Archive for November 2020

Tuesday, November 24, 2020 [Tweets] [Favorites]

Black Friday 2020

My apps are on sale for Black Friday and Cyber Monday, and here are some other good deals that I found:

Lists of deals:

Previously:

M1 Macs Add Hurdles for Audio Plug-ins

Rogue Amoeba (via Peter Steinberger, Jeff Johnson):

In MacOS 11 (Big Sur), the initial installation of ACE requires a bit more set-up. The in-app installer provides an overview of the process, and is likely all you need. This page lists the full sequence of steps to install ACE and get Airfoil working.

[…]

Click the lock in the lower left corner, then enter your Administrator password. The Security & Privacy system preference will then be unlocked, and you’ll be able to make changes. From here, click the Enable system extensions… button to permit ACE to run on your Mac.

[…]

Boot to the Mac’s “Recovery” environment by pressing and holding down the Touch ID or power button on your Mac.

[…]

The default configuration is pictured above. Switch to Reduced Security and enable the first checkbox, “Allow user management of kernel extensions from identified developers”.

[…]

Despite the name of this setting, ACE is not a kernel extension. Instead, it’s a standard audio plug-in, which receives enhanced privileges to access your system’s audio. MacOS simply uses the kernel extension verification system to allow ACE to load as well.

[…]

Now, you need to allow ACE to run on your Mac, by authorizing it in the Security & Privacy system preference.

Keep in mind that you have to go through all of this even though the app has already been notarized. The last few versions of macOS have been a disaster for apps that do anything off the beaten path. Apple keeps adding hoops for users to jump through, scaring potential customers away. Developers have to spend time engineering mitigations for the bad user experience, working around bugs in the new security features, and providing support for customers who have trouble with the hoops. Apple talks about how it loves the Mac and innovation, but each step of the way it does more to discourage the development and success of interesting apps.

Previously:

Apple Security Hampers Detection of Unwanted Programs

Thomas Reed (tweet):

One of the common sub-groups of PUPs we detect are antivirus programs that show unwanted behaviors meeting certain criteria. As an example, a program that requires payment, but the antivirus engine it uses is available for free from another company, would be a likely candidate for detection.

Unfortunately, antivirus programs are also candidates for the system extension and EndpointSecurity entitlements. Anyone can apply for these entitlements, but you stand a much better chance of getting them if you are—or appear to be—a security company.

We’ve now seen a case where two different companies with a long history of making PUPs—including junk antivirus programs—have gotten these entitlements. Those programs now have a system extension, which cannot be removed by Malwarebytes or any other software.

[…]

However, it is starting to look like antivirus developers will have to play by increasingly limiting rules, and that now means not being able to protect users against certain things. Worse, Mac users will be unable to manually remove those things without contortions that the average person will find quite cumbersome.

Previously:

Understanding 5G

Glenn Fleishman:

I hate to be a downer when it comes to improved technology that actually does what it says on the tin. 5G networks will provide substantial improvements in throughput and availability that we will notice—in a year or maybe two. Until then, not so much.

Previously:

Monday, November 23, 2020 [Tweets] [Favorites]

Comparing iPhone OS 1.0 With iOS 14 Using Tree Maps

Alexandre Colucci:

When iPhone OS 1.0 was released in 2007, it redefined the smartphone with a limited set of core features. Nowadays iOS 14 contains an incredible amount of components. By looking at them based on their size, we can determine the most important features. We thus distinctly see Apple’s AI push into on-device machine learning with technologies like object detection in images and video, language analysis, sound classification and text recognition.

Previously:

SF Symbols 2.1

Mike Stern:

SF Symbols 2.1 is out. Over 40 new symbols, improved symbol localization, design refinements, and various software fixes.

Geoff Hackworth (tweet):

Apple’s SF Symbols app has no release notes and the What’s New category doesn’t contain the symbols that were added or renamed in v2.1. In fact there are fewer symbols in this category in v2.1 than in v2.0: two symbols that were renamed have been removed without their replacements being added. The app shows OS availability (and other information) for the selected symbol in the side bar. Availability information is missing for the new symbols in v2.1. This makes it difficult to discover what has changed between versions.

[…]

The 41 symbols in the screenshot above annotated with 14.2+ are completely new in iOS 14.2[…]

Noah Gilmore:

There are a bunch of new symbols - you can view the changes here, but I’ll include a list of new symbol names at the bottom of this post in case someone Googles for them. Some additions are relevant to recent events (like aqi.high), new products (like appclip), or just more general objects (like building). My personal favorite is candybarphone.

Previously:

Requesting Entitlements, Still Broken

Thomas Reed:

What the hell, Apple? You won’t give me and other security researchers the EndpointSecurity entitlement, but you give f***ing MacKeeper the entitlement?!?! What in the hell is wrong with you? 🤬🤬🤬

Phil Dennis-Jordan:

The macOS entitlements granting process is a disaster. No feedback, frequent mistakes in what’s granted, nonsense requests (can’t link to app if can’t release app w/o entitlement), extremely slow (4-6 weeks turnaround in idea case), & some developers clearly favoured over others.

[…]

So then you have to apply again and ask for the distribution entitlement in the free-form text field, and wait another 4-6 weeks. Chances are you’ll also want user space apps & tools to access your driver. You have to apply for that specially via free-form request too, etc.

Obviously by now I’m basically an expert at asking for DriverKit entitlements, but it’s ridiculous that “filling out a form on Apple’s developer website” is a consulting service I should even need to offer.

[…]

Apply for the entitlements you will need and wait to receive them before you start coding. Seriously, if you aren’t granted them, your only recourse is to expect your users to turn off SIP. In other words, you will have wasted your efforts if the oracle denies your request.

[…]

If you get any kind of notification of success (or entitlements just silently turn up in your account), make sure everything is there for all deployment scenarios you care about. Individual entitlements are granted independently for development, app store, and developer ID.

In theory, entitlement-based security/privacy restrictions are a win because the apps that should have them will easily get them and the bad apps won’t. Users won’t have to evaluate what each app should be allowed to do. But the reality, for many years, is that legitimate apps are not granted the entitlements, and often don’t even get a formal rejection—just silence. We’re losing and limiting good apps either because Apple’s process is broken or because it’s playing politics.

Previously:

M1 Memory and Performance

Marcel Weiher (Hacker News):

The M1 is apparently a multi-die package that contains both the actual processor die and the DRAM. As such, it has a very high-speed interface between the DRAM and the processors. This high-speed interface, in addition to the absolutely humongous caches, is key to keeping the various functional units fed. Memory bandwidth and latency are probably the determining factors for many of today’s workloads, with a single access to main memory taking easily hundreds of clock cycles and the CPU capable of doing a good number of operations in each of these clock cycles. As Andrew Black wrote: “[..] computation is essentially free, because it happens ‘in the cracks’ between data fetch and data store; ..”.

[…]

The benefit of sticking to RC is much-reduced memory consumption. It turns out that for a tracing GC to achieve performance comparable with manual allocation, it needs several times the memory (different studies find different overheads, but at least 4x is a conservative lower bound). While I haven’t seen a study comparing RC, my personal experience is that the overhead is much lower, much more predictable, and can usually be driven down with little additional effort if needed.

So Apple can afford to live with more “limited” total memory because they need much less memory for the system to be fast. And so they can do a system design that imposes this limitation, but allows them to make that memory wicked fast. Nice.

Mike:

The memory bandwidth on the new Macs is impressive. Benchmarks peg it at around 60GB/sec–about 3x faster than a 16” MBP. Since the M1 CPU only has 16GB of RAM, it can replace the entire contents of RAM 4 times every second.

[…]

Some say we’re moving into a phase where we don’t need as much RAM, simply because as SSDs get faster there is less of a bottleneck for swap. […] However, with the huge jump in performance on the M1, the SSD is back to being an order of magnitude slower than main memory.

So we’re left with the question: will SSD performance increase faster than memory bandwidth? And at what point does the SSD to RAM speed ratio become irrelevant?

Graham Lee:

And that makes me think that a Mac would either not go full NUMA, or would not have public API for it. Maybe Apple would let the kernel and some OS processes have exclusive access to the on-package RAM, but even that seems overly complex (particularly where you have more than one M1 in a computer, so you need to specify core affinity for your memory allocations in addition to memory type). My guess is that an early workstation Mac with 16GB of M1 RAM and 64GB of DDR4 RAM would look like it has 64GB of RAM, with the on-package memory used for the GPU and as cache. NUMA APIs, if they come at all, would come later.

Previously:

Thursday, November 19, 2020 [Tweets] [Favorites]

Twitter Launches Fleets

Joshua Harris and Sam Haveson:

To help people feel more comfortable, we’ve been working on a lower pressure way for people to talk about what’s happening. Today, we’re launching Fleets so everyone can easily join the conversation in a new way – with their fleeting thoughts.

Fleets are for sharing momentary thoughts – they help start conversations and only stick around for 24 hours.

How does this work with third-party clients? I can already see deleted regular tweets in Tweetbot.

Juli Clover:

Fleets have no retweets, likes, or public comments, do not show up in search or moments, and cannot be embedded on external websites.

Alec Stapp:

Oct 2013: Snapchat launches Stories
Aug 2016: Instagram copies it
Feb 2017: WhatsApp copies it
Mar 2017: Messenger copies it
Nov 2018: YouTube copies it
Sep 2020: LinkedIn copies it
Nov 2020: Twitter copies it

Update (2020-11-20): Jeff Johnson says that Twitter did an Epic-style server update to enable fleets for users without updating the Twitter app on their phones. That would seem to go against guideline 2.3.1 about not including “hidden, dormant, or undocumented features in your app.”

Update (2020-11-23): Tim Hardwick:

Twitter’s new ephemeral tweets, or “fleets,” have been hit by a bug that allows them to be accessed long after their supposed 24-hour expiration time, less than a week after the feature launched.

[…]

According to Techcrunch, the bug allowed fleets to be viewed and downloaded by other users without notifying their creator. Details of the bug were posted in a series of tweets over the weekend. Twitter soon acknowledged the issue and says a fix is on the way.

Rosetta 2 Not Preinstalled

Rich Trouton:

With Apple now officially selling Apple Silicon Macs, there’s a design decision which Apple made with macOS Big Sur that may affect various Mac environments:

At this time, macOS Big Sur does not install Rosetta 2 by default on Apple Silicon Macs.

I don’t understand what the benefit of this is. Big Sur already includes the Intel versions of all the system frameworks. Why not include the much smaller Rosetta translator, too? Just to shame them?

I think with the Intel transition, Rosetta was preinstalled until Snow Leopard.

Previously:

iPhone and iPad Apps in the Mac App Store

Federico Viticci:

Here are more details on how iPhone and iPad apps will be installed on M1 Macs:

  • Managed by the Mac App Store
  • Toggle in search
  • ‘Designed for iPhone/iPad’ badge
  • Included in "curated selections"

Steve Troughton-Smith:

With everything in macOS 11, it’s getting harder to define what Catalyst is. There are 3 forms:

  • Unmodified iOS apps (Apple Silicon-only)
  • Traditional Catalyst apps (more Mac like, but blurry scaling)
  • Optimized for Mac/Mac Idiom Catalyst apps (pixel perfect, Mac controls)

Steve Troughton-Smith:

Another component in Apple’s unified app platform is SwiftUI, which is a bit messier to explain. There are several forms:

  • A SwiftUI multiplatform app
  • SwiftUI inside AppKit app
  • SwiftUI inside Catalyst (more iOS-y)
  • SwiftUI inside Mac-idiom Catalyst (more Mac-like)

Steve Troughton-Smith:

I think a lot of people overemphasize the fact that you need to do a lot of work and recreate system behaviors in a Catalyst app if you want a great Mac app — you need to do the exact same things if you want a great AppKit Mac app, too, as you can see

Colin Cornaby:

I’m still not a big fan of Catalyst, but I’m even more bummed that a lot of developers seem to be deciding to skip Catalyst and just ship bare iOS apps on Apple Silicon. Even if you’re just targeting new Apple Silicon Macs, this is not the way.

Marco Arment:

Never have I earned so much good press for doing absolutely nothing.

Coming to previous Macs via Catalyst is a longer-term goal that, unfortunately, I don’t have time to complete yet.

John Gruber:

MacOS 11 “Big Sur” introduces one major new feature exclusive to Apple Silicon Macs: the ability to run iPhone and iPad apps from the App Store.

This sounds fine on paper, but in practice I don’t understand who thought this was a good idea to ship. My experience has ranged from terrible to OK, at best.

[…]

It’s possible HBO will fix some of this. Just making the window resizable and enabling full-screen video playback would make the app at least useful. But even at best, like Overcast, iOS apps running in a window on a Mac feel foreign. They feel like what they are: apps from another platform. I can see how some people might think this is a good idea, but I don’t see how anyone thinks it’s a very Apple-y idea. Sure, it works, which is why most companies would just ship it. More apps are better, right?

But they’re such a crummy experience, these iOS apps. This feature exemplifies a spirit of “better than nothing, ship it”. The Apple way, typically, is “insanely great”. It’s like someone said, “Oh, you thought lazy Catalyst ports were a bad experience on MacOS? Hold my beer…”

Steve Troughton-Smith:

In some sense, the Mac App Store has been a failed experiment; 9 years on, few of the top Mac developers are prepared to accept its terms and requirements, including sandboxing. Apple has a large chunk of its Mac developerbase thus ill-prepared to follow them into the future

Arguably, this is one of the driving elements between merging the iOS and macOS software ecosystems; Apple wants/needs a core base of developers on board with the App Store and its unified, Universal model, and iOS provides it

I’ve always argued that the Mac App Store should have done everything in its power to accommodate and entice the Mac’s existing developer base (they’re the ones that make all the high-quality apps we love, after all). This entire strategy, UIKit on up, drives them away instead

Ian Carroll:

There appears to be no DRM on iOS app binaries running on macOS.

Previously:

Big Sur Not “Preparing” for Touch Macs

Craig Federighi:

I gotta tell you when we released Big Sur, and these articles started coming out saying, “Oh my God, look, Apple is preparing for touch”. I was thinking like, “Whoa, why?”

We had designed and evolved the look for macOS in a way that felt most comfortable and natural to us, not remotely considering something about touch.

We’re living with iPads, we’re living with phones, our own sense of the aesthetic – the sort of openness and airiness of the interface – the fact that these devices have large retina displays now. All of these things led us to the design for the Mac, that felt to us most comfortable, actually in no way related to touch.

I’ve never felt more comfortable moving across our family of devices as a user, which I do hundreds of times a day than I do now, moving between iOS 14, iPadOS 14, and macOS Big Sur. They all just feel of a family – there’s just less cognitive load to the switching process.

To me, it seemed obvious that the reduced information density was to enable touch. Because why else would you pay that cost for no benefit? Plus, the Mac App Store had started to feature artwork of a finger touching interface elements.

The cognitive load that Federighi mentions just isn’t something I’ve (consciously) experienced. And one could make the argument that it’s confusing to make systems that work differently look the same. But I take him at his word because it certainly explains decisions like the awful iOS-style alerts. That design provides no benefits for touch; it just makes macOS look more like iOS, which he considers to be a plus. All of these changes also help to make unmodified iOS apps running on Apple Silicon Macs blend in a bit better.

Nick Heer:

Big Sur offers a little more space around some elements, but not by much, so I think this speculation is quickly snuffed out if you use Big Sur for more than a couple of minutes. Most of the menus, buttons, and window controls are still tiny and clearly designed for a cursor and decidedly not a finger. It is still very much on the desktop side of the continuum.

Wojtek Pietrusiewicz:

Someone PLEASE create an app to decrease the spacing of the menu icons in Big Sur!

My apps now take up 50% of the width of it, instead of 25-33% previously. 😞

Francisco Tolmasky:

“We are willing to go through a multi-year transition on the Mac to use the same chip as the iPad, and do a design overhaul to make macOS icons look touchable, and even let iPad apps run on macOS, but we refuse to make these steps make sense by shipping a Mac with a touchscreen.”

Steve Troughton-Smith:

macOS would still need dramatic changes if it were ever to go touch-first. Catalyst is not in any way designed to dynamically switch between ‘Mac’ & ‘iOS’ modes — if an app has adopted Catalyst to explicitly make a Mac UI, it would be a ton of work to support dynamic switching

But, to be clear, the Mac doesn’t have to go touch-first to justify touch support. Apple Pencil support on macOS, on a drafting table iMac, would fit into all kinds of pro-level workflows currently dominated by Wacom, from illustration to 3D modeling.

Jean-Louis Gassée:

I think the charming and articulate executive is putting us on.

I absolutely think Apple will add at least limited touch support to future Macs, even if that wasn’t the plan when Big Sur was being designed. Federighi didn’t even deny that.

Previously:

Wednesday, November 18, 2020 [Tweets] [Favorites]

App Store Small Business Program With 15% Fee

Apple (MacRumors, Hacker News):

Launching January 1, 2021, the industry-leading new App Store Small Business Program is designed to accelerate innovation and help propel your small business forward. The program has a reduced commission rate of 15% on paid apps and in-app purchases, so you can invest more resources into your business and continue building the kind of quality apps your customers love.

[…]

  • If a participating developer surpasses the $1 million threshold, the standard commission rate will apply for the remainder of the year.
  • If a developer’s business falls below the $1 million threshold in a future calendar year, they can re-qualify for the 15% commission the year after.

This doesn’t address any of the structural issues with the App Store, which I think are far more significant than the fee percentage, but it’s certainly a welcome change. It’s smart for Apple because most of the public complaints about the fee come from smaller developers, but almost all of the App Store revenue comes from mega-successful apps. So Apple can help a large number of developers at a small cost to itself. And now most developers are no longer on the same side as the likes of Epic, at least with respect to the fee.

Note that even 15% is still quite a bit higher than other full-service payment processors.

John Gruber:

These odd incentives could be eliminated if Apple applied the commission more like marginal tax rates, where you never lose money by earning more income. I would suggest tweaking these rules so that each year, developers who qualify for the program would get the 15 percent commission until they reach $1M in revenue, then get charged 30 percent for sales over that threshold. Let developers stay in the Small Business Program even as their sales grow.

I wish it worked more like tax brackets, so that everyone paid 15% on the first $1M. That would help mid-sized developers.

We won’t know the details until December, but I think this system where developers need to apply and get approved to enter the program is just about a vetting process to prevent fraud (e.g. a developer with 10 apps setting up 10 different shell companies to try to get them all commissioned at the 85/15 split).

Previously:

Update (2020-11-19): Michael Love:

The thing about this is that there’s really no way for them to tell, or even really to lay out a clear definition of ‘shell company’ if they had perfect information; you’d have to start arguing about beneficial owners and at what point these companies are actually the same.

Subsidiaries are one thing, but how can they stop me from starting another software company to sell another app I’ve made? It’s a different company with a different name; ownership details would be easy to conceal if I wanted to.

And even if Apple knew that I was the owner of both companies, why would that necessarily disqualify me from the program? Plenty of people own more than one company; two different businesses making two different products.

Apple itself uses shell companies.

Oliver Reichenstein:

15% is still high, but one can run a business at that margin.

[…]

As great as this is for small developers, and as much as this is a first-class PR move… Apple’s concession doesn’t change the big picture. Small to medium-sized companies (at 1M revenue you are still small) are still held back to grow to bigger companies.

As to why the 15% doesn’t work like taxes, David Barnard:

Sensor Tower estimated that 2% of developers would be impacted. Some have multiple apps, so it’s not a perfect calculation, but 2% of 1.8M apps is 36k. $150k/yr gift to 36k apps is $5.4B/yr in pure profit. No way Apple would give that up.

Craig Hockenberry:

An extra 15% for indies is great news!

Dealing with the customer sentiment that 99¢ software is an expensive one-time purchase would be even better.

Gus Mueller:

This is very good news and I’m happy to see a reduction in fees finally happen.

Can we get upgrade pricing next?

David Heinemeier Hansson:

Quote from Cook is beyond cynical. Written in that faux-care style so beloved by lobbyists. Apple is making smaller app developers growl before Apple (this program isn’t even automatic!), such that the abusive tax on payment processing is lowered from 10x to 5x the market rate.

[…]

It also further undermines the fantasy that “App Store rules are the same for everyone!”.

[…]

The root of the issue is the monopoly claim that Apple must process all payments, own all customer relationships.

Jack Nicas:

Tim Sweeney, Epic’s chief executive and another of Apple’s toughest critics, also accused Apple of trying to divide developers. By charging smaller companies less, “Apple is hoping to remove enough critics that they can get away with their blockade on competition and 30 percent tax on most in-app purchases,” he said in a statement. “But consumers will still pay inflated prices marked up by the Apple tax.”

David Heinemeier Hansson:

BUT WHAT DO YOU WANT FROM APPLE!? Simple:

1) The choice to use a different payment processor, so we can have competition. Monopoly platform can’t mean monopoly payments.

2) The right to tell customers that our software is for sale, without linguistic contortions.

Thomas Tempelmann:

To be fair, the real problem for us devs is not that we pay Apple too much, it is that Apple leaves us no choice and has the last word over what we can deliver to an iDevice and possibly soon also to a Mac.

Loren Brichter:

If you ever wonder how old dinosaur companies got fat and started to rest on laurels, you’re watching it in real time with

It’s super frustrating because the hardware is so freaking good, and the strategy should be so freaking obvious.

Tanner Bennett:

The thing everyone is overlooking is that big players still get a better deal than we do. Why do small businesses get only 15% up to $1M while Amazon gets 15% up to infinity?

Tom Conrad:

Scoop: Apple to charge 0% fee for first $1T in revenue from developers who choose to monetize through advertising or via the sale of real world goods and services.

Francisco Tolmasky:

I don’t know why people focus so much on the dev perspective. As a customer, that 15-30% doesn’t materialize into anything worthwhile for me. That 15-30% would make a bigger difference going to new features on that app than towards “AppStore improvements” that never happen.

15-30% on can be the difference between being able to afford a 2 person team or a 3 person team. That could translate to dedicated support for the app vs. the engineers having to split time answering emails. Just from a cold business perspective this is bad for customers.

Brent Simmons:

I’ve been saying it should be 5% for a long time already. 👍

Steve Troughton-Smith:

If other platforms do start adjusting their rates to 15% to match Apple’s terms, it just showcases Apple’s outsized influence and power (direct or indirect) over the entire industry

Ryan Jones:

Once you think of it, the mechanism of “lower fee on $XM” is so obvious.

✓ EXACTLY the right incentives - new apps and creativity

✓ Apple gives up ~nothing (i.e. all the revenue comes from high end)

✓ Users get more better apps

I’m just glad Apple realized it too. Phew.

It makes a lot of sense, but I don’t know why it took Apple so long. This is the same pattern that eSellerate was using when I first started selling Mac apps in 2002.

John Luxford (via Hacker News):

Phones are general computing devices, and as such, should not be maintained as closed ecosystems. This doesn’t benefit users, many of whom are also developers themselves, because it limits our freedom on both sides of the equation. General computing platforms should be protected from such predatory practices by manufacturers through strong government regulations.

[…]

I’ve seen many comments on sites like Hacker News and MacRumours that this isn’t a problem users should care about and that developers should essentially stop whining or take their software elsewhere. But this also limits the choices users have, and it limits the types of apps they get to benefit from. This limitation won’t be felt directly, because you don’t feel the absence of something you never knew you could have. You don’t know what you don’t know.

Update (2020-11-20): Steve Troughton-Smith:

Apple’s rate drop, giving us 21% extra profit on App Store income, just barely compensates for inflation from 2008 to today money (which is just under 21% on USD). If you sold the same app at 99c from then to now, you’re only now earning as much as you were receiving in 2008 😅

Update (2020-11-23): Ken Harris:

Yet another reason not to price an App Store app at $0.99.

For an app priced at $10, and you have control over increments of 10%. At $20, increments are 5%, etc.

Beyond tier 50, you lose precision again. It’s like IEEE754. You want to stay in the middle of the range!

Update (2020-11-24): Apple:

Since Apple announced its new App Store Small Business Program, developers are sharing their positive reactions to the news. Under the new program, which launches January 1, 2021, the vast majority of developers who sell digital goods and services on the App Store can qualify for a reduced 15 percent commission. From focusing on their apps full time, to growing their teams, experimenting with features, and even launching new apps, developers are ready to write the next chapter of innovation and creativity on the App Store.

Tuesday, November 17, 2020 [Tweets] [Favorites]

Does Swift Call the Protocol Extension or Subclass Implementation?

JP Simard:

Pop Quiz, what does this Swift program print?

5 years on, it still takes me a few tries to properly reason through this. Especially in the real world when the code is a bit more spread out or complex to fit in a tweet.

Greg Titus:

What is going on here is that the MyProtocol conformance is on MySuperclass. Thus the witnesses are determined right there, and since MySuperclass doesn’t implement myFunction, the conformance uses the fallback implementation in the extension.

Subclasses don’t/can’t “re-conform”

Previously:

A Hole in the Wall

Callum Booth (via Hacker News):

For all of Apple’s talk of being privacy-first, often its marketing speak doesn’t match up with what it’s actually doing. And the latest example? Well, it’s Apple apps on Big Sur bypassing firewalls and VPNs.

Norbert Heger:

It is your right to know where your computer connects to. To whom it talks. It’s your right to see these connections. It’s your right to allow them. And it’s your right to deny them.

[…]

Three months later we realized, that a number of other Apple services like App Store, Maps or FaceTime also showed this strange behavior of acting invisibly, bypassing the new filter API. So we reported our new findings again on October 1 (FB8762834).

[…]

But hiding these connections completely from the user makes no sense. It contradicts the idea of a transparent and trustworthy system and undermines the user’s trust in that system.

[…]

In the light of the recent public discussions that this topic has triggered we are extremely confident that Apple stands by their word to give users control over their information and will therefore eliminate this kind of whitelisting in a future macOS update.

Jeff Johnson:

I used Little Snitch to diagnose the “OCSP apocalypse” last week.

It’s essential for network extensions to be able to block all network connections, including connections by Apple.

Patrick Wardle:

In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐

Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔

A: Apparently yes, and trivially so 😬😱😭

Previously:

Update (2020-11-23): Maxwell Swadling:

Here is what a boot up of a clean Big Sur install looks like (+ ntp and push sockets). The Yahoo API ping is from spotlight asking what currency conversions are, not related to widgets.

And no you can not opt out of your Mac asking Yahoo what the currency conversion rates are.

All APIs are https, some send locale, Siri locale, software version and hardware string to Apple. Which enables Apple to build a pretty good understanding of international market distribution, current usage of each software version, etc.

Big Sur Application Icons

Craig Hockenberry:

If you’re a developer with a Mac app, you’ve likely heard both of the following support requests in the past few days:

1) “Can you put the old icon style icon back?”

2) “When are you going to update to the new icon style?”

It’s clear that customers want both icon styles.

The older icon style is easier to spot in the Dock (bigger and has a unique shape). More accessible.

The new icon style is more consistent, at the cost of readability. A cleaner look.

I get these questions every time the prevailing icon style changes. My apps have long offered the option to switch the Dock icon at runtime, as some people always prefer a previous style. Unfortunately, the -[NSApplication setApplicationIconImage:] API only works while the app is running.

Panic:

Nova 3 even adds a super cool feature: a customizable dock icon that can automatically switch from “light” to “dark” when your Mac switches appearance.

Logan Collins:

This is using the (now somewhat dated) NSDockTilePlugin API, which is mainly used for calendar apps to show the current date in their icon.

This way works when the app isn’t running, but it requires an extra target/bundle and isn’t allowed in the Mac App Store.

Jeff Johnson:

I’m on Mojave, you maniacs!

Previously:

Update (2020-11-20): Guilherme Rambo:

I’m using NSWorkspace at runtime to change the icon on Big Sur while keeping the same icon on Catalina, precisely for that reason

He’s actually modifying the application package on disk.

Update (2020-11-24): John Gruber:

I would pay $$$ for an update to Transmit whose only new feature was bringing back the good app icon.

Big Sur Notifications

David Sparks:

I like the new notification system a lot better than the prior one. Notifications are grouped better. Both notifications and widgets are on the same screen. Widgets also feel more intentional with the new iOS influenced widget system. This has been a win, and I’m using Notification Center now more than ever.

The grouping is nice, but I don’t like the invisible close boxes, and…

Philipp Defner:

So many options and yet they are all the same.

I think Mojave’s notification design was better. When a new iMessage came in, there were buttons so that I could quickly reply or mark it as read. Catalina and Big Sur take extra clicks.

Marco Arment:

The important actions are now invisible, hidden behind a hover state that requires an extra click (“Options”).

Why?

I know the cost — it’s slower to use and less discoverable.

What are the benefits that make that cost worthwhile?

Peter Kamb:

Wish we could move notifications down 80 pixels... below title bars and tabs.

Would be much less pressing to immediately dismiss them.

Previously:

Update (2020-11-20): Wojtek Pietrusiewicz:

I implore you to fix Messages and replying from a notification. What used to take 1 click on Mojave or Catalina, now requires 3 clicks. It’s actually faster to just open Messages and reply there.

youtube-dl vs. RIAA

Ernesto Van der Sar:

Over the past several years, major music labels have taken legal action against several key players. YouTube-MP3 was shut down after a legal battle while 2Conv and FLVto are currently being sued. At the same time, rightsholders launched an active campaign to remove these sites from Google’s search results.

[…]

“There are 2 types of ‘purges’. The first one is ongoing; if YouTube notices too many requests coming from a single IP address – it blocks that IP. The second type is the ‘grand purge’ which sometimes happens daily, and sometimes two or three times a week,” he says.

Nick Heer:

In a world where Google did not own YouTube — and would, therefore, not have legal accountability for the misuse of licensed materials — would it be so keen to comply with copyright-based requests to remove stream rippers from search listings? I wonder.

theGunrun (via Hacker News):

No way, youtube-dl has just received a DMCA takedown

Looks like it’s was the RIAA that DMCA’d youtube-dl

Parker Higgins:

Holy cow, the RIAA has gotten youtube-dl taken off Github.

I should say: Github has categorized the RIAA letter as a DMCA notice, but it’s not really — that term generally describes communications sent pursuant to §512. This letter is about the §1201, the controversial anticircumvention rules.

The closest example to this RIAA/youtube-dl letter is the one MPAA sent Github to try to shut down Popcorn Time back in 2014. That one cited §512, but relied under the hood on a fairly extraordinary tertiary liability theory

As anyone who has used youtube-dl knows, it is an extremely powerful and useful tool for format-shifting. It’s super popular among archivists and has incredibly broad fair use applications.

[…]

Keep in mind that Youtube has long allowed creators to expressly offer their videos under Creative Commons licenses.

Jason Snell:

This is a disgusting attack on software by @RIAA.

While Youtube-DL is a tool that can be used for piracy, it also has numerous legal applications. I use it almost every week, legally, to do my job.

Peter Higgins (via Hacker News):

Numerous reporters told Freedom of the Press Foundation that they rely on youtube-dl when reporting on extremist or controversial content. Øyvind Bye Skille, a journalist who has used youtube-dl at the Norwegian Broadcasting Corporation and as a fact checker with Faktisk.no, said, “I have also used it to secure a good quality copy of video content from Youtube, Twitter, etc., in case the content gets taken down when we start reporting on it.” Skille pointed to a specific instance of videos connected to the terrorist murder of a Norwegian woman in Morocco. “Downloading the content does not necessarily mean we will re-publish it, but it is often important to secure it for documentation and further internal investigations.”

Andy Maxwell:

According to the RIAA, the “clear purpose” of YouTube-DL was to “circumvent the technological protection measures used by authorized streaming services such as YouTube” and “reproduce and distribute music videos and sound recordings owned by our member companies without authorization for such use.”

As the debate and controversy over the complaint rages on, a company based in the US that operates a YouTube-ripping platform has filed a lawsuit alleging that similar complaints, filed by the RIAA with Google, have caused its business great damage.

Ernesto Van der Sar (via Hacker News):

An RIAA takedown request, which removed the YouTube-DL repository from GitHub, has ticked off developers and GitHub’s CEO. Numerous people responded by copying and republishing the contested code, including in some quite clever ways. Meanwhile, GitHub’s CEO is “annoyed” as well, offering help to get the repo reinstated.

Doc Edward Morbius (via Hacker News):

Under U.S. copyright law, “safe-harbour” provisions immunise service providers from copyright infringement claims, if the provider “takes down” the named content when a claim is received, under 17 USC 512 (c)(1)(C). The safe-harbour protections apply only to hosting of infringing works, and neither youtube-dl nor its test suites infringe on any RIAA or member copyrights as averred in RIAA’s notice. Further, a claim must identify the specific works infringed in the work, (§512 (c)(3)(A)(iii)) which the RIAA’s claim does not.

[…]

At best, youtube-dl’s test suite may be infringing works when run, in which case infringement would accrue to the operator, presumably a tester or Github’s CI/CD process. Even that argument is specious: Given output is discarded, no permanent copy is retained, and the action is for research and development, and numerous Fair Use affirmative defence claims exist under §107, notably (1) and (4), test suite execution falls outside exclusive rights. Any one fair-use test is sufficient, or none at all. Test suite execution could be argued non-infringing under numerous theories, including reverse engineering, research, interoperability, all under §1201, or under general limitations on exclusive rights in §112 (ephemeral recordings), §117 (computer programmes), or elsewhere.

Michael Collins (via Hacker News):

The notice claimed the youtube-dl software was a ‘Anticircumvention Violation’ as well as a violation of YouTube’s terms of service.

[…]

I reached out to previous maintainer Phillip Hagemeister, who had this to say about the incident[…]

Tzlil:

so the CEO of GitHub popped in #youtube-dl a few hours ago, looks like they are trying to get youtube-dl back, i hope this works out

Andy Maxwell (via Slashdot):

While Github says it wants to help the project come back online, the platform is now warning that users reposting its code could find their accounts suspended and potentially banned.

Elliot Harmon, EFF (via Hacker News):

This is an egregious abuse of the notice-and-takedown system, which is intended to resolve disputes over allegedly infringing material online. Again, youtube-dl doesn’t use RIAA-member labels’ music in any way. The makers of youtube-dl simply shared information with the public about how to perform a certain task—one with many completely lawful applications.

Abby Vollmer, GitHub (via Hacker News, Slashdot):

Today we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a Digital Millennium Copyright Act (DMCA) takedown.

[…]

Section 1201 dates back to the late 1990s and did not anticipate the various implications it has for software use today. As a result, Section 1201 makes it illegal to use or distribute technology (including source code) that bypasses technical measures that control access or copying of copyrighted works, even if that technology can be used in a way that would not be copyright infringement. Circumvention was the core claim in the youtube-dl takedown.

[…]

First, we were able to reinstate a fork of youtube-dl after one of the fork owners applied a patch with changes in response to the notice.

Then, after we received new information that showed the youtube-dl project does not in fact violate the DMCA‘s anticircumvention prohibitions, we concluded that the allegations did not establish a violation of the law.

[…]

Going forward, we are overhauling our 1201 claim review process to ensure that the following steps are completed before any takedown claim is processed[…]

[…]

Nonetheless, developers who want to push back against unwarranted takedowns may face the risk of taking on personal liability and legal defense costs. To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims.

John Gruber:

The “additional information” link is a response to the RIAA’s takedown request by the EFF, acting on behalf of the youtube-dl project.

Previously:

Monday, November 16, 2020 [Tweets] [Favorites]

Safari 14.0.1 Is Missing Icons

FrakeTrain:

Still on Catalina 10.15.7 SuppUp and just installed Safari 14.0.1 (15610.2.11.51.10) over 14.0 today, and all my .webloc icon previews are blank. That includes desktop icons, folder icons, and Get Info Preview icons.

Both my .webloc and .webarchive files now show only generic document icons. I’ve heard from others that the files no longer even open, but I’m not seeing that problem. On my Mac, it seems likely purely an icon display issue.

Safari 14.0.1 does fix the services bug that I was seeing, but only for some services.

Previously:

Big Sur Bricking MacBook Pros

Hartley Charlton (tweet, Hacker News):

A large number of late 2013 and mid 2014 13-inch MacBook Pro owners are reporting that the macOS Big Sur update is bricking their machines. A MacRumors forum thread contains a significant number of users reporting the issue, and similar problems are being reported across Reddit and the Apple Support Communities, suggesting the problem is widespread.

Chris Eidhof:

I tried a number of the things that were advised below, but so far, none worked. I’ll try an install from USB next, I guess. It won’t be the end of the world if my data on this machine is lost, but still… makes me sad for my non-developers friends who have to deal with this.

[…]

this is machine is only 2 years old I think.

Previously:

Update (2020-11-17): Becky Hansmeyer:

I still get emails from my college (because I used to work there and they didn’t take me off the mailing list). Got this one from the Help Desk today about Big Sur. 😳

Pol23 (via Hacker News):

Then I closed the screen but the black light was still illuminating the apple on the back of my 2014 13' MBP. I opened it back up andpowered it down. Then tried restareing but got nothing but the black screen, no apple logo..

[…]

All of that lead to nothing. Genius Bar Reservations are hard to obtain during covid times.

Update (2020-11-20): Mr. Macintosh (also: MacRumors):

macOS Big Sur 11.0.1 (20B50) is Live

The only change?

The 2013-14 13" MacBook Pro’s have been removed from the Big Sur Installer compatibility list

Owners complained that the upgrade caused their Mac to boot to an unrecoverable black screen

Juli Clover:

Apple has now addressed this issue in a new support document that provides instructions on what to do if macOS Big Sur can’t be installed on a 2013 or 2014 MacBook Pro machine. Apple suggests Mac owners experiencing these issues unplug external devices, attempt restarting, reset the SMC, and reset NVRAM or PRAM.

[…]

To be safe, those with older MacBook Pro models from 2013 or 2014 should avoid installing the macOS Big Sur update at this time until a more definitive fix becomes available.

Where Is TestFlight for Mac?

Chance Miller:

Apple has updated its TestFlight beta testing application for iPhone, iPad, and Apple TV to version 3.0. The update brings support for automatic updates, as well as stability improvements and bug fixes.

Craig Hockenberry:

New version of TestFlight that’s NOT on the Mac.

After five years of promises, I can only conclude that there’s some underlying issue that’s preventing the release. I’m guessing there’s a vulnerability in one of the services that would be exposed with a debugger/analyzer.

It sucks for every developer who wants to get their products onto the Mac, and hurts Apple’s initiatives like Catalyst.

Previously:

Performance of Rosetta 2 on Apple M1

Frank McShan (tweet, Hacker News):

The new Rosetta 2 Geekbench results uploaded show that the M1 chip running on a MacBook Air with 8GB of RAM has single-core and multi-core scores of 1,313 and 5,888 respectively. Since this version of Geekbench is running through Apple’s translation layer Rosetta 2, an impact on performance is to be expected. Rosetta 2 running x86 code appears to be achieving 78%-79% of the performance of native Apple Silicon code.

Despite the impact on performance, the single-core Rosetta 2 score results still outperforms any other Intel Mac, including the 2020 27-inch iMac with Intel Core i9-10910 @ 3.6GHz.

Chris Randall:

On the whole, our general opinion is that as a producer you won’t really notice (or even be able to tell) whether a plugin or host is running native ARM or in Rosetta 2. The CPU load should be more or less the same; the ARM version may be slightly lower, but this is difficult to measure consistently.

Previously:

Update (2020-11-19): Joe Rossignol:

Microsoft this week indicated that when launching any of its Mac apps for the first time on Apple Silicon Macs, the apps will bounce in the dock for approximately 20 seconds while the Rosetta 2 translation process is completed, with all subsequent launches being fast.

Brendan Shanks:

We’re making it official: @codeweavers CrossOver/Wine runs 32- and 64-bit Windows apps/games on Apple Silicon Macs! And it works today!

Big thanks to the Rosetta folks at Apple and everyone at CodeWeavers for their hard work on this.

Colin Cornaby:

Stuff like this makes me hope that Rosetta sticks around in some form for a very long time. PowerPC wasn’t a bit industry force that required long term compatibility. But the x86 platform will be with us for a long while, even if Apple leaves it.

Intel’s Disruption Is Now Complete

James Allworth (via Marcelo P. Lima, Hacker News):

Indeed, that deal between Apple and Intel was more important for Intel than it could have ever possibly realized. But it wasn’t because Intel had sewn up the last of the desktop computer processor market. Instead, it was because Intel had just developed a relationship with a company that was thinking about what was coming next. And when Apple were figuring out how to power it — and by it, I’m talking about the iPhone — they came to their new partner, Intel, for first right of refusal to design the chips to do.

[…]

Here’s what Otellini decided to do, when presented with the option to power the iPhone:

We ended up not winning it or passing on it, depending on how you want to view it. And the world would have been a lot different if we’d done it,” Otellini told me in a two-hour conversation during his last month at Intel. “The thing you have to remember is that this was before the iPhone was introduced and no one knew what the iPhone would do… At the end of the day, there was a chip that they were interested in that they wanted to pay a certain price for and not a nickel more and that price was below our forecasted cost. I couldn’t see it. It wasn’t one of these things you can make up on volume. And in hindsight, the forecasted cost was wrong and the volume was 100x what anyone thought.

[…]

What about this chart is interesting? Well, it turns out, it bears a striking resemblance to one drawn before — actually, 25 years ago. Take a look at this chart drawn by Clayton Christensen, back in 1995 — in his very first article on disruptive innovation.

SoSoRoCoCo:

As someone who worked on Intel’s phone chip: we definitely didn’t win it. We fucked it up twelve ways to Sunday. Why: giant egos. There were turf wars between Austin, Santa Clara and Israel over who would design it, and the team that won out had long since lost its best principle engineers and had no clue how to spin the architecture to meet the design win. Otellini’s hindsight hedge is pure spin: we knew the landing zone, we just didn’t know how to get there. And the aforementioned turf war guaranteed we didn’t get access to other teams’ talent. I’m bitter because it was a really fun team when I moved from Motorola to Intel Austin, and then it just corroded over political battles.

John Gruber:

It remains to be seen if other ARM chip vendors will surpass the x86 platform in performance and efficiency. But it’s starting to look like that’s inevitable — Apple is just far ahead of the pack.

Tony Fadell:

  • ’92 - Started working w/ ARM at General Magic
  • ’01 - Bought ARM back to Apple by choosing SoC w/ Dual ARMs for the iPod
  • ’08 - Solidified ARM as the future of the iPhone & iPad w/ a showdown vs. Intel “Intel is what Steve wants!” was the refrain by my peers then

Mike Dauber:

Bob Mansfield, Jeff Dauber, and Lynn Young were the ASIC leadership team that came over from Raycer Graphics in ’99. Later augmented by PA Semi. I believe Bob convinced Jobs that Apple needed their own ASIC team. He was right.

Previously:

Friday, November 13, 2020 [Tweets] [Favorites]

Apple Server Outage Makes Mac Apps Hang on Launch

Jeff Johnson:

WTF somehow my TCC seems fucked up on Mojave suddenly, for no apparent reason, no software updates. But only when my internet is connected?

Apps are hanging on launch! Reboot didn’t help.

Jonathan Deutsch:

I’m hitting the exact same thing on 10.15.7 starting ~30 min ago… lots of random hangs only when connected to wifi.

Skylar Lewis:

All of my non-Apple apps became really slow to open as well.

Panic:

😅 Looks like, when apps are launched, Gatekeeper is unable to check their validity over the internet, due to overwhelmed Apple servers.

Jeff Johnson:

I figured out the problem using Little Snitch.

It’s trustd connecting to ocsp.apple.com

Denying that connection fixes it, because OCSP is a soft failure.

(Disconnect internet also fixes.)

Make sure you deny it for both system and user. I ended up having to make 2 rules.

Patrick Wardle:

On Big Sur, trustd is in Apple’s “ContentFilterExclusionList”….meaning firewalls can’t block it! 😭

Welcome to the future? 😱

Jeff Johnson:

If you don’t have @littlesnitch then try /etc/hosts to fix Mac app launching

ocsp.apple.com port 80 is the problem

Nathan H. Leung shows how to do this with vi.

Jeff Johnson:

Don’t confuse Developer ID certificate status (/usr/libexec/trustd to ocsp.apple.com) with notarization (/usr/libexec/syspolicyd to api.apple-cloudkit.com).

Notarization check only occurs on first launch. Online Certificate Status Protocol can occur on any launch.

nut_bunnies:

I thought it was just Catalina being Catalina. I woke my computer from sleep and it couldn’t detect the fucking keyboard or trackpad.

Adam Engst:

It’s quite troubling that an Apple server being down could cause this. My iMac is sludge right now.

Guilherme Rambo, on the System Status page:

🔥 This is fine 🔥

Josh Centers:

It’s very simple: a screwed up server on the other end of the country shouldn’t render your computer unusable.

Łukasz Langa:

I am currently unable to work because macOS sends hashes of every opened executable to some server of theirs and when trustd and syspolicyd are unable to do so, the entire operating system grinds to a halt.

I’m typing this from my phone since the Mac is effectively frozen.

Nilay Patel:

I had three different Macs go sideways today because of a server issue I had no idea was happening. Many thoughts about how much we actually own our computers :(

Jeff Johnson:

Good news, Mac users! Our long international nightmare is over.

People are saying that ocsp.apple.com is back online, and that seems to be true.

Yan Zhu:

don’t block ocsp.apple.com forever because apple uses it to check for revoked notarizations

Jeffrey Paul (via David Heinemeier Hansson, Reddit):

It’s here. It happened. Did you notice?

I’m speaking, of course, of the world that Richard Stallman predicted in 1997. The one Cory Doctorow also warned us about.

On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

See also: Hacker News, 9to5Mac (Hacker News), ArsTechnica, MacRumors, The Verge, Philipp Defner, Nick Heer.

Previously:

Update (2020-11-16): Jeff Benson (via Nick Heer).

This brings with it several privacy concerns. First, because your computer has to send your IP to communicate with Apple, it means Apple can see your IP address and the application you’re trying to use. Second, OCSP uses unencrypted HTTP communications so “any entity with visibility to your macOS-based computer could also observe and/or log these facts.”

Jeff Johnson (tweet, Hacker News):

When you launch a Mac app, macOS may check with Apple’s Developer ID OCSP to see whether the app developer’s code signing certificate is revoked. […] Unfortunately, if there’s an internet connection problem involving the Developer ID OCSP, that can also prevent Mac apps from launching.

[…]

This actually wasn’t the only Developer ID disaster recently. A few weeks ago I wrote another blog post after Apple temporarily revoked HP’s Developer ID cert, which caused a widespread failure of HP printer software.

[…]

The reason I mention the cache period is that it appears Apple has greatly increased it, from 5 minutes to half a day, likely in order to mitigate the problems caused by Thursday’s outage.

[…]

The notarization status is cached permanently and has no expiration, unlike OCSP. Thus, notarization only affects your ability to install new apps, it doesn’t affect your ability to launch already installed apps.

Dave Wood:

I would really like to see a response from @apple on this. They need to acknowledge the problem & what they’re doing to ensure it doesn’t happen again. Bonus points if they explain how they’re not tracking everything we do.

Jeff Johnson:

One bad side effect of blocking ocsp.apple.com is that it can break the Mac App Store[…] because they’re running more than one service on that domain!

Howard Oakley:

We did have an alternative in macOS, which used to maintain a local database of revoked certificates, or so we suspect, until over a year ago. At the height of its use, that database was updated every couple of weeks. So if Apple revoked a certificate being used to sign malicious software, it could take another two weeks or more before that revocation had trickled down to all active Macs. One of the advantages of the newer OCSP approach is that your Mac can block software within minutes of Apple revoking its certificate, something we saw only too well with the recent accidental revocation of some old HP printer software.

[…]

There are fallbacks. If your Mac doesn’t have an internet connection at all, or the route to Apple’s OCSP service is blocked, your apps still open, with their certificates unchecked. It’s when that service isn’t inaccessible, but has failed, that the biggest problems arise. This is a well-known engineering problem, fail-safe design.

As Apple so devastatingly demonstrated last Thursday to millions of Mac users around the world, its design of the trustd signing certificate check doesn’t fail safe in those circumstances.

John Gruber:

Just an embarrassing bug for Apple on a high-profile launch day.

John Gruber:

Apple should publish information about this system in the excellent — but alas, not comprehensive — Apple Platform Security report[…]

Jacopo Jannone:

The problem is that Apple’s responder didn’t go down; it was reachable but became extremely slow, and this prevented the soft failure from triggering and giving up the check.

[…]

To make things worse, it is common for OCSP to use HTTP - I’m talking about good old plaintext HTTP on port 80, none of that HTTPS rubbish. There is usually a good reason for this, that becomes especially clear when the OCSP service is used for web browsers: preventing loops. If you used HTTPS for checking a certificate with OCSP then you would need to also check the certificate for the HTTPS connection using OCSP. That would imply opening another HTTPS connection and so on.

There’s got to be a way to do better than this for Gatekeeper given that Apple controls both ends of the connection.

It is clear that the trustd service on macOS doesn’t send out a hash of the apps you launch. […] macOS does actually send out some opaque information about the developer certificate of those apps, and that’s quite an important difference on a privacy perspective.

For privacy purposes, I think it’s a distinction without much difference. Rather than your Mac broadcasting that you launched a particular version of the Signal app, it broadcasts that you launched an app from Signal Messenger, LLC.

David Heinemeier Hansson:

I don’t see how this makes anything better? Sending a global unique hash of the developer certificate in the clear still allows both Apple to keep a log and anyone the power to snoop. This is fundamentally busted. Apple should send ban lists to the user.

Apple (Hacker News):

Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.

These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections

Nick Heer:

The prior version is available on the Internet Archive.

So they were logging the IPs. And they don’t deny using aggregate information about what users are launching, e.g. to get competitive data. In typical Apple fashion, the only acknowledgement that there was a problem is via a quote given to a third-party site (also: MacRumors, Hacker News):

What caused the OCSP server problem? Apple says it was due to a server-side misconfiguration that specifically interfered with macOS being able to cache OCSP responses for Developer ID. This configuration error, along with an unrelated content delivery network (CDN) misconfiguration, is what caused the slow performance for apps to launch.

The people who discovered and publicized the issue don’t get to break this news.

