Archive for December 2020

Thursday, December 31, 2020

NSURL/SMB Precomposed Character Bug

Thomas Tempelmann (tweet):

So, if a user on a Linux system creates a folder that contains an Umlaut such as “ü”, it’ll end up precomposed on the (ext4) file system.

Now, I can nicely access files in such a folder from macOS, as long as I only use POSIX functions (which includes the shells such as bash and zsh).

However, when I use NSURL operations, some work and others give me a -260 error. For instance, getting NSURLCanonicalPathKey fails, even in macOS 11.1. Other higher-level functions fail as well, such as trying to open the item with [NSWorkspace openURLs:…]. The NSURL’s path property does still hold the original precomposed name, and if I get the path and pass it to a POSIX function, it works. And some of the more basic getResource accessors work as well. Just not the more complex ones.

This is not a surprise because, before relenting and adding Unicode normalization support to APFS, Apple tried to solve the problem in the Cocoa layer. But that only ended up being a partial solution, the result being that some APIs never worked properly until file system support was added. Now it seems that same code is doing unwanted conversions before the paths make it down to the lower level APIs.


Tiny Open and Save Dialogs in Big Sur

Jon Gotow:

Yes, the Open and Save dialogs keep appearing at their smallest possible sizes in Big Sur 11.1. It’s not just you, and it’s not something you’ve done wrong – it’s a bug in Big Sur.


Sadly, resizing the dialog so it’s larger only works on the current one. Every time you’re presented with an Open or Save dialog, it’ll be back to its uselessly small size again because Big Sur doesn’t remember the past size like it’s supposed to.

To work around this problem until Apple fixes it (hopefully in Big Sur 11.2), you can set Default Folder X to force dialogs back to the size you dragged them to.


Fired App Reviewer Sues Apple

Pham v. Apple (PDF, via Llyod Chambers):

After plaintiff Pham approved the Guo Media App, the Chinese government contacted defendant Apple and demanded that the Guo Media App be removed from defendant Apple’s App Store. Defendant Apple then performed an internal investigation and identified plaintiff Pham as the App Reviewer who approved the Guo Media App.

In or around late September 2018, shortly after defendant Apple provided plaintiff Pham with the DCP, plaintiff Pham was called to a meeting to discuss the Guo Media App with multiple defendant Apple supervisors and managers. At this meeting, defendant Apple supervisors stated that the Guo Media App is critical of the Chinese government and, therefore, should be removed from the App Store. Plaintiff Pham responded stating the Guo Media App publishes valid claims of corruption against the Chinese government and Chinese Communist Party and, therefore, should not be taken down. Plaintiff Pham further told his supervisors that the Guo Media App does not contain violent content or incite violence; does not violate any of defendant Apple’s policies and procedures regarding Apps; and, therefore, it should remain on the App Store as a matter of free speech.


Defendant Apple became aware of plaintiff Pham’s criticism and defendant Apple’s managers responded by retaliating against plaintiff Pham and ultimately terminating plaintiff Pham.

The court doesn’t agree that he was harassed but seems to be taking other claims seriously.

See also: Courthouse News, Eugene Volokh.

Tim Hardwick:

Sunday’s NYT report claims that Eddy Cue, Apple’s senior VP for internet software and services, has informed Apple TV+ partners that “the two things we will never do are hard-core nudity and China.”


Update (2021-01-01): See also: Hacker News.

The Case of the Extra 40 ms

John Blair:

I reported my discovery to the integrator and the chip vendor (look, it’s the Android Thread scheduler!), but they continued to push back on the Netflix behavior. Why don’t you just copy more data each time the handler is called? This was a fair criticism, but changing this behavior involved deeper changes than I was prepared to make, and I continued my search for the root cause. I dove into the Android source code, and learned that Android Threads are a userspace construct, and the thread scheduler uses the epoll() system call for timing. I knew epoll() performance isn’t guaranteed, so I suspected something was affecting epoll() in a systematic way.

At this point I was saved by another engineer at the chip supplier, who discovered a bug that had already been fixed in the next version of Android, named Marshmallow. The Android thread scheduler changes the behavior of threads depending whether or not an application is running in the foreground or the background. Threads in the background are assigned an extra 40 ms (40000000 ns) of wait time.

A bug deep in the plumbing of Android itself meant this extra timer value was retained when the thread moved to the foreground. Usually the audio handler thread was created while the application was in the foreground, but sometimes the thread was created a little sooner, while Ninja was still in the background. When this happened, playback would stutter.

Google Authenticator 3.1

Oliver Haslam:

Google Authenticator for iPhone has had some attention lavished on it, with the new app featuring a redesigned interface that also includes support for dark mode for the first time.

Alongside the new look, Google has also added a new feature that allows users to export their accounts for use on another device – a huge deal for those who regularly switch phones.

Paul Haddad:

How was this not a 1.0 feature? I’ve basically stopped using this when I can just because this was missing.


I must say the migration / export is cumbersome. You need to have two devices present when performing the migration. No way to create an off device store.

I have been using 1Password for one-time passwords, because it syncs and I can easily back it up myself. But it’s admittedly less secure to have both the password database and “2-factor” on the same device (albeit in separate apps).

Rosyna Keller:

Google literally wanted users to create a new key for every account on every device they owned.

They considered it more secure, not taking into account human nature that results in users choosing less security over frustrating QR code generation that’s very hard to access.

Wednesday, December 30, 2020

20 Macs for 2020: #1 – iMac G3

Jason Snell (Hacker News):

But Mac OS X wouldn’t ship for another two years, and it would be a painful years-long transition away from the classic Mac OS. In the meantime Apple needed to start making money again, needed that infusion of cash that would allow Jobs to turn over the Mac product line and let Mac OS X come to fruition. Sure, what it really needed was stability, but a hit wouldn’t hurt.

And a hit is exactly what Apple got.


People who didn’t live through it might not believe it, but the iMac took the product-design world by storm. Over the next few years, there would be very few consumer electronic products that had not offered a special, iMac-inspired translucent plastic edition. It started with USB accessories for the iMac, as printer and floppy-disk vendors quickly placed orders for translucent colored plastic pieces to replace their opaque beige ones. But it just kept going and going. Telephones. Toys. And my personal favorite, the George Foreman iGrill.


The iMac wasn’t made to impress the Mac’s installed base. Hard-core Mac users criticized the lack of a floppy drive and familiar ports, but also the 233MHz PowerPC G3 processor, which was slower than other G3s. But it was $1299—it was aggressively priced for a general consumer audience.

My recollection is that the processor was considered very fast compared with the Power Mac 5400 and Performas of the day. But I/O via USB 1 was really slow.

Gazelle Ending Used Device Trade-ins

Will Shanklin:

Gazelle is ending its entire device trade-in and buy-back program, with the closure effective February 1, 2021.

Founded in 2006, Gazelle had been one of the most popular online services for trading in used iPhones, iPads, and other mobile devices. The company announced the move today and hasn’t yet stated why it is backing out of the trade-in market.

Over the years, I’ve traded in most of my old iOS devices using Gazelle. I always thought it worked smoothly and had fair prices until I tried to trade in my iPhone XR this fall. After receiving the phone, Gazelle decided to offer $76 less than promised, on account of “more than the acceptable amount of scratches,” which I think is bogus. It had only a couple of very minor ones. I’ve still not received the device back yet, but while waiting I looked for other companies that accept trade-ins and found:


Update (2021-01-01): Tim Hardwick:

In future, Gazelle intends to focus on its in-store ecoATM kiosks, which offer instant cash for devices, although they don’t usually offer as much in return as customers would get through traditional trade-in programs.


These guys have turned into crooks. They claimed my pristine ipad I had sent in had a blemished display and offered just a few bucks. I refused. When I got it back after refusing, it wasn’t a display blemish, it had been what looked to be hammered on with the display totally destroyed with shattered glass in the bag. Payback for not taking the reduced value I guess.

Update (2021-04-07): Juli Clover:

As of April 5, Gazelle is once again accepting online trade-ins for smartphones and tablets. In an email to customers that was also shared with The Verge, Gazelle said that trade-ins were reinstated after feedback from consumers.

Multiple Active Rust Teams

Niko Matsakis:

As of Jan 4th, I’m starting at Amazon as the tech lead of their new Rust team. Working at Mozilla has been a great experience, but I’m pretty excited about this change. It’s a chance to help shape what I hope to be an exciting new phase for Rust, where we grow from a project with a single primary sponsor (Mozilla) to an industry standard, supported by a wide array of companies.


The goal for Rust has always been to create a language that will be used and supported by companies throughout the industry. With the imminent launch of the Rust Foundation as well as the formation of new Rust teams at Amazon, Microsoft, and Facebook, we are seeing that dream come to fruition. I’m very excited about this. This is a goal I’ve been working towards for years, and it was a particular focus of mine for 2020.


Update (2021-03-14): Shane Miller and Niko Matsakis (via Hacker News):

Since the start of the year, the AWS Rust team has been drafting our charter and tenets. Charters and tenets are the framework AWS teams use to define our scope and priorities. The charter tells you what the team does, and the tenets tell you how the team will do it. Since one of our team tenets is to operate openly and transparently, we want to share our charter and tenets with you; we want you to know what we’re about.

Bait-and-Switch Amazon Reviews

Timothy B. Lee:

So I went to, searched for “children’s drone,” and sorted by “average customer review,” figuring the best-reviewed drones were likely to be high quality. They weren’t.


When I sorted the reviews by date, I saw that the most recent reviewers actually had bought a drone and they were overwhelmingly not giving it five stars. “Bought this for my Grandson,” a customer wrote on December 26. “He played with it for 2 hours before it broke and is no longer working.” He gave the drone one star.

But the older reviews were for honey. Apparently, the manufacturer had tricked Amazon into displaying thousands of reviews for an unrelated product below its drone, helping the drone to unfairly rise to the top of Amazon’s search results.


Mojave Security Update Removes Support for Automatic Snapshots

Mr. Macintosh:

A quick follow up on macOS Automatic Update Snapshots.

The feature was introduced in High Sierra and removed in Catalina 10.15.3.

Mojave still creates automatic snapshots before the security update is installed.

This was such a great feature. Why is Apple making these admin tasks harder?


No More Big Sur Internet Recovery

Mr. Macintosh (tweet):

Starting in early December, macOS Big Sur Internet Recovery was replaced by Catalina as the newest version available.


Why did Apple make this change? I didn’t report on this earlier because I figured it was a server side issue. Apple would probably fix it pretty quickly. The problem is it’s been almost a month now. Could this be a permanent change or is Big Sur Internet Recovery still having issues?

That’s the situation for Intel Macs. Apple Silicon Macs don’t support Internet Recovery at all, nor can they boot from many common external USB drives.

Jason Snell:

Macs running on Apple silicon are pretty great. But whenever there’s a major hardware transition, many wise people point out that it’s safer to wait rather than rushing in, because there are always growing pains.


Update (2021-01-01): Howard Oakley:

Although not disastrous, the effect of this on Big Sur users is serious. I already have several apps which require Big Sur, of which two rely on System Extensions which are incompatible with Catalina. For a Big Sur user to be forcibly downgraded to 10.15.7 means that they’ll then have to go through all the process of upgrading again, and probably have to re-install System Extensions and much else afresh before they work. If you’re running Time Machine backups to APFS, you’ll be unable to make any more backups – or even to access existing backups – until you’ve restored Big Sur, which may well then perform a full backup. Just what you didn’t want as you’re trying to recover lost time.

My greatest concern though is how we only get to learn this through word of tweet from third-parties like Mr Macintosh and sysadmin chat. When I looked at Apple’s System Status page, and that for Developers, there’s no mention of Remote Recovery services.

There are other critical macOS services which are also missing from those pages, whose outage has devastating effects on large numbers of Mac users.

Hector Martin:

PSA: if you try to partition an M1 mac with Disk Utility, it works, but it breaks recovery mode.

Presumably the bootloader hardcodes that recovery is partition #3... instead of using GPT partition type codes as it should.

Deleting the partition fixes it...


Tuesday, December 29, 2020

Apple Loses Copyright Claims Against Corellium

Juli Clover (docket PDF, Hacker News):

Apple last year sued Corellium for copyright infringement because the Corellium software is designed to replicate iOS to allow security researchers to locate bugs and security flaws.

According to The Washington Post, a Florida judge threw out Apple’s claims that Corellium had violated copyright law with its software. The judge said that Corellium successfully demonstrated that it operates under fair use terms.


Apple has also said that Corellium circumvented Apple’s security measures to create its software and violated the Digital Millennium Copyright Act, and that claim has not been tossed out.

Miguel de Icaza:

The natural next step: Amazon offer iOS on the cloud, and you can remote login to your secured iOS devices on your cloud. I am surprised by the ruling, but it opens a whole new world of businesses out there (both monetizing iOS and monetizing all sorts of other software)


I can see why Apple fought this, but it also seems right that they lost.

Mac App Store Updates Failing on Mojave

Jeff Johnson:

Many macOS Mojave users, including myself, have experienced frequent failures of App Store to update their installed apps. Whenever this occurs, App Store shows the completely unhelpful error message “cancelled”.


One of the most frustrating aspects of being an App Store developer is that whenever users experience a problem with App Store installs and updates, they contact us instead of Apple, even though developers have no control whatsoever over the App Store app. All we developers can do is press the “Release” button in App Store Connect, and then Apple has total control afterward. Even if you’re not running Mojave, I hope you come away from this blog post with the realization that developers are as much at the “mercy” of Apple as users are when it comes to the App Store app, and the only thing we can do to fix these problems is to complain to Apple and hope the company takes mercy on us.


Update (2021-01-01): Greg Hurrell:

Seen this many times since (begrudgingly) updating to Mojave.

Update (2021-02-19): Jeff Johnson:

Wow, I found a solution to App Store apps not installing on Mojave:

When the spinner gets stuck, force quit appstoreagent

Update (2021-03-14): Jeff Johnson (tweet):

It appears that Apple has fixed this problem sometime within the past 24 hours. There was no Mojave software update, so it must have been a server-side change.

See also: Howard Oakley.

Essential and Accidental Complexity in Programming

Dan Luu (tweet, Hacker News):

In the classic 1986 essay, No Silver Bullet, Fred Brooks argued that there is, in some sense, not that much that can be done to improve programmer productivity. His line of reasoning is that programming tasks contain a core of essential/conceptual complexity that’s fundamentally not amenable to attack by any potential advances in technology (such as languages or tooling). He then uses an Ahmdahl’s law argument, saying that because 1/X of complexity is essential, it’s impossible to ever get more than a factor of X improvement via technological improvements.


In 1986, there would have been no comparable language, but more importantly, I wouldn’t have been able to trivially find, download, and compile the appropriate libraries and would’ve had to write all of the parsing code by hand, turning a task that took a few minutes into a task that I’d be lucky to get done in an hour. Also, if I didn’t know how to use the library or that I could use a library, I could easily find out how I should solve the problem on StackOverflow, which would massively reduce accidental complexity. Needless to say, there was no real equivalent to Googling for StackOverflow solutions in 1986.

Moreover, even today, this task, a pretty standard programmer devops/SRE task, after at least an order of magnitude speedup over the analogous task in 1986, is still nearly entirely accidental complexity.


Brooks explicitly dismisses increased computational power as something that will not improve productivity (“Well, how many MIPS can one use fruitfully?”, more on this later), but both storage and CPU power (not to mention network speed and RAM) were sources of accidental complexity so large that they bounded the space of problems Brooks was able to conceive of.


Our current state is a big disappointment compared to where most programmers in the 80s believed we would be by now, and very much in line with Brooks’s pouring of cold water (perhaps with the single exception of the internet).

My perception is that the total productivity boost over the past three decades is less than one order-of-magnitude (Brooks was overly careful to predict no 10x boost due to one improvement in language design or programming methodology within one decade), and almost all of it comes from improvements in hardware and the online availability of free libraries (Brooks’s “Buy vs Build”, which he considered promising) and information -- not from changes in programming methodology or language design (although garbage collection and automated unit-tests have certainly helped, too). The article also mixes hardware improvements and their relationship to languages, but we knew that was going to happen back then, and I think it’s been factored well into Brooks’s prediction. Moreover, my perception is that we’re in a period of diminishing returns from languages, and that improvements to productivity Fortran and C had over Assembly are significantly greater than the gains since.


I would also add that if you want to compare the ratio of essential and accidental complexity in line with Brooks’s prescient analysis, you should compare the difficulty of designing a system in an accidental-complexity-free specification language like TLA+ to the difficulty of implementing it in a programming language from scratch. I find the claim that this ratio has improved by even one order of magnitude, let alone several, to be dubious.

Reverse Engineering the Source Code of the BioNTech/Pfizer SARS-CoV-2 Vaccine

Bert Hubert (tweet, via Max Seelemann):

The BNT162b2 mRNA vaccine has this digital code at its heart. It is 4284 characters long, so it would fit in a bunch of tweets. At the very beginning of the vaccine production process, someone uploaded this code to a DNA printer (yes), which then converted the bytes on disk to actual DNA molecules.


Our body runs a powerful antivirus system (“the original one”). For this reason, cells are extremely unenthusiastic about foreign RNA and try very hard to destroy it before it does anything.

This is somewhat of a problem for our vaccine - it needs to sneak past our immune system. Over many years of experimentation, it was found that if the U in RNA is replaced by a slightly modified molecule, our immune system loses interest. For real.

So in the BioNTech/Pfizer vaccine, every U has been replaced by 1-methyl-3’-pseudouridylyl, denoted by Ψ. The really clever bit is that although this replacement Ψ placates (calms) our immune system, it is accepted as a normal U by relevant parts of the cell.

Thursday, December 24, 2020

SwiftUI Layout Explained

Florian Kugler:

🌲 As a little Christmas present to the community, we’re making our entire SwiftUI Layout Explained video series free to watch until the end of the year. 🌲


We did a lot of research for our book, Thinking in SwiftUI, but even so we kept encountering layout behavior that we couldn’t really make sense of.

We decided to go one step further, and reimplement SwiftUI’s layout system, along with the layout behavior of many built-in views. This forced us to think hard about the algorithms, and helped us understand SwiftUI’s implementation by comparing it to our own.

All of this is documented in our latest Swift Talk collection: SwiftUI Layout Explained. With eleven episodes, five hours of live-coding and discussion, a hand-written transcript and sample code, there’s plenty to enjoy over the winter break.

Apple Removes Unlicensed Games From China App Store

Chance Miller:

Apple is in the process of purging “thousands of video game apps” from the App Store, according to a new report from The Wall Street Journal. This comes as China cracks down on unlicensed games in the country, but the removals extend beyond the gaming category in some cases.


The issue centers around a regulation in China that requires video games to be licensed before being released. App Store developers have actually been able to skirt this requirement for years. For instance, Apple would allow games into the App Store while they were awaiting their license, and it simply wouldn’t enforce the requirement in some cases.

Today’s report from The Wall Street Journal also adds that China has also demanded that Tripadvisor and over 100 other apps be removed from the App Store, without explanation[…]

As far as I can tell, the “unlicensed” games are not using content without permission from the copyright holder. It just means that they are, for whatever reason, not approved for sale by the government.

Of course, Apple needs to comply with government regulations for its App Store, but it’s choosing to prevent customers from installing apps from other sources.


How to Favicon in 2021

Andrey Sitnik (via Hacker News):

Here comes the minimal set of icons that I came up with in my research and practice. It should work with all popular browsers and devices, old and new.


Apple’s “Privacy Nutrition Labels” Are a Blessing and a Curse

Johnny Lin (tweet):

Apple doesn’t verify any of the App Privacy information that app developers submit - because they can’t. There is currently no way for Apple to know what an app does with user data after the data is sent to the app. But by calling it equivalent to “Privacy Nutrition Labels”, Apple irresponsibly implies that this privacy information is vetted, when that is absolutely false.

This results in two unintended consequences: it creates a false sense of security for users, and an incentive for more dishonest and privacy-invasive apps in the App Store.


In this situation, both email apps collect basic analytics. The dishonest app, however, writes in their App Privacy that they don’t collect or sell any data, while the honest app admits that they collect basic analytics. So you read the App Privacy for both apps, and decide that since you want to “maximize privacy”, you download the dishonest app - the one that secretly sells your emails to third parties. It’s not your fault - it’s the fault of a poor incentive structure.

As he notes, Apple is financially incentivized to allow dishonest apps to make lots of money, which they partially pour into App Store Search Ads, and many of these have remained in the store over the long term.


Update (2021-01-22): Dimitri Bouniol:

Seems like Apple is verifying App Privacy information after all — this came in even though we didn’t submit an update or anything, though we clearly forgot that RevenueCat does indeed collect information when we thought our app didn’t collect anything…

Or, rather, Apple is verifying some of the information. As with App Review in general, it’s not possible to determine all the things an app might do.

David Barnard:

By default @RevenueCat doesn’t actually collect any PII (we don’t even store the IP address), but Apple does consider purchase history something that needs to be disclosed even if it’s not tied to a user’s identity.


Austin Mann:

What does 12-bit mean? Well, HEIC is limited to 8-bit color, which gives us 256 different shades of red, green, and blue. 12-bit expands this range to 4,096 shades of red, green, and blue, which basically means ProRAW can render far more nuanced shades of each color than lossy formats like JPEG or HEIC.


As of now, December 2020, you must be using an iPhone 12 Pro or iPhone 12 Pro Max to capture in ProRAW, and you must be running iOS 14.3 or later.


You’ll see the most significant impact in extreme scenarios — ones where the general algorithms can’t do all the work. Shooting scenarios like indoor mixed lighting (cool and warm), extremely low light (like shots of stars), super high dynamic range images (like shadowy foreground with sun-lit red rock in the background).


ProRAW is not simply a magic switch you can flip on to make your photos better. In fact, the non-ProRAW file initially looks much better than the ProRAW file, so shooting ProRAW really only makes sense if you intend to spend the time fine-tuning the image in post.

Ben Sandofsky:

ProRAW images are regular DNG files that take advantage of some little known features in the specification, and introduce a few new ones.


Smart HDR does this in the least destructive way. Apple worked with Adobe to introduce a new type of tag into the DNG standard, called a “Profile Gain Table Map.” This data gives your editor everything it needs to know to tone map your photo image and end up with results identical to the first party camera. Because it’s separate data, you can turn down its strength, or turn it off completely.


Once you get RAW in your hands, the first thing you’ll notice is capture speed. A traditional RAW capture takes as little as 50 milliseconds. ProRAW takes between two and three seconds to finish processing.

The built in iPhone camera does a great job hiding this, apparently processing each photo in the background in a queue. However, we’ve found the shutter stalls after firing three shots in quick succession.

Nick Heer:

One of the cool things about the DNG format is that, because these are tags applied as adjustment to the contained image data, we can edit those tags using exiftool. I was unable to change NoiseReductionApplied, but I modified a few other key tags, and this is the result compared to the base ProRAW:


As I mentioned, I have been trying out ProRAW for about a month now, and I am very pleased. It is another tool in the iPhone photography toolbox that, for me, does not entirely replace third-party camera apps. That is a good thing; I want to see exceptional independent apps like Halide and Obscura succeed on the iPhone. It is, however, a worthwhile addition that underscores how great of a camera this telephone really is.

ProRAW also largely accomplishes the pitch Apple makes for it. I can nitpick the amount of control a photographer has with ProRAW compared to other RAW capturing apps, but one thing I have been consistently impressed by is just how similar the HEIC and ProRAW versions of the same scene appear. It really does seem like Apple has managed to bridge the computational workflow of the standard camera app and the greater flexibility and quality of RAW images. I bet photographers will be pleased.

Om Malik:

When reviewing these images on a big iMac Pro screen, I was gob-smacked by the details that were visible to the naked eye. I was able to get my shades of black and whiter whites from the files. The gradual gradation of grays is part of my editing process, and I didn’t need to do anything much to achieve that. You can feel the fog dancing among the trees. You can feel the sunshine trying to fight its way through the damp.


Update (2021-01-05): Kirk McElhearn:

Unfortunately, Mr. Mann’s misunderstanding stems from two things. First, the fact that Apple uses the term “raw” suggests that these are, indeed, raw files; they are not. Apple’s marketing is deceptive at best, and this example shows that if the type of photographer who uses raw files confuses this, then they’ve managed to confuse the very demographic they’re targeting.

The second mistake Mr. Mann made was importing the ProRAW file into Lightroom, where he was planning to edit it. Alas, Lightroom does not interpret these files correctly.


If ProRAW was really meant for pros, it would include the raw data, along with the information necessary to display photos using Apple’s computational photography features. But this would take up too much space. As it is, ProRAW files are as much as 10 times the size of JPEGs, so they’ll fill up your iPhone – and your iCloud storage – quickly. But real pros would be willing to accept that to have the actual raw files, plus Apple’s special sauce.

Wednesday, December 23, 2020

How Amazon Wins

Dana Mattioli:

No competitor is too small to draw Amazon’s sights. It cloned a line of camera tripods that a small outside company sold on Amazon’s site, hurting the vendor’s sales so badly it is now a fraction of its original size, the little firm’s owner said. Amazon said it didn’t violate the company’s intellectual-property rights.

Via Dave Mark:

The article goes on and on, but you get the idea. The sense here is that Amazon wants to replicate every product it sells, discarding partnerships once they have their own version of that partner’s product.

Update (2021-01-01): Jon Stokes:

It’s worth nothing that Amazon has lied under oath about this business of copying sellers & crushing them.

Boris Mann (tweet):

I know there are well meaning open source folks at Amazon. I use Amazon for infrastructure. I think AWS has amazing operators.

But your actions and culture are actively damaging. If you only listen to the law, rather than ethics, courtesy, and a spirit of partnership, we will evolve licenses that force you to behave.


Cellebrite and Signal

Bruce Schneier:

Cellebrite announced that it can break Signal. (Note that the company has heavily edited its blog post, but the original — with lots of technical details — was saved by the Wayback Machine.)

Moxie Marlinspike (Hacker News):

Last week, Cellebrite posted a pretty embarrassing (for them) technical article to their blog documenting the “advanced techniques” they use to parse Signal on an Android device they physically have with the screen unlocked.

This is a situation where someone is holding an unlocked phone in their hands and could simply open the app to look at the messages in it. Their post was about doing the same thing programmatically (which is equally simple), but they wrote an entire article about the “challenges” they overcame, and concluded that “…it required extensive research on many different fronts to create new capabilities from scratch.”

self in a Swift Self-executing Anonymous Closure

Jesse Squires:

Conclusion: self was just nil the whole time! What a goofy mistake! […] However, that was not the case. Specifically, self was not nil. Not only that, but self wasn’t the self I expected.


Second, why is self an instance of (MyTableCell) -> () -> MyTableCell and not () -> UIButton?


If you declare button as lazy var instead of let, then the expected behavior occurs. That is, self is an instance of MyTableCell within the self-executing anonymous closure and the call to addTarget(_:, action:, for:) works.


The type of self resolving to (MyTableCell) -> () -> MyTableCell is the unfortunate result of the NSObject instance method -[NSObject self] and Swift’s curried functions.


Correcting the expression self (without backticks) to reference the enclosing type introduces another interesting question: what should be order of operations during initialization? When using let, the property is initialized before the enclosing type. When using lazy var, the property is initialized after the enclosing type. I am not a compiler expert, so I will not attempt to answer which is better. But if initialization order cannot be changed in the compiler to fix this, then I think the expected behavior would be to produce the same error as non-NSObject classes: “Cannot find ‘self’ in scope”.

Previously: Pricing Changes

Mark Fletcher:

I mentioned a year ago that I was considering changing to a per-member based pricing scheme for new groups. This would align our revenue with our costs; the larger the group, the more it costs us to host. It’s also industry standard.

For groups upgraded after Monday, January 18th, 2021 at 9am Pacific Time, the pricing plans will be based on the number of members in the group. The base costs of the different existing plans are not changing. The change is that above a certain number of members, the per member pricing kicks in.

It’s still free for up to 100 members.


The Big Sur Sneeze

Brent Simmons (tweet):

As I’m using my 2019 16" MBP, it lets out, at some random moment, a startlingly aggressive “Fehhhhh,” and then it shuts down.

It sounds as if the fan goes to 11 for about a second, and then it turns silent and dark.

Update (2021-01-01): Ken Harris:

If “big sigh” means it gets really slow, then the display partially turns to random noise, and it goes black, and dumps me back at the log-in screen after a minute, then yes. Seems to be a #macOS Catalina issue here.

Update (2021-02-09): This just happened to me. A minute or so after waking my 2019 16" MacBook Pro running macOS 11.2, it made a surprisingly loud sound and went black.

Update (2022-02-16): Jesse Squires:

Suddenly the MacBook display turns off, the fans turn on full blast for a couple seconds (they are louder than compiling the largest Xcode project you can think of), and then the machine shuts down completely. I’m calling it the “sigh of death” because it’s as if the machine is simply giving up and exhaling in an exasperated, dramatic sigh of defeat — like an exaggerated cartoon character would do. It has happened to me 3-4 times within the past few weeks.

Tuesday, December 22, 2020

Booting an M1 Mac From an External Disk

Howard Oakley (tweet):

The most obvious method of doing this is to run the Big Sur installer app, and select a freshly formatted external drive as its destination. Some who have attempted this using an M1 have reported that the installation never completes; thankfully mine was completely successful until I tried to restart from it. Although I could see and select it in the Startup Disk pane, Big Sur 11.0.1 couldn’t be booted from there.

Checking the external disk gave no clues as to what was wrong.


zero problems[…] But [don’t] support X86 Mac installed partition, you need full new install on M1 Mac.

Howard Oakley (tweet):

Thanks to many comments but no real clues, I’ve now been able to solve this, and here explain how you can do this too.


Once booted from the internal disk again, ejecting the bootable external disk isn’t fault-free. Clicking on the Eject tool for the System disk brings a helpful dialog which offers to unmount both System and Data volumes. Oddly, on Intel Macs running Big Sur, the Data volume isn’t shown as a separate volume, but on M1 Macs it is.

Unfortunately, on an M1 Mac running macOS 11.1, the Data volume is usually left behind, and any attempt to eject it will result in your being told that it’s still in use, while trying to open the volume denies that it’s present at all.


If you’re trying to create and use a bootable external disk for M1 Macs, I therefore recommend that you don’t waste your time discovering which USB-C SSDs might be compatible: go straight for a Thunderbolt 3 enclosure. It’ll cost you more but save you time and effort in the long run.

Update (2021-01-01): See also: Hacker News.

Update (2021-02-10): Howard Oakley (Hacker News):

Now that Big Sur can be updated to 11.2, I’ve been looking at how that affects external boot disks, and whether it finally enables them all to work. However, far from 11.2 solving this problem, it actually makes it worse.


It doesn’t appear possible to update a bootable external disk, only to format it and install a fresh system, as if the disk had never had macOS installed before.

The 11.2 full installer is incapable of copying existing account settings from the internal SSD to a fresh installation of 11.2.

M1 Macs currently don’t work reliably with bootable external disks. Users who want to boot from an external disk would be wise not to buy an M1 model, until Apple has fixed these problems completely.

Update (2021-03-14): Howard Oakley:

Having now completed the most pointless macOS update ever – that to 11.2.2 – I had hoped that Apple might at least have finally fixed the bug which prevents macOS updates from being installed successfully on most external bootable disks connected to M1 models. TL;DR: it doesn’t.

Update (2021-03-23): Howard Oakley:

If you want to use 1 True Recovery to change to or from using a bootable external disk, use its Startup Manager. Press and hold the Power button until the display shows Loading Startup Options, then release it. This takes you to the Startup Options screen. Wait until all bootable disks have loaded into the list, select the disk you want to boot from, then click Continue underneath it.

Howard Oakley:

If there’s anyone left who’s still trying to boot their M1 Mac from an external SSD, the question now is how to update it to macOS 11.2.1. As I reported, booting from the external disk isn’t likely to result in successful update, although a few users have reported that Software Update worked first time for them. Assuming that you have the same bad luck that I’ve had trying to do this on numerous occasions, here are my findings to guide you.


Update (2021-04-15): Howard Oakley:

With changing Mac hardware, the use and value of external boot disks is changing. This article is a short overview of what’s happening, and its consequences.


Update (2021-05-03): Howard Oakley:

Big Sur 11.3 progresses support of external bootable disks by M1 Macs, but can still appear flawed and unreliable, at least with non-Thunderbolt SSDs.


Strangely, with both bootable external SSDs (Thunderbolt 3 and USB-C), changing between booting from the external or internal SSD often takes you through the Recovery Assistant, despite the Mac being restarted from the Startup Disk pane. Although not a problem, it means that switching between disks can require two restarts.


The Finder often fails to eject external volume groups correctly. Although the ejection itself works, the Data volume is usually left in the Finder’s sidebar, from which it can’t be removed until the Mac is restarted without that external disk connected.

Undocumented NSShadow Change on Catalina

Jeff Johnson (tweet):

Curiously, the API documentation for shadowOffset is now shared between AppKit and UIKit.


So there is a change in behavior of NSShadow shadowOffset in AppKit on Catalina, presumably to emulate UIKit. Sigh… why does the Mac always have to emulate iOS now? Unfortunately, AppKit developers were not informed of the change, because there were no AppKit release notes published for Catalina.

If you want the shadowOffset to behave as (you) intended on all versions of macOS, both before and after Catalina, the workaround is to check if (@available(macOS 10.15, *)) and switch the sign of your offset height accordingly.

Jonathan Deutsch:

Also your article surfaces for me that the number of mandatory @available checks to workaround bugs and API changes is really getting bad for my app.

@hypeapp runs on macOS 10.10+ and has 111 checks! These are for compatibility and not to make use of new OS features.

Also, some enum values have changed on Apple Silicon Macs:

The NSTextAlignment enumeration uses different numerical values for some constants on arm64 and x86_64 architectures. When referring to constants using numerical values, validate that you use the correct values on each architecture.

