Archive for July 2020

Thursday, July 30, 2020 [Tweets] [Favorites]

Speculation in JavaScriptCore

Filip Pizlo:

This post is all about speculative compilation, or just speculation for short, in the context of the JavaScriptCore virtual machine. Speculative compilation is ideal for making dynamic languages, or any language with enough dynamic features, run faster. In this post, we will look at speculation for JavaScript. Historically, this technique or closely related variants has been applied successfully to Smalltalk, Self, Java, .NET, Python, and Ruby, among others. Starting in the 90’s, intense benchmark-driven competition between many Java implementations helped to create an understanding of how to build speculative compilers for languages with small amounts of dynamism. Despite being a lot more dynamic than Java, the JavaScript performance war that started in the naughts has generally favored increasingly aggressive applications of the same speculative compilation tricks that worked great for Java. It seems like speculation can be applied to any language implementation that uses runtime checks that are hard to reason about statically.

Previously:

macintosh.js

Felix Rieseberg:

This is Mac OS 8, running in an Electron app pretending to be a 1991 Macintosh Quadra. Yes, it's the full thing.

Via Dan Moren:

I fired it up to take it for a spin and it worked pretty well, though I did run into some bugs with scrolling (the scroll box doesn’t really move, though you can scroll down). It’s been pre-loaded with some games and demos, which Rieseberg apparently sourced from a Macworld Demo CD.

It’s even got Netscape, although the Internet connection doesn’t work.

Previously:

Keeping Dropbox

David Sparks:

iCloud Drive and sharing have not failed me. On the contrary, they have worked better than I expected.

[…]

The trouble is those instances where I am not in control. For example, I have many clients who have never heard of iCloud Drive and do not own Macs. They have, however, all heard of and installed Dropbox. When you work in a service industry, adopting a technology that requires your clients to change their technology never works.

[…]

I did not install the Dropbox app on my laptop but instead use their web interface when I need to access my Dropbox storage. It cuts me out of a lot of automation, and it is generally slower, but I can avoid its intrusive install this way.

Bradley Chambers:

I love iCloud Drive, and I’ve been using it as my primary file storage method for a couple of years at this point. […] The only thing I am not using is the legacy shared folders I have in Dropbox. My biggest complaint about iCloud Drive is that the deleted file restoration pales in comparison to Dropbox.

Previously:

Exposure Notification Update

Howard Oakley (Hacker News):

According to figures obtained by the BBC, of the 83 million people in Germany, only around 16 million have downloaded this app since it launched in June. That’s less than 20% of the whole population, and probably around a quarter of all smartphone users. Its adoption has been far below the percentages envisaged by those modelling the benefits of such apps, which normally start to become significant once adoption exceeds 50% and rises towards 80%.

Because the German app has respected data privacy, Public Health authorities have gained almost no information about Covid-19 outbreaks from the app. They know that about 500 users of the app have tested positive – that’s an insignificant proportion – and no one can find out how many contacts have been successfully traced as a result. There is also no record of how many exposures resulted in false alarms, nor of missed diagnoses. There are similar problems with Switzerland’s app, and a lack of data for Ireland’s too.

Adoption of smartphone contact tracing apps has also been very poor in Japan (6% of the population), Italy (7%), and France (3%). To date, no national smartphone contact tracing app has been demonstrated to have had any significant benefit in controlling outbreaks, or significantly reducing the incidence of Covid-19. Only draconian access to personal data, as used in South Korea, seems to have brought any positive results.

Joe Wituschek:

Despite its quick turnaround in creating the technology, barely any states in the United States are planning on adopting Apple and Google’s Exposure Notification technology.

[…]

Oklahoma, Alabama, South Carolina and Virginia are the only states signed on to build their apps with the technology.

[…]

Almost a quarter of states currently have no plans to build a digital solution to help assist in the effort.

See also: Nick Heer.

Previously:

Wednesday, July 29, 2020 [Tweets] [Favorites]

Dropbox Dark Pattern

Nick Heer:

While the biggest tech CEOs testifying before some of the dumbest people are stymied by WebEx problems, I want to direct your attention to this Dropbox screen. Would you assume that both of these buttons are tappable?

Tyler Hall:

No way that button would fly without a name brand company behind it.

Previously:

Update (2020-07-30): Dropbox says this was an unintentional result of a bug related to iOS 14.

Tim Cook’s App Store Testimony

Juli Clover (also: 1, 2):

Apple CEO Tim Cook is today participating in an antitrust hearing with the U.S. House Judiciary Antitrust Subcommittee alongside Alphabet/Google CEO Sundar Pichai, Amazon CEO Jeff Bezos, and Facebook CEO Mark Zuckerberg.

[…]

Cook is expected to be grilled about Apple’s App Store policies in regard to app rejection and competition, disputes with the FBI over encryption and law enforcement access to locked devices, Apple’s relationship with China, and its App Store fees and subscription policies.

Cook was initially reluctant to participate in the hearing because he does not believe Apple should be grouped with Facebook, Amazon, and Google as an antitrust violator, but he was not able to avoid testifying after a threat of a subpoena from subcommittee chairman David Cicilline, who publicly criticized Apple’s App Store fees.

Tim Cook (text, also: Mark Gurman, tweet):

When the App Store was created, the prevailing distribution options available to software developers at the time did not work well. Brick-and-mortar stores charged high fees and had limited reach. Physical media like CDs had to be shipped and were hard to update.

[…]

The App Store guidelines ensure a high-quality, reliable and secure user experience. They are transparent and applied equally to developers of all sizes and in all categories.

It’s sad to see Cook shred his credibility like this.

For the vast majority of apps on the App Store, developers keep 100% of the money they make. The only apps that are subject to a commission are those where the developer acquires a customer on an Apple device and where the features or services would be experienced and consumed on an Apple device.

I’m not sure what point this is trying to make. Are we supposed to be happy that Facebook pays nothing, while privacy-respecting apps that are exclusive to iOS pay 30%? Does it make sense that gym classes need to start paying Apple 30% because they now must be conducted remotely due to the pandemic? How does Apple giving the high-profile ClassPass a reprieve until the end of the year accord with the earlier statement about everyone being treated equally?

In the more than a decade since the App Store debuted, we have never raised the commission or added a single fee. In fact, we have reduced them for subscriptions and exempted additional categories of apps.

They added a de facto fee for search ads; if you don’t pay it, when someone searches for your app it won’t appear at the top of the list even if it’s the best match. They also changed the unwritten rules so that e-mail apps (as well as other categories) now have to offer IAP (and, thus, pay more fees). It also used to be allowed to sell e-books within an app’s Web view.

Ben Thompson:

Notable to see Apple confirming a point I’ve been trying to make: the company believes it is entitled to all commerce that happens on an iPhone.

Michael Love:

No new arguments, just the same tired comparison to physical retail + reminder that most apps pay nothing because this particular Apple Defending 30% Statement is a Most Apps Pay Nothing Statement rather than an Everybody Should Pay Their Share Statement.

John Gruber (Hacker News):

Take for example the Netflix Rule — the “reader apps” exception that allows Netflix (to name the most conspicuous example) to offer an iOS app that does not use Apple’s in-app purchase system.

[…]

It is prima facie wrong that one of the rules is that an app is not allowed to explain the rules.

[…]

No mention here of Steve Jobs’s statement, announcing the App Store in 2008: “We don’t intend to make any money off the App Store. We’re basically giving all the money to the developers and the 30 percent that pays for running the store, that’ll be great.”

[…]

The analogy to a “quality department store” holds as much water as a sieve. The App Store is analogous only to something like Amazon, an everything store, with apps ranging from premium products to abject junk.

[…]

Talking about brick-and-mortar software distribution without even mentioning direct downloads and sales over the web is flat-out dishonest, and clearly the most disappointing aspect of Cook’s prepared testimony.

Rob Pegoraro:

Apple CEO Tim Cook comes closest to offering outright alternative facts to Congress in a defense of the company’s App Store that essentially erases the history of online distribution before the 2008 debut of the App Store.

[…]

Installing apps on early handheld organizers was not so easy, requiring a download to a computer and then a transfer to the gadget. But by the mid 2000s, Palm OS handhelds and smartphones hosted a thriving market for third-party software.

Brent Simmons (tweet):

If I make and distribute toothpaste, I can offer the exact same product via Kroger, Safeway, and Albertson’s — and I could sell it from my own website and via Amazon.

That’s a lot of choices I have for selling my product.

But if I write an iOS app, I can sell it via the App Store and through no other method.

[…]

And they haven’t realized that current App Store policies actually hurt the situation: we don’t have the quantity and quality of apps we should have. Which hurts that very ecosystem.

David Heinemeier Hansson:

Apple is unlike any other platform when it comes to the North American market for premium services like HEY. As of today, 90% of everyone who pays for our service uses at least one Apple device. 3/4 of all paying customers have the iOS HEY app that Apple was threatening to evict installed on their phone.

Apple isn’t just a dominant player in this market, they are the market.

[…]

Apple controls who can and cannot compete in virtually all sectors of the digital economy through the monopoly power they wield capriciously with the App Store. It is simply not possible to even get the chance to take on the likes of Google, Microsoft, and Verizon with a new email service without begging Apple for permission to do so.

Zac Cohan:

I would argue a heathy indie population does more for Apple than the sliver of service revenue we contribute to the balance sheet. We cater to niches and sometimes invent new things. In fact, according to an Xcode engineer, the design of Swift Playgrounds was based on Soulver.

[…]

Better yet, how about a model where App Store revenue is derived from the apps that use the most resources? Like, does Soulver (a paid upfront app) really need to subsidise Facebook’s free apps like Instagram & Messenger?

See also: this quote about using the App Store to strong-arm Random House into supporting the iBooks Store.

Previously:

Update (2020-08-03): Ben Thompson:

It’s so funny how Apple has adopted this “The Internet doesn’t exist as a distribution channel” approach to its App Store rhetoric.

The App Store was revolutionary, particularly in the way it made users feel safe, relative to the Internet, which existed. It’s ok to admit that!

Jim Rea:

I’ve been selling Mac software since 1984. Brick and mortar has never been a big player. In the 80’s/90’s it was mostly mail order, late 90’s transitioned to online, which our business still uses. Mac App Store was a flop for us, fortunately online is still strong.

Josh Centers:

Something that should be asked at the hearing, but won’t: why does Apple let some companies blatantly violate App Store rules? For instance, why is Youtube allowed to break background audio and resell that feature as a subscription?

See also: Ben Thompson.

Mark Gurman (article, Reddit):

Now we know how Apple convinced Amazon to finally put Prime Video on the App Store in 2017: Apple agreed to only take 15% of revenue from Prime Video subscriptions made on iOS, versus the 30% they were taking from others.

Juli Clover:

When asked about the inconsistency over the approval of the [Hey] app and the subsequent controversy, Cook didn’t have much to say other than pointing out that the issue was resolved and that the App Store provides a lot of value for developers.

Benjamin Mayo:

Having Tim Cook say that everyone is treated equally when it is clearly not the case is not a good look.

Michael Margolis:

In 2008 we were contracted to build an app

Apple held it up for 9+ mo over CC payments

Meanwhile, ComiXology was released and was allowed to do the same thing

In 2011 they was the #1 grossing app in the App Store

[…]

We were just contractors building it but It was heart breaking watching Apple give ever-changing reasons to deny the app which imo led to the failure of the company. Hard to build a business when everything is made up and the points don’t matter.

Matt Deatherage:

The App Store upheaval is a nightmare of Apple’s own creation. The concept of a “curated” store got kicked to the curb when addictive games like Candy Crush started bringing in $50 million per month.

[…]

Tim Cook testified that all developers are created equal, but anyone paying attention knows that’s false.

Tim Bray:

The key sticking point remains that the App Store is the only distribution channel for iOS. It is an officially designated, formally recognized monopoly.

If there were a Plan B for developers, then Apple would be able to prove that the value added by the App Store justifies the 30% Apple cut. But there isn’t.

Steve Troughton-Smith:

At least one of the elephants in the room: Apple already has a longstanding platform where the App Store is optional — the Mac — and very few of the developers you care about are present in its App Store, because the terms just aren’t good enough.

Nilay Patel:

Neguse to ask Cook about the App Store. Does Apple have to operate by the same rules as developers? Yes, says Cook. Neguse asks why Apple gets to submit clones of apps when the rules specifically prohibit that for others. Cook is “not familiar with that.” Woof.

Guilherme Rambo:

There’s no other word to describe this other than lie. Just look at how many of their apps in the AppStore have private entitlements and use private API. The Clips app doesn’t even ask you for camera permission, it gets it by default

Flux:

In 2009 we first approached Apple to get f.lux on iPhones. Years of promises of API access. The last conversation we had with them was “that’s too weird for most of our users. Like the Klingon keyboard.” Then, they announced their clone onstage, Macworld 2016.

Hartley Charlton (also: Nilay Patel):

Originally, Kindle books were available for purchase via the iOS app. Since 2011, the Kindle iOS app has only allowed users to read books in the app.

[…]

Phil Schiller expressed concern in one of the emails that Amazon was advertising the fact that users could still access Kindle books purchased on iOS on Android devices, suggesting it was convenient to switch from iOS to Android.

Schiller explained that Apple initially made an exception for Amazon[…] Over time, as sales of iOS devices rose dramatically, Schiller believed that it was time to reconsider the exception. […] Amazon later removed a link to the Kindle Store in the iOS app to comply with the new App Store subscription rules.

The Proton Team:

We have come to believe Apple has created a dangerous new normal allowing it to abuse its monopoly power through punitive fees and censorship that stifles technological progress, creative freedom, and human rights.

See also: The Talk Show, Accidental Tech Podcast, the evidence presented to the House Judiciary Committee.

Tuesday, July 28, 2020 [Tweets] [Favorites]

Schiller Interview Before the App Store Hearing

Stephen Nellis (via MacRumors):

But when the App Store launched in 2008 with 500 apps, Apple executives viewed it as an experiment in offering a compellingly low commission rate to attract developers, Philip W. Schiller, Apple’s senior vice president of worldwide marketing and top executive for the App Store, told Reuters in an interview.

“One of the things we came up with is, we’re going to treat all apps in the App Store the same - one set of rules for everybody, no special deals, no special terms, no special code, everything applies to all developers the same. […]” Schiller said.

Repeating this doesn’t make it so. It was a high rate compared with the alternatives at the time, and there most definitely are different rules, different ways of enforcing the rules, and special deals.

Previously:

Update (2020-07-30): See also: Nick Heer.

MarsEdit 4.4

MarsEdit 4.4 now supports Micro.blog and can search the values of custom fields. However, there seems to be a regression that causes the app to beachball for 30 seconds each time I publish a post.

Update (2020-08-03): The performance regression is fixed in MarsEdit 4.4.2.

Red Sweater:

In January, 2020, Google stopped allowing MarsEdit customers to authenticate with the [Blogger] service, because MarsEdit is not a “verified” app. The guidelines for making MarsEdit comply with Google’s requirements are rigorous, and there is no guarantee that MarsEdit would continue to be supported for the long term. We decided to to end support for the service rather than invest any more effort into what would be, at best, a lackluster user experience with the lack of photo-uploading support.

macOS 10.15.6 Bug Causes Crashes With Virtualization

Hartley Charlton (tweet):

Users of virtualization software have reported that macOS 10.15.6 crashes repeatedly when running virtual machines.

A regression in the App Sandbox component of macOS 10.15.6 is reportedly leaking kernel memory, causing macOS to crash. The purpose of an App Sandbox is to provide protection to system resources and limit an app’s access to resources, such as memory.

VMware engineers have today diagnosed the issue and filed a “comprehensive” report with Apple, including a minimal reproduction case which should allow them to easily identify and address the issue.

It apparently also affects VMware on Big Sur, but not Parallels.

Jeff Johnson:

This is the problem with Apple now. Not the major updates, which were always buggy, but the minor updates. There’s never a “stable” version anymore. Not even 9 months later. “Bug fix” updates are just as likely to introduce new bugs.

Previously:

Steve Wozniak Sues YouTube Over Bitcoin Scams

Monica Chin:

According to the lawsuit, filed in the Superior Court of the State of California, crooks have been posting videos on the platform claiming that Wozniak is hosting a bitcoin promotion. They convince users that if they send bitcoin to a provided address, “Wozniak” will return double the amount.

[…]

The plaintiffs, which include Wozniak and 17 other individuals, allege that YouTube is aware of these scams but has nonetheless not taken the videos down.

Via John Gruber:

They won’t stop these scams, but if you upload a video with a copyrighted song they’ll have it down in about a minute.

Quinn Nelson:

YouTube’s copyright system is so broken and so stupid. It has no respect for Fair Use and permits ludicrous claims from alleged copyright holders without punishment for abuse. It discourages creators from attempting to create transformative and educational art from prior works.

[…]

I get why YouTube has to create a copyright system; however, real DMCA claims require that they be done in good faith under penalty of perjury. YouTube’s system has ZERO punishment for false claims and only serves to benefit YouTube itself and huge media conglomerates.

Christina Warren:

I’ve had people try to claim copyright on Microsoft videos on Microsoft’s YouTube channel as their own — people who are in no way connected to Microsoft. And then I’ve had to FIGHT YouTube to get the claims of people that literally ripped my channels videos dismissed.

Previously:

New EU Regulations for App Stores

Seth Barton:

The rules, which you can see here in full if you’re happy to fight through them, or as discussed here by the EGDF’s Jari-Pekka Kaleva on GI.Biz, cover a wide range of ongoing issues that developers have with stores.

Platforms will have to provide 30 days notice to publishers before removing content from stores, allowing them time to appeal or make changes to their software. So no immediate and opaque bans (article 4).

The regulations (in article 5) will force stores to be more transparent in how their ranking systems work, letting publishers understand how ‘trending’ apps are being chosen for instance.

Geoff Keating:

The 30 day period is for the termination of “all services” (deleting the developer’s account). Removal (“restrict or suspend”) from the App Store can be done immediately, so long as reasons are provided.

Steve Troughton-Smith:

Apple needs to disclose any preferential treatment it gives to big developers & publishers

Apple must have an external mediator for disputes that can’t be resolved by App Review

David Barnard:

Ranking transparency will likely give more ammo to black hat ASO than it does conscientious developers.

[…]

If Apple weren’t pushing so hard on revenue and could’ve better policed themselves, I don’t think they would’ve invited this mixed [bag] of regulation from the EU.

Previously:

Monday, July 27, 2020 [Tweets] [Favorites]

64-bit ScanSnap Manager for Older Scanners

Dave Kitabjian:

Fujitsu announced it wouldn’t support Catalina well over a year ago, and many ScanSnap owners have already gone through the Five Stages of Grief and resolved to buy either a new scanner or one of the third-party software solutions I previously mentioned. In all likelihood, many have already done so.

One possible explanation is that the series of TidBITS articles on this topic and those from elsewhere on the Web may have resulted in enough negative press to get Fujitsu’s attention.

But another factor may have weighed more heavily in the decision. Lots of people have been complaining about ScanSnap Home, the 64-bit software that replaced ScanSnap Manager. Complaints center around its lack of features in comparison to the older ScanSnap Manager. Fujitsu has been saying that it would gradually update ScanSnap Home with the features that people missed from ScanSnap Manager. Perhaps that effort was later determined to be greater than just porting ScanSnap Manager to 64-bit.

[…]

Interestingly, a TidBITS reader found that ScanSnap Manager V7 worked with his older ScanSnap S300M though it’s not listed as being compatible. So it’s worth giving the new ScanSnap Manager a try even if your older ScanSnap scanner isn’t explicitly included in the compatibility list.

See also: ExactScan Might Be the ScanSnap Replacement You Need.

Previously:

Hopper for Apple Silicon and Big Sur

Vincent Bénony:

Today, I’m happy to announce that Hopper will fully support macOS Big Sur and Apple Silicon CPU!

macOS Big Sur changes a lot of things under the hood. For instance, there is a new way of referencing Objective-C selectors in the executable metadata which forces me to rewrite a lot of things. Also, the system frameworks are not stored in the same way as before, but rather in a shared cache almost like iOS. Some of these changes are now handled by Hopper but not all of them yet. I expect to release an update of the current version which includes the handling of these modifications.

Previously:

Logitech Folio Touch Keyboard Case

Juli Clover:

Logitech today announced the launch of the Logitech Folio Touch, a new keyboard case with trackpad designed for the 11-inch iPad Pro models released in 2018 and 2020.

It’s $160 vs. $350/$300 for the Magic Keyboard for iPad. The design is more like the Combo Touch: it doesn’t have the rigidity of Apple’s solution, but the keyboard can fold behind the iPad.

Previously:

USB-C Is Still a Mess

Robert Triggs (via Hacker News):

Moving phones between different chargers, even of the same current and voltage ratings, often won’t produce the same charging speeds. Furthermore, picking a third party USB-C cable to replace the often all too short in-box cable can result in losing fast charging capabilities. As can opting for a third-party USB-C power adapter that supports Qualcomm’s Quick Charge or USB Power Delivery rather than one of the numerous proprietary standards.

[…]

The USB data naming scheme is undoubtedly a mess. This table below will hopefully help to sort out what each specification offers you.

[…]

Unfortunately, the USB-C ecosystem is more, not less convoluted in 2020 than it was when I first looked at this issue back in 2018. The announcement of USB 3.2 and USB 4 makes the standard more complex without giving the end-user clear information about what’s supported. While the growth in USB Power Delivery support is a good sign, the introduction of PPS has already hampered any hopes that the industry might soon coalesce around a single charging standard.

My pet peeve has long been that no matter how many newer devices you have with USB-C, you still end up with a mess of cables and adapters because the hubs are still USB-A. Each device needs a different cable depending on whether you’re plugging into your hub or your laptop.

Reader Robert Horrion has finally found a somewhat reasonably priced hub that actually increases the number of USB-C ports, the Sitecom CN-386. For $53 plus $11 shipping (Amazon ships it from the UK.) you can turn 1 USB-C port into 3 and add power delivery.

Unfortunately, the reviews aren’t great—3/5 stars in both the US and German stores, with purchasers complaining of glitches with Mojave and Catalina.

Previously:

Update (2020-07-29): coachmike66:

To accentuate the mess: the USB-C cable that Apple includes with your fancy new $3000+ MacBook Pro. Think you’re gonna use that with Migration Asst. (which prompts you during setup)…?

NOPE! That USB-C cable is USB2, and thus incapable of MA (which Apple obfuscates very well).

E-Verify’s “SSN Lock” Is Nothing of the Sort

Brian Krebs:

One of the most-read advice columns on this site is a 2018 piece called “Plant Your Flag, Mark Your Territory,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number — which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online.

A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security’s myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.

[…]

Imagine my surprise when I was able to create a separate account as me with just a different email address (once again, the correct answers to all of the KBA questions was “none of the above”). Upon logging in, I noticed my SSN was indeed locked within E-Verify. So I chose to unlock it.

Did the system ask any of the challenge questions it had me create previously? Nope. It just reported that my SSN was now unlocked.

Previously:

Thursday, July 23, 2020 [Tweets] [Favorites]

“No-Logging” VPN Providers

Craig Silverman (tweet, also: Nick Heer):

Sensor Tower, a popular analytics platform for tech developers and investors, has been secretly collecting data from millions of people who have installed popular VPN and ad-blocking apps for Android and iOS, a BuzzFeed News investigation has found. These apps, which don’t disclose their connection to the company or reveal that they feed user data to Sensor Tower’s products, have more than 35 million downloads.

Paul Bischoff (via Hacker News):

Hong Kong-based VPN provider UFO VPN exposed a database of user logs and API access records on the web without a password or any other authentication required to access it. The exposed information includes plain text passwords and information that could be used to identify VPN users and track their online activity.

[…]

More than two weeks after we sent a disclosure to UFO VPN, the company shut down the database and responded by email[…]

“We don’t collect any information for registering,” the spokesperson said. “In this server, all the collected information is anonymous and only be used for analyzing the user’s network performance & problems to improve service quality. So far, no information has been leaked.” [sic]

But based on some sample data, we do not believe this data to be anonymous.

Shaun Nichols:

A string of “zero logging” VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet.

[…]

A few days later, on July 5, the data silo was separately discovered by Noam Rotem’s team at VPNmentor, and it became clear the security blunder went well beyond UFO. It appears seven Hong-Kong-based VPN providers – UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN – all share a common entity, which provides a white-labelled VPN service.

And they were all leaking data onto the internet from that unsecured Elasticsearch cluster, VPNmentor reported.

Via Nick Heer:

There is nothing inherently wrong with white labelled goods and services, but I do think their use is inadequately disclosed. It is detrimental to our understanding of what we are buying and makes it hard to compare different products.

Previously:

Programming Job Interviews

Chris Parnin and Matt Shipman (via Hacker News, 2, 3):

A new study from North Carolina State University and Microsoft finds that the technical interviews currently used in hiring for many software engineering positions test whether a job candidate has performance anxiety rather than whether the candidate is competent at coding.

[…]

Half of the study participants were given a conventional technical interview, with an interviewer looking on. The other half of the participants were asked to solve their problem on a whiteboard in a private room. The private interviews did not require study participants to explain their solutions aloud, and had no interviewers looking over their shoulders.

[…]

“But the format may also serve as a barrier to entire classes of candidates. For example, in our study, all of the women who took the public interview failed, while all of the women who took the private interview passed.

CobrastanJorji:

I conducted a couple hundred interviews for my first FAANG employer, and I was constantly amazed at the percentage of candidates with years of Microsoft or Facebook experience on the resumes who apparently did not know how to program. I always thought, ‘huh, guess I know why they quit after 3 years, amazing that they all lasted this long.”

Then I interviewed for another company and utterly bombed. It became suddenly clear to me that I had been an idiot. Of course nearly all of those candidates were perfectly good programmers.

Joel Spolsky:

Those 200 resumes you got from Craigslist? Those consist of the one guy who happened to be good, but he’s only applying for a job because his wife wants to be nearer to her family, and the usual floating population of 199 people who apply for every single job and are qualified for none. And now you think you’re being “super selective” but you’re not, it’s just a statistical fallacy.

Somehow this classic hypothetical spread, and people got the idea that the majority of working programmers can’t actually program at all.

See also:

Polymorphic Interfaces

Swift by Sundell (tweet, Reddit):

Dave Abrahams joins John to talk about Protocol-Oriented Programming and how to make the most out of the Swift Standard Library. Also, discussions on Swift’s overall design, why it puts such a strong emphasis on value types and protocols, and how it’s been influenced by other languages.

I recommend this episode from April.

See also: What are similarities and differences between C++ and Swift?.

Previously:

Wednesday, July 22, 2020 [Tweets] [Favorites]

Another Apple-Funded App Store Study

Juli Clover (Slashdot, Hacker News):

As Apple CEO Tim Cook gears up to testify in an App Store antitrust hearing before the House Judiciary Committee next week, Apple has commissioned a study from Analysis Group [PDF] that’s designed to demonstrate how similar Apple’s App Store fees and practices are to those of other digital marketplaces like the Amazon Appstore and the Google Play app.

Not mentioned anywhere in the study: Stripe, PayPal, Paddle, FastSpring, etc. Apple would rather compare itself to brick-and-mortar stores and Ticketmaster than the various online software channels that have been available since the mid-1990s. And, of course, the main issue with the App Store is that it’s the only way users can install software on their devices. You can’t opt out of it because there is no sideloading. There are no alternative stores. The whole way this is framed is misleading.

David Heinemeier Hansson:

I just commissioned a study that confirmed that I am in fact the fairest king in all of the land.

Cabel Sasser:

They keep saying the App Store changed everything because before you had to sell your apps in CompUSA or whatever. Panic ONLY EXISTS because we could sell apps, direct to consumer, via download, since 1999. The App Store arrived in 2008. Drives me crazy that they ignore this era.

Michael Love:

Also true for Palm and Windows Mobile, though they keep insisting on comparing themselves to crappy carrier-run J2ME app stores.

Also, if you didn’t want to handle payments yourself, Mac shareware developers had Kagi from way back when - I used them to sell my little Mac shareware game Ergo in 1994, rate was 5% + $1.25 I believe.

Kyle Pflug:

It’s revealing that this spends no time on whether the “other marketplaces” are the exclusive way to get third party software on their home platform.

The Microsoft Store and Steam both have commission, but they also compete with each other (and direct download, and retail...).

Matt Garber:

The 30% cut is a distraction anyway, which Basecamp also pointed out weeks ago. The real anticompetitive parts are around ridiculous things like not even being allowed to use descriptive text to say “sign up for paid accounts on our website”.

Michael Love:

a) “Everybody else does it” is not a defense

b) Brick and mortar is a meaningless comparable

c) Many of these stores were following your lead

d) Most of them are non-exclusive (except consoles, but their business model is selling HW at cost + making money on games)

Previously:

Update (2020-07-23): John Gruber:

You know you’re in trouble when part of your argument is “Hey, at least we’re better than Ticketmaster.”

Peter N Lewis:

I’ve been doing this full time since 1994 - what made it easy was companies like Kagi and sources like Info-Mac, decades before the App Store.

Ron Avitzur:

Same here. Selling Graphing Calculator direct to customers online since 1998.

Brent Simmons (tweet):

But it’s worth remembering that money really does matter. […] To put it in concrete terms: the difference between 30% and something reasonable like 10% would probably have meant some of my friends would still have their jobs at Omni, and Omni would have more resources to devote to making, testing, and supporting their apps.

Apple Security Research Device Program

Apple (via Hacker News):

The Security Research Device (SRD) is intended for use in a controlled setting for security research only. Shell access is available, and you’ll be able to run any tools and choose your entitlements. Otherwise, the SRD behaves as closely to a standard iPhone as possible in order to be a representative research target.

SRDs are provided on a 12-month renewable basis and remain the property of Apple. They are not meant for personal use or daily carry, and must remain on the premises of program participants at all times. Access to and use of SRDs must be limited to people authorized by Apple.

[…]

Participation in the Security Research Device Program is subject to review of your application. Device availability is limited. Devices will not be available for all qualified applicants in the initial application period.

If you use the device to find a vulnerability, you have to report it to Apple and are not allowed to discuss it until Apple fixes it. Unfortunately, as with the bug bounty program, there’s a giant loophole, which is that Apple could either take a long time to fix it, decide they don’t want to fix it, or purposely impose a gag for vulnerabilities it doesn’t want disclosed. There’s no automatic delay after which you can publish if Apple decided to sit it. We already have evidence of this being a problem from the bug bounty program.

It seems risky to join the program, both because you may end up muzzled and because it ties your hands regarding anything you figure out without using the SRD. Since you can’t prove you did it on your own, everything you do becomes subject to the SRD rules. You’d be setting yourself up to get sued.

Previously:

Update (2020-07-22): Ben Hawkes (via Jeff Hunter):

It looks like we won’t be able to use the Apple “Security Research Device” due to the vulnerability disclosure restrictions, which seem specifically designed to exclude Project Zero and other researchers who use a 90 day policy.

Will Strafach:

no researchers or engineers on our end are participating (in an official/Guardian-affiliated capacity) due to the restriction Apple appears to impose on information disclosure.

Update (2020-07-27): Rich Mogull:

On the whole, Apple’s program requirements and restrictions appear reasonable, and I look forward to seeing how they work in practice. However, there is some risk that the program restrictions will muzzle some researchers while Apple sits on vulnerabilities. Apple’s track record for fixing issues has been pretty good in recent years, but we can’t dismiss this concern out of hand.

Peter Steinberger:

It’s sad that Apple thinks shell access is only useful for security engineers.

Update (2020-07-29): See also: Pwn20wnd.

A First Replicating Type

Drew McCormack:

You may be wondering why the Entry type includes a UUID identifier. It already has a timestamp, which is an identity of a sort. Isn’t that timestamp unique enough?

Maybe, but you will sleep better at night if you assume it is not unique enough. A timestamp has something like millisecond accuracy. A computing device can do thousands, even millions of operations in that time. Two changes to the same value on the same device may very well fall on exactly the same tick of the timestamp clock.

What would happen if we used the timestamp in isolation? If two changes collided — had the same timestamp — the ‘winner’ would effectively be random. Your devices could easily pick different outcomes, and your type will have diverged — your app is no longer in sync. To avoid this, we need some way to pick the same winner on all devices, even if the timestamps are exactly the same. For that, we add the UUID. It ensures a deterministic result in cases where the timestamps collide.

Local iOS Backups Without a Mac

Kickstarter (via 9to5Mac):

AnyBackup is capable of reading, backing up, transferring, and restoring your documents, contacts, photos, videos, and data from all the popular social media channels.

Shawna:

The Maktar Qubii Pro is an automatic flash drive that backs up your photos, files and contacts while charging your iPhone or iPad.

Both of these let you back up your iPhone or iPad to a Micro SD Card or USB storage device. However, as far as I can tell, these aren’t “real” iOS backups. The description makes it sound like you plug the device into the Lightning port and it starts backing up like when you plug an iPhone into a Mac or PC. But it’s a third-party app, not iOS, that does the backup. It only has access to copy certain types of data. You don’t end up with an iTunes-style backup that iOS can auto-restore everything from. iOS is still too locked down to support real third-party backups, and Apple’s own backup tools are still very limited.

Previously:

Tuesday, July 21, 2020 [Tweets] [Favorites]

Big Sur Is Both 10.16 and 11.0

Howard Oakley:

For apps built with Xcode, the version returned depends on which version of its SDK they were built with. SDK 10.15 and earlier will consistently respond that Big Sur is major version 10 and minor version 16. This ensures that all existing apps should see Big Sur as simply an incremented minor version, as we had expected before WWDC this year.

Build an app with a new release of Xcode which features the macOS 11 SDK, and the major version will be 11 and the minor version 0.

Return and Enter Are Two Different Keys

John Gruber (tweet):

If your keyboard doesn’t have a dedicated Enter key, you can type the Enter key by pressing Fn-Return. That’s why some Return keys have “Enter” printed in small type above the word “Return”. If your keyboard has neither a dedicated Enter key nor an Fn modifier key, I don’t think you can type Enter.

Unfortunately, my experience is that fn-Return only works properly on Apple keyboards. On third-party ones, it just generates a Return. Similarly, the fn key is often implemented as a modifier within the keyboard, so that fn-Down Arrow will send an actual Page Down but pressing fn by itself does nothing. With an Apple keyboard, you can see on-screen that the fn and arrow keys were pressed, and you can use fn by itself to trigger Mission Control, Siri, or Dictation.

As a general rule, when they differ, Return is simply the key for typing a newline character (which, on classic Mac OS, was literally a return character, but let’s not get into that here), whereas Enter enters what you’ve already typed without adding a new line.

Previously:

Windows 10X As a Web-first OS

Zac Bowden (tweet):

VAIL, the technology Microsoft uses to virtualize legacy Win32 programs on Windows 10X via containers, has been removed from the latest internal builds of the OS. I’m told that this is a deliberate change as the company moves to reposition Windows 10X as a platform designed to compete at the low-end, head-to-head with Chromebooks with web apps front and center.

The pivot to single-screen PCs is what drives this change. Originally planned as an OS for flagship premium PCs in the foldable space, Windows 10X will now be launching at the very other end of the spectrum, on low-cost tablets and laptops designed for the education and enterprise markets.

Microsoft’s local Win32 app layer will not be present when these low-cost PCs launch with Windows 10X next year. Users will be able to run UWP apps and web apps powered by Microsoft Edge, but not legacy Win32 programs.

Mary Jo Foley (tweet):

For years, many of us Microsoft watchers have expected Microsoft to create a true virtualized Windows PC experience. Well, it’s happening, likely as soon as spring 2021.

Microsoft is currently calling the coming virtualization service “Cloud PC.” Cloud PC won’t replace locally installed Windows (and Office) -- for the foreseeable future, anyway. It will be an option for customers who want to use their own Windows PCs made by Microsoft and/or other PC makers basically like thin clients, with Windows, Office and potentially other software delivered virtually by Microsoft.

How macOS 11 Will Sound

Chance Miller:

In addition to the visual redesign, however, macOS Big Sur completely overhauls the sound effects.

A pair of new videos on YouTube from channel Pomamitia offer a detailed walkthrough of the new system and alert sounds in macOS 11 Big Sur, compared side-by-side with the sound effects from macOS 10.15 Catalina. Some of the changes are more subtle, while others are completely new.

Previously:

Update (2020-07-23): See also: Upgrade.

Two Weeks With iPadOS 14

Federico Viticci:

A trait of iPadOS 14 that immediately stands out is how this year’s changes to the iPad experience do not come in the form of shiny new pro apps or reimagined multitasking. Apple didn’t showcase iPad-specific versions of Xcode, Final Cut, or Logic at WWDC, nor did they address longstanding criticisms related to how the iPad operates in multitasking and multiwindowing contexts. They didn’t, for instance, rethink the role of drag and drop as the sole mechanism to activate Split View or introduce new menus to manage multitasking. Instead, iPadOS 14 is all about refinements to the core iPad experience, with changes in the design department aimed at increasing information density, speeding up interactions by reducing taps and modality in apps, and taking better advantage of the iPad’s large canvas.

[…]

By itself, a three-column layout with a sidebar is not a groundbreaking invention: desktop apps (and several third-party iPad apps) have offeredone for years now. What’s important in the context of iPadOS 14, however, is how Apple, by endorsing a specific approach to laying out and interacting with iPad apps, is signifying a shift in the platform’s role that’s now more tipped toward the Mac end of the computing spectrum rather than the iPhone’s – something we saw coming after last year’s iPadOS 13 and which was further highlighted by the introduction of the Magic Keyboard and system pointer a few months ago.

Benjamin Mayo:

Whilst Siri is active, if you touch the screen, Siri is dismissed. This behaviour is befitting of the compact phone screen, but it also applies to the iPad. Any attempt to interact with the foreground app dismisses Siri completely. On the big iPad canvas, not being able to use the app and interact with Siri simultaneously feels like it is defeating the point of the redesign altogether.

Previously:

Monday, July 20, 2020 [Tweets] [Favorites]

iOS 13.6

Juli Clover:

iOS 13.6 also brings support for Car Key, a feature available in both iOS 13 and iOS 14. Car Key is designed to allow an iPhone or an Apple Watch to be used in lieu of a physical key to unlock an NFC-enabled vehicle.

[…]

In the Health app, there’s a new “Symptoms” section that lets users add symptoms of various illnesses, choosing from options such as body and muscle aches, appetite changes, coughing, dizziness, headache, nausea, and more.

Juli Clover:

In earlier versions of iOS, new software downloads automatically in the background and then can be installed through an Automatic Updates feature. In iOS 13.6, there are new toggles for customizing Automatic Updates.

[…]

This new toggle will be a welcome change for those who do not want iOS updates to download automatically without permission, as this can eat up valuable storage space. Note that this option is enabled by default, so if you want to turn off automatic downloads, you’ll need to toggle it off.

I welcome the first setting because I don’t like having my phone unexpectedly fill up because of an auto-download. Unfortunately, I ran into the same problem with the second setting as Jeff Johnson:

iOS 13.6 silently opted me into automatic iOS updates. I was opted out before I installed (manually).

Also, the app-specific controls to disable cellular data seem to be broken yet again.

Previously:

swift-reflection-dump

Ole Begemann:

swift-reflection-dump is cool! For example, this command dumps 78,000 lines of information about SwiftUI types and their stored properties:

./swift-reflection-dump --arch=x86_64 --binary-filename=<path_to_SwiftUI_binary>

[…]

If you don’t want to build the compiler to try this out, here’s the SwiftUI dump I made[…]

Launch Services Browser 2.1

Thomas Tempelmann (tweet):

This is an analysis tool meant for developers and advanced users.

It uses the macOS Launch Services API to perform lookups of bundle IDs and file extensions.

Additionally, it has a browser for the current system’s UTI hierarchy (though it can also open the so-called lsregister dumps saved on a different computer - see the Help menu for details).

The Rise and Fall of Adobe Flash

Richard C. Moss:

In recognition of its service to content creators and consumers of all stripes, of its contribution to the proliferation of online video and multimedia, and of that divisiveness that’s followed the platform around, the time has come to revisit the rise and fall of Flash—with a little help from its principal creator, Jonathan Gay; a raft of Web resources; and interviews with others who had a hand in its ultimate success.

[…]

In retrospect, joining Macromedia was the best thing that could have happened to the product. Some within the company were initially resistant to Flash and saw it as either a distraction from or competitor to Director, but Flash had support where it counted. Gay and his team could do what they wanted with it. It was just like before, when they were independent, except now Gay and Jackson had the backing of Macromedia’s sales and marketing machine to ensure Flash got the attention it needed in order to gather momentum.

[…]

Nowadays, Gay admits that the credit for its interactivity—that critical component of Flash’s massive success—lay at the feet of a single journalist at MacUser magazine.

“We gave these guys a preview before FutureSplash Animator shipped,” said Gay. “And one of the reviewers went like, ‘You really should add a button.’ We’re like, ‘A button!? That’s a good idea.’”

Previously:

Friday, July 17, 2020 [Tweets] [Favorites]

A New and Improved Twitter API

Twitter (via Hacker News):

With this new foundation, developers can expect to see:

  • A cleaner API that’s easier to use, with new developer features like the ability to specify which fields get returned, or retrieve more Tweets from a conversation within the same response
  • Some of the most requested features that were missing from the API, including conversation threading, poll results in Tweets, pinned Tweets on profiles, spam filtering, and a more powerful stream filtering and search query language

[…]

In the past, the Twitter API was separated into three different platforms and experiences: standard (free), premium (self-serve paid), and enterprise (custom paid). As a developer’s needs expanded, it required tedious migration to each API. In the future, all developers — from academic researchers to makers to businesses — will have options to get elevated access and grow on the same API.

Previously:

Hackers Convinced Twitter Employee to Help Them Hijack Accounts

Joseph Cox (also: Jack Dorsey, Twitter Support, Jason Koebler, SwiftOnSecurity):

A Twitter insider was responsible for a wave of high profile account takeovers on Wednesday, according to leaked screenshots obtained by Motherboard and two sources who took over accounts.

On Wednesday, a spike of high profile accounts including those of Joe Biden, Elon Musk, Bill Gates, Barack Obama, Uber, and Apple tweeted cryptocurrency scams in an apparent hack.

[…]

The accounts were taken over using an internal tool at Twitter, according to the sources, as well as screenshots of the tool obtained by Motherboard. One of the screenshots shows the panel and the account of Binance; Binance is one of the accounts that hackers took over today. According to screenshots seen by Motherboard, at least some of the accounts appear to have been compromised by changing the email address associated with them using the tool.

Nick Statt:

One notable exception in the attack was the account of President Donald Trump. The New York Times is now reporting that Trumps’s account has special protections in place following past incidents — including when a third-party Twitter contractor used internal company tools to deactivate the president’s account in 2017. Those protections may have spared Trump’s account from being taken over, although it is not clear right now whether the hackers even attempted to assume control of his account.

Quinn Nelson:

On the plus side, Apple just made its first public tweet ever.

John Gruber:

Looks like the heist netted around $118,000. A pittance compared to the disruption it caused.

Brian Krebs (also: Hacker News):

Also, it seems clear that this Twitter hack could have let the attackers view the direct messages of anyone on Twitter, information that is difficult to put a price on but which nevertheless would be of great interest to a variety of parties, from nation states to corporate spies and blackmailers.

Previously:

Update (2020-08-03): Bruce Schneier (also: MacRumors):

Motherboard is reporting that this week’s Twitter hack involved a bribed insider. Twitter has denied it.

Nick Heer:

Earlier this year, two Twitter employees were allegedly bribed by the Saudi Arabian government to track dissidents. If humans are, indeed, the greatest security vulnerability within any company, Twitter needs to do far better. It did not ask to be a broadcast arm for weather services and world leaders, but that’s what it has become — and it is clear that it is unprepared for that reality.

Nathaniel Popper and Kate Conger (via tweet, John Gruber):

But four people who participated in the scheme spoke with The Times and shared numerous logs and screen shots of the conversations they had on Tuesday and Wednesday, demonstrating their involvement both before and after the hack became public.

The interviews indicate that the attack was not the work of a single country like Russia or a sophisticated group of hackers. Instead, it was done by a group of young people — one of whom says he lives at home with his mother — who got to know one another because of their obsession with owning early or unusual screen names, particularly one letter or number, like @y or @6.

Twitter (via John Gruber):

The attackers successfully manipulated a small number of employees and used their credentials to access Twitter’s internal systems, including getting through our two-factor protections. As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets.

[…]

For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool.

Bruce Schneier:

This kind of attack is known as a “class break.” Class breaks are endemic to computerized systems, and they’re not something that we as users can defend against with better personal security. It didn’t matter whether individual accounts had a complicated and hard-to-remember password, or two-factor authentication. It didn’t matter whether the accounts were normally accessed via a Mac or a PC. There was literally nothing any user could do to protect against it.

[…]

The security regulations for banks are complex and detailed. If a low-level banking employee were caught messing around with people’s accounts, or if she mistakenly gave her log-in credentials to someone else, the bank would be severely fined. Depending on the details of the incident, senior banking executives could be held personally liable. The threat of these actions helps keep our money safe. Yes, it costs banks money; sometimes it severely cuts into their profits. But the banks have no choice.

The opposite is true for these tech giants. They get to decide what level of security you have on your accounts, and you have no say in the matter.

Thomas Clement:

So, hackers got access to Twitter accounts (including all of the accounts data) via the company’s internal support tools. Could the same happen with iCloud?

It’s a good time to remind you that most of the iCloud data is not end-to-end encrypted, Apple holds the keys.

Jeff Johnson:

I as a lowly external offsite contractor had access to the name, address, and phone number of every member of the Apple developer program. In other words, you.

For no good reason other than this data was not specially protected.

Ron Avitzur:

I contracted at Apple in the early 90s. I am extraordinarily grateful for the extent to which they trusted engineering so that internal security did not impede productivity. It was a simpler time, a more civilized age.

Nick Heer:

Twitter will also show new and unrecognized logins on the Notifications page and send the user an email. I cannot think of a good reason why a similar notification should not be displayed when an engineer accesses private information in a user’s account — with the exception of criminal investigations when Twitter or Facebook would be prohibited from doing so. Ideally, employees should have to get some sort of confirmation from a user before their account is able to be accessed.

Twitter:

The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools.

John Gruber:

My guess is that they’re saying that the attackers targeted low-level employees via the phone, tricked them into revealing details, and used those details to (here’s where the guessing starts) impersonate them on Twitter’s internal Slack. Then, impersonating them on Slack, they tricked other employees into giving them access to these incredibly sensitive account management tools?

Sean Hollister:

Early on July 31st, the FBI, IRS, US Secret Service, and Florida law enforcement placed 17-year-old Graham Clark of Tampa, Florida, under arrest.

[…]

Specifically, he allegedly convinced a Twitter employee that he worked in the Twitter IT department and tricked that employee into giving him the credentials.

Omni Group’s New Licensing

Ken Case (tweet):

With sign-in licensing (coming very soon), you will no longer have to keep track of license codes: to access purchases, you can simply log into our apps using your Omni Account. A single Omni Account can be used across all devices and platforms: with an OmniFocus subscription, for example, the same sign-in will unlock OmniFocus on Mac, iPad, iPhone, and Web.

We launched team subscriptions in March, and will be launching personal subscriptions at the same time as sign-in licensing. Subscriptions give you the latest version of our apps, enabling every feature on every platform (including Pro features)—with a lower cost up front and predictable spending in the future. But knowing that subscriptions aren’t the best choice for everyone, we continue to offer traditional licenses as well: traditional licenses are investments which may cost more up front, but save money in the long run.

Previously, OmniFocus 3 for Mac was $40 ($80 Pro) and for iOS was $40 ($60 Pro). Now, for Mac it’s $50 ($100 Pro) and for iOS it’s $50 ($75 Pro). Or you can subscribe to all platforms for $10/month or $100/year. So, the prices have increased, but you still have the flexibility to choose which platforms you want and whether to pay via subscription. (The long-term plan, though, is for all purchases to be universal.) If you do buy the subscription, you can either get it via In-App Purchase or direct from Omni, sending them a higher percentage of the price of the iOS app than was possible before.

Accounts seem more convenient than serial numbers in some ways, and may help reduce piracy, but presumably the apps will now require online activation. So, if you need to reinstall but the server is down, you may not be able to access your documents.

With frameworks like SwiftUI, it’s easier than ever to design and build an app which behaves consistently across all of Apple’s platforms, while adapting behavior to leverage the strengths of each platform. The combination of new designs and new cross-platform technologies is a perfect fit with our roadmap for improving the flow of using our apps. […] But when it comes to drawing content on the screen, processing input and commands, adapting to screen changes and so on, we’re going to take a fresh look at today’s technologies to see what we can best leverage as we redesign our apps.

Once again, there doesn’t seem to be much on the roadmap for OmniOutliner. It already does almost everything I want, but I would love to see some performance improvements. Typing in a large outline—ever since the engine was brought back from iOS—currently takes about one second per keystroke.

Ken Case:

With yesterday’s @OmniGroup app updates, all our Mac App Store apps once again have support for family sharing! You can use a shared Omni Account to license each family member’s devices (while continuing to use independent Omni Accounts for syncing).

Previously:

Thursday, July 16, 2020 [Tweets] [Favorites]

macOS 10.15.6

Apple (also: MacRumors, Mr. Macintosh, Howard Oakley):

macOS Catalina 10.15.6 introduces local news in your Today feed in Apple News and improves the security and reliability of your Mac.

Unlike macOS 10.15.5, this does include a new version of Apple Mail. However, it’s not yet clear to me whether it fixes the data loss bug from macOS 10.15.0 where messages disappear when you move them. One user who had been frequently seeing the problem says that it stopped occurring some time ago—after the previous update but before this one—perhaps due to a change on Apple’s iCloud mail server. However, I would still like to see a fix in Mail itself because the bug also affected Gmail and other servers.

I have heard that some users are still seeing the bug from 10.15.0 where rules don’t move incoming messages to another mailbox automatically, only when manually applying the rules.

Update (2020-07-16): I received another report that iCloud messages no longer disappear. I also received a report that the bug with rules copying Gmail messages instead of moving them is fixed. I’m still not sure whether the data loss bug is fixed for non-iCloud servers.

Update (2020-07-20): One user reports Exchange messages disappearing when moved, although he’s not sure whether it’s due to a server problem or Apple Mail.

Update (2020-08-03): I’ve received several other reports of messages disappearing when moving them.

Previously:

Update (2020-07-27): Mr. Macintosh:

The softwareupdate --ignore flag was changed to include some changes that we asked for!

Erik Schwiebert:

PSA: beware of MacOS [10.15.5] if you have any non-ASCII characters in your apps’ entitlement.plist files (even if they are HTML-encoded with &#...;). Late changes to the codesign tool error on them at signing time.

Juli Clover:

macOS Catalina 10.15.6 successfully fixes a frustrating bug that prevented some USB 2.0 accessories from working properly with 2020 MacBook Air and MacBook Pro models, according to MacRumors readers and users on Reddit.

Ole Begemann:

macOS 10.15.6 understands Big Sur’s APFS volume format. And apparently parallel installs of Catalina and Big Sur into the same APFS container are now supported (though I haven’t tried this).

Previously:

Update (2020-07-29): Tanner Bennett:

You can only use the --ignore flag “as long as the Mac is enrolled in Apple School Manager, Apple Business Manager or a User Approved MDM”?

Why?

Don’t Close Your MacBook With a Camera Cover

Apple (via MacRumors, Hacker News):

If you close your Mac notebook with a camera cover installed, you might damage your display because the clearance between the display and keyboard is designed to very tight tolerances. Covering the built-in camera might also interfere with the ambient light sensor and prevent features like automatic brightness and True Tone from working. As an alternative to a camera cover, use the camera indicator light to determine if your camera is active, and decide which apps can use your camera in System Preferences.

[…]

The camera is engineered so that it can’t activate without the camera indicator light also turning on. This is how you can tell if your camera is on.

Even assuming there’s no way around that, the light only provides protection when you happen notice it. This will be some time—possibly short or possible very long—after the camera had started recording. If the software simply takes a photo and turns the camera back off, you might not notice the light flash even when sitting at the computer.

If you install a camera cover that is thicker than 0.1mm, remove the camera cover before closing your computer.

I’ve been using a piece of electrical tape, which Wikipedia says is between 0.18mm and 0.25mm thick. I’m not sure what you could use that would be thin enough to leave on.

zelon88:

None of the proposed solutions do anything to actually stop the camera from taking a picture of you. Sure, you’ll see the indicator light up for 3 seconds. But the attacker still got what they needed.

Camera covers have nothing to do with identifying compromise. They are strictly for preventing compromise. This is exactly opposite what a camera indicator light does, and thus the indicator should not be considered a “workaround” for not being able to install a camera cover.

gtm1260:

I was very skeptical of the camera covers, but then through conversations with some of my co-workers, I realized that they weren’t being used because people were worried about spies secretly turning on the camera. It was 90% of the time just peace of mind that their camera was actually off, instead of having to find the sometimes hard to see options in video chat programs etc.

Previously:

Update (2020-07-29): Simone Manganelli:

Even if there were a big omnipresent, easy-to-access button in the menu bar that would turn off the camera, sometimes the OS hangs, or is slow to respond to a button click, and those seconds can be make-it-or-break-it for a huge embarrassment.

Tuesday, July 14, 2020 [Tweets] [Favorites]

APFS Snapshots of the Big Sur System Volume

Jeff Johnson:

Yesterday I updated from Big Sur beta 1 to beta 2, which went smoothly except for the fact that the update doubled the size of my read-only system volume to over 27 GB, which didn’t leave me enough free space on the partitioned external disk to install (the enormous) Xcode. Without Xcode, it’s impossible to adequately beta test Big Sur as a developer. It turns out that Big Sur always boots from a snapshot (an APFS snapshot that you can see with diskutil apfs listSnapshots, not a Time Machine snapshot that you’d see with tmutil listlocalsnapshots), and updating to beta 2 apparently added a new snapshot without deleting the old snapshot. I tried to delete the old snapshot, which was listed as “Purgeable” by diskutil, but Big Sur claimed I lacked permission, even with SIP disabled.

Howard Oakley:

Not only does Big Sur use a snapshot of the current system for its Signed System Volume, but it makes and keeps one of your previous installation too. When your startup disk has half a terabyte free, that may escape notice, but for us lesser mortals, and anyone trying to manage Big Sur in less than 100 GB, it really gets in your way. I’m sure that those figures will improve by the time that Big Sur is ready for release, but that isn’t the point: once the system has made that snapshot of the previous installation, there seems no easy way to discover how much disk space the snapshot is occupying, and the only way to free up that space seems to be performing a clean install of macOS.

[…]

If you really want to know what’s going on with your snapshots and why free storage space is disappearing, the best tool at present is Carbon Copy Cloner.

[…]

We need Disk Utility to be able to list all snapshots stored on a volume, and their current effective size, together with a command to delete those which are purgeable. Is this really too much to hope for three years after Apple introduced APFS and snapshots?

Previously:

Update (2020-07-30): Erik Gomez:

Worse is you actually can’t use time machine in recovery OS to revert to any of these snapshots. Every time I try, it fails.

SwiftUI for Mac on Big Sur

Sarah Reichelt:

After a lot of testing, several days of frustration and help from Jordan Singer with his mail-swiftui-sample project, I was finally able to work this out. The difference is that the initial view has to specify what comes next as well as what it is displaying.

[…]

In the old style SwiftUI apps which were wrapped in AppKit, the menus were in a storyboard that you could edit. Now you add commands to the app’s WindowGroup to alter the menus.

[…]

With menus and toolbars, there is a heap of extra code added to certain views. I would love to be able to extract that into its own function or view modifier. I was able to extract the toolbar, but I am not sure how to do this with menus yet.

Previously:

iOS 14 Pasteboard Notifications

an0:

If you thought the new API -[UIPasteboard detectValuesForPatterns:completionHandler:] on iOS 14 is designed to avoid privacy alerts when accessing pasteboard, no, it is not. It still triggers privacy alerts.

[…]

Testing result in beta 1: even if the pasteboard content doesn’t match the pattern.

I would have expected that with no matches there would be no notification. I guess you are expected to first call the detectPatterns API and then, depending on the result, call detectValues.

Previously:

The WWDC Format

Benjamin Mayo:

The technical sessions were also all pre-recorded this year … and they should keep them that way. It was brilliant. The seminar format conveyed the information with more detail and more clarity. For learning materials, that’s exactly what you want.

I enjoyed the new format, too, and I like how it allowed each session to be its natural length. But I really miss the PDFs of the slides and the transcripts. I hope they’re just not ready yet.

Previously:

Monday, July 13, 2020 [Tweets] [Favorites]

Another Facebook SDK Crash

John Sundell (also: Hacker News):

Facebook’s SDK is once again causing numerous iOS apps to crash on launch.

Here are some of the GitHub issues. It seems like another case of a server change causing an unexpected JSON value to be returned.

Jumhyn:

The current Facebook Developer Policy requires that developers use the official Facebook SDK when implementing Facebook Login in their native app. Given that Facebook cannot ensure the stability of their SDK (resulting in the crashing of client apps), developers should have a policy-compliant option for implementing the login API themselves to avoid Facebook’s QA practices rendering their apps unusable.

See also: SDKs should not crash apps — learnings from the Facebook outage.

Previously:

Update (2020-07-30): Nick Heer:

Must be nice for Facebook to have the apparent blame fall on other developers and Apple because no user is going to think “Spotify crashed on my iPhone because of Facebook”. Also, notice that this doesn’t happen to Facebook’s own apps.

Implicit Capturing of Self in Swift 5.3

John Sundell:

In Swift 5.3, however, using self in the above kind of situation is no longer required, and we can simply access properties and methods belonging to value types (such as SwiftUI views, or any other type of struct) without any additional prefixes — regardless if that’s done within an escaping closure or not[…]

That’s really neat, and further makes SwiftUI’s DSL feel even more lightweight. However, it’s important to remember that the same kind of capturing still occurs — meaning that the above ListView value (and the ListViewModel instance that it contains) will still be captured by our closures. Within the context of SwiftUI, though, that’s not likely to become a problem — since SwiftUI views are just lightweight structs that don’t hold any strong references to their subviews.

This is perhaps confusing, but it doesn’t seem like it will cause unwanted captures because it’s limited to value types.

SE-0269:

Whenever self is declared explicitly in an escaping closure’s capture list, or its type is a value type, any code inside that closure can use names which resolve to members of the enclosing type, without specifying self. explicitly.

[…]

While this proposal opens up implicit self in situations where we can be reasonably sure that we will not cause a reference cycle, there are other cases where implicit self is currently allowed that we may want to disallow in the future. One of these is allowing bound method references to be passed into escaping contexts without making it clear that such a reference captures self.

I still think closures are an area of Swift that needs work. I wish it were harder to accidentally strongly capture self in reference types and less verbose to use it weakly.

Previously:

Update (2020-07-30): Sami Samhuri:

It would be nice to concisely say that a closure should be discarded when a weakly-captured param goes away. I imagined what that could look like and now I want @ClosureWrapper.

Friday, July 10, 2020 [Tweets] [Favorites]

The Raison d’Être for the App Store

John Gruber (tweet, Hacker News):

Feel free to file Google’s release this week of an update to their iPad Gmail app with support for split-screen multitasking under “better late than never”, but this is so late it borders on the absurd.

[…]

I worry that this sort of “Who cares, it’s better than nothing” attitude has seeped into Apple itself, and explains how we wound up with barely modified iPad apps shipping as system apps on the Mac.

[…]

I’d like to see all the vim, vigor, and vigilance Apple applies to making sure no app on the App Store is making a dime without Apple getting three cents applied instead to making sure there aren’t any scams or ripoffs, and that popular apps support good-citizen-of-the-platform features within a reasonable amount of time after those features are introduced in the OS.

[…]

The primary purpose of the App Store should be to steer third-party apps toward excellence, to make the platform as a whole as insanely great as possible. When Steve Jobs introduced the App Store in 2008, he said, “We don’t intend to make any money off the App Store. We’re basically giving all the money to the developers and the 30 percent that pays for running the store, that’ll be great.” Really. It’s impossible to square that mindset with the App Store of today, where the highest priority seemingly is the generation of ever-increasing revenue in the Services column of Apple’s quarterly finance spreadsheet.

I’m against adding subjective quality requirements to the App Store, but requiring split-screen seems more like the objective requirements to support 64-bit or the iPhone X notch. It could nudge apps in a good direction without being onerous or unpredictable.

Dave Mark:

I do think it’s possible Apple’s hand will be forced by Antitrust investigation/regulation. But the financial forces, the pressure from shareholders for year-over-year growth, will not change. Some balancing force needs to come to bear here, pressure to make Apple value a world where, as John says, their most used apps are best-in-class.

Quality doesn’t come from App Store guidelines or antitrust requirements. It depends on the people in positions of power having the resources, motivation, and taste. That goes for Apple as well as third-party developers.

Jeff Johnson:

Job’s quote about not making money off the App Store was striking, but IMO the money quote was “what made Apple users Apple users is that they complained vociferously if they had to use a terrible app.”

Devs didn’t used to need the App Store review “stick”. Users were the stick.

Previously:

Update (2020-07-30): Troy Gaul:

It’s a little odd that @gruber’s article lamenting Apple not using the App Store to enforce higher quality apps that support platform features fails to mention the reason for this change and its timing is that an App Store rule now required it[…]

Ryan Jones:

Here’s the official text on multitasking.

John Gruber:

So split screen is “strongly encouraged”, not mandatory.

Thursday, July 9, 2020 [Tweets] [Favorites]

VMware Fusion Tech Preview for Big Sur

Michael Roy (tweet):

Big Sur brings with it some really big visual changes, but also major changes under the hood. For instance, Apple has been progressively deprecating 3rd party Kernel Extensions or “kexts” which Fusion needs to run VMs and containers. In order to continue to operate in this model, we’ve re-architected our hypervisor stack to leverage Apple’s native hypervisor APIs, allowing us to run VMs without any kernel extensions.

On macOS Catalina systems, Fusion operates as it always has using kernel extensions to provide functionality. However on Big Sur systems, Fusion operates entirely without kexts.

[…]

This Tech Preview supports macOS Big Sur 11.0 Beta 2 for both Host and Guest.

Michael Roy:

Mojave is explicitly not supported. The next major version of Fusion will deprecate Mojave hosts.

See also:

Previously:

How to Decode Apple Version and Build Numbers

David Shayer:

An Apple build number also has three parts:

  • Major version: Within Apple, the major version is called the build train.
  • Minor version: For iOS and its descendants, the minor version tracks with the minor release; for macOS, it tracks with patch releases.
  • Daily build version: The daily build indicates how many times Apple has built the source code for the release since the previous public release.

[…]

Apple isn’t dogmatic about following these rules, or, to put it another way, circumstances sometimes force the company to deviate from its rules. If it had followed past years, iOS 13.1 would have been 17Bxxx, but it was 17A844. This fact probably means that Apple originally thought that iOS 13.1 was going to be iOS 13.0.1, but it ended up containing such important changes that the company decided to increment the minor version number rather than the patch version number.

Clip 1.0

Riley Testut:

Clip is a clipboard manager for iOS that can run in the background indefinitely, listening for changes to the clipboard and saving your clippings for later use. Normally this would be impossible without jailbreaking, but Clip uses several workarounds to achieve this functionality within the constraints imposed by iOS. Unfortunately, despite working just fine these workarounds are all against App Store rules…which is what makes Clip perfect for AltStore 🎉

Previously:

Wednesday, July 8, 2020 [Tweets] [Favorites]

Making a Best in Class iOS App

Jordan Morgan (tweet):

What things can I quantify that help make an app great?

I believe I’ve created such a list that helps answer that question. Yours might look different, but this one is mine. It attempts to takes all of the emotion and (mostly) opinions out of it. I want to capture what Apple says is great, not what other people may define it as.

He has a long checklist for accessibility.

Previously:

Is WebKit Sabotaging the Future of the Open Web?

WebKit:

WebKit’s first line of defense against fingerprinting is to not implement web features which increase fingerprintability and offer no safe way to protect the user. Here are some examples of features we have decided to not implement in part due to fingerprinting concerns[…]

Mike Zornek:

With this collective blocking of access (along with the lack of side loading options on iOS and the ban of non-WebKit rendering in App Store apps) Apple has positioned their own native and financial interests over the favor of an open web.

Why can’t the WebKit developer energy be spent on building these great new APIs and connect them with user empowering privacy tools. A great example of what I mean is website location tracking. If a website wants access you your location (for say driving directions) you can grant it access. I don’t understand why a similar approach could not be applied for things like Web Bluetooth access or Proximity sensor access.

See also: Highlights from our conversation with the Safari team.

Previously:

Update (2020-07-09): Marcos Cáceres:

Mozilla also won’t implement these either, for same reason as WebKit. Privacy and security of our users is paramount, and that means making difficult compromises.

Their longer explanation is here.

See also the replies to this post via Twitter. I see lots of criticism of Google’s motives and attacks on sites/apps. I’m not seeing answers to Zornek’s question or arguments for how these features are different from the ones Safari has already implemented in privacy-empowering ways. People don’t like the way the Web is today, but I don’t see how ceding the future of Web APIs to Chrome/Edge and their dominant engine is going to put the genie back in the bottle. As a Safari user, I don’t see how forcing me to use Chrome for certain sites does anything to help my privacy. As an iOS user, my devices are less valuable if certain kinds of apps cannot be delivered through the Web, and therefore have a higher barrier to being developed and may be blocked by Apple’s political or business concerns.

Apple Silicon and Virtualization

bmalehorn (via Hacker News, Reddit):

Why can’t you update the Docker image to also support ARM? You theoretically could switch your backend to run ARM Linux. However, this would take months - renting out ARM instances, re-building all repositories, and a tense switch over. What if your hosting provider doesn’t offer ARM instances with the same system requirements as x86_64? What if you complete this migration and find it runs at half the speed?

Worse, it might be impossible if your images include files downloaded off the internet, as those are often only compiled for x86_64.

[…]

Boot Camp will definitely not be available on ARM Macs. It might be added later with the ability to run ARM Windows, though Microsoft would have to approve.

Gerald (via Hacker News):

With the Mac having the same hardware as the target devices, there’s consistency and no hidden surprises. Whenever the development cycle is shortened and opaque differences removed, it’s a good thing.

[…]

What about the downside of Docker becoming 2 to 5x slower without hypervisor? While that is indeed a downside, I’d argue that for local Docker instances, they are better used for functional testing and not part of the core development cycle.

Previously:

Update (2020-07-30): Shac Ron:

Apple didn’t demo Windows on ARM Macs because Windows does not support 16KB pages. Until Microsoft changes this, don’t expect Windows on Apple Silicon.

Tuesday, July 7, 2020 [Tweets] [Favorites]

What Changes Might Be Coming to New Mac Hardware?

Jason Snell:

When the Intel transition happened, Apple was extremely restrained. The first Intel Macs were more or less the existing PowerPC Macs, but with Intel processors inside. The message was clear: Steady as she goes, no need to be concerned, these Macs are the same ones you loved, but with a different kind of chip inside.

I suppose Apple could play that game again with this transition, but I don’t think it will. […] But there are plenty of features that haven’t come over from the iPhone and iPad, and now might be the time.

Previously:

Monday, July 6, 2020 [Tweets] [Favorites]

Visual Comparison of macOS Catalina and Big Sur

Andrew Denty:

All of the screenshots below are taken on a default install of macOS and the Catalina version is always on the left. I made a conscious effort not to resize any windows or change any default settings. I haven’t captured everything, but it is a good taste of the changes so far.

Previously:

H.266/Versatile Video Coding (VVC)

Fraunhofer HHI (via Hacker News):

This new standard offers improved compression, which reduces data requirements by around 50% of the bit rate relative to the previous standard H.265/High Efficiency Video Coding (HEVC) without compromising visual quality.

[…]

A uniform and transparent licensing model based on the FRAND principle (i.e., fair, reasonable, and non-discriminatory) is planned to be established for the use of standard essential patents related to H.266/VVC. For this purpose, the Media Coding Industry Forum (MC-IF) was founded. In addition to Fraunhofer Society, the MC-IF now includes +30 companies and organizations. The new chips required for the use of H.266/VVC, such as those in mobile devices, are currently being designed. Dr. Thomas Schierl, head of the Video Coding and Analytics department at Fraunhofer HHI, announced “this autumn Fraunhofer HHI will publish the first software (for both encoder and decoder) to support H.266/VVC.”

Previously:

AirPods Pro: Rattlegate

MacRumorsRanger:

So there appears to be a widespread issue with the AirPods Pro: they seem to eventually develop a rattling noise when Noise Cancellation or Transparency is in use. It is believed to be a hardware problem at this stage and fairly widespread.

Apologies for the use of yet another “-gate”, but no one seems to have a consistant name for this issue: terms like “rattling”, “crackling”, “clicking”, “staticy”, “clacking”, “rumbling”, and “crinkling” are just some of the phrases I’ve seen used. I’m hoping to draw some attention to the issue, both so people experiencing it know they’re not alone or doing something wrong, but also to put some pressure on Apple to acknowledge the problem and properly resolve it (instead of people getting replacements that go on to develop the same problem).

The forum thread is still active, currently with almost 200 replies. I haven’t seen this problem myself, though.

Previously:

Update (2020-07-09): Peter Steinberger:

I‘m on my 3rd pair. I give them until November to break again.

AirPods vs. AirPods Pro

Adam Engst:

Wearing the AirPods Pro doesn’t hurt, but I notice them constantly and breathe a sigh of relief every time I take them out.

[…]

I’m torn here—the AirPods Pro have significantly more flexible controls than the AirPods, but they require more manual dexterity than I often have when I’m exercising or doing yard work. But if forced to choose, I’d go with the simple double-tap on the AirPods. It’s just easier.

[…]

I’m sure this varies depending on your hand size, but I find that the AirPods case is almost an addictive fiddle—it’s like that smooth stone from the beach that you just can’t put down. The AirPods Pro case, on the other hand, is a little large in my pocket and just doesn’t have the same addictive feel.

Similarly, the cover of the AirPods case snaps shut with an absolutely compelling little thunk at the end, whereas the AirPods Pro case cover… well, it just shuts. There’s nothing wrong with it, and you probably wouldn’t notice unless you were switching back and forth as I’ve been doing. But it’s not as good.

Finally, and you can probably guess where this is going, the AirPods fit into their case so smoothly and with a tiny magnetic assist that makes it seem like they’re happy to jump back in and get a charge.

He came to many of the same conclusions that I did.

Previously:

Optimizing the Objective-C Runtime in Big Sur

WWDC 2020:

Dive into the microscopic world of low-level bits and bytes that underlie every Objective-C and Swift class. Find out how recent changes to internal data structures, method lists, and tagged pointers provide better performance and lower memory usage. We’ll demonstrate how to recognize and fix crashes in code that depend on internal details, and show you how to keep your code unaffected by changes to the runtime.

Pierre Habouzit:

Also the tagged pointer change allows the piece of assembly I’m the most insanely proud of: the tagged pointer decoding is now much faster in msgSend.

Pierre Habouzit:

This structure holds Writeable runtime metadata for the classes to work at runtime. But only half of that 8-word structure was used commonly.

So we split it, and only allocate the extended part when needed (which is rare) and as Ben mentions, we saved dozens of MBs (given that we save 32B a-piece, yes it means there are several hundreds of thousands of classes initialized system wide)

[…]

We found that it’s quite common in certain UI code (but not only) to repeatedly autorelease the same object over and over again. We have implemented a small LRU that is consulted each time an object is autoreleased.

[…]

Also, because the runtime caches negative [IMP cache] entries, the speed of a lookup miss is not very relevant, so we can tolerate denser tables.

We added 2-entries hashes. tables up to 8 entries are filled up to 100% and and others up to ~90% (7/8th).

Pierre Habouzit:

[The] motivation for us is that a single method made direct saves you typically 30bytes (that’s what the average cost of an IMP entry used to be).

A monomorphic IMP cached in 100 processes gives you 3k, save 1000 such IMPs you save 3M system wide.

It also saves a lot of binary size.

David Smith:

The idea that saving 30 bytes per process per method is worth doing significant work is not intuitive until you internalize just how many processes are on a typical iOS device and how valuable memory freed up for the frontmost app is[…]

Pierre Habouzit:

[We] have pre-optimized some IMP Caches at build time. How do you think we did that...

Pierre Habouzit:

To beat a hash-table with linear probing, there’s only one thing you can do: a perfect hash table. The problem is, perfect hash tables that exist today in the literature are large, use complex hash functions (the one Obj-C uses is just a mask).

So that was quite the conundrum.

Now there are two ways to get a perfect hash table: either you have a perfect hash function…. or you cheat and make sure that all your keys hash perfectly. Keys for us, are selectors. They live in the shared cache.

Do you see it coming?

[…]

Memory savings are … substantial. There’s also a huge speed win during startup because… you don’t have to build those caches anymore and the contention on the runtime locks is reduced.

Previously:

Friday, July 3, 2020 [Tweets] [Favorites]

mount_apfs TCC Bypass and Privilege Escalation

Csaba Fitzl (tweet):

We could mount the entire file system through APFS snapshots as read-only, with the noowners flag, which enables us accessing (almost) every file in the file system, including data (documents, files, etc…) of every user on the system, including those protected by Apple’s privacy framework (TCC). Even with the Guest account we could read files of admin accounts as Guest! 😱

[…]

At the beginning of March 2020, Apple said that the fix is shipped in Catalina 10.15.4 beta, they didn’t tell a word how they fixed it. I quickly jumped on it, and I found that the trick still works. I was puzzled. After some testing it turned out that they tied this to the Full Disk Access (FDA) right in TCC (kTCCServiceSystemPolicyAllFiles), which I found wrong.

As he explains:

This still violates the basic BSD security model, as you can read other user’s file, without elevating to root. […] Even if SIP is ON and Terminal has Full Disk Access, you can’t see other user’s files with it - with this vulnerability you can.

But Apple still considers it to be fixed.

Thomas Reed:

Absolutely ridiculous fix, I agree. Gating the fix behind a gate that most people will have open is bad. Of course, FDA for Terminal is just bad in general, yet there’s no good way for technical users to NOT give FDA to Terminal. 😞

It’s like Apple has designed TCC in such a way that you have to make an insecure config change to get real work done, but they can say, “Well, you would have been safe if you hadn’t made an insecure config change.” 😒

And there are lots of other apps that needs Full Disk Access, for one reason or another, but they shouldn’t be given access to other users’ files.

Previously:

Big Sur’s Narrow Alerts

Craig Hockenberry:

Why do I have this
huge ass screen on
my Mac and am now
reading alerts with
four or five words in
each line?

Seems like a bad
idea when a majority
of Macs have a
display with landscape
orientation. Portrait
makes sense on a phone,
but I find it hard to
use on a Big
Sur desktop.

The reason is to make it look more like iOS, perhaps so that iOS apps running on macOS 11 fit in better. We’re continually told that macOS and iOS are not merging, and that the Mac will still be the Mac, yet Apple continues to make changes to macOS like this that degrade the user experience in favor of consistency with iOS. Look at the Catalyst apps. Even the praised Messages app is gaining bugs and losing features like transcripts, AppleScript, and good keyboard support that weren’t in the iOS version.

Apple:

Alerts are cardlike rectangles that use the same corner radius as all windows in macOS 11. Within an alert, most content is center aligned.

Centered text is difficult to read when there are multiple lines. It’s also disorienting that sometimes the buttons are arranged horizontally and other times vertically. And it introduces an incosistency with dialogs, which often are just alerts with more content, but now they have different text alignment and a different style of button.

Previously:

LinkedIn iOS Clipboard Snooping

Don (via Hacker News):

LinkedIn is copying the contents of my clipboard every keystroke. IOS 14 allows users to see each paste notification.

I’m on an IPad Pro and it’s copying from the clipboard of my MacBook Pro.

Erran Berger (VP of Engineering):

Appreciate you raising this. We’ve traced this to a code path that only does an equality check between the clipboard contents and the currently typed content in a text box. We don’t store or transmit the clipboard contents.

fingerlocks:

It’s an innocuous comparison of text input to the pasteboard to prevent unwanted autocorrect insertions.

It doesn’t seem like iOS 14’s new pasteboard sniffing API would handle this case.

Previously:

Update (2020-07-06): John Gruber:

Even if you really did want to make an app that steals people’s clipboard contents, there’s absolutely no reason you’d check the clipboard contents this frequently. It’s just sloppy programming. But once revealed, a sloppy implementation like LinkedIn’s looks sketchy as hell.

Update (2020-07-27): Hartley Charlton:

Microsoft’s LinkedIn was sued yesterday for allegedly reading and diverting users’ private information using the iOS clipboard.

TikTok iOS Clipboard Snooping

Juli Clover (also: Hacker News):

A new feature in iOS 14 alerts users when apps read the clipboard, and it turns out some apps have been reading clipboard data excessively.

TikTok users who upgraded to iOS 14, for example, quickly noticed constant alerts warning them that TikTok was accessing the clipboard every few seconds. After being caught, TikTok now says that it’s removing the feature.

They say it was doing this to “identify repetitive, spammy behavior.”

John Gruber:

I mean, their explanation makes no sense at all.

Couldn’t they wait until you do something with the clipboard contents?

Other apps also read the clipboard when you aren’t pasting, often for good reasons.

TikTok also seems to try to check which apps you have installed and more:

TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they’re using it.

[…]

Here’s the thing though.. they don’t want you to know how much information they’re collecting on you, and the security implications of all of that data in one place, en masse, are fucking huge. They encrypt all of the analytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can’t see what they’re doing. They also made it so you cannot use the app at all if you block communication to their analytics host off at the DNS-level.

Previously:

Thursday, July 2, 2020 [Tweets] [Favorites]

Using SVGs in Asset Catalogs

Marc Edwards:

SVGs can now be used as assets for iOS, iPadOS, macOS, and watchOS apps. The most exciting part of this new feature is that there’s not much to say — it’s full SVG support, and it just works.

Xcode 12 is required, but deployment targets of iOS 13, iPadOS 13, macOS 10.15 or later are supported.

[…]

Unlike PDF assets, SVGs seem to always be bundled in their native format and rendered at runtime. As a result, many apps will be able to save a lot of space by moving appropriate assets over to SVGs.

Previously:

A Huge Year for SwiftUI

Swift by Sundell:

Josh Shaffer and Eliza Block from Apple join John to talk about what’s new in SwiftUI, how Xcode Previews work under the hood, the new home screen widget system, Apple’s internal process of adopting and improving SwiftUI, and much more.

See these WWDC sessions:

See also: John Sundell and Majid Jabrayilov.

Previously:

App Store Requires Opting Out After Trial Subscription

Down Dog (Reddit, Hacker News):

Apple is rejecting our latest update because we refuse to auto-charge at the end of our free trial. They can choose to steal from their customers who forget to cancel, but we won’t do the same to ours. […]

We’ve experimented with auto-charging trials in the past and they lead to (1) fewer users trying the product (2) a huge number of refund requests by users who forget to cancel and (3) complete disbelief from those users when we explain that Apple won’t allow us to issue refunds.

It’s particularly bad because (1) cancelling a subscription is notoriously hard to find in Apple’s settings (2) Apple requires users to cancel at least 24 hours before the trial is over and (3) their site for requesting a refund often returns an error after logging in!

Nathan Lawrence:

Apple shouldn’t require devs to auto-charge after trials, but this rule exists for a reason: Free trials have historically been a real danger zone and misleading area for online services.

Apple’s system can be just as misleading and messy, but this isn’t just a power grab.

[…]

I think auto renewing subscriptions after free trials are generally pretty lousy UX, but Apple isn’t actually against not having those. Apple is against building your own skunkworks setup to make that happen.

Ken Case:

For those who aren’t already aware of this: every one of our @OmniGroup apps has the option to start a free two-week trial which doesn’t automatically convert into any sort of purchase.

I’m so confused about what the rule actually is.

Juli Clover:

Apple is introducing a new in-app purchase server notification system that lets developers know when a customer requests and receives a refund for an in-app purchase, allowing the developer to take an appropriate action, such as revoking the purchased item.

Developers are not involved in Apple’s refund process, which is handled by the company. Prior to now, when a user requested and received a refund for an in-app purchase, developers were not notified about the refund, leading to situations where customers could get a refund for a purchase and keep the in-app purchase.

Previously:

Safari Privacy Protections Bypass

Jeff Johnson (tweet, Hacker News):

The privacy protections system (also known as TCC: Transparency, Consent, and Control) was introduced in macOS Mojave, and one of its purposes is to protect certain files on your Mac from access by unauthorized apps. I’ve discovered a way for an unauthorized app to read the contents of protected files, thus bypassing the privacy protections.

[…]

It’s been over 6 months since I reported the issue to Apple. This is well beyond the bounds of “responsible disclosure”, which is typically 90 days after reporting an issue to a vendor. It’s also becoming obvious that I will never get paid a bounty by Apple for anything I’ve reported to them, or at least not within a reasonable amount of time. I’m not interested in waiting years for a bounty. I can’t speak for anyone else, but my personal experience is that the Apple Security Bounty Program has been a disappointment, and I don’t plan to participate again in the future.

An app can make a copy of Safari, modify a JavaScript file in it, and exfiltrate private Safari data. The system trusts the bundle identifier on the copy and doesn’t do a full check of the code signature (or even check the path) to make sure it’s the real Safari.

Csaba Fitzl:

you should have waited, I have worse ASB timelines than this :)

Jeff Johnson:

We know that TCC is a major burden for legitimate Mac apps. But is it a major burden for malware? That’s the question, and it seems to me the answer is no. There are so many holes in this system, it only stops the good developers who wouldn’t stoop to using the countless hacks readily available to malware developers.

He also found a sandbox escape.

Previously:

Update (2020-07-06): See also: Thomas Claburn.

Boot and Recovery Mode on Apple Silicon Macs

Jason Snell (also: MacRumors):

With the advent of Macs running Apple-designed processors, things will get a whole lot simpler. As described Wednesday in the WWDC session Explore the New System Architecture of Apple Silicon Macs, these new Macs will only require you to remember a single button: Power.

[…]

On these new Macs, Target Disk Mode will be retired in favor of Mac Sharing Mode. Rather than turning your Mac into a disk, the new Mac Sharing Mode will turn your Mac into an SMB file server.

[…]

In reduced security mode, you can boot any supported version of macOS, even if Apple’s no longer signing it. And if an app or accessory you rely on uses a third-party kernel extension to enable functionality, you’ll need to use this mode.

Previously:

Wednesday, July 1, 2020 [Tweets] [Favorites]

Upgrade Interviews Bob Borchers and Ronak Shah

Upgrade:

This week we welcome Apple’s Bob Borchers and Ronak Shah to the show to discuss macOS Big Sur, including all the new features in Safari. There’s also an awful lot of follow-up from the busy WWDC week that was, and we discuss the possible features of new Macs running Apple silicon.

Early in the show is a discussion of iOS 14’s Back Tap feature, which didn’t make the keynote. It sounds great.

Dr. Drang:

Has anyone explained why Apple is touting the translucent menu bar in Big Sur?

[…]

It is, of course, an awful feature, an impediment to usability because it makes the menu bar harder to read. Even Apple’s own PR screenshots have terrible contrast.

[…]

When Apple sends people out to talk, it expects them to stay on-message, and the translucent menu bar is apparently part of the message of Big Sur. And because I can’t figure out why they’re doing this, I feel myself sinking into paranoia (they’re not going to take away the Accessibility setting that turns this abomination off, are they?) and Kremlinology.

See also: Craig Hockenberry (tweet).

Previously:

Update (2020-07-06): Wil Shipley:

Look, I’m really happy macOS 11 got some graphical love. I’m glad we’re, as they say, “Starting a conversation.” I just hope Apple’s listening to our side of the conversation.

I mean, I admit to feeble old eyes, but this seems punishingly hard to read—on the default background.

Mike Hanley:

Definitely reminds me of the early Leopard demos. Hopefully they walk back from it a bit like they did back then...

Canceling Apple Arcade Games

Mark Gurman and Jason Schreier (also: MacRumors):

Apple Inc. has shifted the strategy of its Apple Arcade gaming service, canceling contracts for some games in development while seeking other titles that it believes will better retain subscribers.

[…]

On calls in mid-April, an Apple Arcade creative producer told some developers that their upcoming games didn’t have the level of “engagement” Apple is seeking, the people said. Apple is increasingly interested in titles that will keep users hooked, so subscribers stay beyond the free trial of the service, according to the people.

[…]

The company hasn’t said how Apple Arcade is performing, but it recently started offering a second free trial month, indicating that some users likely aren’t remaining subscribers for very long.

I thought Apple Arcade was supposed to enhance the value of Apple’s platforms by funding quality games that didn’t have to chase engagement metrics. Now, it sounds like it’s about services revenue.

McCloud, last year:

Apple’s doesn’t have gaming DNA. Sony for example uses games to sell hardware and services, but in Sony’s case they make masterpieces like God of War and Uncharted - Apple would be metric-driven, so they’d consider lots of hours played == good games.

McCloud:

This might be a good strategy to maximize revenue in the short and mid term, but will also lead to fungible games. Sony actually gets gaming and this is why you’ll see things that would never get greenlit in a metrics-driven world that end up selling consoles.

Previously:

Update (2020-07-06): Benjamin Mayo:

At the original March event, Apple Arcade was positioned as a subscription service offering an eclectic collection of novel and unique titles, drawing on the raw creativity of indie game studios, as well as mixing in some games from larger franchises. The fact that Apple was funding the games upfront meant that the developers had the freedom to create, in Apple’s words, “the best work of their lives” and without having to contort the gameplay to accommodate monetisation mechanics like interstitial ads, in-game currency, artificial time limits and such.

[…]

I also think there are strong arguments that Apple’s monetary commitments to Arcade are too small, especially when you look at what they are happily spending on the TV side. Adding a handful of big-budget high-production games into Arcade would surely be a good thing. As it stands, the budget for Apple’s two series order of The Morning Show exceeds investment into the entire Arcade library.

Sim Genie 1.0

Curtis Herbert:

Sim Genie is a Mac app that is built for those of us that spend our days in Xcode. Apple has been adding a lot of hidden capabilities to the Xcode simulator, but they haven’t been making those capabilities particularly easy-to-use or discoverable.

So I got to thinking: the simulator can do a lot of things now a days, and I’d save a lot of time and avoid many annoyances if those things were more easily exposed. What would an app look like that really took a serious go at making a proper product out of the simulator? One that didn’t just focus on the raw capabilities of the simulator, but the workflows that could be built around it?

[…]

I’m charging a one-time fee for the app, there is no recurring revenue here unless I go the 2.0 upgrade-pricing route.

[…]

Sim Genie has to use the Xcode command line tools, and some other terminal goodies, to work. And that kinda stuff ain’t exactly sandbox-friendly.

Sim Genie:

Grab marketing-ready screen recordings right from the simulator.

[…]

Apply status bars without adding custom code, or needing real hardware.

[…]

Debug how your app responds to push notifications earlier in development, without deploying to device or setting up a push server.

Make sure your deep links aren’t breaking the app’s state; trigger them at any time to ensure your app responds nicely.

Big Sur’s Hidden Containers Folder

Rico Becker:

Apple has restricted access to ~/Library/Containers/ in Finder on macOS Big Sur.

It’s only showing one folder in my case. In Terminal I can see that everything is still there.

This was quite a shock when I first saw it, because it looked like all my data was gone. As far as I can tell, there’s no setting (except maybe disabling SIP) to turn off this feature. This is going to be really annoying because I browse the Containers folder in Finder every day. I don’t understand what Apple is trying to do here, because:

Previously:

Update (2020-07-03): If you open the Library folder (not Containers itself) in List view and turn off groups, you can open the disclosure triangle and view the container folders. Some show their actual folder names, and others show the name of the app. The Finder’s “fake” view persists when System Integrity Protection is turned off, and it also gets in the way of the Command-Option-G “Go to Folder” keyboard command in file open panels.

Update (2020-07-27): Rico Becker:

You know what is really great about macOS 11 beta 3? We’ve got our containers back! \o/

Update (2020-07-29): Jeff Johnson:

Containers are back in b3 but still have weird display names, with sometimes hilarious results.