David Heinemeier Hansson:

This is a very welcome admission by Apple that the current system is deeply flawed, and the changes promised are solid improvements. But why does shit like this always have to be let out to back door with an obscure update to an Apple help site article?

It’s not clear whether the new preference will be for OCSP’s successor, notarization, or both.

Paul Haddad:

I know lots will make fun of “over the the next year” being fast, but I’m impressed that in just a few days Apple acknowledged a problem and promised a fix. That’s fast for them, its not an incident report, but its progress?

Howard Oakley:

What I attempt in this article is a coherent account of how macOS checks executable code before it’s loaded and run, in macOS 10.15 and 11.0.

Phil Vachon (via Hacker News):

Mayhem ensued, and after the issues were cleaned up, many questions remained about the implications of this failure. But first, let’s take a look at the mechanisms involved in authenticating an application package, at the most fundamental level.

[…]

Perhaps more transparency would help ease peoples’ concerns around misuse of their data. Having an auditable third-party run the OCSP responders for app certificate checks would assuage peoples’ concerns that Apple is misusing this data.

Waiting to Update to Big Sur

Howard Oakley:

Many experienced Mac users like to leave it a while before committing their main, production Mac to a new version of macOS. This article looks at some of the issues involved, with particular reference to Big Sur. If you still want to be an early adopter, then this article gives practical advice on what you should do to prepare for the upgrade.

[…]

As with Catalina, upgrading to Big Sur involves commitment. Should it prove a disaster, the road back isn’t quick or easy: you’d need to reformat your boot disk and install a fresh copy of the previous version of macOS. It’s also worth noting that, however alluring it might be that Big Sur can make Time Machine backups to APFS volumes, those are incompatible with previous versions of Time Machine, and converting old backups for use with Big Sur is also likely to be a one-way trip.

Dave Nanian:

It’s never a good idea to update to a just-released major OS version unless you have to. Nobody knows how reliable Big Sur is going to be for regular users. Let someone else find out before you take the jump.

On our end, SuperDuper! will not be compatible with Big Sur on day of release.

Rich Trouton:

Not yet ready for macOS Big Sur in your environment, but you’ve trained your folks to look at the Software Update preference pane to see if there’s available updates?

[…]

You can block it from appearing using the softwareupdate --ignore command, but for macOS Catalina, Mojave and High Sierra, that command now requires one of the following enrollments as a pre-requisite:

  • Apple Business Manager enrollment
  • Apple School Manager enrollment
  • Enrollment in a user-approved MDM

Previously:

Update (2020-11-16): See also: Slashdot.

Dave Nanian:

As if it wasn’t bad enough, Big Sur’s Disk Utility makes it frustratingly hard to wipe a drive when people want to roll back from Big Sur to Catalina, Mojave, etc.

Do we really have to pay so little attention to these things? I know everything new is perfect, but really.

Native Instruments (via Hacker News):

Using a TRAKTOR KONTROL S4 MK3 on macOS 11 (Big Sur) can cause malfunction and potentially damage your controller! We are working together with Apple to find a solution to this problem.

The rare software problem that can cause a hardware problem.

Update (2020-11-17): macmule:

As forewarned in my prior post, here’s a post detailing methods to block tof macOS Big Sur.

In truth, the majority of this post will be rehashing items mentioned in previous post titled: Blocking macOS Catalina with Jamf Pro.

Update (2020-11-20): Adam Engst:

Unfortunately, there’s no Apple-provided way to make that System Preferences badge go away, so it constantly reminds the user that an update is waiting. That’s problematic because it teaches users to ignore the badge, which could prevent them from installing a critical security update in the future. It’s also a visual distraction. The macOS interface shouldn’t be cluttered with information that the user has deemed unnecessary.

[…]

With macOS 11 Big Sur, Apple seems to have taken the upgrade nags a step further. In the Updates screen of the App Store app, most Mac users will be offered an update to GarageBand 10.4.1. However, if you haven’t yet upgraded to Big Sur, trying to update GarageBand will result in an admonishment that the update isn’t compatible with previous versions of macOS.

[…]

This is shoddy behavior on Apple’s part. That softwareupdate -ignore command should be given back to everyday users. The App Store app should reliably tell you when there are updates available for your Mac. Advertising an update that a Mac can’t install is at best unnecessary.

macOS 11.0 Big Sur Released

Apple (Hacker News, Slashdot):

macOS Big Sur, the latest version of the world’s most advanced desktop operating system, is now available to Mac users as a free software update. Big Sur introduces a beautiful redesign and is packed with new enhancements for key apps including Safari, Messages, and Maps, as well as new privacy features. And Big Sur has been engineered, down to its core, to take full advantage of all the power of the M1 chip to make the macOS experience even better for the new 13-inch MacBook Pro, MacBook Air, and Mac mini. The combination of Big Sur and M1 truly takes the Mac to a whole new level with incredible capabilities, efficiency, and more apps than ever before, while maintaining everything users love about macOS.

See also:

Previously:

Evernote Goes Electron

Evernote:

We’re excited to share the all-new Evernote app for Mac. The new app provides a more modern appearance and streamlined Evernote experience.

Ilja A. Iwas:

If you have been relying on AppleScript to export your data from @evernote, you might be in for a surprise after the upgrade to version 10. Sidenote: Built with Electron Framework. 😭🤦‍♂️

Previously, you could import from Evernote to EagleFiler just by selecting the notes and pressing EagleFiler’s capture hotkey. But that feature relies on AppleScript, which was removed in the switch to Electron.

Evernote 10 also no longer supports local notebooks or exporting to standard formats like HTML. However, you can still export to ENEX format and use EagleFiler to convert the ENEX to RTF files. If the notes have embedded images, you’ll instead get RTFD files.

Previously:

Thursday, November 12, 2020 [Tweets] [Favorites]

Apple M1 Benchmarks

Juli Clover (tweet, Hacker News):

In comparison to Macs, the single-core performance is better than any other available Mac, and the multi-core performance beats out all of the 2019 16-inch MacBook Pro models, including the 10th-generation high-end 2.4GHz Intel Core i9 model.

Though the M1 chip is outperforming the 16-inch MacBook Pro models when it comes to raw CPU benchmarks, the 16-inch MacBook Pro likely offers better performance in other areas such as the GPU as those models have high-power discrete GPUs.

Andy Somerfield:

Apple M1 chip benchmark vs. 6-core 3.7ghz 2019 iMac with AMD 580X in @affinitybyserif Photo - if I hadn’t measured the CPU number myself I wouldn’t believe it 😂A monster..

Steve Troughton-Smith:

Also — bear in mind that Apple’s other two M1 machines have active cooling, which could mean even higher benchmark performance. These are incredibly fast chips.

Previously:

Update (2020-11-16): Hartley Charlton (tweet):

Apple’s M1 processor often surpasses the graphics performance of desktop GPUs, including the Nvidia GeForce GTX 1050 Ti and AMD Radeon RX 560, according to a new benchmark submission spotted by Tom’s Hardware.

[…]

It is worth noting that GFXBench 5.0 benchmarks are primarily used to test mobile devices, and the GeForce GTX 1050 Ti and Radeon RX 560 are older GPUs. Nonetheless, the M1 contains integrated graphics and the fact that it can surpass 75W desktop graphics cards is impressive.

Colin Cornaby:

  • This is very good performance for an integrated GPU
  • This is not great performance vs desktop GPUs. The 560 is ancient history at this point.

Apple is still shipping it on iMacs, though.

Update (2020-11-23): Juli Clover:

The new M1 Macs are now arriving to customers, and one of the first people to get the new M1 13-inch MacBook Pro with 8-core CPU, 8-core GPU, and 8GB unified memory has run a much anticipated R23 Cinebench benchmark on the 8GB 13-inch MacBook Pro with 512GB of storage to give us a better idea of performance.

Ryan Jones:

A guy in Australia is testing M1 MacBook Pro vs iMac Pro by exporting H.265 10bit video...

$7k iMac Pro = 11m 30s
$1.2k MacBook Pro = 10m 20s

Oh, and the iMac Pro has 128GB of ram and the MacBook has 8GB.

Andrei Frumusanu (Hacker News):

The performance of the new M1 in this “maximum performance” design with a small fan is outstandingly good. The M1 undisputedly outperforms the core performance of everything Intel has to offer, and battles it with AMD’s new Zen3, winning some, losing some. And in the mobile space in particular, there doesn’t seem to be an equivalent in either ST or MT performance – at least within the same power budgets.

What’s really important for the general public and Apple’s success is the fact that the performance of the M1 doesn’t feel any different than if you were using a very high-end Intel or AMD CPU. Apple achieving this in-house with their own design is a paradigm shift, and in the future will allow them to achieve a certain level of software-hardware vertical integration that just hasn’t been seen before and isn’t achieved yet by anybody else.

Christian Selig:

Damn, @Dave2D coming in clutch with the Xcode build time tests on the new Apple Silicon Macs. That’s just nuts. I really want one to replace my aging Mac but am going to wait for the 16”.

Matthew Panzarino (tweet):

After a single build of WebKit, the M1 MacBook Pro had a massive 91% of its battery left. I tried multiple tests here and I could have easily run a full build of WebKit 8-9 times on one charge of the M1 MacBook’s battery. In comparison, I could have gotten through about 3 on the 16” and the 13” 2020 model only had one go in it.

Rik Arends (via Hacker News):

It’s hard to believe, a hot running fan blasting i9 loses by a factor 2 in a real world Rust compile from a passively cooled M1 macbook air. This has consequences.

Arnold Kim:

The benchmarks confirm that the new MacBook Air SSD is approximately twice as fast as the previous model with 2190 MB/s writes and 2675 MB/s reads. Apple did announce this performance boost when launching the new machine, and attributed the improved speed to the M1’s storage controller as well as new flash technology[…]

The 2019/2020 Intel MacBook Air was criticized for actually offering a slower SSD than the 2018 model. The 2019/2020 MacBook Air SSD speeds were 1319 MB/s reads and 1007 MB/s writes.

Ken Case:

Building one of our iOS apps from scratch, 3x, on Intel Macs vs. M1 Macs:

  • Intel MBP (2020, 32GB): 9:58, 10:08, 9:59
  • Intel mini (2020, 64GB): 9:17, 8:20, 8:23
  • M1 Air (16GB): 5:49, 6:14, 6:17
  • M1 mini (16GB): 5:44, 5:36, 5:34

See also: Wojtek Pietrusiewicz.

David Smith:

This 13" Silicon MacBook Pro is the first computer I’ve ever used that is faster than my “Distraction Threshold”…where the time between hitting Build+Run and the app launching is too short for my mind to wander, which has been fantastic for my focus the last few days.

John Voorhees:

The Pixelmator team says ML Super Resolution can be accomplished up to 15 times faster on an M1 Mac than was possible before.

Steve Troughton-Smith:

Real ‘wow’ moment; try changing the resolution on an M1-based Mac, or attaching an external display — no blanking, just instant

Tyler Stalman:

Currently editing 45 megapixel photos w/lots o’layers on the new #M1 MacBook Pro 13”, 8GB of ram

Zero lag, no slowdowns, no fan noise. I’d never guess this machine wasn’t way higher end and more expensive

And Photoshop is still running in emulation 😵

Paul Hudson:

My Unwrap project (13k lines Swift, 10k Obj-C, more) was 19.5s on Intel vs 11.7 on M1.

AudioKit (39k C, 27k Swift, 12k C++) was 73s on Intel vs 31 on M1.

Paul Haddad:

Performance wise the MBA M1 is 💯. Haven’t experienced any throttling, easily faster than any real Macs I’ve ever used.

It’s not however the fastest OS X experience I’ve had, a beefed up desktop PC hardware (10+ cores) can beat it.

Helge Heß:

A fresh debug build of Noze.io takes 20secs on the M1 Mini, and 35secs on the 6 core i7 (other specs the same, 16/512). So almost twice as fast on compilation. Price (net): M1 €1058, i7 €1660 (Jan 2019)

Valtteri Koskivuori:

So @jcs helped benchmark my C-ray renderer on the Apple #M1 Chip. This image was rendered by the M1 MacBook Air in 29.44 seconds! For reference, my 2019 16" MBP (i9-9750H) did it in 38.74s seconds and my 2018 13" MBP (i5-8259U) did it in 53.14s. That new Air is ridiculously fast!

Juli Clover:

We’ve seen endless speed tests, but we thought we’d pit the M1 13-inch MacBook Pro against the model that it’s replacing, the 2020 13-inch MacBook Pro with 1.4GHz quad-core Core i5 processor, Intel Iris Plus Graphics 645, and 8GB RAM.

Maxwell Swadling:

MacBook Air finally arrived! It runs my z3 solvers about 20% faster than an i7. And a lot colder! Nice! CMD+F1 to enable screen mirroring is much faster now! Pretty much instant.

David Heinemeier Hansson:

You don’t sit around thinking “oh, browsing the web is slow on my decked-out iMac”, but then you browse with the M1, and you’re like, DAMN, I can actually feel that +50%. 224 on Speedometer 2.0 is just 🤯

Savannah Reising:

Take a look at the performance improvements we saw when running Astropad and Luna on M1[…]

Luke Miani:

Quick Minecraft test... even the MacBook Air running at 10 watts, without a fan, through a translation layer, is running 60fps at native res without getting warm at all. Apple Silicon is nuts lol

Francisco Tolmasky:

An sad but inescapable conclusion from the impressive launch of the M1 is just how much Apple squandered the potential of the iPad. The iPad has had amazing performance for a while, so why is the M1 a game changer? Because it’s finally in a machine we can actually do things on.

Wednesday, November 11, 2020 [Tweets] [Favorites]

Google Photos to End Unlimited Storage

Shimrit Ben-Yair:

Starting June 1, 2021, any new photos and videos you upload will count toward the free 15 GB of storage that comes with every Google Account or the additional storage you’ve purchased as a Google One member.

Amber Neely:

When Google Photos launched in 2015, the tech giant had originally offered users the ability to upload an unlimited amount of photos at “high quality.”

Nick Heer:

Notably, photos taken with Pixel phones will remain exempt from storage limits, albeit in “high quality” mode. Around the same time last year, Google ended unlimited full-quality photo backups.

Casey Newton:

Also seems notable that free Google photo storage helped to drive tons of startups out of this market — Everpix, Loom, Ever, Picturelife. Now that they’re gone, and Google is tired of losing money on Photos, the revenue switch flips.

Previously:

Update (2020-11-17): Sean Hollister:

While the company said yesterday that previous Pixel phones could still upload those photos for free after Google axes unlimited storage on June 1st, 2021, Google confirmed to us that any future Pixels you buy will not come with those free uploads.

John Gruber:

That “five years” link makes clear that “free and unlimited” was a big part of the appeal of Google Photos all along. And it’s not really a 5-year-old product — Google bought Picasa back in 2004, 16 years ago, and they’ve been giving away some version of free hosted photo storage ever since. And they’ve surely lost billions of dollars doing so.

Hide My Bar 1.5

ClemStation (via Dave Teare):

Double press a control key to Turn off the Touch Bar and keep focusing on your current task.

Don’t let an accidental tap on the Touch Bar slow you down or ruin your work. With Hide My Bar never hit the Touch Bar by accident, again!

ClemStation:

The API used to turn off the Touch Bar is private and Apple only allows use of public APIs for apps to be published on the App Store.

Francisco Tolmasky:

Also, I love that the TouchBar has fully grown into a bizarre Pro-only feature that Pros hate but that’s excused away as “you don’t get it because it’s for the average user!”

Previously:

Mask-wearing Sticker Apps Now Approved

Sean Hollister:

How could a friendly sticker wearing a mask be an inappropriate reference to COVID-19, particularly when Apple has its very own mask-wearing emoji? That was the question on my mind, so I reached out to Apple yesterday.

This morning, Apple replied that not only does the company not have any rules about mask-wearing stickers, but that both of these examples are totally OK — and both developers have since confirmed that Apple has approved their apps.

[…]

It’s not quite clear why they were rejected to begin with, but Apple says it’s been careful only to let medical institutions and official health agencies mention “COVID-19” in their app names or metadata[…]

Previously:

The Apple Silicon M1

Andrei Frumusanu:

The new processor is called the Apple M1, the company’s first SoC designed with Macs in mind. With four large performance cores, four efficiency cores, and an 8-GPU core GPU, it features 16 billion transistors on a 5nm process node. Apple’s is starting a new SoC naming scheme for this new family of processors, but at least on paper it looks a lot like an A14X.

[…]

What really defines Apple’s Firestorm CPU core from other designs in the industry is just the sheer width of the microarchitecture. Featuring an 8-wide decode block, Apple’s Firestorm is by far the current widest commercialized design in the industry.

[…]

A +-630 deep ROB is an immensely huge out-of-order window for Apple’s new core, as it vastly outclasses any other design in the industry.

[…]

Exactly how and why Apple is able to achieve such a grossly disproportionate design compared to all other designers in the industry isn’t exactly clear, but it appears to be a key characteristic of Apple’s design philosophy and method to achieve high ILP (Instruction level-parallelism).

[…]

Apple’s usage of a significantly more advanced microarchitecture that offers significant IPC, enabling high performance at low core clocks, allows for significant power efficiency gains versus the incumbent x86 players.

Robert Graham:

In short, Apple’s advantage is their own core design outpacing Intel’s on every measure, and TMSC being 1.5 generations ahead of Intel on manufacturing process technology. These things matter, not “ARM” or “RISC” instruction set.

Howard Oakley:

GPUs are now being used for a lot more than just driving the display, and their computing potential for specific types of numeric and other processing is in demand. So long as CPUs and GPUs continue to use their own local memory, simply moving data between their memory has become an unwanted overhead. If you’d like to read a more technical account of some of the issues which have brought unified memory to Nvidia GPUs, you’ll enjoy Michael Wolfe’s article on the subject.

Apple:

Learn how developers updated their apps for Apple silicon Macs and began taking advantage of the advanced capabilities of the Apple M1 chip.

Apple:

Discover the advances in Metal performance and capability delivered with the Apple M1 chip on Apple silicon Macs. Apple M1 unites the top-end graphics and compute abilities of discrete GPUs with the features and power efficiency of Apple silicon, creating entirely new opportunities for developers of Metal-based apps and games on macOS. We’ll explore the Metal graphics and compute fundamentals of Apple M1, then take you through four important Metal features to make your Mac apps really shine on Apple silicon: tile shading, memoryless render targets, programmable blending, and sparse texturing.

Previously:

On Apple’s SwiftUI Header File Documentation

Conrad Stoll:

The Swift programming language may have gotten rid of the compiler’s need to define a real header file but it didn’t get rid of the programmer’s need to have clear and orderly descriptions of types and what they can do. When I started experimenting with SwiftUI my instinct was to start command clicking on types to learn from their definitions. This time though, command clicking didn’t help me. When you jump to the definition of a type in SwiftUI you end up in the 22,000 line definition of SwiftUI itself.

You actually can discover some of the modifiers and important types there that you need to use, but the lack of structural organization and the sheer scope of of the definition file keeps the information feeling like it’s trying to hide from you.

I have yet to be able to solve any kind of non-trivial SwiftUI problem on my own inside of Xcode. For every issue I run into I’m falling back to the time-tested practice of google searching for a tutorial that happens to mention the name of a modifier that I need to know.

Previously:

Tuesday, November 10, 2020 [Tweets] [Favorites]

Apple Silicon: The Roads Not Taken

Jesper:

Raspberry Pi-like, “tinkerer-friendly” Mac, for under $100.

[…]

A Mac mini the size of the Apple TV, for $199, with 4GB RAM, 64/128 GB of iPhone-like storage, hardly any I/O, and probably an A12, A13 or A14.

[…]

Take the current Mac mini, make it a bit smaller and make it affordable. Again – the Intel tax is gone, and Apple, if they want to, can churn out silicon in large scales by themselves already. The first Mac mini was $499 – there’s no reason the first ARM Mac mini can’t be.

[…]

All of these products essentially are based on this: there’s an Apple that makes iPhones for $399 with industry-leading performance, and there’s an Apple that sells wheels for almost twice that price. It’s up to Apple to define what they want to sell and how they want to market it, and heading into a transition where you drop a hardware partner for your own designs is a perfect time to choose a new tack.

Sebastiaan de With:

Cool performance bump for the MacBook Pro, but today’s PC laptops have fantastic screens with tiny bezels. Face unlock. Touchscreens and pencils. 4G modems. Tons of awesome features. This looks like a faster MacBook Pro from 2015 with a tiny touchbar nobody wants.

Frank Reiff:

Perhaps the most puzzling thing is that they haven’t made a successor to the 12” MacBook. That would have been amazing. The only things wrong with it were the performance, the single port and the keyboard: all things that they could have solved with the M1.

Frank Reiff:

For those who hoped that Apple was going to use the Apple Silicon transition to course correct on issues such as ports, Touch Bar and perhaps introduce a new design language or new iOS features such as FaceID, tonight was a bitter disappointment.

Previously:

Update (2020-11-20): Samuel Axon:

And FYI: we also asked if Apple plans to introduce cheaper Macs, on the assumption that using its own silicon is more economical. “We don’t do cheap—you know that,” Joswiak admitted. “Cheap is for other people, because we try to build a better product.”

The question wasn’t about Apple making Macs that were cheap, just cheaper than the current ones.

Update (2020-11-23): Tanner Bennett:

People need to stop using the word “cheap(er)” when talking to Apple execs. Ask them about affordable Macs.

One More Thing: Apple Silicon Macs

Apple (MacRumors, Hacker News):

Apple today announced M1, the most powerful chip it has ever created and the first chip designed specifically for the Mac. M1 is optimized for Mac systems in which small size and power efficiency are critically important. As a system on a chip (SoC), M1 combines numerous powerful technologies into a single chip, and features a unified memory architecture for dramatically improved performance and efficiency. M1 is the first personal computer chip built using cutting-edge 5-nanometer process technology and is packed with an astounding 16 billion transistors, the most Apple has ever put into a chip. It features the world’s fastest CPU core in low-power silicon, the world’s best CPU performance per watt, the world’s fastest integrated graphics in a personal computer, and breakthrough machine learning performance with the Apple Neural Engine. As a result, M1 delivers up to 3.5x faster CPU performance, up to 6x faster GPU performance, and up to 15x faster machine learning, all while enabling battery life up to 2x longer than previous-generation Macs. With its profound increase in performance and efficiency, M1 delivers the biggest leap ever for the Mac.

Apple (MacRumors: Air, Mini, Pro, Hacker News, Slashdot):

Apple today introduced a new MacBook Air, 13-inch MacBook Pro, and Mac mini powered by the revolutionary M1, the first in a family of chips designed by Apple specifically for the Mac.

David Smith:

fun fact: retaining and releasing an NSObject takes ~30 nanoseconds on current gen Intel, and ~6.5 nanoseconds on an M1…and ~14 nanoseconds on an M1 emulating an Intel 😇

Rich Siegel:

After the whole “iOS 14 is shipping tomorrow” thing, macOS developers get a whole extra day!

Previously:

On Apple’s Piss-Poor Documentation

Casey Liss (tweet, Hacker News, Slashdot):

For the last year or two, I’ve come to realize that the number one thing that makes it harder for me to do my job is documentation. Or, more specifically, the utter dearth of documentation that Apple provides for its platforms.

[…]

The march of progress doesn’t help, either. As my friend Adam Swinden pointed out to me on Twitter, as old APIs get deprecated, often times the new ones can’t be bothered to include documentation. Check out the difference between this API and the one that replaces it.

The number one thing for me is APIs that simply don’t work, but documentation is probably number two.

Previously:

Apple Developing Web Search Technology?

Tim Bradshaw and Patrick McGee:

In a little-noticed change to the latest version of the iPhone operating system, iOS 14, Apple has begun to show its own search results and link directly to websites when users type queries from its home screen.

That web search capability marks an important advance in Apple’s in-house development and could form the foundation of a fuller attack on Google, according to several people in the industry.

Dan Moren:

In some ways, it’s probably better to think of this as an extension of the Spotlight search technology that Apple’s been building out for the last fifteen years. It just happens to include search results for the web alongside results from your own data.

[…]

I pretty quickly turned off some of iOS 14’s new search features, because I found it annoying to have web search results pop up when I really just wanted to search for something on my iPad.

Nick Heer:

This seems to refer to Siri web suggestions that used to only display within the Safari address bar but are now in Spotlight. As far as I can tell, these are exactly the same suggestions but surfaced in a different place.

[…]

Bradshaw and McGee make no reference to having any sources at Apple, only quotes from a handful of people in adjacent businesses. Maybe they have background information from people who are familiar with Apple’s efforts, but nothing is cited in this article. The claim that Apple is, perhaps, working on a direct competitor to Google’s web search engine appears to be nothing more than speculation about what Apple could do from people who believe that it is something Apple is doing. That position seems to be predicated on regulatory pressures and recent hires[…]

Previously:

Slingbox Discontinued

Walt Mossberg:

The @slingbox, which let you view your home cable TV on a PC anywhere, has been discontinued. It was an innovative, exciting product from a small startup.

[…]

Its time has now gone, but it was the very kind of small company innovation many wish for today. Here’s my review of that first Slingbox model in 2005[…]

Slingbox (via Hacker News):

Slingbox servers will be permanently taken offline 24 months after the discontinued announcement date (November 9, 2020), at which point ALL Slingbox devices and services will become inoperable.

[…]

Customer data will be handled in accordance with all applicable laws and regulations.

Does that mean they’re going to sell it, where legal?

Nick Heer:

You’re going to think that I am taking these questions out of context on Slingbox’s FAQ but I promise you that I am not[…]

Monday, November 9, 2020 [Tweets] [Favorites]

iSH and a-Shell vs. the App Store

iSH:

iSH is a project to get a Linux shell environment running locally on your iOS device, using a usermode x86 emulator.

I saw lots of people raving about this app over the last several days but assumed it would not be allowed to stay in the App Store. I don’t think it’s dangerous, or that it violates any specific rule, but it just seems like the kind of cool thing Apple wouldn’t like.

Theodore Dubois et al. (via Longhorn, Hacker News, Malcolm Owen):

On Monday, October 26th, just four days after we launched iSH on the App Store, we received a call from Apple informing us that they had found our app noncompliant with section 2.5.2 of the App Store Review Guidelines and that they would remove the app from sale if we did not submit a satisfactory update within two weeks.

[…]

Apple believes iSH is not compliant with section 2.5.2 of the App Store Review Guidelines, which governs applications which download and run executable code. Specifically, they believe that iSH “is not self-contained and has remote package updating functionality”, and suggest that we should “remove the remote network activity functionality which could allow for remote code importing into the app, such as wget or curl, or other remote network commands”. Additional communication with Apple has indicated that they believe that iSH is a security concern if we allow any sort of code importing by the user.

You would think there would be case notes or a way to contact the original reviewer to see why it was approved in the first place.

a-Shell (via Federico Viticci, Reddit, Hacker News):

FYI, Apple sent a-Shell a similar notice of termination a few days ago. Our appeal is still pending. The commands we would have to remove to stay in the AppStore are curl, pip and wasm.

Saagar Jha:

Scripting applications consist of two parts: a frontend that accepts code from the user, and a backend that runs it. As generating native code is generally disallowed for third-party apps distributed on the App Store, the backend is usually some sort of Turing-complete interpreter. Under the original “section 2.7” guideline, such apps would not be allowed on the store, as they would allow the addition of new code and thus violate the guidelines. However, it is important to note that these apps do not actually have the issue that the guideline was meant to solve: the app itself—neither the frontend nor the backend—changes, and scripts are user- and not developer-generated.

In recent years a number of factors have caused the guidelines to evolve into the 2.5.2 rules we have today—likely a combination of pent-up demand for being able to write scripts on iOS, Apple releasing their own scripting apps to the App Store, and the creation of a number of high-quality apps that ostensibly did not meet the guidelines but were “harmless” started getting accepted.

[…]

This situation is made worse when the “violation” is a misinterpretation of section 2.5.2 by the review team, especially because they are not equipped to handle such cases and create nonsensical rejections. For example, iSH was once rejected with the rationale that “During review, your app installed or launched executable code, which is not permitted on the App Store.” The template itself clearly outlines the case it is meant to apply—an app that is installing code by itself, to bypass review—but in the case of iSH the reviewer chose to install code and then complained that the app did what they told it to do. In a second case we removed the package manager from iSH, but the reviewer used the wget tool to redownload it and then rejected the app because they “found that [our] app is not self-contained and has remote package updating functionality”—functionality that the reviewer added themselves and then decided to enforce the rules on. Rejecting a drawing application for what the user can draw in it is absurd, but this is exactly how section 2.5.2 is used to reject legitimate scripting applications.

Theodore Dubois:

iOS developers know that the guidelines are merely suggestions, and you can only really find out the real rules by submitting an app for review, getting a rejection, and then asking for clarification. We had guessed Apple might flag the app under 2.5.2, but this confirmed that there’s an unwritten subrule of 2.5.2 covering package management functionality.

[…]

I asked whether removing apk would be enough, and he gave what I’ve learned is the default non-answer of App Review: “we can’t pre-approve your app, but submit it and see what happens.” So that’s what we did.

[…]

The call came from someone I’ll call Mike, who told us that “wget” is also a form of package management.

[…]

Since Mike kept talking about “remote code importing,” I asked if local code importing would be a different situation. The answer he got was interesting: any kind of code importing would not be appropriate because it would create an alternative App Store.

[…]

When asked specifically “are you saying copy/paste is OK while drag/drop is not,” he asked the tech folks who declined to answer (“we can’t pre-approve anything”). He also brought up a bizarre-sounding “core concern” that that a Linux terminal on iOS is a security risk.

[…]

With time running out, we tried submitting an App Review Board appeal, but heard nothing back—not even a message saying they were looking into it and would extend the deadline.

qwertyoruiop:

it’s pretty awful that in 2020 Apple still pretends things like this are done for security when the App Store reviews as a whole are basically a joke security-wise

Marco Arment:

iOS power users are so devoted, and so desperate for a proper terminal environment, that they made this incredible x86-emulator app with an entire Linux stack inside of it.

Instead of celebrating the skill and dedication of their most enthusiastic customers, Apple is killing it.

iOS apps are so rigidly and securely kept inside of their own containers that this literally can’t do any harm.

It’s an open-source tool for power users and enthusiasts that harms nobody and gives people a feature that Apple will never offer.

Adam Demasi:

iSH threw a revolution at the iOS platform at no cost to users or Apple, but instead of embracing this amazing work, Apple wants it gone.

Insanely useful apps like iSH get the run around with App Review, get forced to water down features to comply, and often still get removed.

Meanwhile, Apple’s Playgrounds app can execute code from the internet in a secure XPC process (private API).

Remember this when you hear Tim Cook say Apple apps don’t get special privileges.

Riley Testut:

There’s a reason @iSH_app is one of the most popular apps on @altstoreio — it really pushes the boundaries of the platform but in an entirely safe way. A big loss for the App Store

Kyle Howells:

Apple fights so hard to prevent iPads from ever reaching parity with real computers.

Adam Bell:

This is so saddening how hard their rules clamp down on dev tools.

iSH isn’t trying to be an AppStore competitor and banning its ability to import code is just so arbitrary… where does the line get drawn? What happens to all scripting apps?

What if I’m learning to code on an iPad and want to learn crypto? Am I expected to retype OpenSSL?

[…]

I really miss the days where people could push these devices past what Apple deems “enough”. The complexity and craft that went into iSH is worth celebrating IMO

Khaos Tian:

What’s worse is that with Apple keep pushing into education market with iPad, the younger generation will no longer have a device that they can go in depth and explore behind the scene stuff… The hacking culture that makes computer fun is fading away quickly.

Jason Snell:

This ruling is inconsistent with the policy for a bunch of scripting apps. The developer is doing it the right way. They should be allowed to continue. (Also iOS should just have a shell, provided by Apple.)

iSH:

We got a call this evening from someone who runs App Review. They apologized for the experience we had, then told us they’ve accepted our appeal and won’t be removing iSH from the store tomorrow.

Peter N Lewis:

Apple should just change the App Store guidelines to directly reference your Twitter follower count. If you or someone you know has a follower count > 10,000 then you can request an App Review (and they will take it seriously), otherwise, tough shit, no review for you.

Previously:

Update (2020-11-10): Russell Ivanovic:

rUnNInG tO ThE MeDIa NeVEr WoRkS.

Glad to see Apple reverse course but getting a bit sick of this escalation and de-escalation only when they get caught. Can’t even imagine how many developers must just go quietly into the good night…

mikemee:

Or who don’t try anything interesting or innovative, for fear of wasting effort and time, or worse.

E.g. if an app update can be rejected for detailed release notes, why spend time coding something interesting. (Dropped sync between Google, Amazon & Apple for that reason)

Update (2020-11-17): a-Shell:

Appeal granted! 🎉🎉🍾🍾

We’re staying in the AppStore too.

Updating to Catalina, Finally

Yesterday, I finally updated to Catalina, straight to 10.15.7 with the supplemental update. It still has issues, but they no longer outweigh not being able to run Xcode 12 directly from 10.14.

The best part so far is being able to run NetNewsWire 5.1, which has some great new options for only showing unread feeds and articles.

The worst part so far is the backup situation. It’s no longer possible to directly make an encrypted clone with Carbon Copy Cloner or SuperDuper. Even if you have an existing clone from a previous version of macOS, you can’t Smart Update it. You have to first clone to an unencrypted container, then boot from the backup and enable FileVault. This sounds simple, but I cannot overstate how frustrating and time consuming it is. (And, of course, your data remains unencrypted during this time.)

Booting from an APFS volume on a spinning hard drive takes forever. Don’t forget to hold down the Shift key after logging in or it will beachball for an additional 20 minutes while relaunching your apps. Even so, some of them (launch agents?) still relaunch, and that can take a while. I was greeted by a dozen or so dialogs complaining about the Bonjour name, Little Snitch’s rules, my Apple ID needing to be logged in again, iMessages from long ago that failed to send, etc.

The first time I did this, I made the mistake of trying to enable FileVault via System Preferences. That takes multiple minutes between each click, and twice the Security pane failed with a “Preferences Error” and bumped me back to the main System Preferences window.

The faster way is to open Terminal and type:

sudo fdesetup enable -keychain

This command takes about 5 minutes to start the encryption process, but at least it’s reliable and unattended.

After rebooting from your regular drive, you can connect the backup, enter the password, and let it finish encrypting in the background. You can check the progress using:

diskutil apfs list

At first, I thought it was stuck because it stayed at 5% for 2.5 hours. 6 hours later, it is still only at 16%. This is for a 1 TB drive that’s only slightly more than half full. At this rate, it will take days to finish this one drive, the first of many. Prior to macOS 10.15.7, it would simply encrypt while cloning, taking virtually no extra time.

Previously:

Update (2020-11-20): Another issue is that enabling FileVault on a backup drive sets the passphrase to the relatively short login password. I like to use a longer passphrase for drives that will be stored off-site. APFS passphrases cannot be changed in Disk Utility. You can do it with System Preferences, but that requires booting from the drive again, which is very slow. The faster way is to use Terminal. First, use:

sudo diskutil apfs list

to find the “APFS Volume Disk” for your “Data” partition, disk4s2 in my case. Then use:

sudo diskutil apfs listUsers disk4s2

to find the UUID of the “Local Open Directory User.” In my case, that’s 414C4BC7-B641-44E8-A681-911B2030F7AE. Then tell it you want to change the passphrase for that user:

sudo diskutil apfs changePassphrase disk4s2 -user 414C4BC7-B641-44E8-A681-911B2030F7AE

MagSafe Duo Charger

Matthew Panzarino:

It’s a folding dual travel charger that will hold both an iPhone using MagSafe and an Apple Watch using its more traditional magnetic charger.

[…]

For context, you have to understand that this thing is $129 but feels like it should be $70. When you realize that it is a charger that doesn’t come with a power adapter, I would not be shocked if you mentally downgraded it to $40.

[…]

I’m sorry to say that I find the whole thing a bit underwhelming after the hype of AirPower and its eventual demise.

Nick Heer:

I still think — perhaps irrationally — that it is totally fine to remove the power adapter and headphones from iPhone boxes this year […] But I do not understand why this product, regardless of price, does not include an adapter. Someone buying this is almost certainly going to either throw it in their maybe I can travel again bag or set it up on their night stand. Either way, they are going to need a thing to get electricity out of the wall and into the wire. And, sure, you can use any old Lightning cable and adapter you have kicking around, but it’s going to charge slowly, which rather spoils the point.

Previously:

Fragile Spotlight Comments

Howard Oakley:

Finder Comments, also known as Spotlight Comments, are such a good idea.

[…]

The worst possible place you can store metadata is in a separate file, such as a hidden file of proprietary format located in the same folder. But that’s exactly where Finder Comments are saved. Worse still, as if recognising the error of its ways, Apple duplicated them in an extended attribute (xattr), only that isn’t kept in sync with the other copy. The end result is that Finder Comments are as reliable as loose scraps of paper, and just as easily lost.

This dichotomy is one of the reasons I wrote EagleFiler. I like the idea of comments so much that I wanted to remove the limitations (length, plain text, restrictive editor) and store them in a more secure and open way.

Fortnite to Return via Streaming

Hartley Charlton:

Plans are in place to allow users to play Epic Games’ “Fortnite” on iOS and iPadOS again using Nvidia’s GeForce Now cloud gaming service in Safari, the BBC has discovered.

[…]

Using an online streaming service will allow Epic Games to circumvent Apple’s ban on the game as an app. iPhone and iPad owners will be able to play Fortnite without charge through GeForce Now’s free basic tier, though Nvidia limits these sessions to a duration of one hour.

[…]

The service is already available for Mac.

Sweet.

Previously:

Friday, November 6, 2020 [Tweets] [Favorites]

iPhone 12 mini and iPhone 12 Pro Max

Chaim Gartenberg:

And that smaller size is really nice to hold. iOS scales well to the 5.4-inch display, and the iPhone 12 design looks and feels just as nice on the slightly more compact version as it does on the full-sized model. If you liked the size of the the old 5 / 5S / SE, though, the 12 mini feels like the closest Apple has come to that style of device in a long time.

It’s honestly a bit weird to hold at first, especially if you’re coming from a big phone. Some things do take a bit of an adjustment, like typing — but other parts of using an iPhone, like swiping down from the top of the display for notifications or the control center, are easier than they’ve been in years. But for the first time since arguably the iPhone 8, Apple has made a flagship phone that nearly anyone should be able to comfortably use and hold in one hand.

I ordered the mini in blue, which I hope I don’t regret. In some photos the color looks great, in others not so much.

Nick Heer:

It is still bigger than the 5-series hardware, but appears to be noticeably smaller than the 4.7-inch form factor that was introduced with the iPhone 6. That seems to be pretty close to a sweet spot.

[…]

On paper, if you just want an iPhone, you should just buy the Mini and get a little more storage. If you really care about camera features, you should probably buy the Pro Max, even though it is the size of an aircraft carrier. The 6.1-inch models seem to only be for people who wanted to get an iPhone 12 earlier, want a little more battery life than the Mini, or really care about the telephoto lens.

Previously:

HP Reneges on Free Instant Ink

Cory Doctorow (via Hacker News):

What they didn’t know was that they’ve been given an asymptomatic infection – a malicious update that only kicked in five months later, after everyone had had a good long time to update. That update’s real purpose was to detect and reject third party ink.

[…]

Every time HP got caught doing something evil, they had the same excuse: “that’s the deal we offered and you accepted it.”

[…]

Enter HP Instant Ink.

This is “ink as a service.” You pre-commit to printing a certain number of pages/month and they mail you ink, which they own. You’re not buying the ink, you’re buying the right to use it.

[…]

This is a weird and unpalatable idea, so to sell it, HP rolled out a pay-on-price “Free Ink for Life” plan that gave you 15 pages every month for as long as you owned your printer.

Instant Ink, as an option, isn’t necessarily a bad idea, but unfortunately HP is no longer honoring the deal. Starting in December, the free pages will cost $0.99/month.

Previously:

Slow Swift Compilation of Boolean Comparisons

DeskA:

Since we moved parts of our codebase to swift, our compile times have effectively quadrupled. Trying to combat this, we’ve used the function and expression debug time flags to figure out if there’s something to be saved by simplifying expressions.

Via Nick Lockwood:

TIL writing

if foo == false {}

Compiles dramatically more slowly in Swift than:

if !foo {}

DeskA:

There are multiple instances of boolean comparisons being slow in our project. I can easily cut our overall compilation time by 10s by getting rid of explicit comparisons unfortunately

Xiaodi Wu:

In fact, it does not know that both sides are of type Bool, because == can be implemented to compare heterogeneous types and false can be any type that’s expressible by a Boolean literal. Therefore, it has to figure out every possible combination of implementations of == and types conforming to ExpressibleByBooleanLiteral that is available for use here to see if it’s a better match.

[…]

For numeric types specifically, there is a hardcoded compiler shortcut to make compile times tolerable until a general solution is discovered. No such optimization is hardcoded for Boolean values because it’s not idiomatic to write == true and == false.

Previously:

Thursday, November 5, 2020 [Tweets] [Favorites]

DoNotPay IAP Shakedown

Joshua Browder (Hacker News):

Just got a call from Apple. The DoNotPay App will be removed by them in 5 minutes because “the app is too App Store like.” Each @DoNotPayLaw service needs to be a separate app and give 30% to Apple, violating guidelines 3.1.1 and 3.2.2(i) respectively.

When I asked: “why did they approve us for years and not have any problem,” the lady indicated that the policy had changed during the pandemic and government service apps are now required to process payments and give 30% to Apple through In-App Purchase.

When I tried to make the free client (like Netflix) under the new guideline “3.1.3(f) Free Stand-alone Apps,” they said it doesn’t apply to us and we must use iAP if we want to have an app.

Tim Cook told Congress that Apple was not taking advantage of the pandemic and had not added any fees. It had only “exempted additional categories of apps.” So why does this keep happening? Who told App Review to trawl through longstanding apps and threaten that they must add IAP? And why has this continued after the high-profile WordPress fiasco in August?

Joshua Browder:

DECISION REVERSED: APP BACK ON THE STORE. They admitted they made a mistake. Sunlight and transparency solves all problems, but not all developers are active on Twitter.

It’s a double failure that apps are in danger of removal even though they didn’t violate the guidelines and that this cannot be resolved using the official channels.

Stefan Esser:

Apple keeps abusing their monopoly and only in case the victim has enough outreach and can make enough fuzz they decide to reverse the decisions. Just how many other devs do not have that outreach and get bullied at will.

Previously:

GitHub Source Code Leak

Resynth (via Hacker News):

The entire source code for the code hosting service used by developers, GitHub.com, has just been leaked to the public.

In a suspicious commit to the official GitHub DMCA repository, an unknown individual uploaded the confidential source code, impersonating Nat Friedman using a bug in GitHub’s application.

Nat Friedman:

GitHub hasn’t been hacked. We accidentally shipped an un-stripped/obfuscated tarball of our GitHub Enterprise Server source code to some customers a couple of months ago. It shares code with github.com. As others have pointed out, much of GitHub is written in Ruby.

Git makes it trivial to impersonate unsigned commits, so we recommend people sign their commits and look for the ‘verified’ label on GitHub to ensure that things are as they appear to be.

As for repo impersonation – stay tuned, we are going to make it much more obvious when you’re viewing an orphaned commit.

macOS Big Sur 11.0.1 Release Candidate

Juli Clover:

Apple today seeded a macOS Big Sur 11.0.1 release candidate to developers for testing purposes, with the new beta coming one week after the first macOS Big Sur 11.0.1 beta was released.

Note that macOS 11.0 has not been released to the public, nor did it have a release candidate. And there is no standalone download for the release candidate. You need to use the Beta Access Utility to update an existing macOS installation.

Xcode 12.2 also has a release candidate. However, unlike with GM builds, the archive expands to a beta app. So, presumably, this is not suitable for submitting to the Mac App Store.

Dave Nanian:

Today marks the first day during Big Sur’s development that I’ve actually been able to make a bootable copy.

The first day it’s been possible at all. Today. November 5th.

November. 5th.

Previously:

Update (2020-11-07): Apple:

You can now submit apps built with Xcode 12.2 Release Candidate using the SDK for iOS 14.2, tvOS 14.2, watchOS 7.1, and macOS 11.0.1 Release Candidate to the App Store.

Steve Troughton-Smith:

You cannot:

  • Mention macOS 11, Big Sur, or Apple Silicon in your release notes

You can:

  • Submit an app built with the macOS 11 SDK
  • Submit an Intel+Apple Silicon app
  • Submit from a machine running Xcode 12.2 on macOS 11.0.1 on Apple Silicon

Frank Reiff:

Given the impossibility of mentioning either Big Sur or Apple Silicon, I’m going to spend the next few days readying Mac App Store submissions but wait till after Tuesday’s event to submit them for review.

Matthias Gansrigler:

You’ll notice that the first item in the release notes reads “Improves compatibility with macOS”

I’d have loved to state that the app is now compatible with Big Sur, and runs natively on Apple Silicon. But I’ve heard reports (nothing official) that you’ll get rejected for it.

Max Seelemann:

Xcode 12.2 RC is crashing for me when trying to submit a universal Mac app to the App Store.

Also happens on the command line when using “xcodebuild -exportArchive”.

Tuesday, November 3, 2020 [Tweets] [Favorites]

Hopper 4.6

Vincent Bénony:

Hopper Disassembler for Apple Silicon is now available!

[…]

I have recently decided to change how the future versions of Hopper will be distributed: starting with this new version, every purchase of a license will include a one year update plan. It means that if you purchase a license today, you’ll receive EVERY update for one full year.

But this is NOT a subscription; If you decide to purchase a license, it will always be usable even after the year is over.

noar:

Hopper Disassembler is the first reverse engineering software for macOS to support Apple Silicon authenticated pointers (PAC)

Previously:

Carbon Copy Cloner 5.1.22

Mike Bombich:

CCC 5.1.22 is officially qualified for macOS Big Sur.

[…]

Thanks to these massive system changes and some bugs in the version of Big Sur that Apple intends to ship, nobody can make a proper copy of the System volume right now, not even with Apple’s proprietary utilities.

[…]

The changes in Big Sur definitely present some new logistical challenges, but yes, you can have a bootable backup of macOS Big Sur. Right now you can install Big Sur onto your CCC backup to make it bootable, and in the future we’ll use Apple’s APFS replication utility (ASR) to clone the Big Sur System volume. Apple has assured us that they are working towards fixing the problems in ASR that prevent it from cloning the Big Sur System volume.

[…]

To put it plainly, we spend about a quarter to half of our year just making CCC work with the next year’s OS.

See also: the known issues.

Previously:

Swift Concurrency Roadmap

Ben Cohen (via Joe Groff):

Unlike a manifesto, which might describe multiple possible directions and in some cases unlikely directions, this document describes a single intended plan for tackling concurrency in Swift.

The end state of these changes will:

  • make asynchronous programming convenient and clear at the point of use,
  • provide a standard set of language tools and techniques that Swift developers can follow,
  • improve the performance of asynchronous code through better knowledge at compile time, and
  • eliminate data races and deadlocks in the same way Swift eliminates memory unsafety.

The introduction of these features will span multiple Swift releases. Features will be introduced in broadly two phases. The first phase introduces the async syntax and actor types; this will allow users to organize their code around actors in a way that will reduce, but not eliminate, data races. The second phase will enforce full actor isolation, eliminating data races, along with number of features to allow efficient and ergonomic interoperation of actors needed to make that isolation practical.

I’m still digesting all of this. My first impression is that it looks good, though some have expressed concerns about the plan.

See also:

Previously:

Monday, November 2, 2020 [Tweets] [Favorites]

Little Snitch 5

Objective Development (also: MacRumors):

The main focus in the development of Little Snitch 5 was on the integration of the new network filter technologies introduced by Apple in macOS Big Sur. The underlying filter engine was re-built from ground up to replace the previous kernel extension based approach which is no longer supported by macOS.

[…]

System administrators now have the ability to configure a variety of program settings via a command line interface, making Little Snitch scriptable for the very first time.

This interface now also offers the possibility to report network connections in a log-based format for detailed and versatile traffic analysis.

I wouldn’t update to Big Sur without this. No more kernel extension means that it can now be installed via drag and drop. It’s $45 for new users, $25 for upgrades, or free if you purchased within the last year.

Previously:

AirPods Pro Rattlegate Service Program

Juli Clover (also: Slashdot):

Apple today announced the launch of a new service program for AirPods Pro sound issues, which is designed to address AirPods Pro units experiencing static or crackling sounds or problems with Active Noise Cancellation.

[…]

Affected AirPods were manufactured before October 2020, and those who have AirPods experiencing issues can take them to Apple or an Apple Authorized Service Provider for service free of charge.

I still haven’t seen this problem with my AirPods Pro.

Peter Steinberger:

Oh look who’s finally acknowledging the widespread AirPods Pro issues. I’m at my 3rd pair.

John Gruber:

I have a bunch of friends who’ve had these issues with their AirPods Pro, and I don’t have that many friends. It’s pretty common.

Previously:

Apple’s Q4 2020 Results

Jason Snell (transcript, also: MacRumors):

Apple announced its quarterly financial results today, with record Mac and Services revenue and a big drop in iPhone sales.

Despite the tough iPhone quarter, revenue was a record for the company’s fourth fiscal quarter, at $64.7B. iPhone revenue was $26.8B, down 20% year over year. Mac revenue was $9B, up 29%. iPad revenue was $6.8B, up 46%. Services revenue was $14.5B, up 16%. And Wearables revenue was $7.9B, up 20.8%.

John Gruber:

iPhone being down might largely be explained by the fact that none of this year’s new phones shipped in the quarter. Last year, the iPhones 11 and 11 Pro started shipping September 20.

[…]

Mac being up 29 percent is just fascinating.

Joe Rossignol:

Apple ended the year with annual Mac revenue of $28.6 billion, an all-time high.

[…]

In its annual Form 10-K report [PDF], filed with the U.S. Securities and Exchange Commission today, Apple said increased Mac sales in fiscal 2020 compared to fiscal 2019 were primarily due to higher sales of the MacBook Pro.

Previously: