Archive for August 2020

Monday, August 31, 2020 [Tweets] [Favorites]

Identifying People by Their Browsing Histories

Lukasz Olejnik:

In 2009-2011 we did some research work motivated with a positive aim of educating web users about certain risks of browsing history leaks. The pointed to a perhaps unexpected conclusion. It indicated that web browsing histories may be unique to the user. In our study, the number of unique user fingerprints revealed by observing the set of visited websites was as much as in 97% of cases. Furthermore, such fingerprints were stable over time (in 38% of analyzed cases). We also found that limiting to just 50 most popular sites, the uniqueness was still substantial.

That was the early 2010s. In 2020 the situation is different. Today, user’s private data are processed at an order of magnitude greater scale than in 2010. Fortunately, someone verified that the result holds.

See also: Bruce Schneier (Hacker News).

Previously:

Update (2020-09-07): See also: Hacker News.

Notarized Mac Malware

Patrick Wardle:

Interestingly, Peter noticed the campaign originating from homebrew.sh, leveraged adware payloads were actually fully notarized! 😱

We can confirm the payloads are indeed notarized via the spctl command (note the "source=Notarized Developer ID")[…]

As far as I know, this is a first: malicious code gaining Apple’s notarization “stamp of approval”.

[…]

As noted, Apple (quickly-ish) revoked the Developer code-signing certificate(s) that were used to sign the malicious payloads. This occurred on Friday, Aug. 28th.

Interestingly, as of Sunday (Aug 30th) the adware campaign was still live and serving up new payloads. Unfortunately these new payloads are (still) notarized[…]

This is discouraging, as OSX.Shlayer is said to be the “most prevalent” Mac malware, yet notarization didn’t catch it. It’s not clear whether Apple was eventually able to adapt or whether new binaries are still being notarized at will. Perhaps the real benefit of notarization is not prevention but rather that it allows related binaries to be found (because Apple can search the previous submissions) and disabled sooner, before they have widely spread.

See also: Zack Whittaker, Thomas Reed, MacRumors, Lily Hay Newman, Nick Heer.

Previously:

Update (2020-09-07): Cedric Owens:

I had similar observations last year when I found that I was able to get my red team apps notarized. I wrote about my steps here. I reported to Apple but not sure if any changes have been made.

Howard Oakley:

Over the last couple of years, a succession of security experts have deemed Shlayer unsuitable for conventional signature-based detection methods, because of its design and frequent evolution. Rapid checks, such as those most probably performed as part of Apple’s initial notarization process, are therefore unlikely to be able to detect it. Most of us had assumed that those brief checks would be followed by slower and more thorough analysis, with triage determining which apps needed to go on for expert human dissection.

Update (2020-09-11): Phil Stokes:

But Shlayer has been up to other tricks since June of 2020 that have been helping it avoid the static signatures employed by most vendors. Although bypassing Apple’s Notarization checks is obviously a headline grabber, this new variant of Shlayer utilizes heavily obfuscated Zsh scripts and is in fact far more prolific in the wild. Let’s take a look at how this new variant works.

Allowing Bug Fixes and Challenging the Guidelines

Apple (also: Hacker News, 9to5Mac, MacRumors):

The App Store is dedicated to providing a great experience for everyone. To continue offering a safe place for users to download apps and helping you successfully develop apps that are secure, high-quality, reliable, and respectful of user privacy, we’ve updated the app review process as announced at WWDC20. For apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal issues. You’ll instead be able to address guideline violations in your next submission. And now, in addition to appealing decisions about whether an app violates guidelines, you can suggest changes to the guidelines.

Will Strafach:

guideline challenge successful! ✅

to @guardianiosapp users: Day Pass capabilities will indeed live on in our upcoming v2 update.

I am unsure when the text of the App Store Guidelines will be publicly updated on this matter, but keep an eye out.

[…]

I don’t know how the app review process goes internally, but it seems like they could not wrap their heads around a time-based purchase which did not use IAP’s subscription system’s built-in time intervals.

that was what we challenged.

Curtis Herbert:

I was rejected when I launched my day pass in 2016. Since I have the concept of recordings, I worked around by renaming to a “single pass” that unlocked a recording. Later moved to a bundle of single passes. Always called it day pass externally, but in app it was the single pass.

Paul Haddad:

Now that Apple is saying you can appeal guidelines rejections wonder if it’s time to try fighting the one that requires Pastebot’s paste service.

Jeff Johnson (tweet):

My update, which has a new feature but no bug fixes, is currently in limbo because the reviewer is getting mysterious proxy connection errors that no customer of mine has ever reported.

I saw another developer today say their app was “rejected” because the reviewer asked “How does the app utilize Touch Bar and where can we locate these features?”

This kind of crap happens all the time, and I don’t see anything in this announcement that will help.

This is apparently common.

Previously:

Update (2020-09-11): Apple:

Bug Fix Submissions: For apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal issues. If your app has been rejected, and qualifies for this process, please use the Resolution Center to communicate directly with the App Review team indicating that you would like to take advantage of this process and plan to address the issue in your next submission.

So the bug fix won’t be immediately accepted, but hopefully the delay for this process won’t be too long.

Update (2020-09-14): Hobbyist Software describes how its update to fix a crashing bug was rejected because of an issue with a pre-existing app preview video. The app displays wallpapers across multiple monitors but isn’t allowed to show multiple monitors in the video. As there is no legal issue, the app should be eligible for the new bug fix policy, but App Review at first didn’t want to allow this. They finally agreed, and then it took an additional 68 hours before the bug fix was approved.

Update (2020-09-30): Jeremy Provost:

What Apple told developers on August 31st, 2020 was: “For apps that are already on the App Store, bug fixes will no longer be delayed over guideline violations except for those related to legal issues.” This seems like a very clear statement. Get App Review on the phone and they’ll tell you a different story. According to them bug fixes are not allowed for “legal issues” (makes sense), “user safety issues” (we would whole-heartedly agree), but here’s the kicker, and anything else that App Review on a case-by-case basis decides not to allow as a bug fix update.

Is macOS Becoming Unmaintainable?

Howard Oakley:

There’s one big snag with Catalina’s ingenious linkage of System and Data volumes into a Volume Group: when anything goes wrong, the only option seems to be to wipe them both and start again. I’ve heard of a steady succession of users who’ve been caught by this, most commonly when trying to re-install earlier releases of Catalina.

[…]

Apple doesn’t provide a full suite of maintenance and repair tools for APFS and its volumes. Third-parties have been prevented from doing so because Apple has still not provided documentation more than a year after developers first started using macOS Catalina. All this changes again with the arrival of Big Sur and its Sealed System Volume, where the contents of the system are contain in a special snapshot which is cryptographically sealed and mounted read-only. I can see a lot of users having to perform repeated clean re-installs of macOS 11.0 because there are simply no other options.

Howard Oakley (Hacker News):

Apple has long taken pride that “it just works”, but seems to have convinced itself that is inviolate fact, and has become unable to consider what happens when it stops working.

The long-running saga of failed EFI firmware updates is a case in point.

[…]

Indications are that Catalina’s boot Volume Group was designed without consideration of maintenance procedures which could address that type of problem, and the current solution has only evolved during Catalina’s release cycle, in the last few months.

[…]

Once again, no one seems to have considered the problems which can be caused by orphaned snapshots, so they’re a key macOS feature which is essentially unmaintainable by macOS and its supporting toolset.

Update (2020-09-02): See also: Accidental Tech Podcast (John’s Mac Pro Tale of Woe).

Friday, August 28, 2020 [Tweets] [Favorites]

Apple Terminates Epic Games’ Developer Account

Juli Clover (tweet):

Fortnite has been unavailable for a few weeks, but other Epic Games titles like Battle Breakers and Infinity Blade Stickers were still in the App Store . Now that the Epic Games developer account has been terminated, those apps are gone.

[…]

Though the Epic Games developer account is no longer available, Fortnite continues to work.

As expected. Apple also disabled IAP because customers were asking for refunds.

Last night, Epic sent out emails to Fortnite players blaming the unavailability of the new season on Apple and claming that Apple is “blocking Fortnite” in order to prevent Epic Games from “passing on the savings from direct payments to players.” Apple in turn has taken to featuring Fortnite competitor PUBG in its App Store.

It appears that the Mac version of Fortnite is signed by the separate Epic International account that Epic uses for Unreal Engine.

Previously:

Update (2020-08-31): Ryan Jones:

In dueling PR statements Apple sounds over dramatic, while Epic is chillin’.

Tim Sweeney:

Apple’s statement isn’t forthright. They chose to terminate Epic’s account; they didn’t have to.

Apple suggests we spammed the App Store review process. That’s not so. Epic submitted three Fortnite builds: two bug-fix updates, and the Season 4 update with this note.

John Gruber:

The last approved version of Fortnite still runs, but along with other games from Epic, it’s no longer available from the App Store, even if you previously downloaded it. This means you won’t be able to restore Fortnite on a new or factory-reset iPhone.

[…]

The “instead they repeatedly submit Fortnite updates designed to violate the guidelines” line in Apple’s statement is interesting, though. I don’t read it as an accusation of “spamming”, as Sweeney claims. Epic submitted three builds, none of which removed their in-app purchase circumvention, so they knew Apple was never going to approve them. They were just wasting Apple’s time. But I find it interesting that Apple even mentioned it, or phrased it that way. It indicates that Epic has gotten under their skin to some degree.

But, presumably, under the new rules announced today, the bug fixes would be allowed? Somehow I doubt that.

See also: Hacker News, Accidental Tech Podcast, Cory Doctorow.

Miguel de Icaza (tweet, Hacker News):

In the end, I value my iOS devices because I know that I can trust them with my information because security is paramount to Apple.

[…]

In the battle over the security and privacy of my phone, I am happy to pay a premium knowing that my information is safe and sound, and that it is not going to be sold to the highest bidder.

It’s comforting to believe this, but it may be more marketing and information hiding than truth. We know that information is being sold and that most of the actual security benefits are due to the design of iOS rather than the App Store itself.

Facebook Rejected for Mentioning App Store Fee

Sam Byford (tweet, also: ArsTechnica, MacRumors):

Apple blocked Facebook from informing users that Apple would collect 30 percent of in-app purchases made through a planned new feature, Facebook tells Reuters. Apple said the update violated an App Store rule that doesn’t let developers show “irrelevant” information to users.

The feature lets Facebook users buy tickets for online events directly through the app.

Note that Facebook itself is not getting a cut, nor was it breaking the rules and linking to an alternate payment method. I think it’s quite relevant for customers to know when they buy something where their money is going. It’s hard to see how this unwritten App Store policy benefits anyone but Apple, who doesn’t want their customers to know how the system works. And it’s hard to see what Apple did to deserve the 30%. It’s not the one putting on the event, it’s not the one who helped the buyer discover the event, and it’s not the one transmitting the information. It’s more like Panasonic, back in the days of landlines, expecting 30% from the Sears Catalog orders you placed using the handset that you’d already paid them for.

Previously:

Update (2020-08-31): See also: Hacker News.

Juli Clover (also: Hacker News):

In a company-wide meeting, Facebook CEO Mark Zuckerberg on Thursday referred to Apple’s App Store as monopolistic and harmful to customers. Apple “blocks innovation, blocks competition,” and uses the App Store to “charge monopoly rents.”

Zuckerberg’s comments, which were said to 50,000 Facebook employees over a webcast, were shared by BuzzFeed News. Apple, said Zuckerberg, has a “unique stranglehold as a gatekeeper on what gets on phones.”

App Rejected for Using Unofficial Tesla API

Filipe Espósito:

Watch app for Tesla” is a popular app that lets users check useful information and send commands to a Tesla vehicle directly from an Apple Watch. However, the availability of this app may be threatened as Apple has been reinforcing its guidelines related to third-party APIs, which may require the developer to remove their app from the App Store.

[…]

The company has argued that the only way to have an app with an unofficial third party API approved in the App Store is by having the written consent of the owner of that service, which in this case is Tesla.

[…]

Although the rejection of the app has only occurred now, Apple’s decision is based on an old policy — which for some reason is sometimes ignored by the company. Section 5.2.2 of the App Store Review Guidelines emphasizes that apps are not allowed to use third-party services without prior authorization due to intellectual property issues.

[…]

Apple once again reached out to the developer and the company agreed to release the latest update of Watch app for Tesla on the App Store until this situation is thoroughly investigated.

This seems like a straightforward violation of the guidelines, but (a) it is not evenly enforced, and (b) I’m not sure the guideline makes sense. In the general case, it’s not possible to prove that you have permission to use an API. Why is it Apple’s business to investigate this? And what about apps like Paw that can be used with arbitrary APIs? Does an IMAP client use an API of an unlimited number of third-party services?

Previously:

VMware Fusion 12

VMware (tweet, also: MacRumors):

Fusion 12 Player replaces Fusion 11.5 ‘standard’, and follows the same pricing and licensing model as Workstation Player, meaning that it is both free for Personal Use, but requires a license for Commercial Use.  Fusion Player has the same features as Fusion 11.5.x ‘standard’ and more.

However, for business use the price is increasing from $79 to $149.

Matthew Guay (tweet):

So last year we picked 100 popular business software, dug through blog posts and the invaluable Wayback Machine, checked each year’s pricing for the decade from 2009 to 2019, and calculated the software inflation rate.

[…]

If pricing did go up, though, on average it went up 47% since its last price change (which, on average, came 4 years ago). Asana, Teamwork Projects, and PivotalTracker each went up around 10%—so Asana now costs a dollar more per user each month. Others saw a 30-50% price bump. PieSync went up the most, with its price nearly tripling since its acquisition by HubSpot.

You had nearly as good of odds of your software getting cheaper this year, as 8% of products saw their price reduced an average of 32%. Notion made their personal plans free, as did GitHub along with reducing all their plans’ prices. AWS took 1-12% off their services. GoToMeeting costs less than half what it did last year. Drip and LucidChart had raised their prices in 2019, then brought them back down this year.

Previously:

Blanked-Out Spots on Baidu Maps

Allison Killing et al.:

Our breakthrough came when we noticed that there was some sort of issue with satellite imagery tiles loading in the vicinity of one of the known camps while using the Chinese mapping platform Baidu Maps. The satellite imagery was old, but otherwise fine when zoomed out — but at a certain point, plain light gray tiles would appear over the camp location. They disappeared as you zoomed in further, while the satellite imagery was replaced by the standard gray reference tiles, which showed features such as building outlines and roads.

[…]

Having established that we could probably find internment camps in this way, we examined Baidu’s satellite tiles for the whole of Xinjiang, including the blank masking tiles, which formed a separate layer on the map. We analyzed the masked locations by comparing them to up-to-date imagery from Google Earth, the European Space Agency’s Sentinel Hub, and Planet Labs.

Governments Buying Phone Location Data

Joseph Cox:

In March, tech publication Protocol reported that multiple government agencies signed millions of dollars worth of deals with Babel Street after the company launched its Locate X product. Multiple sources told the site that Locate X tracks the location of devices anonymously, using data harvested by popular apps installed on peoples’ phones.

[…]

A myriad of smartphone apps, from weather predictors, to games, to flashlights, collect location data. Sometimes this may provide some benefit to the app’s operation itself, such as being able to route directions from a users’ current location, but many of these apps often sell that information as well to data brokers or other companies who incorporate it into their own products.

[…]

Many agencies have filed so-called reverse location warrants to ask Google to hand over information on what Android devices were in a particular area at a given time, for example. But an agency does not need to seek a warrant when it simply buys the data instead.

Daniel Sinclair:

Apple needs to open up telemetry to give users control & purview, as well as attack the problem from the other side by creating a separate app review process for SDKs that demands code review and data audits.

I don’t know exactly how this would work, but it’s a real problem that users have no visibility or control over what happens to their data. Some apps legitimately need location access, and once that’s granted there’s little that can be done to protect you.

Via Dan Grover:

If Apple’s strength is being a walled garden, we might as well demand better walls.

Previously:

Update (2020-08-31): Rosyna Keller:

Far less specific location data is a feature of iOS 14…

Tyler Lacoma:

Approximate Location is a new tool that can be enabled in iOS. Instead of switching off location-based data, this feature will make it…fuzzy. Apple reports that it will limit the location data sent to apps to a general 10-mile region.

[…]

Not all the details are certain yet, but we do know that apps will be able to track when a device moves from one region to another. Apps will probably be able to extrapolate on that data and know that you were somewhere along a particular border between one region and another.

Update (2020-09-07): Nick Heer:

Yesterday, the U.S. Court of Appeals for the Ninth Circuit unanimously confirmed that the NSA’s bulk collection of Americans’ phone records was illegal, and found no evidence that it ever found or convicted a single terrorist. But, even if it had helped, the program would still have been illegal because bulk surveillance is antithetical to a healthy democracy. If anything, this decision demonstrated that federal agencies are more constrained than private companies in their ability to collect information like this. That makes sense — the state should not be spying on citizens — but Cox’s reporting shows that the private sector has provided a convenient workaround.

Can Thieves Crack 6-Digit iPhone Passcodes?

Henrique Prange:

So, how could the wrongdoers do all of that in less than 5 hours? After considering many options, the only reasonable explanation is they cracked the 6-digit passcode on the stolen iPhone using some kind of device like the GrayKey.

The passcode gave them access to the keychain. They searched for the iCloud credentials, disabled the Lost Mode, and turned off the Find My.

Via John Gruber:

I mention this in the wake of the aforelinked piece on Face ID vs. face masks because months ago, when I first started grocery shopping while wearing a mask, I switched my iPhone from an alphanumeric passphrase back to a 6-digit passcode for convenience. I did so thinking, basically, that even though a 6-digit passcode is less secure, anything truly dangerous like disabling Find My iPhone requires my iCloud password as well.

It simply never occurred to me that if a thief (or law enforcement, or any adversary) has the device passcode, and your iCloud password is in your keychain, they can get your iCloud password from your keychain. All you need is the device passcode to access all of the passwords in iCloud keychain.

I really hope this year’s iPhones have Touch ID.

Previously:

Thursday, August 27, 2020 [Tweets] [Favorites]

Objective-Rust

Jordan Rose:

What I wanted was for Objective-C’s messaging syntax, or something like it, to be valid anywhere in Rust code. It didn’t have to be exactly Objective-C, but I quickly realized the advantage of Objective-C’s syntax: it’s delimited, i.e. it’s a self-contained expression that can be dropped into something larger without changing how that larger thing parses. (That’s probably why it’s bracketed in C as well.)

[…]

If I were just matching that, I could use Rust’s original pattern-matching macros. But to take a whole block of code, and replace everything that looks like a message lock in that block…well, it might be possible with pattern-matching and quite a bit of recursion, but it’s going to be a lot easier to use procedural macros, a Rust macro interface written in Rust and used as a compiler plugin. (Swift folks, basically what SwiftSyntax allows you to do, but invoked on-demand during compilation.)

Update (2020-08-31): See also: Hacker News.

iOS 14 Hidden Features

Juli Clover:

In this guide and accompanying video, we’ve rounded up some of the most useful hidden features you’ll find in the iOS 14 update. Note that some of these features are limited to Apple’s newer iPhones and do not work with older models.

[…]

Back Tap is an Accessibility feature that lets users double tap or triple tap on the back of the iPhone to perform various actions.

Juli Clover:

In iOS 14, iPadOS 14, and macOS Big Sur, developers are able to make subscriptions available for all members of a Family Sharing group for the first time, which will let multiple users take advantage of subscription offerings.

Previously:

Stealing Local Files Using Safari Web Share API

Pawel Wylecial:

In general Web Share API allows users to share links from the browser via 3rd party applications (e.g. mail and messaging apps). The problem is that file: scheme is allowed and when a website points to such URL unexpected behavior occurs. In case such a link is passed to the navigator.share function an actual file from the user file system is included in the shared message which leads to local file disclosure when a user is sharing it unknowingly. The problem is not very serious as user interaction is required, however it is quite easy to make the shared file invisible to the user. The closest comparison that comes to mind is clickjacking as we try to convince the unsuspecting user to perform some action.

[…]

The issue exists on both MacOS and iOS, after selecting different methods of sharing we will get different results, some of them are shown below.

[…]

Below you can see a video demonstrating stealing user’s browsing history using web share API[…]

Catalin Cimpanu (via Hacker News):

Wylecial initially reported the bug to Apple earlier this spring, in April, but the researcher decided to go public with his findings today after the OS maker delayed patching the bug for almost a year, to the spring of 2021.

Previously:

Where Did Mac’s Resale Value Go?

Om Malik:

So I wondered, how much can I get for my 8-month old Macbook Pro? I mean if it was not too much, I would be happy to upgrade to new model. Unfortunately, the cost is too much. Apple’s official trade-in says that I could get $1530, which is what you could get on eBay. That is a depreciation of $3000 or about $375-a-month. Ouch! The upgrade is not as automatic as it used to be. Maybe it is the news of the pending launch of ARM-based machines that has depressed the prices. An alternative theory is that Apple and its machines are so commonplace and people don’t buy laptops as often that Mac machines have lost any resale value.

Via Adam Chandler:

Apple product resale has dropped off a cliff! The iPhone has remained mostly resilient if you’re the kind of person who buys a new iPhone top-end model every 12 months full price and unlocked, you can recover about 70% of its value after a year..sometimes more especially if it lived in a case, has the box and AppleCare along with unused earphones. The Apple Watch on the other hand, it’s hard to give these away, particularly the premium models. Aluminum will see a 50% drop YoY but Stainless steel models drop even more. People don’t see the value in the premium Apple Watch models so it actually drops to aluminum pricing after a year.

Finally, there are Macs…these were usually a 25% drop after 12 months, then 15% year two and you’d expect a 50% drop after 3 years of ownership. That has changed and while I used to be able to justify buying the most expensive MacBook and iMac knowing I’d get most of that money back in resale, I don’t anymore.

Why Did Mozilla Remove XUL Add-ons?

David Teller:

Firefox used to have a great extension mechanism based on the XUL and XPCOM. This mechanism served us well for a long time. However, it came at an ever-growing cost in terms of maintenance for both Firefox developers and add-on developers. On one side, this growing cost progressively killed any effort to make Firefox secure, fast or to try new things. On the other side, this growing cost progressively killed the community of add-on developers. Eventually, after spending years trying to protect this old add-on mechanism, Mozilla made the hard choice of removing this extension mechanism and replacing this with the less powerful but much more maintainable WebExtensions API.

[…]

XUL was developed at the time of HTML4, when web specifications were stuck in limbo, and was designed largely as a successor of HTML dedicated to applications instead of documents. Almost twenty years ago, Mozilla released a first version of XULRunner, which was basically an earlier version of Electron using XUL instead of HTML (HTML could also be inserted within XUL).

[…]

There was a catch, of course: the Servo team didn’t have the resources to also reimplement XUL, especially since Mozilla had decided long ago to stop working on this technology. In order to be able to eventually replace Gecko (or parts thereof) with Servo, Mozilla first needed to migrate the user interface of Firefox to HTML5.

Of course, not all extensions can be written with the newer system.

Wednesday, August 26, 2020 [Tweets] [Favorites]

Improved KVO in Big Sur

macOS Big Sur 11 beta 5:

Key-Value Observation removal facilities now employ deterministic bookkeeping methods. Cases that would have produced hard-to-diagnose crashes, especially those where KVO signals problems accessing deallocated observer pointers or observers associated with incorrect objects, now produce an exception pinpointing which observed object needs a missed removeObserver(_:) call, and by which observers. This exception was previously thrown as ‘best effort’ when KVO could detect the problem; the new deterministic bookkeeping allows it to be thrown for all cases where removeObserver(_:) is needed.

The improved determinism also allows improved Swift API handling. Instances of NSKeyValueObservation, produced by the Swift NSObject.observe(_:changeHandler:) method, take advantage of integration with this bookkeeping so they now invalidate automatically when the observed object is released, regardless of how the object implements its KVO behavior. This applies to all usage of this API in macOS 11 Big Sur beta, including on processes built with previous versions of the SDK, and eliminates certain classes of crashes that sometimes required using the legacy API instead.

Previously:

Update (2020-08-28): David Smith:

Tip re the KVO_IS_RETAINING_ALL_OBSERVERS_OF_THIS_OBJECT_IF_IT_CRASHES_AN_OBSERVER_WAS_OVERRELEASED_OR_SMASHED method that I added years ago: it really means all observers of that object, not just the ones being notified. Most of the time it’s an unrelated one you forgot about.

(The reason is that determining which objects are being notified without introducing deadlocks requires dropping an internal lock, which would allow another thread to deallocate the observer out from under KVO, so it has to retain then figure out which are relevant)

Epic Will Stop Updating Fortnite for iOS and Mac

Epic (via MacRumors):

Apple is blocking Fortnite updates and new installs on the App Store, and has said they will terminate our ability to develop Fortnite for Apple devices. As a result, Fortnite’s newly released Chapter 2 - Season 4 update (v14.00), will not release on iOS and macOS on August 27.

Juli Clover:

Epic Games confirmed to The Verge that cross-platform play will not be possible, and iPhone, iPad, and Mac Fortnite players will only be able to play with one another. That means Fortnite users who have friends on other platforms will not be able to play with those friends.

John Gruber:

So what happens to the current version of Fortnite that’s already installed on iOS devices and is about to be out-of-date? Does it keep working, despite being out of date (and despite containing Epic’s rule-violating custom payment processing)? Or does Apple revoking Epic’s developer license invoke the kill switch that disables installed copies of Fortnite? What about the ability to re-download the current version if you (or a family-sharing member) previously downloaded it?

Surely, Apple will leave the installed apps in place and let customers blame Epic for missing the latest season and for any incompatibilities with new OS versions. Disabling installed apps would make Apple the bad guy and make users worry about their other purchases disappearing.

Jason Snell:

The thing is, I don’t really back all the actions of either party in this kerfuffle. Instead, I’m squarely on the side of the people who use technology. Let’s leave aside the tech giants. What are the outcomes that would most benefit regular users?

[…]

I’d like Apple to loosen up on its App Store restrictions, without sacrificing security and safety. I’d like Apple to let reputable companies process payments for digital goods directly, but I don’t want to pause every time an app asks me for money in fear that it’s a scam.

Above all else, I think that Apple has brought this scrutiny upon itself by failing to adapt to the times.

Eric Stromberg:

Ah yes, the quaint early days of App Store fights.

iBeer v. Apple foretold Epic v. Apple.

Previously:

Update (2020-08-27): Rosyna Keller:

Why macOS?

Jeff Johnson:

According to the judge’s order, “Apple maintains separate developer agreements and developer program licensing agreements between Epic Games, Epic International and four other affiliated entities.” The competing interpretation is that the restraining order allows Apple to terminate the developer account of Epic Games, just not the developer accounts of the other 5 entities.

What’s the difference? In one word: Macintosh!

Even if the temporary restraining order does protect the Mac version, it expires in September.

Unity’s IPO Filing

Unity’s Form S-1 cites some risk factors (via Hacker News, Slashdot):

Operating system platform providers or application stores may change terms of service, policies or technical requirements to require us or our customers to change data collection and privacy practices, business models, operations, practices, advertising activities or application content, which could adversely impact our business.

[…]

In June 2020, Apple announced plans to require applications using its mobile operating system, iOS, to affirmatively (on an opt-in basis) obtain an end-user’s permission to “track them across apps or websites owned by other companies” or access their device’s advertising identifier for advertising and advertising measurement purposes, as well as other restrictions. We expect that Apple may implement these changes as early as fall of 2020. The timing and manner in which these plans will be implemented and the effect on our revenue are not yet clear, but these changes could adversely affect our revenue from our monetization products and potentially other Operate Solutions. In addition, if customers have applications removed from these third-party platforms because of a change in platform guidelines that impact our code or practices, we could be exposed to legal risk and lose customers. In addition, these platforms could change their business models and could, for example, increase application store fees to our customers, which could have an adverse impact on our business.

[…]

If we or our customers were to violate, or an operating system platform provider or application store believes that we or our customers have violated, its terms of service or policies, that operating system platform provider or application store could limit or discontinue our or our customers’ access to its platform or store. In some cases these requirements may not be clear and our interpretation of the requirements may not align with the interpretation of the operating system platform provider or application store, which could lead to inconsistent enforcement of these terms of service or policies against us or our customers, and could also result in the operating system platform provider or application store limiting or discontinuing access to its platform or store. An operating system platform provider or application store could also limit or discontinue our access to its platform or store if it establishes more favorable relationships with one or more of our competitors or it determines that it is in their business interests to do so.

Previously:

Facebook SDK Will Not Adopt Apple’s iOS 14 Privacy Prompt

Juli Clover (also: Hacker News):

Facebook today warned advertisers that Apple’s upcoming anti-tracking tools could cause a more than 50 percent drop in Audience Network publisher revenue due to the removal of personalization from ads within apps.

[…]

In a blog post, Facebook said that it does not collect the identifier from advertisers (IDFA) from Facebook-owned apps on iOS 14 devices, as Apple added a feature that requires users to agree to ad tracking to prevent cross-app and cross-site tracking used to provide targeted ads.

Ryan Jones:

Just what Apple needed, another high-stakes game of chicken.

[…]

Per the rules any sort of tracking and sharing back to other sites requires the prompt (sometimes called fingerprinting, but now that it’s called that they will stop calling it that)

robterrell:

I understand why everyone’s instant reaction might be “good,” but if you are in the business of making an app, you will eventually need to get users for your app. Advertising is how that happens. That’s because app store discovery was nerfed years ago, to make store search ads a revenue source. This Apple IDFA change will likely force you to redirect your ad spend from the Facebook Audience Network to Apple search ads.

fwiwm2c:

I hope you realize what this means is that ads as a monetization model for apps is getting decimated. These apps will now have to explore alternate monetization models such as either making themselves paid or subscriptions. And guess what, Apple takes a 30% cut of it.

It’s a win-win-win for Apple, which in a single stroke can protect your privacy, hurt their competitor, and get more ad and fee revenue. It’s not unlike how iOS’s Web browser restrictions can potentially offer security benefits but also encourage the flow of search placement revenue from Google and slow adoption of features that help Web apps compete with native ones.

Previously:

Update (2020-08-27): Oluseyi Sonaiya:

Prior to the new OS, advertisers went to Facebook, who then fulfilled ad inventory on its own apps as well as others’. With the new OS, Facebook is having difficulty fulfilling inventory on others’, which I guess hurts other apps wholly dependent on Facebook?

So the best bang for your buck is still Facebook, changing little for the advertisers. It only hurts other publishers, if Facebook’s claim is taken at face value.

Plus anyone buying ads.

Update (2020-09-07): Apple (via Mark Gurman, Hacker News):

We are committed to ensuring users can choose whether or not they allow an app to track them. To give developers time to make necessary changes, apps will be required to obtain permission to track users starting early next year. More information, including an update to the App Store Review Guidelines, will follow this fall.

David Barnard:

Apps being able to do cost-effective marketing ultimately benefits everyone involved: consumers, Apple, developers, ad networks, and even the thousands of growth/ad tech/infrastructure companies (including @RevenueCat) that help facilitate that marketing.

[…]

Apple’s intent with the IDFA was to help facilitate that marketing measurement, but it quickly devolved into a tool for privacy invasion.

[…]

Killing the IDFA (by making it opt-in instead of opt-out) is absolutely the right thing for Apple to do. Apple is hitting the reset button on the tradeoff between privacy invasion and the beneficial aspects of being able to granularly measure marketing spend.

SKAdNetwork is the new IDFA — it’s Apple’s attempt to facilitate cost-effective marketing on their platform. And I’m personally quite excited about SKAdNetwork. I’ve been hesitant to advertise my apps because I didn’t want to participate in the “data industrial complex”.

But SKAdNetwork is just not ready for prime time. And the current mobile ad ecosystem just isn’t able to absorb this big of a change this quickly, as was evidenced by Facebook’s hint that it would have to completely abandon the Facebook Audience Network on iOS.

Apple delaying the privacy rules (if they do it) isn’t an admission that App Store profit is more important than user privacy, it’s an admission that ushering in a new privacy-friendly mobile marketing paradigm is too important to rush out half-baked.

Update (2020-09-18): George Deglin:

A feature in iOS that led to a vast ecosystem of advertising-supported apps is going away. Here’s what advertisers, developers, and consumers can expect over the coming months.

Exposure Notifications Without an App

Chance Miller (also: MacRumors):

At the time, Google and Apple also teased “phase two” of the technology. This is what is being released as part of iOS 13.7, and it allows users to opt-in to COVID-19 Exposure Notifications without installing an app. In order to verify a positive case, however, you still will need an app from a public health authority to confirm a positive COVID-19 case.

[…]

Unfortunately, Apple says that the availability of COVID-19 Exposure Notifications will still depend on support from local public health authorities, even as the ability to opt-in is now built directly into iOS 13.7.

Previously:

Tuesday, August 25, 2020 [Tweets] [Favorites]

Developer Accounts Nearly Terminated

Zac Wood (via Paul Haddad):

Submitted a minor update for @AtticsApp after nearly two years on the App Store and @Apple has decided out of nowhere that I have been engaging in “a pattern of manipulative or misleading behavior” and has permanently terminated my account. No evidence or specific reasons given.

It started after a build got rejected without a reason last week. A couple of days after, I received a message very similar to the screenshot that my account is being terminated. I appealed, trying to get info on what exactly the problem is, and then got the last message

Despite not telling him what he’s accused of, Apple writes:

This appeal decision is final, and any subsequent appeals you file will be closed without review.

Nathan Lawrence:

I cannot tell you how often I’ve seen this or a similar message, whether in personally helping someone or in a news story - and how often those then get reversed, like they say won’t happen, because there was a mistake.

This costs Apple nothing, but it’s terrifying for us.

Zac Wood, after some help from running to the press, which “never helps”:

Attics has been approved and my account will no longer be terminated -- apparently my app had been copied across the App Store many times and it wasn’t caught that mine was the original.

Gui Rambo:

This is scary. It’s not the first time Apple bans a developer because copies of that developer’s app (the original) were found on the store. If Apple is not good enough to determine who’s the owner of the original app, they’re not good enough to make these types of decisions.

If you are an iOS developer and you see copies of your app in the App Store, it is now your job to monitor the store for such copies and alert Apple, otherwise your entire developer account is at risk.

Ironically, I know of at least one case where the developer rightfully pointed out copyright violations of their app in the App Store, but in the end Apple banned their account because they couldn’t figure out who was the developer of the original app. 🙃

Tom Angistalis (via Chuq Von Rospach):

This happened with @FilmNoirApp back in May. The app was only available in TestFlight and out of nowhere we receive almost exactly the same email after we asked why our account was going to be terminated. Of course they didn’t tell us at first what was the reason.

Tom Angistalis:

We wanted to have a good user experience and open all links in the app, does that mean that we are responsible for all third party content? What baffles me is that the review team didn’t say anything about it until a tweet got some attention

[…]

We changed all links to open in native iOS Safari app and that deemed acceptable. Now the real question why they can’t tell you exactly that but they also ignore your appeal?

We simply asked what was the issue and they responded back by saying that our account was going to be terminated and the app review team wouldn’t consider any more appeals.

Of course, the rules are applied unevenly, and other apps are allowed to display links directly in the app.

Previously:

Potential

Francisco Tolmasky (member of the original iPhone team):

Apple’s iOS rules would not have allowed for the invention of the web browser. Let that sink in. They would have rejected one of the most important technical innovations in the history of computing. Microsoft‘s bully tactic of making IE free seems quaint in comparison.

But here’s the kicker: think of all the other amazing ideas that haven’t gotten a chance to be invented because they aren’t allowed on mobile devices. Mosaic happened less than 10 years after the Macintosh. We very well might have already had a browser-caliber invention by now.

Just for people asking: the flagrant violations of AppStore policy that web browsers would be rejected for in this hypothetical are:

1) Running outside code
2) Allowing payments that circumvent Apple’s IAP
3) Allowing access to NSFW content

Loren Brichter:

This.

And honestly the very idea of a “Web browser” needs a competitor (see: Google), but can’t happen because it wouldn’t be allowed on the computer you all already have in your pocket.

Ben Thompson:

This is the chief reason why, if I had to choose a victor in this case, I would choose Epic; Apple is a brilliant company, but they hardly have a monopoly on invention and innovation. My overriding concern is that their monopoly on iOS (and duopoly with Google, which copies many of their App Store practices) will prevent the invention and innovation of others.

Alex Hern:

One of the under-discussed downsides of Apple’s growing insistence that it take 30% of all commerce that occurs on or near iOS is that it massively entrenches the privacy-violating ad-funded business model that Apple professes to be fighting

No 30% cut for Apple if I fund my business by selling my customers’ personal data!

Rasmus Andersson:

Dropbox is an example of a product and company that would not have existed if it wasn’t for hackable OSes. Innovation inside Apple’s sandbox only allows “innovation” that Apple has already thought of and allowed. Totally fine for consumption but terrible for innovation.

And backup apps and emulators and Little Snitch.

Jason Fried:

If the [Apple-HEY] decision would have gone the other way, I was considered quitting, and basically retiring. […] Here’s why: I didn’t get into business — I didn’t start a business — to be told what to do by another business. […] We’re self-funded. We do everything our own way so that we can do it our own way. And to be in an industry where if Apple forced us to have to give them 30% of our business and not be able to interface with our customers the way we want, I don’t want to be in that industry.

Manton Reece:

Apple’s total control over iPhone app distribution and payment is preventing developers from doing their best work. The App Store started with good intentions, to help users, but the rules have become twisted, corrupted as Apple gains power.

Jason Snell:

I can’t tell you how many developers I’ve talked to who have similar stories.

Patrick Wardle:

Creating an open-source tool for macOS in 2020:

💻 Buy Mac ($1000+)
🎟️ Create Apple Dev. Account ($99/yr)
🏢 Create company (Entitlement pre-req!)
🤞 Beg for Entitlement(s)
🎫 Create/Install Signing Profile
📝 Write code (yay!)
🔐 Sign w/ Profile
📦 Notarize w/ Apple

(User) Installing an open-source tool for macOS in 2020:

⚠️ “Ok” on Gatekeeper alert
⚠️ “Ok” on System Extension Blocked alert
⚙️ Open System Preferences
🔓 Authenticate
✅ “Allow” in System Preferences
⚠️ “Allow” in Filter Network Content alert

Rosyna Keller:

For a normal open source tool/app, these additional steps aren’t needed.

It’s part of adding high-friction UX for methods that malware authors would use in the past to gather massive amounts of user/confidential information.

It’s a tradeoff because these features meant to protect users also add friction that make the products harder to use, which makes them harder to sell and more expensive to support. That, plus the delay and uncertainty of being able to get an entitlement, mean that fewer such products will be developed. We’ve come a long way from the early days of Mac OS X where the developer tools were included on the disc, and anyone could start writing code and sharing their work with people.

Various Mac operations get slower, and now I often see UI freezes and high CPU use caused by the security subsystems. There’s more potential for bugs, both because of the more complicated interaction between apps and the OS and because of problems with the OS itself. The steps Wardle describes seem obscure but straightforward enough, once you know them. But that’s the happy path. I’ve seen countless cases where a security-related file or database got messed up, and it was difficult for the user to fix it because of System Integrity Protection. Sometimes the cause of the wedging remains a mystery, and the only solution seems to be to reinstall macOS.

Development is more complicated because the security stuff is always changing and is often undocumented. New requirements are added in late August, months after the first WWDC build. One of the changes in Big Sur makes it much slower to develop my Mail plug-in. Previously, notarization was only necessary when shipping software to customers. Now, I need to notarize the plug-in each time I make a new build to test on my own Mac. In the best case, after writing some scripts to automate the process, this adds a few minutes to each build cycle. Yesterday and this morning, something was wonky with the notarization server, and notarization took almost an hour.

See also: Accidental Tech Podcast.

Previously:

Update (2020-08-26): Jeff Johnson:

Yesterday I had to reinstall the Big Sur beta (because Software Update was hosed). The installer app silently froze for a very long time on launch.

XProtect

Update (2020-08-27): Francisco Tolmasky:

One of the most troubling kinds of replies I got to this was that Apple would “of course” know how important the browser would be and make an exception. Setting aside the improbability of this, this defense of the rules is that Apple will break the rules at the right times.

This is a truly (sigh) 1984 mentality. The rules don’t even matter, why even bother arguing their logic? Apple will just make the right decision when necessary, regardless of the rules. Disregard that Apple can’t realistically spend that much time considering each submission.

Would anyone accept a bad law because they know that judges, in all their wisdom, would know when to not apply it? Do we think that AppStore reviewers are better judges of the future potential of every app they see than legal judges are of our own laws?

Ross Boucher:

I mean, they explicitly made a rule to block other browsers, so I’m not sure why anyone thinks they would have allowed the first one.

Brian Armstrong:

Apple has been very restrictive and hostile to cryptocurrency over the years. They’re still blocking some functionality right now, including the ability to earn money with cryptocurrency by completing tasks, and unrestricted dapp browsers.

Update (2020-09-14): Brian Armstrong:

I feel like Apple customers should be made aware: the crypto apps you use on iOS are not missing some features you want because the teams haven't gotten to them, those features are being censored by Apple.

UTM (via Tanner Bennett):

UTM is a full featured virtual machine host for iOS. In short, it allows you to run Windows, Android, and more on your iPhone and iPad.

But it’s not allowed in the App Store.

Court Rules on Epic’s Temporary Restraining Order

Manish Singh (Hacker News, MacRumors):

A district court denied Epic Games’ motion to temporarily restore the Fortnite game to the iOS App Store, but also ordered Apple to not block the gaming giant’s ability to provide and distribute Unreal Engine on the iPhone-maker’s ecosystem in a mixed-ruling delivered Monday evening.

U.S. District Court Judge Yvonne Gonzalez Rogers said Apple can’t retaliate against Epic Games by blocking the gaming firm’s developer accounts or restrict developers on Apple platforms from accessing the widely used Unreal Engine tools.

This seems like the right call to me. The order is here.

John Gruber:

For good play-by-play livestream coverage of the hearing, I suggest reading Sarah Jeong’s thread on Twitter.

Florian Mueller:

Judge Gonzalez Rogers reminded attendees of the fact that a TRO needs to be replaced by a preliminary injunction (PI) after 14 days--unless extended by consent--or it simply goes out of effect. Therefore, even if Epic obtained a TRO now, Apple could still try to prevail with respect to Unreal Engine a couple of weeks later--and this goes both ways, so whatever Epic doesn’t win immediately, it could still pursue in the next round. The PI hearing has been scheduled for September 28, so the TRO decision will be in effect for about a month.

[…]

With respect to Fortnite, however, the case appears clear to the judge. She told Epic’s counsel that they “didn’t tell Apple you had code in there [for an alternative payment system]” and noted that “this was not an insignificant breach, hence the reason we are here.” Counsel for Epic argued that her client merely “ceased complyi with an anticompetitive contract” or, more narrowly, “an anticompetitive provision.”

[…]

The judge expressed concern over Apple having taken an overreaching step by announcing the termination of a developer agreement that “has not been breached.”

Apple:

We thank the court for recognizing that Epic’s problem is entirely self-inflicted and is in their power to resolve. Our very first priority is making sure App Store users have a great experience in a safe and trusted environment, including iPhone users who play Fortnite and who are looking forward to the game’s next season.

We agree with Judge Gonzalez-Rogers that ‘the sensible way to proceed’ is for Epic to comply with the App Store guidelines and continue to operate while the case proceeds. If Epic takes the steps the judge has recommended, we will gladly welcome Fortnite back onto iOS. We look forward to making our case to the court in September.

Colin Cornaby:

It’s worth noting how bizarre Apple’s argument was. They demand their contracts be dealt with as absolutes, but when asked why they are terminating the dev tools contract that isn’t breached, they go “well we break routinely break contracts when we feel like it”

Frank Reiff:

It’s shocking to hear that Apple’s legal team are gunning for all Unreal Engine developers and do not seem to care much whether thousands of blameless developers’ livelihoods are impacted, just so that they can make a stronger move against Epic.

Ben Thompson:

The problem for Epic — and, I suppose, for me — is that to this observer it seems exceedingly likely that Apple is going to win this case, last night’s decision notwithstanding. Current Supreme Court jurisprudence is very clear that businesses — including monopolies — have no duty to deal with third parties, and if they do choose to deal with them (or are even compelled to), that they can choose the terms on which to do so. The only exceptions are if the monopoly in question changes the rules in an unprofitable way with the express purpose of driving out a competitor, or if any company — not even a monopoly — changes access to after-market parts and services.

In short, what is needed are new laws built for the Internet, which is why it was encouraging that Congress is holding hearings about these issues, and also frustrating that Apple received relatively little attention.

[…]

Here is what I believe the App Store has fundamentally wrong: its current organizing principle is digital versus analog; anything that is digital has to have in-app purchase, while anything that is analog — i.e. connected to the real world — can monetize however it pleases. […] The better organizing principle is whether or not the app developer has marginal costs.

Michael Love:

There’s a lot of good stuff in here, but I have to take issue with the idea of allowing external / lower-commission purchases if an app has ‘marginal costs’; while a reasonable principle in theory, I think it would be completely impossible to apply in practice.

Dave Wood:

The obvious answer is just to move iOS to a macOS like system but it’s just as obvious Apple isn’t willing to do that. My proposal is a compromise that I believe offers a fair direction forward for all parties involved.

[…]

More than that, my biggest complaint with Apple is the power they have to decide if another company should be allowed to provide their product/service. They are able to block any app that competes with them (now or in the future), is innovative in any way Apple hadn’t considered, or that goes against their values. Apple shouldn’t be allowed to project their values onto their customers.

[…]

The key difference being that Apple accepts anything that isn’t illegal or a valid security issue, but not every accepted app gets listed in the App Store. An app that has been accepted, but excluded from the store can be installed by a user that has a direct link provided by Apple upon approval. Side note: this gives Apple a great opportunity to optimize the App Store since they can remove the millions of junk/neglected apps and only present the best apps to users.

Previously:

Another MacBook Pro Flexgate Lawsuit

Hartley Charlton:

The second class-action complaint argues for violation of competition, false advertising, and consumer fraud laws. Apple is also accused of violation of the Song-Beverly Consumer Warranty Act, the Magnuson-Moss Warranty Act, and breach of express and implied warranty, in addition to fraudulent concealment and unjust enrichment.

Plaintiffs are seeking a range of relief measures, damages, and court fees. They also hope a judgment will compel Apple to identify and declare all defective MacBook Pros.

Why didn’t Apple just make the repair program available to all the affected models?

Previously:

Monday, August 24, 2020 [Tweets] [Favorites]

Microsoft Supports Epic’s Injunction

Joe Rossignol (also Hacker News):

In a court filing [PDF] today, Epic Games said that multiple Unreal Engine licensees have contacted the company “expressing grave concern over Apple’s actions and its impact on their iOS and macOS-bound projects,” including Microsoft.

In a declaration in support of Epic Games [PDF], Microsoft gaming executive Kevin Gammill wrote that “Apple’s discontinuation of Epic’s ability to develop and support Unreal Engine for iOS or macOS will harm game creators and gamers.” Specifically, Gammill said that games utilizing Unreal Engine will be put at a “substantial disadvantage,” citing Microsoft’s own racing game Forza Street for iPhone and iPad as an example.

Florian Mueller:

However, what Mr. Gammill’s declaration doesn’t explain is why Epic couldn’t live and comply with the Apple Developer Agreement it had been gladly and (very) profitably honoring for years. In that case, Epic’s Apple Developer Agreement wouldn’t be terminated, and the further development of the Unreal Engine wouldn’t be affected by the ongoing litigation.

[…]

Based on today’s declaration it’s clear where Microsoft stands, and it’s not hard to figure out why, but the above declaration really doesn’t strengthen Epic’s case for a TRO. The key issue is still the one of “self-inflicted wounds,” which the United States Court of Appeals for the Ninth Circuit doesn’t accept as a pretext for seeking a TRO.

Michael Love:

An arrangement where Epic can’t thumb their nose at the [App Store Review Guidelines] but also doesn’t get to take a bunch of other developers hostage while the case plays out is probably a best-case outcome for Apple from tomorrow’s hearing, but Microsoft legally backing Epic is a big deal long-term.

[…]

Microsoft is mostly not a game company; the good that opening up iOS would do them vastly exceeds a bit of lost commission from Xbox games.

Also, xCloud is currently not allowed on iOS at all - if anything, a favorable ruling for Epic would increase their revenues from that.

Previously:

Update (2020-08-25): John Gruber:

This doesn’t contradict my prediction that you won’t see Microsoft, Sony, or Nintendo file amicus briefs on Epic’s behalf about the App Store’s control over software and mandatory use Apple’s payment system. If Apple hadn’t threatened to revoke the developer program license for Unreal Engine, Microsoft wouldn’t have piped in here.

See also: Hacker News.

A Primer on Memory Consistency and Cache Coherence

Vijay Nagarajan et al. (via Pierre Habouzit and David Goldblatt):

Many modern computer systems, including homogeneous and heterogeneous architectures, support shared memory in hardware. In a shared memory system, each of the processor cores may read and write to a single shared address space. For a shared memory machine, the memory consistency model defines the architecturally visible behavior of its memory system. Consistency definitions provide rules about loads and stores (or memory reads and writes) and how they act upon memory. As part of supporting a memory consistency model, many machines also provide cache coherence protocols that ensure that multiple cached copies of data are kept up-to-date. The goal of this primer is to provide readers with a basic understanding of consistency and coherence. This understanding includes both the issues that must be solved as well as a variety of solutions. We present both high-level concepts as well as specific, concrete examples from real-world systems.

This second edition reflects a decade of advancements since the first edition and includes, among other more modest changes, two new chapters: one on consistency and coherence for non-CPU accelerators (with a focus on GPUs) and one that points to formal work and tools on consistency and coherence.

Pooled SARS-CoV-2 Testing

Noam Shental et al. (via Ben Adida):

Recent reports suggest that 10-30% of SARS-CoV-2 infected patients are asymptomatic and that significant viral shedding may occur prior to symptom onset. Therefore, there is an urgent need to increase diagnostic testing capabilities to prevent disease spread. We developed P-BEST - a method for Pooling-Based Efficient SARS-CoV-2 Testing which identifies all positive subjects within a large set of samples using a single round of testing. Each sample is assigned into multiple pools using a combinatorial pooling strategy based on compressed sensing designed for maximizing carrier detection. In our current study we pooled sets of 384 samples into 48 pools providing both an 8-fold increase in testing efficiency, as well as an 8-fold reduction in test costs.

It’s kind of like error correction codes and has similar limitations based on the frequency of errors/infections:

Our current implementation of P-BEST was designed for a carrier rate of ~1%. To allow higher testing efficiency, i.e., to minimize the number of pools required to screen a given population, designs should vary according to the carrier rate. Pooling designs can differ by the number of pools, and by the number of samples per pool. Specifically, as the carrier rate in the population rises more pools are required to correctly identify all positive carriers in a single testing round. Moreover, the required number of samples per pool decreases with increasing the carrier rate. Conversely, when carrier rates are low, more efficient pooling designs can be used, i.e., less pools are required to test the same number of individuals, while the number of samples per pool should be increased.

Lightroom for iOS Data Loss Bug

Juli Clover:

Adobe’s recent 5.4 update for the Lightroom for iOS app had a major bug in it that deleted user photos and presets, eradicating all content that had not been synced to the Adobe cloud service.

As noted by PetaPixel, complaints surfaced on the Photoshop forums on Monday, shortly after the update was released, followed by similar reports on Reddit and Twitter.

[…]

Adobe has recommended that affected users try to restore an iCloud backup that might have the lost content, but there’s no solution on Adobe’s end to address the loss and no fix if there’s no iCloud backup.

And restoring an iCloud backup is problematic because you can’t just restore one app. Restoring your Lightroom data would also revert newer data from other apps. Maybe you could restore to a different iOS device and let Lightroom sync the restored photos to the cloud, hoping that none of you other apps upload old data to the cloud.

Previously:

Subscription or No Subscription?

iA:

On the developer side, moving to subscriptions can be a gate to hell. They usually make less at first. Incidentally the first year you pay the higher fee. Over time they can make more—if you manage to keep your users. That is not a given. The switch from paid to subscription can cost you a fortune. Not technically. The technology is there. It will cost you: users. And angry users don’t just leave, they rate you angrily and write angry comments. They feel harmed and they try to harm you as much as possible. Anonymous ratings, upvoting, and reviews make revenge fast, easy, and cheap.

[…]

You might have noticed that there are no subscriptions for Apple’s own productivity apps. They are either free, like Pages, Numbers, Keynote, or very expensive and paid, like Logic, FinalCut, Motion.

[…]

Apple is more likely to help, feature, and support a popular app if it has a subscription. Apple will still show interest in your future if you sell a lot of apps. If there is no subscription planned, Apple’s interest vanishes in circles. They come back, showing interest in a featuring here and there, asking questions about your future, and if your response is “no subscriptions” or “no subscriptions only” their interest evaporates. Until they don’t ask anymore.

[…]

We tried high prices, mid-range prices, low prices, free, and freemium. Getting Android users to pay for software is not for the feeble-hearted. So far, offering a free basic version with a choice between paid and subscription seems to be the only thing that works. And that doesn’t mean we buy yachts, it means that we might be sustainable in one or two years.

They’re charging $5/year or $30 to buy the app.

Update (2020-09-11): See also: Hacker News.

Friday, August 21, 2020 [Tweets] [Favorites]

WordPress Bug Fixes Blocked Over IAP

Matt Mullenweg:

Heads up on why @WordPressiOS updates have been absent… we were locked by App Store. To be able to ship updates and bug fixes again we had to commit to support in-app purchases for .com plans. I know why this is problematic, open to suggestions.

WordPress has been in the App Store for a long time. Recall that Tim Cook told Congress that Apple was not changing the rules to make more apps subject to fees but had instead “exempted additional categories of apps.” And that in June Apple said that “bug fixes will no longer be delayed over guideline violations.”

Ben Thompson:

I am admittedly puzzled as to why Apple is denying me updates to the open source app for my open source web site because one user of that app happens to sell domains.

Also, I thought Apple wasn’t going to hold bug updates hostage anymore?

WordPress (and the app) are GPL, and App Store TOS and DRM violate GPL. Thus only the copyright holder can submit an app for all of WordPress, both self-hosted and WordPress.com.

Apple is thus holding millions of websites hostage for 30% of Automattic domain sales 🤷‍♂️

To be clear, the app doesn’t sell anything, and why would it? It’s an open source project. Apple is requiring the addition of functionality that has no plausible reason to exist.

Fernando Bunn:

I just had a bug fix release rejected by Apple because of an issue that’s there since always and never caused a rejection before. (Basically, if you try to SIWA without internet connection we display a generic error)

I sent a new build, asked for an Expedited Review, they accepted the request and it’s “In Review” for more than 24h…

[…]

They rejected the expedited Review (after 2 days), saying that you can’t create an account using the app. I’m working with B2B apps for more than 9 years and it’s the first time I see this as a reason for rejection.

Meanwhile my critical bug fix release is still not approved.

And this specific app has the exact same login flow since ~5 years ago.

Maynard Handley:

To add to Ben’s point, there is a more generic problem here of a faction within Apple that have prioritized today’s rents over customer delight.

You may not care about App Store in-fighting but you see it elsewhere as well.

For example: Why is Apple being such a prick about audiobooks on Apple Watch? Clearly this is something people have wanted since day 1. But Apple DEMANDS that the only books allowed are those bought through Apple. Any 3rd party solution is clumsy and sucks bcs is fighting the OS

Previously:

Update (2020-08-25): Sean Hollister (also: MacRumors):

While Mullenweg says there technically was a roundabout way for an iOS to find out that WordPress has paid tiers (they could find it buried in support pages, or by navigating to WordPress’s site from a preview of their own webpage), he says that Apple rejected his offer to block iOS users from seeing the offending pages.

Tom Bridge:

It was pretty convoluted to get there. Like, six or eight clicks deep in the help. They offered to restrict that page by referrer and user agent and were told to just do IAP instead.

Brent Simmons:

Will I be asked to add IAP to NetNewsWire for purchasing Feedbin and Feedly accounts? It doesn’t sound like that much of a stretch right now.

[…]

Related question: how is the PR hit to Apple worth it for the money they’ll make through these WordPress IAP sales? And: how is developer fear a good thing for the platform?

John Gruber:

How is WordPress’s app different from Hey other than that WordPress’s app already includes very useful free functionality? I really don’t get how this free app that doesn’t sell anything or require a paid account for a service violates any App Store guidelines.

Jesper:

This serves literally no one, not even Apple.

Anil Dash:

And the weird thing is, even if they walk this back, Apple is just contributing to the sense that they’re openly shaking down 3rd party devs now.

Chuq Von Rospach:

It’s almost as if Apple doesn’t understand its own policies any more, much less how they impact their reputation, good will and all of us.

Tyler Sonnemaker:

An Apple spokesperson told Business Insider that, per App Store policies, apps — including WordPress — operating across multiple platforms can let users access a service on their iOS app that they paid for on a different platform (such as a website), but the developers then have to offer the ability to purchase that service in the app, too.

[…]

Mullenweg told The Verge that WordPress has already agreed to comply with Apple’s demands and within 30 days will add in-app purchase options for the paid services offered by WordPress.com.

Steven Hoober:

WordPress is 17 years old.

Is by far the most popular CMS, 60% market share.

Making it run A Third of all websites.

This giant of the internet cannot conceivably stand up to the second most popular desktop and mobile maker.

Matt Mullenweg:

I am very grateful that folks at Apple re-reviewed @WordPressiOS and have let us know we do not need to implement in-app purchases to be able to continue to update the app.

Apple:

We believe the issue with the WordPress app has been resolved. Since the developer removed the display of their service payment options from the app, it is now a free stand-alone app and does not have to offer in-app purchases. We have informed the developer and apologize for any confusion that we have caused.

So, basically, Apple tried to shake down WordPress. Perhaps the reviewer made a mistake, and the appeals process didn’t work. But Apple doesn’t want to admit that, so they insinuate that WordPress was trying to sneak through external payments. We know that wasn’t the real issue because Apple had previously said that removing the help links wasn’t sufficient. WordPress asked for weeks what they could do to get the app approved and was told that that the only option was to add IAP.

Dieter Bohn:

Don’t miss the attempt to redefine the clear and common meanings of words in this Apple statement.

WordPress was ALWAYS a “free standalone app” regardless of whether it happened to mention the mere existence of commerce outside the App Store or not.

Jason Snell:

Also troubling: Mullenweg only went public with Apple’s rejection because Apple had, weeks before, told WordPress that Apple’s decision was final and that they’d need to alter their app to add in-app purchases in order to stay in the App Store. It was only after Mullenweg’s original tweet went viral that Apple re-examined the decision, backed down, and apologized.

This shows that the old (Steve Jobs? Phil Schiller?) guideline that “going to the press never helps” may be the most hilariously false thing Apple has ever produced.

But let’s consider the larger issues. What is wrong with the App Store approval system that a major vendor like WordPress would apparently be rejected in a way that would have been entirely final without the intervention of higher-ups?

Ed Bott:

The fact that Apple FORBIDS legit service providers from helping their customers get to their payment pages just torpedoes Apple’s argument that they are all about user experience.

Ben Thompson:

I have sat on these anecdotes for several months now, in part because this is all I can say: none of the developers were willing to go on the record for fear of angering Apple. What I think the WordPress and Hey episodes show, though, is that these are the exact sort of apps where Apple is getting things wrong, at least as far as popular opinion is concerned.

See also: Hacker News.

Previously:

Apple Files Response to Epic

Ina Fried:

“If developers can avoid the digital checkout, it is the same as if a customer leaves an Apple retail store without paying for shoplifted product: Apple does not get paid,” Apple said in the filing.

[…]

Apple says Epic has no antitrust case against it because it can’t possibly monopolize the mobile app market, given competition from Google. (Epic maintains that Apple’s App Store and Google’s Play Store are in fact discrete markets, each a monopoly in its own right.)

Dieter Bohn:

It might be a strong argument! I’d have more sympathy for it if developers had the choice of any other way to distribute software on iOS.

[…]

Apple is making the argument that the App Store is more than a marketplace, that it’s inseparable with offering SDKs and developer tools like TestFlight, ARKit, and even stickers.

I don’t know that those things need be bundled. They’re not on the Mac.

Sacha Sayan:

A better analogy is if the customer goes to the farmer’s market, and the grocery store gets angry because they’re not getting a cut.

Steve Troughton-Smith:

I’m not on team Epic, and I’m definitely not on team Apple. The way Apple thinks about the developers that bring life to its platforms is disgusting

I don’t know whether there was an internal change in the last 18 months or if the mask has simply slipped, but Apple has made a lot of official statements lately that are really tone-deaf from the perspective of a developer. It doesn’t seem to understand or value our contributions or remember that apps existed before the App Store.

Previously:

Update (2020-08-25): Dave Winer:

In 1980-something I was invited to give a talk at Apple along with a reporter from the NYT. The idea was that we would give feedback to Apple people to help them work better with developers and the press. I took the assignment seriously. I showed up with a list of requests, things Apple could do to give their platform an advantage over the IBM PC, their chief competitor at the time. # When I finished, Apple people lined up to give me feedback on how ungrateful I am. They do all the work and I make all the money and get all the glory. Funny thing, because I viewed it exactly the other way around. They had real salaries and benefits. I was always skating on thin ice.

Paul Haddad:

Apple keeps acting like it only creates development tools & technologies as a favor for developers. BS they do it because without outside developers no one would use their hardware. The relationship is and should be symbiotic.

Apple’s filing is here.

Nick Heer:

In the category of “arson, murder, and jaywalking”, Apple cited an insufficient changelog as one justification for pulling Fortnite from the App Store.

Jeff Johnson:

“Epic wants access to all of the Apple-provided tools like Metal, ARKit and other technologies and features. But you don’t want to pay.”

Simeon:

Apple deprecated OpenGL and is suggesting Epic should be grateful at not being charged extra for using Metal, the only non-deprecated alternative?

Russell Ivanovic:

Slightly odd considering the open alternative Vulkan is unsupported by Apple. “Epic used the only graphics API we would let them use”. Yeah…of course…what was their alternative exactly?

Steve Troughton-Smith:

Apple’s APIs are not just APIs, they’re Apple IP we developers all leech off of. This kind of thinking should have died with Steve, and is why Apple’s old guard needs to go

Steve Troughton-Smith:

Genuine question: what does a statement like this by @pschiller make you feel as a developer on Apple’s platforms?

Marko Karppinen:

I didn’t realize that “iCloud document storage” was something Apple provided developers in exchange for the 30% IAP cut. I’ve been paying $9.99/month for it like an idiot

Francisco Tolmasky:

It honestly feels like the warranty has expired on Apple’s values and they’ve just decided to go full mustache-twirling villain in the last month. The company has been unrecognizable from a product perspective for a while, but now they’re just doing 90’s era Microsoft cosplay.

Michael Love:

Along with all of the other offensive stuff about this: WE HELPED THEM BUILD IT. Not only by giving people a reason to buy iPhones, but we’ve shaped the way iOS has developed; most of Apple’s decisions about where to take iOS come from studying and/or ripping off our apps.

The Metal API which Apple insists is so innovative was most likely developed with a great deal of input / feedback / bug reporting from Epic, not to mention that Epic helped Apple evangelize it to other developers; did Epic get paid for any of that?

Platforms are collaborative efforts; that’s literally what makes them platforms. If Apple now views iOS not as something that they work with developers to deliver amazing experiences on but rather as a product they sell to us for money then they’ve completely lost the plot.

Christopher Lloyd:

The iOS origin story is rooted in a GPL violation, NeXT distributed modified gcc binaries for Objective-C and did not release source. Relenting in later releases and reworking of the changes after much FSF patience.

saurik:

[When] the iPhone first came out, jailbreaks were plentiful and powerful… the iPhone tried to be a closed and locked down platform, but failed due to the almost continual existence of serious security flaws that allowed for 0-day drops of exploits with almost every new device release (which coincided with every new major iOS release).

This means that we can actually look back at the history of the iPhone and answer the question “could the iPhone have been as successful as it was if there had been a switch that allowed users to opt out of Apple’s complete control of not only whose apps could be installed, but further what kind of software could be installed (to let you install things like daemons or extensions to existing apps)” and the answer is “apparently, it could, because it did”.

Stephen Warwick:

We sat down (virtually, of course) with Florian Mueller of FOSS Patents and analyst Neil Cybart to discuss the lawsuit, how Epic got the ball rolling, its basic demands, and of course, the comparison between the lawsuit against Google. We also chatted about the context of antitrust complaints like those of Spotify, and what it all means for everyday consumers.

See also: Eskil Steenberg, Hacker News.

Seeking Special App Store Deals

Benjamin Mayo (tweet):

A letter signed by a trade group that represents top newspapers including the Wall Street Journal, New York Times, and the Washington Post says that Apple’s rules prevent them from investing in quality journalism. Among other changes, the letter asks for Apple’s cut of in-app purchases to be reduced to 15%.

[…]

Court documents revealed that Apple has privately granted these terms to Amazon, in order to attract Prime Video to its platform. This seems to be the central motivation behind this letter from the trade group: why is Apple willing to give these more favorable terms to Amazon but not to other media companies?

DCN:

At a hearing before the Committee on July 29th, Rep. Hank Johnson asked Apple CEO Tim Cook whether the terms between Apple and Amazon are available to other developers. Cook assured the Congressman that they are “available to anyone meeting the conditions.” Interestingly, at the same hearing, Cook talked about how platforms are in fierce competition for developers.

So, this week, DCN’s CEO Jason Kint, wrote to Cook to publicly call for the disclosure of the terms of this deal so that “anyone meeting the conditions” can apply for them. This is a key test for Apple: Will app developers of any size (the ones for which Apple claims to be competing) be able to get the same terms? Did Cook speak the truth before Congress? Will Apple’s behavior match its trust-based branding?

The secret conditions must have something to do with water. The three members of the “established” program are a river, a canal, and a company headquartered below sea level.

Jesper:

Clearly this must be some kind of mistake. All developers are treated equally by Apple, and no one ever gets to skirt the rules or a better deal – at least according to congressional testimony under oath.

Nick Heer:

Apple’s credibility on the fairness of its application of App Store policies is increasingly tattered by cutting special deals like these. It is widely rumoured that a similar agreement existed for Netflix as well.

Juli Clover:

According to Apple, Epic Games in June sought a special deal from Apple’s Phil Schiller that would change the way in which Epic offers apps on the App Store. From CNBC:

“On June 30, 2020, Epic’s CEO Tim Sweeney wrote my colleagues and me an email asking for a ‘side letter’ from Apple that would create a special deal for only Epic that would fundamentally change the way in which Epic offers apps on Apple’s iOS platform,” former Apple Senior Vice President Phil Schiller wrote in a declaration.

Epic Games CEO Tim Sweeney previously said that Epic was not seeking a special deal from Apple and was instead fighting for “open platforms and policy changes equally benefiting all developers,” but it appears that Epic did attempt to establish a unique relationship with Apple prior to when the lawsuit was filed.

It seems totally reasonable to ask for a special deal when other companies are clearly getting them (Schiller and Cook statements notwithstanding). Suing for special treatment would look bad, though, so Epic’s lawsuit seeks to change the rules for everyone.

Update (2020-08-21): Tim Sweeney:

Apple’s statement is misleading. You can read my email in Apple’s filing, which is publicly available. I specifically said in Epic’s request to the Apple execs, “We hope that Apple will also make these options equally available to all iOS developers…”

Previously:

Thursday, August 20, 2020 [Tweets] [Favorites]

Taking Ownership of Rust

Rust Core Team (via Hacker News):

Notwithstanding the deep personal impact, the Rust project as a whole is very resilient to such events. We have leaders and contributors from a diverse set of different backgrounds and employers, and that diversity is a critical strength. Further, it is a common misconception that all of the Mozilla employees who participated in Rust leadership did so as a part of their employment. In fact, many Mozilla employees in Rust leadership contributed to Rust in their personal time, not as a part of their job.

[…]

[The] Rust Core Team and Mozilla are happy to announce plans to create a Rust foundation. The Rust Core Team’s goal is to have the first iteration of the foundation up and running by the end of the year.

[…]

While we have only begun the process of setting up the foundation, over the past two years the Infrastructure Team has been leading the charge to reduce the reliance on any single company sponsoring the project, as well as growing the number of companies that support Rust.

Previously:

What Changed Before SwiftUI 1.0

Kuba Suder:

However, I was surprised to see how many of those things I wrote down don’t work anymore.[…]

And the problem is that all those old APIs are still there in the WWDC videos from last year. But WWDC videos are usually a very good source of knowledge, people come back to them years later looking for information that can’t be found in the docs, Apple even often references videos from previous years in new videos, because they naturally can’t repeat all information every year.

This was bothering me enough that I decided to spend some time collecting all the major changes in the APIs that were presented in June 2019, but were changed later in one place.

Russell Kirsch, RIP

DL Cade (Hacker News):

Computer scientist Russell A. Kirsch, the inventor of the pixel and an undisputed pioneer of digital imaging, passed away on Tuesday in his Portland home from complications arising from a form of Alzheimer’s disease. He was 91 years old.

[…]

As DPReview points out, Kirsch never stopped improving on his most famous invention, even after retiring in 2001. In a 2010 interview with WIRED, he outlined his attempts to create a system that uses “variable shaped pixels” instead of the squares that have dominated digital imaging since he invented them.

Wikipedia:

In 1951 Kirsch joined the National Bureau of Standards as part of the team that ran SEAC (Standards Eastern Automatic Computer). SEAC was the U.S.’s first stored-program computer to become operational, having entered service in 1950.

Russell Kirsch (via Hacker News):

I’ve been against Macintosh company lately. They’re trying to get everyone to use iPads and when people use iPads they end up just using technology to consume things instead of making things. With a computer you can make things. You can code, you can make things and create things that have never before existed and do things that have never been done before.

That’s basically what Alan Kay said. There’s just something about him calling Apple “Macintosh company.”

Weather Apps, After Dark Sky

Jonas Downey:

This is an existential threat to indie weather apps. We’re now forced to:

A) Find a new provider that’s comparable and integrate it instead of Dark Sky.
B) Create a new set of widgets that are at least as good as Apple’s (preferably better!)
C) Do all of this in about 3 months.

We also have to learn all the new tech, update our existing app to work with iOS 14, and deal with the fact that this is all beta software that’s clunky, poorly documented, and barely works in a bunch of ways.

Oh, and Apple has special access to private APIs that we don’t have.

I was hoping Apple would integrate the Dark Sky features into the iOS 14 API. That would make it easier to develop (if not necessarily to sell) weather apps, as several of them have better interfaces than Apple’s own. Instead, they’ve improved the built-in app but made things worse for fans of alternate apps.

Previously:

Wednesday, August 19, 2020 [Tweets] [Favorites]

Oculus to Require Facebook Accounts

Oculus:

Today, we’re announcing some important updates to how people log into Oculus devices, while still keeping their VR profile. Starting in October 2020, everyone using an Oculus device for the first time will need to log in with a Facebook account.

[…]

After January 1, 2023, we will end support for Oculus accounts. If you choose not to merge your accounts at that time, you can continue using your device, but full functionality will require a Facebook account.

Palmer Luckey:

I am already getting heat from users and media outlets who say this policy change proves I was lying when I consistently said this wouldn’t happen, or at least that it was a guarantee I wasn’t in a position to make. I want to make clear that those promises were approved by Facebook in that moment and on an ongoing basis, and I really believed it would continue to be the case for a variety of reasons. In hindsight, the downvotes from people with more real-world experience than me were definitely justified.

Can’t You Just Right-Click?

Jeff Johnson:

Some people claim that Mac users can “just right click” to run unsigned software. But what does that mean exactly? Let’s look at the user experience, in a series of screenshots.

[…]

This alert mentions the possibility of malware, and the default action is Move to Trash, so we’re not off to a good start. Notice that there’s no mention of right clicking.

[…]

Another warning! Again with a scary message mentioning malware and loss of privacy. And again, Move to Trash is the default option. If you do click the Open button, though, it does work as advertised. You can “just” right click to run unsigned Mac software.

Note that with an Apple Silicon Mac, unsigned software won’t run at all. You can sign it without needing a developer account, but you can’t notarize it, so it will be treated to these dialogs.

Previously:

Update (2020-08-24): See also: Hacker News.

Update (2020-09-28): Jeff Johnson:

You can delete the com.apple.quarantine extended attribute from a file using the /usr/bin/xattr command-line tool, but that’s not very simple, because you have to switch to Terminal and type an error-prone command. Ideally, we want to “just right click” in Finder. This is where our old friend Otto comes in.

Apple Silicon Macs to Require Signed Code

Apple:

New in macOS 11 on Apple silicon Mac computers, and starting in the next macOS Big Sur 11 beta, the operating system will enforce that any executable must be signed with a valid signature before it’s allowed to run. There isn’t a specific identity requirement for this signature: a simple ad-hoc signature issued locally is sufficient, which includes signatures which are now generated automatically by the linker. This new behavior doesn’t change the long-established policy that our users and developers can run arbitrary code on their Macs, and is designed to simplify the execution policies on Apple silicon Mac computers and enable the system to better detect code modifications.

This new policy doesn’t apply to translated x86 binaries running under Rosetta, nor does it apply to macOS 11 running on Intel platforms.

For Mail plug-ins, this is the third time signed code has become a requirement, with other times in between where it was forbidden.

Update (2020-08-24): See also: Hacker News, Reddit.

Tyler Hall:

I wish they’d tell us specifically what attack vectors they’re protecting us from. Just a simple, real-world justification for why this is needed would go a long way towards assuaging our fears. Instead, it’s just “Trust us.”

I’ve been trying to figure out the benefits, and as far I can tell they only apply in very narrow circumstances. However, unless I’m missing something, the cost of requiring signed code is also very low.

Howard Oakley:

Unlike developer signing and notarization, this isn’t intended to prevent any modifications being made to executable code. Malicious software could always re-sign modified code using another signature, although in doing so it would lose access to resources which were tied to the original signing identity, of course. But it’s intended to significantly reduce the surface area of attacks.

Previously:

Bill English, RIP

BBC:

The co-creator of the computer mouse, William English, has died aged 91.

[…]

His first version was a wooden block with a single button - and underneath, two rolling wheels at 90-degree angles that would record vertical and sideways movement.

[…]

He left the Stanford Research Institute in 1971, moving to Xerox’s famous Parc research centre.

There, he replaced the wheels on his first mouse design with a rolling ball - the design that became familiar to most end users over the next decades.

Via Josh Centers:

While Englebart came up with the idea for the mouse, it was English who built it out of wood, electrical switches, and metal wheels in 1963. Neither man became wealthy from their inventions, which were ignored for decades. However, in our opinion, they deserve places in history alongside Edison, Tesla, and Turing, because they defined the direction of human-computer interaction that continues through today.

Tuesday, August 18, 2020 [Tweets] [Favorites]

Time to Change the App Store Sales Model

Drew McCormack (tweet):

But that is not the app world of 2020. It has become a huge, multifaceted market, with multiple platforms, crossover with the web, and a multitude ways to make money. Very few companies now live solely within Apple’s city walls; they are more like multinationals, with offices in many cities, trading across borders in a global marketplace. Apple’s simplistic feudal system, taxing income alone, feels dated.

[…]

[The] landlord’s success is based on bringing value to the property itself, and my success derives from how well I execute on my business, the restaurant. It would feel wrong if the landlord demanded a cut of the restaurant profits, something they have had no part in.

[…]

To make it in today’s app world, you have to find your own users. A company like Netflix will have benefited very little from being featured by Apple, and that is no doubt why they feel miffed at Apple taking 30% of income they have worked hard for.

He wants a rent-like fee based on download tiers, plus a (smaller) percentage for apps that use Apple’s payment processing.

Max Seelemann:

We’d be a step closer to fairness if apps that monetize outside would also pay for the visibility and distribution. Especially business apps and ad-driven platforms pay nothing but get all the benefits for free.

Developers don’t owe Apple for the iPhone or the toolchain. That’s nuts. Apple earns for that from the devices sales. Building an SDK is a service for the users not the developers. They sell more phones because of apps available and their quality.

Ben Thompson:

And worst of all, while this was happening, App Store functionality, particularly around payments, was being left in the dust by companies like Stripe, Square, Shopify, and even PayPal. While these companies were making it radically easier for developers to accept payments, offer subscriptions, even get loans and manage their finances, Apple’s payment solution took years to even support subscriptions (never mind that that solution is so difficult to use that a startup just raised $15 million to provide basic tracking functionality); in-app purchase still doesn’t support traditional trials or upgrades, the importance of which I’ve been writing about for years.

[…]

The App Store was, at least at the beginning, a wonderful example of this promise; as Jobs noted even the smallest developer could reach every iPhone on earth. Unfortunately, without even a whiff of competition, the App Store has now become a burden for most small developers, who instead of relying on the end-to-end functionality offered by, say, Stripe, have to support at least two payment solutions, the combined functionality of which is limited to the lowest common denominator, i.e. the App Store.

Frank Illenberger:

I would be more than happy to pay 30% for sales through the Apple App Stores if they were first class for both customers and developers. But until we get there they have to fix a lot of problems[…]

[…]

The StoreKit framework is deficient. Implementing subscriptions is extremely tedious and unreliable and the customer facing purchase UI only consists of raw modal alerts loosely popping up in any order.

Why are subscription apps and apps with free trials treated as if they were free? This is deeply wrong, confusing, and is leading to a load of problems like unwarranted bad reviews and unfair placement in the charts.

Apple does not offer a path for paid upgrades but at the same time limits the types of apps that are eligible for subscriptions. This severely restricts business opportunities for a lot of apps.

Previously:

Update (2020-08-26): Nick Heer:

Purely as an observer and user, it seems that Apple’s current enforcement of App Store policies has made them the police officers hiding behind the construction site barricade ticketing pedestrians instead of trying to figure out why so many tickets are being written in the first place. Surely it more desirable to think less about what is legally possible and more about what is best.

This is not an argument for Apple to abandon all control over iOS and bend to the demands of every developer. It is only an observation that the attempts at policy circumvention and aggressive enforcement actions are not sustainable for a healthy developer ecosystem. It has been a long time since Apple was a company that prioritized developer needs, but there is a big difference between being standoffish and hostile — and the latter is increasingly an apt way to describe building apps for the iPhone and iPad.

Update (2020-08-27): Mike Piontek:

I’ve spent months working on App Store receipt validation. It’s a mess but I thought I understood it. I’ve watched WWDC videos across multiple years multiple times, I’ve read all the disconnected documentation spread across Apple’s web site, I’ve looked at third-party guides.

Today I’ve discovered I’m either doing something very wrong, the App Store sandbox returns inconsistent data, or maybe both. I’m just so frustrated and angry and defeated.

Joe Cieplinski:

THIS is the part of the App Store I actually get angry about. The tools are way undercooked, and the documentation only makes you more confused. This stuff should be dead simple to implement at this point.

Update (2020-09-07): Rene Ritchie:

Personally, I’m still debating between two different takes on this.

The first is keeping it at 30% but really delivering on the promise of the App Store for developers and customers alike. A real focus on eliminating scam apps, outdated apps, websites wrapped as apps. Even if it’s only feasible for the top 100 apps in every category. The ones that have the most visibility. Also, no derelict frameworks, no capricious rejections, no accidental terminations, just no BS. Basically, rather than treating developers as second-class suppliers, treating them as first class customers — of App Store services. Making developer sat every bit as much of a bragging point as customer sat.

This is a nice idea, but there have never been structural incentives for this to happen, so it likely won’t. I don’t think Developer Sat is in the corporate DNA. And, absent that, it’s hard to improve in an area that isn’t a direct revenue source and that doesn’t have dog fooding or real competition.

The second is that Apple should just suck it up and drop the rate to 15% for everything, across the board. Not dropping for droppings sake, or even for the optics, but just to get the balance back towards break-even. Apple’s platform obviously provides tremendous value to developers, and apps obviously provide tremendous value to Apple’s platform, so periodic adjustments to maintain that balance is in the best interests of everyone, especially customers.

My guess is that Apple could break even at just 3% to cover credit card processing, as it’s already collecting more than a billion dollars per year in developer program membership fees.

App Consoles

John Gruber (tweet):

If you think Epic is right in principle about iOS and Android, then they ought to be making the same argument about Xbox, PlayStation, and Switch. A computer is a computer. “Consoles” are a business model and user experience design choice, and the iPhone and iPad are effectively app consoles, where games are just one type of app.

Steve Troughton-Smith:

The idea that the de facto primary computing platform for most of the world is an ‘app console’ is trash. Apple may be treating it like a console, but it’s so much more important than that and is a critical component in the daily lives of nearly everybody on this planet

The smartphone is everything from communication to banking to camera to credit card to medical device to navigation to game platform. It doesn’t play in the same arena as games consoles; it doesn’t even play in same arena as desktop computers — it’s far more important than the PC

All the more essential that the future of innovation atop smartphone computing is not entirely beholden to the whims of a single team (or VP) at a single company, who has shown time and time again that they can modify and abuse their rules for their own benefit

It is an app console, because that’s how Apple runs iOS. But should it be? Troughton-Smith is right that this is qualitatively different from gaming consoles. Because of the scale and importance of these platforms, I think a better analogy is something like network neutrality.

Comcast and Verizon have built networks of wires and towers that deliver packets to your devices. Does this mean that Comcast should be able to block packets from competing video providers or charge extra for them? Should Verizon be able to block mentions of AT&T or MVNOs? Should they get a cut of everything you buy online because they routed the packets, making sites don’t comply invisible? Yet that’s pretty much where we are with the App Store. Customers who are really lucky have two high-speed Internet providers to choose from, but that limited competition doesn’t give them much protection. What helps is that there’s a long history of network neutrality, and the companies believe the government will step in if there’s abuse. Likewise, with iOS and Android, having a duopoly rather than a monopoly does very little for customers—and in this case the government has so far been hands-off.

Ben Thompson:

The specific case of Apple and the iPhone raises an additional angle: should the importance of the market in the question make a difference as well?

[…]

Apple consistently acts like a company peeved it is not getting its fair share, somehow ignoring the fact it is worth nearly $2 trillion precisely because the iPhone matters more than anything. This is not a console you play to entertain yourself, or even a PC for work: it is the foundation of modern life, which makes it all the more disappointing that Apple seems to care more about its short term bottom line than it does about the users and developers that used to share in its integration upside; if Apple doesn’t change course, hyperessential will at some point trump hypercompetitive.

Jeff Johnson:

The top selling game console Nintendo Switch has over 2000 games.

The iOS App Store and Google Play Store each have over 2 million apps. They’re not consoles. You can effectively curate a few thousand titles, but not a few million.

Nick Heer:

Perhaps there is a difference between app distribution expectations on game consoles and smartphones. In my mind, it feels like there ought to be. But I am having a difficult time articulating why that ought to be so. Perhaps it is as simple as the smartphone being a convergence device, while a game console is intended primarily as a single-purpose appliance.

Matt Birchler:

The PlayStation 4 is fundamentally a game playing device, and allowing random software to run on it is not going to change that. There have been plenty of open gaming platforms to hit the market, and despite this open nature and the ability to technically run anything, all of them have just been game playing devices.

[…]

At the end of the day, the smartphone is likely the most important single piece of hardware in most people’s lives. You basically must own a smartphone today, and if you’re going to get one in 2020 and you live in the US, then 46% of you will get an iPhone and 54% will get an Android phone. That’s it, there are no other players in the market, so we don’t have a monopoly, but we sure do have duopoly.

Gerrit:

The “what about consoles” argument also ignores history— 4 years ago Epic broke Sony’s platform rules by adding cross-play between consoles to Fortnite. They demonstrated to consumers that Sony had a bad rule (that hurt them), Sony was pressured into changing it and everyone won.

Nick Heer:

I certainly fall on the side of considering smartphones more as general purpose computers, but the arguments Gruber has been setting up have got me thinking harder about it. It is a difficult line to draw: why should a PlayStation not be considered a computer like the one at your desk? But, also, why should an iPhone be thought of as closer to a Mac than an Apple Watch? I am not arguing that it should not — I fully believe that there are differences between all of these devices — but I have not seen a clear articulation for why that is.

Michael Love:

Apple doesn’t heavily subsidize their hardware and then make it up on proprietary game sales like console makers do; if Apple lost $200 on every iPhone they shipped it’d be a whole lot easier for them to justify their 30%.

Tim Sweeney:

Consoles are unique in that the hardware is sold at or below the cost of manufacturing, and is subsidized by software sales, whereas iOS and Android are insanely profitable for Apple and Google from just hardware sales and ads.

Chris Holcomb:

The difference is that switching game consoles is easy for gamers. But switching computing platforms (iOS/Android/etc.) that have photos, contacts, dozens or hundreds of accounts and apps ... this is hardship for most and enables monopoly.

The second (related) distinction is that almost all adult Americans are tied to a mobile computing platform. Far fewer own a single gaming system. There are far more negative economic outcomes due to monopolies in general computing platforms.

Steve Troughton-Smith:

Apple have built one of the two dominant computing platforms of the next 30 years, and as a result of how they’re running it, ensure that nobody else but them can ever build on top of it and do anything that’s not pre-approved by Apple, stifling innovation and harming consumers

Michael Love:

The problem with all of these “App Review is the only thing keeping us safe” takes is that even if you buy that idea, there’s no reason why that has to be coupled with an App Store.

Like, why not just add a human review element for iOS app notarizarion? Would do whatever it is they do now minus the business model stuff. Can charge a per-submission fee to cover the cost if you don’t simply include it with developer program membership.

Will Strafach:

iOS could allow Notarized apps like macOS. still have same App Store, still managed, let the users decide whether their preference is Apple’s 30/15 offering or an alternate download.

Adam Faircloth:

As long as App Store is the only way to install apps (and it is, TestFlight/jailbreak not viable), rules should be:

-app doesn’t wreck the device
-app doesn’t trick or cheat the user

And that’s it. Apple doesn’t have to promote every app, but they should be allowed.

Michael Love:

iOS sideloading, done right, would open up vast new opportunities for developers while preserving all of the parts of the current system that actually benefit users; Apple should seize the opportunity to do it well, rather than wait and eventually have to do it poorly/grudgingly.

Also, a seamless, Apple-y version of sideloading - tap on a link and tap on an alert and the app installs - would actually be a fairly bad outcome for Facebook/Epic et al, since it would dampen the prospects for 3rd party stores and encourage small devs to distribute directly.

Tanner Bennett:

[As] soon as tech giants can threaten to leave the App Store, Apple will be forced to implement agreeable payment rules to keep apps like Netflix and Prime from jumping ship.

In all likelihood nothing will change as far as grandma is concerned.

Jeff Johnson (tweet):

The iOS App Store has been compared alternatively to a retail store and to a game console. Retail stores and game consoles are very different entities, so I’m not sure how, rhetorically speaking, both comparisons are allowed and considered apt. In any case, neither comparison is accurate, presently or historically. We know the origins of the App Store, because it originated only a dozen years ago. The model for the App Store wasn’t retail stores. It wasn’t game consoles. It wasn’t even the smartphones that existed at the time. The model for the iPhone App Store was the iTunes Music Store.

[…]

The term “app console” has been coined recently to describe the iOS app business model, but in my opinion it would be more accurately termed an “app jukebox”.

[…]

It’s worth noting that iTunes does let you import music from outside the iTunes Music Store.

But try getting your own music into the iOS Music app without using a computer.

Matt Birchler:

I’m just saying, I much preferred the “Macs are trucks, and iPads are cars, but they’re both computers” metaphor we’ve used for a decade. What happened to that in the past week?

Previously:

Update (2020-08-24): Thomas Brand:

@gruber opened my eyes, iOS is an app console. For some people the restrictions and advantages of a console make for good personal computer, but I will never look at an iPad or iPhone’s future potential the same way again. Far too restrictive.

Matt Birchler:

We no longer say, “Macs are trucks and iPads are cars,” instead we say, “Macs a general purpose computers and iPads are consoles, did you actually think there were similar?”

We no longer say, “the iPad can replace your Mac,” instead we say, “the iPad is a totally different product with totally different distribution, and it will never be anything like a Mac.”

We no longer say, “there’s an app for that,” instead we say, “there’s an app for that as long as its business model fits in with the App Store rules written in 2008 and Apple gets 30% of whatever you’re selling, even if you don’t sell it in app, unless you’re Netflix or some other big company.”

We no longer ask, “what’s a computer?” Instead we ask, “we all know what computers are, and iPads are no computers.”

See also: Accidental Tech Podcast.

Update (2020-09-18): Fred Wilson:

Coinbase, Epic, and Spotify are not alone in their struggles with Apple and Google. They are simply large enough and protected enough to go public with their struggles. The truth is every developer that distributes software through these two app stores struggles with them.

In what world does it makes sense for two large and powerful companies to completely control software distribution on mobile phones? In no world does it make sense. It must stop.

The control also extends to the Mac.

AppAdvice Removed From the App Store (in 2015)

Mahmoud Hafez:

Today I found out an email I wrote to @tim_cook in 2015 was part of the congressional record in the antitrust hearings earlier this month. My email was about App Review gaining too much power (back in 2015!)

[…]

Apple removed our popular iOS app which at the time was visited by 750k devices each day. Our app was an app recommendation app that curated the App Store into lists of best apps to download. In late 2014 it was removed from the App Store without warning.

[…]

The reason they listed was not their true motivations.

Mahmoud Hafez (Hacker News):

I subsequently spoke to Phillip Shoemaker, who confirmed that Apple executives ordered the elimination of apps that drove downloads to the App Store. He said “Your app drove download volume. Apple doesn’t want any outside sources to drive ratings. So yeah, we got rid of all app recommendation apps.” He said he thought it was unfair, but this was something Apple set out to do, and even as Senior Director of App Store (person directly in charge of App Review), he could not stop it.

The other thing that was hard to understand, is we used to have a great relationship with Apple. We were not flying under the radar. Since the App Store first launched in 2008, we used to be invited to all Apple events to see the new product launches, we met with the iTunes team to discuss upcoming initiates for the App Store, our apps were featured on the devices inside of many demo units into Apple Stores. It felt like a complete 180, and until this day I never got a formal conversation on what they actually objected to, beyond being pointed to a vague rule which was applied arbitrarily. They became a brick wall in terms of communication, and this is why I resorted to emailing Tim Cook.

How can this be, when Tim Cook told Congress that the rules are “transparent” and Apple wants to “get every app we can on the store, not keep them off”?

The letter (PDF):

When we saw some apps get removed, it made us more steadfast in our mission. Because we believed the fact that we were not bothered is because we were doing it the "right1 way. We were really serving the user and the App Store. Not selling fake "recommendations" as deceptive ads. We literally turned down millions of dollars in revenues, as developers repeatedly asked to pay per install to be featured in our app (outside of tradition advertising).

[…]

I always thought I knew what these guidelines were trying to protect. People gaming the App Store charts and users being tricked into believing bad apps were the best. But we are not doing that. I can’t even make up a reason why I think Apple would not want our app on the Store. It’s a great app with [redacted] 5 star reviews and countless thank you emails from our users.

I fear App Review is getting too powerful. It’s no longer about keeping iDevices safe or protecting the user’s best interest. It’s now about something else which I don’t understand. I am not alone in this observation and it honestly makes developing on the platform scary.

Previously:

Facebook Events vs. the App Store

Juli Clover:

As Apple battles with Epic Games over its App Store fees, Facebook is joining the fight over its new Paid Online Events feature, which allows small businesses in 20 countries to charge Facebook users to attend online classes and events.

[…]

When a business owner schedules an event through Facebook on iOS, Facebook will make it clear that Apple is taking a 30 percent cut of the purchase price. Facebook is waiving its own fees for the feature “for at least the next year.”

Transactions done on the web or on Android where Facebook Pay is available will allow business owners to keep 100 percent of revenue generated from paid online events.

Previously:

Monday, August 17, 2020 [Tweets] [Favorites]

Apple to Cut Epic Off From iOS and Mac Developer Tools

Epic (also: MacRumors):

Apple removed Fortnite from the App Store and has informed Epic that on Friday, August 28 Apple will terminate all our developer accounts and cut Epic off from iOS and Mac development tools. We are asking the court to stop this retaliation. Details here.

Juli Clover:

Cook said that there’s competition to attract developers just like there’s competition to attract customers, likening the battle for developers to a “street fight for marketshare.”

[…]

Cook also said that Apple does not retaliate or bully app developers who do not agree to Apple’s App Store rules. “It’s strongly against company culture,” said Cook.

Josh Centers:

Honestly, good on Apple for giving Epic the boot. They’d do the same to any other developer who pulled that sort of stunt. For once, they really are treating large developers the same as small ones.

Steve Troughton-Smith:

“But this is just App Review’s normal response”

…should it be, though? None of this should be normal. We’re numb to it as developers in the ecosystem, but Apple completely cutting developers off from tooling & distribution, beyond malware reasons, is insane

Michael Love:

But I very much look forward to reading Apple’s spin on this, given that just a week ago they were suggesting they would welcome Epic back with open arms if Epic changed their mind about IAP.

Steve Streza:

Epic undoubtedly knew this would happen and I’m sure the developer program terms spell that out somewhere, but setting a precedent of “if you sue us for the App Store we will kick you out before you get a ruling” is a chilling effect.

Colin Cornaby:

Apple terminating Epic’s developer account would be purely retaliatory. Fortnite is down from the App Store, there is no ongoing violation of Apple’s policies. Terminating Epic’s developer account would also affect the Unreal game engine, and endanger other games using it.

Basically what Apple is doing is trying to force Epic to upload an iOS version of Fortnite with IAP (which again, is not currently in the App Store) or Epic’s account is taken away.

We’ve all talked about Apple keeping apps they don’t like on the App Store, but this would be the first time we’ve seen Apple basically put a gun to a developers head to force them to publish an app that’s not currently on the store with an Apple defined feature set.

Jeff Johnson:

Yes, Epic violated the rules, because they’re challenging the legality of the rules. In order to have standing to sue, you need to show harm. The only way to challenge the legality of the App Store rules was to get kicked out, which is the harm.

Bob Burrough:

Lots of folks taking the perspective that Epic got what they deserved because they violated Apple’s rules. However, a corporation cannot enforce a rule that is unlawful. It happens all the time...e.g. non-compete agreements are not enforceable in California.

Jeff Johnson:

Apple just proved today that the Mac is no longer an open platform. It’s every bit as closed as iOS now.

[…]

Apple claimed that Developer ID and notarization were only for malware.

This is proved definitively to be a lie.

Steve Troughton-Smith:

Apple threatening to cut off, stop contributing to & optimizing its hardware for Unreal Engine is 1,000% unnecessary & vindictive, and hurts every dev using Unreal on the platform. If they were trying to make Cook look like a liar to Congress, it would be hard to do a better job

John Gruber:

It’s a fascinating armchair quarterback game to speculate on what Epic anticipated from Apple as a reaction and what they didn’t. Pulling Fortnite from the App Store they obviously anticipated — Epic had both the lawsuit and 1984 ad parody ready to go. Revoking Epic’s developer account, I’m not so sure.

rsa:

Wait did Apple tell Fortnite that in a fortnight they will be deleted? Damn that’s subtle but savage.

See also: Hacker News.

Previously:

Update (2020-08-18): John Gruber:

In a court of law, Apple seems well within its rights to terminate Epic’s membership. In the court of public opinion, Apple comes off looking heavy-handed here, especially as it pertains to Unreal Engine. To be clear, Apple is not banning or even mentioning games that use Unreal Engine; what Epic is saying is that all games that use Unreal Engine will be affected as a byproduct of Epic no longer being able to work on Unreal Engine for Apple’s platforms.

Malathi Nayak and Mark Gurman, quoting Apple (tweet):

We very much want to keep the company as part of the Apple Developer Program and their apps on the Store. The problem Epic has created for itself is one that can easily be remedied if they submit an update of their app that reverts it to comply with the guidelines they agreed to and which apply to all developers. We won’t make an exception for Epic.

John Gruber:

Epic has been clear that they aren’t seeking a permanent exception to the App Store Guidelines[…] So the “exception” Apple speaks of, I think, would be allowing Fortnite to remain in the App Store with its own payment processing while the lawsuit is litigated — and perhaps allowing Epic to keep its developer program membership?

[…]

If I were a game developer who depends on Unreal Engine, I’d be irate at Epic. They’re creating drama and eroding trust over a fight that Unreal Engine licensees aren’t a part of and didn’t sign up for.

Michael Herf:

Apple called f.lux in 2015 and said they would revoke our ability to make f.lux for >5M Macs if we didn’t take down our iOS sideload. At the time these were governed by separate license agreements.

Michael Love:

Re-reading the briefs in Apple v. Pepper and this line from an Apple brief was pretty much begging for Epic to do what they just did.

Graham Lee:

People put up with this for the justifiable reason that the Apple technology platform is pleasant and easy to use, well-integrated across multiple contexts including desktop, mobile, wearable and home.

[…]

My view is that the one fact—the high-quality technology—doesn’t excuse the other—the rent-extracting business model and capricious heavy-handed application of “the rules” with anyone who tries to work with them. People try to work with them because of the good technology, and get frustrated, enervated, or shut down because of the power imbalance in business.

[…]

Through a continuum of changes, but no deliberate “OK, time to rip off the mask” conversion, Apple is now the IBM that fans booed in 1984, or the Microsoft that fans booed in 1997.

It’s OK to not like that, to not defend it, but to still want something good to come out of their great technology. We have to let go of this notion that for Apple to win, everyone else has to lose.

Benedict Evans:

The trouble is, if you have a curated, managed sandbox, where a company decides what’s safe, you have to do a good job of managing and curating, and Apple has not, always, done a good job at all.

[…]

For a lot of big companies, iPhone users are the market. When your product has a few points of market share you can make whatever choices you like, but when you dominate the market, other rules start applying. Apple isn’t the pirates anymore - it’s the navy, the port and the customs house.

John Gruber:

The pro-consumer argument is perfectly valid, but it applies every bit as much to game consoles as to app stores.

[…]

Even though Microsoft itself just got itself into an Xbox-related high-profile controversy with Apple regarding its iOS App Store policies, I suggest not holding your breath waiting for Microsoft (let alone Sony or Nintendo) to file a friend of the court brief for Epic, or even to offer Epic a word (or tweet) of encouragement. If Epic registers a significant win against Apple and Google in this fight, the game consoles are likely next.

Nick Heer:

Those rules are what is at stake here. So far, my argument that Apple was playing by the book is based on the notion that the book is accurate and can be trusted. Epic is arguing that these rules are deeply flawed and, to prove it, it is possible that it was forced to break the rules. That doesn’t absolve the company of rule-breaking; it’s just that none of the effects of the last several days should be a surprise. Epic is probably right that Apple should have changed the App Store rules. What surprises me is that a company as notoriously controlling as Apple might be required to let lawyers and judges make those changes instead of doing so of its own volition.

Benjamin Mayo:

I think the likely resolution of the standoff is that Epic relents in a couple of weeks time. They will retract the direct payments feature and Fortnite will then return to the App Store. The stunt has served its purpose as a mildly-embarrassing smear campaign against Apple, and its effect won’t be lessened by Epic backtracking. In fact, that might only serve as legal ammo: Epic could argue that Apple’s retaliatory action was so harsh that it left them no choice but to back down.

Assuming Apple sticks to its convictions, we must wait for some government body to enact change through an arduously long court and appeals process.

[…]

The money is one thing. Personally, I care more about reining in the power Apple has to deny entire categories of apps from existing.

Update (2020-08-19): Jesper:

Combined with the power in Apple’s grasp, their immense size using nearly every possible metric, and the policies used in the store today, theirs is the language of the person on the wrong side of history.

Kyle Howells:

If you got banned from Apples ecosystem, you’d rely on Google’s to exist in the modern world (and vis versa).

If you somehow got banned from both ecosystems (only 2 companies), I’m honestly not sure how you’d participate in modern life.

That’s terrifying!

Spawn Wave:

The new strategy when selling an iPhone on eBay is to mention it has Fortnite installed apparently

The Case of the Top Secret iPod

David Shayer:

They didn’t actually work for the Department of Energy; they worked for a division of Bechtel, a large US defense contractor to the Department of Energy. They wanted to add some custom hardware to an iPod and record data from this custom hardware to the iPod’s disk in a way that couldn’t be easily detected. But it still had to look and work like a normal iPod.

[…]

Finally, the iPod team developed on Windows computers. Apple didn’t have working ARM developer tools yet, because this was before the iPhone shipped. The iPod team used ARM developer tools from ARM Ltd, which ran only on Windows and Linux.

[…]

We discussed the best way to hide the data they recorded. As a disk engineer, I suggested they make another partition on the disk to store their data. That way, even if someone plugged the modified iPod into a Mac or PC, iTunes would treat it as a normal iPod, and it would look like a normal iPod in the Mac Finder or Windows Explorer. They liked that, and a hidden partition it was.

[…]

Starting with the iPod nano, the operating system was signed with a digital signature to block the Linux hackers (and others). The boot ROM checked the digital signature before loading the operating system; if it didn’t match, it wouldn’t boot.

Update (2020-08-19): See also: Hacker News.

Frances Allen, RIP

IBM (via Hacker News):

Frances “Fran” Allen, a pioneer in the world of computing, the first female IBM Fellow and the first woman to win the Turing Award, died on August 4, 2020, the day of her 88th birthday.

[…]

In debt with student loans, Fran joined IBM Research in Poughkeepsie, NY as a programmer on July 15, 1957, where she taught incoming employees the basics of FORTRAN. She planned to stay only until her debts were paid, however, she ended up spending her entire career at IBM.

[…]

This work led to Fran’s seminal paper on Program Optimization, first published in 1966, describing a robust new framework for implementing program analysis and optimization as well as a powerful set of new algorithms. Fran’s 1970 paper on Control Flow analysis introduced the notion of “intervals” and node dominance relations, important improvements over the control flow abstractions given in her earlier paper. Her 1972 paper, “A Catalog of Optimizing Transformations,” identified and discussed many of the transformations commonly used today.

Kim Lyons:

In a 2002 New York Times profile, Allen said there was much initial skepticism of Fortran and how effective it could be in making computer programming easier and more efficient, which was a main focus of her career. “There was tremendous resistance,” she said. “They were convinced that no higher level language could possibly do as good a job as they could in assembly.” But the work sparked her interest in compiling, she said later, “because it was organized in a way that has a direct heritage to modern compilers.”

Jesper:

Her work represents the road not taken that many, me included, regret.

The chapter about her in Coders at Work is recommended reading.

Cade Metz:

The N.S.A. machine, called Stretch-Harvest, was intended to analyze communications intercepted by listening posts operated by American spies around the globe. Ms. Allen helped build the machine’s programming language and compiler.

Epic Sues Over Google Play Store, Too

Russell Brandom (Hacker News, MacRumors):

Epic Games has filed suit against Google over alleged antitrust violations, just hours after seeing Fortnite dropped from the both the Google Play Store and iOS App store and filing a similar lawsuit against Apple. Epic’s complaint alleges that Google’s payment restrictions on the Play Store constitute a monopoly, and thus a violation of both the Sherman Act and California’s Cartwright Act.

Epic’s hit game Fortnite was removed from the Google Play Store earlier today.

Epic:

Notwithstanding its promises to make Android devices open to competition, Google has erected contractual and technological barriers that foreclose competing ways of distributing apps to Android users, ensuring that the Google Play Store accounts for nearly all the downloads of apps from app stores on Android devices. Google thus maintains a monopoly over the market for distributing mobile apps to Android users, referred to herein as the “Android App Distribution Market” (infra Part II).

[…]

Epic’s experience with one OEM, OnePlus, is illustrative. Epic struck a deal with OnePlus to make Epic games available on its phones through an Epic Games app. The Epic Games app would have allowed users to seamlessly install and update Epic games, including Fortnite, without obstacles imposed by Google’s Android OS. But Google forced OnePlus to renege on the deal, citing Google’s “particular[] concern” about Epic having the ability to install and update mobile games while “bypassing the Google Play Store”.

Jay Peters:

Epic also alleges that the original deal between Epic and OnePlus would have made the launcher available worldwide, but Google “demanded that OnePlus not implement its agreement with Epic with the limited exception of mobile devices sold in India.”

Epic also alleges that Google “prevented LG from pre-installing the Epic Games app on LG devices” because — in LG’s words, apparently — LG had a contract “to block side downloading off Google Play Store this year.”

Nick Statt, in April:

“After 18 months of operating Fortnite on Android outside of the Google Play Store, we’ve come to a basic realization,” reads Epic’s statement. “Google puts software downloadable outside of Google Play at a disadvantage, through technical and business measures such as scary, repetitive security pop-ups for downloaded and updated software, restrictive manufacturer and carrier agreements and dealings, Google public relations characterizing third party software sources as malware, and new efforts such as Google Play Protect to outright block software obtained outside the Google Play store.”

Daniel Bader:

All due respect, there’s more than a little hyperbole in “scary, repetitive security pop-ups.” This is the “scary” process of installing the Epic Games app on Android through Epic’s own, fully guided website.

Inconvenient? Maybe. But not scary.

His screenshots look pretty scary to me. It says, “For your security, your phone is not allowed to install unknown apps from this source.” Google and Apple (on macOS) both use exaggerated language in their alerts.

Michael Love:

I am glad they’re calling Google out on all the hoops they make you jump through for sideloading; it’s better than not having it at all, but it’s hard to argue it’s all necessary for user security.

Previously:

Update (2020-08-28): Russell Ivanovic:

[Sideloading] doesn’t work because Google makes it very hard to do and also doesn’t let you do stuff like auto update.

Mozilla Signs Fresh Google Search Deal

Katyanna Quach:

Within hours of the browser maker laying off a quarter of its staff this week, a well-placed source told The Register Moz had signed a three-year agreement with Google. […]

However, our source told us Moz will likely pocket $400m to $450m a year between now and 2023 from the arrangement, citing internal discussions held earlier this year.

[…]

The more skeptical among you may be thinking Mozilla used the pandemic as cover while it rejigs its workforce to reduce its reliance on Firefox – which is thoroughly dominated by Google Chrome on desktop and especially mobile – and tries to come up with new products so that it can stay afloat if or when Google turns off the money tap.

On the other hand, with other browsers adopting Chrome’s Chromium engine, Google may want to keep Firefox alive as a competitor to avoid yet more abuse-of-market-dominance complaints.

Frank Hecker (via Hacker News):

So, if you’re an avid user of the Firefox browser and want to chip in a few dollars to help support its development, there’s actually no way for you to do so, at least not at present. Your donations will go to the Mozilla Foundation, which will use them to help fund its outreach and advocacy initiatives, of which it has several.

[…]

Instead you can think of the Mozilla Corporation as being analogous to the Bell Labs or Xerox PARC of yore, R&D organizations funded by a seemingly-unending stream of profits earned by other businesses that enjoyed dominant positions in their respective markets. In this sense Google is to Mozilla as AT&T was to Bell Labs, or Xerox to Xerox PARC.

[…]

The basic situation is that Mozilla has tried to be at least three things simultaneously: an advocacy organization, a developer and distributor of mass market consumer software and related services, and (as noted above) a research lab.

[…]

In the end Mozilla Corporation senior management apparently decided to go for being a consumer software and services company, and to ditch any activities not related to that, including research projects. Having done so, the Mozilla Corporation faces a number of problems[…]

Alan Gibson:

Looking at Mozilla’s finances, it’s reasonable to conclude that Google is keeping them on life support to keep the anti-trust hounds at bay.

[…]

With the troubles at Mozilla, Google is one step closer to replicating the WeChat and Facebook walled-garden model on the Web. A quick survey a the field of play shows just how far Google has come in capturing the once open Web.

[…]

But Google doesn’t even need Chrome to dictate standards since it controls the Web’s front door. AMP, a technology no one asked for, is now on over 70% of all marketing websites for no other reason than Google said so.

Jesper:

Mozilla was, and is still for an indeterminate amount of time, the check and balance on Apple and on Google, the two remaining browser engine competitors. Both have perverse incentives to turn the web into their own platform, to make the web not compete with their own platform or make the web look like and behave like their own platform.

[…]

I have no interest in most of Mozilla’s offshoots like the Pocket app or iOS Firefox, but I will likely switch to Firefox and find a way to support them as a manner of principle. I should have done it much sooner.

Previously:

Friday, August 14, 2020 [Tweets] [Favorites]

XCSSET Mac Malware

Trend Micro (via Dave Verwer):

We have discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to steal cookies via a flaw in the behavior of Data Vaults, another is used to abuse the development version of Safari.

This scenario is quite unusual; in this case, malicious code is injected into local Xcode projects so that when the project is built, the malicious code is run. This poses a risk for Xcode developers in particular. The threat escalates since we have identified affected developers who shared their projects on GitHub, leading to a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects. We have also identified this threat in sources such as VirusTotal, which indicates this threat is at large.

This blog will summarize the findings of this threat, while its accompanying technical brief contains the full details of this attack.

Previously:

Update (2020-08-17): See also: Hacker News.

Update (2020-08-24): Hartley Charlton:

In an exclusive interview with MacRumors, the security researchers behind the discovery, Oleksandr Shatkivskyi and Vlad Felenuik, have provided more information about their research.

Outlining Complaints About the App Store

Josh Centers:

At this critical juncture for the company, we wanted to take the opportunity to analyze the complaints against Apple regarding how it runs the App Store. We’ve spent a long time observing and considering these issues, and you may agree or disagree with our evaluation and conclusions. As we are neither regulators nor Apple executives, the decisions are ultimately not up to us. We merely want to lay out the issues and offer suggestions on how Apple can improve, for the sake of users, developers, and even the long-term viability of the company itself.

[…]

The most likely path forward is for Apple to do nothing different until forced to change by a regulatory body. I say this is the most likely, because, from Apple’s statements, the company seems to think it has nothing to apologize for and feels that it is doing the world a favor in the way it’s running the App Store.

However, I think this would be a mistake that both the company and its fans would eventually regret.

There’s been a lot of App Store news over the last few months, and this article ties it all together.

Previously:

Update (2020-08-18): See also: Background Mode.

Update (2020-08-24): Josh Centers:

It turns out that, although TidBITS readers are largely critical of how Apple runs the App Store, they’re also against government regulation as a solution. Let’s dig into the survey questions and your responses.

Thursday, August 13, 2020 [Tweets] [Favorites]

Epic Direct Payment

The Fortnite Team (via Hacker News, MacRumors):

Today, we’re also introducing a new way to pay on iOS and Android: Epic direct payment. When you choose to use Epic direct payments, you save up to 20% as Epic passes along payment processing savings to you.

[…]

Currently, when using Apple and Google payment options, Apple and Google collect a 30% fee, and the up to 20% price drop does not apply. If Apple or Google lower their fees on payments in the future, Epic will pass along the savings to you.

Of course, this was asking to be removed from the App Store.

Apple, quoted by Juli Clover, explains this and continues to gaslight us (also: Hacker News):

Today, Epic Games took the unfortunate step of violating the App Store guidelines that are applied equally to every developer and designed to keep the store safe for our users. As a result their Fortnite app has been removed from the store. Epic enabled a feature in its app which was not reviewed or approved by Apple, and they did so with the express intent of violating the App Store guidelines regarding in-app payments that apply to every developer who sells digital goods or services.

[…]

The fact that their business interests now lead them to push for a special arrangement does not change the fact that these guidelines create a level playing field for all developers and make the store safe for all users.

Epic was ready with a lawsuit (PDF, via Hacker News):

Mobile computing devices (like smartphones and tablets)—and the apps that run on those devices—have become an integral part of people’s daily lives; as a primary source for news, a place for entertainment, a tool for business, a means to connect with friends and family, and more. For many consumers, mobile devices are their primary computers to stay connected to the digital world, as they may not even own a personal computer. When these devices are unfairly restricted and extortionately “taxed” by Apple, the consumers who rely on these mobile devices to stay connected in the digital age are directly harmed.

[…]

Epic is not seeking monetary compensation from this Court for the injuries it has suffered. Nor is Epic seeking favorable treatment for itself, a single company. Instead, Epic is seeking injunctive relief to allow fair competition in these two key markets that directly affect hundreds of millions of consumers and tens of thousands, if not more, of third-party app developers.

[…]

There is no security justification for requiring the use of In-App Purchase for a user’s in-app purchase of in-app content. […] Apple permits app developers like Amazon, Uber and Airbnb to process payments from customers for the goods and services they sell; it can likewise permit Epic, Match, Pandora and others to process payments from customers for the digital goods and services they sell.

Previously:

Update (2020-08-17): Ryan Jones:

Even haters must admit, this is the only way to get change with Apple. It’s the strategy tax of silence.

Nick Statt (tweet):

The ad features a signature Fortnite character racing into a dimly lit auditorium of corporate zombies, slack jawed and eyes glazed as an anthropomorphic Apple celebrates exploitation of the working class. The character swings her pickaxe toward the screen, shattering it and displaying a message modeled after the original Apple ad’s memorable onscreen text: “Epic Games has defied the App Store monopoly. In retaliation, Apple is blocking Fornite from a billion devices. Join the fight to stop 2020 from becoming ‘1984.’”

It’s a stunning piece of animation because it uses Apple’s original underdog persona in the personal computing industry of the 1980s and Orwellian themes of state control to cast Apple as the ultimate villain, its growth and greed having turned it into the very suit-clad enemy it railed against nearly four decades ago.

John Gruber (tweet):

Epic, in a very savvy way, is waging this war as much or more in the court of public opinion as they are in any court of law. And, ultimately, Apple stands to lose more in brand equity than in dollars, no matter how this turns out.

Epic:

How do I get a refund if I’ve spent money on Fortnite and can’t access my purchases because of the Apple blockade?

Unfortunately, Apple doesn’t allow Epic Games to directly refund players for iOS purchases and instead requires players to ask Apple for a refund. Please follow these instructions to ask Apple for a refund[…]

Steve Troughton-Smith:

It’s almost like Epic is baiting Apple into generating evidence for the antitrust cases 😅 Offering non-Apple IAPs, at a discount, with a remotely-enabled UI after passing App Review days ago?

[…]

If Apple doesn’t change the rules or come to some other kind of agreement, any other developer would have their developer account revoked and be banned from the App Store for remote-enabling functionality like this 🤷‍♂️

Paul Haddad:

Pretty sure anyone else would have their app and developer account fully banned for this kind of stunt.

Paul Haddad:

If nothing else this proves that App Review is mostly security theater, any bad actor can quite easily put in remotely enabled code that they’ll never catch.

James Thomson:

Whatever happens here, I will be highly surprised if it leads to any improvements for small devs like me. Most likely, a backroom deal will be made with Epic, and another secret exemption will be added to the App Review guidelines…

Steve Troughton-Smith:

Epic’s angle to players: they offered a discount, Apple wants to screw players over for 30% extra instead, so Apple kicked Fortnite off of iOS. Combined with Apple’s stance on Microsoft’s xCloud, message will be clear: if you care about playing or making games, forget iOS

Michael Gartenberg:

Apple refused to settle the ebook antitrust case. Tim felt Apple was in the right and was willing to take it all the way to the end. Apple lost, has to pay for a special master to oversee process amongst other things. I do not see Apple walking away. It’s going to be epic.

Federico Viticci:

Questionable rules that are not applied equally to all devs; seemingly random app rejections; secret backroom deals; inability to change default apps; rejection of cloud gaming services; a 30% fee in 2020; conflict of interest with  Services.

None of this bodes well.

For me, all this ultimately boils down to a single question:

What’s preventing iOS devices from being like Macs, where you have an App Store *and* the secure GateKeeper mechanism for installing software?

M.G. Siegler:

Here’s what I don’t get (from Apple’s perspective): this rebellion was always inevitable. They kept putting band-aids over the dam cracks and now it’s gone and burst.

The actual cut part is secondary. It’s more so about re-writing and re-thinking the App Store rules for 2020, not 2010. Everything has changed in world and in this space.

Apple is standing on extremely shaky (and in many ways disingenuous) ground. And I don’t see why it’s worth holding such ground in the face of pissing off developer partners and the next generations of their consumers. There’s a bigger game afoot. They’re missing it.

Sriram Krishnan:

I saw first hand at MSFT in the mid-00s the harm caused by having developers root against you. Took almost a decade and Satya’s ascension to recover from.

Apple may not be able to measure yet the long term impact of having so many developers upset with them.

Damien Petrilli:

Is there any company who was hated so much by its own dev community outside Apple?

Greg Miller:

This is exactly like -- I’m not joking -- Taylor Swift taking on Spotify. Taylor didn’t need the money, but she was a big enough voice that her making a statement brought the issue to the masses:

Francisco Tolmasky:

The most interesting thing about Apple in this App Store war is what I think is a genuine lack of empathy for the other side. I think they actually don’t see it. Not that they have to agree with it, but I think they can’t even fathom what the other position is.

Perhaps it’s because they rarely interact with anyone that isn’t another huge player, like Amazon for example. So at that scale, it really does seem like just an arm-twisting battle. We each have missiles pointed at each other, and we’ll see who chickens out first.

This is perhaps how you arrive at completely bizarre double speak: The App Store is in place to provide a "fair marketplace" for apps, however, the companies that LEAST need assistance (the Netflix’s and Amazon’s), are the ones that get the special reduced deals.

Alastair Houghton:

Honestly, I think @TimSweeneyEpic is right about some of it. The payment restrictions in the App Store aren’t about keeping people safe.

Nor, really, is there a reason to ban third-party app stores.

David Barnard:

This is 100% a self-own by Apple. Ball’s in their court, there is so much they can do to improve App Store policies & take some heat off both the Epic lawsuit & antitrust complaints. But I don’t think they will. Working at Apple makes it difficult to see the forest for the trees.

Apple would do well to internalize some of the dissenting voices. Literally. Hire App Store critics and make it their job to tear apart internal arguments that would otherwise go unchallenged by employees who aren’t empowered to speak up, or have lost all perspective.

I’ve had a lot of conversations with Apple over the years. And I know they think they do this, but they just don’t. It’s way more insular than anyone at Apple can ever admit to themselves or the rest of the company.

Jack Wellborn:

I think Apple unhealthily leans on App Store fees to boost revenue growth. I’ll add here that I believe protecting these fees has taken priority over both user experience and developer relations, and that Apple’s reputation has taken countless hits as a result. That said, Epic isn’t merely trying to force app stores into lowering their fees or allowing third party payment processors, they are trying to force Apple and Google into allowing their own games store.

Charlie Chapman:

Oh dang, they’re not fighting for 30% of Fortnite sales, they’re fighting for ~12% of everyone elses 😅

Makes more sense why they’re prepping to spend this much money on this long shot battle with Apple.

Tim Sweeney:

At the most basic level, we’re fighting for the freedom of people who bought smartphones to install apps from sources of their choosing, the freedom for creators of apps to distribute them as they choose, and the freedom of both groups to do business directly.

The primary opposing argument is: “Smartphone markers can do whatever they want”. This as an awful notion.

We all have rights, and we need to fight to defend our rights against whoever would deny them. Even if that means fighting a beloved company like Apple.

iA:

Apple is partying in antitrust land forcing its competitors to hand out 30% of its revenue. And they are lying about the undeniable: That they run monopolies. The game is rigged. And no one is enforcing the rules.

[…]

Android users don’t spend money on apps. Not spending money is the Android brand. Android is not an alternative, it’s an alternate reality.

Jason Snell:

I really do believe that, if left to its own devices, Apple would simply shrug and walk away, leaving Epic unable to reach people who want to play Fortnite on an iPhone or iPad. But surely Apple is also considering the potential threat of government intervention in its business. If I were at Apple, I would rate that threat as one of the top two existential threats to Apple. (The other is Apple’s reliance on China both as a place to sell products and as its manufacturing hub, given the deteriorating relationship between it and the U.S.)

[…]

My inclination is that Apple should compete on the merits of its features, rather than winning because it’s the only option. Apple’s in-app purchase system will be simpler, more convenient, and more familiar to most users of its platforms. Add in Sign In With Apple and Apple Pay and things could become even more frictionless. If Apple is afraid that video-game-streaming services threaten the future of games in the App Store, I can relate—but if that’s truly the future of gaming, Apple won’t prevent it from coming true by banning the future from its store. It’ll just end up being behind the times.

Ben Thompson (Hacker News):

What is troubling about this [Amazon] example, which also applies to Netflix, Spotify, and other so-called “Reader” apps, is that Apple’s aggressive integration up the stack isn’t really helping anyone. Users are confused, these big developers get fewer customers than they might have otherwise, while Apple’s overall iPhone experience is degraded. The ones that really lose out, though, are smaller developers whose cost structures cannot support Apple’s 30% cut, yet don’t have the brand awareness to enable customers to find their websites. In this way Apple is actually making dominant companies even stronger (much like they are Facebook).

[…]

What was particularly disappointing about these shakedowns, though, is that Apple itself admitted in a press release that it had been holding up bug fixes in App Review “over guideline violations”, many of which were about driving usage of its own payment processor. This is truly an inversion of the win-win-win dynamic that characterized the company’s previous integration efforts: now users were being put at risk for bugs developers were liable for because of arbitrary reasons related to Apple’s drive for Services revenue.

See also: Accidental Tech Podcast, Core Intuition, Dithering.

Tuesday, August 11, 2020 [Tweets] [Favorites]

Setapp for iOS

William Gallagher (also: MacRumors, Mike Schmitz):

Having launched back in 2017 with just 61 apps, Setapp is a continually growing subscription service which gives users access to paid-for apps for one monthly fee. Currently hosting around 190 Mac apps, the service has now added its first iOS ones.

[…]

At launch, the major titles in the eight are the Ulysses writing app, and MindNode mind-mapping tool. It also includes Taskheat and 2Do task managers, the Paste clipboard manager, PDF Search, and SQLPro Studio.

[…]

Once you have an iOS device registered to your Setapp account, each eligible app’s page on the Mac Setapp app contains a pair of QR codes. The first downloads the app from the App Store to your iOS device, then the second unlocks it.

Ryan Jones:

THIS BREAKS A GAZILLION RULES. We spend weeks making mental pretzels to understand the latest rule bullshit, and the something that breaks multiple explicit rules is allowed.

I heard about this a while ago and always assumed it would be allowed, because even though the guidelines forbid unlocking via means other than IAP, they specifically allow unlocking for multi-platform apps. This works for Microsoft and The Omni Group, and I don’t see why Setapp unlocking the iOS versions of Mac apps would be any different.

Apple:

3.1.1 In-App Purchase

If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase.

[…]

3.1.3(b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or features they have acquired in your app on other platforms or your web site, including consumable items in multiplatform games, provided those items are also available as in-app purchases within the app. You must not directly or indirectly target iOS users to use a purchasing method other than in-app purchase, and your general communications about other purchasing methods must not discourage use of in-app purchase.

Setapp:

We would never put our vendors at risk. Therefore we’ve received approval from Apple before going forward. It was confirmed that applications with integrated Setapp iOS framework fulfill the App Store Guidelines.

But a lot of people shared Jones’ reaction, so I guess we’ll see. The rules are anything but “transparent and applied equally,” as Tim Cook stated. WeChat (via Hacker News) remains in the App Store despite offering a store within a store, and it’s threatened more on iOS by the U.S. government than by App Store policy.

(My ToothFairy app is available on Setapp but is unaffected by this issue as it’s Mac-only.)

Previously:

Update (2020-08-12): Markus Müller-Simhofer:

Section 3.1.1 is mentioned a lot when people comment on the legality of Setapp for iOS, but based on my reading it doesn’t apply here. It’s correct that Setapp uses a QR code, but this code doesn’t unlock the app. It contains a “magic link”/“account token”.

This token is used to login the user into their account (similar to how Slack uses a magic link in emails to login). This token identifies the user and based on this information the Setapp framework tells us the subscription state of the user.

[…]

Based on my interpretation this is similar to what other companies (e.g. Microsoft) are doing with their cross platform subscriptions. We also never mention Setapp in the app, the App Store description or App Store release notes. We only promote the App Store subscription.

Adam Engst:

When I asked if Setapp planned to add any iOS-only apps or if the only iOS apps would be companions to Mac apps, Setapp PR manager Julia Petryk’s response suggested, albeit a bit ambiguously, that iOS-only apps might be in Setapp’s future: “Yes, iOS apps will go through the review process by the Setapp review team and in case of their approval, they will join Setapp.”

Given Apple’s explicit prohibition—Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc.—it’s hard to imagine that Apple will allow Setapp to provide access to iOS-only apps. But if there’s one thing we’ve learned with the App Store, it’s that Apple reserves the right to interpret or change the rules as it wants.

Mozilla Layoffs

Frederic Lardinois, in January (via Hacker News):

Mozilla laid off about 70 employees today, TechCrunch has learned.

In an internal memo, Mozilla chairwoman and interim CEO Mitchell Baker specifically mentions the slow rollout of the organization’s new revenue-generating products as the reason for why it needed to take this action. The overall number may still be higher, though, as Mozilla is still looking into how this decision will affect workers in the U.K. and France. In 2018, Mozilla Corporation (as opposed to the much smaller Mozilla Foundation) said it had about 1,000 employees worldwide.

Mitchell Baker (via Hacker News, 3, Jacob Kastrenakes):

Today we announced a significant restructuring of Mozilla Corporation. This will strengthen our ability to build and invest in products and services that will give people alternatives to conventional Big Tech. Sadly, the changes also include a significant reduction in our workforce by approximately 250 people.

[…]

To start, that means products that mitigate harms or address the kinds of the problems that people face today. Over the longer run, our goal is to build new experiences that people love and want, that have better values and better characteristics inside those products.

[…]

Recognizing that the old model where everything was free has consequences, means we must explore a range of different business opportunities and alternate value exchanges. How can we lead towards business models that honor and protect people while creating opportunities for our business to thrive? How can we, or others who want a better internet, or those who feel like a different balance should exist between social and public benefit and private profit offer an alternative? We need to identify those people and join them. We must learn and expand different ways to support ourselves and build a business that isn’t what we see today.

This is all rather vague, but it sounds like they want to diversify away from Firefox and have laid off most of the Servo team. What could be more important to the mission than maintaining an independent browser engine? On the other hand, Firefox is expensive to develop, and it’s not clear how to replace the funding that had been provided by its primary competitor.

Catalin Cimpanu:

Mozilla’s contract with Google to include Google as the default search provider inside Firefox is set to expire later this year, and the contract has not been renewed. The Google deal has historically accounted for around 90% of all of Mozilla’s revenue, and without it experts see a dim future for Mozilla past 2021.

Maciej Stachowiak:

For Mozilla folks looking for a landing spot, Safari and WebKit teams have a number of openings.

Previously:

Update (2020-08-12): ploxiln:

It was making 100s of millions of dollars per year from the default search provider deal, for over a decade. It could have saved most of that money, spending it only on 50 to 100 browser engineers. Branching out to MDN and websocket or webrtc libraries would also make sense. But the rest of the crap, the marketing, the rebranding, the Pocket purchase and integration, Firefox OS, the voice recognition and AI stuff (and notice the announcement, they’re keeping the AI division, really need that part apparently), stuff that nobody remembers, that’s all a waste of money that could be saved by the non-profit foundation to just support the low-level engine keeping the open web viable.

Kat Marchán:

So to summarize what we know so far, the following teams at Mozilla have been either eliminated or gutted to oblivion[…]

Update (2020-08-17): Ted Mielczarek:

I’m convinced that the biggest problem Mozilla had was that the business model we stumbled into (ad revenue sharing from search providers) gave us a firehose of money that was mostly disconnected from our execution no matter how you measure things.

Ted Mielczarek:

Google actually hired some Netscape folks and paid them to work on Firefox. (And then turned around and had them build Chrome, naturally.)

John Gruber:

It is a very good thing for the world and the web that a truly independent browser exists from a privacy-minded company, but there’s not much of a business model for it unless it’s popular enough to get the dominant search engine to pay for placement.

Nick Heer:

It has been a long time since I was a Firefox user, but I cannot imagine building stuff for the web without MDN. I feel terrible for the hundreds of people laid off, for the impact their absence will have, and for the general downfall of Mozilla as Google has become a de facto web authority.

Thank You MDN (via Hacker News):

MDN Web Docs is the life blood, the home, the source of truth for millions of web developers everyday. It empowers individuals and teams to build amazing services and products, to learn, to create their own opportunities, and to express themselves on the open web. As a community of developers we have access to all of this information for free ♥️

Mozilla Lifeboat (via Hacker News):

Mozillians are everywhere! It doesn’t matter if you’re a former employee, contributor or simply a fan — if you’re looking for a new home, start with this list of Mozillians actively hiring kind, passionate, awesome humans.

John Carmack:

Just last night I was thinking about how it was possible that, given the relative trends, Mozilla’s greater legacy might turn out to be Rust, not Firefox.

Mike Conley:

Super talented Mozillians looking for work! Here’s the official talent directory! Get it while it’s hot.

Dithering Preview

John Gruber:

The obvious downside to a paid subscription podcast ($5/month — cheap!) is that some prospective listeners naturally want to know what the show is like before paying. We’ve been thinking about this since we initially conceived of the show, and last week launched our solution: Dithering Preview, a free podcast with the best clips from each month’s episodes.

Gruber and Thompson are a good combination.

Previously:

Monday, August 10, 2020 [Tweets] [Favorites]

Funneling Into Apple News+

Tony Haile (also: MacRumors):

I wonder how many publishers in Apple News+ realize that the new iOS14 and MacOS Big Sur are by default intercepting traffic to their sites and sending it to the Apple News app instead.

This traffic interception has two interesting consequences: 1) Any strategic rationale that Apple News+ represents a separate channel/audience is now gone. This directly cannibalizes a publishers’ core subscription audience.

2) Apple has been touting privacy as its core attribute, particularly blocking cross-site tracking. In this case, not only is Apple engaging in cross-site tracking, but is doing so as a default opt-in buried in the settings.

The setting is called “Open Web Links in News.”

M.G. Siegler:

As a user I noticed it as I kept getting notices that Apple News had crashed, which is weird because I didn’t have it open. But it was intercepting links I was opening in background on browser. What a weird experience. Who wants to open another whole app to read a single article?

Russell Schneider:

Additionally, many links to external published article url’s change to apple news urls’s if go to open the article in Safari or to email a link. This is a cruddy user experience

Jimmy:

Even worse: since the beginning, they’ve been hijacking .rss links and shoveling you to News, then giving you a warning that the RSS feed is not part of Apple News. It’s insane.

John Koetsier (via Hacker News):

Apple looks to be giving its own ad network a leg up on competitors with customer data that other ad networks can’t access. In iOS 14, Apple Advertising appears to have a separate settings panel with a default-on setting. Other advertisers and ad networks on iOS, however, need to ask permission every single time.

Previously:

Update (2020-08-11): Jeff Johnson:

So I think we can say with confidence that Big Sur is checking an offline list of URL domains rather than checking online with Apple. Your privacy is still protected here.

Except that if you view an article that is available in Apple News, that information is then sent to Apple. (Of course, by default, every Web page you view in Safari is sent to your iCloud account, anyway.)

Dave Mark:

I’d love to see Apple News+ make it much easier to recover the original link to an article. I can get there by digging through the share panel, but it is certainly not obvious. And Google makes this just as difficult, often offering up a link to a link that takes you to Google’s servers.

This gatekeeping behavior is not helping solve the “news decline” problem. It’s not helping get publishers paid, and that’s not good for reporters/writers.

Update (2020-08-27): Nick Heer:

Apple has chosen a crude way to send subscribers to Apple News — something more like an app banner would be less interruptive — but this does not appear to be as gratuitous or as privacy-invasive as it appear at first blush.

Update (2020-09-11): Tim Hardwick:

Apple has added Smart App Banners to the latest iOS 14 beta that prompt Safari users to open its News app when viewing the website of a publisher that is part of Apple News+.

Apple Legal vs. Prepear

Hartley Charlton (tweet, Hacker News):

Prepear is an app that helps users discover recipes, plan meals, make lists, and arrange grocery deliveries. The app is a spinoff of “Super Healthy Kids,” and the founders claim that they are facing litigation from Apple. Apple reportedly takes issue with Prepear’s logo, arguing that its attributes are too similar to its own logo.

This is ridiculous. Their pear logo looks nothing like Apple’s. Alas, this bullying isn’t new.

Philip Oltermann, in 2013:

Apfelkind (Apple Child) is a cafe in Bonn where parents can sip lattes while children play with toys or listen to storytellers. Its logo shows the outline of a child’s face within a red apple – with none of the characteristic bite marks of the electronics manufacturer’s logo.

Yet when Apfelkind’s owner, Christin Römer, filed a trademark application for her company in 2011, Apple got in touch asking her to withdraw the request since customers could potentially confuse the two logos.

Römer stood firm and a two-year legal correspondence ensued. Last week Apple withdrew its objection.

Greta Hamann:

After countless meetings with Apple’s lawyers and sleepless nights, Römer says, the company offered her a settlement. But Römer didn’t want sign the contract. To do so would have forbidden her from manufacturing products related to computers - such as carrying cases for laptops, for example. But it was one sentence in particular that bothered the café owner.

“I wouldn’t have been able to talk about it anymore, and would only be able to say that I have come to an agreement with Apple,” she told DW.

Sarah Jacobsson Purewal, in 2012:

According to Telepolis, Apple is taking issue with the A.pl’s logo, and is claiming that the grocer is trying to deliberately confuse customers by using Apple’s well-known likeness and reputation. Considering Apple sells iPhones (and iPads, and MacBook Airs, and Mac OS X, and other non-edible technology items), and A.pl sells food (and cleaning products, and other items you might find in a grocery store), this seems like a bit of a stretch. I think it’s unlikely that customers will mistake A.pl’s products for iPhones, and vice-versa.

Apple is continuing its efforts to force meal planner app Prepear to change its logo by expanding the fight beyond the United States, with the iPhone maker now going after the company’s trademark filing in Canada.

This one really takes the cake. Taking on school districts because they have a picture of an apple in their logo? Taking on a company because they depict a pineapple?

“Everything” Apple Gift Cards

Michael Simon:

Apple today announced a major change to its gift card offerings. Instead of separate cards for iTunes and Apple Store purchase, Apple is now selling a single [card] for “everything Apple” that can be used online and in stores to purchase “products, accessories, apps, games, music, movies, TV shows, iCloud, and more.”

While the new cards will make it easier to buy things, they could also mean the end of the standard iTunes gift card deals that regularly pop up. Best Buy, PayPal, and others often offer 15- or 20-percent off $50 or $100 cards, but those deals rarely surface for Apple Store cards.

Discounted gift cards have been one reason offered in justification of Apple’s 30% App Store cut.

Previously:

SwiftUI Alerts

Thomas Hanning:

SwiftUI refreshes the view whenever the bool value changes since it is a state. As a consequence, the alert gets displayed if it’s set to true.

[…]

It’s not possible to add more than two buttons though.

[…]

But for a view it’s not so uncommon to have more than one scenario for displaying an alert. […] Unfortunately, this doesn’t work. The reason is that every view can only have one alert.

This is not a good advertisement for the Swift UI way of doing things.

Previously:

Friday, August 7, 2020 [Tweets] [Favorites]

App Store Requires Facebook Gaming App to Remove Games

Tim Hardwick:

Facebook today joined Microsoft in condemning Apple’s App Store policies, after the company was forced to remove the games feature from its Facebook Gaming app, which launches today on iOS.

In a statement given to The Verge, Facebook said it has had its Gaming app rejected multiple times by Apple in recent months, but Apple cited its App Store guidelines to justify the rejections, claiming the primary purpose of the Facebook Gaming app is to play games.

Facebook says it shared usage data with Apple from its Android Facebook Gaming app that showed 95 percent of activity involves watching streams, but it was unable to change Apple’s stance on the matter.

Geodextro:

Tim Cook last week: ’We Want to Get Every App We Can on the Store, Not Keep Them Off’

See also: Seth Schiesel.

Previously:

Google Pixel 4a vs. iPhone SE

Dieter Bohn:

Whether the Pixel 4A will make a better case than those upcoming phones remains to be seen. But I will tell you that after a couple of weeks, I prefer it over the much more powerful $800 Pixel 4.

That’s quite a thing to say because I should remind you that the Pixel 4A costs $349.

[…]

So let’s just get right into the Pixel 4A’s best feature: photos. I am happy to report that after dozens of test shots, the Pixel 4A matches the Pixel 4’s quality.

[…]

The Pixel 4A has a one-size-fits-all 5.8-inch display. Google is using a hole-punch for the first time, which allows the screen to go closer to the edges. The bezels are still bigger than what you’ll get on a flagship, but they’re smaller than many phones at this price point.

It’s $100 cheaper than the iPhone SE with the same amount of storage, but it has a much slower processor.

Juli Clover:

iPhone SE photos feature a more natural color palette while the Pixel 4a’s photos are cooler in tone, but the Pixel 4a images are sharper and crisper, even when lighting is poor. Google gave the Pixel 4a Night Sight, but Apple’s iPhone SE doesn’t support the Night Mode feature available in more expensive iPhones.

John Gruber:

At this price, with this quality, the Pixel 4A seemingly deserves a major marketing campaign that I don’t think it’s going to get.

Previously:

Update (2020-08-10): Matt Birchler:

But I think the iPhone SE is still a better deal, especially for people who want to buy a cheapphone and have it last for years.

Why Apple Believes It’s an AI Leader

Samuel Axon:

In the wake of the Apple silicon announcement, I spoke at length with John Giannandrea, Apple’s Senior Vice President for Machine Learning and AI Strategy, as well as with Bob Borchers, VP of Product Marketing. They described Apple’s AI philosophy, explained how machine learning drives certain features, and argued passionately for Apple’s on-device AI/ML strategy.

[…]

“Yes, I understand this perception of bigger models in data centers somehow are more accurate, but it’s actually wrong. It’s actually technically wrong. It’s better to run the model close to the data, rather than moving the data around. And whether that’s location data—like what are you doing— [or] exercise data—what’s the accelerometer doing in your phone—it’s just better to be close to the source of the data, and so it’s also privacy preserving.”

Previously:

Update (2020-08-10): Unfortunately, it’s not clear why Giannandrea believes local models would be more accurate.

Despegar:

Apple was saying this all along but no one really believed them because it sounded like excuse making.

Nick Heer:

One thing Axon appears not to have asked is how Apple grades the success of a machine learning model.

[…]

How does Apple’s machine learning team know when a change to something as crucial to the device as the keyboard is a success?

See also: Hacker News.

Previously:

Infecting macOS via Macro-laden Documents

Patrick Wardle (also: Lorenzo Franceschi-Bicchierai):

Here, we’ll detail the creation of a powerful exploit chain that began with CVE-2019-1457, leveraged a new sandbox escape and ended with a full bypass of Apple’s stringent notarization requirements. Triggered by simply opening a malicious (macro-laced) Office document, no alerts, prompts, nor other user interactions were required in order to persistently infect even a fully-patched macOS Catalina system!

[…]

Though one could not longer create a launch agent (due to Microsoft’s patch), I discovered that macOS had no problem allowing malicious code running in the sandbox from creating a login item! Similar to launch agents, login items are automatically launched by macOS each time the user logs in …and run outside the sandbox[…]

See also: The Art Of Mac Malware (tweet).

Previously:

Renaming Human Genes for Excel

James Vincent:

But [Excel’s] default settings were designed with more mundane applications in mind, so when a user inputs a gene’s alphanumeric symbol into a spreadsheet, like MARCH1 — short for “Membrane Associated Ring-CH-Type Finger 1“ — Excel converts that into a date: 1-Mar.

This is extremely frustrating, even dangerous, corrupting data that scientists have to sort through by hand to restore. It’s also surprisingly widespread and affects even peer-reviewed scientific work. One study from 2016 examined genetic data shared alongside 3,597 published papers and found that roughly one-fifth had been affected by Excel errors.

[…]

This week, the HGNC published new guidelines for gene naming, including for “symbols that affect data handling and retrieval.” From now on, they say, human genes and the proteins they expressed will be named with one eye on Excel’s auto-formatting. That means the symbol MARCH1 has now become MARCHF1, while SEPT1 has become SEPTIN1, and so on.

[…]

Many gene symbols that can be read as nouns have been renamed to avoid false positives during searches, for example. In the past, CARS has become CARS1, WARS changed to WARS1, and MARS tweaked to MARS1.

Update (2020-08-10): Michael Love:

As long as we’re renaming things around Excel, it would be great if we could change the Pinyin syllable ‘jun’ into something that Excel doesn’t interpret as a month.

Thursday, August 6, 2020 [Tweets] [Favorites]

Disabling Wallpaper Tinting

Juli Clover:

The fourth beta of macOS Big Sur, released yesterday, adds a new toggle in System Preferences that’s designed to disable the wallpaper tinting feature that’s meant to make windows blend in with the desktop wallpaper.

For those who have Dark Mode enabled, turning off wallpaper tinting can make windows on the Mac noticeably darker, especially when a lighter color background is in use.

Anton Sotkov:

Previously the only way to disable it was to use the graphite accent color.

Or by using “Reduce transparency.” However, “Allow wallpaper tinting in windows” does not apply to the menu bar, so I’ll continue using the accessibility setting.

Previously:

Unsticking Stuck Preference Settings

Howard Oakley:

Preference Domains, one of the least understood parts of the whole system, are detailed here. In practice, this means there may be another Property List in ~/Library/Preferences/ByHost which is overriding that in ~/Library/Preferences. The property lists in that ByHost folder are named differently, such as com.apple.loginwindow.[UUID].plist. The UUID used corresponds to that of your Mac’s Hardware UUID, which can be found at the top level of System Information.

[…]

If you have got a stuck preference setting, once you’ve ensured that it isn’t the result of incorrect permissions on that preference file, you need to discover the key name for that preference, whether it’s global or from an app-specific domain, then use defaults to look for an overriding setting with the -currentHost option. If you find that, use defaults -currentHost delete to remove that override, and your normal setting should start working again.

Secure Enclave Exploit

Filipe Espósito:

Now, Chinese hackers from the Pangu Team have reportedly found an “unpatchable” exploit on Apple’s Secure Enclave chip that could lead to breaking the encryption of private security keys. An unpatchable exploit means that the vulnerability was found in the hardware and not the software, so there’s probably nothing Apple can do to fix it on devices that have already been shipped.

[…]

The only thing we know so far is that this vulnerability in Secure Enclave affects all Apple chips between the A7 and A11 Bionic, similar to the checkm8 exploit that allows jailbreak for almost all iOS devices up to iPhone X.

Emulating Equal-Size Constraints in SwiftUI

Canis:

But the layout engine has a significant limitation: unlike Auto Layout, it’s strictly one-way. Superviews tell subviews how much space they have available, not the other way around. This makes many common tasks fairly straightforward, but it lacks some of the features of Auto Layout — most notably, equal-size constraints.

These are useful where you want some controls to be the same width, height, or both, but you don’t know in advance what that size will be — typically because it’s based on the size of a text label, and you want to support accessibility and localisation, which means different size fonts and different length labels.

[…]

Everyone focuses on the declarative part, because that one word leaked out into the media before it was officially announced, and so people latched on to it. […] But the other parts are important too, and here we see the composability part in action: even though there’s a gap in the layout engine, and it’s quite a bit of hassle to fill, we can take that mess, and turn it into an easily-reusable component or set of components.

This seems like something that should be easy, though.

Previously:

Wednesday, August 5, 2020 [Tweets] [Favorites]

Microsoft’s xCloud Unavailable on iOS

Hartley Charlton:

Project xCloud is Microsoft’s “vision for game-streaming technology that will complement our console hardware and give gamers more choices in how and where they play.” xCloud will be bundled as part of the Xbox Game Pass Ultimate subscription for $14.99 per month, with more than 100 games available.

App Store guidelines ban services that rely on streaming games from the cloud. Cloud gaming services, where users stream games live via an internet connection, are growing in popularity.

[…]

Steam Link and Sony’s PS4 Remote Play was approved only because the App Store allows remote desktop technology, but it is limited to devices on the same network.

Similar game streaming services Google Stadia and Nvidia GeForce Now are still unavailable on iOS.

Good thing Apple is there to protect us from these…games. One upon a time, Halo made its debut at Macworld Expo. Now, Microsoft is blocked from making it available for Apple’s platform.

Previously:

Update (2020-08-07): Benjamin Mayo:

Now, let’s assume Apple never released Arcade. This rule is still unsustainable on its own. xCloud and PS Now are going to be popular. xCloud is bundled for free with Game Pass, meaning millions of iPhone owners are going to be frustrated they can’t take advantage of it.

[…]

I can’t grasp what the motivation behind the rule is even meant to be. An app that offers a streaming library of music is allowed, like Spotify. An app that offers a streaming library of videos is allowed, like Netflix. What’s different about a streaming library of games?

Jody Sweeton:

They also don’t screen every Citrix, Horizon or Microsoft Remote Desktop app.

[…]

And Citrix and Horizon charge user based subscription fees to stream apps that line up with what Microsoft and Google are doing. I am not sure what Apple are worried about. Surely native apps can differentiate against streaming ones.

Nick Statt (Hacker News):

But Apple has finally come out and said, in a statement to Business Insider, that these kinds of cloud services are in violation of App Store guidelines and cannot, in their current forms, ever exist on iOS. The primary reason: they offer access to apps Apple can’t individually review.

Apple then reminds us that customers always have the option of the sweet solution.

McCloud:

Absurd reasoning from Apple since they approved the Steam Link app after requiring Valve remove the ability to purchase games from it. This is a business decision through and through.

Juli Clover:

Microsoft said[…]:

Apple stands alone as the only general purpose platform to deny consumers from cloud gaming and game subscription services like Xbox Game Pass. And it consistently treats gaming apps differently, applying more lenient rules to non-gaming apps even when they include interactive content.

Peter (via Hacker News):

The upside of a game streaming service is that you don’t need an Xbox or a gaming PC to play them. And you can play on the go. Well, not if you have an Apple device.

Dan Moren:

There’s a lot to unpack there, but let’s just start by noting that the requirement to vet all individual games is, let me be frank, a load of hooey. Apple doesn’t review all the titles available on Netflix, Hulu, Amazon Prime, or any of the myriad of streaming services that have apps on the App Store. Nor does it check every book title available on the Kindle, Nook, or Kobo apps.

Ryan Jones:

They can’t ship their product. Even if they agreed to pay 30%, Apple wants them to sell GamePass as 100 separate games, that’s ridiculous.

David Heinemeier Hansson:

It’s particularly ironic because Apple already did review all those awful micro-transaction slot machine games that the App Store is packed full of! It’s not like the walled garden is full of roses. It’s full of weeds and thorns. Apple has already failed to be curator-in-chief.

Jared Nelson:

As someone who loves his Xbox and is a big believer in things like Game Pass being the future for gaming, this is incredibly disappointing news. I’ve accepted Apple’s strict and often strange restrictions in a number of situations over the years, whether I agreed with them or not, but this decision is really hitting too close to home. Game Pass is going to be a service I subscribe to for a long time, and being able to play all those Game Pass games via xCloud on my iPhone was a huge selling point to me. It’s even harder to swallow in light of the very enticing partnership Microsoft has announced with Samsung during Samsung’s Unpacked event today which sees the new Galaxy Note 20 devices get a special version of the Game Pass app and a bunch of cool additional features.

Update (2020-08-10): Peter Steinberger:

Is Apple blocking VPN and remote terminals next? They also run apps that Apple can’t approve......

John Gruber:

Running this statement through my Applespeak-to-English decoder ring, what I hear is not that they won’t allow Xbox Game Pass because they can’t review each game separately. What I hear is that game streaming services are not allowed in the iOS App Store. Period, full stop.

[…]

The point is that streaming video and music services are allowed in the App Store; streaming software (games or otherwise) is not, unless it works over the web. Apple just doesn’t want to say that.

Ryan Jones:

This is so simple. It’s about owning and controlling.

If GamePass joins and becomes popular, then they don’t own or control gaming on iOS.

They don’t want to compete. And they can’t kill it later after it gets popular.

David Barnard:

The xCloud on iOS situation is a perfect encapsulation of the antitrust argument for and against Apple.

[…]

I personally think switching costs are high enough to justify antitrust regulation, but I also think there are ways Apple can side-step the switching cost arguments and reduce the scope/likelihood of regulation.

Web-based app distribution as done on macOS (with a certificate signed by Apple) would be one of the most obvious things Apple could do. And they could even limit certain system-level features like Apple Pay for security and competitive reasons.

This would open a pretty big can of worms (like Microsoft/Steam/Facebook creating their own game stores), but at some point Apple needs to put its big person pants on and figure out how to compete on customer/developer experience, not lock-in.

Update (2020-08-11): Marc Palmer (tweet):

I think the whole Apple and MSFT xCloud spat is not really much about MSFT and games and content review. It’s about preventing alternative app stores, which is a longstanding App Store rule.

[…]

Once this kind of cloud streaming of games is allowed, it’s not a stretch to think someone else will do this with other kinds of apps.

[…]

We all love to complain about how even very large companies don’t bother making native Mac client apps, so we know this “well we can compromise on X to launch quicker and cheaper” attitude is common.

Previously:

Update (2020-08-17): See also: Rene Ritchie.

Microsoft’s Catalyst

Tom Warren:

Microsoft is now allowing Windows 10 users to run Android apps side by side with Windows applications on a PC. It’s part of a new feature in Your Phone, and it builds upon the mirroring that Microsoft’s Your Phone app already provides. You can now access a list of Android apps in Microsoft’s Your Phone app and launch these mobile apps accordingly. These will run in a separate window outside of the Your Phone app, mirrored from your phone.

This new Android app support also allows Windows 10 users to multitask with other Windows apps with alt+tab support, and you’ll even be able to pin these Android apps to the Windows 10 taskbar or Start menu.

The apps are still running on your phone, but you can interact with them on your computer.

SoundSource 5

Paul Kafasis:

With version 5, it’s no longer necessary to manage the applications SoundSource keeps in its list. Instead, SoundSource automatically adds applications to its list whenever they produce audio. That way, everything is always ready for you to make any adjustments you desire.

Of course, SoundSource also keeps this list tidy. It removes applications when they stop producing audio, while storing your settings for the future.

[…]

These meters also provide a ridiculously handy mute control for anything audio related. With a fast click in the menu bar, you now can mute your microphone or silence a bothersome app.

Making an iOS Default Browser or E-mail Client

Apple (MacRumors):

In iOS 14 and later, users can select an app to be their default web browser or email app. To make your app a choice, confirm that your app meets the requirements below, then request a managed entitlement.

[…]

Apps that have the com.apple.developer.web-browser managed entitlement may not claim to respond to Universal Links for specific domains. The system will ignore any such claims. Apps with the entitlement can still open Universal Links to other apps as usual.

Because of their privileged position in a user’s web browsing, browser apps should avoid unnecessary access to personal data. Apps that use any of the following Info.plist keys while using the com.apple.developer.web-browser managed entitlement will be rejected[…]

Previously:

Tuesday, August 4, 2020 [Tweets] [Favorites]

iMac 2020

Apple (MacRumors, Hacker News):

Apple today announced a major update to its 27-inch iMac. By far the most powerful and capable iMac ever, it features faster Intel processors up to 10 cores, double the memory capacity, next-generation AMD graphics, superfast SSDs across the line with four times the storage capacity, a new nano-texture glass option for an even more stunning Retina 5K display, a 1080p FaceTime HD camera, higher fidelity speakers, and studio-quality mics.

[…]

And now the stunning Retina 5K display on the 27-inch iMac features True Tone technology, which automatically adjusts the color temperature of the display to match a user’s ambient lighting.

The new iMac offers a nano-texture glass option — first introduced on Pro Display XDR — for even better viewing under various lighting conditions, such as a bright room or indirect sunlight.

Nick Heer:

Maybe the best news here is that it is no longer possible to get a spinning hard disk in any Mac. Recent versions of MacOS, whether because of system changes or APFS, simply do not work acceptably when running on hard disks. Fusion drives are not much better, but I understand why it is an option.

Alas, storage is still way overpriced. The $1,800 base model has a 256 GB SSD, and upgrading to 1 TB costs $400. Quality 1 TB SSDs retail for around $100 these days.

Rory Prior:

You can get 128GB worth of DDR4 for around £600 on Amazon, Apple basically wants to charge you the cost of another whole iMac for it – £2400!!

Really hope repairability laws will compel Apple to make RAM and storage user upgradable across their line, a 4x markup on retail prices for commodity parts like RAM is just not right.

Previously:

Update (2020-08-05): Marc Edwards:

With the new iMacs released, I think my default answer to “which external display should I buy?” is now “get an iMac”. It’s a shame there’s no decent external displays for developers and designers using Macs. The iMacs are great though.

Unfortunately, there’s no more target display mode.

Previously:

Tim Hardwick:

OWC offers 128GB of DDR4 PC4-21300 RAM that’s compatible with the 27-inch iMac . The total cost on Amazon is $599.99, or $2,000 less than Apple charges its customers.

Will the next iMac support easy RAM upgrades? iMac Pro doesn’t.

William Gallagher:

Unfortunately, it’s also not as if Apple did that much to the iMac Pro in the last few years. The iMac Pro you can buy today is the same as one you could have bought three years ago.

Michael Potuck:

Below we’ll look at a detailed iMac comparison of the 2020 and 2019 27-inch models as well as the 16-inch MacBook Pro for those who may be weighing a desktop setup with a larger display vs the portability of a notebook (if you need the power of an iMac Pro, you probably know if an iMac won’t work for you).

Update (2020-08-07): Hartley Charlton:

The lowest spec 27-inch i5 iMac from 2020 performs about 20 percent better in multicore than the lowest spec 27-inch i5 iMac from 2019.

[…]

MacRumors reader Stefan tested the high-spec 2020 iMac with 3.8GHz 8-Core Processor with Turbo Boost up to 5.0GHz, giving a single-core score of 1141 and a multi-core score of 7006. This is approximately 36% higher than the equivalent chip from the previous generation.

[…]

A source with access to Apple’s repair manuals tells MacRumors that the SSD is in fact not soldered to the logic board but is connected to a proprietary Apple slot on the board.

Tim Hardwick:

A support document updated overnight advises that those who purchase the iMac model with nano-texture glass must use the polishing cloth that Apple provides. No water or liquids should be used to clean the glass either. iMac owners can at most moisten the cloth with a 70-percent isopropyl alcohol (IPA) solution to deal with hard-to-remove smudges.

So probably no nano-texture touch-screen coming soon.

Benjamin Mayo:

The iMac has limped along for a decade on the same industrial design and last-gen technology. I think that will be a permanent blot on Apple’s record. It is a poor showing for the company’s only consumer desktop to lag behind the curve so much.

[…]

Predicting a Retina future for every Mac also seemed obvious in 2012, and yet incredulously the base model 21.5-inch iMac display is a very much non-Retina 1920x1080 resolution.

It’s too bad since recent versions of macOS have regressed on non-Retina screens.

Apple Remote-Kills Long-time Developer’s Apps

William Gallagher (also: Charlie Monroe):

As Apple continues to face controversy over its App Store policies and fees, software developer Charlie Monroe has told AppleInsider that the company has killed all his apps with no warning. Each of his ten macOS apps, and two that are also iOS, remain available to buy in the App Store, but Apple has stopped them launching.

[…]

“Looking into it, I found that Apple revoked my distribution certificates, which generally kills the apps remotely.”

“When I sign in to my developer account, it asks me to enroll to the Apple developer program and I don’t seem to be in the Apple developer program anymore,” he continued, “even though the apps that I have on the App Store are still available.”

Daniel Jalkut:

Every Apple platform developer’s worst nightmare. It’s bad enough that a seemingly innocuous developer has been effectively banned from development, his apps rendered non-functional, but ... no explanation? That is just cold.

Charlie Monroe:

In the morning no one got back to me. They did now, but only said on the phone they have no idea what’s wrong and are passing the issue to internal team... 🤔

Charlie Monroe:

macOS displays a message that the app “will damage your computer” just because the certificate was revoked, which IMHO is bordering with slander. Damages your name and brand. Aside from users unable to use your apps, of course.

Craig Hockenberry:

The wording for the dialog and intent behind signed code is to protect from malware.

If this action isn’t based on that, Apple is the one that’s damaging their name and brand.

And if it is? At least give the developer a chance to rectify the situation.

Thomas Tempelmann:

Can’t run the long-installed app any more. Can’t open the downloaded installer, not even with right-click + option key, even on High Sierra.

This means for us Mac devs that Apple not only has the power to make it near-impossible (at least for the layman) to run your publically available app, but they actually assume the right to do so as they please. They’re judge, jury and executioner. Doesn’t that scare you?

Apple’s dev account was originally meant to be necessary only to sign your app, to ensure it can be checked against malicious modification. But now, it’s become the stick by which Apple alone controls which apps can run on a Mac.

Nick Lockwood:

I wish I could be a fly on the wall when decisions like this get made. Was this a snap judgement made in response to some automated alert, or an executive decision? Did someone suggest contacting the developer but get overruled? Or did nobody even consider it? So many questions.

Previously:

Update (2020-08-05): See also: Hacker News.

Andy Ihnatko:

THIS is what sucks about Apple’s iron gatekeeper approach. One of my favorite apps suddenly fails to even launch, via a “Binary is improperly signed” error, apparently because Apple pulled the developer’s account, and apparently without a word of explanation. EXPLAIN, Apple.

Why was there no human review or due process?

Charlie Monroe (tweet):

After more investigation, I found out that the distribution certificates were revoked – evidently by Apple as no one else has access to them and I was sound asleep when all this happened. Each macOS app these days needs to be codesigned using an Apple-issued certificate so that the app will flawlessly work on all computers. When Apple revokes the certificate, it’s generally a remove kill-switch for the apps.

[…]

This is the message macOS shows to all users who try to launch my app. That it will damage their computer with a checkbox to report malware enabled. Average user immediately goes nuts.

[…]

Fortunately, possibly thanks to the traction the story got and all the support from everyone I got (for which I am infinitely grateful), after almost 24 hours after 10PM, I got my account re-instated.

Apple has called and apologized for the complications. The issue was caused by my account being erroneously flagged by automated processes as malicious and was put on hold.

JTWilliams:

I want to believe you, and I do believe you, but @Apple absolutely needs to say publicly and explicitly that they were wrong when they said it would damage the computer.

Alastair Houghton:

Apple really needs to provide emergency telephone contact details to people whose accounts are put into this state. Ideally it’d proactively get in touch to explain.

Dave Wood:

Sounds like @Apple needs to look into their process for this. Make sure there are checks in place to prevent this happening to anyone else.

Ben Lovejoy (tweet):

It seems incredible that all this could happen without human intervention. Apple does, of course, have to act swiftly when there is a chance of malware in the Mac App Store, but you would have thought it would have pinged a human being to verify the situation before inconveniencing significant number of Mac users, and potentially doing permanent damage to a developer’s reputation. Most app users will never know the story behind this, only that they bought an app, Apple told them it was malware, and they deleted it as instructed.

Joe Cieplinski:

This was a big goof on Apple’s part. I’m glad it only lasted a day, but it should not have happened in the first place.

False positives happen with automated systems. Apple needs a faster way to detect and reverse them. A lost day of revenue can be A LOT of money to an indie.

Charlie Monroe:

The lost revenue is not that big of a deal IMHO. One can deal with one day of revenue falling out. As I note in the blog post, the more damaging is the alert notifying a user that the app will damage their computer. I’ve worked hard to earn some reputation and this damages it.

Dan Moren:

Apple might like to disingenuously compare itself to a brick and mortar store, but is there really an analogous case where something like this happens overnight to an independent supplier, with little ability for recourse?

Update (2020-08-10): Howard Oakley (tweet):

There’s also the curious question as to why Apple revoked the certificate, rather than pulled one or more of Charlie’s notarizations. When it introduced notarization, one of Apple’s justifications was that it would provide finer control, rather than the huge and heavy-handed kill switch of revoking a certificate and blocking everything signed with that. Perhaps Apple didn’t really mean that after all, but just wanted another level of control over your Mac?

Apple has since apologised to Charlie Monroe for its error. It hasn’t released any statement to reassure other developers that it’s changing anything which might prevent such as catastrophe from happening again, nor has it explained to the billions who run third-party software on Apple products how it’s going to prevent a recurrence – which could readily prevent any Apple user from using their software on their computer or device.

[…]

Apple will no doubt try to ride this one out in silence, as it usually does in matters of security. For developers and users, that doesn’t answer these fundamental questions.

I’m not convinced that notarization-based blocking would work in case like this (but with actual malware), so it’s not clear what Apple was referring to when it said that notarization “provides a much better experience” than revoking the certificate.

There were so many failures here:

Jeff Johnson:

The crazy thing about the Charlie Monroe situation is that not only is there no phone # to call Apple to find out why your Developer ID cert is revoked, there’s no # to call to report your cert was compromised! You can’t even revoke it yourself, unlike your Mac App Store cert.

Mike Zornek:

I can’t help but think not only should Apple turn off its automated execution of such bans but they should also move to a more nuclear-launch type system where at least two people need to turn their key. This is an incredibly destructive event for the third-party vendor like Charlie. It’s unprofessional of Apple to have this connected to an automated system.

Additionally, if Gatekeeper is truly about protecting the users, I don’t see why we can’t have a transparency report listing the identifiers that have been disabled and why. A lot of people keep saying Apple does not abuse this power, but there is no proof to this; it is a closed system. We only know of Charlie’s situation because he posted it on Twitter. Considering it wasn’t too long ago when the App Store Guidelines down right threatened you about going public I don’t know if we can give Apple the benefit of the doubt here.

Emrakul2002:

This happened months ago with the game League of legends as well

A.J. Potrebka:

Can’t wait for Apple to accidentally revoke BMW’s certificate so no one can open or start the cars.

Update (2020-08-12): Charlie Monroe (tweet):

Here is a quote from Apple:

We appreciate your patience while we continued our investigation into why your Developer ID certificate was erroneously revoked and to examine ways in which we could assist you. We determined that your app Downie 4 was erroneously identified as malicious due to invalid logic in our malware detection system. This triggered the revocation of your certificate under Section 5.4 of the Developer Program License Agreement. This should not have happened and teams across Apple have been working diligently to figure out a solution.

Earlier today, we successfully un-revoked your Developer ID certificate. Users who were affected by the initial revocation will have app functionality restored when their OCSP cache refreshes (typically within 2 hours).

See also: Core Intuition.

Update (2020-08-24): Nick Heer:

Apple said in an apology email to Monroe that it is “taking action to make sure this doesn’t happen in the future”, but what does that mean? Why isn’t this being communicated more broadly to developers who might reasonably be spooked by this incident?

Phil Schiller Steps Down From SVP

Apple (MacRumors, Hacker News):

Apple today announced that Phil Schiller will become an Apple Fellow, continuing a storied career that began at Apple in 1987. In this role, which reports to Apple CEO Tim Cook, Schiller will continue to lead the App Store and Apple Events. Greg (Joz) Joswiak, a longtime leader within the Product Marketing organization, will join the executive team as senior vice president of Worldwide Marketing.

[…]

“I first started at Apple when I was 27, this year I turned 60 and it is time for some planned changes in my life. I’ll keep working here as long as they will have me, I bleed six colors, but I also want to make some time in the years ahead for my family, friends, and a few personal projects I care deeply about.”

Running the App Store is a big enough job by itself. It didn’t make sense to keep it under Services, and combining it with Marketing only made sense to the extent that Apple wanted Schiller in charge of it. It will be interesting to see how long he continues in that role and who will be next.

Jacob Kastrenakes:

Marketing is a huge role inside of Apple that goes beyond simply advertising products, so this marks a significant change within the company.

John Gruber:

Best way I can put it is that Schiller is the most Apple-y of all Apple executives.

Chris Espinosa:

Congratulations, @pschiller, on being promoted to Apple Fellow, joining Steve Wozniak, Rod Holt, Al Alcorn, Bill Atkinson, Steve Capps, Rich Page, Gurshuran Sidhu, Gary Starkweather, Alan Kay, Don Norman, and Guy Kawasaki.

Nick Heer:

Please enjoy this classic video of Schiller dropping in at Macworld 1999.

Update (2020-08-05): Brendan Shanks:

I’ll bet that this is the oldest @pschiller video you’ll find on the internet: the WWDC 1997 Hardware Roadmap. (Phil was VP of Desktop and Server Product Marketing)

Update (2020-08-11): Adam Engst:

The main thing I remember was asking [Schiller] if Apple was considering adding Bluetooth support to the iPod to enable wireless earbuds because I felt the wires were awkward and fussy.

[…]

At the time, Apple was running the Silhouettes ads that featured black silhouettes of people dancing to music piped from their iPods through Apple’s iconic white earbuds, and Schiller had pointed out that the wires were an integral part of the look.

Update (2020-08-17): Ken Segall:

Today only Tim Cook and COO Jeff Williams remain. The original Big Guns of hardware, software, retail, marketing, finance and legal have all checked out.

[…]

Fortunately, despite his title, Phil was was never involved in ad development. He was present only when we showed finished work to Steve.

Absolutely, he had good thinking to share in our meetings. Steve trusted him for a reason. But he also contributed some highly questionable ideas, like “MacMan.” (Phil’s big naming idea for the computer that became iMac.)

[…]

Shortly after Phil took over the marketing reins, the 2012 Summer Olympics presented a big ad opportunity.

The result was the Apple Genius campaign.

Update (2020-08-24): See also: Upgrade (tweet).

Big Tech’s Showdown With Congress

Josh Centers:

CEOs Jeff Bezos (Amazon), Tim Cook (Apple), Sundar Pichai (Alphabet/Google), and Mark Zuckerberg (Facebook) were (virtually) brought before the House Judiciary Committee for a hearing ostensibly about antitrust concerns regarding big tech.

[…]

If you have most of a day to kill, you can watch the entire hearing on YouTube.

[…]

If you want something even more concise, the BBC breaks the five-hour ordeal into five key points[…]

Ben Thompson:

The only thing more predictable than members of Congress using hearings to make statements instead of ask questions, and when they do ask questions, usually of the “gotcha” variety, refusing to allow witnesses to answer (even as those witnesses seek to run out the clock), is people watching said hearings and griping about how worthless the whole exercise is.

[…]

Lina Khan, who rose to prominence with her 2017 law review article Amazon’s Antitrust Paradox, and who served as counsel for the antitrust subcommittee over the course of the investigation that culminated in Wednesday’s hearings, summarized the New Brandeis Movement of antitrust in 2018[…]

Previously:

Monday, August 3, 2020 [Tweets] [Favorites]

Google in Its Own Search Results

Adrianne Jeffries and Leon Yin (via Luther Lowe):

We examined more than 15,000 recent popular queries and found that Google devoted 41 percent of the first page of search results on mobile devices to its own properties and what it calls “direct answers,” which are populated with information copied from other sources, sometimes without their knowledge or consent.

When we examined the top 15 percent of the page, the equivalent of the first screen on an iPhone X, that figure jumped to 63 percent.

[…]

The choice to highlight its own products has been deliberate: Internal emails unearthed by the European Commission in an antitrust investigation show Google staffers discussing the need to place its comparison-shopping product at the top of the search results to garner traffic. An email the following year noted traffic to the retooled product had more than doubled from four million to 10 million visits, and “most of this growth is from improved google.com integration.”

Previously:

Apple Style Guide on the Web

Adam Engst:

Plus, only recently did I learn that Apple makes its style guide available on the Web—previously, I had been aware only of the ebook version that you could download from Apple Books and read in the Books app.

[…]

Here’s another tricky one that we run into all the time. How do you refer to something or give instructions that work on both the iPhone and the iPad?

[…]

What about modes like airplane mode, sleep mode, and target disk mode? All lowercase, according to Apple. Dark Mode uses initial capitals, as does Low Power Mode. But then we have Power Reserve mode, in mixed case, and Target Display Mode, which Apple uses both in lowercase and with capitals but doesn’t include in the style guide.

[…]

In its December 2019 revision, Apple fell in with the rabble that prefers to lowercase “Internet,” adding it to the lowercase short form of “World Wide Web.”

The Web version is much better than the e-book and PDF, but, as with much of Apple’s documentation, it’s hard to link into it.

Previously:

20 Years Ago: the PowerMac G4 Cube

Steven Levy:

He began by emphasizing that while the Cube was powerful, it was air-cooled. (Jobs hated fans. Hated them.) He demonstrated how it didn’t have a power switch, but could sense a wave of your hand to turn on the juice. He showed me how Apple had eliminated the tray that held CDs—with the Cube, you just hovered the disk over the slot and the machine inhaled it.

[…]

The Cube violated the wisdom of his product plan. It didn’t have the power features of the high-end Power Mac, like slots or huge storage. And it was way more expensive than the low-end iMac, even before you spent for a necessary separate display required of Cube owners. Knowing I was risking his ire, I asked him: Just who was going to buy this?

[…]

But here is something else about Jobs and the Cube that speaks not of failure but why he was a successful leader. Once it was clear that his Cube was a brick, he was quick to cut his losses and move on.

John Gruber:

“Apple Puts Power Mac G4 Cube on Ice” was a deft way of acknowledging that they swung and missed with the Cube without actually acknowledging anything other than what they say in the press release. Headlines matter.

John Gruber:

Why not pull a Steve Jobs on the App Store?

Previously:

Camo 1.0

Glenn Fleishman:

The result is Reincubate’s Camo, a virtual-camera system that lets you treat the front- or rear-facing camera on your iPhone, iPad, or iPod touch as a full-fledged video source for many Mac videoconferencing, streaming, and video-editing apps. For dozens of compatible apps, Camo appears just like any camera built-in or attached to your Mac.

Unfortunately, it doesn’t work with FaceTime or Safari! However, compared to competing apps, like Kinomi’s EpocCam, which has been blocked by some Mac videoconferencing services, Camo has much wider support.

[…]

Some other meeting apps, like Amazon Chime, Cisco WebEx, and Microsoft Skype and Teams; collaborative team discussion software, such as Discord and Slack; and several other packages require Camo to strip a security setting from the app. Specifically, Camo has to remove the app’s signature designed to let macOS know if the app has been modified. Once you grant your permission and enter an administrative password, Camo makes a modification in how the app handles video that allows the use of its virtual camera.

Previously:

Catalina: More Trouble Than It’s Worth

Riccardo Mori:

I am the first to wonder whether it makes sense to write yet another part of this little saga, when Catalina is basically entering its last two months of active duty. But Catalina remains, I think, one of the most (if not the most) controversial Mac OS X releases, and now that I have finally had direct experience with it on a new machine I’m using just for testing, I can confirm.

[…]

When a couple of articles from this series on Catalina reached Hacker News in the past months, a lot of quips I got as response were from people who dismissed the problem altogether with remarks along the lines of These nerds must always find something to complain/whine about. There’s nothing wrong with Catalina. Well, that’s simply not the impression I’ve had and continue to have. And not because I have 309 emails of negative feedback and horror stories to prove it, but because this volume of feedback itself is an indicator, in my private sphere, of a larger discussion that has been going on publicly (in online forums and specialised mailing lists) since Catalina was released last autumn.

I was hoping to skip directly to Big Sur, but I’ll probably have to update to Catalina soon to use the latest Xcode.

Previously:

Update (2020-08-24): TJ Luoma:

I bought a 16" MBPro in April (because WFH). It regularly-but-randomly reboots. Apple replaced the entire logic board and Touch Bar controller. Still happens. I happened to upgrade my Mac mini to Catalina - same issue happened. But at least the Mac mini could go back to Mojave.