Archive for November 17, 2020

Tuesday, November 17, 2020 [Tweets] [Favorites]

Does Swift Call the Protocol Extension or Subclass Implementation?

JP Simard:

Pop Quiz, what does this Swift program print?

5 years on, it still takes me a few tries to properly reason through this. Especially in the real world when the code is a bit more spread out or complex to fit in a tweet.

Greg Titus:

What is going on here is that the MyProtocol conformance is on MySuperclass. Thus the witnesses are determined right there, and since MySuperclass doesn’t implement myFunction, the conformance uses the fallback implementation in the extension.

Subclasses don’t/can’t “re-conform”

Previously:

A Hole in the Wall

Callum Booth (via Hacker News):

For all of Apple’s talk of being privacy-first, often its marketing speak doesn’t match up with what it’s actually doing. And the latest example? Well, it’s Apple apps on Big Sur bypassing firewalls and VPNs.

Norbert Heger:

It is your right to know where your computer connects to. To whom it talks. It’s your right to see these connections. It’s your right to allow them. And it’s your right to deny them.

[…]

Three months later we realized, that a number of other Apple services like App Store, Maps or FaceTime also showed this strange behavior of acting invisibly, bypassing the new filter API. So we reported our new findings again on October 1 (FB8762834).

[…]

But hiding these connections completely from the user makes no sense. It contradicts the idea of a transparent and trustworthy system and undermines the user’s trust in that system.

[…]

In the light of the recent public discussions that this topic has triggered we are extremely confident that Apple stands by their word to give users control over their information and will therefore eliminate this kind of whitelisting in a future macOS update.

Jeff Johnson:

I used Little Snitch to diagnose the “OCSP apocalypse” last week.

It’s essential for network extensions to be able to block all network connections, including connections by Apple.

Patrick Wardle:

In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐

Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔

A: Apparently yes, and trivially so 😬😱😭

Previously:

Update (2020-11-23): Maxwell Swadling:

Here is what a boot up of a clean Big Sur install looks like (+ ntp and push sockets). The Yahoo API ping is from spotlight asking what currency conversions are, not related to widgets.

And no you can not opt out of your Mac asking Yahoo what the currency conversion rates are.

All APIs are https, some send locale, Siri locale, software version and hardware string to Apple. Which enables Apple to build a pretty good understanding of international market distribution, current usage of each software version, etc.

Big Sur Application Icons

Craig Hockenberry:

If you’re a developer with a Mac app, you’ve likely heard both of the following support requests in the past few days:

1) “Can you put the old icon style icon back?”

2) “When are you going to update to the new icon style?”

It’s clear that customers want both icon styles.

The older icon style is easier to spot in the Dock (bigger and has a unique shape). More accessible.

The new icon style is more consistent, at the cost of readability. A cleaner look.

I get these questions every time the prevailing icon style changes. My apps have long offered the option to switch the Dock icon at runtime, as some people always prefer a previous style. Unfortunately, the -[NSApplication setApplicationIconImage:] API only works while the app is running.

Panic:

Nova 3 even adds a super cool feature: a customizable dock icon that can automatically switch from “light” to “dark” when your Mac switches appearance.

Logan Collins:

This is using the (now somewhat dated) NSDockTilePlugin API, which is mainly used for calendar apps to show the current date in their icon.

This way works when the app isn’t running, but it requires an extra target/bundle and isn’t allowed in the Mac App Store.

Jeff Johnson:

I’m on Mojave, you maniacs!

Previously:

Update (2020-11-20): Guilherme Rambo:

I’m using NSWorkspace at runtime to change the icon on Big Sur while keeping the same icon on Catalina, precisely for that reason

He’s actually modifying the application package on disk.

Update (2020-11-24): John Gruber:

I would pay $$$ for an update to Transmit whose only new feature was bringing back the good app icon.

Big Sur Notifications

David Sparks:

I like the new notification system a lot better than the prior one. Notifications are grouped better. Both notifications and widgets are on the same screen. Widgets also feel more intentional with the new iOS influenced widget system. This has been a win, and I’m using Notification Center now more than ever.

The grouping is nice, but I don’t like the invisible close boxes, and…

Philipp Defner:

So many options and yet they are all the same.

I think Mojave’s notification design was better. When a new iMessage came in, there were buttons so that I could quickly reply or mark it as read. Catalina and Big Sur take extra clicks.

Marco Arment:

The important actions are now invisible, hidden behind a hover state that requires an extra click (“Options”).

Why?

I know the cost — it’s slower to use and less discoverable.

What are the benefits that make that cost worthwhile?

Peter Kamb:

Wish we could move notifications down 80 pixels... below title bars and tabs.

Would be much less pressing to immediately dismiss them.

Previously:

Update (2020-11-20): Wojtek Pietrusiewicz:

I implore you to fix Messages and replying from a notification. What used to take 1 click on Mojave or Catalina, now requires 3 clicks. It’s actually faster to just open Messages and reply there.

youtube-dl vs. RIAA

Ernesto Van der Sar:

Over the past several years, major music labels have taken legal action against several key players. YouTube-MP3 was shut down after a legal battle while 2Conv and FLVto are currently being sued. At the same time, rightsholders launched an active campaign to remove these sites from Google’s search results.

[…]

“There are 2 types of ‘purges’. The first one is ongoing; if YouTube notices too many requests coming from a single IP address – it blocks that IP. The second type is the ‘grand purge’ which sometimes happens daily, and sometimes two or three times a week,” he says.

Nick Heer:

In a world where Google did not own YouTube — and would, therefore, not have legal accountability for the misuse of licensed materials — would it be so keen to comply with copyright-based requests to remove stream rippers from search listings? I wonder.

theGunrun (via Hacker News):

No way, youtube-dl has just received a DMCA takedown

Looks like it’s was the RIAA that DMCA’d youtube-dl

Parker Higgins:

Holy cow, the RIAA has gotten youtube-dl taken off Github.

I should say: Github has categorized the RIAA letter as a DMCA notice, but it’s not really — that term generally describes communications sent pursuant to §512. This letter is about the §1201, the controversial anticircumvention rules.

The closest example to this RIAA/youtube-dl letter is the one MPAA sent Github to try to shut down Popcorn Time back in 2014. That one cited §512, but relied under the hood on a fairly extraordinary tertiary liability theory

As anyone who has used youtube-dl knows, it is an extremely powerful and useful tool for format-shifting. It’s super popular among archivists and has incredibly broad fair use applications.

[…]

Keep in mind that Youtube has long allowed creators to expressly offer their videos under Creative Commons licenses.

Jason Snell:

This is a disgusting attack on software by @RIAA.

While Youtube-DL is a tool that can be used for piracy, it also has numerous legal applications. I use it almost every week, legally, to do my job.

Peter Higgins (via Hacker News):

Numerous reporters told Freedom of the Press Foundation that they rely on youtube-dl when reporting on extremist or controversial content. Øyvind Bye Skille, a journalist who has used youtube-dl at the Norwegian Broadcasting Corporation and as a fact checker with Faktisk.no, said, “I have also used it to secure a good quality copy of video content from Youtube, Twitter, etc., in case the content gets taken down when we start reporting on it.” Skille pointed to a specific instance of videos connected to the terrorist murder of a Norwegian woman in Morocco. “Downloading the content does not necessarily mean we will re-publish it, but it is often important to secure it for documentation and further internal investigations.”

Andy Maxwell:

According to the RIAA, the “clear purpose” of YouTube-DL was to “circumvent the technological protection measures used by authorized streaming services such as YouTube” and “reproduce and distribute music videos and sound recordings owned by our member companies without authorization for such use.”

As the debate and controversy over the complaint rages on, a company based in the US that operates a YouTube-ripping platform has filed a lawsuit alleging that similar complaints, filed by the RIAA with Google, have caused its business great damage.

Ernesto Van der Sar (via Hacker News):

An RIAA takedown request, which removed the YouTube-DL repository from GitHub, has ticked off developers and GitHub’s CEO. Numerous people responded by copying and republishing the contested code, including in some quite clever ways. Meanwhile, GitHub’s CEO is “annoyed” as well, offering help to get the repo reinstated.

Doc Edward Morbius (via Hacker News):

Under U.S. copyright law, “safe-harbour” provisions immunise service providers from copyright infringement claims, if the provider “takes down” the named content when a claim is received, under 17 USC 512 (c)(1)(C). The safe-harbour protections apply only to hosting of infringing works, and neither youtube-dl nor its test suites infringe on any RIAA or member copyrights as averred in RIAA’s notice. Further, a claim must identify the specific works infringed in the work, (§512 (c)(3)(A)(iii)) which the RIAA’s claim does not.

[…]

At best, youtube-dl’s test suite may be infringing works when run, in which case infringement would accrue to the operator, presumably a tester or Github’s CI/CD process. Even that argument is specious: Given output is discarded, no permanent copy is retained, and the action is for research and development, and numerous Fair Use affirmative defence claims exist under §107, notably (1) and (4), test suite execution falls outside exclusive rights. Any one fair-use test is sufficient, or none at all. Test suite execution could be argued non-infringing under numerous theories, including reverse engineering, research, interoperability, all under §1201, or under general limitations on exclusive rights in §112 (ephemeral recordings), §117 (computer programmes), or elsewhere.

Michael Collins (via Hacker News):

The notice claimed the youtube-dl software was a ‘Anticircumvention Violation’ as well as a violation of YouTube’s terms of service.

[…]

I reached out to previous maintainer Phillip Hagemeister, who had this to say about the incident[…]

Tzlil:

so the CEO of GitHub popped in #youtube-dl a few hours ago, looks like they are trying to get youtube-dl back, i hope this works out

Andy Maxwell (via Slashdot):

While Github says it wants to help the project come back online, the platform is now warning that users reposting its code could find their accounts suspended and potentially banned.

Elliot Harmon, EFF (via Hacker News):

This is an egregious abuse of the notice-and-takedown system, which is intended to resolve disputes over allegedly infringing material online. Again, youtube-dl doesn’t use RIAA-member labels’ music in any way. The makers of youtube-dl simply shared information with the public about how to perform a certain task—one with many completely lawful applications.

Abby Vollmer, GitHub (via Hacker News, Slashdot):

Today we reinstated youtube-dl, a popular project on GitHub, after we received additional information about the project that enabled us to reverse a Digital Millennium Copyright Act (DMCA) takedown.

[…]

Section 1201 dates back to the late 1990s and did not anticipate the various implications it has for software use today. As a result, Section 1201 makes it illegal to use or distribute technology (including source code) that bypasses technical measures that control access or copying of copyrighted works, even if that technology can be used in a way that would not be copyright infringement. Circumvention was the core claim in the youtube-dl takedown.

[…]

First, we were able to reinstate a fork of youtube-dl after one of the fork owners applied a patch with changes in response to the notice.

Then, after we received new information that showed the youtube-dl project does not in fact violate the DMCA‘s anticircumvention prohibitions, we concluded that the allegations did not establish a violation of the law.

[…]

Going forward, we are overhauling our 1201 claim review process to ensure that the following steps are completed before any takedown claim is processed[…]

[…]

Nonetheless, developers who want to push back against unwarranted takedowns may face the risk of taking on personal liability and legal defense costs. To help them, GitHub will establish and donate $1M to a developer defense fund to help protect open source developers on GitHub from unwarranted DMCA Section 1201 takedown claims.

John Gruber:

The “additional information” link is a response to the RIAA’s takedown request by the EFF, acting on behalf of the youtube-dl project.

Previously: