Archive for November 23, 2020

Monday, November 23, 2020

Comparing iPhone OS 1.0 With iOS 14 Using Tree Maps

Alexandre Colucci:

When iPhone OS 1.0 was released in 2007, it redefined the smartphone with a limited set of core features. Nowadays iOS 14 contains an incredible amount of components. By looking at them based on their size, we can determine the most important features. We thus distinctly see Apple’s AI push into on-device machine learning with technologies like object detection in images and video, language analysis, sound classification and text recognition.


SF Symbols 2.1

Mike Stern:

SF Symbols 2.1 is out. Over 40 new symbols, improved symbol localization, design refinements, and various software fixes.

Geoff Hackworth (tweet):

Apple’s SF Symbols app has no release notes and the What’s New category doesn’t contain the symbols that were added or renamed in v2.1. In fact there are fewer symbols in this category in v2.1 than in v2.0: two symbols that were renamed have been removed without their replacements being added. The app shows OS availability (and other information) for the selected symbol in the side bar. Availability information is missing for the new symbols in v2.1. This makes it difficult to discover what has changed between versions.


The 41 symbols in the screenshot above annotated with 14.2+ are completely new in iOS 14.2[…]

Noah Gilmore:

There are a bunch of new symbols - you can view the changes here, but I’ll include a list of new symbol names at the bottom of this post in case someone Googles for them. Some additions are relevant to recent events (like aqi.high), new products (like appclip), or just more general objects (like building). My personal favorite is candybarphone.


Requesting Entitlements, Still Broken

Thomas Reed:

What the hell, Apple? You won’t give me and other security researchers the EndpointSecurity entitlement, but you give f***ing MacKeeper the entitlement?!?! What in the hell is wrong with you? 🤬🤬🤬

Phil Dennis-Jordan:

The macOS entitlements granting process is a disaster. No feedback, frequent mistakes in what’s granted, nonsense requests (can’t link to app if can’t release app w/o entitlement), extremely slow (4-6 weeks turnaround in idea case), & some developers clearly favoured over others.


So then you have to apply again and ask for the distribution entitlement in the free-form text field, and wait another 4-6 weeks. Chances are you’ll also want user space apps & tools to access your driver. You have to apply for that specially via free-form request too, etc.

Obviously by now I’m basically an expert at asking for DriverKit entitlements, but it’s ridiculous that “filling out a form on Apple’s developer website” is a consulting service I should even need to offer.


Apply for the entitlements you will need and wait to receive them before you start coding. Seriously, if you aren’t granted them, your only recourse is to expect your users to turn off SIP. In other words, you will have wasted your efforts if the oracle denies your request.


If you get any kind of notification of success (or entitlements just silently turn up in your account), make sure everything is there for all deployment scenarios you care about. Individual entitlements are granted independently for development, app store, and developer ID.

In theory, entitlement-based security/privacy restrictions are a win because the apps that should have them will easily get them and the bad apps won’t. Users won’t have to evaluate what each app should be allowed to do. But the reality, for many years, is that legitimate apps are not granted the entitlements, and often don’t even get a formal rejection—just silence. We’re losing and limiting good apps either because Apple’s process is broken or because it’s playing politics.


Update (2020-11-25): Stephen Flower:

Yep, took me a month to get entitlements granted and another month to get them fixed!

Stuart Lynne:

I have been waiting since mid-July for an entitlement request.

Update (2021-01-12): Csaba Fitzl:

10 months passed since I requested the EndpointSecurity entitlement from Apple. Although it has been approved 3 months ago, my profile is still not setup properly, and I can’t use it.

I wanted to release a free security tool which protects against typical injection attacks on macOS, and open source it.


I have no intention to maintain this app even for myself, as not getting the entitlement completely demotivated me from further developing this app.

Update (2021-03-24): Howard Oakley:

Even if you’re a developer and prepared to write your own code, making a snapshot is impossible without Apple’s explicit approval: the function call fs_snapshot_create() not only requires superuser privileges, but for it to work, your app has to have a special entitlement granted by Apple. Apple apparently only approves applications for use in carefully-managed backup environments.

M1 Memory and Performance

Marcel Weiher (Hacker News):

The M1 is apparently a multi-die package that contains both the actual processor die and the DRAM. As such, it has a very high-speed interface between the DRAM and the processors. This high-speed interface, in addition to the absolutely humongous caches, is key to keeping the various functional units fed. Memory bandwidth and latency are probably the determining factors for many of today’s workloads, with a single access to main memory taking easily hundreds of clock cycles and the CPU capable of doing a good number of operations in each of these clock cycles. As Andrew Black wrote: “[..] computation is essentially free, because it happens ‘in the cracks’ between data fetch and data store; ..”.


The benefit of sticking to RC is much-reduced memory consumption. It turns out that for a tracing GC to achieve performance comparable with manual allocation, it needs several times the memory (different studies find different overheads, but at least 4x is a conservative lower bound). While I haven’t seen a study comparing RC, my personal experience is that the overhead is much lower, much more predictable, and can usually be driven down with little additional effort if needed.

So Apple can afford to live with more “limited” total memory because they need much less memory for the system to be fast. And so they can do a system design that imposes this limitation, but allows them to make that memory wicked fast. Nice.


The memory bandwidth on the new Macs is impressive. Benchmarks peg it at around 60GB/sec–about 3x faster than a 16” MBP. Since the M1 CPU only has 16GB of RAM, it can replace the entire contents of RAM 4 times every second.


Some say we’re moving into a phase where we don’t need as much RAM, simply because as SSDs get faster there is less of a bottleneck for swap. […] However, with the huge jump in performance on the M1, the SSD is back to being an order of magnitude slower than main memory.

So we’re left with the question: will SSD performance increase faster than memory bandwidth? And at what point does the SSD to RAM speed ratio become irrelevant?

Graham Lee:

And that makes me think that a Mac would either not go full NUMA, or would not have public API for it. Maybe Apple would let the kernel and some OS processes have exclusive access to the on-package RAM, but even that seems overly complex (particularly where you have more than one M1 in a computer, so you need to specify core affinity for your memory allocations in addition to memory type). My guess is that an early workstation Mac with 16GB of M1 RAM and 64GB of DDR4 RAM would look like it has 64GB of RAM, with the on-package memory used for the GPU and as cache. NUMA APIs, if they come at all, would come later.


Update (2020-11-25): David Smith:

this further improvement is because uncontended acquire-release atomics are about the same speed as regular load/store on A14

Juli Clover:

The video includes a series of benchmark tests, ranging from Geekbench and Cinebench to RAW exporting tests. Geekbench and Cinebench benchmarks didn’t demonstrate a difference in performance between the 8GB and 16GB models, but other tests designed to maximize RAM usage did show some differences.

A Max Tech Xcode benchmark that mimics compiling code saw the 16GB model score 122 compared to the 136 scored by the 8GB model, with the lower score being better.


Beware of the swap disk space!

In most of the benchmarks performed on 8GB M1 machines, if Activity Monitor is shown, the swap space usage is always between 2,5GB and 4GB or even more. In my 10 years of being a mac user, I’ve never seen such big swap space being used unless I’m stressing my machine heavily, and that usage may be aging your SSD.