Archive for October 22, 2020

Thursday, October 22, 2020

Halide Mark II

Ben Sandofsky (Hacker News):

With all that in mind, we’re confident launching Halide Mark II at $36 (for new users). To celebrate the launch, we are discounting it to $30.


Pay-Once is not going away, but we’ve decided to offer an alternative that fits quite well into our long term plans. We’re calling it a membership. We think there are three reasons to consider a membership.

First, there’s price. $11.99 per year. […] Second, memberships include perks above and beyond the core Halide experience, like exclusive icons.


Anyone who has already paid for Halide 1 gets Mark II for free. We’re also including a year of members’ updates.

John Voorhees:

The latest update is an ambitious reimagining of what was already a premier camera app, building on what came before but with a simpler and easier to learn UI. Halide Mark II puts more control than ever into the hands of photographers, while also making it easy to achieve beautiful results with minimal effort. Halide also seeks to educate through a combination of design and upcoming in-app photography lessons.


One of my favorite changes to Halide is its focus control. Auto-focus is on by default, but you can swipe right on the control to manually set focus. When you enter manual focus mode, a magnifier loupe appears onscreen that zooms in on the center of the viewfinder, making it easier to precisely dial in focus. There’s also a button to turn the focusing loupe on full time and a focus peaking button to visualize focus status.


Instead of saving the RAW and compressed images at the same time, which is what RAW+ does, Coverage takes two separate shots one after the other – one RAW, one compressed – and then saves them together in the same file as just like RAW+. The advantage is a higher-quality compressed image that can take advantage of Apple’s Smart HDR and Deep Fusion processing. The disadvantage is that it takes a little longer for the camera to take two shots in a row, which is why the feature is turned off by default.

Swift Result Builders Accepted

Saleem Abdulrasool:

The second round of review for SE-0289 “Result Builders” ran from September 24 through October 1, 2020. You can find the review thread here. The first round of review for SE-0289 “Function Builders” ran from August 31 through September 14, 2020 and you can find that review thread here.

The overall feedback from both rounds of reviews seemed positive on the functionality, but raised concerns over the attribute naming. The renamed attribute was better received, and the Core Team has decided to move forward with the new name.

See also: SampleFunctionBuilder (via Ole Begemann), Function builders implementation progress.


Unresponsive Keyboard After Waking Mac


Apple seems to do all kinds of weird networking stuff. For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard. Probably checking timestamps on signatures for the keyboard firmware, or something stupid like that. This only happens if it happens to have a default route.

Similarly, all macOS machines will test a DHCP supplied default route before applying it by trying to reach something on the internet. So if you happen to have some firewall rules that block internet access, no default route will be applied until the internet check times out.


Update (2020-11-02): Ben Kuhn:

I noticed my MacBook would sometimes become unresponsive to keyboard input after opening the lid.

Eventually I realized it only happened in my backyard. WTF?!

Finally figured out why and the answer is... horrifying

Apple Apps Exempt From Network Filters and VPNs

Maxwell Swadling:

Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running 😒

The new beta for @littlesnitch seems to use an NEFilterDataProvider instead of kext, I don’t think they will be able to block Maps from tile loading...

Patrick Wardle (Hacker News):

Previously, a comprehensive macOS firewall could be implemented via a Network Kernel Extension (kext)

Apple deprecated kexts, giving us Network Extensions....but apparently (many of) their apps / daemons bypass this filtering mechanism.


NEXTs = obviously more complexity than KEXTs = bigger attack surface… and all you need is a “NEXT exempt exploit” (which will definitely happen at some point), and LuLu, @littlesnitch etc. won’t be able to intercept malware traffic.

Jeff Johnson:

Getting rid of kernel extensions “for our security”? DIRTY FUCKING LIE! Now you can’t stop Apple from phoning home.


That totally breaks my use case for Little Snitch: working tethered. When I tether my laptop it thinks it has free reign with the bandwidth and all of the little background processes can kill my data in a few minutes. With a firewall, I can grant access to only the processes that I need to get my work done.

Now, I guess I have to run some external firewall between my laptop and my phone. ... or better yet, abandon Apple.

David Dudok de Wit (developer of TripMode, tweet, Radar):

With macOS Big Sur however, that changed, as application-level firewalls now need to use the new NetworkExtensions APIs, such as NEFilterDataProvider or NEAppProxyProvider, to offer a similar level of functionality as in previous macOS releases.


Starting with macOS Big Sur, users can’t:

  1. View a full, uncensored list of apps trying to access the Internet on their Mac — as Apple is hiding 56 of its own apps.
  2. Know how much data these Apple apps upload or download.
  3. Know which domains or IP addresses these Apple apps interact with.
  4. Block or allow traffic from these Apple apps.

Adam Engst:

I don’t believe this move shows any grand conspiracy to undermine TripMode or Little Snitch. I suspect it’s just another change that Apple has made—perhaps in the name of overall security, perhaps merely with no thought to what developers and users want—that has an unintended and undesirable consequence. It’s reminiscent of when Apple quietly prevented apps like BusyContacts and HoudahSpot from indexing Mail’s email archive in Catalina, regardless of how you set your permissions. Nevertheless, it’s disappointing, and if you’re bothered by the move, let Apple know via its Feedback Assistant.

Miles Wolbe:

Deleting those entries [from /System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources/Info.plist] under Big Sur turned out to be rather involved; in fact, one could be forgiven for coming away with the vague suspicion that Apple would prefer them not to be disturbed[…]


Little Snitch 5 and TripMode 3 had no problem blocking the previously-cloaked processes afterwards[…]

But it causes problems for the IMTransferAgent process.