Archive for February 18, 2021

Thursday, February 18, 2021

Citibank’s $500 Million UI Lesson

Timothy B. Lee (via Hacker News):

A federal judge has ruled that Citibank isn’t entitled to the return of $500 million it sent to various creditors last August. Kludgey software and a poorly designed user interface contributed to the massive screwup.


However, Revlon was in the process of refinancing its debt—paying off a few creditors while rolling the rest of its debt into a new loan. And this, combined with the confusing interface of financial software called Flexcube, led the bank to accidentally pay back the principal on the entire loan—most of which wasn’t due until 2023.


The subcontractor thought that checking the “principal” checkbox and entering the number of a Citibank wash account would ensure that the principal payment would stay at Citibank. He was wrong. To prevent payment of the principal, the subcontractor actually needed to set the “front” and “fund” fields to the wash account as well as “principal.”

Citibank’s procedures require that three people sign off on a transaction of this size. In this case, that was the subcontractor, a colleague of his in India, and a senior Citibank official in Delaware. All three believed that setting the “principal” field to an internal wash account number would prevent payment of the principal.

LastPass Pricing Changes

Dan DeMichele (via Jason Koebler, MacRumors, Hacker News):

LastPass offers access across two device types – computers (including all browsers running on desktops and laptops) or mobile devices (including mobile phones, smart watches, and tablets). Starting March 16th, 2021, LastPass Free will only include access on unlimited devices of one type.


In addition to this change, as of May 17th, 2021, email support will only be available for Premium and Families customers.


If you’d like unlimited device type access and email support, you can upgrade from Free to LastPass Premium for a limited time, for $2.25 per month (billed annually).

1Password is $2.99/month, billed annually, with a native Mac app.


A few years back, their free/premium tiers were looking similar to what they announced today. Only they charged a mere $15/year for premium, which I gladly paid.

Then, overnight, they offered syncing across all types of devices for their free tier. The premium tier was only adding some niche features. I would have continued to pay $15/year just to support them, but at the same time they bumped up premium to $36/year. That was a deal-breaker: not paying 2.5x for features I don’t use.

Now, they switch back to not syncing across all types of devices, but the premium price stays $36/year.


Update (2021-02-19): Vítor Galvão:

This is a major (but seldom discussed) reason why so many hate subscription software. The rent price (or what it allows you) can change at any time. It’s a Darth Vader deal.

“Classic” licenses don’t suffer from that issue.

2021 State of Mac Malware

Malwarebytes Labs (MacRumors):

Overall Mac detections decreased by 38%, though Mac detections for businesses increased 31%

Malware accounted for just 1.5% of all Mac detections in 2020—the rest can be attributed to Potentially Unwanted Programs (PUPs) and Adware

ThiefQuest tricked many researchers into believing it was the first example of ransomware on macOS since 2017, but the malware was hiding its real activity of massive data exfiltration. It accounted for more than 20,000 detections in 2020

The full PDF report:

All that changed with macOS 10.15 (Catalina). We’ve entered a world in which no software in the entire industry can remove all components of these PUPs, because they’ve come under the protection of Apple.

Apple’s days of sitting on the fence are now over. With the protection involved in the system extension entitlement, there is no longer any middle ground. At the time of writing, Apple is implicitly siding with the PUPs, providing them protection against removal.


Notarization involves submitting apps to Apple. […] Adware developers responded in divergent ways. Some simply stopped signing their Adware, providing the user with instructions on how to bypass macOS security to run the unsigned installer. This means that they don’t have to bother with notarization, but they also don’t have to worry about Apple revoking their code signing certificate.

However, other Adware developers went the other way, and actually managed to get their malware notarized! In a number of cases, it appears to have passed the notarization checks without significant modification.


Mail Search vs. Big Sur’s Fast User Switching

John Gordon:

In our case Ben and Emily both have non-admin accounts on her M1 Air running Big Sur 11.2.1 with fast user switching enabled. When Ben logs out Emily’s Mail search stops working. There’s no error message, but search does nothing and Smart Folders are inactive.

The fix is to kill corespotlightd.

See also: Marco Arment.

Ivan Pavlov:

Fast user switch also breaks Handoff/Continuity/Unlock with Apple Watch. Submitted multiple radars over the last 4 years, still not fixed. Mac needs a year of refinements and bug fixes with no new features.

Clayton Andersen:

I wonder if something fundamental to fast user switching changed with big sur. Had this bug for a while related to it too.

Code Signing When Building on Apple Silicon


codesign should choose the signing format based on the deployment target:

  • If your deployment target is 10.11 or later, you get sha256.
  • If your deployment target is earlier, you get both sha1 and sha256.

This problem crops up because, when building for both Intel and Apple Silicon, your deployment targets are different. You might set the deployment target to 10.9 but, on Apple Silicon, that’s raised to the minimum Apple Silicon system, 11.0. So, which deployment target does it choose?

The wrong one, if you’re trying to deploy to an older version of macOS. I’ve seen lots of posts about this problem in relation to installer packages, but it applies to apps, too.

The upshot is that you have problems if your deployment target is less than 10.11 and you sign on Apple Silicon. When you run on, say, macOS 10.10, the system looks for a sha1 hash, doesn’t find it, and complains.

You can work around this by setting OTHER_CODE_SIGN_FLAGS to --digest-algorithm=sha1,sha256.

Update (2021-02-19): Peter Ammon:

#fishshell was bitten by this, it means we can no longer use Apple’s tools to codesign, so we use xar instead.

See also: Jonathan Deutsch.

Why Reporting Bugs to Apple May Harm Software Quality

Howard Oakley (tweet):

In recent years, I’ve grown concerned – as many of you have – at the increasing number of obvious bugs in release versions of macOS. In the last week or so, I’ve come across some real howlers: the Rich Text Spotlight importer which can’t import the content of RTF documents, Bluetooth status which is never up to date when you first check it, and most recently Big Sur installers and updaters which don’t work on external SSDs connected to M1 Macs.


Although Dave tested the changes he’d made, he didn’t have time to test whether the mdimporter still indexed the content of RTF files.

It doesn’t help that recent security changes have made it more difficult to test Spotlight importers.

I’ve now reached the stage where I simply don’t have time to report all these bugs, nor should I have to. Indeed, I’ve realised that in doing so, I only help perpetuate Apple’s flawed engineering practices. […] We let Apple get away with this by devoting our time to testing and documenting for Apple. […] Above all, there’s the threat. If we don’t complete Feedback, then Apple won’t know of the bug, and it won’t get fixed.

I’m frustrated, too, and I can certainly understand not having the time to report all the bugs one encounters. But I just don’t see how filing can hurt. Apple would still “get away with it,” and the bugs would be fixed even later, if at all.

If you’re an Apple engineer, please don’t take this personally. I don’t think the current system is good for you either, but at present Apple only seems to respond to public criticism.

I haven’t seen much correlation, personally. Some very public bugs go a long time with no fix. Some obscure ones that I file get fixed right away. Some serious ones get fixed 6 months or a year after I was forced to develop a workaround. Most never get fixed and are seemingly ignored.

Dave Wood:

Got a response to a radar I filed 3 years ago, about a bug in iCloud. They say they can’t look into it now because “the server logs from that date have rolled off”.

This is why I barely file bugs with Apple anymore. Just a waste of everyone’s time.

See also: How to Report Bugs to Apple So They Get Fixed.


Update (2021-03-15): Nick Heer:

Often, I suspect, users will not attach all of the diagnostics needed for Apple’s developers to even find the bug. But I have to wonder how effective it is to be collecting so many system reports all of the time, and whether it is making a meaningful difference to the quality of software — particularly before it is shipped. I have hundreds of open bug reports, many of which are years old and associated with “more than ten” similar reports. How can any engineering team begin to triage all of this information to fix problems that have shipped?