PINS for our customers ... wtf

Ryan Jones:

Wouldn’t be a launch day with an App Store rejection for something that's been there for 2 years and is actually following the rules. 🤣


The latest Prompt update was rejected because our icon, despite being the same for 9 years, was “identical to the icons of other apps” (?) and “spam”.

Kosta Eleftheriou:

So Apple, please help us see App Review as a reliable ally. Let us access our past communications with you - including phone call records if we choose to. Show us that you want to be accountable for what you communicate to developers. There may be some legal challenges, but transparency is a prerequisite to accountability. It’s only then that we can begin to have a fair and honest discussion with you about the actual process and guidelines. Because until then, we’re in the shadows.

Update (2020-08-24): Tim Windsor Brown:

The rep also mentioned that the bug fix mitigation will only come into effect after iOS 14 arrives.

Why tie such a sensible policy change to an OS update?


Update (2020-08-25): Andrey Butov:

Apple absolutely does hold bug-fix updates hostage. I’m sitting on a client app right now where they refused to let through a bug-fix update, on an already-approved app, until we put in IAP.

Update (2020-08-27): Peter Steinberger:

“We even appealed the guideline under the new app review process announced at WWDC,” says a Facebook spokesperson. “We did not receive a response.”

Tuesday, June 23, 2020

Apple Silicon

Apple (also: TidBITS, MacRumors, Hacker News):

Apple today announced it will transition the Mac to its world-class custom silicon to deliver industry-leading performance and powerful new technologies. Developers can now get started updating their apps to take advantage of the advanced capabilities of Apple silicon in the Mac. This transition will also establish a common architecture across all Apple products, making it far easier for developers to write and optimize their apps for the entire ecosystem.


To help developers get started with Apple silicon, Apple is also launching the Universal App Quick Start Program, which provides access to documentation, forums support, beta versions of macOS Big Sur and Xcode 12, and the limited use of a Developer Transition Kit (DTK), a Mac development system based on Apple’s A12Z Bionic System on a Chip (SoC).

Apple plans to ship the first Mac with Apple silicon by the end of the year and complete the transition in about two years. Apple will continue to support and release new versions of macOS for Intel-based Macs for years to come, and has exciting new Intel-based Macs in development.

I think this is going to be great in the long run (except for those who use abandoned apps or need Intel virtualization), but I’m not looking forward to the transition period or to converting all my apps on such a short schedule.

Eric Slivka:

The program requires a brief application, with limited availability and priority for developers with an existing macOS application. The program costs $500 and includes access to beta software, developer labs, private discussion forum, technical support, and other resources.

I applied yesterday. It took a while, as the site was hammered.

Apple (via Hacker News):

Rosetta can translate most Intel-based apps, including apps that contain just-in-time (JIT) compilers. However, Rosetta doesn’t translate the following executables[…]


Making a big deal of virtualization still being there is necessary, but the way it was presented totally gave the (wrongful) impression that virtualizing Intel from Apple Silicon was possible.


OpenGL support will be present-but-deprecated from the start, which essentially means the full OpenGL stack (beyond OpenGL ES) is available.


Being able to use XPC to support Intel and ARM plugins separately is inspired.

See also:


iOS 14 and iPadOS 14 Announced

Apple (also: TidBITS, MacRumors, MacStories):

iPadOS 14 introduces an all-new compact design for incoming FaceTime and phone calls, Siri interactions, and Search to help users stay focused on the task at hand. Apps have new sidebars and toolbars that consolidate controls in one place, making them more streamlined and powerful than ever. New Apple Pencil features, including Scribble for iPad, deliver a whole new way to work with handwritten notes, and ARKit 4 delivers a brand new Depth API that allows developers to create even more powerful features in their apps.

Juli Clover:

In iOS and iPadOS 14, users will be able to set a third-party app as the default mail or browser app for the first time, a major change that iOS users have been wanting for years now.

Note that third-party browser apps still need to use the system WebKit framework. They’re not allowed to use a custom Web rendering or JavaScript engine.


iOS Apps on macOS 11


And for the first time, developers can make their iOS and iPadOS apps available on the Mac without any modifications.

The apps will be available in the Mac App Store by default, except where developers opt out. There will be lot more apps, but most of them won’t be quality Mac apps.

Peter Ammon:

The shocking part is not the fact, but that Apple chose to pre-announce it today, in such a low key way. Why do that?


The feature might absolutely suck in practice. Android apps on ChromeOS are...not great. But by showing their hand, Apple is committed to this feature. Why?

The reason would be to get someone to do something different. They want users or developers to react, today.


It’s definitely not a media coverage play. If they wanted to build excitement, why slip it in quietly towards the end?

Oluseyi Sonaiya:

If my iOS app will run on macOS unmodified… with careful UI/UX design, why would I build a macOS app at all?


A degraded Mac app, that doesn’t consider all of the unique requirements/opportunities the Mac presents. Not great for building thoughtful desktop-specific experiences, I would argue.


This almost seems designed to sunset macOS in a few more years[…]

Gus Mueller:

What’s going to happen when the Mac is flooded with iOS apps? Are prices for apps on the Mac going to plummet like they did on iOS? Will I still be able to make it as an indie in five years?

Alexis Gallagher:

So can you imagine what the user experience would be like if you just ran an iOS app on a Mac, just because you could? It would be HORRIBLE. Developers don’t even need to imagine it because we can already do this with the Simulator, and it’s not a good experience.…


The way this all makes sense is if the new Macs have not only Apple Silicon (which lets them run iOS apps) but also touch screens (which makes it reasonable to do so).


It’s easy to imagine a lot of ways this could work technically. But what would be a good UX? I don’t know.

It’s hard to see how this doesn’t end up compromising and ending up with a “toaster fridge,” just like Apple accused Microsoft of doing.

Steve Troughton-Smith:

Really interesting way of looking at it: the universal Apple ecosystem — built around the iOS SDK — is the future of the Mac, and Catalyst on Intel was a way of extending that support to existing Macs and letting them stay relevant for a few more years


Update (2022-02-08): Saagar Jha:

iOS apps on Mac is codenamed Almond, it looks like. A cute parallel to the Marzipan codename

macOS 11.0 Big Sur Announced

Apple (also: TidBITS, MacRumors, MacStories, Mr. Macintosh, Hacker News):

macOS Big Sur introduces a beautiful redesign that is entirely new yet instantly familiar. Safari is packed with new features, including a customizable start page, elegantly designed and more powerful tabs, quick and easy translation, and a new Privacy Report. The updated Messages app lets Mac users send and receive more personal and expressive messages, and easily keep track of and interact within group messages. Maps also offers an all-new experience with immersive features for exploring and navigating the world.


macOS Big Sur delivers a spacious new design that makes navigation easier, while putting more controls at users’ fingertips. Everything from the curvature of window corners to the palette of colors and materials has been refined, and new features provide even more information and power. Icons in the Dock have been thoughtfully designed to be more consistent with icons across the Apple ecosystem while retaining their Mac personality. Buttons and controls appear when needed, and recede when they’re not. The entire experience feels more focused, fresh, and familiar, reducing visual complexity and bringing users’ content front and center.

See also: Human Interface Guidelines (also: Hacker News).

Rui Carmo:

The new look for macOS makes it seem like Catalyst is the new design language, and it makes me sad because I actually like the way macOS looks now, and the tradition behind some of it–after all, a few of those icons have been around (like me, really) since the NeXT days.

Benedikt Terhechte:

Nobdy can complain that Catalyst doesn’t look like macOS if macOS doesn’t look like macOS

I prefer the old, more detailed and colorful toolbar buttons to the iOS 7 style. However, given that Apple is switching to symbols, I think I like the way Big Sur fully commits to this style, removing chrome so that the symbols themselves can be larger and stand out more. The main issues for me are that much of the text is difficult to read, the increased spacing effectively makes my displays smaller, and having rollover effects everywhere is distracting. Presumably, the spacing is because future Macs will have touch screens, but why compromise the desktop experience for that when iPads already exist? And, as a developer, it is annoying that the metrics for everything are changing.

Jonathan Deutsch:

I’d love a rationale for the War on Information Density. As far as I can tell it is only designer whimsy.

My guess is that it’s so iOS apps work better on future touch-screen Macs and don’t look out of place.


I am not a big fan of the continued slaughter of available-space-for-the-actual-title in the title bar, or similarly of cleanly draggable areas.


Dear god, the just barely opaque menu bar is back, and it’s just as horribly unreadable as a few years ago. Do we really need to keep doing this?

John Siracusa:

I hope everyone else is also busy filing Radars (sorry, “Feedbacks”) about the small, low-contrast text used in many places in Big Sur.

Like I said on @atpfm, Accessibility settings can help, but the defaults should be comfortable for MOST people. These defaults miss that mark.

Ben Thompson (Hacker News):

What is striking about macOS 11.0 is the degree to which is feels more like a son of iOS than the sibling that Mac OS X was[…]

Juli Clover:

macOS Big Sur does away with the “Energy Saver” section of System Preferences, replacing it with a new “Battery” section that expands the battery reporting capabilities of the Mac.

Juli Clover:

macOS Big Sur, the newest version of Apple’s operating system designed for Macs, brings back the classic startup chime that was eliminated from the MacBook lineup in 2016.

Joe Rossignol:

Apple has deprecated its long-standing Network Utility app in macOS Big Sur, with the app no longer functioning in the first developer beta.


Update (2020-07-27): Khaos Tian:

The floating Dock is unexpectedly distracting due to a tiny part of the wallpaper being visible at the bottom

Update (2020-07-30): Max Seelemann:

Catalyst Messages on Big Sur on a non-retina screen is in a pitiful state as of today. Messages are blurry, buttons are blurry, everything is blurry.

My hopes this gets fixed are slim. Progress bars have been blurry on non-retina for at least two major releases.

Update (2020-08-19): Riccardo Mori:

Apple really needs to rethink icon spacing in Big Sur’s menubar. This is how it looks, in the Finder (which has few and short menu commands), on a retina 13-inch display. And consider I only have iStat Menus as third-party addition on the menubar.

Update (2020-09-07): Baz:

Notifications on macOS BS are an absolute disaster: complicated to know what to do, hidden functionality, these stupid drop downs instead of buttons. How did macOS get to this?

Update (2020-09-28): Corbin Dunn:

I keep hoping the next macOS 11 beta will fix basic UI consistency issues, but they still are present. All these inactive sidebars all have different font sizes and colors. I logged this in the first beta.

I’m guessing the problem is that there isn’t any single person responsible for ensuring the consistency happens as a whole. I’d hope AppKit would take care of it, but I have a feeling a lot of this UI is custom, and then through News into the mix with UIKit and you get a mess.

Installing the macOS 11.0 Beta


If macOS Big Sur 11 beta is installed into the same APFS container as previous versions of macOS, system software updates can no longer be installed on the previous versions of macOS.

Jared Jones:

If you install Big Sur to a new partition you will be fine. Boot back to Catalina and remove the volumes that have Big Sur on it in Disk Utility. Then create a new APFS Container and put Big Sur onto that! Then you will continue to be able to install updates.

As I expected, Big Sur drops support for the first Retina MacBook Pro.

Monday, June 22, 2020

Parcel (Sponsor)

My thanks to Parcel for sponsoring the blog this week.

Parcel is a package tracker for iOS and Mac that supports over 300 carriers around the world. It has been on the App Store since 2010 and was featured by Apple multiple times, including the “Editors’ Choice” award in the Mac App Store.

It is developed by an indie developer, and it is always updated with the latest new features available from Apple. Last year it was updated with dark mode support and “Sign in with Apple” on day one after the iOS 13 release.

Vision Smarts

Parcel has a clear and simple privacy policy. You don’t have to worry about your data getting sold because it is never shared with any 3rd parties.

Try Parcel today and enjoy tracking your packages with timely notifications and worldwide support for different carriers. It available on the App Store and on the Mac App Store.

WWDC 2020 Links


Customer Stuff:


Apple Silicon:

What’s New:

Release Notes:

Key Sessions:



This post will be updated as I find new links. If you see anything good that I missed, please tweet or e-mail me.


The App Store Doesn’t Make Apps Safe

Brent Simmons (tweet):

Otherwise, App Store review is looking for basic functionality and making sure the app follows the guidelines […] the guidelines are about protecting Apple’s interests and not about consumers.


I’d feel secure knowing that the apps, just by virtue of being iOS apps, are sandboxed and have to ask for permissions. (I’m also imagining a Mac-like notarization step, for additional security. I think this is reasonable.)

In other words: Apple has done a very good job with iOS app security and safety. The fact that we think this has something to do with the App Store is a trick, though.

As discussed in the comments here yesterday.

Charles Perry:

@brentsimmons is right. Technical restrictions built into the OS (like sandboxing, asking user permission before accessing Contacts, etc.) are what makes iOS secure, not App Review.

Riley Testut:

This is important! Apps downloaded outside the iOS App Store would be far more safe than ones downloaded outside the Mac App Store. Regular iOS protections such as sandboxing apply to sideloaded apps like @altstoreio and Delta — the only difference is Apple doesn’t like them

Russell Ivanovic:

This whole notion that it’s Apple’s App Store or user privacy hell is pure nonsense. It’s not one or the other. In fact most apps on the current App Store suck up all the data they can already. That’s a toolkit issue not a store issue.

Dan Held:

I built out and headed up App Store optimization for all of Uber’s mobile products from 2016-2017.

The “review process” allowed hundreds of fake Uber apps to be approved. The problem got so bad we had to use a 3rd party software to issue takedown requests in mass.

If they can’t screen at that surface level then I’m not sure what they’re doing with each indie dev.

I don’t think this is what people expected to happen, but, even without fakes, the App Store does sometimes make it harder to find the official app. First, search ads deliberately make it not the top hit. Second, the organic result for typing the exact name often isn’t right. Outside the store, you’re always going to get the right app if you start at And a Google search is unlikely to give you the wrong result because the fake app won’t out-PageRank Uber.


The Art of the Possible

John Siracusa (tweet, 2, Hacker News):

Today, Apple’s stance seems to be that if they just hold the line on a few key provisions of the App Store rules, companies will build their business models around the Apple’s revenue cut in the same way companies built their business models around the costs of brick-and-mortar retail in the pre-Internet days. Apple seems to firmly believe that its ambitious goal state can be achieved with something close to the current set of App Store rules.

This belief is not supported by the evidence. Years of history has shown that Apple is getting further away from its goal, not closer.


Apple’s App Store rules need to change not (just) because developers don’t like them. They need to change because time and experience has shown that there is no viable path to Apple’s goal state given the existing rules. […] A hardline stance will not sway hearts and minds, and it has proven unable to change developers’ business models without sacrificing the user experience.

John Gruber:

It feels like Apple is fighting for its own long-ago-established vision for how the App Store ought to be, rather than making sweeping changes to account for how it actually is. They can do this because they have such tremendous power, but why? Why fight it?

Michael Love:

Since iOS, Apple has launched four major new “platforms” […] And every one has been a complete bust in terms of developer support, yet they seem to think everything is totally fine with App Store policies.

This is scarily close to what happened to Microsoft when they sabotaged promising new platforms like Windows Mobile to protect their massive profits from desktop Windows / Office, and absent a dramatic change I fear Apple is headed down the same path.

10 years from now, that line about Basecamp not contributing any profits is going to read exactly like Palm CEO Ed Colligan’s comment about PC guys not being able to just come in and figure this out.


CustomShortcuts 1.0

Houdah Software:

Use CustomShortcuts to add keyboard shortcuts to menu items in most Mac applications.

  • Assign custom keyboard shortcuts to Mac menu items
  • Auto-completion helps you navigate menu hierarchies
  • It makes sure you get menu titles exactly right
  • CustomShortcuts checks for ambiguous menu items
  • Copy & paste shortcuts between applications

Most Mac applications support user-defined keyboard shortcuts. CustomShortcuts makes it easy to add your own shortcuts.

A great little free app that gets around some of the difficulties and bugs doing this via System Preferences.

Unfortunately, the Mojave privacy protections add some friction to the first-launch experience. You have to restart the app multiple times after granting it Full Disk Access (to see which apps have custom shortcuts configured) and Accessibility access (so it can auto-complete the menu item titles).


Fantastical 3.1


Calendar sets have been a very cool way to automatically toggle multiple calendars on and off based on your device’s location. When you left the house for work, maybe you had set up your “Work” or “Daytime” calendar set to activate, so that you could focus on those things that mattered to you when you were going to work. When you arrived left work, your calendar set may have been switched to “Home” automatically.

Well, with most of us working from home these days, we wanted to allow that same type of calendar set transition – but for this update, we based it on time.

See also: David Sparks.


Friday, June 19, 2020

SummerFest 2020 for Indie Mac Apps


Many of us need to reimagine our workplaces and our workflow. We have kids to raise, degrees to pursue, new jobs to find.

Summer is the time for new plans and fresh projects and great new ideas. Whether you’re mapping out your next novel, finishing your dissertation, planning a product, or writing memories for your grandkids, these great tools will help.

As is our custom in this season, we’re hosting a gathering of software artisans who are working to transform research and writing for a new era. We’ve all finished our latest updates, we’re working together to save you lots of money.

Here’s your chance to get SpamSieve, Take Control books, and other cool apps like TextExpander and Timing at a discount.

See also: The Back on Track collection of Mac apps.

Looking Back at WWDC 1990

Brendan Shanks:

On May 7-11, 1990, Apple Computer held the second-ever [or fourth?] Worldwide Developers Conference at the (then-new) San Jose Convention Center in San Jose, CA. A newsgroup post indicates that the attendance fee was $195 per day, and hotels were available for $56-135 a night.

For some historical context, Macintosh System 7 was introduced a year earlier at the 1989 WWDC, and would be publicly released a year later in May 1991. It was a major focus of the conference.


This video is peak weird-90s-Apple. Just watch it.


The conference disc was Volume 3 1/2 of Apple’s then-new Developer CD series, and included the slides of all presentations as well as two HyperCard stacks: one serving as an overall catalog/launcher of the presentations, and another holding a full directory of all 2154 attendees.

Phil Schiller was a presenter, and there were multiple sessions on the Apple IIGS.


App Store for the Past

Matthew Guay (tweet, Hacker News):

Of all the things the App Store offers, SaaS finds perhaps two things helpful: Discovery and downloads. And they could live without either.

Subscription software businesses have to build a customer relationship, with unique accounts per-user. Might as well build out payments while you’re at it. Accounts negate the need for license keys, and make piracy a thing of the past. And, odds are, your SaaS is a web app—so a browser’s all you need, no access to device and operating system-specific APIs needed. A mobile app would be nice to have, with offline support and notifications and share menu integration. Discovery in the App Store search would be nice, too. But all the other things that make the App Store valuable to, say, developers building games don’t matter to business SaaS vendors.


Apple seems to see the App Store as a digital retail store, where 30% and guaranteed shelf space would be a bargain for consumer packaged goods.

Nathan Anderson:

They don’t want to “leverage the App Store”. They want to provide their customers who happen to use iPhones with a good way to use their service, which is an APP. The only reason they want to list in the App Store in the first place is because THEY HAVE NO OTHER CHOICE.

Ben Bajarin:

If Apple allowed you alternate payment methods and took no fee, but your app would never be featured or promoted in the App Store would you take that trade-off?

Tim Ritchey:

What I find frustrating about the App Store situation is not the rules, or 30% cut, but that from the start Apple has contorted software business models into their media-distribution infrastructure. We are clearly limited to decades-old ideas about how songs and movies are sold.

M.G. Siegler:

We’re getting too far into the weeds with all this. It seems pretty simple at a higher level: App Store rules and policies were created for the world as it was a decade ago. The world is not as it was a decade ago. Apple should create new guidelines for the world as it is now.

This isn’t the Constitution. Apple holds the unilateral ability to change what it wants. They’ve been doing it in piecemeal fashion -- Amendments? And worse, seemingly for preferred partners/deals, which has just pissed people off more over time. Rewrite the whole thing for 2020.

Chuq Von Rospach:

Also, I think Apple is wrong defining “hey!” as a consumer not business app. It’s primary market is single-owner and <10 employee small business. Apple seems to define “business” as “has an IT team” and that’s horribly outdated.


Update (2020-06-22): Brent Simmons (tweet):

This means that, for many developers, the very best thing about the App Store — the thing that actually helped their business — is gone.

And it’s not just gone — it’s probably actually more difficult doing this stuff via the App Store than doing the same things (trial, IAP, subscription) using non-Apple systems such as Stripe.

(And, as a bonus, Stripe isn’t going to review your app’s business model and tell you no.)

Matt Birchler:

Good points here. I think one thing people assume is that taking payments anywhere besides the App Store is a nightmare for security and ease for the user/developer. I happen to work for a payments company and viamently disagree with that.

Aaron Vegh:

This is an important point that seems to be missing: I’ve ready many say “it’s easy” to use In-App Purchase. It absolutely isn’t. It’s complex, the developer side of things is buggy af, and Apple could make it way easier, but hasn’t.

Brian Webster:

I’ve sold Mac software direct for 15 years and it’s not that hard to set up. Many payment systems to choose from, and took me like a couple days to create a basic registration code and in-app purchase system. One that I have full control over, and can do upgrade pricing with.

The main downside is folks who lost their registration (time spent for both me and them). But on the other hand, you can actually talk to your customers! And give refunds! Or discounts! Or whatever you want!

Brent Simmons (tweet):

So while it’s true to say that all of an iOS app’s users come via the App Store, it’s only true because there’s no other option.

If I could distribute my iOS app outside of the App Store, I would. I’d switch in a heartbeat. Even though it’s free and money isn’t my issue. It would make my work as an app maker easier.

Marco Arment:

Today’s crowded App Store is merely a (bad) search engine you send people to from your own marketing.

For Overcast, I’d still opt into the App Store and IAP. The tradeoffs are worthwhile to me. But that’s far from universal.

It’s a great system for many apps, but it should compete on its merits.

Have You Contributed Any Revenue?

App Review Board (also: Hacker News, 9to5Mac):

Thank you for being an iOS app developer. We understand that Basecamp has developed a number of apps and many subsequent versions for the App Store for many years, and that the App Store has distributed millions of these apps to iOS users. These apps do not offer in-app purchase — and, consequently, have not contributed any revenue to the App Store over the last eight years. We are happy to continue to support you in your app business and offer you the solutions to provide your services for free — so long as you follow and respect the same App Store Review Guidelines and terms that all developers must follow.

Once again, they sent the verdict to the press before sending it to the developer.

Wil Shipley:

This sounds a little too close to a threat for my liking.

Daniel Jalkut:

cracks knuckles ... your ... contribution ... has been a little light lately. It would be a real shame if ... something were to happen to your apps.

Brent Simmons:

That bit about “not contributed any revenue to the App Store over the last eight years” is supposed to make the Basecamp folks say “Oh, yeah, you’re right, we forgot, so please go ahead and screw us because we deserve it”?

Loren Brichter:

How about you compete with letting folks have a direct relationship with their customers (on hardware they bought) and offer a compelling reason to go through your dollar store.

Nick Heer:

Apple’s email is an extraordinarily condescending series of statements that seems to emphasize that third-party developers are allowed to develop for Apple’s products through the grace and generosity of the company. But how many people would buy an iPhone if there were no ecosystem of third-party apps, or if free apps were not allowed? The App Store’s policies have incentivized business models that do not require customers to pay money for downloading apps. How many Macs has Apple sold because that’s the only platform supported by the company’s developer tools?

This is the kind of thing a company writes because it can — because anyone who wishes to have an audience for their product or service on about half of Americans’ smartphones has no choice but to tolerate whatever inconsistent hell they are put through.

Daniel Jalkut:

If I worked in Apple Developer Relations, engineering, product marketing, or App Store editorial, I’d be FURIOUS at whoever in the company is fomenting a developer-hostile public image the week before WWDC.

Marco Arment:

Whoever at Apple wrote this — a few days before WWDC! — should never be allowed to communicate with developers again.

Troy Swanson:

Imagine curating an ecosystem of high quality applications that are a value add to your billion dollar hardware market and saying some shit like this

Steve Troughton-Smith:

That passive-aggressive bullshit ‘you’re not worth anything to us’ paragraph in writing, from Apple. Oof

Marc Edwards:

A few days out from WWDC, and this is Apple’s message to developers. It reads as “you have no value to us unless you’re earning us tons of cash”.

“We are happy to continue to support you in your app business” is a hell of a quote. That’s going to echo through the heads of developers as they weigh up the pros and cons of supporting Apple’s next platform.

Will Cosgrove:

Apple loves to point out ‘free loaders’ on the App Store that don’t charge for apps. But if these apps didn’t exist on iOS, users would leave the platform and they’d get zero dollars from them.

Michael Love:

iPhone succeeded because of our apps. The notion that Apple did this amazing thing that we’re all lucky to be part of is total BS; developers had every bit as much to do with the success of the iPhone as Apple and yet they have the audacity to keep extorting us.

Russell Ivanovic:

This whole “has generated no revenue for the App Store” line holds no water. If Apple removed all third party apps from their iOS store today, what would iPhone sales look like for the next 2 years?


App Store ecosystem is why I bought a $1000+ phone. If Apple ruins it I might as well buy Android

Chuq Von Rospach:

Recruiting developers to consider the [Palm] platform was simple: we promised to be “not Apple” as much as we possibly could.


Investing in a more balanced set of policies for the App Store could have avoided this fight, but Apple seems to believe it’s invulnerable.

Jeff Johnson:

If you think of Apple’s cut as the cost of running the App Store, then how in the world is it fair that paid indie apps are subsidizing the cost of running the App Store for free apps by megacorps such as Facebook, Google, and Twitter?


It Doesn’t Work

Matthew Panzarino (also: MacRumors, Hacker News):

“You download the app and it doesn’t work, that’s not what we want on the store,” says Schiller. This, he says, is why Apple requires in-app purchases to offer the same purchasing functionality as they would have elsewhere.


“We didn’t extend these exceptions to all software,” he notes about the “reader” type apps — examples of which include Netflix. “Email is not and has never been an exception included in this rule.”


I asked Schiller if this meant Apple felt entitled to a portion of the revenue of every business that had an app, regardless of whether that business was an iOS-first.

“I get why there’s a question here,” he says. “But that’s not what we’re doing.”

Except that FastMail and Superhuman have been doing the same thing for years. And there are tons of other apps that don’t work unless you have a particular kind of account or hardware device. “Reader” apps, as Apple describes them, are not a coherent category.

Matt Birchler:

I feel like this is recursive logic. The app does this becuse they had to bend over backwards to not tell the user how to sign up. They did that because of existing App Store rules that force them to not help the user here.


The amount of contortion this line of logic requires is unconscionable, and is the kind of reasoning that make people believe salespeople do not trigger automatic doors.


I have no idea if it will take the US or EU torching it for things to change, but it baffles me that the bundling of a web browser was considered a bigger problem than this.

John Siracusa:

Wow, this is extremely flimsy. Who is Apple protecting with this stance? The poor iOS user who might download the free Hey app and be shocked to learn that it doesn’t function without an account

…or maybe it’s about that 30% cut of in-app purchases? Yep, a real stumper.

Nick Heer:

The reason I emphasized how Hey works at the top of my piece from earlier this week is because it isn’t an email client, it’s a Hey service client — and Apple sees those as wildly different categories. […]

Zendesk is another product built on email standards that doesn’t do anything unless you sign in — there is no way to register within the app. But it’s allowed in the App Store either because it has bulk pricing options or because it offers access to a professional database. It’s also not marketed as an “email client”.


But the App Store is worse without the Hey app for those who use Hey. I can’t imagine tacking a standard IMAP client onto the app, as Apple suggests, would improve it.

Nick Heer:

You can find dozens of similar examples if you start poking around. It sure seems like a lot of apps have been approved by mistake. If App Review can’t understand the rules about when it is okay to only show a login screen upon launch, how are developers supposed to know? Inconsistencies reflect human nature but so, too, should Apple’s responses to such inconsistencies.

Nicholas Van Exan:

Totally not the larger / important / competition law point, but how do they arrive at the conclusion that Hey is not a “Reader” type app but cloud storage apps are? Cloud email is literally cloud storage. I’m literally paying to access my emails, stored on cloud servers.

Kara Swisher:

And how — given that access to the mobile universe is controlled by just two companies: Apple and Google. As one person intimately familiar with the mobile ecosystem noted to me, Apple and Google are the “two tollbooths” for us all.


Yet Apple has also changed rules in ways that many developers find capricious and unfair and, more to the point, scary. While complaints have been raised for a long time about what Ben Thompson of Stratechery calls Apple’s “rent-seeking” practices, many developers do not want to speak out for fear of falling afoul of Apple and, worse, getting banned from its store.

Steve Troughton-Smith:

The app is only crippled on the App Store because that’s what they had to do to fit Apple’s written and unwritten rules. By the book. It’s not ‘an email app’, it’s the Hey app; Apple’s framing is BS, and it’s disappointing to see people fall for it

Christian Selig:

Ugh, this is so painful to see from Apple.

“You download the app and it doesn’t work without a paid account. We don’t want that kind of experience on the store. pause … Except for Netflix.”

Michael Love:

Uber seems to have adopted the legal position that they’re a service connecting passengers with drivers and don’t operate a physical business at all; from that perspective there’s not much difference between taxing their service fees and taxing Hey’s subscription fees.

Ken Kocienda:

“Let’s make the App Store insanely great.”

What if that were Apple’s philosophy? It doesn’t seem like it is.


If it were, I can’t imagine that it would come down to splitting hairs over ambiguously-worded rules or inconsistently-applied policies.

The priority would be to get great apps on the platform, and to encourage developers who want to “Think Different” to invest their time and effort into making new iOS apps and services that nobody thought of before.


Love that Apple devotes a lot of time detailing why a perfectly reasonable app can’t exist on their platform

And at the same time continues to promote coloring book apps which charge $15/week with a 3-day free trial

Which one makes the App Store better?

See also: You Download the App and it Doesn’t Work (via David Heinemeier Hansson, Hacker News).


Update (2020-06-22): Jeff Johnson:

People claim that the main benefit of the App Store is safety, but if that’s the case, then why do developers of non-malware apps get hassled so much by Apple?


This is the difference between protection and a protection racket.

See also: The App Store Doesn’t Make Apps Safe.

Update (2020-07-09): See also: Matthew Panzarino, who talked with Phil Schiller, on The Talk Show. I was even more confused after listening to this. He says that App Review’s “it doesn’t work” was a side comment, not an actual reason for rejection. So then why did addressing “it doesn’t work” by adding a trial help? And he says that the rules aren’t changing; e-mail apps were never considered “reader” apps. So then why were Superhuman, FastMail, and other e-mail apps approved before? Lastly, why is Hey considered different from apps like Basecamp and Zendesk? As best I can figure out, Apple did change an unwritten rule recently, and Hey is essentially being granted a special exemption.

Highway Robbery

Nilay Patel (tweet, MacRumors, Hacker News, David Heinemeier Hansson):

Apple is acting like a monopolist and a bully, according to the chairman of the House antitrust subcommittee.


“Because of the market power that Apple has, it is charging exorbitant rents — highway robbery, basically — bullying people to pay 30 percent or denying access to their market,” said Rep. Cicilline. “It’s crushing small developers who simply can’t survive with those kinds of payments. If there were real competition in this marketplace, this wouldn’t happen.”

The 30% is a lot, and there are certainly problems with the guidelines and conflicts of interest, but the larger problem is that the App Store is the only way to distribute software. iPhone is not a gaming console. Phones are the new personal computer—more than that for many people, really—but you don’t get to choose what apps to run on them. Even if you find the app yourself via the Web, even if you trust it, even if it’s sandboxed, even if no money is changing hands, you can’t download and install it unless Apple approves of it.

Toyota doesn’t prevent you from installing your own tires or hanging ornament. Your electric company doesn’t ban certain devices from receiving power—or require a percentage of whatever you produce using its energy. Your Web browser doesn’t prevent you from viewing certain sites. But, somehow, people have accepted that a sort of network neutrality for your phone or tablet would not only infringe on Apple’s rights but would put you at risk.

Jason Fried (tweet):

Money grabs the headlines, but there’s a far more elemental story here. It’s about the absence of choice, and how Apple forcibly inserts themselves between your company and your customer.

Does the world’s largest company really get to decide how millions of other businesses can interact with their own customers? In fact, Apple’s policy distances you from your customer.

When Apple forces companies to offer In App Purchases in order to be on their platform, they also dictate the limits to which you can help your customer. This has a detrimental impact on the customer experience, and your relationship with your customer. It can flat out ruin an interaction, damage your reputation, and it can literally cost you customers. It prevents us from providing exceptional customer service when someone who uses our product needs help.

David Heinemeier Hansson:

Now Apple is telling us how to design our products too! They don’t just want to dictate distribution, they also want to dictate product design, and define what an “acceptable” email client is.

Steve Troughton-Smith:

Apple would like to think people are just upset about their tax rate, but it’s not just that — it’s about interfering with perfectly reasonable apps for self-serving reasons and pretending they’re protecting customer interests, and channeling ‘innovation’ down pre-approved paths

Daniel Jalkut:

I’ve come around quite a bit on the subject of Apple’s stronghold over developers with the App Store. I now believe side-loading, and perhaps even the ability to install 3rd party STORES should be a requirement for consumer and developer protection.

Daniel Pasco:

App store policies - and the pricing drought - have unquestionably eradicated innovation. Most people that could do something significant are reticent to do so as it’s extremely rare to be able to make enough to sustain a product, let alone make a profit.

Michael Love:

One can certainly take the position that it’s not robbery, but in 2008 I paid Palm/Microsoft $0 for the privilege of writing mobile apps for their platforms, and in 2010 I paid Apple 30% of my revenue.

They didn’t greatly increase my sales, they didn’t greatly decrease my customer support burden, they just came in with a new platform, lured all my old customers over to that platform and then demanded I fork over 30% to keep selling to the same people I was already selling to.

My personal experience of the App Store has been very, very similar to the Mafia protection metaphor that @dhh has been pushing, there’s nothing unfair or vitriolic about calling it what it is.

Kyle Howells:

I own multiple physical hardware products (cameras, drones, remote control cars, light bulbs), which are very expensive paper weights without their bluetooth companion apps.

Apple can put those companies out of business and take away my access to my stuff by rejecting their app.

John Gruber (tweet, Hacker News):

Even if you think Apple is doing nothing wrong, it’s not healthy or sustainable if the developers of a huge number of popular apps are only in the App Store because they feel they have to be there, not because they want to be there, and if they feel — justifiably or not — that Apple is taking advantage of their need to be there. Tim Cook rightly loves to cite Apple’s high customer satisfaction scores as a measure of success. I think if Apple measured developer satisfaction scores on the App Store, the results would be jarring.


New Apple Developer Forum

Apple (also: MacRumors):

The Apple Developer Forums have been completely redesigned, so they’re more engaging to use, automatically surface the most relevant content, offer simpler navigation, and make it easier to categorize and search for content. Connect with fellow developers and Apple engineers as you give and receive help on a wide variety of development topics, from implementing new technologies to established best practices.

I don’t understand why this forum exists. Every incarnation has been slow and far less pleasant and useful than Stack Overflow, both because the site doesn’t work very well and because most questions remain unresolved. This new version is even less information dense than before and drops support for e-mail and RSS.

Why fragment the community instead of embracing Stack Overflow like other companies have? Why not license Stack Exchange or Discourse or some other top-quality engine—or even use a mailing list?

People expect that the value add for Apple’s forum is that it will be the place where these conversions happen (it wasn’t, and this won’t change that) or that they’ll get official answers from Apple engineers (that hasn’t been the case, either, except for a very few saints who sometimes post).

Craig Hockenberry:

Was there ever any doubt that Apple would screw up links to referenced material in a forum redesign?

One of the reasons that developers prefer Stack Overflow is because permalinks never change and can be used in comments.

BJ Homer:

If you’re wondering how to browse the new Apple Developer Forums without just having to search random keywords, here’s the full list of tags, which serve as the organizational structure of the forums[…]

I wish that were linked from the home page.

See also: Meet the new Apple Developer forums.


Update (2020-07-27): Riley Testut:

of course Apple’s developer forums don’t allow you to post URLs, because why would they

Update (2020-08-19): Ryan Ashcraft:

It feels like it was designed by someone who didn’t understand the customer.

First off, there’s no personalization. The top posts/tags/users on the home page are completely useless to me. They don’t even stay fresh! This post has been at the top of the page since launch.

Basic forum features that help keep engagement high are completely absent. For example, there’s no ability to follow posts or receive notifications when your posts get replied to.


The search function drops parens, even if placed inside quotes.

Jim Truher:

I found it most frustrating that the datestamps on google results ended up resetting to June 20th, 2020. Made it impossible to tell what posts/questions were new, and which ones were years old.

Becky Hansmeyer:

I don’t understand how they shipped it this way, especially since it’s a completely solved problem (hello, Stack Overflow!).

Brian Webster:

I’ve lost track at how many attempts Apple has made at developer forums by this point. 3? 4? They rewrite the thing from scratch, it’s terrible, they don’t do anything to improve it, then repeat the same damn thing 3 years later.

Wednesday, June 17, 2020

Zoom End-to-End Encryption for All

Eric S. Yuan (via Bruce Schneier, Hacker News):

Today, Zoom released an updated E2EE design on GitHub. We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform. This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe – free and paid – while maintaining the ability to prevent and fight abuse on our platform.

To make this possible, Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message.


Lightroom Classic 9.3

Sharad Mangalick:

A new hue editing control is available as a local adjustment control. Local Hue can be used for both corrective and creative purposes. Local Hue gives photographers the ability to subtly nudge hue to clean up uneven skin tones.


An ISO Adaptive Preset allows a single preset to apply different edit settings to different photos depending on their ISO. For example, you could have a single preset that applies different levels of noise reduction to high ISO images and low ISO images.


With this release, you will experience performance improvements for the following:

  • Scrolling through your catalog grid in the Library module using arrow keys, mouse, trackpad, or touch. Most noticeable with larger catalogs.
  • Searching and filtering large numbers of collections.
  • Scrubbing edit sliders in the Develop module.


With this release, AVI files are supported on macOS.

Adobe Flash Player End of Life: December 31

Adobe (via John Gruber):

Adobe will be removing Flash Player download pages from its site and Flash-based content will be blocked from running in Adobe Flash Player after the EOL Date.


Customers should not use unauthorized versions of Flash Player.  Unauthorized downloads are a common source of malware and viruses.


Note, as it gets closer to the EOL Date, the number of Flash-supported browsers and operating systems may decrease so Adobe strongly encourages customers to migrate to other standards.


Tuesday, June 16, 2020

Stop DuckDuckGo Clickjacking

Jeff Johnson:

DuckDuckGo still uses JavaScript to intercept your link clicks, and there’s no good reason for it. One consequence of this clickjacking is that your Safari browsing history gets messed up.


Today I’ve released version 15.3 of my Safari extension StopTheMadness in the Mac App Store. To stop DuckDuckGo clickjacking, install StopTheMadness, create custom website options for, and then enable the “All mouse clicks” option.


Apple Developer App for Mac

Juli Clover:

The Mac version of the Apple Developer app will mirror the iOS version, offering up a Discover section with new and relevant developer news, a videos section with sessions created by Apple engineers, and a WWDC section.

The WWDC section of the app will allow developers to access Apple’s keynote event on Monday, June 22, as well as the Platforms State of the Union and more than 100 technical and design-focused engineering sessions.

Unfortunately, it’s an unpolished Catalyst port. We’re still waiting for the Catalyst improvements that Craig Federighi said to expect last June. Many Mac developers are still using macOS 10.14, so they won’t be able to run the app.

See the comments from:


Update (2020-06-18): Marcin Krzyzanowski:

NSDateFormatter.timeZone would help with worldwide remote dates.

Benjamin Mayo:

The enforced 2/3rds UI scaling sets an app two steps back from the get go. Most UI controls require manual customisation and reimplementation to make them look and act like their macOS counterparts. Some elements like sidebars do transform their behaviour when running on the Catalyst idiom, but the Catalyst stack seems unfinished as it doesn’t accurately recreate how an AppKit source list works. It is just wrong.


If you use AppKit, you can make a bad app. If you use Catalyst, you can easily make a bad app. At the same time, Catalyst is attracting developers who cannot justify to allocate resources to Mac-specific work. […] I am sad that Apple — the platform owner and biggest company in the world — is leaning on Catalyst so heavily, and not even setting a good example in the process.

John Gruber (tweet):

As things stand right now, Catalyst seems like a framework written by people at Apple who don’t know what makes for a good Mac app, for iOS developers who don’t know what makes for a good Mac app.

No one would be happier than me to see big news on this front next week at WWDC. But man, what a sad statement about Catalyst the Mac Developer app is. It’s not like Catalyst heralds a new style of Mac app — it’s not about an old style vs. new style. It’s just about paying attention to details or not.

See also: Rob Griffiths.

Update (2021-10-20): Paul Haddad:

Please tell me I’m not the only one who tries to press the space key to pause video in Developer app. Wouldn’t be so bad if it did nothing, but it changes the search term and clears the view I’m watching.

HEY Rejected From the App Store

David Heinemeier Hansson:

We celebrated too soon with getting Apple’s approval for HEY in the App Store. Yes, v1.0 was approved, but now we’ve been denied our v1.0.1 update, which has important bug fixes, because we don’t do IAP.

It’s really sad that Apple has such a capricious and inconsistent review process. What’s OK one minute might not be OK the next. If we have to bite our nails every single time we push out a bug fix, we’re not going to have any nails left in a fortnight!


We’ve been dealing with the App Store for years at Basecamp. We’ve submitted to all their (ridiculous) requirements.

David Heinemeier Hansson:

HEY is doing exactly what Basecamp is doing, is doing exactly what Netflix is doing. Offering a subscription service that must be purchased on the web, then a client in the App Store to access that.


We don’t use the App Store for our Mac app for this reason. But we have no choice but to use the App Store for iOS. It’s the monopoly store in apple mobile town.

David Heinemeier Hansson (Hacker News):

Wow. I’m literally stunned. Apple just doubled down on their rejection of HEY’s ability to provide bug fixes and new features, unless we submit to their outrageous demand of 15-30% of our revenue. Even worse: We’re told that unless we comply, they’ll REMOVE THE APP.


It’s clear that Apple feel like they’re now so far above the trifling concerns of antitrust law that even while under the scrutiny of regulators and justice departments on TWO CONTINENTS, they can still afford to tighten the screws. Gotta make that pivot to services pay!!

David Heinemeier Hansson:

We did everything we were supposed to with the iOS app. […] You can’t sign up, because Apple says no. We don’t mention subscriptions. You can’t upgrade. You can’t access billing. We did all of it! Wasn’t enough.

We’ve been in the App Store with Basecamp for YEARS. We know the game. It was always rigged. It was always customer-hostile, deeply confusing, but the unstated lines were reasonably clear. Now Apple has altered the deal, and all we can do is prey they don’t alter it further.


Update (2020-06-18): See also: MacRumors, Hacker News, Forbes, TechCrunch, Dithering.

John Gruber (tweet):

The rules as they’re written are controversial (and the subject of antitrust inquiries in both the U.S. and E.U.), but the Hey app seemingly complies with all of them.

David Pierce:

Apple told me that its actual mistake was approving the app in the first place, when it didn’t conform to its guidelines. Apple allows these kinds of client apps — where you can’t sign up, only sign in — for business services but not consumer products. That’s why Basecamp, which companies typically pay for, is allowed on the App Store when Hey, which users pay for, isn’t. Anyone who purchased Hey from elsewhere could access it on iOS as usual, the company said, but the app must have a way for users to sign up and pay through Apple’s infrastructure.

Ryan Jones:

Ah ha! Apple says “business services” can bypass the 30%.

Also, LOL.

Also, what a way for us all to find out! A spokesperson via a correction via a news story via Tweet storms.

David Heinemeier Hansson:

I hear from a little bird that March was the date for the new, extractive stance. The policy 3.1.1 didn’t change, but Apple apparently decided in March that it could be a growth opportunity to start enforcing it harshly. That’s why old apps haven’t been hit yet. Just fresh prey.

David Pierce:

As for questions like “What if I pay for G Suite on my personal email, isn’t that the same thing,” or “What about all the other subscription email services that work kinda the same way,” the answer seems to be […]

John Gruber (also: Hacker News):

First, no such distinction is made in the App Store Review Guidelines. The lone instance of “consumer” refers to the “Consumer Health Records API”. […]

Second, how could such a distinction be made in writing? There are some apps that are definitely “business services” and some that are definitely “consumer products” (games for example), but to say that the area in between encompasses many shades of gray is an understatement. The entire mobile era of computing — an era which Apple itself has inarguably largely defined — is about the obliteration of distinct lines between business and consumer products.


At some level there’s a clear distinction here — Netflix and Kindle are clearly consumption services. But Dropbox? Dropbox is a lot closer to an email or messaging service like Hey than it is to Netflix or Kindle. The stuff in my Dropbox account is every bit as personal as the stuff in my email account. When you put Dropbox in the same bucket with Netflix and Amazon Kindle, it seems to me like the distinction is not so much between what is and isn’t a “reader” app or what is or isn’t a “business” app, but between companies which are too big for Apple to push around and those they can.

Chuq Von Rospach:

Office 365 is okay outside but Hey isn’t? why?

also, how is this ANY different from Adobe Creative cloud subscriptions? I’m confused.

David Heinemeier Hansson:

We keep trying to find logic, consistency in Apple’s App Store decisions. What’s different about Fastmail? Why not Gmail? Outlook? But it’s looking at the question the wrong way. The answer is much more basic: power. Apple can do what they want, when they want, so they do.

Apple feels no obligation to be even internally consistent. They told us that straight up! They were not going to discuss precedence, just our individual case. Which is what everyone with absolute power always wants to do: reduce everything to a case-by-case situation.

• • •

Casey Newton:

This is not your typical developer hyperbole. Apple’s behavior here is truly inexplicable and I imagine it will have implications for the various antitrust investigations now underway

Russell Ivanovic:

The “old” rule was “if you want to process payments externally, fine, but don’t dare mention it in your app”.

This has now changed to “actually offer the payments in app so we can take 30%, or get off the store”. It’s a wild escalation.

Don Whiteside:

Not even to mention how dopey this policy is compared to the old (also dumb) normal of “we get a cut unless you provide absolutely no way to sign up via the app.” Am I just forbidden to write an app that lets a person use the api for a subscription service I do not provide?

Michael Love:

This is just outright cartoonishly evil. Does my daughter’s violin teacher have to start paying Apple 30% of her tuition now because classes are virtual?

Dieter Bohn:

Haha remember April Fools day this year when we learned some companies like Amazon get to skip the 30 percent cut to Apple for digital purchases and we thought that was as arbitrary and capricious as it could get?

We were so young, so naive.

Josh Centers:

Don’t like Apple’s policies? Just build your own mobile ecosystem.

• • •

Kyle Howells:

Imagine if Safari & Chrome could (& regularly did) arbitrarily demand changes to websites, the companies business models, or just block companies or subjects they don’t like from the internet entirely.

That’s what our modern computing world is like for apps & app developers.

Loren Brichter:

I think the conversation has shifted so far that people are begging for scraps. I have one of the most powerful tools for knowledge in the known universe and it can fit in my pocket and Apple crippled it with a big, beautiful, Foster + Partners-designed glass ceiling.


If it’s a security nightmare then the security model is wrong. If you can’t make the security model work then someone else can. Unless you prevent them. Which they are.

Colin Cornaby:

It seems like the broader issue is that the App Store is the only way on to the iPhone.

George Claghorn:

I kind of resent people talking about this as “Apple making decisions about their own platform” instead of “Apple deciding what I can install on my phone that I paid for based solely on whether it sufficiently pads their exorbitant profits.”

Josh Centers:

Two things should be true: you have a right to run the software you want on the computers you own and you should have the right to repair the computers you own.

Prior to the iPhone, neither of these statements was controversial.

Matt Birchler:

This is a perfect example of why side-loading should be an option on iOS. Sure, make them notarize the app like they would do on the Mac and block them from using Apple Pay for signing up in the side-loaded app or something, but this restriction is kind of nuts.

Kyle Howells:

Given how important computing devices phones are now, Apple shouldn’t really even be allowed to lock the iPhone to only running apps from the AppStore.

The more I see Apple abusing its control of the iOS & macOS platforms the more I feel tempted to just drop native development and make web apps.

At least then I’d control those. They can’t be blocked, randomly removed from the AppStore or arbitrarily rejected on a whim.

Loren Brichter:

Both [the App Store and the Google Play Store] are filled with scams and junk. The alternative is an option that is “no store”. Let the stores actually be highly curated. Deprive the junk and scam any shelf space. And allow ideas and businesses to develop on hardware that people own with autonomy.

• • •

Cabel Sasser:

It’s pathetic to say, but I respect your bravery in immediately calling them out for this. We’ve dealt back-channel style with capricious rejections for years and years and it’s so exhausting, and though we almost always prevail, the only thing that gets Apple changing is bad PR.

Steve Streeting:

The worst thing about the app stores is when they allow you on, but then reject updates you desperately need to deploy to help your users. Rejections for things that were always there, and that other people do. I’m sure almost everyone has a story like this.

It causes such incredible stress that as a dev I wouldn’t go near the Apple app stores with somone else’s barge pole now. It’s like playing Russian Roulette every time you submit an update.

Joe Cieplinski:

They absolutely are inconsistent. Which is why if your app is anywhere near that line, you either don’t build it or expect to some day get burned.

Daniel Jalkut:

The definition of insanity is submitting to the App Store again and again and expecting consistent results.


A lot of responses to this saying “just don’t include sign-up”. Except when this happened to us, the rep who called presented a new rule: the app should work equally for someone who discovers it through the App Store as anyone else, which means omitting sign-up is not allowed.

Benjamin Mayo:

In August, Apple reached out to say my app was going to be featured. A week later, App Review told me my app would be removed from the store permanently for violating Apple’s rules as my subscription ‘didn’t offer enough value for the money’.

I had to remove content that I offered for free and put it behind the paywall ... Apple would never confirm if those changes would suffice, but I did it and the app was not removed.

Matt Henderson:

I remember when they rejected an app we made, because we used a “Slide to start” UI control, which they claimed to have a monopoly on (since that was the control to unlock the screen at the time). And, that was also after having had the app in the store for more than a year.

David W Keith:

Dropcam wasn’t using In App Purchases, as they required hardware, which was excluded from IAP. When Nest tried to merge the features we were told to use IAP, which was specifically against Apple rules since it required hardware. We ended up not mentioning subscriptions at all.

Saurabh Garg:

My sister who’s not a developer learned programming in a couple weeks and built an app by herself for design professionals. Nothing amazing, but a nice design compendium. AppStore rejected it saying that they want ‘quality apps’ on the store. No recourse or any encouragement.

• • •

Rene Ritchie:

How would you handle current App Store complaints?

Daniel Jalkut:

It’s particularly frustrating because I know for a fact that Apple is composed of dozens, hundreds, thousands of caring, empathetic people who would like to see the developer/company relationship be mutually beneficial. Yet somehow this antagonism towards developers prevails.


The mood of being a developer in the Apple ecosystem for the past 10+ years has been one of simultaneously imagining what kind of incredible software the platforms enable, while worrying what Apple will let us “get away with.” Honest developers made to feel like renegades.


I don’t know what my breaking point is, because I still love Apple platforms so much. It’s just a real shame that so many years are being wasted antagonizing developers who could otherwise be even greater boosters of Apple’s technologies.

Jordan Dea-Mattson:

Spent 13 years working at Apple. Poured my life into it.

Disgusted by what I am seeing here.

Chuq Von Rospach:

as a former part of @tim_cook team in IS&T and a long time Apple supporter, I’m really disappointed. They got it wrong here, and increasingly, I feel like Apple has forgotten the question shouldn’t be “Can we do this?” but “Should we do this?”

Nick Heer:

[Basecamp] says that its apps are all “full-featured native apps” but its desktop apps are Electron-based. That’s not entirely relevant to this post, but it is my policy to shame websites masquerading as native apps.


Apple’s response to the E.U. antitrust investigation says that all apps in its store are subject to the same rules, but that is plainly not true, either. The way Apple is splitting hairs in Hey’s service offering and refusing to compare it to other apps is grossly unfair. The reason I included a detailed description of how Hey works at the outset of this post is because this appears to be the main difference between it and any other email app. But that is an undocumented, unclear, and almost wilfully pedantic interpretation.


WWDC begins in six days. Apple is using the lead-up to strongarm a well-known developer following its policies and issue dishonest statements and press releases about competition in the App Store on the same day that the E.U. announced an antitrust investigation into these practices. Audacious.


The two most compelling arguments against the iOS and iPhone user experience are the App Store policies and the sandboxing restrictions. Some of those choices are made in favor of privacy and speak for the user, but which users are better served by Apple getting their organized-crime-type cut than they would by getting a functional application designed the way Basecamp had in mind?

• • •

Match Group:

They claim we’re asking for a “free ride” when the reality is, “digital services” are the only category of apps that have to pay the App Store fees. The overwhelming majority of apps, including Internet behemoths that connect people (rideshare/gig apps), or monetize by selling advertising (social networks), have never been subject to Apple’s payments systems and fees, and this is not right.

Tim Sweeney:

Here Apple speaks of a level playing field. To me, this means: All iOS developers are free to process payments directly, all users are free to install software from any source. In this endeavor, Epic won’t seek nor accept a special deal just for ourselves.

Ben Thompson:

“I heard from some of the largest companies in the industry about visits from Apple making clear that they were after their share of money, no matter how that money was made. And yes, Apple held up their updates until they agreed...”

John Gruber:

The issue exemplified by Hey is that there are cross-platform apps/services that don’t want to use Apple’s system, period, full stop. They don’t need to, or don’t want to, or think Apple’s cut is too high, or perhaps their business model literally can’t support giving up 30 percent of revenue — whatever. They’re not trying to collect money from users within their apps by circumventing Apple’s IAP APIs with their own payment processing — they’re simply willing to forgo in-app commerce completely and sign up all their users on their own, outside their app.

Daniel Pasco:

The real problem: Apple has championed the race to the bottom regarding pricing, because they make their money off of selling hardware and can afford to give away their operating system and software for free or at least at unsustainably low prices.


The biggest players on the App Store don’t charge for their apps at all, and those are the players that really matter to Apple. These are media and retail powerhouses that also don’t have to support themselves on app revenue, because they make their money elsewhere.

Damien Petrilli:

Ex: Google and Facebook make tons of money with their ads and analytics.

Their apps are downloaded million times but they pay Apple $99/y only as they don’t charge for their software.

So it’s not enough to cover the cost they generate to the App Store.

Ryan Jones:

On today’s @ditheringfm episode, @gruber said Apple’s maniacal focus on rent-seeking has surpassed talent retention as the company’s biggest risk.

Agree. Sad.

Update (2020-06-19): See also: Rocket, Accidental Tech Podcast, Tanner Bennett, Core Intuition, MacRumors.

Erik Telford (also: Hacker News):

You think Apple would understand not wanting a 3rd party mob boss to take 30% off the top considering they explicitly work around Google’s 30% cut in the Apple Music app on Android

Rogue Amoeba:

After many issues early on, Rogue Amoeba has avoided Apple’s App Stores. To save our sanity & revenue, we focused on direct distro via the Mac.

Sadly, problems have persisted & worsened. It’s time to speak up and share stories about #AppStoreAntitrust. We’ll go first.

Paulo Andrade:

I’ve been dealing with Apple’s App Stores since their inception. Both for my businesses as well as in representation of others. This is pretty much the way it works.


An app we built for a client never got approved due to subjective stuff like “too much marketing and no real value to users” when in our opinion that wasn’t true. Many iterations didn’t help. And since on iOS it’s “App Store or nothing” the project was shelved.

Seth Willits:

QuickPick was released in the Mac App Store in Jan 2011. Less than 60 days later all updates were rejected because it was “confusingly similar” to Launchpad, even though Launchpad came after, and the similarity was that they can look the same in a screenshot.

Steve Troughton-Smith:

I’ve enjoyed the App Store immensely, & built a career out of it. I’ve shipped over a dozen apps since 2008. I’ve also had two apps killed outright by App Review, & plenty more that I just haven’t bothered to make because I know they’ll never be allowed on iOS. This stuff matters

Kyle Howells:

As soon as I got my hands on an iPad for the first time I loved it and instantly had ideas for apps I’d loved to make!

Within minutes I realised there’s no way Apple would allow them on the AppStore and so I never even bother to start them.

Jonathan Deutsch:

When the richest company in the world brainstorms stupid (“brain dead”) ideas to make your app conform to their arbitrary gatekeeping rules, ultimately changing the nature of the app and everything that made it novel, useful, or potentially world-changing.

And yes, they have done this to us too. Of course when we implemented their requirements, we still got rejected.

Tyler Hall:

I haven’t faced quite as much insanity as @RogueAmoeba has, but I do have two short anecdotes to contribute.

Rui Carmo:

Incidentally, the App Store review policies (and the insane developer fees for individual users) are the main reasons that whenever I developed for mobile (back in the day) I did so for Android first, or stuck to web technologies.

Steve Troughton-Smith:

I think it’s safe to say that pretty much every one of us who’s been on the App Store for a while has had to lop off features here or there, or entire apps in some cases, to satisfy App Review. That’s why everybody is so upset — we’ve all been through it, and have the scars

As a developer, it’s very frustrating to have to choose to limit your apps, not making them as good as they could be, because somebody who knows (and cares) nothing about your app or service, or any of that contextual information, decided they want to clip your wings

Until very recently, developer apps were severely constrained on iPad — not because iOS couldn’t support them, but because Apple was so afraid of apps ‘running arbitrary code’ that you weren’t allowed implement basic features like iCloud support

Even today, an iOS app that lets you write and run code is not allowed take up more than 80% of the screen (!) to render the output. I’m not kidding. Some of these limitations are insane, and definitely not fit for such a critically important computing platform


Codeless could have:

- Previewing on iPhones
- ‘Export to Xcode’ to generate Swift and Storyboard files
- Scripting to allow for logic in your designs

None of that got through review. Your iOS device could be more capable.

See also:

Update (2020-06-22): See also: Ben Brooks, Russell Ivanovic (tweet), Howard Oakley, Matt Birchler, Aaron Vegh, Mark Gurman, John Gruber, Release Notes.

Alastair Houghton:

Even those of us outside the App Store were affected by it.

My personal gripe was the way Apple allowed apps with scammy names like “Disk Doctor” into the Mac store (that app was in the top paid list in various places), while banning actual disk utility apps completely.

Kosta Eleftheriou (also: Hacker News):

For the longest time, I’ve been afraid to speak up about my story with App Review, fearing I’d put my popular app at risk. I’ve now decided that being transparent and sharing my experience to help others is worth it, so here it goes[…]

Adam Foot:

I’ve had very similar experiences with Shift Keyboard. Updates were constantly rejected for 8-9 months for the same reason until one day it just got through and I’ve no issues since

Ben Barnett:

I made an app which was almost ready just before Xmas shutdown years ago. Went to submit after Xmas to find unannounced policy change banning a particular (non-deprecated!) API from the store. It’s never been allowed since. No replacement API. That app was dead. So much time lost

European App Store Antitrust Investigation

Will Oremus (tweet):

It’s a function of Apple policy. With some exceptions, the company doesn’t let users pay app makers directly for their apps or digital services. They can only pay Apple, which takes a 30% cut of all revenue and then passes 70% to the developer. (For subscription services, which account for the majority of App Store revenues, that 30% cut drops to 15% after the first year.) To tighten its grip, Apple prohibits the affected apps from even telling users how they can pay their creators directly.

European Commission (via Tom Warren, Hacker News, MacRumors):

The European Commission has opened formal antitrust investigations to assess whether Apple’s rules for app developers on the distribution of apps via the App Store violate EU competition rules. The investigations concern in particular the mandatory use of Apple’s own proprietary in-app purchase system and restrictions on the ability of developers to inform iPhone and iPad users of alternative cheaper purchasing possibilities outside of apps.

The investigations concern the application of these rules to all apps, which compete with Apple’s own apps and services in the European Economic Area (EEA). The investigations follow-up on separate complaints by Spotify and by an e-book/audiobook distributor on the impact of the App Store rules on competition in music streaming and e-books/audiobooks.

Apple (via MacRumors):

Apple today announced the App Store ecosystem supported $519 billion in billings and sales globally in 2019 alone. The new study, conducted by independent economists at Analysis Group, found that the highest value categories were mobile commerce (m-commerce) apps, digital goods and services apps, and in-app advertising. The results encapsulate the full sweep of the dynamic, competitive, and flourishing app economy, which has unleashed a torrent of innovation across 175 countries and revolutionized the way the world learns, works, and connects.

Note that, as it says on the first page, the study was funded by Apple.

Nick Heer:

The key words in the study and the way Apple describes it are “facilitated” and “supported”. That means that dinners ordered through DoorDash, goods bought through the Amazon app, and transactions made through Venmo or WeChat are all estimated in this study as being commerce facilitated by the App Store.

Next, let’s study the commerce facilitated by HTTP. Of course, there’s no way to study the opportunity cost customers and developers have been paying for the App Store being run in this way.

Did you catch that? “Selling physical goods” is, apparently, just another way of monetizing an app. While you might consider apps from DoorDash or Amazon just native front-ends for their business, this study reverses that logic and suggests that the apps’ existence is facilitated by the goods and services sold through them.


It’s disappointing the European Commission is advancing baseless complaints from a handful of companies who simply want a free ride, and don’t want to play by the same rules as everyone else… We don’t think that’s right — we want to maintain a level playing field where anyone with determination and a great idea can succeed.

Manton Reece:

This is the worst, most insulting statement from Apple that I’ve ever seen. Everything in it is backwards.

See also: Ryan Jones, Michael Love.


Update (2020-06-18): Damien Petrilli:

I didn’t know about the Apple statement until you published your article.

So infuriating and arrogant.

Constantin Jacob:

The second quote from Apple on here makes me want to quit developing on this platform all together

Savannah Reising:

It’s in Apple’s best interest to be proactive and tackle the antitrust problem itself rather than waiting for the government to step in. To help Tim Cook get ahead of the scrutiny, we’ve compiled some reasonable suggestions for Apple that don’t require government regulation. The idea here is that Apple would probably want to tackle the problem itself instead of having the government step in to break apart the platform (we’ll dive deeper into that later). We want to see the App Store level the playing field for third-party developers and promote a rich app economy for consumers, and we’re ready to offer our own post-sherlocked wisdom on how to do that.  

Update (2020-06-19): Nick Summers:

Some developers feel differently, though. The Omni Group, the developer behind OmniFocus and a slew of other productivity applications, is generally content with the App Store’s rules and fees.

“It can be a lot of work to adapt one’s business model to work within the App Store,” Ken Case, CEO of the Omni Group told Engadget. “We spent years doing that ourselves! That said, we know that it costs money to build and operate the App Store, and we don’t begrudge giving Apple a share of our revenue to keep that going—so we’ve implemented in-app purchases in all our apps, and we think it’s generally appropriate for other developers to do the same.”

Juli Clover (also: Hacker News):

Antitrust regulators are currently investigating competition in digital marketplaces, focusing on Facebook, Amazon, Google, and Apple.

Microsoft is not involved in the investigation, but Microsoft joined the conversation today when president Brad Smith said at a Politico event (via Bloomberg) that it’s time for regulators to take a look at app stores. Smith was careful not to name Apple or Google, but those are the two companies that have major digital software marketplaces and that are the focus of the investigation.

John Gruber:

I get the strong sense — reading between the lines of Smith’s carefully measured opening public salvo here, and listening to private sources behind the scenes — that this is not just an offhand remark but a sign that Microsoft is strategically positioning itself to push for antitrust regulation here. They have much to gain and nothing to lose — and they have experience, to say the least, with antitrust regulators.

Just mind-boggling on a 25-year time scale that Microsoft and Apple are now on these sides of a serious antitrust controversy.

Update (2020-06-22): Steven Sinofsky:

Much of the DOJ v Microsoft antitrust case was perceived to be about browsers or even “bundling” but in fact it was really about the terms and conditions that came with selling a Windows PC. The regulation that followed was much more about that.


Who was the customer? The OEM or the PC buyer? Ask the person with a broken PC and they almost always thought of this as a Windows problem. They would call Microsoft and through a complex phone tree ended up with Dell’s phone number good for 90 days from purchase. 13/ While Microsoft was paid for Windows, it was from OEM. So OEMs reasoned they could do whatever they want to Windows essentially acting as the customer would. But Microsoft viewed the OEM as a distributor and the end-user was the licensee. Really complicated in a legal sense.

Monday, June 15, 2020


Josh Centers:

There are all sorts of apps that add various capabilities to your Mac’s menu bar, but I’ve stumbled across one that can add literally anything to the menu bar through a plug-in system. It’s called BitBar, and it’s both free and open source. I’ve tested and confirmed that it works in both macOS 10.14 Mojave and 10.15 Catalina.


The beauty of BitBar is that any script that works in Terminal can be a BitBar plug-in. It could be a simple shell script, a Python script, a Ruby script, or even an AppleScript if you put the right hooks in. It also means that you can easily modify all the available plug-ins in any text editor, and you may be able to figure out how to make small changes just by following the script’s example, even if you don’t know the scripting language well. In fact, that’s a common situation.

Fontcase 2.0

Craig Hockenberry:

But we quickly realized that getting custom fonts onto iOS is much harder than on the Mac. There is no Font Book app and our initial research indicated that an Adobe CC subscription was required to download fonts. But even with a subscription, we couldn’t see new fonts in Tot. More research led to font installers on the App Store that were loaded with ads and required a passcode to install a configuration profile.


Apple’s full documentation about configuration profiles is a real eye opener. It’s designed to allow businesses to control the content and settings of their employee’s devices. It can also be abused by a malicious developer to do the exact same thing with your device.


The xFonts source code put my fears to rest because I could see exactly what it was doing with the profile. And while looking at the code, I had some ideas for improvements. […] xFonts is now Fontcase.

John Gruber:

Computer platforms where it was hard or simply impossible to install custom fonts were something Mac users spent the entire decade of the 1990s mercilessly mocking. The balance between “custom fonts are a potential security/privacy issue” and “custom fonts should be easy to install and manage” is just completely out of whack on iOS.

It’s kind of like saying that fonts are potentially dangerous, therefore you must give every font installer root access. I’m more worried about the installer than the font.


Friday, June 12, 2020

How to Improve the App Store

Apple, in an e-mail sent to developers:

We love feedback.

Tell us about your experience managing, marketing and distributing apps for the App Store.

Wil Shipley’s feedback hits most of the big issues. (He doesn’t discuss the guidelines or App Review.)

Here are some more examples of problematic search ads.

Ryan Jones:

1. What is your age?
2. What platforms do you dev for?

It’s weird how pushy Apple is being with augmented reality.

Ryan Jones:

1) No ad extortion on my app name

2) No fee for the first $1M in gross revenue

3) Mandatory, consistent, Apple-designed in-app paywalls

4) Ongoing policing and customer reporting of bad actors. One warning, and then one month suspension of new app sales.


Update (2020-06-22): Here’s a text version of Shipley’s feedback (via Hacker News):

Apple’s biggest competition right now is the web. More and more “apps” are just thin, non-native veneers on top of web sites (cf Zoom, Slack, Steam, etc). The issue for Apple is, why would anyone choose Apple devices if the exact same apps are available on all devices? Apple should be doing everything it can to support good third-party developers that make the real Apple apps that make Apple devices unique, and provide cool Apple-only experiences. But, again, all the developers I know who do this are dying off, because of the App Store’s policies. Even Omni Group had layoffs a couple months ago.

See also: Gus Mueller, Leo Kelion, Nick Heer, Tyler Hall, Stephen Warwick.

Mark Mayo:

Ads in app store search results feel anti-user, anti-developer. Every time I search for an app I’m shocked at the complete garbage that’s camping on the trademark of the app I’m looking for. You expect it from Google/Android, maybe, but not from Apple.

Jason Dunn:

Many iOS software developers are in a difficult place due to Apple's policies. I've never understood why #Apple expects developers to just keep updating an app forever, generating no new revenue. Big software upgrades should be charged for. Apple's policies here are problematic.

Douglas Fischer:

I had 2 apps rejected last year with issues “proved” by Apple attaching screenshots of other apps instead of my apps. They can’t even test the correct app. People who defends Apple review inconsistency really don’t know what they’re talking about.

Guilherme Rambo:

OMG this happened to me as well. One of my releases was rejected because app review wanted to know “how the app uses face data”. The app didn’t, they sent me the rejection for another completely unrelated app.

Mario Zechner:

I had to reneg a licensing contract recently just so an App Store reviewer would fuck off. The reason? I added the word “official” to the app description. Which was covered by the original contract. Which I sent the reviewer. “No, it must be worded like this”. 3 weeks wasted.

Matt Auerbach:

Apple just called and informed our appeal has been rejected. He wasn’t able to give any details. After asking how apps like Slack and Mixpanel work without IAP he said he doesnt know…they are considered a professional db? I asked what defines a prof db, and he hung up on me.

René Fouquet:

The last minor update to App List has been “In Review” for over three weeks now. I already asked for a status update over a week ago, which was answered with “we need more time”. I have now written another Email. It does feel like talking to a concrete wall though.

The official Apple dev forums are full of horror stories with apps that have been “In Review” for MONTHS.

Ryan Jones:

I refund @weatherlineapp and @FlightyApp users from my personal credit card too. Can’t use business card because it breaks accounting.

Certain situations Apple rejects or can’t help, and it’s the only way to make it right for the customer.

Paul Mayne:

At Day One, our solution for App Store refunds (over the past 3 years) has been sending the customer a payment from my personal PayPal account. A 60% loss for us every time.

Daniel Pasco:

I can say, with deepest sincerity, that nothing would make me happier than dedicating every bit of my energy to investing in their platforms, and crafting great user experiences for them.

But I can’t do that it I’ll go broke in the process. And that sucks.

Josh Centers:

People assume those of us criticizing Apple are just whining. No, I’m lamenting what will be the slow decline of an ecosystem so many of us love.

What made Apple great wasn’t just great products but decades of investment in building a developer community. And Apple is bulldozing it.

Timo Perfitt:

here is what other vendors do for me that apple doesn’t

Kevin Vitale:

This perfectly describes my decision to dial back my focus on iOS over a year ago, even at a time when SwiftUI & Combineamp; were finally moving the platform in the direction I wanted for so long. The community is going through a generational shift.


Likewise. I just stopped investing my time in mastering a platform with exactly one demonstrably capricious way to ship a few years ago. And it does suck. I would love nothing more than for Electron/React Native et al to be stupid ideas.

Riccardo Mori:

My problem with the App Store, surprisingly, isn’t the 30% ‘Apple Tax’, but the fact that Apple doesn’t treat all developers equally.

It’s the fact that the rules aren’t enforced consistently. It’s the fact that certain participants are granted privileges.

See also: HEY Rejected From the App Store.

Thursday, June 11, 2020

iCloud Backups Deleted After 180 Days

Adam Engst:

I had no idea that Apple deleted iCloud backups after 180 days, and a quick poll in the TidBITS Slack channel showed that it wasn’t common knowledge among other TidBITS staffers and contributing editors.


It’s not quite as hidden as the plans for demolishing Arthur Dent’s house in The Hitchhiker’s Guide to the Galaxy. But the effect is roughly the same if you were planning on restoring from your iCloud backup, only to discover that Apple had deleted it, with the only warning being in support documents you’ve never read.

Update (2020-06-22): Christina Warren:

I didn’t know about this limit. I really wish Apple would allow users to download their iCloud device backups to a Mac. It could still be fully encrypted but this would be much better for users.


Podcast Apps Removed From Chinese App Store

Mark Gurman (also: Pocket Casts):

Apple Inc. removed podcast apps Pocket Casts and Castro from its App Store in China at the request of the Cyberspace Administration of China, the apps’ developers said this week.

“We believe podcasting is and should remain an open medium, free of government censorship,” Pocket Casts wrote on Twitter. “As such we won’t be censoring podcast content at their request.” The developers said that Apple contacted them on behalf of the Chinese regulator and that the app was removed two days later.

Isn’t it great that the platform vendor controls which apps can exist?


I haven’t been contacted about the Apple-China censorship of podcast apps, but Overcast’s servers have been blocked in China for years, so it already didn’t work.

I’ve never tried to get unblocked.


Discontinuing iBooks Author and iTunes U

Bradley Chambers (tweet):

iBooks Author will no longer be updated, and iTunes U is being discontinued at the end of 2021. iBooks Author will continue to work, but you’ll need to make preparations to transition to Pages in the near future. Much of the functionality from iBooks Author has made its way into Pages over the past few update cycles. This announcement shouldn’t come as much of a surprise as we never saw iBooks Author transition into Apple Books Author or include a native iPad app. Apple will be included an import function in a future version of Pages.

Nick Heer:

I don’t think either one of these announcements is a surprise; these apps have suffered from inattention for years. But Apple’s rocky approach to education needs and lack of clear strategy cannot be confidence-inspiring for schools or teachers who need to decide what technology to use in their classrooms.

David Sparks:

As someone with a lot of experience with iBooks Author and its eBooks, I’ve known this day was coming, and it still makes me just a little sad.


The problem was a failure to iterate. Throughout this process, the iBooks Author app never evolved. Indeed it started to feel creeky and never quite got to the level you’d expect for an app to build books. I’ll always believe there was a significant memory leak (though friends at Apple still argue with me about this). As my books neared completion, every time the app would slow to grind and I’d catch myself saving after changing a single word in fear of crashes.


With my new platform, there are no caps for Field Guide sizes. […] Also, the move allowed me to take complete ownership of my product. Now, if a customer has a problem, I can usually fix it, rather than giving them an Apple email address and praying. The switch to my own store has also been more lucrative. I no longer have to give 30% of every sale to Apple.

See also: Juli Clover, Dan Moren, Michael E. Cohen.


Brilliant Hardware in the Valley of the Software Slump

Craig Mod (tweet):

This sense of a decline in software craft has been building for years, but it wasn’t until Apple released the iPad Magic Keyboard that I felt the pain of this hardware-software gap so acutely.


Apple’s hardware is ever-more refined. While far from flawless, the entire lineup is now (finally) largely free from these “foundational” issues you see in software.3


Between the messiness of Catalina and the almost-but-not-quite-there-ness of iPadOS, what’s most needed now are not splashy masthead features but a reconsideration of the boring nuts and bolts, the paint on the back of the cabinets, the smoothing over of all the bumps and stutters as needed to enable device fluency — and not just a single year of cleaning up the mucky infrastructure of our compute landscape, but a reworking of the internal software culture of companies like Apple to elevate user fluency to first-class rank.

The footnote is for the Touch Bar.


Update (2020-06-22): Nick Heer:

It’s not just two apps — it’s all three.

See also: Marco Arment, Jon Stokes, Jonathan Blow, Adam Engst.

Wednesday, June 10, 2020

Upgrading to a 16-inch MacBook Pro

All I really wanted was an updated version of my 2012 Retina MacBook Pro that was faster and had a larger display (preferably matte).

It’s definitely faster. Here’s how long it takes to build SpamSieve on my different Macs:

MacProcessorBuild Time
MacBook Pro (Retina, 2012)2.6 GHz 4-Core i7144s
MacBook Air (11-inch, 2015)1.6 GHz 2-Core i5160s
iMac (27-inch, 2017)4.2 GHz 4-Core i768s
MacBook Pro (16-inch, 2019)2.3 GHz 8-Core i964s*

The * is because macOS 10.15.3 included a change that increased the time to 67s.

And the display is larger. It’s not, alas, anywhere close to the old 17-inch models, but it is a definite improvement over the 15.4-inch displays, without making the computer any bigger. The new display also has much better color and brightness. Putting the two Macs side-by-side, the difference is striking. (The other surprising thing is that the color of the case is much darker, even though it was described as “silver.”) Unlike the 2012 display, there doesn’t seem to be any image retention. There is, alas, a similar amount of glare.

USB-C charging is a wash. It’s sometimes nice to be able to charge from either side, and I like being able to travel with a compact power adapter. On the other hand, plugging in the USB-C connector is much less pleasant, and I miss the protection of MagSafe.

Most of the rest of the changes are drawbacks for me:


Tuesday, June 9, 2020

ARM Macs to Be Announced at WWDC 2020

Mark Gurman (tweet, Hacker News, MacRumors, AppleInsider):

The company is holding WWDC the week of June 22. Unveiling the initiative, codenamed Kalamata, at the event would give outside developers time to adjust before new Macs roll out in 2021, the people said.


Inside Apple, tests of new Macs with the Arm-based chips have shown sizable improvements over Intel-powered versions, specifically in graphics performance and apps using artificial intelligence, the people said. Apple’s processors are also more power-efficient than Intel’s, which may mean thinner and lighter Mac laptops in the future.


Update (2020-06-11): John Gruber (tweet):

I don’t think the transition from x86 to ARM will be nearly as rocky as the 32-bit to 64-bit transition, but for some apps it will take time.


Will ARM Macs run older x86 software via emulation? Apple shipped a rather amazing emulator in the transition from Motorola 680x0 chips to PowerPC in the 1990s, and again in the 2000s with the PowerPC to Intel transition (Rosetta). There are seemingly no rumors one way or the other regarding emulation for the Intel-to-ARM transition. If I had to bet right now, I’d say no, there will be no x86 emulation on ARM Macs — and that factors into why Apple is pre-announcing this transition months ahead of releasing hardware.


What happens with virtualization software like Parallels and VMware Fusion? The obvious answer is they emulate x86 or they go away. How will that perform? My understanding is that however good the performance of ARM chips is, the instruction set differences make it slow for ARM to emulate x86. This is no little thing — there are a lot of developers whose workflows depend on virtualization software.

Months is not a long time considering how long the Intel transition took and that these days developers are still cleaning up after new versions of macOS six months after WWDC.

See also:

Update (2020-06-22): See also:

AWS Non-Compete Agreement Lawsuit

Todd Bishop (via Corey Quinn, Hacker News):

A lawsuit filed by Amazon against Brian Hall, former Amazon Web Services vice president of product marketing, alleges that his new role at Google Cloud violates the terms of his non-compete agreement with the Seattle company and risks exposing valuable competitive information to one of its biggest rivals.

In a response filed Monday in King County Superior Court in Seattle, lawyers for Hall say Amazon executives repeatedly led him to believe the company would not enforce the non-competition provision of its “boilerplate” confidentiality agreement, in discussions before and after he signed the contract in June 2018.


Update (2020-06-11): See also: Dan Luu, Corey Quinn.

Using Custom Perspectives in OmniFocus

Federico Viticci:

My most used perspective, by far, is a simple one I call ‘Radar’. This perspective presents me with a list of all upcoming tasks across all projects, including those that have a defer date, which I usually don’t see in other perspectives.


The ‘Tags (Combined)’ filter is one of the most powerful aspects of OmniFocus’ perspective engine as it can create dynamic sub-groups based on tags. As you can see above, the visual separation between Club and website-related writing tasks also looks quite nice thanks to emoji. I use the same approach of visually separating tasks in different areas with my ‘Available’ perspective.


The last perspective I’ve put together for the iOS 14 review, called ‘Future’, displays review-related tasks which have a defer date in the future and are not due soon. Thanks to this perspective, I can see all future tasks that are not coming up in the next 24 hours, which helps me get a better sense of things I can worry about later on.


plutil Enhanced in Catalina

Dominik Wagner:

TIL: plutil in catalina also supports objc and swift as output format. So if you want to quickly convert a e.g. json to inline code format, plutil might be the thing for you.

Previously, plutil was mostly useful for validating propery lists and for converting between XML, binary, and JSON representations. Now it can also generate Objective-C and Swift literals. And there are new commands for inserting, replacing, removing, and extracting a value at a particular key path. This seems less powerful than PlistBuddy but with a more standard interface.


Update (2021-01-12): Unfortunately, plutil will crash if you try to set the value of a dictionary key whose first character is a number.

Update (2023-04-27): Rich Trouton:

If you want to read JSON values from a file, you can use the raw option of plutil’s -extract function in some cases to extract values from keys in JSON files.


In cases like this, where you’re dealing with a JSON file with a fairly simple format (without arrays or otherwise nested values), plutil is a good tool which is built into macOS that you can call on to extract the data you need.

Another option is using the plutil tool to write what you need to an XML file, then use plutil’s -convert functionality to turn it into a JSON file. For folks more experienced with using plutil to write XML to a file than they are with writing JSON, this option may help with a lot of use cases.


Monday, June 8, 2020

macOS vs. Dragon Dictation

David Sparks:

Apple is a year in with its voice to text system. I’ve been using it since release, but also continue to use Dragon for Mac which, while no longer supported, continues to work. This video demonstrates the differences and where Apple still has some catching up to do.

See also: Mac Dictation 101.


PHP at 25

Rasmus Lerdorf, in 1995 (via Reddit):

Announcing the Personal Home Page Tools (PHP Tools) version 1.0.

These tools are a set of small tight cgi binaries written in C. They perform a number of functions including:

  • Logging accesses to your pages in your own private log files
  • Real-time viewing of log information
  • Providing a nice interface to this log information
  • Displaying last access information right on your pages


The tools also allow you to implement a guestbook or any other form that needs to write information and display it to users later in about 2 minutes.

Like JavaScript, PHP has gotten a lot better over time, though it also retains many old flaws. The biggest surprise for me is that nothing else has come along that’s as easy to use and deploy. There are multiple templating systems for Python and Ruby, but none ever got integrated to the point where you could use it right out of the box.

Tim Anderson:

The PHP system evolved into one that now drives nearly 80 per cent of websites using server-side programming, according to figures from w3techs.


The Danish-Canadian programmer’s original idea was that developers still wrote the bulk of their web application in C but “just use PHP as the templating language.” However nobody wanted to write C, said Lerdorf, and people “wanted to do everything in the stupid little templating language I had written, all their business logic.”


Obsolete versions of PHP are commonplace all over the internet on the basis that as long as it works, nobody touches it. It has become the language that everyone uses but nobody talks about.

See also: What’s new in PHP 8.0.


Update (2020-06-11): See also: This timeline (via Colin Devroe).

Why TextView Is My SwiftUI Canary

Drew McCormack (tweet):

One of the big questions on my mind is how well the fully declarative approach scales to complex apps. You can already build quite reasonable portal apps for your favorite web service with SwiftUI, which is 90% of the iOS app market, but I am much more interested in the other 10%. Can you build an advanced iOS app or serious macOS app with SwiftUI? Could you develop an app like Keynote or Xcode using SwiftUI?


This process is fast for a few standard views, but there are bigger challenges looming. For example, take a large array of values that you want to present in a List. We encountered some serious performance issues when updating data in such a List, as SwiftUI would attempt to diff thousands of View nodes. You could restructure your UI in order to avoid such large lists, but that is a bit of a cop out, because the technologies SwiftUI is designed to supplant can handle such large lists.

The problem is perhaps even more apparent in a text view. We briefly saw a TextView type appear during the SwiftUI beta in 2019, but it didn’t make the final release.

There’s also no outline view or Mac-style table view.


Update (2020-08-27): Sebastián Benítez:

I heard many other people are having problems with other advanced AppKit controls, such as NSTextView, NSTableView, NSOutlineView. Any non-trivial Mac application is bound to use one of these, so if you were to use them, you either wrap them in a representable + coordinator or go the traditional way and build with SwiftUI around it.

Despite all of this, I have no plans to abandon SwiftUI.

Luc Vandal:

As much as I enjoy SwiftUI, it becomes quickly frustrating by its limitations and having to resort to UI/NSViewRepresentable for trivial things such as making a text field first responder.

SwiftUI is still a few years from being a real alternative to UIKit/AppKit.

Maurice Parker:

SwiftUI List performance on AppKit is very bad. We did a version of our Timeline (the middle view) that used LazyVStack and it was fast. We need List for animations and other things, so hopefully the SwiftUI team gets things tuned on AppKit.

Kyle Howells:

The part of the SwiftUI story I’m waiting for is how to build SwiftUI.


One of the problems of SwiftUI is you’re not building views. The View name is misleading. You’re building a description of something that somehow is turned into views. Completely out of your control.

So you’re completely limited to what the DSL allows you to express. Unlike AppKit/UIKit, you can’t actually BUILD something. You can only pick from a catalog the parts you want and assemble them according to the instructions.

Apple Linker Magic & Swift Runtime

Milen Dzhumerov (tweet):

This article explores how apps link differently against the runtime depending on the deployment target.


How can you link against the same dylib, which has a single install name, but any linked binaries record different dylib install names?


ld64 sources are published by Apple, so we can see how the linker actually works. The code can be found in macho_dylib_file.cpp inside the method File<A>::addSymbol(). It defines the magic format as $ld$ <action> $ <condition> $ <symbol-name>.

Mark Rowe:

The various $ld$ magic symbols are used heavily by Apple’s system frameworks to maintain backwards compatibility while moving symbols between frameworks. If you look at the various .tbd files in the Xcode SDKs you’ll see all sorts of shenanigans along these lines.

Greg Parker:

Example: class NSObject moved from CoreFoundation to libobjc in macOS 10.8. libobjc has $ld$hide symbols for old OS versions (“NSObject is here, but it used to be somewhere else”). CF has $ld$add symbols for old OS versions (“NSObject is elsewhere, but it used to be here”).

Friday, June 5, 2020

Password Manager Resources

Apple (via Apple Developer News, Hacker News):

The Password Manager Resources project exists so creators of password managers can collaborate on resources to make password management better for users. Resources currently consist of data, or “quirks”, as well as code.

“Quirk” is a term from web browser development which refers a website-specific, hard-coded behavior to work around an issue with a website that can’t be fixed in a principled, universal way. In this project, it has the same meaning. Although ideally the industry will work to eliminate the need for all of the quirks in this project, there’s value in customizing behaviors to ensure a better user experience. The current quirks are:

  • Password Rules: Rules to generate compatible passwords with websites’ particular requirements.
  • Websites with Shared Credential Backends: Groups of websites known to use the same credential backend, which can be use to enhance suggested credentials to sign into websites.
  • Change Password URLs: To drive adoption of strong passwords, it’s useful to be able to take users directly to websites’ change password pages.


Acorn 6.6

Gus Mueller:

The main new features are with the Shape Processor. If you’re not already familiar with the shape processor, it’s a neat ability Acorn has to take shapes on vector layers and pipe them through a series of actions, similar to how Automator or Acorn’s bitmap filters work. Only instead of working on pixels, the processors will alter the shapes by scaling them or moving them around, or changing colors or blend modes. There’s even a processor which will generate shapes for you—so if you want your canvas to fill up with hundreds of stars, you can do that.

Acorn 6.6 adds new processors which let you set the stroke, fill, and blend mode of your processed shapes. You can now also flip your shapes and even shift colors.

Bombardier Temperature Correction Bug

Gareth Corfield (via Hacker News):

The bug, discovered on Bombardier CRJ-200 aircraft fitted with Rockwell Collins Aerospace-made flight management systems (FMSes), led to airliners trying to follow certain missed approaches turning right instead of left – or vice versa.


Both companies disagreed with the FAA’s directive when it was in draft format, arguing that a software fix would be easier to accomplish than banning the use of the automatic calculator.


Bugs in flight control software are rare, though not unknown. Most bugs in airliners tend to be unforeseen memory overflows, as both Airbus and Boeing have discovered over the years. A design formerly owned by Bombardier, the Airbus A220 (nee Bombardier C-series) suffered from software-induced problems with its engines last year, while the Boeing 737 was discovered to have a rare bug that completely blanked all cockpit displays if pilots tried to land on one of seven specific runways in the world.

The Origin of Database “Sharding”

Raph Koster (via Em Lazer-Walker):

No, “shards” came about specifically because when we realized we would need to run multiple whole copies of Ultima Online for users to connect to, we needed to come up with a fiction for it. I went off and read a whole mess of stuff about early Ultima lore and tried to come up with a fictional justification. What I ended up with is described here pretty well: that the evil wizard Mondain had attempted to gain control over Sosaria by trapping its essence in a crystal. When the Stranger at the end of Ultima I defeated Mondain and shattered the crystal, the crystal shards each held a refracted copy of Sosaria.


In any case, we called parallel servers “shards” and it became a term used occasionally though not universally as a term of art within the field. […] So, did this database term come from a doc that I dashed off one afternoon in 1996? Umm… I am not sure. Seems like an interesting coincidence, if not.

Wikipedia references an earlier paper about SHARD (System for Highly Available Replicated DAta). I seem to recall reading about that in college, before the term could have jumped from MMOs to the mainstream via Flickr. However, SHARD was about replicating full copies of a database, not partitioning it. So the Ultima theory seems likely.

Update (2020-06-09): See also: Hacker News.

VMware Fusion 11.5.5

Michael Roy:

Fusion 11.5 users can now pull, build, run and push containers as part of a modern development and testing workflow, without needing other tools such as docker desktop installed.


When a container is fired up, we also mount the rootfs up to Host, meaning you can use Finder to browse the container contents! You could open up the running code of your app, make changes in real-time, in a way that feels just like editing any other file on your Mac.

See also: Introducing Project Nautilus.

Thursday, June 4, 2020

Software Engineering Within SpaceX

Yasoob Khalid (via Hacker News):

They talk about the tripple redundancy system and how SpaceX uses the Actor-Judge system. In short there are 3 dual core ARM processors running on custom board (according to elteto). For each decision a “flight string” compares the result from each core on a single processor. If the output matches the command is sent to different controllers. There are 3 processors (with dual cores) so that means each controller/sensor will get three different commands. The controllers then act as the judge and compare the three commands. If all three are in agreement, they carry out the operation. If even a single command is in disagreement, the controller carries out the command from the processor which had previously been sending the correct commands.

As Alfred Spector and David Gifford explain, the Space Shuttle did something similar, only the judge wasn’t a microprocessor:

For the aerosurface actuators, each of the four computers sends out an independent command on an independent bus. With no failures, the commands should be identical. The voting is done at the actuator using a hydraulic voting mechanism, called a force-fight voter. In it, there are four hydraulic ports called secondary ports, each commanded by one of the four GPCs. The secondary ports go into the primary ports, which are heavy-duty actuators that connect to what’s called a “summing bar,” which is no more than a massive steel rod. If there are three good computers and one bad one, the three good commands physically out-muscle the fourth. This limits the control authority a little bit--we don’t get the total force we’d like to get, but there’s still enough power to control the vehicle. If you have a large enough pressure differential for a large enough time, the port is hydraulically bypassed, which relieves the pressure in that one port. The remaining three ports then regain their full authority.


Update (2020-06-09): See also: Reddit AMA.

macOS Calendar Exfiltration

Andy Grant (via Wojciech Reguła):

Per the specification, an event can have URI-specified attachments, but when such an event is exported from Calendar, such as an attachment to an email or sent as a meeting invite, the files are embedded into the resultant ICS file. This makes sense—how else would the receiver get the attachments? However, an attacker can combine this behavior with a little-known specification directive in order to silently exfiltrate files from a user’s machine.


Using SCHEDULE-FORCE-SEND I was able to create an ICS file that described an event wherein my target user was the organizer (required for Calendar to send an invite after import) and I was an attendee, that included one or more attachments by file:// URI, and, when imported into Calendar, immediately sent (in the background) a meeting invite back to me that included the target user’s files embedded inside. The only user interaction required was for the victim to open the event in Calendar—such as by double-clicking it in an email. Or, in other words, a “1-click” file exfiltration.


Some target files would be embedded while others would not. This is due to Calendar being a sandboxed application. Calendar can still access a number of sensitive files though, such as the user’s calendars, contacts, and keychains databases.

It’s mitigated in macOS 10.15.5. I wonder if some of these services will eventually be moved out of process, e.g. so that apps can query the Contacts database without receiving permission to read the database file itself.


Five Years of Rust

Rust Core Team (tweet, Hacker News):

Rust has changed a lot these past five years, so we wanted to reflect back on all of our contributors’ work since the stabilization of the language.


One thing that we haven’t mentioned much is how much Rust’s error messages and diagnostics have improved since 1.0. Looking at older error messages now feels like looking at a different language.

That’s five years since Rust 1.0. It was announced ten years ago, and work started before that. (Swift was announced six years ago and labeled 1.0 a few months later.)


Wednesday, June 3, 2020

Google Chrome Incognito Lawsuit

Tim Hardwick (also: Hacker News):

A proposed class action lawsuit in the U.S. has accused Google of violating federal wiretap laws by tracking the online activities of users when in Incognito mode.

According to Reuters, the class action argues that by surreptitiously collecting information about what people view online and where they browse when they use Chrome’s private browsing mode, Google has been intentionally deceiving customers into believing that they have control over the information they share with the company.

When you open a new incognito tab, Chrome tells you:

Now you can browse privately, and other people who use this device won’t see your activity.


Your activity might still be visible to:

  • Websites you visit
  • Your employer or school
  • Your internet service provider

Not deceptive at all.

Update (2021-03-14): Tim Hardwick:

A judge in California has ruled that Google must face a class action lawsuit alleging that it secretly tracks the online activity of Chrome users even when they’re using the browser in its privacy-oriented Incognito mode (via Bloomberg).

Claquette 2.0


Adds support for importing and converting videos and GIFs

Adds support for iOS device recording


Adds cursor click and drag visualizations for screen recordings

Adds support for creating and managing export presets


Unable to Enable Safari Extensions

Jeff Johnson (tweet):

In macOS 10.15.3, Apple introduced a bug that can prevent you from enabling or disabling Safari extensions. In order to enable or disable an extension, you must click the checkbox next to the extension in the Extensions pane of Safari Preferences. […] When the bug occurs, however, then clicking the checkbox does nothing: the checkbox doesn’t get checked, and the extension doesn’t get enabled either.


I believe that this Safari bug was introduced by Apple in a bungled attempt to prevent extensions from getting enabled via “synthetic clicks.” […] In theory it may be a good idea for Apple to prevent synthetic clicks in this case, but in practice the code that Apple shipped here was buggy and caused more harm than help. Safari incorrectly identifies real user clicks as fake synthetic clicks, preventing users from enabling their installed Safari extensions.


The other issue here is the lack of a visible error message for the user. I found a message buried among thousands of other unrelated messages in Console log, but no normal Safari user will ever see that. There ought to be a warning in the Safari Preferences window. Silent failure is a security failure. If an unauthorized process were in fact trying to secretly enable Safari extensions, shouldn’t the user be made aware of that immediately?

It still happens in macOS 10.15.5.

Rob Griffiths:

Here’s the bug I filed: Safari’s Extensions prefs panel behavior can confuse users

In 10.15, Apple prevents users from enabling Safari extensions if they’re running an app with a full-screen invisible window. But with zero feedback, it just looks broken.

Rudy Richter:

its a constant complaint by users of 1Password that they can’t click it


Update (2020-07-29): Apple (via Jeff Johnson):

Learn what to do if you can’t select the checkbox to turn on a Safari extension.

Update (2020-09-28): Safari 14 adds a visible error message, but as chucker notes:

So that’s new, but not great… it can’t say what “app or service”?

(I tried again and it worked. …what?)


Apple’s Linker & Deterministic Builds

Milen Dzhumerov:

  • Universal deterministic builds require that all paths in artifacts must be repo checkout independent.
  • On Apple platforms, the linker will insert absolute paths to object files in executables.
  • In Xcode 11, Apple added a new linker option, -oso_prefix, that can relativise OSO absolute paths.
  • Another source of non-determinism in object files are the OSO timestamp entries.

Tuesday, June 2, 2020

Exploring Hearing Aid Integration in iOS

Klaus Wirtz:

I learned that besides normal hearing aids, there are “Made for iPhone” (MFi) hearing devices that are directly recognized and controlled by iOS. An Apple support document lists manufacturers and products that have earned the MFi label. Of course, as an Apple user, I had to get an MFi pair. After trying several different devices, I finally settled for a pair of Pure 312 3Nx by Signia. In this article, I describe my experience in setting up and using these devices.

Why doesn’t macOS support these devices?

Clario’s MacKeeper

Howard Oakley:

Several weeks ago, I expressed surprise that MacKeeper had now been notarized. Following discussions with the good folk at Clario who now own and develop this product, and in the spirit of fairness and objectivity, this article looks at the current version of MacKeeper, at what it does, and how it has changed.


The most obvious question is why, under its new ownership, anyone would want to continue selling a product, however good it might be, under a name which to many of us is synonymous with PUP.

It’s a good question. It sure seems suspicious that the notarized installer package is just a shell that downloads an encrypted binary and sends your Mac’s serial number to their server over an unsecured connection. However, I verified that the final .app file that you end up with is notarized.

Alun Baker has explained that Apple wasn’t prepared to let MacKeeper simply undergo its normal notarization checks, and looked thoroughly at historical issues such as Clario’s business associates and marketing methods as well.

What does this mean? I thought we were told that notarization was a purely automated system, not a way of extending App Review outside of the Mac App Store. Baker seems to be saying that Apple wouldn’t notarize the binary without first investigating historical non-code aspects of the business. That’s really scary. But then, if that’s the standard, how did an app with MacKeeper’s history pass? If Apple was concerned about the history, Clario’s argument would have to be that they’ve changed their ways. Regardless of their intentions, Clario would say that they have. Yet that can only be assessed after the app becomes available and we see what they do with it. So what did this extra review accomplish?


Update (2020-06-03): See also this thread with Jeff Johnson.

Update (2021-11-26): Lance Whitney:

The new owner has pulled back on the aggressive marketing schemes and rid itself of dubious affiliates. The software itself received a good grade from AV-Test as well as ISO 27001 certification and notarization from Apple. Assuming the company and product have learned from past mistakes, is it worth giving the suite another shot at this point?

Thomas Reed:

Calling Clario a “new owner” is a bit of a stretch. Look at the C-level execs of Clario, and you’ll notice they were once the C-level execs of Kromtech. Clario is nothing more than a whitewash to cover up the past.

Jeff Johnson:

Ask yourself why any legitimate company would acquire a product with a super scummy reputation. It would be insanity.

BBEdit 13.1

Bare Bones Software:

The Markdown custom language preferences (via Languages -> Language-specific settings) provide control over the default Markdown renderer, used for Preview in BBEdit as well as exporting to HTML.


There’s a new command on the Text menu: “Run Unix Command”. This opens a sheet into which you can enter a Unix command line, and choose where the output goes (either replacing the front document’s selection/contents as a text filter would, or to a new document).

This can be extremely useful for quick (or simple) “one shot” Unix commands that aren’t worth the effort of writing a filter.


Added a new text transformation: “Convert Escape Sequences”. […] This command transforms text by replacing various commonly used character escape sequences with their actual characters[…]


Rebuilding Slack on the Desktop

Mark Christian and Johnny Rodgers, writing last year (also: Hacker News):

Today, after more than half a decade of hyper-growth, Slack is used by millions of people with larger companies working with more data than we ever could have imagined when we first started. Somewhat predictably, a few internal cracks were starting to show in the desktop client’s foundation. Additionally, the technology landscape had shifted away from the tools we chose in late 2012 (jQuery, Signals, and direct DOM manipulation) and toward a paradigm of composable interfaces and clean application abstractions. Despite our best efforts to keep things snappy, it became clear that some fundamental changes would be required to evolve the desktop app and prepare it for the next wave of product development.


However, moving to a multi-workspace architecture was quite the undertaking. We couldn’t expect every function call to pass along a workspace ID, and we couldn’t just set a global variable saying which workspace was currently visible since plenty of things continue to happen behind the scenes regardless of which workspace the user is currently looking at.

The key to our approach ended up being Redux, which we were already using to manage our data model. With a bit of consideration and the help of the redux-thunk library, we were able to model virtually everything as actions or queries on a Redux store, allowing Redux to provide a convenient abstraction layer around the concept of individual workspaces. Each workspace would get its own Redux store with everything living within it — the workspace’s data, information about the client’s connectivity status, the WebSocket we use for real-time updates — you name it. This abstraction created a conceptual container around each workspace without having to house that container in its own Electron process, which was what the legacy client did.

Ben Sandofsky:

Rather than write two separate native apps, Slack has now written a cross-platform app four different times.


Monday, June 1, 2020

Vision Smarts Barcode Scanner SDK (Sponsor)

My thanks to Vision Smarts for sponsoring the blog this week.

The Vision Smarts Barcode Scanner SDK for iOS and Android has been powering high-volume apps in retail, banking, logistics, nutrition, and more, for ten years.

Its proprietary algorithms have been continuously optimized for smartphone and tablet apps that need to read barcodes from all origins and of all sizes, even when they are dirty, faded, bent, damaged, or printed at low resolution.

Vision Smarts

Vision Smarts, an engineer-led company, strives for maximum simplicity and efficiency at every level. The binary library is lightweight with no dependencies, no tracking, no network access. The API is just one method, and the SDK includes the source code of the demo app to get you up and running fast. Licensing and pricing are straightforward: a flat annual fee per app, no gotchas.

A showcase app is available on the App Store and Google Play. Please try it on the hardest barcodes you can find and let its developers know what you think!

macOS 10.15.5 Supplemental Update

Juli Clover (also: Mr. Macintosh, Hacker News):

According to the security notes for the update, it addresses a security flaw that could allow an application to execute arbitrary code with kernel privileges.

This is the same vulnerability that has been addressed in today’s iOS 13.5.1, tvOS 13.4.6, and watchOS 6.2.6 updates, and it allowed for the unc0ver jailbreak that allegedly works on all versions of iOS, including iOS 13.5.

It’s also patched for macOS 10.13 but not for 10.14, which supports the theory that this was an old bug that got fixed in iOS 12 and macOS 10.14 and then came back.

Luca Moro (via Jeff Johnson):

During late 2018, we published the details about a XNU kernel vulnerability that we dubbed lightspeed. This vulnerability started as a racy UaF in the syscall lio_listio that allows the liberation of a kernel object twice. You can read all the details about it in our post.

This vulnerability was patched early in iOS 12 and 11.4.1 was the last vulnerable iOS version.


In the blogpost we explained that, while the issue was fixed, a memory leak was introduced, and it was now possible to force the kernel to panic.

The APFS bug from macOS 10.15.5 does not seem to be fixed, but Carbon Copy Cloner has found a workaround.


Apple Mail Randomly Becomes the Frontmost Application

Philipp Defner (also: Hacker News):

Since macOS 10.12 there’s a bug in Apple Mail that causes it to randomly become the frontmost application. If you are in full screen mode — like when you are giving a talk or watching a movie — it opens itself up in split view mode where it takes up half the screen while your other main window is being resized.


After some research it became clear that it’s related to Gmail and I’m not exactly the only one[…]

As a developer of a Mail plug-in, I’ve been hearing about this for years. People assume it must be caused by third-party software, but in fact it can occur with a clean macOS installation. I’m not sure that it’s limited to Gmail accounts. It may just affect more Gmail users because (a) there are a lot of Gmail users, and (b) Gmail’s IMAP implementation is particularly unreliable, often unavailable for short periods of time.


It seems to happen because of improper error handling. If you look closely at the app in the instant it opens, your affected account will have a “disconnected” symbol next to it in the sidebar. However, it goes away before an error can be shown.

My theory is: there is a momentary connection issue with these G Suite accounts, and starts to show an error by focusing itself, but the error is resolved so quickly it doesn’t actually get to show the “connection problems” modal.


In my experience, if you always hide the Mail window (cmd-h) instead of closing it (cmd-w), it won’t ever pop back up. Takes a while to retrain the muscle memory though!

Update (2020-06-02): mkalina:

Not only with Gmail. Same happens with O365/Exchange, too.


Peter Steinberger (tweet):

InterposeKit is a modern library to swizzle elegantly in Swift. It is well-documented, tested, written in “pure” Swift 5.2 and works on @objc dynamic Swift functions or Objective-C instance methods. The Inspiration for InterposeKit was a race condition in Mac Catalyst, which required tricky swizzling to fix, I also wrote up implementation thoughts on my blog.

Instead of adding new methods and exchanging implementations based on method_exchangeImplementations, this library replaces the implementation directly using class_replaceMethod. This avoids some of the usual problems with swizzling.

You can call the original implementation and add code before, instead or after a method call.

Peter Steinberger:

imp_implementationWithBlock has no way to undo or deregister the IMP; so once you submitted a block that captures state, you have a permanent memory leak? Oh well.

Sign in With Apple Vulnerability

Bhavuk Jain (via MacRumors, Hacker News):

In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.

For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program.


I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid. This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account.

See also:


Unhelpful Amazon Order Confirmation E-mails

Paul Rosania:

Amazon order confirmations and shipment notifications no longer include any item details. I could not for the life of me figure out why they would do this. They’re not scored on MAUs, they don’t need me to click through. Then I realized: is it so Google can’t see my order data?

I’ve been wondering about this for a while. It’s really annoying not to be able to search one’s own order history. I end up printing each order confirmation Web page to PDF.

Andrew Chen:

my guess- it’s not for google, but bc there’s email analytics cos that estimate sales of individual products based on parsing emails

At Uber, we used parsed competitor receipt data to estimate for instance, airport mkt share %, short trips mkt share etc


Update (2020-06-02): John Gruber:

One reason this change was merely a low-grade annoyance for me, personally, is that I allow the Amazon iPhone app to send me notifications, and these notifications include shipping updates and delivery confirmation. […] And Amazon’s website and app continue to have a nicely searchable archive of your entire order history — mine goes back to the Clinton administration, which feels like another epoch. But it was nice having your own searchable archive of purchased items right in your email.

Stephen Swift:

You can also export your Amazon order history as CSV.

Update (2020-06-09): Matt Henderson:

This is annoying for me, because I always create an OmniFocus “Waiting for…” task attached to the Amazon confirmation emails. Now that the emails don’t include the order details, I can’t do that any longer. So annoying.