The NSImageResizingMode and UIImageResizingMode enumerations uses different numerical values for some constants on arm64 and x86_64 architectures. When referring to constants using numerical values, validate that you use the correct values on each architecture.

See TARGET_ABI_USES_IOS_VALUES in the headers. I’m not sure how this interacts with archiving.

Monday, December 21, 2020

LG 27UK850-W: An Acceptable 27-inch Display

Josh Centers:

I decided to spend a bit more than I had hoped and buy the LG 27UK850-W, which usually sells for $450 but was on sale for $380. Even at full price, it’s $250 cheaper than the LG UltraFine 4K display and $850 less than the LG UltraFine 5K.

The LG 27UK850-W features a 27-inch IPS panel with a 3840-by-2160 resolution, which I calculate to be about 163 ppi. By comparison, the 21.5-inch iMac with Retina 4K display features 219 ppi, and the 27-inch iMac with Retina 5K display offers 218 ppi.


I like how the cables connect in the rear. Unlike my old Dell monitor, which awkwardly forced me to insert cables upward, the cables on the LG 27UK850-W plug straight into the back, making life much easier.


Upon close inspection, I noticed that text on it is ever so slightly fuzzy compared to the 27-inch iMac.


You may be wondering if the scaling affects text crispness. The first option (from left to right) makes text look huge. I couldn’t see any difference between the first and second options in terms of crispness. Text gets smaller as you go to the right, which might lead you to think that it will sharpen up, but in fact, the opposite happens: not only does it get smaller, it gets blurrier as well.


Zoom Executive Charged With Suppressing Calls

Department of Justice (via Hacker News):

According to the complaint, Jin served as Company-1’s primary liaison with PRC law enforcement and intelligence services. In that capacity, he regularly responded to requests from the PRC government for information and to terminate video meetings hosted on Company-1’s video communications platform. Part of Jin’s duties included providing information to the PRC government about Company-1’s users and meetings, and in some cases he provided information – such as Internet Protocol addresses, names and email addresses – of users located outside of the PRC. Jin was also responsible for proactively monitoring Company-1’s video communications platform for what the PRC government considers to be “illegal” meetings to discuss political and religious subjects unacceptable to the Chinese Communist Party (CCP) and the PRC government.

As alleged in the complaint, between January 2019 to the present, Jin and others conspired to use Company-1’s systems in the United States to censor the political and religious speech of individuals located in the United States and around the world at the direction and under the control of officials of the PRC government. Among other actions taken at the direction of the PRC government, Jin and others terminated at least four video meetings hosted on Company-1’s networks commemorating the thirty-first anniversary of the Tiananmen Square massacre, most of which were organized and attended by U.S.-based participants, such as dissidents who had participated in and survived the 1989 protests.

John Gruber:

How in the world can Zoom ever claim that calls are private and encrypted when they’ve clearly demonstrated the ability to monitor them, and abused that in patently offensive ways?

Just about everyone I know continues to use Zoom because it’s easy and works well.


FFmpeg Is 20 Years Old

FFmpeg (Hacker News):

Here’s to 20 more years of open source multimedia! 🎉


FFmpeg is a free and open-source software project consisting of a large suite of libraries and programs for handling video, audio, and other multimedia files and streams. At its core is the FFmpeg program itself, designed for command-line-based processing of video and audio files. It is widely used for format transcoding, basic editing (trimming and concatenation), video scaling, video post-production effects and standards compliance (SMPTE, ITU).

FFmpeg includes libavcodec, an audio/video codec library used by many commercial and free software products, libavformat (Lavf), an audio/video container mux and demux library, and the core ffmpeg command-line program for transcoding multimedia files.

FFmpeg is part of the workflow of hundreds of other software projects, and its libraries are a core part of software media players such as VLC, and has been included in core processing for YouTube and iTunes. Codecs for the encoding and/or decoding of most audio and video file formats is included, making it highly useful for the transcoding of common and uncommon media files into a single common format.


FFmpeg is a miraculous tool and I have relied on it for a couple decades now. Beyond the plethora of personal use-cases, it has enabled individuals and smaller companies to possess the same abilities as the bigger guys, who themselves are all pretty much using FFmpeg these days. The only folks who need to build/use alternatives are the platforms at the top of the market and/or with immense scaling needs who are truly pushing beyond the realm of FFmpeg’s practical abilities.

Ruby 3

Ruby (Hacker News):

Ruby 3.0 ships with rbs gem, which allows parsing and processing type definitions written in RBS.


Currently, TypeProf serves as a kind of type inference.

It reads plain (non-type-annotated) Ruby code, analyzes what methods are defined and how they are used, and generates a prototype of type signature in RBS format.


Ractor is an Actor-model like concurrent abstraction designed to provide a parallel execution feature without thread-safety concerns.


Fiber#scheduler is introduced for intercepting blocking operations. This allows for light-weight concurrency without changing existing code.

Update (2021-01-01): Ruby (Hacker News):

We are pleased to announce the release of Ruby 3.0.0.


The PHP Group (Hacker News, Slashdot):

PHP 8.0 comes with numerous improvements and new features such as:

  • Union Types
  • Named Arguments
  • Match Expressions
  • Attributes
  • Constructor Property Promotion
  • Nullsafe Operator
  • Weak Maps
  • Just In Time Compilation
  • And much much more…

Take a look at the PHP 8.0 Announcement Addendum for more information.

Omar Reiss:

In the first part of this report we’ll outline the changes in PHP 8 that are likely to significantly impact WordPress and other legacy codebases. In the second part of this report, we’ll try to provide a perspective on past, present and future challenges regarding WordPress and PHP compatibility.


One of the most important breaking changes in PHP 8 has to do with strict typing. User-defined functions in PHP already throw a TypeError. However, internal functions emitted warnings and returned null. PHP 8 makes this consistent and internal functions now also throw a TypeError. This will not only impact functions that already threw warnings prior to PHP 8, but also magic methods (which previously weren’t type checked) and functions that have had type declarations introduced. For this reason, it’s not possible to catch all issues that arise from this change by fixing the type warnings in PHP 7.4 environments.

S3 Strong Consistency

Amazon (via Tim Bray, Hacker News):

Amazon S3 now delivers strong read-after-write consistency automatically for all applications. Unlike other cloud providers, Amazon S3 delivers strong read-after-write consistency for any storage request, without changes to performance or availability, without sacrificing regional isolation for applications, and at no additional cost.

Jeff Barr:

One of the more interesting (and sometimes a bit confusing) aspects of S3 and other large-scale distributed systems is commonly known as eventual consistency. In a nutshell, after a call to an S3 API function such as PUT that stores or modifies data, there’s a small time window where the data has been accepted and durably stored, but not yet visible to all GET or LIST requests.


Effective immediately, all S3 GET, PUT, and LIST operations, as well as operations that change object tags, ACLs, or metadata, are now strongly consistent. What you write is what you will read, and the results of a LIST will be an accurate reflection of what’s in the bucket. This applies to all existing and new S3 objects, works in all regions, and is available to you at no extra charge! There’s no impact on performance, you can update an object hundreds of times per second if you’d like, and there are no global dependencies.

They don’t say how this works, but presumably the tradeoff is reduced availability, with the expected latency and error rate low enough that you don’t mind.


The most devious s3 consistency issue I encountered was that S3 bucket configs are actually stored in S3, and were not read-after-write consistent.

It was bad. In order to “update” a bucket config programmatically you need to read the entire existing config, make an update, and then PUT it back (overwriting what’s there). The problem is when you went to read the config it’s possibly 15 minutes old or more, and when you put it back you overwrite any changes that may not be consistent.


Friday, December 18, 2020

Stripe’s Payments APIs: the First Ten Years

Michelle Bu (via Patrick McKenzie):

It’s unlikely that a developer believed a production-ready payments integration involved literally only seven lines of code. But taking something as complex as credit card processing and reducing the integration to only a few lines of code that, when run, immediately returns a successful Charge object is really quite magical.

Abstracting away the complexity of payments has driven the evolution of our APIs over the last decade. This post provides the context, inflection points, and conceptual frameworks behind our API design.


Some Sources—like cards and bank accounts—are synchronously chargeable and can be charged immediately on the server after the payment form is submitted, while others are asynchronous and can only be charged hours or days later. Users often built parallel integrations using both synchronous HTTP requests and event-driven webhook handlers to support each type. This means users now have multiple places where they’re creating a Charge and fulfilling their order. The code branching factor deepens for payment methods like OXXO, where the customer prints out a physical voucher and brings it to an OXXO store to pay for it in cash. Money is paid entirely out-of-band, making our best practice recommendation of listening for the source.chargeable webhook event absolutely required for these payment methods. Finally, users must track both the Charge ID and Source ID for each order. If two Sources become chargeable for the same order (e.g., the customer decides to switch their payment method mid-payment) they can ensure they don’t double-charge for the order.


We ended up with two new concepts: PaymentIntents and PaymentMethods. By packaging these two concepts, we finally managed to create a single integration for all payment methods.

Web Search Indexes and Ecosia in Safari

Daisuke Wakabayashi:

Google holds a significant leg up on Microsoft in more than market share. British competition authorities said Google’s index included about 500 billion to 600 billion web pages, compared with 100 billion to 200 billion for Microsoft.

Via John Gruber:

But I’ll bet the overwhelming number of searches are completely satisfied by the contents of pages indexed by Bing. It’s the quality of results that matters most. A 500 billion-page index is useless if it doesn’t surface the correct results.


What’s more interesting to me is that while there are a number of small search engines, Google and Bing are the only two comprehensive indexes. DuckDuckGo, for example, syndicates the contents of its index from Microsoft. Google has a monopoly on web search no matter how you look at the market, but there’s even less competition for indexing the web than there is for user-facing search engines. In fact, I think semantically it sort of breaks the engine in “search engine” — the term presupposes that the service showing you the results is the same service that is crawling the web to index them. That’s just not true today.

My experience has been that Google’s results are much better than Bing’s, which are better than DuckDuckGo’s.

Wesley Hilliard (via John Gruber):

Ecosia is a search engine that promotes privacy first and plants trees around the world, and with Mondays updates, it is now available as a default search engine setting on iOS, iPadOS, and macOS.

Ecosia uses their income from search ads to fund planting trees around the world in harsh environments. The search engine doesn’t track users, encrypts searches, and anonymizes data within a week of it being created.

I’m going to give it a try, but given that it relies on the same Bing index I expect to be back with Google soon.


Update (2021-01-01): Ken Harris:

I remember why I stopped using @DuckDuckGo. It’s slow. It adds 10 seconds to every search when I have to:

- scroll down
- see that it’s not giving any useful hits
- scroll up
- add !g to the query and search again

DDG: great concept. Not quite there on execution.

Apple Silicon Mac mini for Continuous Integration

Peter Steinberger (tweet):

There’s a detailed article coming next in our series about Continuous Integration for Small iOS/macOS Teams that goes into more detail on this setup. Of course, there have been a few issues along the way to make the automation work with Apple Silicon.


On Apple Silicon, the main APFS container is disk3 and not disk1. Currently this change is hardcoded, eventually I’ll modify the the script to parse diskutil list to detect the container automatically. It took me quite a while to understand why Cinc stopped with Error: -69493: You can’t add any more APFS Volumes to its APFS Container”.


Some features in our iOS PDF SDK use WKWebView, like Reader View that reflows PDFs so they are easier to read on mobile devices. These tests crash with a memory allocator error on Big Sur.


launchctl changed a bit in Big Sur and now throws “Bootstrap failed: 125: Unknown error: 125” or “Load error 5: input/output error” if the service is already running.

The performance is 10% faster for iOS 14 but slower for older versions that run in Rosetta. The big win was finding some bugs that only happen on arm64.

Peter Steinberger:

Been updating the machines to Big Sur 11.1… did Apple just completely override our custom ssh configuration in that update?

Constantin Jacob:

This is 95% of the hard part of maintaining macOS CI infrastructure. The problem is Apple. MacStadium can’t help you with this and will tell you kindly, nobody at AWS is even going to pickup the phone for this shit and nobody at Apple understands what you’re complaining about


Apple TV App for Google Chromecast

Todd Spangler (also: Google, MacRumors):

Google and Apple reached an agreement that will bring the Apple TV app — including the Apple TV Plus subscription service — to the newest Chromecast device.

Google didn’t provide specific timing on when Apple TV will go live on Chromecast, saying only that the app will be available “early next year.” The company said it will bring the Apple TV app to additional devices that run Android TV OS in the future.

AirPlay is not mentioned.


Apple’s New Map: Canada

Juli Clover:

Apple’s redesigned Maps app is now available in Canada following a test of the feature that kicked off back in October. The Canadian expansion comes 11 months after Apple finished the rollout of the revamped Maps app in the United States.

Justin O’Beirne:

In lieu of driving the area with its data collection vehicles, Apple appears to instead be relying on iPhone probe data to map the road network here. For instance, notice that Apple has added a bridge across the Yukon River here in Dawson City[…]

The bridge that Apple added, however, doesn’t exist[…]

So it seems that Apple is getting iPhone probe data from those riding the ferry across the river and interpreting it as a “road”.

Nick Heer:

The cartography is undeniably better: it is more precise, just as clear, and has subtler distinctions in cities and parks. The 3D models of buildings look very good, and Look Around is terrific; I am glad that Google no longer has a monopoly on street-level imagery. It is nowhere near as comprehensive as Google’s efforts, but there is imagery for a wider range of places than I imagined.


I will say that I panned around a few blocks near me and found a few businesses that had pins far away from where they should have been, one business that changed its name last year and had not been updated, and a listing for a bar that closed its doors thirteen years ago, all within a couple of minutes. This is all in a city of over a million people. That’s not to say that I have never found errors with Google Maps, but I find them more rarely and, in a similarly quick glance of the same area, did not notice anything wrong.


Thursday, December 17, 2020

Where Is End-to-End Encryption for iCloud?

Ole Begemann:

In a December 2020 video recorded for the European Data Protection & Privacy Conference, Apple’s Craig Federighi touts end-to-end-encryption for iMessage[…]

Apple has been using this self-congratulatory tone about their encryption efforts for years and I find it increasingly disingenuous. What Federighi fails to mention: if you have iCloud Backup enabled, that last claim (emphasis mine) is not the whole truth.


In other words, if you use Apple services as intended and recommended by Apple, a large portion of your most sensitive data is in fact not securely encrypted.


No More Downloadable macOS Updates

Normally, the delta and combo updaters are available for download here within a day of the macOS update becoming available via automatic software update. There was never an updater posted for macOS 11.0.1, but I didn’t think much of it because 11.0 wasn’t in wide circulation. But there are no updaters for macOS 11.1, either.

Mr. Macintosh:

Manual downloadable delta and combo updates for Big Sur are no longer available.

Howard Oakley:

If you feel that you “have a need for individual downloads for Big Sur delta/combo updaters”, please let Apple know. In the strongest possible terms, via Feedback, Apple Support and any other means available.

Unless a strong case is made for the reinstatement of standalone installer versions of Big Sur updates, it’s most likely that none will be provided for download – as has already happened with the 11.0.1 and 11.1 updates.

Otherwise, I guess the best solution is to download and keep a copy of each 12 GB full installer. You may be able to download it again later via the softwareupdate tool, but I’ve had mixed luck with that. Also:

Some digging has revealed that this password prompt is shown when the softwareupdate binary is called, and only on Apple Silicon devices.

Calling the softwareupdate binary is something which we Mac Admins have done for years, and it’s likely folks have workflows in place calling the softwareupdate binary which is then triggering this prompt.

So, what’s the fix? Short term, don’t call the softwareupdate binary on Apple Silicon devices and raise this issue with Apple.


Update (2020-12-24): Stephen Hackett:

These packages were also very useful while troubleshooting, and could often be used to fix software issues that didn’t require a full reinstall.

Tim Hardwick:

Apple hasn’t confirmed that it has ended update packages for macOS, but the current lack of standalone installers for Big Sur doesn’t look particularly good for users who rely on them.

That said, there is an alternative solution in the Sharing pane in System Preferences in the form of a Content Caching option, which enables one Mac to download updates and other Macs on the same network to download them directly from the local Mac.

Howard Oakley:

This doesn’t allow a client to install an update more than once. If something goes wrong and the first attempt to install that update causes problems, there’s no repeat button: if that Mac thinks the update has been applied, you can’t force your server to offer it again to that client.

Neither, it appears, is there any way of extracting a standalone installer from the updates cached locally.


Although the Content Caching Server is very useful for many users, and merits serious consideration by anyone with more than one Mac, it doesn’t address any of the use cases which have been put forward for the continuation of standalone software update installers.

Update (2021-02-08): Howard Oakley:

Just over month later, Apple released the update to 11.2. Not only are there still no standalone installers for that, and no explanation or (heaven forbid) apology, but Apple immediately removed the full 11.1 installer app, and still hasn’t provided standalone installer packages for the concomitant security updates to Mojave and Catalina. As things stand at the moment, even if you use sudo softwareupdate --fetch-full-installer --full-installer-version 11.1 at the command line, Apple’s servers tell you it wasn’t found. Download the current version of 10.15.7 using the same mechanism, and you’ll be given the version from last November, without either Security Update 2020-001 or 2021-001 installed.


I’m very grateful to @rosyna for pointing out that, as Big Sur should retain a pre-update snapshot, users could now be able to use that to revert to the previous System snapshot in the event that an update goes wrong, as 11.2 has for SoftRAID users.

I thought that Apple had removed support for automatic snapshots.

Pruning GitHub’s Code Search Index

GitHub (Hacker News):

Starting today, GitHub Code Search will only index repositories that have had recent activity within the last year. Recent activity for a repository means that it has had a commit or has shown up in a search result. If the repository does not have any activity for an entire year, the repository will be purged from the Code Search index.

That seems much less useful. I would rather have a comprehensive seach, even if it’s slower.

Little Snitch 5.1 Beta

Objective Development (tweet):

There has been a lot of turmoil about Apple excluding some of their own processes from third party firewalls. This release focuses on the problem and adds an option to uncover whitelisted connections in Network Monitor.

It cannot block them, however.


Update (2021-01-04): Murus (via Leo):

For the brave of you who like experimental software: Exclusions Blaster for #macOS #BigSur Monitor and block processes included in Content Filter Exclusion List.

iOS Autocorrect and the Delete Key

Hank Green:

On Android, if you type a word and it wrongfully autocorrects it, the moment you hit backspace it changes back. On iPhone, if you type a word and it wrongfully autocorrects it, and you delete it and retype it IT WILL CHANGE IT AGAIN TO THE EXACT SAME WRONG WORD.

Ken Kocienda:

When I created the original iPhone autocorrection code, I treated the delete key as an important signal, and I made sure that the software didn’t offer the same correction after a delete.

Not doing the wrong thing was just as important to me as doing the right thing.


Texas vs. Google

Russell Brandom:

In a bizarre video posted to the office’s verified Twitter account, Texas AG Ken Paxton says the company “repeatedly used its monopolistic power to control pricing” in online ads. “These actions harm every person in America,” Paxton continues. “It isn’t fair that Google can harm the web pages you visit and read.”


The most detailed allegation is that Google used its market power to sabotage “header bidding,” a practice that allows advertisers to route a single request through multiple exchanges at once. “Google viewed header bidding’s promotion of genuine competition as a major threat,” the complaint alleges, citing internal communications obtained as part of the probe.

Google eventually adopted the practice, allowing its ad server to route requests through multiple exchanges at once. But according to the complaint, Google rigged that system to rout requests to its own exchange, even when a competitor had submitted a higher bid.

From the complaint (PDF, Hacker News):

As internal Google documents reveal, Google sought to kill competition and has done so through an array of exclusionary tactics, including an unlawful agreement with Facebook, its largest potential competitive threat, to manipulate advertising auctions.


Header bidding is only possible if publishers can insert JavaScript code into the header section of their webpages. To respond to the threat of header bidding, Google created Accelerated Mobile Pages (“AMP”), a framework for developing mobile web pages, and made AMP essentially incompatible with JavaScript and header bidding.


Google ad server employees met with AMP employees to strategize about using AMP to impede header bidding, and how much pressure publishers and advertisers would tolerate. First, Google restricted the code to prohibit publishers from routing their bids to or sharing their user data with more than a few exchanges a time, which limited AMP compatibility with header bidding. At the same time, Google made AMP fully compatible with routing to exchanges through Google. Google also designed AMP to force publishers to route rival exchange bids through Google’s ad server so that Google could continue to peek at rivals’ bids and trade on inside information. Third, Google designed AMP so that users loading AMP pages would make direct communication with Google servers, rather than publishers’ servers. This enabled Google’s access to publishers’ inside and non-public user data. AMP pages also limit the number of ads on a page, the types of ads publishers can sell, as well as enriched content that publishers can have on their pages.


Google falsely told publishers that adopting AMP would enhance load times, but Google employees knew that AMP only improves the [redacted] and AMP pages can actually [redacted]. In other words, the ostensible benefits of faster load times for cached AMP version of webpages were not true for publishers that designed their web pages for speed.

Google also [redacted] of non-AMP ads by giving them artificial one-second delays in order to give Google AMP a [redacted][…] which Google uses to turn around and denigrate header bidding for being too slow.

Dan Luu:

One thing I’ve wondered about is how Google convinced so many employees that AMP was good with such transparently bad reasons.


Update (2021-01-01): Jason Kint:

WSJ has now reported Facebook and Google’s sketchy price fixing deal terms. Alleges the “duopoly” allocated their surveillance advertising biz and this sure seems to back it up.

Ashkan Soltani:

In 2015, @Facebook signed an exclusive agreement granting @Google access to millions of Americans’ end-to-end encrypted @Whatsapp messages, photos, videos, and audio files

@Google coordinated with @Facebook, @Apple, @Amazon, and @microsoft to delay privacy regulation because of its impact to Google’s ad business.

@Google cut off publishers’ ability to identify users (cookie-sync) purportedly on privacy grounds [p53], but permitted @Facebook to identify users in publishers’ auctions in order to better target and win more often in auctions.

Update (2021-01-18): Daisuke Wakabayashi and Tiffany Hsu:

Executives at six of the more than 20 partners in the alliance told The Times that their agreements with Google did not include many of the same generous terms that Facebook received and that the search giant had handed Facebook a significant advantage over the rest of them.


The disclosure of the deal between the tech giants has renewed concerns about how the biggest technology companies band together to close off competition. The deals are often consequential, defining the winners and losers in various markets for technology services and products. They are agreed upon in private with the crucial deal terms hidden through confidentiality clauses.

Update (2021-03-23): Adi Robertson and Russell Brandom:

But in the updated complaint, the states apply this argument to Google’s “Privacy Sandbox” — a tool that’s supposed to replace invasive third-party tracking cookies with a more limited system devised by Google.

“Google’s new scheme is, in essence, to wall off the entire portion of the internet that consumers access through Google’s Chrome browser,” the complaint reads. Blocking cookies might broadly be a good thing — other browsers like Firefox and Safari have already done it. But Chrome dominates the browser market, and it’s part of a much larger Google product suite. The suit argues that Google’s plans would require advertisers to use it as a middleman and would make Google’s own advertising system far more attractive.


Update (2021-04-16): Malcolm Owen:

Google used a secret program called “Bernanke” that used historical bidding data to give its ad-buying system a major advantage over its rivals, an antitrust lawsuit filing claims, a program that earned the company hundreds of millions of dollars in revenue.

Wednesday, December 16, 2020

Preview in Big Sur Destroying PDFs Again

Manuel Grabowski (Hacker News):

In the lower half is the result after modifying (removed a blank page) and saving that same PDF in Preview.

Hard to believe, but that’s not the first time Apple messed this up. Sure, even Apple can’t account for all use cases when changing complex stuff like internal PDF handling. But:

  • The iX500 is an insanely popular and common scanner
  • I don’t know any OCR software that is more popular than ABBYY FineReader
  • macOS used to be the absolute best in class OS for dealing with PDFs by a long shot

As with the macOS 10.12 bug—was it not added to a regression test suite?—this doesn’t affect all PDFs with text layers, apparently just those created by ABBY FineReader.

As Grabowski says, PDF support on macOS used to be great, but I don’t think it’s yet recovered from the rewrite five or so years ago. I’m still seeing slow progressive rendering, intermittent glitches where pages go blank, and buggy scrolling. Big Sur did fix a Catalina regression that broke clickable links by truncating the URL.


Update (2021-01-04): Jonas M. Ribe:

I wouldn’t put this on Big Sur. The bug has existed in some form since the PDFKit rewrite (Sierra). Fewer people run into it after Preview started doing incremental saves for some PDF operations (High Sierra?). Deleting a page in Preview still does a full save and can break text.

Podcasts in Big Sur


All other things notwithstanding, revisiting Podcasts is informative. Nearly all of it seems to still hold true. Someone is awake at the switch somewhere since Cmd+L now does jump to the “show” of the current episode, but it doesn’t select the episode and scroll it into view to let you pick neighboring episodes. Indeed, it first loads an empty list and then visibly populates it with data, leaving you at the top.

Furthermore, I am now thrilled to discover that hitting Space in Podcasts no longer play/pauses.


[It] still looks, feels and behaves more like a poorly written web app, a mélange of UI goo scraped out of a foreign metaphor and allowed to set without much customization or supervision.

I have little interest in playing podcasts on my Mac, but I liked that iTunes made it easy to download and archive them locally. This avoids filling up my phone, lets me flag favorite episodes and add notes, and protects me from losing episodes if a feed disappears or starts requiring a subscription.

Apple’s Podcasts app is not fit for this purpose because its interface makes it harder to manage episodes and because, instead of organizing them on disk with friendly folder and filenames, it dumps a bunch of UUIDs all into the same folder.

So I’ve been using Downcast as my podcast downloader. It actually works better for this than iTunes did, except that for years I’ve been plagued by sandbox issues where its security-scoped bookmarks go bad and it loses access to files in its own container. The last time this happened I very nearly switched to gPodder, Gtk interface and all, but with the developer’s help I was able to get Downcast working again.

The takeaway, from a programming point of view, is that even though security-scoped bookmarks claim to be able to give you the file’s previous path, even if the bookmark can no longer be resolved, you can’t rely on this. You need to store your own copy of the path so that if the bookmark breaks (which seems to happen all the time, even for folders that were never moved) you can prompt the user for access and create a new bookmark.


Facebook Protests App Tracking Transparency

Tom Warren (Hacker News):

Facebook is publicly criticizing Apple’s upcoming iOS privacy changes in full-page newspaper ads today.

Dan Levy:

Apple’s new iOS 14 policy will have a harmful impact on many small businesses that are struggling to stay afloat and on the free internet that we all rely on more than ever.


They’re creating a policy — enforced via iOS 14’s AppTrackingTransparency — that’s about profit, not privacy. It will force businesses to turn to subscriptions and other in-app payments for revenue, meaning Apple will profit and many free services will have to start charging or exit the market.


Our studies show, without personalized ads powered by their own data, small businesses could see a cut of over 60% of website sales from ads.


They’re not playing by their own rules. Apple’s own personalized ad platform isn’t subject to the new iOS 14 policy.

Facebook is not wrong that this is bad for businesses buying and selling ads. And Apple is not playing fair. But, as an iOS user, I do like being offered the choice to control tracking. It seems like a reasonable compromise, compared with other cases where the App Store forbids certain business models entirely.

Joe Rossignol:

A refresher on the situation: Starting early next year, Apple will require apps to get opt-in permission from users to collect their random advertising identifier, which advertisers use to deliver personalized ads and track how effective their campaigns were. This will occur in the form of a prompt that shows up when users open apps on iOS 14.


“We believe Apple is behaving anti-competitively by using their control of the App Store to benefit their bottom line at the expense of app developers and small businesses,” said Facebook. “We continue to explore ways to address this concern.”

As one course of action, Facebook is now showing its support for Fortnite maker Epic Games’ antitrust lawsuit against Apple. Facebook said that it will be providing the court overseeing the case with information on how Apple’s policies have adversely impacted Facebook and the people and businesses who rely on its platform.

Apple (also: Mike Isaac):

An Apple spokesman disagreed, telling CNBC its own apps and services have to comply with its tracking rules and that its own ad network, called SKAdNetwork, is free for developers and Apple doesn’t make any money off it.

“We believe that this is a simple matter of standing up for our users. Users should know when their data is being collected and shared across other apps and websites — and they should have the choice to allow that or not,” Apple said in emailed statement. “App Tracking Transparency in iOS 14 does not require Facebook to change its approach to tracking users and creating targeted advertising, it simply requires they give users a choice.”


Update (2020-12-24): Filipe Espósito:

As noted by some users today and now confirmed by 9to5Mac, Facebook is now promoting banners on some of its iOS apps, once again criticizing Apple for the changes in App Store privacy guidelines.

Rob Jonson:

If developers were allowed to make functionality conditional on tracking, then transparency would be 100% justified. ‘You can get facebook for free if you let us track you to serve ads’. Apple doesn’t allow that because they care about killing ad revenue, not customer choice.

John Gruber:

There’s nothing “forced” about the software update Facebook is talking about either, which, I think, is going to be iOS 14.4. It’s actually quite interesting that Apple does not force software updates, or perform them in a hard-to-disable-or-detect manner.

Apple does in that sometimes iOS updates reverses the preference that you set and turns future auto-updates on. If you don’t update, iOS constantly nags you. New devices require new OS versions. You can’t downgrade a device. In practice, updates end up being mandatory.

Jack Wellborn:

Usually companies in a big public disputes like this construct their arguments on competing assumptions. What’s interesting here is that Facebook’s prognostications of doom are based on the exact same assumption Apple used to justify these prompts to begin with — that no one will volunteer to be tracked if given the choice.

Lukas Mathis:

Personalized ads that use user tracking measure ads based on a direct causal relationship between users seeing an ad, and users acting on that ad by buying the product advertised in the ad. By that metric, the vast majority of ads just don’t work. People don’t see an ad for a product, and then buy that product immediately, or perhaps a few days later.

(In fact, every time scientists try to measure the effectiveness of advertising, it turns out to not be very effective at all.)

Instead, the way ads work is that when people decide to buy a product, they will have more trust in products whose ads they see consistently, and whose products they associate with publications they trust.


If Facebook wanted to increase the value of its ads, they would join Apple in fighting against user tracking, because in the end, it will increase the value of its ads. The less advertisers know about the direct causal effects their ads have, the higher they will value them.

See also: Josh Centers, EFF, Anupam Chugh, Hacker News.

Update (2021-01-01): Brad Hill:

I shouldn’t be surprised anymore but it is amazing that none of the press coverage I’ve read of Apple’s iOS 14 changes re: advertising have managed to mention at all the single most salient fact of the situation.

It’s not that Apple requires developers to ask users if they consent to sharing data with 3rd parties.

It’s that Apple forbids developers from doing anything differently when users decline.

No, “Share your data to enable meaningful ads, or pay $15 to use this app,” no “Enable personalized advertising to unlock premium features,” not even, “You’ll see more, less valuable, ads if you decline.” That would be user choice.

Update (2021-01-13): Chance Miller:

As first reported by iMore, Facebook has sent another round of emails to businesses informing them that while it disagrees with Apple’s planned changes, it has no choice but to follow them. Facebook says that the App Tracking Transparency feature, which requires apps to obtain consent from users before tracking them across other websites and apps, will have “hard-hitting implications across targeting, optimization, and measuring campaign effectiveness.”

SolarWinds Breach

Reuters (via Zack Whittaker, Hacker News):

On Monday, SolarWinds confirmed that Orion - its flagship network management software - had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.

And while the number of affected organizations is thought to be much more modest, the hackers have already parlayed their access into consequential breaches at the U.S. Treasury and Department of Commerce.


Security researcher Vinoth Kumar told Reuters that, last year, he alerted the company that anyone could access SolarWinds’ update server by using the password “solarwinds123”


Others - including Kyle Hanslovan, the cofounder of Maryland-based cybersecurity company Huntress - noticed that, days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.

TJ Luoma:

Wait… is this the same SolarWinds that bought Pingdom a few years ago?

SaveBreach (via Hacker News):

As per the screenshot posted by Vinoth, which we wrote about in our previous post, SolarWinds were possibly using unencrypted plain FTP server for their Downloads server in the age of global CDN technologies. However, not a direct attack vector its very likely that the FTP server had more vulnerabilities and unencrypted communication can always be intercepted, and modified. But we don’t believe this maybe something as concerning as the FTP password leak.


To corroborate his claim, Vinoth shared the the following link to the Configuration file exposed that was exposed in the mib-importer GitHub repo possibly belonging to a SolarWinds employee[…] So we concluded that the credentials to the FTP server and other potentially sensitive information in that exposed repository possibly existed for more than 1 year in the public domain until Vinoth reported it to the SolarWinds PSIRT.


Update (2020-12-24): See also: Brian Krebs, Nick Heer, Bruce Schneier.

John Gruber:

This hack should be Exhibit A in the response to every future dummy in the government who advocates for mandatory encryption backdoors on the grounds that you can trust the government with the keys.

Update (2021-01-01): Bruce Schneier:

Recent news articles have all been talking about the massive Russian cyberattack against the United States, but that’s wrong on two accounts. It wasn’t a cyberattack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.


SolarWinds has removed its customer list from its website, but the Internet Archive saved it: all five branches of the US military, the state department, the White House, the NSA, 425 of the Fortune 500 companies, all five of the top five accounting firms, and hundreds of universities and colleges. In an SEC filing, SolarWinds said that it believes “fewer than 18,000” of those customers installed this malicious update, another way of saying that more than 17,000 did.

Microsoft (via Hacker News):

Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor.

Update (2021-02-05): See also: Bruce Schneier.

Update (2021-09-08): Bruce Schneier:

Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.

Update (2023-05-03): Bruce Schneier:

New reporting from Wired reveals that the Department of Justice detected the SolarWinds attack six months before Mandiant detected it in December 2020, but didn’t realize what it detected—and so ignored it.

Nick Heer:

Zetter’s thorough investigation into the circumstances of the 2020 SolarWinds breach — including her previously reported story about the FBI’s foreknowledge — is worth your time. It is also a reminder to me that the circumstances of Bloomberg’s Supermicro story, another supposed supply chain compromise, remain mysteriously uncorroborated and without similar on-the-record journalism.


Update (2024-06-18): Renee Dudley:

Former employee says software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others.

Via Nick Heer:

It seems that both Microsoft and the Department of Justice knew well before anyone else — perhaps as early as 2016 in Microsoft’s case — yet neither did anything with that information. Other things were deemed more important.

Tuesday, December 15, 2020

Shutting Down the Goodreads API

Stephanie Wilkinson:

In 2013, Amazon bought Goodreads. Many in the reader community were worried about what Amazon would do with its new acquisition, but they retained the status quo for a while. Until now, apparently.

They’ve given notice that they will shut down their APIs, effectively shutting down outside interaction with Goodreads data. In addition, the developer terms and conditions don’t allow storing of any Goodreads data, so users won’t be able to pull their data from Goodreads for use in other arenas.

Via Nick Heer:

Seems pretty bold for Amazon, which owns Goodreads, to further silo user data as it is being investigated for criminal antitrust violations.

Eric Engstrom, RIP

Dean Takahashi (via Hacker News):

Eric Engstrom passed away this week, leaving friends in mourning for one of the renegades of the Microsoft empire and a brilliant tech innovator.

Engstrom was known as part of the “Beastie Boys,” a trio of evangelists who paved the way for Microsoft’s expansion in games in the late 1990s and early 2000s with DirectX. The expansion eventually enabled Microsoft to launch the Xbox (X signified DirectX) video game console — an enterprise that generated billions of dollars for Microsoft and made it a major player in the game industry.

Update (2021-01-01): Edge (via Hacker News):

Edge magazine investigates the dramatic origins of the original Xbox and how an internal team ‘hoodwinked’ Bill Gates into launching Microsoft’s first console.

Dismissing Big Sur Notifications

Tyler Hall:

An example of unhelpful alerts that you didn’t opt-in to and can’t opt-out of are hot marketing garbage like this.


But I digress. Helpful or spam-like, the UX problem is dismissing them.


Because, in almost all instances of an alert appearing, I want to know about it, but way less frequently do I want to open the entire app behind it.


For those of you keeping score at home, that’s a 22pt x 22pt target out of the banner’s total 346pt x 78pt. Or 1.8% of the total size.


If you move your mouse towards the notification intending to dismiss it, the clickable area (without backtracking your mouse) is this even smaller green part.

I usually want to mark a Messages notification as read (which takes multiple clicks) or dismiss a notification from another app (which has a small click target). The big click target is for opening the app, which is rarely what I want.

Nick Heer:

Notifications remain a system feature that, at least on Apple’s platforms, asks a lot from users for such simple benefit. On iOS and MacOS, it is too easy to be zipped into a different app, especially if you are trying to dismiss the notification instead.


Update (2020-12-16): Marco Arment:

Big Sur’s notifications are Big Sur’s butterfly keyboard.

(see also: hiding all actions under the “Options” button, and the inexplicable and extremely frustrating loss of multiple Snooze durations in Calendar notifications)

Update (2021-01-01): Dave Mark:

Big Sur brings a frustrating interface change to notifications. This post documents the change in great detail. It’s all about the process of dismissing a notification, which is much harder than it used to be, both in terms of fine motor control requirements and low discoverability.

Update (2021-06-13): Riccardo Mori:

In Mac OS 10.13 High Sierra (and presumably in Mojave and Catalina), Notifications not only have better buttons and UI than in Big Sur, they’re also smarter. When that app has finished updating, the notification will automatically go away. In Big Sur, it stays there.

Brave Rewards Not Allowed in App Store

Brave Software (tweet, via Tim Sweeney, Hacker News, MacRumors):

Today Brave is releasing a new version (1.22) of its iOS browser in order to comply with recent stipulations made by Apple. In a nutshell, Brave users on iPhones and iPads will no longer be able to earn rewards for their attention, and will no longer be able to tip their favorite online creators via Brave. These changes to our Brave Rewards system do not apply to our desktop and Android browsers.

Around the iOS 14 release, Apple raised some concerns about our iOS app and deemed that Brave Rewards was not compliant with their guidelines 3.1.1 and 3.2.2, and required immediate remedies. Brave Rewards is built on the Basic Attention Token (BAT) and is a new way to value attention, connecting users, content creators, and advertisers. Users are rewarded in BAT with 70% of the ad revenue share of the privacy-preserving ads they opt into viewing, and they can support content creators they love by rewarding them with BAT. There are currently over 985,000 Brave verified content creators.

Apple’s guideline 3.1.1 prevents apps from allowing users to give to, or tip a person, company, or service — unless what is given is purchased via an Apple in-app purchase. Brave users who had opted into our Brave Rewards system could give their BAT to a verified creator and support their content via a feature we call Tipping, but going forward this won’t be possible on iOS.

It’s not clear to me why this was allowed before but now isn’t. I don’t think the “tasks for cash” rule applies here.


Monday, December 14, 2020

Chrome Updater May Cause Mac Slowness

Loren Brichter (tweet, Hacker News):

Google Chrome installs something called Keystone on your computer, which nefariously hides itself from Activity Monitor and makes your whole computer slow even when Chrome isn’t running. Deleting Chrome and Keystone makes your computer way, way faster, all the time.

I’ve not seen this problem on any of the Macs I administer. And what’s alleged doesn’t seem very likely to me, except that it’s being reported by Loren Brichter. But the response indicates that some people are seeing an improvement, so I hope that Google will investigate. Maybe an OS bug is being triggered. Or maybe people are confusing the effects of restarting their Mac (as Brichter’s instructions suggest) and removing Chrome (a known memory hog) with the effects of removing the Keystone updater itself.

I’m also not convinced that Keystone “hides itself from Activity Monitor” or that there’s anything nefarious going on.

Guilherme Rambo:

As you can see from the comparison above, with Chrome installed, the WindowServer process used about 50s of CPU during the test window. Without Chrome and its updater installed, it used about 49s. I don’t see this as a confirmation of the problem, given that the difference is negligible (way below what would cause visible performance issues).

Apart from that, the entire claim that a process which runs once per hour would cause a completely unrelated system service to have high CPU usage is wild. WindowServer is responsible for rendering the macOS UI to the screen, it spends its time in the CGXUpdateDisplay method, rendering CALayers, a task that has absolutely nothing to do with anything a software update checker (with no UI) would be doing.

See also:


Update (2020-12-14): See also: Brichter’s bug report (tweet).

Update (2020-12-16): Loren Brichter:

Anecdotes from people with persistent and unexplained performance issues who have fixed it by uninstalling Chrome & Keystone.

Gwynne Raskind:

I wonder if this is possibly the result of interaction with firewalls - ditching JUST Keystone (kept Chrome, didn’t restart) cut WindowServer CPU usage by 50% for me. I also had rules blocking it in Little Snitch. A faulty retry loop of some kind maybe?

Paul Haddad:

Last night I created 3 almost identical 10.15.7 VMs. First one had nothing installed. Second one had Chrome installed, but not running. Third one had Chrome running with open.

Left them running, result? No significant difference between any of them. 🤷‍♂️

Brendan Eich:

I saw WindowServer hogging CPU and tried this “one weird trick” (expunged all Google software from my 2019 MBP) and I don’t know why, but it works. Could be a macOS bug or multi factor bug, who knows? Try it.

Update (2021-02-22): Russell Ivanovic:

So my shiny new M1 laptop, clean installed only a month and a bit ago now idles WindowServer at 20-40%. All day battery is now 3 hour battery.

Before you ask, I never installed Chrome (and never bought into the Chrome is bad thing).

“Damaged” Apps That Can’t Be Opened

Craig Hockenberry (tweet):

This story began with customer reports of xScope being a “damaged app” on Big Sur. This was surprising because I had been downloading and testing the app on Big Sur for several months without issue.


It turns out all these folks complaining about a “damaged app” were either using Chrome or had Safari’s “safe” file handling turned off. The damaged archive wasn’t getting repaired automatically by Safari.

The root of the problem is localization in the Sparkle framework. There are two symlinks with extended attributes (the “._” is where macOS stores things like Finder information). The intent of the symlink was to say that French Canadian is the same as French, and Portuguese is the same as Brazilian Portuguese.

There’s also arguably a bug in Safari because, even though it my be desirable in this case, why is it changing the contents of the ZIP archive?

Thomas Tempelmann appears to be seeing the opposite beahvior with ZIP archives:

I’ve now had it several times that customers cannot launch my downloaded apps in Big Sur because “… is damaged and can’t be opened.” - and that’s because they’re using broken 3rd party unzip tools like “Decompressor”. I can recommend The Unarchiver, though.


I downloaded with Safari (“Open safe files …” is unchecked), then used the “Decompressor” app to unzip the app -> damaged. Unzip same file with Apple’s tool -> fine. Happens with my iClip app but not with my FindAnyFile app.

And I think there’s more to this issue because, over the last few weeks, I’ve received customer support requests about the “‘App’ is damaged and can’t be opened. You should move it to the Trash” error for the first time—even though my apps are shipped in .dmg files rather than .zip files. Sometimes, removing the quarantine xattr helps, but I don’t understand what the underlying issue is. If the disk image’s checksum verifies, is the app somehow being damaged as Finder copies it to the Applications folder?

See also: AskDifferent, OSXDaily, Apple’s forum.

Gmail Click-time Link Protections

Paul Haddad:

Apparently Google is now doing this thing where they modify your incoming emails and wrap links around their link tracking service? Started in mid Oct. and I see no way to opt out.


Because links to malicious websites can be sent in emails, Google adds link protection for all official Gmail clients (web, Android, and iPhone & iPad). Some of these protections are now available for some users that use a third-party email application (IMAP client).

For these users, clicking a link in a recent message starts a malicious link check. If nothing malicious is detected, the user is taken to the destination. For older messages, a window might appear, requiring a tap or click to open the link.

But this means that Google gets to see what you click on, and if you save a copy of the message from Apple Mail you don’t get the original data.

Lewin Day:

For a subset of users, it appears Google is modifying URLs in the body of emails to instead go through their own link-checking and redirect service. This involves actually editing the body of the email before it reaches the user. This means that even those using external clients to fetch email over IMAP are affected, with no way to access the original raw email they were sent.

The security implications are serious enough that many doubted the initial story, suspecting that the editing was only happening within the Gmail app or through the web client. However, a source claiming to work for Google confirmed that the new feature is being rolled out to G Suite customers, and can be switched off if so desired.


For some, the implications are worse. Cryptographically signed messages, such as those using PGP or GPG, are broken by the tool; as the content of the email body is modified in the process, the message no longer checks out with respect to the original signature.


It has since come to light that for G Suite users with Advanced Protection enabled, it may not be possible to disable this feature at all.


I can and have reproduced this for over a week now and have been hammering google & apple to fix it with no luck. Google says it’s an Apple issue and Apple says it’s a Google issue. The issue only appears to surface under specific use cases and always requires the user to have setup on macOS or iOS with the gsuite account/user set to type “Google” vs. “IMAP”. This seems to be the real pickle as all the following use cases below require this to be true for the link manipulation to occur. The same messages viewed in or in on macOS or iOS with the account type set to “IMAP” have their links left untouched.


Google support has been effectively useless. Apple support has honestly done more to shed light on the issue. However, both companies are blaming the other and refusing to escalate to engineering or get on a call with the other company to sort this out together. Of course, Google support claims nobody else is reporting this, while Apple support alerted me to this thread. Super frustrating all around. If you are a Gsuite user please report this so I’m not yelling into the wind here. I can also confirm for my account the issue started on October 6, 2020.

See also: Stop Gmail click tracking.


Xcode 12.3

Xcode Releases (release notes):

Xcode12.3 has been released! […] No direct download yet, but this is also the same build number as the Release Candidate, so it’s likely identical

The direct download should eventually be here.

Peter Steinberger:

Apple folks: You release Xcode 12.3 with a broken Components window. This would be kinda nice to have working. Need mah Simulators.


macOS 11.1

Juli Clover:

There were no major new features discovered in the update during the beta testing period, but according to Apple’s release notes, the new software adds support for AirPods Max, introduces a new Apple TV+ tab[…]

It reportedly fixes lots of problems, especially with Rosetta, so I would definitely update from macOS 11.0.x. If you’re still on Catalina, I don’t think this is the release you’ve been waiting for. There are still data loss and rules bugs in Mail, none of the various other bugs I’ve filed have been fixed yet, SuperDuper isn’t available, etc.

The downloadable update is not yet available but should eventually be here.

See also: Mr. Macintosh, Howard Oakley.

Update (2020-12-14): Mr. Macintosh:

Apple has added the Mac-189A3D4F975D5FFC BoardID for the 2013 & 2014 13" MacBook Pro’s back to the 11.1 distribution file. This means that Apple has found the issue and you can install Big Sur again!


Update (2020-12-16): Howard Oakley:

There appear to be firmware updates for all compatible Macs, and with concurrent security updates to Catalina and Mojave, this looks to have brought these versions in line for all models which have been updated in this round.


There’s a long list of security fixes, over 50 in total, with audio, FontParser, and ImageIO bugs particularly numerous, although there are only two kernel vulnerabilities which have been fixed.

Update (2021-01-04): Victor Vrantchan:

Under certain conditions, macOS 11.0.1 and macOS 11.1 hosts are requesting the update server send the 11.0.1 update, instead of requesting the next available one. The server rejects this update as it’s already either installed or older.

See also: Mike Peterson.

iOS 14.3 and iPadOS 14.3

Juli Clover:

Apple today released iOS and iPadOS 14.3, updates that come over a month after the release of iOS and iPadOS 14.2, which brought new emojis, Intercom support, new wallpapers, and more.


iOS 14.3 brings the ProRAW camera format to the iPhone 12 Pro and 12 Pro Max, plus it introduces support for Apple Fitness+, Apple’s latest service. It also includes support for Ecosia, a new search engine option, and introduces a useful change that lets apps created with Shortcuts launch more quickly. The update brings a new Apple TV+ tab in the TV app, and includes several bug fixes.

Juli Clover:

The iOS 14.3, iPadOS 14.3, and macOS Big Sur 11.1 updates that are live as of today introduce a new App Privacy labeling feature for the App Store and macOS App Store, giving customers a way to determine what data an app collects about them before choosing to install it.


Microsoft Productivity Score

Wolfie Christl (via David Heinemeier Hansson, Hacker News):

Esoteric metrics based on analyzing extensive data about employee activities has been mostly the domain of fringe software vendors. Now it’s built into MS 365.

A new feature to calculate ‘productivity scores’ turns Microsoft 365 into an full-fledged workplace surveillance tool[…]

Employers/managers can analyze employee activities at the individual level (!), for example, the number of days an employee has been sending emails, using the chat, using ‘mentions’ in emails etc.

Alex Hern (via Hacker News, Slashdot):

Microsoft has apologised for enabling a feature, “productivity score”, which critics said was tantamount to workplace surveillance.

The company says it will now make changes to the service, which lets IT administrators “help their people get the most” from its products, in order to limit the amount of information about individual employees that is shared with managers.


Now, Microsoft says, it will removing individual user names from the productivity score entirely. “Going forward, the communications, meetings, content collaboration, teamwork and mobility measures in productivity score will only aggregate data at the organisation level – providing a clear measure of organisation-level adoption of key features,” Spataro says. “No one in the organisation will be able to use productivity score to access data about how an individual user is using apps and services in Microsoft 365.”

See also: Microsoft (via Jeffrey Snover).

Friday, December 11, 2020

Swift Concurrency Interoperability With Objective-C

SE-0297 (via Doug Gregor):

The proposed solution provides interoperability between Swift’s concurrency constructs and Objective-C in various places. It has several inter-dependent pieces:

  • Translate Objective-C completion-handler methods into async methods in Swift.
  • Allow async methods defined in Swift to be @objc, in which case they are exported as completion-handler methods.
  • Provide Objective-C attributes to control over how completion-handler-based APIs are translated into async Swift functions.

The detailed design section describes the specific rules and heuristics being applied. However, the best way to evaluate the overall effectiveness of the translation is to see its effect over a large number of Objective-C APIs. This pull request demonstrates the effect that this proposal has on the Swift translations of Objective-C APIs across the Apple iOS, macOS, tvOS, and watchOS SDKs.


Lightroom Classic 10 Slowness

Alexander S. Kunz:

In my review of Lightroom 10’s new features I concluded that it was perhaps put together in a haste to be ready for the Adobe Max conference release date, and that some problematic bugs remained. The worst one affects some Mac OS users, who saw incredibly poor performance, in particular in the Library module.

As it turned out, that performance hit only occurs in a color managed environment – in other words, when you have a calibrated screen and use a custom display profile (which should be most serious photographers, of course; if you haven’t calibrated your display, you don’t know if what you’re seeing and editing will actually look that way when printed). When those users switch their display profile to sRGB, the UI instantly becomes fast and responsive. Except that this is utterly useless for editing photos, of course.

Now Lightroom Classic version 10.1 has been released. And it does NOT contain a fix for this bug. The thread in Adobe’s help forums now contains pages upon pages of comments[…]

He recommends using the Get Info window to turn off Retina support, which reduces the number of pixels that must be processed. Of course, that makes it harder to see the details in your photos.

Even before this, the number one thing I wanted from Lightroom was for it to be faster.

Path Finder 10


New Features In Path Finder 10:

  • Airdrop Integration! For devices discoverable by “Everyone”
  • Share to AirDrop, Messages, Mail, Notes, etc.
  • Fully redesigned for macOS Big Sur.
  • Native support for Apple Silicon.
  • Improved Dark Mode.
  • File Browsing on and file operations on USB connected iOS devices.
  • Improved Drop Stack
  • Improved Batch Renamer
  • Brand new Big Sur style icon
  • Lots of miscellaneous fixes, tweaks and improvements all over the app.


Apple Retiring Music Memos App

Juli Clover:

Apple is planning to retire its Music Memos app, which was first released in 2016 as an app designed to allow musicians and songwriters to capture song ideas on the fly. Since its launch, the app received few updates from Apple, and going forward, the app will receive no more updates.

According to an Apple Support document, Music Memos will no longer be available for download after March 1, 2021, but the app will still be available for use and can be downloaded from the App Store purchase history.

Update (2021-03-02): Tim Hardwick:

As noted by The 8-Bit, as of today Music Memos no longer shows up in App Store searches. Nevertheless, users who installed the app prior to March 2 can still use it and re-download the app if necessary using their App Store purchase history.


Exporting Music Memos to Voice Memos requires an iPhone with iOS 14 or an iPad with iPadOS 14, along with the latest versions of Voice Memos and Music Memos. Exported content will appear in Voice Memos in a folder titled “Music Memos.”

Cydia Sues Apple

Juli Clover (Hacker News):

Cydia is joining a growing cadre of developers accusing Apple of anticompetitive behavior, reports The Washington Post. Cydia on Thursday sued Apple, accusing the company of using anticompetitive tactics to “nearly destroy Cydia” ahead of the App Store launch, which Cydia’s lawyers say has a monopoly over software distribution on iOS devices.

According to Cydia, if Apple did not have an “illegal monopoly” over iOS app distribution, users would be able to choose “how and where to locate and obtain iOS apps,” and developers would also have alternate distribution methods.


According to his estimations, more than half of early iPhone customers were jailbreaking their iPhones to use Cydia, and in 2010, 4.5 million people were searching for apps weekly.

Steve Troughton-Smith:

Considering so many iOS features first appeared as jailbreak tweaks via Cydia, this is going to be a very tangled mess for Apple to prove that it didn’t unfairly copy/steal feature after feature from the jailbreak community before a court system unprepared for that kind of nuance

It’s not clear to me that’s relevant to this case, however.


I had the original iPhone, and could not have used it if Cydia and jailbreaking wasn’t around.


Update (2020-12-16): John Gruber (tweet):

The whole opening presents Cydia as straight up legit, as though being an “app store” on iPhone in 2007 had any means of working other than exploiting security vulnerabilities.

Steve Troughton-Smith:

On any other platform, Cydia would be ‘straight-up legit’. The fact that it’s “not”, on iOS, is the whole thrust of this antitrust lawsuit. And the original iPhone OS ‘security’ model involved paperclips and string.

FTC Sues Facebook for Illegal Monopolization

FTC (PDF, TidBITS, NBC, NY Times):

The Federal Trade Commission today sued Facebook, alleging that the company is illegally maintaining its personal social networking monopoly through a years-long course of anticompetitive conduct. Following a lengthy investigation in cooperation with a coalition of attorneys general of 46 states, the District of Columbia, and Guam, the complaint alleges that Facebook has engaged in a systematic strategy—including its 2012 acquisition of up-and-coming rival Instagram, its 2014 acquisition of the mobile messaging app WhatsApp, and the imposition of anticompetitive conditions on software developers—to eliminate threats to its monopoly. This course of conduct harms competition, leaves consumers with few choices for personal social networking, and deprives advertisers of the benefits of competition.

The FTC is seeking a permanent injunction in federal court that could, among other things: require divestitures of assets, including Instagram and WhatsApp; prohibit Facebook from imposing anticompetitive conditions on software developers; and require Facebook to seek prior notice and approval for future mergers and acquisitions.

John Gruber:

Investors clearly don’t think they’re actually going to bust up Facebook, but investors are often totally wrong. The thing I’d be really worried about, if I were Zuckerberg, is the broad bipartisan nature of the regulators behind this. It’s hard to believe you could get 48 attorneys general behind any major initiative today.

Om Malik:

I am not a lawyer or an antitrust expert, but as someone who has observed the technology industry for a long time, it seems important to note that things in the industry are speeding up. The government watchdogs need to be mindful that the time it takes from being an upstart to a giant is getting shorter and shorter.


What we need — and soon — is a new framework that thinks about monopolies from a more future-oriented perspective. Market share is such an industrial metric to think about in this digital age.

Update (2020-12-16): Nick Heer:

The rest of the Times paragraph makes other arguments that Wu and Hemphill end up refuting in their piece: the government does not necessarily have to prove that acquisitions would have been significant competitors, nor should this case have a chilling effect on smaller acquisitions. It is worth reading as a preface for much of the reporting that will undoubtably be published over the next several years as this case is argued.

Thursday, December 10, 2020

Upgrading From an iPhone XR to an iPhone 12 mini

The good:

The bad:


Rewriting the Uber App in Swift

McLaren Stanley (via Steve Troughton-Smith):

The reason the Uber app is that large [331 MB] is because of Swift. The Objective-C version was a third of that size.


Library bundling is not the problem (swift system libraries are only a few MBs per slice). It’s the actual machine code growth rate of user code that’s the issue. Practically speaking Swift can be as much as 2-4x larger than the equivalent Objective-C when compiled.


We almost rewrote everything back in Objective-C. If not for the limit increase [in the cellular download limit] we probably would have.

Staying under the limit is really important, and they did rewrite the watchOS app back into Objective-C. Why is the app so large? Because there’s a lot more to it than first appears. On the other hand, the Android version of the app is much smaller.


Problem here with Swift came down to

- Apple not dogfooding its own tech. Hell they did not even help us or other major companies like AirBnB and LinkedIn (We formed a workforce on this problem with them which then forced the download limit to be upped by apple)

- Engineers deciding to adopt a language which they thought was great (and turned out not to be at the time) because they did not do the right analysis upfront for such a significant project. ‘Wow look at this shiny new cool tool, lets use it’ (Oversimplification, swift was more pleasant to write with and you could be more productive which was no doubt a factor here)

McLaren Stanley (Hacker News):

As a consequence of all these problems, there began to be a growing movement across all levels of the org that was rallying around the idea of “rewriting the app from scratch” The general sentiment was that the architecture was slowing us down, starting over would be faster.


On the iOS side of the world, the rewrite presented an opportunity to adopt Swift (which was in version 2.x during this timespan). Uber had tried Swift before, but like many who had adopted it that early on it was extremely problematic so it had been banned prior to the rewrite.


So this smaller core team of Design, Product, and Architecture went off in a room for with their new functional/reactive patterns, new language, and new app for a few months. Everything went well. The architecture relied heavily on the advanced language features of Swift.


But once Swift started to scale past ten engineers the wheels started coming off. The Swift compiler is still much slower than Objective-C to then but back then it was practically unusable. Build times went though the roof. Typeahead/debugging stopped working entirely.

There’s a video somewhere in one of our talks of an Uber engineer typing a single line statement in Xcode and then waiting 45 seconds for the letter to appear in the editor slowly, one-by-one.

Then we hit a wall with the dynamic linker. At the time you could only link Swift libraries dynamically. Unfortunately the linker executed in polynomial time so Apple’s recommend maximum number of libraries in a single binary was 6. We had 92 and counting.


We quickly discovered that putting all of our code in the main executable solved the linking problem at App start up. But as we all know, Swift conflates namespacing with frameworks; so to do so would take a huge code change involving countless namespace checks.


We also replaced all of our Swift structs with classes. Value types in general have a ton of overhead due to object flattening and the extra machine code needed for the copy behavior and auto-initializers etc.


So said brilliant engineer in Amsterdam, built an annealing algorithm in the release build to reorder the optimization passes in such a way to as minimize size. This shaved a whooping 11 mbs off the total machine code size and bought us enough runway to keep development going.


A bunch of folks burned out along the way. A ton of money was spent, hard lessons were learned, but still to this day most people insist the rewrite was all worth it. New engineers who joined up loved the architectural consistency and never knew the pain it took to get there.

There’s also this interesting bit on location data:

Without manual pickup location entry people’s location would just show up as whatever the GPS location was last received. This can be very inaccurate (especially in cities with tall buildings) and drivers would end up on the wrong block. This was a horrible customer experience.

So to improve location pickup we changed the location permission to collect signal in the background so we could send the drivers to your current location. People freaked out. Some of my ex-Twitter colleges called on me to quit such an evil company that would track you like this.

As a result of said freakout, (there’s a whole other thread about this involving @gruber and @TechCrunch that I’ll explain some other time) people turned off location permission. But the new app hadn’t designed any experience to handle this use case.


Update (2020-12-16): Indragie Karunaratne:

A tradeoff less discussed is in hiring: not long after Swift came out, the majority FB’s pipeline of iOS candidates wanted to write Swift in their interviews, and wanted to join a team where they could write Swift.

We had to figure out nice ways to tell them that they probably weren’t gonna end up writing Swift.


FB had already been struggling with binary size and build times long before Swift came out with their Objective-C++ codebase; it was a practical impossibility to adopt it, and probably still is even now, at least in the larger app codebases (FB, Messenger, etc.)


Making TextEdit Create an Untitled Document at Launch

Matt Christensen:

I use Text Edit all the time for ephemeral notes. I’ve never liked how in recent macOS versions you get a file picker instead of a blank document.

No more!

defaults write NSShowAppCentricOpenPanelInsteadOfUntitledFile -bool false

Alternatively, you can uncheck System Preferences ‣ Apple ID ‣ iCloud ‣ iCloud Drive ‣ Documents ‣ TextEdit. I like to do that so that I don’t accidentally save files to iCloud. When TextEdit knows that it will never be saving anything in iCloud, it won’t prompt you at launch. Note that it can be hard to find TextEdit in this list since it isn’t sorted alphabetically.


Wednesday, December 9, 2020

Oblivious DNS-over-HTTPS

Tanya Verma and Sudheesh Singanamalla (Hacker News, MacRumors):

Today we are announcing support for a new proposed DNS standard — co-authored by engineers from Cloudflare, Apple, and Fastly — that separates IP addresses from queries, so that no single entity can see both at the same time. Even better, we’ve made source code available, so anyone can try out ODoH, or run their own ODoH service!


To safeguard DNS from onlookers and third parties, the IETF standardized DNS encryption with DNS over HTTPS (DoH) and DNS over TLS (DoT). Both protocols prevent queries from being intercepted, redirected, or modified between the client and resolver. Client support for DoT and DoH is growing, having been implemented in recent versions of Firefox, iOS, and more. Even so, until there is wider deployment among Internet service providers, Cloudflare is one of only a few providers to offer a public DoH/DoT service. This has raised two main concerns. One concern is that the centralization of DNS introduces single points of failure (although, with data centers in more than 100 countries, Cloudflare is designed to always be reachable). The other concern is that the resolver can still link all queries to client IP addresses.


ODoH is an emerging protocol being developed at the IETF. ODoH works by adding a layer of public key encryption, as well as a network proxy between clients and DoH servers such as The combination of these two added elements guarantees that only the user has access to both the DNS messages and their own IP address at the same time.


Cloudflare Web Analytics for Everyone

Jon Levine (Hacker News):

In September, we announced that we’re building a new, free Web Analytics product for the whole web. Today, I’m excited to announce that anyone can now sign up to use our new Web Analytics — even without changing your DNS settings. In other words, Cloudflare Web Analytics can now be deployed by adding an HTML snippet (in the same way many other popular web analytics tools are) making it easier than ever to use privacy-first tools to understand visitor behavior.


The new Web Analytics works like most other measurement tools: by tracking visitors on the client.


Being privacy-first means we don’t track individual users for the purposes of serving analytics. We don’t use any client-side state (like cookies or localStorage) for analytics purposes. Cloudflare also doesn’t track users over time via their IP address, User Agent string, or any other immutable attributes for the purposes of displaying analytics — we consider “fingerprinting” even more intrusive than cookies, because users have no way to opt out.

The concept of a “visit” is key to this approach. Rather than count unique IP addresses, which would require storing state about what each visitor does, we can simply count the number of page views that come from a different site. This provides a perfectly usable metric that doesn’t compromise on privacy.

Sergi Isasi (Hacker News):

Cloudflare is deprecating the __cfduid cookie. Starting on 10 May 2021, we will stop adding a “Set-Cookie” header on all HTTP responses. The last __cfduid cookies will expire 30 days after that.

We never used the __cfduid cookie for any purpose other than providing critical performance and security services on behalf of our customers. Although, we must admit, calling it something with “uid” in it really made it sound like it was some sort of user ID. It wasn’t. Cloudflare never tracks end users across sites or sells their personal data. However, we didn’t want there to be any questions about our cookie use, and we don’t want any customer to think they need a cookie banner because of what we do.

Update (2020-12-16): Matt Birchler:

The first problem I ran into was that I needed to update my nameservers with my registrar to get anything at all from Cloudflare.


Well, thanks to Marko Saric for pointing this out, these “visitors” count bots that hit your site for indexing and the like. Cloudflare explains this decision like so[…]


That is…not a lot of information. I don’t get to see what pages are getting the most traffic, or where that traffic is coming from. I don’t need a ton of stuff, and I personally use maybe 2% of Google Analytics’ suite of information, but this is incredibly sparse.

Jon Alper:

This is a potentially useful alternative for devs wanting analytics w/out Google:

HoudahSpot 6.0

Houdah Software:

Starting with macOS 10.15 Catalina, Apple Mail messages are no longer available through the Spotlight index used by HoudahSpot.

HoudahSpot 6.0 can nonetheless find your Apple Mail messages. HoudahSpot installs a plug-in that runs within the Mail application. This plug-in allows HoudahSpot to include Mail message files in your search results.


Filters help you focus on relevant files by only showing you a subset of your search results. HoudahSpot can filter files to show only those that share a common property. E.g., files modified the same day.


iOS App Privacy Labels

Juli Clover:

As part of iOS 14, Apple is introducing a new App Store feature that will provide privacy details for each app that you’re downloading, which the company has said can be likened to a “nutrition label” for apps.

In a new Developer Support document, Apple outlines the information that developers will need to provide on their App Store pages for customers. Apple is relying on developers to offer up their own privacy policies, and developers will need to start adding this information to App Store Connect starting in the fall.

Hartley Charlton:

WhatsApp, which is owned by Facebook, has accused Apple of anti-competitive behavior because iMessage is preinstalled on iPhones and does not need to be downloaded from the App Store, where the new privacy labels will be shown.


WhatsApp submitted the required information to Apple on Monday, but said in a blog post that “Apple’s template does not shed light on the lengths apps may go to protect sensitive information.” The spokesperson told Axios, “while WhatsApp cannot see people’s messages or precise location, we’re stuck using the same broad labels with apps that do.”

Joe Rossignol:

Apple today assured that its new requirement for privacy information on the App Store will apply equally to all iOS apps, including its own.

This means that the dozens of Apple apps available through the App Store, such as Apple Books and Apple Podcasts, will display the same privacy “nutritional labels” as third-party apps. And for built-in iOS apps, like Messages, Apple says that it will make the same privacy information available to users on its website. Apple says this information will be presented in the same way as it appears on the App Store.

Ben Thompson:

What makes that Apple advertisement so misleading is the level of individuality it implies in terms of data collection and application.


The Internet offers two clear alternatives: either a million blooming flowers, or all-encompassing behemoths that succeed by controlling access to customers. In the case of information, that alternative is Google, and in the case of products, it is Amazon.

What is notable about both is how relatively untouched they are by Apple’s privacy campaign. Yes, Google has app SDKs, but they also have an even larger presence on the web than Facebook, have somewhat less need for data given the directed nature of search advertising, and oh yeah, are the default search engine on Apple devices, which makes it that much easier to ensure that information flows via Google’s channels (like AMP pages, which get around Apple’s recent cookie-crackdowns by being served from Google’s own URLs). […]

Amazon, meanwhile, is increasingly where shopping searches start, particularly for Prime customers, and the company’s ad business is exploding. Needless to say, Amazon doesn’t need to request special permission for IDFAs or to share emails with 3rd parties to finely target its ads: everything is self-contained, and to the extent the company advertises on platforms like Google, it can still keep information about customer interests and conversions to itself. That means that in the long run, independent merchants who wish to actually find their customers will have no choice but to be an Amazon third-party merchant instead of setting up an independent shop on a platform like Shopify.


Update (2020-12-16): Apple (Hacker News):

The App Store now helps users better understand an app’s privacy practices before they download the app on any Apple platform. On each app’s product page, users can learn about some of the data types an app may collect, and whether that data is linked to them or used to track them. As a reminder, your app’s privacy information is required to submit new apps and app updates to the App Store, and some data is optional to disclose if it meets specific criteria, such as certain data from health research apps and regulated financial services. You may update your answers at any time without resubmitting your app or going through App Review.

Khaos Tian:

Guess HI didn’t get a chance to partipate in designing this, what’s up with this shadow when there is a proper card design just right above it 😝

Update (2021-01-04): Dev:

The difference between WhatsApp and Signal (both end-to-end encrypted) in the new App Store privacy section is stark


Update (2021-01-05): Dave Wood:

I think the Signal labels just show that developers don’t know how to answer the questions, or that at least they’re using different measuring sticks. How is it possible that ‘Contact Info’ is collected, but not ‘Linked to you’. It is you.

Dan Frakes:

These privacy labels 😳

Update (2021-01-12): Dave Wood:

More evidence that Signal’s App Privacy response is bullshit. Not only do they collect your contact info, they upload your address book to their servers, and then expose you to other users.

Glenn Fleishman:

As always, the question is whether disclosure prompts changes by individuals. The App Privacy listing is just a disclosure: users can’t opt in or out of different kinds of data collection—it’s all or nothing. But unlike a standard software EULA (end-user license agreement) or dense privacy policy, Apple’s requirements and presentation make it quite clear what’s up, assuming the developer has been truthful, of course. Then you take it or leave it: you either buy or install the app or don’t.

However, Apple is about to enable an option that will give you choice over one set of items disclosed in App Privacy. Sometime soon—the company hasn’t yet said when—Apple will require that you opt into third-party tracking. That’s what has Facebook quaking, and what I’ll explain next.

Update (2021-01-22): Juli Clover:

On January 5, Google told TechCrunch that the data would be added to its iOS apps “this week or the next week,” but both this week and the next week have come and gone with no update. It has now been well over a month since Google last updated its apps.

Update (2021-02-05): Thomasbcn:

Google’s iOS apps release cycle before & after Apple asks to disclose privacy labels.

Thie pattern is probably just a coincidence.

Tuesday, December 8, 2020

AirPods Max

Apple (Hacker News, MacRumors):

Apple today announced AirPods Max, innovative wireless headphones that bring the magic of AirPods to an over-ear design with high-fidelity sound. AirPods Max combine a custom acoustic design, H1 chips, and advanced software to power computational audio for a breakthrough listening experience with Adaptive EQ, Active Noise Cancellation, Transparency mode, and spatial audio. AirPods Max come in five gorgeous colors, including space gray, silver, sky blue, green, and pink, and are available to order starting today, with availability beginning Tuesday, December 15.


AirPods Max are available to order starting today for $549 (US) from and in the Apple Store app in the US and more than 25 other countries and regions. AirPods Max will begin shipping on Tuesday, December 15.

AirPods Max require Apple devices running iOS 14.3 or later, iPadOS 14.3 or later, macOS Big Sur 11.1 or later, watchOS 7.2 or later, or tvOS 14.3 or later.

I guess this means macOS 11.1 is shipping soon.

Dan Moren:

The ear cups are designed with memory foam to help seal in sound, and feature a mechanism to distribute ear cup pressure to fit one’s head. Inside each ear cup is a 40mm dynamic driver, with a “unique dual neodymium ring magnet” that Apple says helps maintain a distortion-free listening experience, even at high volumes. (Though no doubt audiophiles will make their own judgments when they arrive.)

Ah, but how will you control such a device? Well, look no further than the Apple Watch. The AirPods Max feature, yes, a Digital Crown, which you can use to control volume, as well as play/pause audio, skip tracks, answer and end phone calls, or, of course, activate Siri. There’s also a noise control button that can toggle between the ANC and Transparency modes.

AirPods Max looks great, although I really have no need for it at that price.

It charges via Lightning (no Qi, even in the Smart Case) and supports an optional 3.5mm cable.

Tim Hardwick:

Apple’s new AirPods Max over-ear headphones weigh 13.6 ounces (384 grams), which might not sound like much, but that’s relatively heavy compared to many premium over-ear headphones on the market.

Tim Hardwick:

After the one-year warranty on AirPods Max has expired or the up to two-year AppleCare+ coverage has come to an end, Apple will charge a $79 fee for battery servicing.

Hopefully the batteries will last longer than the two years or so for regular AirPods.

Hartley Charlton:

The ear cushions for AirPods Max attach magnetically and replacement cushions are available on the Apple Store in a variety of colors.

A pair of replacement cushions retails for $69.

Hartley Charlton:

Earlier in the year, a report from Bloomberg said that AirPods Max , thought at the time to be called “AirPods Studio,” had suffered several development challenges leading to multiple delays and scaling back of functionality. The product failed to appear at any of the most recent three Apple events despite a plethora of rumors about the product.


It was believed that AirPods Max would offer unique customizability with interchangeable headbands and earcups, repeating the concept behind Apple Watch bands. Amid these delays and frustrations, Bloomberg correctly predicted that Apple would drop the concept of a replaceable headband to accelerate production.

In addition, it was believed that AirPods Max would have touch pads for controls on the sides of the headphones. This appears to have been replaced by the Digital Crown from the Apple Watch in the final product.

Update (2020-12-10): Nilay Patel:

I have no idea what’s going on with the AirPods Max case, which is a goofy one-piece contraption that’s folded and glued over on itself to form a case. It looks very much like a purse when wrapped around the headphones, which is at once fun and clever and also not the point of a headphones case that needs to survive in a backpack. It does not appear very protective, feels like it will get dirty fast, and generally does not hold a candle to the nice hard cases that come with almost every other set of premium headphones.


Sound-wise, I’ve had fun listening to the AirPods Max for a few hours — they’re crisp and bright, with a pleasingly wider soundstage than my Sony headphones, and no distortion at all, even at max volume. We’ll have a full review of these soon, including tests of spatial audio and Apple’s claim of Atmos surround sound support, so stay tuned for that. But for now, rest assured the AirPods Max sound more than good enough to compete with other high-end headphones.


Whether Apple has actually done enough here to justify the staggering premium over the competition is an open question that it’ll take us a little more time reviewing to answer.

See also: Joe Rossignol’s roundup, David Heinemeier Hansson, Marques Brownlee.

Update (2020-12-16): Matthew Panzarino:

The lack of real folding options on these, the material in the netting and the pretty definitive ‘one way’ these are meant to articulate means that I do not see these being a regular travel companion for me, on initial pass. Oh, and the case is just as ridiculous as it looks. Sorry. The construction here is just as dodgy as the MagSafe Duo. It feels cheap, and like it will dirty easily, not exactly what you want from a ‘travel case’. And it looks like a butt.

John Gruber (Hacker News):

AirPods Max are quite heavy: 385 grams. My Bose QuietComfort 35 II wireless headphones weigh 235 grams. Other noise-canceling wireless headphones are even lighter. You can definitely feel the difference in weight. The AirPods Max headband does seem to distribute the weight as comfortably as it can, but the weight is all in the ear cups, and heavy ear cups are, well, heavy. When you remain motionless, you can forget they’re there. But when you move around, the AirPods Max have inertia.


AirPods Max are very much metal. Aluminum ear cups, and a stainless steel headband. They are very sturdy, and very nice to the touch. It’s like when Apple started making laptops out of unibody aluminum — the plastic ones we had long accepted as the norm suddenly seemed cheapjack in comparison.


AirPods Max, as travel headphones, go the other way. They’re heavier and twice the price of the QuietComforts ($550 vs. $270), but they sound so much better. And while the AirPods Max headphones themselves seem, I repeat, quite sturdy, the included “Smart Case” is less of a case than it is a pouch. The fact that it’s not a hard case helps narrow the weight gap — the AirPods Max in the Smart Case weigh 520 grams; the Bose QC35’s in their case weigh 410 grams — but it makes them something you might need to be a little careful with when packing, and because they don’t fold up (the ear cups do rotate to fold flat, though), they take up a bit more space:

Joe Cieplinski:

Been wearing Air Pods Max for about 6 hrs now, and ready to declare yes, they are heavy. But no, they are not uncomfortable for long-term wearing. At least not to me. The ear cups are so well padded, and the mesh head bar is so comfortable, it easily makes up for the weight.

ataraxia_ (via Dave):

So to start, these aren’t completely neutral. There’s a bit of fun to them, but it’s nothing like the XM4s that had that fairly huge boost to anything below 120Hz. Sound-stage wise, these are some of the most impressive closed-backs I’ve tried. They’re pretty equivalent to the Fostex in sound signature: A little bump in the bass but nothing silly. There’s a bit of sparkle in the cymbals but nothing ear-piercing. They sound better than the Momentum 2s, and I actually prefer them to the Fostex. I like them about as much as the 6XX, which is saying a lot. They sound a lot faster than the 6XX too, although not as quite as fast as the Fostex.

If I were to sit and listen to a full album in my arm chair just for the album, I’d pick the LCD-2s over these pretty handily, but those are decidedly non-portable.

Fit and finish wise, they blow all of the above out of the water. They feel significantly more premium than any of the above, and are more comfortable than any of the above headphones.

ANC wise they easily best the Momentums. They’re pretty equivalent with how I remember the XM4s. They’re definitely no slouch. Transparency mode on these is also just 100x better than it was with the XM4s -- everything sounds a lot more “natural” in transparency mode. Better than the AirPods Pro, too, so if transparency mode is your jam, these things are top tier.

Update (2021-01-04): Juli Clover:

So while the AirPods Max do need the case to go into a low power mode that’s the equivalent of a sleep mode, leaving them out and connected to your devices isn’t the biggest hit on battery if you don’t want the hassle of putting them into the case and taking them out. If you want maximum battery life, though, you need to put them in the case.

John Gruber:

Brownlee suggests that the battery drains when the AirPods Max are not in use but outside their pouch (err, “case”) at about the same rate as when they’re in use. I haven’t found that to be close to true. They do drain when unused but idle outside the case, but slowly. Maybe like at a rate of about 10 percent in 24 hours?

Apple (via John Gruber, Tim Hardwick):

If you set your AirPods Max down and leave them stationary for 5 minutes, they go into a low power mode to preserve battery charge. After 72 stationary hours out of the Smart Case, your AirPods Max go into a lower power mode that turns off Bluetooth and Find My to preserve battery charge further.

Marques Brownlee:

Apple made some pretty great headphones with a pretty dumb case.

Dave Mark:

Chris Welch detailed AirPods Max comparison with Sony WH-1000XM4, other popular noise cancelling headphones

Quinn Nelson:

Anybody who says the XM4 are better than AirPods Max are wrong, IMO. They’re not. And frankly, it’s not that close. WITH THAT SAID, performance is not amazing relative to “classic” headphones. A $150-200 wired pair of cans (e.g. DT770) would outperform these handily, IMO.

Quinn Nelson:

Apple designer Eugene Wang talks to Japanese magazine Casa BRUTUS about designing the AirPods Max case. Unfortunately, I think he missed on this one.

Update (2021-01-26): Matt Farrugia:

The noise cancellation had issues; they didn’t isolate my voice from event noise; wireless calls on the Mac were 8kHz and I couldn’t use a cable to fix any of this.

Update (2021-02-05): Marius Masalar (via Hacker News):

I threw my most demanding tracks at them, including some of my own music. After all, judging headphones by the way other people’s music sounds is inherently subjective; I might prefer one rendition over another, but I have no insight into which best represents the artist’s intent. When I am the artist though, I can make objective assessments. And my assessment is simple: given the choice, I’d rather have someone listen to my work on the AirPods Max than the H9i.

This was not supposed to happen.


If the end result is that the AirPods Max sound better than any other headphone in their category that I’ve tried, does it matter that they achieve that partially through software? I’ll further threaten my audiophile credentials here and say: nope. I don’t think it matters!


Whatever the case, those people should be aware that the AirPods Max represent terrible value if your main goal is to get an intelligent balance between comfort, sound, longevity, ANC, and style. They’re too heavy to be comfortable, they don’t fold or have a reasonable case to protect them when you’re travelling, and a lot of their sonic advantages are going to be lost on you if you’re mostly using them on the go.

Reviving or Restoring a Mac With Apple Silicon


The revive or restore processes involve the following steps:

1. Launching Apple Configurator 2 on the second Mac and connecting the Mac computers

2. Restarting the Mac using a special key sequence

3. Using Apple Configurator 2 to do one of the following:

  • Revive the firmware and reinstall the latest version of recoveryOS.

  • Restore the firmware, erase all data, and reinstall the latest version of recoveryOS and macOS.

Mr. Macintosh:

Now that Apple Silicon Macs are arriving in users hands, we can now start to rebuild with Apple Configurator 2 and IPSW files just like iOS! This page will be a database of all macOS IPSW Files.

Jeffrey Paul (Hacker News):

If you wish to fully and completely restore these systems to their factory state for whatever reason, be it a virus or malware, reverting a testing or research configuration, preparing for resale, disk data corruption, whatever[…]. The only way to do this is to obtain a cryptographic signature from Apple, specific to that hardware. […]

Freely over the internet, that is.


To repurpose these machines, or to audit/verify them, the steps are repeated: dump their data, wipe them fully, verify their firmware, reinstall from cryptographically verified media. (Optionally, audit to ensure that the data dumps are what they are expected to be.)

This is now impossible on any modern mac (and 100% of all recent macs with decent keyboards).


This means that the machine can potentially be tampered with by Apple (or anyone who can coerce Apple), on a system-by-system basis.

And you depend on Apple’s server being operational.

See also:


Update (2020-12-10): Isaiah Carew:

this is why i can’t update my apple dev kit. my account status has an unexpected “state”. the update utility that is supposed to be grabbing the cert or whatever from apple crashes immediately after i authenticate.

Monday, December 7, 2020

Swift Proposal for async/await

SE-0296 (via Doug Gregor):

This design introduces a coroutine model to Swift. Functions can opt into being async, allowing the programmer to compose complex logic involving asynchronous operations using the normal control-flow mechanisms. The compiler is responsible for translating an asynchronous function into an appropriate set of closures and state machines.

This proposal defines the semantics of asynchronous functions. However, it does not provide concurrency: that is covered by a separate proposal to introduce structured concurrency, which associates asynchronous functions with concurrently-executing tasks and provides APIs for creating, querying, and cancelling tasks.


Because only async code can call other async code, this proposal provides no way to initiate asynchronous code. This is intentional: all asynchronous code runs within the context of a “task”, a notion which is defined in the Structured Concurrency proposal. That proposal provides the ability to define asynchronous entry points to the program via @main […]


Update (2020-12-08): Eneko Alonso:

The above two extensions allow launching an async task from a DispatchQueue, with or without a DispatchGroup.

Update (2020-12-24): Ben Cohen:

The async/await proposal is accepted!

The first of a series of Concurrency proposals coming to Swift Evolution. @dgregor79 put together a dependency graph

App Store Best of 2020

Apple (list, MacStories):

The independent developer of Wakeout! brought gentle exercise to home offices and classrooms with light-hearted and inclusive movements designed for everyone. Vast fantasy worlds in games like “Genshin Impact,” “Legends of Runeterra,” “Disco Elysium,” “Dandara Trials of Fear,” and Apple Arcade’s “Sneaky Sasquatch delivered a great escape, while Disney+ offered a sense of unlimited possibility that many craved. Whether it was to facilitate distance learning through Zoom, create daily routines with Fantastical or lull us to sleep with Endel, the App Store Best of 2020 winners helped us live our best lives at home.


We are incredibly excited and honored that Fantastical has been selected by Apple as the winner of the Best of 2020: Mac App of the Year!


In the meantime, we hope you’ll enjoy these photos of our App Store App of the Year award as much as we do!

It’s a great app.

John Gruber:

Boo-hiss, though, for awarding Genshin Impact iPhone game of the year. It does look like a beautiful Breath of the Wild-esque game — but it’s a free-to-play gacha game financially. It’s a gambling mechanic, and I wish Apple wouldn’t hold one up as their iPhone game of the year.

Ryan Jones:

Yikes, Wakeout (Winner of Best of 2020):

  1. Requires “Sign In with Apple” 100% just to email retarget you
  2. Requires a trial (oh hey Basecamp!).
  3. Breaks the strictly enforced “total price must be most prominent” rule.


Making a Self-Quoting Tweet

Oisín Moran (via Hacker News):

Fundamentally the challenge is just correctly guessing what ID a given tweet is going to get, then appending that onto the URL for our profile and tweeting it.


Twitter used to use sequential IDs but no longer do. Public-facing sequential IDs have the drawback of making usage of your platform easy to estimate. They are also hard to generate in a distributed fashion while preserving order.


We see the second was posted 504 ms after the first (from Twitter’s point of view), the machine IDs differ by 13, and both the sequence numbers are 0. We might be able to get away with assuming the sequence number is most commonly 0. This is great news because it was the larger of the two non-timestamp components so greatly reduces the number of checks we’ll have to make. The range for our brute forcing looks like it might be small enough after all!


Sandbox Doesn’t Protect Files From stat()

Jeff Johnson (tweet, Hacker News):

I discovered that an application can use the venerable Unix command-line tool “ls” (list directory contents) to bypass both TCC (Transparency, Consent, and Control) and the sandbox, enabling unauthorized access to file metadata in directories that are supposed to be protected.


It’s been almost a year since I reported it to Apple. This is well beyond the bounds of “responsible disclosure”, which is typically 90 days after reporting an issue to a vendor. I’ve never been paid a penny by the Apple Security Bounty Program and doubt I ever will.


I chose the example of ~/Library/Safari/LocalStorage because Safari names the files in this directory according to the web sites that you visit! Also note that the output of long format ls -l contains the last modification date of the files. Thus, one possible privacy violation from this technique is to learn the user’s web browsing history.

I sort of discovered this issue by accident a few years ago while tracking down a bug. One of my apps uses Full Disk Access, but there is no API to determine whether that has been granted. Some of my code had been assuming that if it could test whether a particular file in a protected folder existed, it must have Full Disk Access. But it turns out that you can do this even without access.

Apple even sort of documents this, saying for -[NSFileManager fileExistsAtPath:] that:

App Sandbox does not restrict which path values may be passed to this parameter.

It’s not really clear what this means because how could the sandbox prevent you from passing a value? So maybe we’re meant to assume that it works for any value. On the other hand, the documentation goes on to say:

If the file at path is inaccessible to your app, perhaps because one or more parent directories are inaccessible, this method returns NO.

This implies that without access you can’t test whether a file exists. But my experience is that you can. (I’ve not looked into whether there’s a difference between the sandbox and TCC protections.)

In any event, whether or not Apple considers this a bug, I think it’s a real privacy issue. If this is the expected behavior, it should be documented so that apps can be designed with this in mind. Maybe apps that store sensitive data should obscure their filenames.

Secondly, why is Apple still investigating this issue a year later? The engineer who designed this should know whether it’s the intended behavior off the top of their head. So the fact that the report didn’t immediately come back as “not a bug” implies that either it is a bug (and one wonders how such a whopper could remain for so long) or that the report is not being actively investigated. Either way, this is more evidence that Apple is not serious about the bug bounty program.


An iOS Zero-click Radio Proximity Exploit Odyssey

Ian Beer (Hacker News, MacRumors):

In this demo I remotely trigger an unauthenticated kernel memory corruption vulnerability which causes all iOS devices in radio-proximity to reboot, with no user interaction. Over the next 30’000 words I’ll cover the entire process to go from this basic demo to successfully exploiting this vulnerability in order to run arbitrary code on any nearby iOS device and steal all the user data.


So what went so wrong that it was possible? Unfortunately, it’s the same old story. A fairly trivial buffer overflow programming error in C++ code in the kernel parsing untrusted data, exposed to remote attackers.


The inevitable question is: But what about the next silver bullet: memory tagging (MTE)? Won’t it stop this from happening?

My answer would be that Pointer Authentication was also pitched as ending memory corruption exploitation. When push came to shove, to actually ship a legacy codebase like the iOS kernel with Pointer Authentication, the primitives built using it and inserted by the compiler had to be watered down to such an extent that any competent attacker should have been able to modify their exploits to work around them.

Friday, December 4, 2020

Family Sharing for Subscriptions and IAPs


You can now enable Family Sharing for auto-renewable subscriptions and non-consumable in-app purchases, allowing users to share their purchases with up to five family members. Family Sharing provides a streamlined, convenient user experience and can help you attract subscribers, encourage paid subscriptions, increase user engagement, and improve retention.

Juli Clover:

In the App Store settings under “Subscriptions,” there’s a “Share New Subscriptions” setting that appears to be enabled automatically, allowing subscription apps to be shared among family members. The new option is available on the current release version of iOS, iOS 14.2.


BlueMail Antitrust Case Against Apple Dismissed

Hartley Charlton:

Blix Inc., developer of the email app BlueMail, then filed a lawsuit accusing Apple of manipulating search results in its iOS and macOS App Stores to suppress third-party competition and push consumers towards Apple’s own apps. Blix also alleged that Apple copied patented messaging technology for its “Sign In With Apple” feature before removing BlueMail from the App Store.

Judge Leonard P. Stark of the U.S. District Court for the District of Delaware dismissed the claims, concluding Blix had failed to offer direct or indirect evidence of Apple’s monopoly power or anticompetitive conduct in violation of the Sherman Act.


Judge Stark said Blix’s anticompetitive-conduct claims failed because the company itself demonstrated that the App Store isn’t essential to BlueMail’s success.


Update (2021-07-14): Juli Clover:

Apple asked the judge to toss out the case, and the motion was granted, with the case being dismissed a second time on Friday. In a statement, Apple said that Blix had “alleged false conspiracy theories and anti-competitive claims,” and that the judge’s decision confirms that Apple has “consistently acted legally.”

Beman Dawes, RIP


I am sorry to report to r/cpp that Beman Dawes passed away yesterday.

Beman had an unusually large impact on C++ over his long and very productive life. My personal opinion of his most monumental achievement was getting Filesystem into standard C++, which was probably the most tortuous, lengthy, and difficult library to have ever been standardised (to date), and that followed a preceding tortuous, lengthy and difficult Boost peer review involving multiple redesigns of the proposed library. Beman was on WG21 from nearly the beginning, served as the Library Working Group chair for some time, and was one of the original cofounders of the Boost C++ Libraries. He also had a long history of continuous contributions to open source, starting from when many on r/cpp were still children.

Dave Abrahams:

Beman Dawes was my friend, inspiration, and collaborator. He was a living demonstration that collegial respect and kindness are fundamental to getting great results. His idea for blossomed into a unique community, inventing the art of library design.

iOS Apps on Mac Require System Integrity Protection


If you disable SIP on an Apple Silicon Mac, you lose support for the Apple DRM. (FairPlay)

Your iOS apps will not run on the system and some media playback might be affected/become unavailable.

Apple keeps telling us that all the new security features don’t actually restrict what you can do with your Mac because you can turn them off. But here’s a case where you really do lose functionality—rather than just security—because you can’t run software that requires SIP and software that forbids it at the same time.


Thursday, December 3, 2020

Enrolling in the App Store Small Business Program

Apple (MacRumors):

To ensure that all participants are fully eligible as small businesses, you’ll need to list all of your Associated Developer Accounts when you sign up for this program. An Associated Developer Account is an Apple Developer Program account that you own or control or an Apple Developer Program account that owns or controls your account.


App transfers are not allowed while participating in the program.


The vast majority of developers on the App Store who sell digital goods and services are eligible — simply complete a few steps to enroll.

Andreas Kambanis:

If you transfer apps to/from your account you can’t participate in the program 🙃 I can see why they did this but I can also see why many small developers may legitimately need to do this.


Update (2020-12-04): See also: Hacker News.

David Barnard:

This is a huge mistake from Apple. Part of being a small business on the App Store is building an asset that can be sold (I’ve sold 3 apps now, and reinvested most of the money). Instead of making a blanket rule against it, the new account should be able to re-apply immediately.

I’m not sure how much of a problem this is because transferring apps is already impossible if you use iCloud, Sign in with Apple, or a number of other entitlements. I suppose the best practice is to set up a separate LLC and developer account for each app. That way, if you need to sell the app, you can sell the entire LLC while keeping the app in the same Apple developer account.

Unfortunately, having separate LLCs requires more paperwork, which is already a burden for small businesses. It also adds extra steps in App Store Connect and Xcode, is confusing for customers, and may restrict data sharing between your own apps.

Update (2020-12-24): Hartley Charlton:

Apple has started contacting eligible developers to inform them that they have been accepted into the Small Business Program, which allows developers to benefit from significantly reduced App Store fees.

I was accepted yesterday.

Update (2021-01-05): Paul Haddad:

Did anyone end up or getting rejected from the Apple small business program?

Salesforce Buys Slack

Ron Miller and Alex Wilhelm (Hacker News):

Salesforce, the CRM powerhouse that recently surpassed $20 billion in annual revenue, announced today it is wading deeper into enterprise social by acquiring Slack in a $27.7 billion megadeal. Rumors of a pending deal surfaced last week, causing Slack’s stock price to spike.


Ultimately, Slack was ripe for the taking. Entering 2020 it had lost around 40% of its value since it went public. Consider that after its most recent earnings report, the company lost 16% of its value, and before the Salesforce deal leaked, the company was worth only a few dollars per share more than its direct listing reference price. Toss in net losses of $147.6 million during the two quarters ending July 31, 2020, Slack’s uninspiring public valuation and its winding path to profitability and it was a sitting target for a takeover like this one.


Slack was founded in 2013, but its origins go back to an online multiplayer game company called Glitch that was founded in 2009. While the game was ultimately a failure, the startup developed an internal messaging system in the process of building that company that later evolved into Slack.


They started out trying to make an MMO, ended up making Flickr instead.

Then they tried making another MMO, but ended up making Slack instead.

I really hope they get cracking on another MMO soon.

Allen Pike:

Salesforce acquiring Slack feels like another “End of the Beginning” moment. Startups used to overturn established tech giants on a regular basis. Increasingly that just isn’t happening anymore – or at least, not often. A new era is upon us.

Matias Korhonen:

If you can’t make money with a communication tool during a global pandemic that has forced almost everyone who possibly can work from home to work from home, what will it take?

Casey Newton:

Slack’s life as an underdog darling of Silicon Valley ended on November 2, 2016. That’s when the upstart communication startup published an open letter to Microsoft in the New York Times, offering the tech giant an insincere “welcome” to the world of workplace chat software. The occasion was Microsoft’s launch of Teams, a Slack clone that would come bundled with the company’s popular Office 365 suite of products.

In its letter, Slack warned Microsoft that “Slack is here to stay,” adding: “we’re just getting started.” But the 4 million users it had at the time would increase to just 12 million four years later, while Microsoft — which added Teams to its 365 bundle without increasing the price — took Teams from zero to 115 million users.

John Gruber:

Slack, as a public company, has been under immense pressure to do whatever it takes to make its stock price go up in the face of competition from Microsoft’s Teams[…] Slack, it seems to me, has been pulled apart. What they ought to be entirely focused on is making Slack great in Slack-like ways. Perhaps Salesforce sees that Slack gives them an offering competitive to Teams, and if they just let Slack be Slack, their offering will be better — be designed for users, better integrated for developers.

Om Malik:

As an angel investor in the company, I felt compelled to write about why Slack mattered? Well, I never really published the piece. Thinking about it — it doesn’t matter: it is still relevant today, as it was then, for it is about why Slack mattered enough for Benioff to pony up more dollars than what Microsoft paid for LinkedIn.


So, when I saw the early version of Slack, I was intrigued by its possibilities as a messaging platform that wasn’t really an email, but an API to carry notifications for different kinds of corporate applications.

Update (2020-12-16): John Gruber:

I do love me an annotated press release. There’s well-warranted snark about some of the language, but also some astute analysis of why this deal makes sense for both companies[…]

Official macOS Hosting and Amazon EC2

Brian Stucki (tweet):

Apple has updated the macOS software license agreement for Big Sur. This doesn’t happen very often.


I have been working with Macs in data centers for sixteen years now. I’ve pushed through many of the “Mac mini/Xserve/Mac Pro is dead” comments and “why would you want macOS in a data center” insults. I’ve had Apple account reps very eager to introduce me to their large clients only to have Apple system engineers shoot down the whole idea as a “gray area.” Well, this new section of “Leasing for Permitted Developer Services” feels like a massive pat on the back and I’m so happy for all my friends at Apple who saw the need and have been pushing for this update.

macOS hosting is now approved and written out in plain terms in a very Apple way. Incredible!

Nicholas Terry:

Apple software and hardware must be leased “in its entirety to and individual or organization”

A lease period must be “for a minimum period of twenty-four (24) consecutive hours”


Developers may now “install, use, and run additional copies or instances of the Apple Software within virtual operating system environments”

Frederic Lardino:

AWS today opened its re:Invent conference with a surprise announcement: the company is bringing the Mac mini to its cloud. These new EC2 Mac instances, as AWS calls them, are now generally available.


For the first time, you can easily set up and deploy macOS workloads natively within AWS, and take advantage of its flexibility and scalability to add more compute capacity. EC2 Mac instances in the cloud make it easy to create more builds, run more tests, and further automate your development processes by seamlessly provisioning and accessing macOS compute environments with just a few clicks.

Amazon (Hacker News):

Powered by Mac mini hardware and the AWS Nitro System, you can use Amazon EC2 Mac instances to build, test, package, and sign Xcode applications for the Apple platform including macOS, iOS, iPadOS, tvOS, watchOS, and Safari. The instances feature an 8th generation, 6-core Intel Core i7 (Coffee Lake) processor running at 3.2 GHz, with Turbo Boost up to 4.6 GHz. There’s 32 GiB of memory and access to other AWS services including Amazon Elastic Block Store (EBS), Amazon FSx for Windows File Server, Amazon Simple Storage Service (S3), AWS Systems Manager, and so forth.


Mac instances run macOS 10.14 (Mojave) and 10.15 (Catalina) and can be accessed via command line (SSH) or remote desktop (VNC).


The instances are launched as EC2 Dedicated Hosts with a minimum tenancy of 24 hours. This is largely transparent to you, but it does mean that the instances cannot be used as part of an Auto Scaling Group.

EC2 Mac instances with the Apple M1 chip are already in the works, and planned for 2021.

Corey Quinn (Hacker News):

So $790 a month if you leave it running all the time.

I reiterate that @MacStadium is $139.

MacStadium has cheaper models, too. On the other hand, I could see it being useful to occasionally rent a day from Amazon if you need to do testing with an older version of macOS, especially since Apple Silicon Macs can’t run Intel versions of macOS in virtualization.


Update (2021-01-01): Paul Haddad:

A couple low res pictures of the Mac mini AWS nodes. Awful lot of cables coming out of the back of those minis. I kind of expected one or two Thunderbolt connections, power and power switch, not all this.

Update (2021-10-20): See also: Hetzner (via Peter Steinberger).

Wednesday, December 2, 2020

OmniFocus 3.11 for Mac

David Lonning:

This update brings Forecast and Perspective widgets—quickly becoming a popular feature in OmniFocus for iOS—to the Mac for the first time.

In macOS Big Sur, widgets appear in the updated Notification Center on the right side of the screen. Click Edit Widgets beneath any existing ones to add the new OmniFocus widgets.

Sketch’s Big Sur App Icon


“We experimented with moving away from the diamond, but that seemed a little silly considering that it’s such a strong part of our brand,” he explains. “So we created a bunch of new diamond shapes — some with perspective, some without; some with more faces, some with less.” From there, it became of question of which ones worked best, and how to integrate these elements with different backdrops.


Getting the balance right between the foreground shapes and the background was particularly tough. “Something we found out very quickly was that there was often a visual struggle between the rounded rectangle backdrop and the diamond,” he says.


The rounded rectangle background is actually a simplified representation of Sketch’s Big Sur user interface, and the Sidebar on the left has transparency, which means it ever-so-slightly takes on the background color of your wallpaper.” The diamond itself got some love too — Prekesh redrew and re-colored it from scratch to improve the contrast and make it slightly more vibrant. Plus, a new, deeper shadow makes it feel like it’s really floating in front of the UI.


Porting Linux to Apple Silicon Macs

Hector Martin (tweet):

By becoming a patron, you will be allowing me to focus on this project as my primary job, and spend much more time on it that I ever could as a side project.

The goal is to bring Linux support on Apple Silicon macs to the point where it is not merely a tech demo, but is actually an OS you would want to use on a daily driver device. To do this, there is a huge amount of work to be done. Running Linux on things is easy, but making it work well is hard. Drivers need to be written for all devices. The driver for the completely custom Apple GPU is the most complicated component, which is necessary to have a good desktop experience. Power management needs to work well too, for your battery life to be reasonable.


All development will be in the open, pushed to GitHub regularly. Contributions will be written with the intent to upstream them into the respective upstream projects (starting with the Linux kernel), and upstreamed as early as is practical. Code will be dual-licensed as the upstream license (e.g. GPL) and a permissive license (e.g. MIT), to ensure that the work can be reused in other OSes where possible.

Is Big Sur’s System Volume Sealed?

Howard Oakley:

So the System volume at disk3s1 (your numbers may differ) has a broken seal?

To understand why that’s perhaps the wrong question, we need to step through how Big Sur creates the SSV in the first place. During system installation, the whole system is created on the System volume. Once complete, and protected by SIP, the installer then creates the Merkle tree of hashes up to the Seal, the one hash to rule them all, and makes a snapshot. The tree of hashes and its Seal are then stored in the file system metadata which make up that snapshot. The sealed snapshot is then mounted and the System volume itself is unmounted.

So it’s not the System volume which is sealed now, but that snapshot.


That crucial piece of information appears to have been omitted from other locations in Big Sur when it’s running on an Intel Mac.