Archive for January 2021

Saturday, January 30, 2021

2020 Six Colors Apple Report Card

Jason Snell:

It’s time for our annual look back on Apple’s performance during the past year, as seen through the eyes of writers, editors, developers, podcasters, and other people who spend an awful lot of time thinking about Apple.

[…]

The iPhone is Apple’s most important product, but given the seismic changes in the Mac in 2020, the panel was a bit more restrained with its praise—though the iPhone still managed an A grade.

I was a bit surprised by that, as I think the iPhone 12 lineup is strong across the board, and the iPhone 12 mini is my favorite iPhone in a long time.

John Gruber said, “This one is easy. The M1 Macs mark the best moment in Mac hardware history. Apple silicon is that big a deal.”

John Siracusa said, “If you’re not going to give Apple top marks now, then what are you saving your praise for? Daring new Mac designs will have to wait for 2021 or later, but for now we can all rejoice in the unmitigated good of the M1-based Macs. Hallelujah!”

I gave a 4 for Mac hardware because, although the M1-based Macs are the best Mac hardware news in a long time, they came at the end of the year and have not yet spread throughout the lineup. 2020 was another year of the 16-inch MacBook Pro having poor input devices and no matte display. Apple doesn’t sell a Retina display for normal people to connect to it, even though it degraded non-Retina text rendering and icons. And pricing remains a problem in general.

Brent Simmons said, “Apple’s software quality should be so very much better. They’re meant to lead the world in software quality — they should be showing us developers and the rest of the industry how it’s done. But there is so much disappointment here. Whenever I contrast with the brilliance of the new ARM Macs I want to cry.”

The general consensus seems to be that Big Sur is more reliable than Catalina. I’m not sure whether that’s the case. It certainly introduced its own new issues, which I spent much of the summer working around and much of the fall helping my customers with. Rosetta 2 is good but less reliable than Rosetta 1, in my experience. The Mail data loss bug remains unfixed and continues to ensnare new users. There may be scattered improvements in Big Sur, but I don’t see any evidence of turning the corner towards focusing on quality. The general pattern is that each year more stuff breaks, and most of it is never fixed. Structurally, the yearly schedule is unchanged, and there remain multiple parallel systems to maintain (AppKit, SwiftUI, Catalyst, iOS apps on Mac, Apple Silicon vs. Intel). July 2019 is long gone, but the Catalyst apps still aren’t “really good.” SwiftUI on the Mac is more a frustrating promise than a reality.

Myke Hurley said, “Yes the 15% cut exists, but what a terrible year for developer relationships. If we would’ve said the cracks were showing before, I think things are starting to crumble. It has been a year of uncertainty, bad decisions, and bad PR management. 2020 has started a new trend of issues that are now bleeding into antitrust.”

[…]

Marco Arment said, “Apple seemed to dramatically ramp up enforcement on their draconian in-app-purchase rules this year, possibly to boost services revenue, and made unnecessarily offensive statements about developers in the press and legal filings. Later in the year, the reduction of the 30% cut to 15% for many small developers was unexpected but welcome relief, even though it was probably only done to politically defend against mounting pressure from large developers, regulators, and lawsuits.”

The Small Business Program is, for some developers, the best App Store news in a long time, but it was overshadowed by the unprecedented number of App Store–related scandals in 2020.

Previously:

Update (2021-01-30): See also: John Gruber, Nick Heer.

Update (2021-02-05): Colin Cornaby:

I’m kind of surprised software got rated so highly. Normally I’d say iOS is holding that score up, but this year the initial iOS releases and tvOS have been not very stable.

Also surprised to see Big Sur as better than Catalina. For me it’s been some new bugs, some fixed.

Meek Geek:

I would corroborate this. In the past, Macs seldom kernel panic, nor degenerate to a point to where you reboot to fix problems. Sigh, Federighi-era macOS.

John Gruber:

If I had it to do all over again, I’d change this grade from a B to a C. At the time I voted, I was thinking only in terms of reliability and bugginess, and I do think 2020 was a decent year for Apple on that front. But as I revise these remarks today, I’m reminded of all the UI and interaction designs and changes in iOS and MacOS that are just bad. There’s a real sense that Apple’s current HI team, under Alan Dye, is a “design is what it looks like” group, not a “design is how it works” group.

Negative Robinhood Reviews Deleted

Jay Peters (via Slashdot, Hacker News):

Google is actively removing negative reviews of the Robinhood app from the Google Play Store, the company confirmed to The Verge. After some disgruntled Robinhood users organized campaigns to give the app a one-star review on Google’s Play Store and Apple’s App Store — and succeeded in review-bombing it all the way down to a one-star rating — the company has now deleted enough reviews to bring it back up to nearly four stars.

Robinhood came under intense scrutiny on Thursday, after the stock trading app announced it would block purchases of GameStop, AMC, and other stocks made popular by the r/WallStreetBets subreddit, and some users have already replaced their deleted one-star reviews with new ones to make their anger heard.

It currently has a 4.2 rating on the App Store, so presumably Apple has also removed lots of 1-star ratings, though I do see some recent ones calling out Robinhood for blocking people from trading.

Google and App Tracking Transparency

Christophe Combette (via Nick Heer):

Apple’s upcoming App Tracking Transparency (ATT) policy will require developers to ask for permission when they use certain information from other companies’ apps and websites for advertising purposes, even if they already have user consent. Today we’re sharing how Google is helping our community prepare, as we know that developers and advertisers in the iOS ecosystem are still figuring out how to adapt.

[…]

When Apple’s policy goes into effect, we will no longer use information (such as IDFA) that falls under ATT for the handful of our iOS apps that currently use it for advertising purposes. As such, we will not show the ATT prompt on those apps, in line with Apple’s guidance.

Previously:

Thursday, January 28, 2021

ProtonMail Opposes EU Golden Key

ProtonMail (via Hacker News):

In December 2020, The Council of the European Union released a five-page resolution that called for the EU to pass new rules to govern the use of end-to-end encryption in Europe. We strongly oppose this resolution because it foreshadows an attack on encryption.

[…]

While it’s not explicitly stated in the resolution, it’s widely understood that the proposal seeks to allow law enforcement access to encrypted platforms via backdoors. However, the resolution makes a fundamental misunderstanding: encryption is an absolute. Data is either encrypted or it isn’t; users have privacy, or they don’t.

Previously:

Apple’s Q1 2021 Results

Apple (Hacker News):

The Company posted all-time record revenue of $111.4 billion, up 21 percent year over year, and quarterly earnings per diluted share of $1.68, up 35 percent. International sales accounted for 64 percent of the quarter’s revenue.

Jason Snell (transcript, also: MacRumors):

Year over year, iPhone revenue was up 17% and set a new record, iPad revenue was up 41% to its best showing in six years, Mac revenue was up 21%, Services revenue was up 24% to a new record, and Wearables revenue was up 30 to a new record%.

Jason Snell:

There have been seven better quarters in the history of the iPad. It’s just that they were all between 2012 and 2015. This most recent iPad quarter was the best since the holiday quarter six years ago.

[…]

Here’s the message: The move to Apple silicon is going to spur Mac growth like never before. Apple’s M1 Macs were incredibly well received, but it’s still just the beginning of the transition. Cook is telling investors, and everyone else, that Apple expects the move to Apple silicon to put its competition in the PC market to shame and fuel a major boost to the Mac.

[…]

The integration of hardware with software is Apple’s secret sauce, or “the magic,” as Cook puts it. But look at the change to that recipe! It’s now the integration of hardware, software, and services.

Previously:

Facebook May Sue Over App Tracking Transparency

Juli Clover:

Facebook today shared its earnings for the fourth quarter of 2020, and Facebook CEO Mark Zuckerberg’s opening remarks were focused on Apple’s upcoming anti-tracking privacy changes that will impact the advertising industry and companies like Facebook that rely heavily on online advertising.

As highlighted by The Washington Post, Zuckerberg claimed that Apple is changing its privacy policy not to help people, but to further its own interests.

Apple:

Late last year, to give you additional time to prepare, we had temporarily deferred the requirement to use AppTrackingTransparency when requesting permission to track users and access device advertising identifiers. This requirement now goes into effect starting with the upcoming beta update, and will roll out to everyone in early spring with an upcoming release of iOS 14, iPadOS 14, and tvOS 14.

Chance Miller (Hacker News):

Facebook is reportedly planning to take its long-running battle with Apple to the courts. The Information reports that Facebook has been working with outside legal counsel to prepare an antitrust lawsuit against Apple alleging that the company “abused its power in the smartphone market by forcing app developers to abide by App Store rules that Apple’s own apps don’t have to follow.”

[…]

The report cautions, however, that Facebook might not end up filing the antitrust lawsuit against Apple. In fact, Facebook executives are said to be “facing internal resistance” from employees about the gearing up against Apple.

Previously:

Update (2021-02-05): Sara Fischer (via Hacker News):

Facebook is testing a notification that notifies Apple iOS users about ways the tech giant uses their data to target personalized ads to them.

Update (2021-03-14): Bobby Allyn (via Hacker News):

Zuckerberg has long said the only way to build a social network that connects billions of people is for the platform to be free to use and supported by advertising. It is often said that when a tech service is “free,” users pay mightily with their data. And that is the case with Facebook, which compiles its own portrait of its users through granular behavior tracking and also has a lucrative business of selling data to third-parties, like data brokers and advertisers.

[…]

“I think Facebook is worrying about, ‘This is just a first step for Apple. What could be in the next one to two years if they further put the clamps down around data privacy as well as advertising?’” he said. “Apple knows in this regulatory environment, not being flexible on privacy is ultimately going to be come down on their side.”

Juli Clover:

App Tracking Transparency will threaten Facebook’s view-through conversion tracking, a metric that lets ad companies figure out how many people saw an ad, didn’t click it, but later made a purchase related to the ad. Retailers can record the info of the person who bought an item and then share it with Facebook, with Facebook able to determine whether that person’s IDFA matches with a user who saw an ad for the product purchased.

CNBC says that the loss of this info could heavily impact Facebook because if advertisers can’t accurately measure the effectiveness of Instagram and Facebook ads, they might shift more of their budget to other apps and services.

Facebook’s Audience Network, which provides advertisements in non-Facebook apps, will also be impacted because it uses IDFA data to choose the best ads to show to users based on Facebook data. If users opt out of sharing the IDFA, Facebook’s ad personalization efforts will be rendered useless outside of its own apps.

Update (2021-03-22): Juli Clover:

“It’s possible that we may even be in a stronger position if Apple’s changes encourage more businesses to conduct more commerce on our platforms by making it harder for them to use their data in order to find the customers that would want to use their products outside of our platforms,” Zuckerberg said in a Clubhouse meeting this afternoon.

Data Privacy Day at Apple

Apple:

January 28 is Data Privacy Day, a time to raise awareness about the importance of protecting people’s personal information online. Apple is commemorating Data Privacy Day by sharing “A Day in the Life of Your Data,” an easy-to-understand report illustrating how companies track user data across websites and apps. The report also shares how privacy features across Apple’s products give users more transparency and control, empowering people with the tools and knowledge to protect their personal information.

Jason Snell (MacRumors):

On Thursday—which is apparently Data Privacy Day at Apple—Tim Cook gave a speech at the Computers, Privacy & Data Protection 2021 conference.

In it, he made some very pointed comments about companies that don’t share Apple’s commitment to building products that provide users with choices about what level of privacy or tracking they’re comfortable with.

Not that tracking doesn’t matter, but I’m much more concerned about leakage of my private data. This is an area where Apple’s policies offer limited protection and actually get in the way of users taking steps to protect themselves. I’d like to see Apple give users the choice to:

Previously:

Update (2021-01-30): See also: Apple’s Q1 2021 Results.

Update (2021-02-05): Ken Harris:

I never understood why Apple made only a single generic “Network Client” entitlement.

That’s the network version of “Full Disk Access”, only scarier, and without any “User Selected” alternative.

Mac Mini Power Consumption and Thermal Output Specs

John Gruber:

A few weeks ago, Apple added the new M1 model to their support page listing the power consumption and thermal output of all Mac Mini models (including the 2005 original, which used a PowerPC G4 CPU). The numbers from 2014 onward are rather striking[…]

[…]

Historically, it’s worth noting that the M1 Mac Mini’s maximum power consumption and thermal output are only ever so slightly higher than the idle power/thermal numbers for the original 2005 PowerPC G4 Mac Mini. A new M1 Mac Mini running at full speed uses about the same power as a G4 Mac Mini did just sitting there with the Finder open doing nothing. I don’t have GeekBench numbers handy for the G4 Mac Mini, but I believe the new M1 models are noticeably faster.

Previously:

Wednesday, January 27, 2021

Heap-based Buffer Overflow in Sudo

Animesh Jain (via David Smith, Hacker News):

Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.

[…]

In other words, set_cmnd() is vulnerable to a heap-based buffer overflow, because the out-of-bounds characters that are copied to the “user_args” buffer were not included in its size (calculated at lines 852-853).

In theory, however, no command-line argument can end with a single backslash character: if MODE_SHELL or MODE_LOGIN_SHELL is set (line 858, a necessary condition for reaching the vulnerable code), then MODE_SHELL is set (line 571) and parse_args() already escaped all meta-characters, including backslashes (i.e., it escaped every single backslash with a second backslash).

In practice, however, the vulnerable code in set_cmnd() and the escape code in parse_args() are surrounded by slightly different conditions[…]

jeffbee:

All you need to know about sudo and frankly most other pieces of the Linux userspace is that it is undertested. The commit that added this flaw to sudo claims to fix a parser bug but includes no tests. There is no reason for the author, the reviewer (if there even was such a person), or anyone else to believe that the bug existed or was fixed by this change. The pull request that supposedly fixes this CVE also includes no tests. There is no reason anyone should believe this fix is effective or complete, or that it does not introduce new defects.

Update (2021-02-05): Patrick Wardle:

macOS (including 11.2) appears to be vulnerable to the sudo heap-overflow bug (CVE-2021-3156) 🍎🐛 🤨

Hartley Charlton:

With some minor modifications, Hickey found that the sudo bug could be used to grant attackers access to macOS root accounts, and the discovery has now been verified by Carnegie Mellon University vulnerability analyst Will Dormann.

Aqueux Dynamic Wallpapers

Hector Simpson (via Ryan Jones):

Ultra high-resolution wallpapers, inspired by an OS X classic — available in several wide-gamut color editions, with easy installation on macOS, and a collection available for mobile devices.

The desktop versions of Aqueux support 6K resolution and P3 color spaces, switch based on system appearance, and include a package for macOS that installs them directly, complete with thumbnails.

These are nice. I like to have a different color for each space to help show where I am.

Previously:

Xcode 12.4

Apple:

Xcode 12.4 includes SDKs for iOS 14.4, iPadOS 14.4, tvOS 14.3, watchOS 7.2, and macOS Big Sur 11.1. The Xcode 12.4 release supports on-device debugging for iOS 9 and later, tvOS 9 and later, and watchOS 2 and later. Xcode 12.4 requires a Mac with Apple silicon running macOS Big Sur 11 or later, or an Intel-based Mac running macOS Catalina 10.15.4 or later.

There’s no direct download yet, but apparently it hasn’t changed from the release candidate.

Previously:

Update (2021-01-28): The direct download is up and identical to the release candidate. See Xcode Releases for more links.

Corellium iOS VMs for Individuals

Corellium (tweet):

While we have previously supported virtual iPhone and iPad devices for Enterprise accounts, our Individual accounts only offered virtual Android devices. Now, both individuals and enterprises can virtualize both iOS and Android device models.

[…]

One of the other considerations we faced in introducing iOS-based devices for individual accounts is continuing our efforts to limit the use of our software for malicious purposes. We have always vetted our customers, and we have not only declined sales, but also revoked customer accounts for violating our terms. In this regard, we wanted to ensure we would be able to use the same vetting process for individuals that we already use for enterprises.

Previously:

It’s Over Between Us, AVAudioEngine

Chris Liscio:

Looking at the crash logs, I noticed that invoking -[AVAudioEngine mainMixerNode] would fire some kind of internal exception. The API does not return any kind of error, nor is it documented that an exception could get raised. Theoretically, failure at this stage should be impossible!

Unfortunately for me, I had written the high-level engine management code in Swift (as was common/prescribed at the time), so I couldn’t even attempt to handle this exception to patch this behavior.

[…]

Just as last time, a 10.14.x update re-introduced the bug, but in a slightly different way.

[…]

Fast-forward to macOS 11, and the AirPods issue is back. In fact, it’s even worse now because there’s no workaround. […] If you’re listening to the Music app, everything’s running at full quality. Then, you load a project in Capo and your already-playing music now sounds like garbage.

Colin Cornaby:

AVAudioEngine has always struck me as a API with good intentions (doing what CoreAudio does in Obj-C/Swift) with questionable execution and missing features.

It’s just so strange that Apple would take their extremely impressive and feature rich audio toolbox and replace it with... well... this.

Update (2021-01-28): Simone Manganelli:

This has happened over and over and over with APIs throughout macOS in the past decade. PDFKit is a good example.

This is just another symptom of Apple’s annual software update cycle and a lack of commitment to fixing anything.

Francisco Tolmasky:

The Swift/ObjC relationship is like taking the traditional design of a game engine written in C++ with Lua scripting hooks and flipping it on its head, such that you instead wrote the game engine in JavaScript and provided the scripting interface in Haskell.

You can use an Objective-C wrapper to catch exceptions, but be careful trying to make a generic wrapper solution because it’s not safe to throw exceptions through Swift stack frames.

Chris Liscio:

Great news: I have found a resolution to the (latest of the) AVAudioEngine issues I’ve been seeing with AirPods in Big Sur.

[…]

I am still unable to work around the problem in my code and stop the error for my users. These are in-the-field configuration issues that I am powerless to resolve with a simple software update.

AVAudioEngine is still too limited in its feature set for me to consider (or advise) adopting it for a “pro audio” stack like that which powers something like GarageBand or Logic.

Chris Liscio:

I put together a sample project called CrappifyAudio that demonstrates the problem in a minimal way.

Update (2021-02-05): Chris Liscio (tweet):

AVAudioEngine doesn’t give me an opportunity to state my “intentions” for using the engine explicitly on macOS. There is no API that lets me specify that I am building an output-only engine, and don’t require its input abilities.

The previous workaround was to pull the AUAudioUnit instance out of the outputNode and set its deviceID to override the default device selection behavior. Unfortunately, this workaround no longer works because the aggregate device now appears to get created (activated?) when I call outputNode.

[…]

This is the crux of the problem I’m dealing with here, and why I don’t want anything to do with this API anymore. It’s simply too magical for my tastes.

Tuesday, January 26, 2021

Tweetbot 6 for iOS

John Voorhees (Tapbots):

Tapbots, the maker of Tweetbot, has released version 6 of the app, introducing a new subscription pricing model along with a handful of timeline and design updates.

The subscription costs $0.99 per month or $5.99 annually. Many of the features previously available as part of the paid app, including multiple account support, advanced filtering, and push notifications, are now subscription-only features. Tapbots says that subscribers will also benefit from future updates as Twitter expands its third-party APIs and ensure Tweetbot’s continued development.

$6/year seems reasonable, though it’s not clear whether the Mac version will eventually require an additional subscription. It doesn’t replace the old app, so nothing is taken away from those who have already paid for version 5.

Juli Clover:

The update adds support for Twitter’s V2 API, adding interface options for polls and cards for the first time, and it tweaks the timeline view and adds support for more tweet data. There are new “@” and “#” buttons when composing a tweet, plus there are new app icon options and more UI themes.

Paul Haddad:

Not sure if its a new App Store rule, or just whichever reviewer we got, but they requested that we remove Tweetbot 5 from sale within 30 days of Tweetbot 6 going live.

And by request I mean wouldn’t approve until we agreed.

This is weird, though. Tapbots is trying to do the right thing by letting people keep using the old app, but Apple won’t let them fix any bugs that crop up?

Damien Petrilli:

The “value” provided by Apple. The new Tweetbot doesn’t show up in the results. I scrolled multiple screens and nowhere to be found.

Previously:

Update (2021-01-27): Paul Haddad:

No Swift, No 3rd party code. I’m a dinosaur and proud of it. I’m also lazy and have no desire to rewrite a ton of perfectly fine working code.

Jonathan Deutsch:

Apple should have a separate “unlisted” state that does not allow new purchases or it to show up in search results but still:

  • Has an app page with the URL working
  • Allows updates to be downloaded

Every now and then I put Hype 3 back up for sale to let folks still on that version get updates in case they missed it.

Some v3 versions have a crash-on-launch with 10.15+ and we keep getting emails about it. It wouldn’t be a problem if they could get the update normally.

Paul Haddad:

The subscription “backlash” hasn’t been anywhere near as bad as I thought it’d be. Pretty sure the last time we did a paid upgrade (you know in 20 freaking 15) it was quite a bit worse.

[…]

I think a lot of the backlash on subscriptions is the prices being so apparently high. Seems like a lot of apps go with significantly higher prices when going to subs which I can see annoying people.

Philippe Hausler:

I am impressed with the perf improvements. It seems considerably smoother. Thank you! Well worth the small price for a subscription to keep quality software like this up and rollin.

Michael Rockwell:

I have some complaints about the new link previews, though. Each time I publish on my short-form site, IFTTT automatically publishes a tweet with the content of the post and a link back to mike.rockwell.mx. This is all I want, nothing more and nothing less. But Tweetbot 6 generates a preview of the link. Sometimes.

Paul Haddad:

Twitter’s V2 API is still marked as Early Access, so we matched that as there’s still bugs in their API (though we work around most of them). Once they call it 1.0 or what not, we’ll remove the tag.

Nick Heer:

Tapbots’ ability to update Tweetbot is, alas, limited by how fast Twitter builds out its new more developer-friendly API. For example, while you can now view polls in Tweetbot, you cannot vote in them; it will prompt you to open the poll in the Twitter app if you try. You cannot view who liked a tweet or retweeted a post with a comment. You cannot search tweets from more than the last seven days. All of these limitations are on Twitter’s end and have nothing to do with Tweetbot specifically.

Paul Haddad:

Twitter actually lists a roadmap of their API. There’s no dates but gives a rough idea of what’s coming up. Access levels/Rate limits for some of the new stuff is not usable by us at this time, but it’s something they are looking at.

Update (2021-11-12): Paul Haddad:

I was asked in a couple very different contexts today if subscriptions have been working out. And yep they have. Barring a huge amount of churn or some unforeseen external changes we’re already at a long term sustainable level.

Update (2022-01-31): Tapbots:

It’s been exactly a year since we launched Tweetbot 6! Here are all the updates that happened to Tweetbot in the past year

[…]

While subscriptions are a controversial topic, it has allowed us to continuously make Tweetbot a better product. We are excited to make this year’s subscription worth it to you again.

The Business of MKBHD

Marques Brownlee:

I still edit 99 percent of everything. I have the motion graphics artist and cinematographer, Vinh and Brandon, who will just go in on eight hours of editing for the first seven seconds of the intros and fun stuff like that. But I’m 99 percent of the edit, I’m writing everything, and I think at the end of the day, it’s still my face and it’s still my presentation of my ideas.

[…]

There’s the ads that are built into YouTube through the AdSense program. That’s one version of it. You don’t really get to control those ads, but you can still have banner ads, you can have pre-rolls, mid-roll video ads, things like that. And there’s a whole ecosystem there where you try to find a balancing act between how many ads do you place? Do you put mid-rolls in your videos or not?

But then there’s also the integrations that you do control, which can be inside the videos. Sometimes it’s a pre-roll, you say “this video is sponsored by...” You have an integrated section inside of a video or a post-roll. You get control over that, which is often very beneficial because that’s way better targeting for the company who’s trying to talk to somebody. And then there’s all kinds of other alternate ways that YouTube channels make money. For example, we have a merch store.

SwiftUI Unit Testing

Alexey Naumov (via Peter Steinberger):

So I decided to build ViewInspector, a library that allows for inspecting the SwiftUI view hierarchy at runtime.

[…]

And as it turned out, there were many pitfalls waiting for me on the way:

  1. All types in reflection are erased to Any
  2. Computed properties, such as var body: some View, are not available in reflection
  3. Generic private structs and function types which are tricky to cast the value to
  4. Initializing a struct which all init methods are private
  5. SwiftUI dependency injection through Environment
  6. Property wrappers, such as @State, with an elusive storage for values
  7. Significant variations of the hierarchy after a tiny tweak of the input. For example, Text("Hi") vs Text(hiValue)
  8. Overall obscurity and lack of information about the private structures

In this piece, I want to share abnormal use cases and hacky tricks I had to appeal to when building this library using just the standard capabilities of Swift language.

Displaying the State or the Action

John Gruber:

In the Facebook/Android style, a down-pointing chevron is a button you tap to expand more content, and an up-pointing chevron is a button you tap to collapse it. In the iOS/Mac style, a right-pointing chevron (or triangle, depending on the OS) indicates the collapsed state, and a down-pointing chevron indicates the expanded state. The Android way, a down-pointing chevron means “will open, if you tap”; the Mac/iOS way, a down-pointing chevron means “is open, tap to close”.

Other cross-platform apps like Amazon’s Alexa do it the Android way, too.

Ken Harris:

The other common place that Apple uses “show state and imply action”, and which lots of third-party apps get wrong: padlock icons.

1Password had that backwards for over 10 years.

Another example of a button that double as status indicator is the “1x” zoom indicator in the iOS Camera app.

Nicholas Riley:

I agree with your point overall but note there is one standard macOS control that behaves the way you don’t like…

It can get confusing. For example, Mac toolbar buttons typically show the action rather than the state, e.g. the Mute button in Mail.

Monday, January 25, 2021

Hazel Codesigning and Notarization Woes

Paul Kim:

The biggest problem at launch was some users getting an “Unidentified developer” alert when opening the dmg. I had various users send in logs, but it was only when someone found a log message pertaining to the rpath for one of the binaries in the bundle that I was able to identify the problem. Strangely enough, that person didn’t receive the “Unidentified developer” error alert.

[…]

When translocated, the binary is no longer on the disk image, instead it is copied to a temp location on disk. Hazel is unaware of this and as a result, doesn’t run the installer. Why was Hazel being translocated? I’m still not sure. It’s my understanding that if an app and its containing dmg is signed and notarized, it shouldn’t be translocated.

[…]

Logs from users showed that the quarantine flag was still set on the helper and that was preventing it from being run. When the user copies an app, like say from a disk image to /Applications, the quarantine flag should be cleared for the app and everything inside but for some reason it was not clearing it for the embedded binaries. Note that unlike when a user launches an app from Finder where they will be asked to run the app, a login item helper will fail to launch without any prompt.

[…]

Lastly, none of the tools or processes in place (codesign, spctl, notarization) catch these cases. These are all issues related to the static structure of the app bundle so it seems like they should be detectable.

I’ve also seen a lot of customers with quarantine issues lately. They drag and drop the app to their Applications folder, but Finder doesn’t clear the com.apple.quarantine xattr for some reason. When they try to launch the app, macOS reports it as damaged even though everything except that xattr is fine.

Previously:

Update (2021-02-05): A customer recently found that one of my apps had been unexpectedly translocated, despite being notarized and distributed on a signed disk image. It still had the quarantine attribute in the Applications folder.

Codye 1.1.3

Howard Oakley:

In the six years since I started to publish articles here, one feature I’ve been searching for is a good way to present source code. This article is the ultimate gamble: I’m going to explain how to do this, and demonstrate how well it works. So if it all goes horribly wrong, please don’t laugh. This demo is based on a single tool, the cheap app Codye, from the App Store, and aimed at anyone with a WordPress blog; it may well be suitable for other blogging systems too.

Codye really feels like a Catalyst app. On the other hand, I’m not aware of any native apps with this feature set. BBEdit can copy code as HTML, and you can copy and paste from Xcode to TextEdit and then export as HTML, but these methods require post-processing if you want HTML that uses CSS classes instead of raw formatting. On the other hand, Codye uses a JavaScript-based parser, which in my experience is not as accurate.

Hush Content Blocker for Safari

Joel Arvidsson:

Block nags to accept cookies and privacy invasive tracking in Safari on Mac, iPhone and iPad.

[…]

Unlike some blockers, Hush has absolutely no access to your browser habits or passwords. Nor does it track behavior or collect crash reports - nothing leaves your device.

Via John Gruber:

It targets those insipid, never-ending, utterly pointless “cookie notices”, popovers begging you to join email newsletters, and other bits of tracking. It kills dickbars and dickbar-like annoyances. I’ve been running it for days and it’s the sort of thing you don’t notice at all until you disable it and all of a sudden you’re back to approving cookie access every single goddamn time you load an article at The Guardian and squinting to find the hidden “X” that closes a popover asking if you’ll sign up for something you don’t want and never asked for.

Big Sur Document Icons Are Illegible

Jason Snell:

In Big Sur, documents associated with many apps appear to not use custom icons, but rather use a generic white document image with a small thumbnail of the app icon at the center. At the small icon size in list view, this icon appears to be 32×32.

[…]

Unfortunately, this new Big Sur behavior requires me to attempt to see the icon placed on the blank generic document icon — an icon that’s about 12×12. It’s almost impossible to tell the difference between documents that use this same approach.

Previously:

Brad Cox, RIP

Legacy (Hacker News):

Dr. Cox was a computer scientist known mostly for creating the Objective – C programming language with his business partner, Tom Love, and for his work in software engineering (specifically software reuse) and software componentry.

[…]

Stepstone hoped to sell “ICPaks” and Dr. Cox focused on building his ICPak libraries and hired a team to continue work on Objective-C, including Steve Naroff. The late Steve Jobs’, NeXT, licensed the Objective-C language for it’s new operating system, NEXTSTEP. NeXT eventually acquired Objective- C from Stepstone. Objective-C continued to be the primary programming language for writing software for Apple’s OS X and iOS.

Bill Bumgarner:

His impact on many of our careers and on computing in general was immeasurably huge. Certainly, I can point to much of my career and have Dr. Cox to thank for enabling it!

Gus Mueller (tweet):

Everything just sort of aligned in my brain. Previously I found myself struggling to express the ideas I had in my head, and it was a frustrating experience. Now I was struggling to type fast enough and come up with new ideas that I could express in Objective-C. I felt like I could do anything I wanted with it.

Dave Dribin:

I love that Objective-C came from Brad reading the now infamous Smalltalk article in the Aug 1981 (Vol 6, No. 8) issue of Byte with the balloon on the cover and him thinking “I could do something pretty similar in C”.

Becca Royal-Gordon:

Even though I don’t use it much these days, Objective-C is a much better language than it has any right to be—a genuine pleasure to use thanks to its brilliant balance between conceptual purity and practical concessions. Dr. Cox and his colleagues helped make it that way.

Ken Kocienda:

Objective-C remains one of the best languages ever for creating apps and frameworks. Mac OS X, iOS, and the App Store all sat on the foundations of this great language. There would be no iPhone without Objective-C.

Jesper:

Objective-C is presumably the mainstream language with the most outsized influence. Along with Ruby and Squawk later on, it carried the values of Smalltalk into the modern programming era. Introspection and messages and dynamism, rather than C++ vtable optimization and trickery inventing seven kinds of memory management/ownership subtlety and delegating all to the programmer. Getting things to work together in a coherent and easy way that befits a small system, rather than spending 90% of your attention making sure no performance is untowardly spilled on the floor.

John Gruber:

Great programming languages are great for writing certain types of software. Objective-C is great for writing apps and app frameworks. Turns out that made for a great language — and an enormous competitive advantage for the one company that banked its entire software stack on it.

Nick Heer:

Cox sure made his dent in the universe.

See also:

Previously:

Update (2021-01-26): John Gruber (tweet):

When I listen to my favorite app developers speak of Objective-C and its runtime, they almost never talk of the source code they wrote. They speak about it like Kocienda does, like it gave them the ability to put their fingers on the apps themselves. Like they weren’t writing instructions to make the app, but that they were writing the app itself. Not writing a recipe for baking a cake, but somehow baking a cake directly, and tweaking it to taste better and look prettier as it’s cooking. And if you needed to write ungainlier-looking recipes to get that on-the-fly dynamic feel for the cake as it’s being made, so be it, because the cake is the thing, not the recipe.

Steve Troughton-Smith:

It was an elegant language, for a more civilized age, and it served me well.

See also: Core Intuition.

Friday, January 22, 2021

Sketch Library for Big Sur

Parker Ortolani:

Nearly two months after macOS Big Sur’s public release, the Apple human interface team has finally released an updated Sketch library optimized for its top to bottom redesign. User interface designers and developers have been anxiously awaiting this new design kit for quite awhile.

Like previous Sketch libraries offered by Apple, the new macOS 11 library includes all of the core system colors, interface materials and fonts. You can also find elements such as buttons, labels, windows, menus, modals and more. The library includes all of Big Sur’s beautiful new squircle shaped icons and new full screen templates for advertising your design in a standard user environment.

Retiring Tucows Downloads

Tucows (via Andy Baio):

We have made the difficult decision to retire the Tucows Downloads site. We’re pleased to say that much of the software and other assets that made up the Tucows Downloads library have been transferred to our friends at the Internet Archive for posterity.

The shareware downloads bulletin board system (BBS) that would become Tucows Downloads was founded back in 1993 on a library computer in Flint, MI. What started as a place for people in the know to download software became the place to download software on the burgeoning Internet. Far more quickly than anyone could have imagined.

Reversing Malicious Run-Only AppleScripts

Phil Stokes (Hacker News, Patrick Wardle):

macOS.OSAMiner has evolved to use a complex architecture, embedding one run-only AppleScript within another and retrieving further stages embedded in the source code of public-facing web pages.

Combining a public AppleScript disassembler repo with our own AEVT decompiler tool allowed us to statically reverse run-only AppleScripts for the first time and reveal previously unknown details about the campaign and the malware’s architecture.

We have released our AEVT decompiler tool as open source to aid other researchers in the analysis of malicious run-only AppleScripts.

OWC Thunderbolt 4 Hub

OWC (via Dimka, MacInTouch):

For the first time ever, the OWC Thunderbolt Hub lets you consolidate and simplify the connectivity between all your devices with all the Thunderbolt ports you’ve always wanted. The OWC Thunderbolt Hub’s four Thunderbolt (USB-C) ports and one USB port massively expand your connection possibilities.

It ships in February for $149. There’s also a $249 OWC Thunderbolt Dock that has more non-Thunderbolt ports. It seems like it’s taking forever to get USB-C to where USB-A hubs are—and were 20+ years ago—in terms of price or number of ports, but this is progress.

Previously:

Update (2021-02-05): Joe Rossignol (also: 9to5Mac):

CalDigit today introduced a new “Element Hub” dock, equipped with four Thunderbolt 4 ports and four USB-A ports for connecting external displays, storage drives, and other peripherals to devices like a MacBook Pro or iPad Pro.

See also: John Voorhees.

Update (2022-06-10): Patrick McCarron:

I got the new tiny @PoweredbyOWC Thunderbolt 4 hub, but has a huge flaw the front Thunderbolt cable falls out way too easily which is bad because it’s on the front of the device.

Their response: “buy something else we sell to hold it.”

Thursday, January 21, 2021

Beeper Brings iMessage to Android and Windows

Hartley Charlton (tweet):

New universal chat app “Beeper” combines 15 different chat platforms into a single inbox and offers iMessage on Android and Windows (via The Verge).

[…]

The app is “using some trickery” to achieve this, with the website’s FAQ revealing that an always-online Mac running the Beeper app is needed to use as a bridge. Alternately, Beeper will ship a “Jailbroken iPhone with the Beeper app installed which bridges to iMessage” to users unable to use a Mac.

Previously:

Update (2021-02-08): John Gruber:

The idea of a single app with support for multiple messaging services harks back to Adium — and even Apple’s own iChat, which supported several services back in the day (AIM, Jabber, Yahoo, ICQ, and more). One of Beeper’s founders is Eric Migicovsky, who created the Pebble smartwatch back in 2013. When Beeper was announced two weeks ago, he tweeted to confirm that the jailbroken old iPhone trick was no joke, with photos.

Notes on Activation Lock: Apple Silicon Management Challenges

Nathaniel Strauss:

EFI (Extensible Firmware Interface) no longer exists on Apple silicon and along with it has gone EFI passwords. In the past, EFI passwords secured recovery and prevented Macs from using most boot modifiers at startup. A user couldn’t enter recovery, do a PRAM reset, enter target disk mode or perform a whole host of other useful functions without first entering a password.

[…]

Minor differences until point number three. To emphasize, anyone with physical access can to erase the disk, with or without FileVault. Sure, they can’t boot to recoveryOS without entering a FileVault user’s password first, but the erase option exists before authentication.

[…]

Activation Lock would work well as an enterprise alternative to EFI passwords except for the fact MDM can’t enable it on Mac.

Intel Problems

Ben Thompson:

In fact, the x86 business proved far too profitable to take such a radical step, which is the exact sort of “problem” that leads to disruption: yes, Intel avoided Microsoft’s fate, but that also means that the company never felt the financial pain necessary to make such a dramatic transformation of its business at a time when it might have made a difference (and, to be fair, Andy Grove needed the memory crash of 1984 to get the company to fully focus on processors in the first place).

[…]

This is why Intel needs to be split in two. Yes, integrating design and manufacturing was the foundation of Intel’s moat for decades, but that integration has become a strait-jacket for both sides of the business. Intel’s designs are held back by the company’s struggles in manufacturing, while its manufacturing has an incentive problem.

Ian Cutress (Hacker News):

We’re following the state of play with Intel’s new CEO, Pat Gelsinger, very closely. Even as an Intel employee for 30 years, rising to the rank of CTO, then taking 12 years away from the company, his arrival has been met with praise across the spectrum given his background and previous successes. He isn’t even set to take his new role until February 15th, however his return is already causing a stir with Intel’s current R&D teams.

News in the last 24 hours, based on public statements, states that former Intel Senior Fellow Glenn Hinton, who lists being the lead architect of Intel’s Nehalem CPU core in his list of achievements, is coming out of retirement to re-join the company. (The other lead architect of Nehalem are Ronak Singhal and Per Hammerlund - Ronak is still at Intel, working on next-gen processors, while Per has been at Apple for five years.)

See also: Nvidia’s Integration Dreams.

Previously:

Update (2021-01-22): John Gruber:

Gelsinger, speaking in early 2021, knows that Intel fell behind years ago — in an industry where it’s notoriously hard to catch up. He’s taking over a ship that already hit an iceberg and is in need of saving. Sometimes you talk trash about your opponent because you’re an idiot. But other times, you talk a little trash to fire up your own team.

Why Webcams Aren’t Good Enough

Jeff Carlson:

But the issue wasn’t just that Camo gives you better picture quality. I wanted to dig into why webcam technology is so far behind. Even today, in 2021, the Logitech C920 is recommended by many, many magazines and outlets as being the best webcam you can buy. The C920 was released 8 years ago and is still essentially the same hardware. It has terrible color and blows out highlights. Logitech’s top-of-the-line BRIO 4K webcam, which retails for $200 but for most of last year couldn’t be had for less than $350 if you could find one at all, does a better job with highlights but is strangely soft and blurry. The Kiyo Razer, a clever webcam with a built-in ring light, has so much trouble focusing that it can give you a headache if you don’t sit completely still.

So I wrote a giant, 5,000-plus word article breaking it all down: Why webcams aren’t good enough. It’s full of example images and video comparisons, details my methodology, and speculates about why the webcam field has been largely stagnant.

This is one feature that is not rumored to be improving.

Previously:

Update (2021-01-22): David Owens II:

Why buy an expensive webcam when you can buy a significantly better camera?

The market for high quality web-cams is just non-existent; there’s little profit to be made by companies there. Top-end streamers don’t use them (small market anyhow) and Zoom/Skype users don’t need them... who is left?

Elgato:

With Cam Link 4K, simply hook up your DSLR, camcorder, or action cam to your PC or Mac.

[…]

Coupled with Cam Link 4K, your camera appears as a webcam in all your favorite apps. Superb quality at 1080p60 or even up to 4K at 30 frames per second keeps your stream professional.

Update (2021-01-26): Tim Brookes:

So, why not use your iPhone as a webcam for your video meetings instead? Here’s how to do it.

Wednesday, January 20, 2021

Porting Firefox to Apple Silicon

Gian-Carlo Pascutto:

Once the compiler was working, a similar exercise needed to be done with all the Rust crates we depend on. The need to update the compiler and the reliance of some crates on the exact compiler version, especially parts dealing with SIMD support, would end up biting us later on as it made it hard to push Apple Silicon support forward to an earlier release of Firefox without potentially affecting other platforms.

[…]

While we can port the open-source parts of Firefox to 64-bit ARM ourselves, Netflix and some other video streaming services such as Hulu, Disney+, or Amazon Prime require their video to be decoded with closed source, proprietary DRM software.

[…]

If we force this decoding process to run under emulation, we would be able to use the existing Intel x64 decoder modules and have them communicate with the main browser that was running natively.

[…]

More of a concern was user reports that some antivirus software was flagging all our Universal Binaries as malware, and corrupting the Firefox installation the moment the update arrived.

The software was using machine learning techniques and presumably observed that our combined Universal Binaries didn’t quite look like any other legitimate software it had ever seen before.

Previously:

Swift AsyncSequence

SE-0298 (via David Smith, forum):

Swift’s async/await feature provides an intuitive, built-in way to write and use functions that return a single value at some future point in time. We propose building on top of this feature to create an intuitive, built-in way to write and use functions that return many values over time.

This proposal is composed of the following pieces:

  1. A standard library definition of a protocol that represents an asynchronous sequence of values
  2. Compiler support to use for...in syntax on an asynchronous sequence of values
  3. A standard library implementation of commonly needed functions that operate on an asynchronous sequence of values

Previously:

Update (2021-02-19): Philippe Hausler:

To facilitate the collecting of values and moving from the asynchronous world into the synchronous world we should add an extension on AsyncSequence of collect to gather up all the values asynchronously and produce an array of those values. This of course means that the function must follow the effects entailed with said asynchronous iteration; that means that when an AsyncSequence that throws is collected it will throw and when it does not throw of course that collecting process should not throw. This means that the act should be rethrows according to the conformance of the type it is called upon. Furthermore collecting all values must also be in it of itself asynchronous.

Data Security on Mobile Devices

Maximilian Zinkus et al.:

In Apple iOS we found a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption. However, we also found a critical lack in coverage due to under-utilization of these tools.

[…]

We observed that a surprising amount of sensitive data maintained by built-in applications is protected using a weak “available after first unlock” (AFU) protection class, which does not evict decryption keys from memory when the phone is locked. The impact is that the vast majority of sensitive user data from Apple’s built-in applications can be accessed from a phone that is captured and logically exploited while it is in a powered-on (but locked) state.

[…]

Use of Apple iCloud (unsurprisingly) transmits an abundance of user data to Apple’s servers, in a form that can be accessed remotely by criminals who gain unauthorized access to a user’s cloud account, as well as authorized law enforcement agencies with subpoena power. More surprisingly, we identify several counter-intuitive features of iCloud that increase the vulnerability of this system.

[…]

More critically, we observe that Apple’s documentation and user settings blur the distinction between “encrypted” (such that Apple has access) and “end-to-end encrypted” in a manner that makes it difficult to understand which data is available to Apple. Finally, we observe a fundamental weakness in the system: Apple can easily cause user data to be re-provisioned to a new (and possibly compromised) HSM simply by presenting a single dialog on a user’s phone.

Via Nick Heer:

Maybe there are only bad options, and this is the best bad option that strikes the least worst balance between individual security and mass security. But the compromises seem real and profound — and are, officially, undocumented.

Previously:

Charger Nerdery

John Gruber:

So the good news is that if you use Apple’s 18W adapter (which Apple provided with iPhones 11 Pro and iPads Pro, including the iPad Pro updates from March of this year) instead of their new 20W adapter (which Apple includes with the new iPad Air and sells for $19), MagSafe will still draw 13W, which is close to the maximum draw of 15W. But it’s kind of nutty that the MagSafe charger will seemingly draw 15W from one and only one adapter, Apple’s own 20W one.

John Gruber:

So these GaN chargers are much smaller, the same price as Apple’s or cheaper, and more energy efficient. There seemingly is no downside or catch. Until I hear otherwise I’d say there’s no reason anyone should buy Apple’s 20W adapter instead of Anker’s or Aukey’s.

[…]

And while Anker does call out GaN on the product pages for some of its chargers, it does not for the 20W Nano. In their FAQ, regarding how the Nano can be both faster and smaller, Anker more or less just attributes it to secret sauce[…]

John Gruber:

So on the one hand, because the HomePod Mini includes the 20W charger, it was fine that it didn’t work with the old 18W charger. But on the other hand, if you ever toss the 20W charger into a bag or drawer along with an Apple 18W charger, you needed an extraordinary amount of knowledge to know which charger the HomePod Mini required. Not sure how much work Apple had to put into the 14.3 software update to make the HomePod Mini work with the 18W charger too, but I’m glad they did. It’s too confusing otherwise.

[…]

My mistake was using Apple’s slightly older 29W USB-C power adapter, which looks exactly like Apple’s more recent 30W USB-C power adapter. We’ve had that adapter plugged into our kitchen island for years, and it’s never before mattered. But with the Magic Keyboard, it did.

Adam Chandler:

For Tim Cook, who so often measures hardware success in units of “customer sat”, this charging situation has gone completely out of hand. Apple needs to do two things. They either make two chargers, one for iOS devices and another for MacOS devices each with a USB-C port as the termination on the back OR they need to very clearly label in some sort of embossed etching on every charger they make the wattage.

Joe Rossignol:

This supply chain news suggests that Apple is planning GaN versions of its USB-C power adapters, allowing them to be smaller and lighter, more power efficient, and less heat conductive compared to its current chargers, which are based on silicon.

Previously:

Network Neutrality Follow-up

Drew Holden:

Three years ago, America was locked in a battle for #NetNeutrality, and, by extension, life as we knew it.

For the lucky few who survived, I invite you to join me on a quick stroll down memory lane to revisit the doom and gloom we were promised.

[…]

It’s worth pausing here to point out that none of this came to pass. The internet remains as free and open as ever, speeds have increased, prices have dropped, you aren’t paying to use Google (I hope!) and there hasn’t been one iota of accountability despite all that.

My Comcast rate increased, but I didn’t personally notice any other negative changes (or benefits).

FairInternetReport (Hacker News):

American internet users have had a very good 2020: according to research performed by FairInternetReport, median US internet speeds in 2020 doubled to 33.16mbps, up from 17.34mbps in 2019. Covering the five years of 2016, 2017, 2018, 2019, and 2020, this is the largest speed increase seen in the US, with speeds staying essentially the same in 2016 and 2017 (8.91mbps and 9.08mbps respectively), and 2018 recording a median speed of 12.83mbps.

The US stills lags behind many European and developed nations worldwide, and its major cities also often lag behind their European equivalents. That said, there is cause for celebration in Dallas, Seattle and Austin, after our analysis has shown that these cities are performing extremely well relative to most European capital cities.

Nick Heer:

It is an unfortunately common myth that the primary issue of net neutrality is internet speed in pure terms. That has been widely promoted — Twitter still has a #NetNeutrality hashflag marked by a buffering indicator — but it lacks key context. The actual concern is that internet service providers are in a position to influence winners and losers by acting less like the utility providers they are and more like an intermediate market gatekeeper.

But let us pretend that pure measurements of internet speed are what net neutrality protects. This report shows a massive spike in average internet speed — a bigger jump than any previous year. Is that because providers have invested in infrastructure? Capital expenditures were the primary reason Ajit Pai cited for eradicating net neutrality regulations enacted by the previous Tom Wheeler-led FCC. Well, no.

[…]

This report does not prove that net neutrality regulations were a waste of time, or that getting rid of them is somehow beneficial. It only shows is that people bought faster internet service when they needed it.

Ashley Carman (via Nilay Patel):

If you’re a Comcast TV and internet user, prepare for price hikes. The company is planning to increase the prices of a variety of services starting January 1st, 2021, according to Ars Technica and a document detailing the various price increases being shared on Reddit.

Previously:

Tuesday, January 19, 2021

ReadKit for iOS

Balazs Varkonyi (tweet):

  • All your reading in one place, multiple account support.
  • Sync with all major RSS aggregator and read later provider or use it with built-in RSS engine.
  • Feed and folder management for RSS services.
  • Folder and tag management for Instapaper, Pocket, Wallabag and Pinboard.
  • Offline reading and image caching.

It’s $3.99 vs. $9.99 for the Mac version.

Dieter Bohn:

If you want to know the state of RSS in 2021, I can point to no better example than Samsung just casually using what used to be the accepted default RSS icon for its mobile hotspot because it never occurred to them that people might think this icon represented something else.

On the other hand, two new iOS RSS apps released just one week apart, plus a big NetNewsWire update in testing.

Previously:

NSSavePanel Crashes on Big Sur

Christian Tietze:

By now, I expected NSSavePanel.allowedContentTypes to work, and then to have Xcode suggest to wrap access to that property in an if-@available block. But that doesn’t work at all. With macOS 10.15 Catalina being my main dev machine, I cannot use the new API at all at the moment, it seems, no matter what I set the deployment target to.

[…]

It actually turns out that public.csv is not a built-in file type recognized by macOS. The archived docs for UTIs list many UTIs, but not CSV.

So make sure to check your assumptions when you write apps that export data without actually registering the exported file type UTIs!

How to Reserve Time Machine Space on an APFS Drive

Glenn Fleishman:

What Apple appears to be saying is an APFS Time Machine volume requires a single container that takes up the entire disk—you can’t add other containers, and that container has access to all the store space on the disk. Within that container lives a Time Machine volume. If you want to use the disk for other purposes, don’t add a container; instead, use Apple’s advice and add a volume within the existing container.

That is limiting, because the Time Machine backup could eventually swell to fill the entire available storage in the container (and disk), crowding out the other volume or volumes you create.

Previously:

Signal Review

Josh Centers:

Signal had a bumpy start, but it’s now a well-polished and full-featured messaging app available for the most common platforms: iOS, Mac, Android, Windows, and Linux.

[…]

Every part of Signal is open source. The clients are published under the GPLv3 license, and Signal’s server code is published under the AGPLv3 license. All of Signal’s source code is available for public inspection on GitHub. I should point out that while I’m a big fan of open source and believe it makes for better security, it’s not a panacea. Unless you compile the final binary yourself, you can’t know for sure what’s in the code. That’s not to say that Signal is doing anything nefarious, just that it’s not impossible.

[…]

One of Signal’s most prominent critics is Chinese maker and YouTuber Naomi Wu, who claims that Chinese activists using Signal were arrested by the Chinese government. She has repeatedly pointed to two security vulnerabilities in Signal: the potential of compromised phone IMEIs and possible leaks from the phone’s keyboard software. To be clear, these concerns apply only to activists or people who are government-level targets.

Previously:

Monday, January 18, 2021

Switching to Windows and Linux

Don Melton (tweet):

Most of you probably don’t know this but a little over five years ago I built my own gaming PC.

[…]

While I certainly gamed my ass off with that homemade machine for awhile, it didn’t really become an essential device for me until I started using it to experiment with hardware video encoders.

[…]

Eventually, it became a pain in the ass to keep switching back and forth between my iMac and the Windows PC. So I started browsing the Web, reading and writing email, collaborating in Slack, Discord and Skype, all within Windows.

Orta Therox (tweet):

It’s somewhat nebulous, but during the announcements of Apple’s new macOS 11 this year, I felt like a line had been crossed in my mind: The Mac isn’t really the right OS for me anymore.

[…]

The bit that’s tricky for me is that I don’t use a phone, and I want my computer to be more like a truck than a car.

[…]

The move towards a more app-store focused, sandboxed OS means that whole genres of apps aren’t possible anymore. I’m particularly sad about what happened to Safari extensions over the last few years. I don’t want to put my time into a platform where the people starting today have a smaller domain than I did when I started.

[…]

The Mac software ecosystem was like a street of local shops run by people in the community, and then post-iPhone all the big shops moved in because they just wanted to make sure they were represented in the area. Modern desktop environments now feel quite same-y, but this also trivialized OS switching costs.

Previously:

Update (2021-01-19): Mark Frauenfelder (via Chuan):

I’ve been happily using Macs ever since. But a little over a month ago, a representative for Gateway computers asked me if I’d like to try one of its new laptops. I was planning to say no thank you, but my 17-year-old daughter convinced me to give it a try. She’s a gamer and programmer and switched from a Mac to a Windows machine when she was 14 or 15. She insisted I was giving Windows short shrift. So I emailed the representative and said OK. A few days later, I received a Creator Series 15.6" Notebook (Model: GWTN156-2).

The first thing I noticed was the full-size keyboard with a numerical keypad. Mac laptops don’t come with them.

[…]

I think I’m going to keep using Windows from now on. I do feel weird about it; it feels like switching political parties. I’ve been a loyal Mac user for almost 20 years. But in that time span, Windows has evolved into an excellent operating system. This, and the fact that Windows computers are much less expensive than Apple computers, is enough to put me in the Windows camp.

Update (2021-02-05): Lukas Mathis:

Around 2015, I started to realize that I was no longer part of Apple’s target audience. I’ve since found that Windows, and the devices available on the Windows side, from gaming laptops to convertibles to custom-built PCs, are just a better match for my requirements.

At this point, I have only one piece of Apple hardware still in active use: a 17-inch MacBook Pro that runs Coda and EagleFiler.

Since a lot of people seem to be making the switch now, maybe it’s helpful to talk about some things I’m doing to make Windows more amenable to my Mac habits.

Jacob Ziv Honored

Joanna Goodrich (via Hacker News):

IEEE Life Fellow Jacob Ziv will receive this year’s IEEE Medal of Honor “for fundamental contributions to information theory and data compression technology, and for distinguished research leadership.”

Ziv and Abraham Lempel developed two lossless data compression algorithms: Lempel-Ziv 77 in 1977 and LZ78 the following year. The two procedures enable perfect data reconstruction from compressed data and are more efficient than previous algorithms. They allowed for the development of GIFs, PNG, and ZIP files.

Here are the papers for LZ77 and LZ78.

Wikipedia:

In the second of the two papers that introduced these algorithms they are analyzed as encoders defined by finite-state machines. A measure analogous to information entropy is developed for individual sequences (as opposed to probabilistic ensembles). This measure gives a bound on the data compression ratio that can be achieved. It is then shown that there exist finite lossless encoders for every sequence that achieve this bound as the length of the sequence grows to infinity. In this sense an algorithm based on this scheme produces asymptotically optimal encodings.

Is the Finder Wobbly in Big Sur?

Howard Oakley:

I’ve had some strange events in which my main working SSD sometimes vanishes from the Finder, although that external drive remains mounted normally.

[…]

The first time that it happened, I assumed that the external SSD had somehow unmounted then remounted, although neither I nor any running software appeared to have done so. There are no notifications about such an event either. It appeared that the Finder had simply lost its place, lost my working folder from Favourites, and carried on without it.

Storing the Time Zone With a Date

Harshil Shah (tweet):

Going back to how Date works, it doesn’t model the actual clock time but rather a fixed point in time that can be interpreted in any time zone. And so what’s happening here is that the data is being interpreted as if it happened in my current time zone, which is the default time zone that Calendar and DateFormatter use.

And as such, a Date alone isn’t sufficient for modelling historical data, or at least personal historical data: You need time zone information too.

HealthKit acknowledges this too. You do have the ability to specify a time zone when constructing the appropriate HKSample subclass for the health data you’re modelling. It just so happens that while you are required to submit the start and end dates for any sample, the time zone information is entirely optional and buried within a metadata dictionary, that you can even omit entirely.

All of the step data shown in the screenshot was captured by the Health app right on my phone, stored in HealthKit, and displayed by the Health app. Somewhere in this pipeline, the time zone information was ignored or discarded.

Nick Lockwood:

I was just talking about this a few minutes ago, specifically the bad decision Apple made of having a default locale/timezone in most of their date-related APIs, which helps to perpetuate the misconception that a Date object is a self-contained representation of a calendar date.

Previously:

User-defined Order in SQL

Joe Nelson (via Hacker News):

The most natural first attempt is to add an auto-incrementing integer column to track each item’s position[…] It requires updating a bunch of rows to insert one between others.

[…]

What if we store the position of each row using float or numeric values rather than int or bigint? This would allow squeezing new elements between others, rather than shifting items forward to make room. […] However floating point numbers have limited precision.

[…]

Non-negative fractions actually form a binary tree, with every fraction (in lowest terms) appearing at a unique node. […] The terms of these fractions are expressed in lowest terms and grow slowly at each insertion. For instance you can see from the tree diagram earlier that inserting between 1 and 0 toward 0 generates 1/2, 1/3, 1/4 … which can go a very long time because numerators and denominators in pg_rational each get 32 bits of storage.

Other approaches:

Ordered relationships in Core Data seem to use the basic integer approach. I’ve not used this feature much because it’s always seemed risky to rely on it. For many years it was buggy, NSOrderedSet still isn’t available in Swift, and CloudKit doesn’t support ordered relationships.

Previously:

Friday, January 15, 2021

Where Are the Safari Web Extensions?

Jason Snell (tweet):

At WWDC 2020, Apple announced it was going to support Chrome-style browser extensions (the WebExtensions API) in Safari. But with a catch[…]

You have to adapt it for WebKit, join Apple’s $99/year developer program, learn how to use Xcode and App Store Connect, and distribute via the Mac App Store.

Months after Safari 14’s release, are developers “bothering with Safari?”

The answer seems to be largely no—at least, not yet. The Mac App Store’s Safari extensions library seems to be largely populated with the same stuff that was there before Safari 14 was released, though there are some exceptions.

[…]

Beyond needing to get set up with Xcode, Abrahamowicz has had to deal with some specific security limitations Apple applies to extensions, which may require him to actually write some Mac-specific code in order to give the Safari version of Library Extension the same features it has on other platforms.

Apple recently posted some encouragement for potential developers.

Previously:

Update (2021-01-18): See also: Hacker News.

walty8:

We recently converted a chrome extension into safari extension using the tool provided by apple. While the conversion is smooth in general, the generated app (not the extension) got UI issue during extension review! Reviewer insists the app does not fit the UI guideline. I need to write back and explain the entire app is actually generated by the official Apple tool. The only use of generated app is open the preferences page of Safari. Anyway, after two back and forth, the extension is finally launched.

CleanShot X

Cabel Sasser:

You know what’s a really good Mac app? CleanShot. By far the best and most feature-rich screenshot/screen recording app I’ve used.

Oddly, despite being sold directly, there’s no trial version. However, they have a money-back guarantee, and you can also try it via the free trial for Setapp.

Steve Jobs at All Things Digital

Walt Mossberg:

FYI, all 6 of Steve Jobs’s appearances at the @allthingsd conferences - including the joint session with Bill Gates - are available for free in both pristine video and audio on @ApplePodcasts. We donated them after his death as a memorial.

Here are the direct RSS URLs for audio and video.

The Best Mac Rumors in a Long Time

Juli Clover (via Paul Haddad, Hacker News):

According to Kuo, Apple is developing two models in 14 and 16-inch size options. The new MacBook Pro machines will feature a flat-edged design, which Kuo describes as “similar to the iPhone 12" with no curves like current models. It will be the most significant design update to the MacBook Pro in the last five years.

There will be no OLED Touch Bar included, with Apple instead returning to physical function keys. Kuo says the MagSafe charging connector design will be restored, though it’s not quite clear what that means as Apple has transitioned to USB-C. The refreshed MacBook Pro models will have additional ports, and Kuo says that Most people may not need to purchase dongles to supplement the available ports on the new machines.

Mark Gurman (tweet):

Beyond the more powerful chips, Apple is also planning to step up the displays in its new MacBook Pros with brighter, higher-contrast panels, the person said. The new Macs will look similar to the current versions, albeit with minor design changes. Apple is aiming to launch the new MacBook Pros around the middle of the year.

This sounds way better than I expected. If it’s not the plan, it should be. If true, I guess it takes about five years to turn the ship. Can we throw in a smaller trackpad, too?

With the speed of the M1, I would love to switch back from an iMac to a MacBook Pro—if only there were a reliable, reasonably priced external Retina display.

Jeff Johnson:

Now if we can just get matte screens again...

Colin Cornaby:

Real 2x resolution would be nice

Tytus Suski:

reasons I left Apple ecosystem start to look like Michael Corleone’s TODOs

Mark Gurman (tweet):

The new [iMac] models will slim down the thick black borders around the screen and do away with the sizable metal chin area in favor of a design similar to Apple’s Pro Display XDR monitor. These iMacs will have a flat back, moving away from the curved rear of the current iMac.

[…]

Apple is also working on a pair of new Mac Pro desktop computers, its priciest Mac machines that don’t come with a screen included, the people said. One version is a direct update to the current Mac Pro and will continue to use the same design as the version launched in 2019. […] The second version, however, will use Apple’s own processors and be less than half the size of the current Mac Pro.

[…]

As part of its revived Mac desktop efforts, Apple has started early development of a lower-priced external monitor to sell alongside the Pro Display XDR.

Mr. Macintosh:

My take on the “Dark Era” Macs 2013-2019

[…]

If the current rumors are true, this could mark a huge shift.

I don’t think the damage that the 2013 Mac Pro & 2016 MacBook Pro is fully realized.

$5000 desktop with that’s not expandable? = Move to PC

$2500 Laptop with horrible reliability & bad keyboard design = Move to PC

Scott:

Saw it real-time, live, while it happened. BEYOND ME how no one at Apple had foreseen it, or seemed motivated to fix it.

Previously:

Update (2021-01-18): Raymond Wong (Hacker News):

Clearly, actual creatives and professionals disagree with Apple’s soul-searching because if all of these rumors come to fruition, Apple will be returning to what was already considered the MacBook Pro’s zenith. Coupled with Apple Silicon and Apple could experience Mac growth that it ceded to PC laptops during these past years of stumbling.

As someone totally in love with my M1 MacBook Air — the performance and battery life still astounds me every day — I am beyond excited for these new MacBook Pros. I’ve missed MagSafe dearly, pleaded for Apple to kill the Touch Bar more times than I can count, and curse under my breath every time I can’t find my SD card dongle for my MacBook.

Update (2021-01-22): Mark Gurman (tweet, 9to5Mac, MacRumors, 2, 3):

The company is planning to bring back an SD card slot for the next MacBook Pros so users can insert memory cards from digital cameras.

[…]

Apple has also developed underlying Mac support for both cellular connectivity — the ability for Macs to connect to the internet via smartphone networks — and Face ID, the company’s facial recognition system. But neither feature appears to be coming soon. To that end, Face ID had originally been planned to arrive in this year’s iMac redesign, but it’s now unlikely to be included in the first iteration of the new design.

Update (2021-03-15): Joe Rossignol:

Apple plans to release two new MacBook Pro models equipped with an HDMI port and SD card reader in the second half of 2021, according to analyst Ming-Chi Kuo, who outlined his expectations in a research note obtained by MacRumors.

Joe Rossignol:

Apple plans to unveil new 14-inch and 16-inch MacBook Pro models with Mini-LED-backlit displays in the second half of this year, according to industry sources cited by Taiwanese supply chain publication DigiTimes.

Update (2021-04-22): Juli Clover:

Schematics stolen from Apple supplier Quanta Computer outline Apple’s plans for the next-generation MacBook Pro models that are expected in 2021, and clearly confirm plans for additional ports and a return to MagSafe.

Thursday, January 14, 2021

TabFS

Omar Rizwan:

TabFS is a browser extension that mounts your browser tabs as a filesystem on your computer.

The files inside a tab’s folder directly reflect (and can control) the state of that tab in your browser.

[…]

This gives you a ton of power, because now you can apply all the existing tools on your computer that already know how to deal with files -- terminal commands, scripting languages, point-and-click explorers, etc -- and use them to control and communicate with your browser.

macOS 11.2 Beta 2 Adds Full Custom Kernel Support

Hector Martin:

So I’m working in understanding the Apple Silicon boot/OS provisioning process. This is all subject to change, but here are some takeaways according to my current understanding.

[…]

This means that in order to set up an Apple Silicon device to boot arbitrary code, you first need to set it up to boot macOS, or at least install a working recovery mode.

[…]

In addition, Apple has a mechanism they use to only allow recent versions of their software to be installed on devices, by requiring a “phone home” process when you install it.

[…]

So the takeaway here is: Apple have built a very clever secureboot process previously unseen in any kind of desktop computer. They make us go through hoops to boot Linux, but those hoops are there to protect normal users.

Hector Martin (Hacker News):

macOS Big Sur 11.2 beta 2 is out with full custom kernel support.

[…]

The OS now finally includes the firmware and bootloaders and tools necessary to replace Big Sur with not-Big-Sur. That was previously not possible.

Howard Oakley:

When you boot an M1 Mac into its new Recovery Mode, it isn’t using the Recovery volume from the standard boot container at all, but what Apple calls 1 True Recovery (1TR) from the Apple_APFS_Recovery container, something which doesn’t exist on an external bootable disk. Many of its features, notably its Startup Security Utility which you can use to change the security policy, are only available in 1TR. As that can’t exist on an external bootable disk, and its command line equivalent bputil is largely limited to 1TR, it’s the internal storage which really controls that Mac, even when it’s booted from an external disk.

[…]

This ingenious new boot process does have consequences, though. Failure of internal storage means failure of the whole Mac, which can’t then boot from an external disk, which lacks the essential iSC and can’t provide 1TR either. I think this is already true for Macs with T2 chips, with their single security policy, rather than one for each bootable operating system as in the M1. I suspect it’s also, in part at least, responsible for the lack of an Internet Recovery Mode in M1 Macs.

Previously:

ContentFilterExclusionList Gone in macOS 11.2 Beta 2

Patrick Wardle (tweet, Hacker News):

Unfortunately, Apple (without telling anybody) decided to “exclude” or exempt over 50 of its own applications (such as the App Store) and daemons from being routed thru the Network Extension Framework.

[…]

Due to the ContentFilterExclusionList list any traffic generated from these “excluded” items could not be filtered or blocked by a socket filter firewall (such as LuLu). Many (rightfully) asked, “What good is a firewall if it can’t block all traffic?” I of course also wondered if malware could abuse these “excluded” items to generate network traffic that could surreptitiously bypass any socket filter firewall. Unfortunately the answer was yes! It was (unsurprisingly) trivial to find a way to abuse these items, and generate undetected network traffic[…]

[…]

Well, after lots of bad press and lots of feedback/bug reports to Apple from developers such as myself, it seems wiser (more security conscious) minds at Cupertino prevailed.

Norbert Heger:

Thanks Apple for listening!

sneak:

Big Sur on M1 (and possibly on Intel) maintains a persistent, hardware-serial-number linked TLS connection to Apple (for APNS, just like on iOS) at all times when you are logged in, even if you don’t use iCloud, App Store, iMessage, or FaceTime, and have all analytics turned off.

There’s no UI to disable this.

This means that Apple has the coarse location track log (due to GeoIP of the client IP) for every M1 serial number.

[…]

This change is essential for blocking such traffic, and I’m glad for it, but there is a long way to go when it comes to pressuring the pro-privacy forces inside of Apple to do more.

Previously:

Update (2021-02-05): Jeffrey Paul:

There are several privacy/usage leaks remaining in the OS, but now they can be effectively blocked without affecting the overall operation of the device.

Reminder: iMessage Not Meaningfully E2E

David Heinemeier Hansson (Hacker News):

If you use iCloud Backup AT ALL, which is the default, your use of iMessage is not E2E because Apple has a backup of the encryption keys 🤯. And even if you turn off this backup, your recipient probably didn’t. So iMessage is not meaningfully E2E at all!

[…]

Apple’s marketing of iMessage’s E2E is seriously deceptive.

You would think a company serious about privacy would explain the situation in plain English. Or allow more granular control so that you don’t have to choose between giving Apple all your messages and not having a cloud backup.

David Heinemeier Hansson:

I cannot believe Apple conned me into thinking iMessage was meaningfully E2E 😞.

David Heinemeier Hansson:

So say you wake up one morning. Realize that Apple has been lying about E2E with asterisks and omissions and defaults, and you then turn off your iCloud backup. How long does it take before these backups are permanently gone from Apple’s servers? Can’t find a retention answer.

Noah Williams:

Hey so since @dhh has just reminded me of all the ways Apple deceives us into thinking their products are secure, I’d just like to compile my thoughts on all the ways backdoors currently exist within iOS[…]

Apple saves your call logs to the cloud unless you turn off iCloud Drive (not iCloud backups)[…]

[…]

The default length of an iOS passcode which you’re prompted to setup out of the box is six digits, which is laughably easy to brute force.

[…]

Also, you can’t even request to disable server side logging of Siri commands without putting your phone in supervised mode…

Previously:

Update (2021-01-18): See also: Hacker News.

Wednesday, January 13, 2021

An Otter RSS 1.0

Josh Holtz (tweet, 9To5Mac):

An Otter RSS doesn’t do much but it does everything I want it to. My goals were:

  • Subscribe to RSS feeds (sync over iCloud)
  • List new articles for each feed (sync over iCloud)
  • Show read/unread status of articles (sync over iCloud)
  • Support for iOS, iPadOS, and macOS
  • Background refreshing with local notifications

2021 Backup Strategy

David Sparks:

At any particular time, there is a curve for hard drive storage in price. Ideally, you want your backup to fit within that sweet spot where it can be contained on an affordable drive. If you have more data to back up than will fit on the current affordable drive capacity, you’ll need to split your data or look at a more complex NAS system. One of the reasons I spent time ditching files was so I could keep it simple. My data needs are just under 5TB right now, and there are several affordable 5TB storage options. I’ve bought three separate Seagate portable 5TB drives. They are small and light, and they are USB-powered.

[…]

I’ve heard from some readers that mounting drives under the desk leads to unwanted vibration. I think I dodged this bullet because I mount them with attachable Velcro tape. The drives are so light that the Velcro is fine to hold them, and it offers a buffer. Either way, they are entirely unnoticeable when working on top of the desk.

I’ve been using a GO-Oblong Cable Organizer and a similar box from IKEA to contain my USB hub and various bus-powered drives on my desk. But I really like this idea for freeing up more desk space by putting them underneath. Unfortunately, I still rely on higher capacity 3.5-inch hard drives for some auxiliary storage, and Time Machine and bare 3.5-inch drives for most of my clones. Those go in drive docks that would need to stay on top.

Update (2021-01-26): Dr. Drang:

But this week I got both of my external disks—one for Time Machine and the other for a nightly backup—off the top of my desk and down underneath it. I went with a more prosaic solution: a shelf.

Amazon’s “Brushing” Scam

Susan Hogan and Meredith Royster:

Seventeen Amazon packages have been delivered to Catherine Mayfield’s home in Temple Hills, Maryland, since October. She didn’t order any of them.

[…]

According to Alex Hamerstone, a cybercrime expert from TrustedSec, sellers do this to boost their ratings. They make a fake account using a real name and address they can easily find online. The seller buys the product from themselves and sends it to the address.

“In order for you to have a validated purchase so that your rating carries more weight, they actually have to ship something,” said Hamerstone. The seller then writes a fake review and gives themselves five stars.

Via Dave Mark:

Amazon created this process. Surely they could tweak their system so verified purchases are actually “verified”. Make it easy to report unordered packages, then have Amazon note on the product pages that the product has an active brushing scam.

Previously:

Growth in Desktops, Mac Marketshare

Tom Warren (Slashdot):

The PC was supposed to die 10 years ago, but it’s just experienced its first big growth in a decade. Market research firm Canalys reports that PC shipments reached 297 million units in 2020, up an impressive 11 percent from 2019. IDC puts the year at 302 million shipments, up 13.1 percent year over year. Gartner also agrees that 2020 was a big year for PCs and the biggest growth we’ve seen since 2010.

PC shipments are up thanks to demand related to the ongoing coronavirus pandemic. Supply constraints made it difficult to buy a new laptop halfway through the year, and demand continued throughout 2020.

Juli Clover:

Apple’s worldwide Mac shipments were up in the fourth quarter of 2020, according to new PC shipping estimates shared this afternoon by Gartner. Apple shipped an estimated 6.9 million Macs during the quarter, up from the 5.25 million it shipped in the year-ago quarter, marking growth of 31.3 percent.

Apple was the number four vendor during the quarter, and its market share also grew to 8.7 percent, up from 7.3 percent in the fourth quarter of 2020.

Previously:

Update (2021-04-16): Sami Fathi:

The Mac experienced momentous growth in the first quarter of this year, with shipments growing by 111.5% compared to the same time period last year, according to market data from IDC.

Lost Persistent AppleScript Properties

Shane Stanley:

Native code for Apple silicon Macs has a new, inviolable, requirement: it will not run unless it is code-signed. In practice, that means all universal apps have to be code-signed.

[…]

Script Editor running on Big Sur will produce universal applets. This will be the case on both Intel and Apple silicon Macs. So every time an applet is saved in Script Editor while running Big Sur, it will be signed to run locally.

This signing will be noticeable in two ways. First, saving will be a little slower — signing takes a certain amount of time. Second, because the point of signing code is to ensure its integrity, and because the whole applet is signed, the applet will only continue to work as long as it is not altered after signing. And the normal persistence of property values — where you change a property’s value and the change is reflected the next time you launch the app — works by modifying the contents of an applet.

So properties will not persist in universal applets run under Big Sur.

Previously:

Setting Your Default Web Browser on Big Sur

Jeff Johnson:

macOS 11 Big Sur has a bug that prevents some apps from appearing in the “Default web browser” menu in the General pane of System Preferences, which of course makes it difficult to set one of those apps as your default web browser.

[…]

The developer API for changing your default web browser still works correctly on Big Sur. My workaround is to call that API from the python command-line tool[…]

[…]

It’s important to keep in mind that this workaround does not fix the “Default web browser” menu in System Preferences. In fact, even after you change your default web browser to Link Unshortener, it still won’t appear in the menu, which will incorrectly show Safari as the default web browser.

It’s odd that 2020’s iOS and macOS releases both contained (different) bugs related to setting default apps.

Why doesn’t he just call the API from his app? Because the app is in the Mac App Store, and the API doesn’t work from sandboxed apps.

Previously:

Tuesday, January 12, 2021

Don’t Forget Your Bitcoins

Nathaniel Popper (via Matt Levine):

The password will let him unlock a small hard drive, known as an IronKey, which contains the private keys to a digital wallet that holds 7,002 Bitcoin. While the price of Bitcoin dropped sharply on Monday, it is still up more than 50 percent from just a month ago when it passed its previous all-time high around $20,000.

The problem is that Mr. Thomas years ago lost the paper where he wrote down the password for his IronKey, which gives users 10 guesses before it seizes up and encrypts its contents forever. He has since tried eight of his most commonly used password formulations — to no avail.

[…]

Of the existing 18.5 million Bitcoin, around 20 percent — currently worth around $140 billion — appear to be in lost or otherwise stranded wallets, according to the cryptocurrency data firm Chainalysis.

I don’t understand how they can measure this. In any case, it’s a good reminder to use a password manager or have a physical record of your important passwords.

Update (2021-01-13): Dave Jevans:

As co-founder of IronKey I will tell you that we spent $50M building it. NSA reviewed it. We worked with Atmel on a custom AT98SC smart card to store the encrypted AES key and RSA private keys. It will cost a lot to reliably crack one without the chip resetting itself.

Dave Jevans:

IronKey/Atmel security features include voltage, frequency and temperature detectors, illegal code execution prevention, tampering monitors and protection against side channel attacks and probing.

iTunes at 20

Kirk McElhearn:

On January 10, 2001, Steve Jobs went on the stage at Macworld Expo in San Francisco and presented a new app that would change the course of Apple. iTunes would become Apple’s most important app, not only because it was the companion of the iPod that would be released later that year, but also because it would become the framework for all of the company’s future online stores. (Watch the original presentation: part 1, part 2.)

[…]

It’s interesting to look back at the first presentation of iTunes, to see how little the iTunes interface has changed in twenty years. Aside from the fact that, on the Mac, it’s not iTunes any more – when Apple released macOS Catalina, they split it into four apps – the Music app is a direct descanted of the original iTunes. (iTunes still exists for Windows, with the same features as the previous integrated app on macOS.)

Previously:

Wikipedia Is 20

The Economist (via Hacker News):

The site has no shareholders, has generated no billionaires and sells no advertising. Today’s aspiring tech giants burn vast quantities of investors’ money subsidising taxi rides (Uber) or millennial messaging (Snap) in pursuit of “scale”. Wikipedia grew organically, as more and more ordinary people decided to contribute. The site has its roots in the techno-optimism that characterised the internet at the end of the 20th century. It held that ordinary people could use their computers as tools for liberation, education and enlightenment.

[…]

Wikipedia may not have vanquished its doubters in theory. But it has triumphed in practice. With over 20bn page views a month, it has become the standard reference work for anyone with an internet connection. As social-media sites are lambasted for censorship, “fake news”, disinformation and conspiracy theories, its reputation is higher than ever.

[…]

Wikipedia compares well with other reference works when it comes to honest mistakes, but it is uniquely vulnerable to vandalism and pranks. In an effort to combat them, says Mr Negrin, the site has developed algorithms that monitor articles for mischief.

See also: Jimmy Wales on Systems and Incentives.

WhatsApp Privacy Policy and Encryption Canary

Dan Goodin (Hacker News, Bruce Schneier):

WhatsApp, the Facebook-owned messenger that claims to have privacy coded into its DNA, is giving its 2 billion plus users an ultimatum: agree to share their personal data with the social network or delete their accounts.

The requirement is being delivered through an in-app alert directing users to agree to sweeping changes in the WhatsApp terms of service. Those who don’t accept the revamped privacy policy by February 8 will no longer be able to use the app.

Tim Hardwick:

Encrypted messaging app Signal faced big delays in verifying the phone numbers of new accounts on Thursday because of a sudden surge in people trying to join the platform.

Alec Muffett (via Hacker News):

Why have @WhatsApp changed their E2E white paper regarding “at no time…access to private keys”? Answer: Because Facebook plan to offer Bots in the Cloud for WhatsApp “Business” Users

Hartley Charlton:

WhatsApp is now assuring users that “Our privacy policy update does not affect the privacy of your messages with friends or family.” It has also added to its FAQ to address users’ privacy concerns relating to data sharing with Facebook.

The FAQ explains that WhatsApp and Facebook cannot see a user’s private messages or hear their calls. Logs of who users are messaging and calling are not retained and shared location, contact information, and group membership is kept private.

WhatsApp suggests that the majority of data sharing with Facebook is derived from communicating with businesses that use hosting services from Facebook or after using Facebook-branded commerce services such as Shops. Either may result in targeted ads being shown to users.

Previously:

Update (2021-01-15): Reuters (via Mike Isaac, Hacker News):

The WhatsApp messaging service announced on Friday that it would delay changes to new business features after people around the world criticized the new policy.

The Facebook-owned company said it is “going to do a lot more to clear up misinformation around how privacy and security works on WhatsApp.”

Update (2021-02-22): Tim Hardwick:

WhatsApp has revealed how it will gradually cripple accounts held by users who do not accept the platform’s impending privacy policy changes, due to come into effect on May 15.

Update (2021-05-24): Prasham Parikh (via Hacker News):

WhatsApp has confirmed that while it won’t terminate accounts immediately, users who don’t accept the new terms will have only “limited account functionality” available to them until they do. In the short term, that means losing access to your chat list, but you will still be able to see and respond to notifications as well as answer voice and video calls. However, after a few weeks of that, WhatsApp will then switch off all incoming notifications and calls for your account, effectively rendering it useless.

Here Lies Flash

Adobe (MacRumors):

Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.

Rich Trouton:

To assist with the process of removing Adobe Flash, I’ve written an uninstall script which will completely remove Adobe Flash.

Jordan Rose:

There’s a good chance mainstream browsers will straight-up stop supporting plug-ins soon after, so I’m downloading the standalone player app.

See also: Slashdot.

Mike Davidson:

Then one day in 1997, I clicked on a link to Kanwa Nagafuji’s Image Dive site and the whole trajectory of web design changed for me. It looked like nothing I had ever seen in a web browser. A beautiful, dynamic interface, driven by anti-aliased Helvetica type and buttery smooth vector animation? And the whole thing loaded instantly on a dial-up connection with nothing suspicious to install? What was this sorcery? Sadly, I can’t find any representation of the site online anymore, but imagine the difference in going not just from black-and-white TV to color TV, but from newspaper to television.

Nick Heer:

I am not as rosy-eyed about Flash as Davidson. Most of the Flash-based websites I remember loaded slowly, performed poorly, and were hard to use. I remain conflicted about a more interactive web and the entire notion of websites as applications, and I find it hard to be so kind to a plug-in that was responsible for so many security and stability problems.

[…]

It is impossible to know if we would have ended up with rich typography, streaming video players, full web applications, and online games without Flash — and, in the case of the latter two, Java. Regardless of my ambivalence, the web that we have today is rich, universal, and accessible, and much of that groundwork was catalyzed by Flash.

Lars Doucet (via Hacker News):

To this day, I am super mad at all the people who put for the codswallop that HTML5 was this perfect replacement for Flash.

It’s been 10 years since “Thoughts on Flash” was published and HTML5 STILL doesn’t (in actual practice) replicate what mattered about Flash.

What really mattered about Flash, in my view:

  1. For 95% of applications you can just distribute a single SWF file
  2. You have a robust authoring tool that is animation/graphics-first and newbie friendly
  3. You can send a link to your mom and she can just play it w/ no issues

Francisco Tolmasky:

“Thoughts on Flash” was never about the open web and was instead, if anything, about Apple controlling the iPhone ecosystem (and eventually the AppStore).

Joe Rossignol (Hacker News):

And starting today, Adobe has gone one step further and blocked Flash content entirely.

When a user attempts to load a Flash game or content in a browser such as Chrome, the content now fails to load and instead displays a small banner that leads to the Flash end-of-life page on Adobe’s website. While this day has long been coming, with many browsers disabling Flash by default years ago, it is officially the end of a 25-year era for Flash, first introduced by Macromedia in 1996 and acquired by Adobe in 2005.

Previously:

Update (2021-01-13): Jason Scott:

Now up and running at @internetarchive - 100s of “Flash Loops”, the most concentrated mind-melting outcropping of the Flash era - fast-looping visual images connected to audio hooks from a range of sources. These got into EVERYTHING back in the 2000s.

Update (2021-01-22): David Cohen and Yue Sun:

Depot staff were confused when their computers lost access to the local dispatch system on the morning of Jan. 12, according to the bulletin. The reason: Adobe’s last update to its Flash Player included a kill-switch set to go off that day, when the company ended support for the notoriously virus-prone web standard. Flash was little missed—except in the Chinese government, where it remains in widespread use.

[…]

The staff divided into hardware and software task forces, and attempted to restore an older version of Flash from a backup “GHOST system,” an effort marked by triumphs and defeats. By 10 p.m., they had mostly restored computers to backup states—when, suddenly, automatic updates caused the systems to disable Flash again.

Update (2021-03-15): Saam Pahlavan:

With the passing of Flash, I got some game dev friends to write eulogies for our beloved friend.

Monday, January 11, 2021

New 4 TB SSDs From SanDisk and WD

Juli Clover:

The SanDisk Extreme Pro Portable NVMe SSD offers up to 2000MB/s read and write speeds, and its aluminum chassis serves as a heatsink to deliver higher sustained speeds. The SanDisk Extreme Pro Portable SSD will be available later this quarter for $750.

[…]

Under the WD brand, Western Digital debuted the latest MyPassport SSD, which offers read speeds up to 1050MB/s and write speeds up to 1000MB/s. It features a shock and vibration resistant metal design that is drop resistant up to 6.5 feet, and it comes in colors that include blue, gray, red, gold, and silver. It will be available later this quarter for $680.

Apple currently charges $800 to upgrade a MacBook Air from 256 GB to a maximum of 2 TB. With a 16-inch MacBook Pro, you can upgrade from 512 GB to 4 TB for $1,200.

Howard Oakley:

I’m delighted to release the first full and non-beta version of Stibium, my free benchmarking utility for storage performance testing, most particularly with SSDs.

Previously:

Is iOS 14’s App Library for Me?

Chris Hynes:

You find names appearing under icons to be irritating, especially since you’ve long since memorized what all your app icons look like.

When you click on something that looks like a folder, you’ve always wanted it to launch the app under finger than open a folder like it does in the home screen.

[…]

You like when you have something that looks like a folder and clicking a big icon behaves differently than a small icon.

[…]

You were hoping for another place to search for apps that doesn’t tell you what folder the app is in.

Some good points, made sarcastically. I actually kind of like App Library. It sure beats swiping through an unsorted folder nine apps at a time. The small vs. large icon distinction probably breaks some rules but works well in practice.

The weirdest thing for me is that Recently Added doesn’t seem to be based on when I actually purchased or manually downloaded the app. It’s as if half of the apps shown are there because they happened to be the last ones migrated from my previous iPhone.

Update (2021-01-22): Ryan Jones:

This is maddening. Spotlight vs App Library

Update (2021-06-02): Jesse Squires:

I think App Library is one of the best features added to iOS in the past few years.

[…]

I only have one major complaint about the existing folders — why is there no “Developer” category?

[…]

Finally, why is App Library still not available on iPad? App Library is essentially the iOS equivalent of Launchpad on macOS. As the iPad continues to evolve into a more desktop-like experience, it is baffling that App Library is iPhone-only. (And the same goes for home screen widgets, which are also missing on iPad.)

[…]

There’s one main bug I continue to encounter: phantom notification badges. A folder in App Library will have a notification badge, but when I tap to open the folder, none of the apps have a badge.

Swift FilePath Syntactic Operations

Michael Ilseman:

FilePath appeared in System 0.0.1 with a minimal API. This proposal adds API for syntactic operations, which are performed on the structure of the path and thus do not consult with the file system or make any system calls. These include inspecting the structure of paths, modifying paths, and accessing individual components.

Additionally, this proposal greatly expands Windows support and enables writing platform-agnostic path manipulation code.

Previously:

Update (2021-01-27): Michael Ilseman:

Version 2 of FilePath Syntactic APIs is live.

Highlight: splitting Root off from Component lets the type system sort out so many corner cases.

Dissecting the Apple M1 GPU

Alyssa Rosenzweig (via Hacker News):

Apple’s latest line of Macs includes their in-house “M1” system-on-chip, featuring a custom GPU. This poses a problem for those of us in the Asahi Linux project who wish to run Linux on our devices, as this custom Apple GPU has neither public documentation nor open source drivers.

[…]

The process for decoding the instruction set and command stream of the GPU parallels the same process I used for reverse-engineering Mali GPUs in the Panfrost project, originally pioneered by the Lima, Freedreno, and Nouveau free software driver projects. Typically, for Linux or Android driver reverse-engineering, a small wrap library will be written to inject into a test application via LD_PRELOAD that hooks key system calls like ioctl and mmap in order to analyze user-kernel interactions. Once the “submit command buffer” call is issued, the library can dump all (mapped) shared memory for offline analysis.

Previously:

Update (2021-01-22): Alyssa Rosenzweig (via Hacker News):

This week, I’ve reached a second milestone: drawing a triangle with my own open-source code. The vertex and fragment shaders are handwritten in machine code, and I interface with the hardware via the IOKit kernel driver in an identical fashion to the system’s Metal userspace driver.

[…]

These changes amount to around 1700 lines of code since the last blog post, available on GitHub. I’ve pieced together a simple demo animating a triangle with the GPU on-screen. The window system integration is effectively nonexistent at this point: XQuartz is required and detiling the (64x64 Morton-order interleaved) framebuffer occurs in software with naive scalar code. Nevertheless, the M1’s CPU is more than fast enough to cope.

Update (2021-07-02): See also: Part III (Hacker News) and Part IV.

SwiftUI Views to Images

Alejandro Martinez:

Sadly, SwiftUI doesn’t provide a native way of generating images from its views. We need to resort to tricks used in its ancestor frameworks.

[…]

First, we need to create a NSHostingView with the SwiftUI view that you want to create the image from.

With an NSView in hand, the rest of the process is no different that what you would do to rasterize a native AppKit view.

Parler Removed From App Stores and AWS

Ryan Mac and John Paczkowski (tweet, MacRumors, Hacker News):

“We have received numerous complaints regarding objectionable content in your Parler service, accusations that the Parler app was used to plan, coordinate, and facilitate the illegal activities in Washington D.C. on January 6, 2021 that led (among other things) to loss of life, numerous injuries, and the destruction of property,” Apple wrote to Parler. “The app also appears to continue to be used to plan and facilitate yet further illegal and dangerous activities.”

Apple said that “to ensure there is no interruption of the availability of your app on the App Store,” Parler was required to submit an update and a “requested moderation improvement plan within 24 hours of the date of the message,” which was sent on Friday morning. Apple said if it did not receive an update from the company within that time frame, the app would be removed from the App store.

Jay Peters, quoting Google (Hacker News):

In order to protect user safety on Google Play, our longstanding policies require that apps displaying user-generated content have moderation policies and enforcement that removes egregious content like posts that incite violence. All developers agree to these terms and we have reminded Parler of this clear policy in recent months. We’re aware of continued posting in the Parler app that seeks to incite ongoing violence in the US. We recognize that there can be reasonable debate about content policies and that it can be difficult for apps to immediately remove all violative content, but for us to distribute an app through Google Play, we do require that apps implement robust moderation for egregious content. In light of this ongoing and urgent public safety threat, we are suspending the app’s listings from the Play Store until it addresses these issues.

Jay Peters and Kim Lyons (MacRumors):

Apparently, Parler did propose some changes, but Apple decided they weren’t sufficient, according to a statement Apple sent to Parler alongside its final decision to remove the app. It states that “the processes Parler has put in place to moderate or prevent the spread of dangerous and illegal content have proved insufficient,” and that Parler will not return to the App Store until it has “demonstrated your ability to effectively moderate and filter the dangerous and harmful content on your service.”

John Paczkowski and Ryan Mac (Hacker News):

Amazon notified Parler that it would be cutting off the social network favored by conservatives and extremists from its cloud hosting service Amazon Web Services, according to an email obtained by BuzzFeed News. The suspension, which will go into effect on Sunday just before midnight, means that Parler will be unable to operate and will go offline unless it can find another hosting service.

[…]

In an email obtained by BuzzFeed News, an AWS Trust and Safety team told Parler Chief Policy Officer Amy Peikoff that the calls for violence propagating across the social network violated its terms of service. Amazon said it was unconvinced that the service’s plan to use volunteers to moderate calls for violence and hate speech would be effective.

Previously:

Update (2021-01-22): MartianCraft:

We are going to take a look at how this service was created, how it functioned, and the technical failures that caused it to go out with such a resounding bang as opposed to the quieting snuffing out of a candle.

Thursday, January 7, 2021

Audion 4.0

Panic:

Once upon a time, we made one of the earliest MP3 players for the Mac, Audion. We’ve come to appreciate that Audion captured a special moment in time, and we’ve been trying to preserve its history. Back in March, we revealed that we were working on converting Audion faces to a more modern format so they could be preserved.

Since then, we’ve succeeded in converting 867 faces, and are currently working on a further 15 faces, representing every Audion face we know of.

Today, we’d like to give you the chance to experience these faces yourself on any Mac running 10.12 or later. We’re releasing a stripped-down version of Audion for modern macOS to view these faces.

Previously:

Update (2021-01-15): Panic:

Open sourcing this fun project quickly paid off — @irskep turned our work into a very cool Spotify player!

Wednesday, January 6, 2021

10th Anniversary of the Mac App Store

Joe Rossignol:

Apple announced that the Mac App Store was “open for business” in a press release timed with the launch. “With more than 1,000 apps, the Mac App Store is off to a great start,” said Steve Jobs, Apple’s co-founder and former CEO. “We think users are going to love this innovative new way to discover and buy their favorite apps.”

[…]

Since its inception, the Mac App Store has attracted its fair share of criticism from developers. Apple has addressed some of these complaints over the years by allowing developers to offer free trials via in-app purchase, create app bundles, distribute apps on multiple Apple platforms as a universal purchase, view analytics for Mac apps, respond to customer reviews, and more, but some developers remain unsatisfied with the Mac App Store due to Apple’s review process, the lack of upgrade pricing, the lack of sandboxing exceptions for trusted developers, the absence of TestFlight beta testing for Mac apps, and other reasons.

Thinking back to the early days of the Mac App Store, I remember how its introduction killed a nascent third-party effort to build a similar store. And I recall how, just months after the store opened, Apple changed the rules to require that apps be sandboxed. Apps accepted under the prior rules were grandfathered in but not allowed to add any major features. As a result, in categories where sandboxing is impossible, searching the Mac App Store today only turns up results of apps that have been abandoned or haven’t had a major new version. At the time, most people expected that the sandbox capabilities would expand with each version so that eventually nearly all apps could be included. Instead, as with the rest of the Mac App Store, they have changed very little over the years.

Previously:

Samsung T7 Review

Lloyd Chambers:

MPG reviewed the Samsung T5 back in 2017 and found a lot to like. Great performance, and prices came way down by 2020—an excellent value.

[…]

That is, the Samsung T7 can deliver speeds slightly exceeding 1000 MB/sec for reads and writes. But as the tests show:

Under sustained writing, the Samsung T7 speed falls off a cliff.

And even worse, sustained read speeds are mediocre.

[…]

While the T5 does not offer the same peak speeds, it also sustains considerably higher write and read speeds. At least for my uses, this is far preferable.

Tuesday, January 5, 2021

Privacy of Apple Podcasts

James Cridland:

But not all of Apple’s products are as private as they should be. And one of them, which doesn’t have a privacy label since it’s part of the underlying OS, is built very poorly indeed when it comes to privacy.

[…]

Apple Podcasts doesn’t use a computer server in the cloud for this sort of thing. Instead, by design, every copy of the Apple Podcasts app checks each RSS feed you’re subscribed to.

[…]

Apple Podcasts don’t tell you who hosts the podcast you’re subscribing to: it’s not surfaced anywhere in their app.

So, you’ve no knowledge as to whether this personal data is going to a nice, sensible podcast hosting company, or one that isn’t so nice: since it’s not clear anywhere within the podcast app who is the hosting company.

I think this is a bit of an exaggeration. This is not personal information being sent. And fetching the feeds directly is arguably more private since it doesn’t (if you turn off syncing) involve a central cloud service that knows every feed that everyone subscribes to. (Overcast mitigates this by allowing anonymous accounts.) Would you say that Safari should be made “more private” by proxying all requests through Apple’s servers?

Previously:

Update (2021-01-06): Apple Podcasts does have a privacy label.

Twitter Acquires Breaker

Erik Berlin:

When we started Breaker, podcast apps were productivity apps, similar to feed readers and to-do lists. Breaker added a social community element with features such as liking and commenting on episodes. We’re now inspired to go even further in re-imagining how we communicate with each other, beyond the scope of traditional podcasts.

Sadly, for us and our users, we’ll be shutting down Breaker on Friday, January 15th. This will allow us to focus on building what comes next.

Monday, January 4, 2021

Google Workers Announce Plans to Unionize

Zoe Schiffer (Hacker News):

A group of Google workers have announced plans to unionize with the Communications Workers of America (CWA). The Alphabet Workers Union will be open to all employees and contractors at Google’s parent company. Its goal will be to tackle ongoing issues like pay disparity, retaliation, and controversial government contracts.

[…]

Arranged as a members-only union, the new organization won’t seek collective bargaining rights to negotiate a new contract with the company. Instead, the Alphabet Workers Union will only represent employees who voluntarily join, as reported by the New York Times. That structure will also allow it to represent all employees who seek to participate — including temps, vendors, and contractors (known internally as TVCs) who would be excluded by labor law from conventional collective bargaining.

Previously:

Project Monarch

Zac Bowden:

Project Monarch is the end-goal for Microsoft’s “One Outlook” vision, which aims to build a single Outlook client that works across PC, Mac, and the Web. Right now, Microsoft has a number of different Outlook clients for desktop, including Outlook Web, Outlook (Win32) for Windows, Outlook for Mac, and Mail & Calendar on Windows 10.

Microsoft wants to replace the existing desktop clients with one app built with web technologies. The project will deliver Outlook as a single product, with the same user experience and codebase whether that be on Windows or Mac.

Via Steve Troughton-Smith:

Sad to see Microsoft consciously eroding its native platforms, drawn to the idea of a local ecosystem full of web apps like a moth to a flame.

Previously:

Update (2021-01-05): John Gruber:

I have no idea how big the “footprint” is for the current Mac Outlook app, but if it’s based on Electron how could the footprint not be enormous? “Hello World” in Electron is huge.

Version 16.44 of Mac Outlook is 1.98 GB. The Electron version would only be a fat binary for the non-JavaScript portions, and it would likely remove lots of features and code, so it certainly could be slimmer despite using Electron.

See also: MacRumors.

Update (2021-01-06): Colin Cornaby:

The Electron runtime is about 1.2 gigs alone combining the Intel and ARM versions. It’s so large that Electron apps aren’t distributed as universal so far.

Hard to see how it gets slimmer on Mac.

Microsoft’s plan on Windows is to build these things against the version of Chromium now built into Windows (via Edge.) So things might get slimmer. On Windows.

Nick Heer:

Some reports have interpreted this as though Microsoft will discard the Mac app redesign it previewed in September. I am not sure that is the case. The new version of Outlook for Mac looks an awful lot like an Electron app already.

Like most web apps in a native wrapper, this sounds like a stopgap way of easing cross-platform development at the cost of usability, quality, speed, and platform integration. To be fair, I am not sure that anyone would pitch today’s desktop Outlook apps as shining examples of quality or speed, but I spend a lot of time from Monday through Friday in the Outlook web app and it is poor.

Zoom Rooms Weekly Restart

Zoom (via Rogue Amoeba):

Zoom Rooms weekly system restart functionality will restart your computer weekly with the following conditions[…] By default, the Zoom Rooms computer will restart on Saturday, but you can also select a day for the restart.

The alert says this is for “best system performance.”

Dan Kuehling:

Only on their Zoom Room app for dedicated Zoom powered conference rooms. It doesn’t happen on the regular Zoom app.

Marc Edwards:

I have so, so many questions about this alert and the entire process that led to it.

Matt Gallagher:

During the Big Sur betas, Zoom caused WindowServer to leak memory – about 1GB per hour. I was restarting every few days. My guess is there’s a similar Apple bug they’re working around.

And apparently a Windows one, too, since the feature is also available in that version of the app.

Previously:

Update (2021-01-27): Peter Steinberger:

People are mocking Zoom for having an automated restart feature. I’m currently building exactly that for our CI.

The M1 Mac mini needs daily reboots so it doesn’t randomly fail to start the iOS Simulator. Something leaks here.

Friday, January 1, 2021

Let’s Make 2021 the Year of Disk Utility

Howard Oakley:

APFS has developed rapidly since we first started getting to know it in High Sierra. By the time it has reached version 1677.60.23 in Big Sur, it has grown many new features, of which most support the new Sealed System Volume, and Time Machine backups to APFS volumes. These include volume roles, Volume Groups, firmlinks, and the copying of storage blocks into backups.

Despite those, Disk Utility in Big Sur has changed precious little, and can’t for example swap the Data volume in a boot volume group. Although its command tool companion, diskutil, offers a few more facilities, such as the creation of APFS volumes with specified roles, even there the user has comparatively little to work with APFS’s extensive feature-set.

[…]

Disk Utility is sadly neglected, a tool which is vital to every Mac user but lacks the care and attention which Apple should devote to it. Please, Apple, can we target it for serious high-quality engineering effort in 2021, and end these years of neglect?

TJ Luoma:

Dear Apple: It would be great if macOS 12 didn’t require us to use a third-party tool to get an accurate idea of how much disk space we have available.

Previously:

Update (2021-01-04): Niko Kitsakis:

Well, well, well… Where have I heard this before?

Amphetamine Threatened With App Store Removal

William C. Gustafson (tweet):

Amphetamine is a free app that helps keep your Mac awake. Amphetamine has been on the Mac App Store since 2014 and it’s been downloaded over 432,800 times. It currently has over 1,400 reviews and a 4.8 out of 5.0 rating in the US Mac App Store.

On December 29th, 2020, a representative from Apple contacted and informed me that, after 6 years on the Mac App Store, Amphetamine had spontaneously began violating one of Apple’s App Store Guidelines.

Apple then proceeded to threaten to remove Amphetamine from the Mac App Store on January 12th, 2021 if changes to the app were not made. It is my belief that Amphetamine is not in violation of any of Apple’s Guidelines. It is also my belief that there are a lot of people out there who feel the same way as me, and want to see Amphetamine.app continue to flourish without a complete re-branding.

Petition:

Apple has accused Amphetamine of violating the following guideline:

1.4.3 Apps that encourage consumption of tobacco and vape products, illegal drugs, or excessive amounts of alcohol are not permitted on the App Store. Apps that encourage minors to consume any of these substances will be rejected. Facilitating the sale of marijuana, tobacco, or controlled substances (except for licensed pharmacies) isn’t allowed.

Apple further specified:

“Your app appears to promote inappropriate use of controlled substances. Specifically, your app name and icon include references to controlled substances, pills.”

The app doesn’t promote the use of any pills by humans. Rather, it’s a metaphor for offering your Mac a common treatment for Narcolepsy.

Jeff Johnson:

Apple featured the app that they now want to remove for supposedly promoting drug use.

Update (2021-01-01): William C. Gustafson:

While Amphetamine (the app) does not promote the use of illegal drugs, there are other apps that do. You can find plenty of other apps on the App Store that either promote irresponsible use of both legal and illegal drugs, or outright glorify the manufacture and sale of illegal drugs. These other apps have not been removed from the App Store or forced to rebrand.

See also: David Heinemeier Hansson, Hacker News.

Previously:

Update (2021-01-05): Andrey Okonetchnikov (via David Heinemeier Hansson):

That’s pretty much what happened to @colorsnapper! We wanted to submit a tiny update and it got rejected after years being on the Mac App Store.

David Heinemeier Hansson:

Apple: This app that simply keeps your computer from going to sleep is promoting drug use. Also Apple: GTA 5 gets our Editors Choice for actively basing gameplay around drug use and drug trafficking 👏👏

William C. Gustafson (Engadget, Hacker News, The Verge, MacRumors, tweet):

Just got off a call with @Apple. Appeal accepted and Amphetamine will remain on the @AppStore.

Nick Heer:

In a parallel universe where this story did not receive press coverage, would the outcome be the same?

Marcus S. Zarra:

Reading things like this are so disheartening.

Hard to even consider writing for any Apple platforms anymore. Why take the risk?

blackbrokkoli:

I mean, good for the app, but at this point this really makes my blood boil. […] Every time somebody writes a “my app got finally restored :)” post hundreds or thousands of equally good and legit pieces of software get thrown into the abyss - and why? Because the author speaks no English, has no network, does not tweet enough. What a shitty reason.

FilmNoir Rejected From the App Store

Tom Angistalis:

It was surprising to be honest that it was approved on first try. I was expecting some changes to be made around the subscription stuff. Nice to have it ready for release!

Tom Angistalis (via Dave Wood):

I spoke too soon. I seriously don’t understand how App Store review can be that inconsistent.

We had an approved app, waiting to be released and just after 2 days our minor update was rejected as a form of spam.

What does it mean though? There are tons of @trakt clients in the App Store. There are tons of @Twitter or @reddit clients in the App Store. By that definition those apps should not exist.

Tom Angistalis:

The full rejection message from the App Review team. Does anyone understand what the action points are?

[…]

Maybe I should have waited before posting about it but it’s so stressful. Last time we waited 3 months before complaining on Twitter in order to get a technical issue resolved.

Tom Angistalis:

Approved!

Previously: