Archive for March 8, 2021

Monday, March 8, 2021

Rachel True vs. iCloud

Jon Fingas (via Hacker News, Slashdot, Navin Kabra, 9to5Mac):

Actor and author Rachel True claims iCloud has effectively locked her out of her account due to the way her last name was written. Reportedly, her Mac thought lower-case “true” was a Boolean (true or false) flag, leading the iCloud software on the computer to seize up. The problem has persisted for over six months, she said.

True said she’d spent hours talking to customer service, and that Apple hadn’t stopped charging her for service.

This sort of bug can happen either due to too much static typing or not enough.


macOS 11.2.3

Juli Clover:

Apple says that macOS Big Sur 11.2.3 introduces important security updates and should be installed by all users, with an additional support document clarifying that the software addresses WebKit vulnerability that could allow maliciously crafted web content to execute code.

Another 2.4 GB update for one security fix?

See also: Howard Oakley and Mr. Macintosh.


Update (2021-03-09): Howard Oakley:

Big Sur 11.2.3 does update a lot of Safari and WebKit components.


In Big Sur, Safari itself is installed on the Data volume, not the SSV, but most if not all of its supporting frameworks and other immutable files are stored on the SSV. This division was originally intended to ensure that updating Safari itself in Catalina didn’t require long and complex installation. Unfortunately for Big Sur users, in this case the changes required to address the security vulnerability have been in those immutable files protected by the SSV, making installation considerably slower and more complex.

The minor updates in AppleIntel Graphics kexts and the ImageIO framework appear unrelated and undocumented.


Update (2021-03-14): Dr. Drang:

When I learned yesterday that 11.2.3 had been released, I decided to update right away. Two reasons:

  1. I wanted to know whether Apple had fixed things or whether this update would also destroy the Command Line Tools installation.
  2. If it was the latter, I wanted to do the update while I still remembered how to repair the damage.

It’s not fixed.

Many years ago, OS updates would sometimes overwrite the Python site-packages directory in the /Library/Python tree. This was pretty bad behavior, as the whole point of the site-packages directory is to hold modules that the user installed. But I think destroying Command Line Tools is even worse because Apple is overwriting directories installed by its own software.

Apple M1 Microarchitecture Research

Dougall Johnson (via Hacker News):

This is an early attempt at microarchitecture documentation for the CPU in the Apple M1, inspired by and building on the amazing work of Andreas Abel, Andrei Frumusanu, @Veedrac, Travis Downs, Henry Wong and Agner Fog. This documentation is my best effort, but it is based on black-box reverse engineering, and there are definitely mistakes.


These numbers mostly come from the M1 buffer size measuring tool. The M1 seems to use something along the lines of a validation buffer, rather than a conventional reorder buffer, which complicates measurements a bit. So these may or may not be accurate.


Distributing Mac Apps Without Notarization

Jeff Johnson:

Sometimes a developer needs to send a Mac app to a user for testing, and in that case it’s a pain to upload the app to App Store Connect first and wait for Apple to notarize the app before you distribute it. […] if you normally distribute your app exclusively in the Mac App Store, the app might not have enabled the hardened runtime, and you won’t be able to notarize the app for distribution outside the Mac App Store[…]

The easiest solution is to download the file in a way that doesn’t cause it to be quarantined. This can also be used to work around the recent problem that some users have been encountering where macOS falsely claims that a properly signed and notarized app is damaged.

In my opinion, using curl in this way is the easiest way to distribute a Mac app to a user without notarization. You still can and should sign your app with your Developer ID certificate, as Mac developers did for years before the notarization requirement. If the user wants some assurance about the downloaded app, they can run the codesign command to verify that the app was indeed validly signed with your Developer ID certificate.

I like to run curl like this:

cd ~/Downloads/ && curl -LO ''

The L handles redirects, and the O avoids having to repeat the filename. Johnson notes that if you download directly to the /Applications folder you can avoid a TCC prompt.


Update (2021-07-02): Howard Oakley:

This article is a demonstration of features in Big Sur which you might have thought would protect you, but because of their inconsistent behaviour could catch you out. This shows how you can download, install and run executable code, such as an app, which isn’t signed with a Developer ID, only an ad-hoc signature, without macOS warning you that the code is potentially dangerous.

Goodbye, iMac Pro

Joe Rossignol (Hacker News, Slashdot):

We’ve since confirmed with Apple that when supplies run out, the iMac Pro will no longer be available whatsoever. Apple says the latest 27-inch iMac introduced in August is the preferred choice for the vast majority of pro iMac users, and said customers who need even more performance and expandability can choose the Mac Pro.

The latest 27-inch iMac features a 5K display with True Tone and a nano-texture glass option, up to a 10-core 10th-generation Intel Core i9 processor, up to 128GB of RAM, up to 8TB of storage, up to AMD Radeon Pro 5700 XT graphics, a 10 Gigabit Ethernet option, a higher-resolution 1080p camera, improved speakers and microphones, and more.

Jason Snell:

This isn’t a surprise. The iMac Pro hasn’t ever been updated, though Apple has tweaked some specs and dropped the 8-core model when it was completely surpassed by the regular iMacs released over the past few years.

More notably, the iMac Pro is a product from a different time, and represents a path Apple ultimately chose not to take with the Mac.

Benjamin Mayo (tweet):

However, it has never been clear if the iMac Pro has sold well. It sits in a niche segment of the market, and much of its place in the limelight for pros has been taken by the 2019 Mac Pro tower. The high-end ‘standard’ iMac models have also encroached on the iMac Pro in terms of performance.

Maxim Eremenko:

As we can see, even the base iMac 2020 model outperforms iMac Pro 2017 ($2,300 vs $5,000) in Xcode. I personally think it mostly related to the higher frequency (3.8 GHz vs 3.0 GHz and 5.0 GHz vs 4.8 GHz using TurboBoost) and manufacturing years.

David Sparks:

My entry-level M1 Mac, which was one-sixth the cost of my iMac Pro, can render screencasts just as fast and more quietly as the iMac Pro. The big jump in technology with Apple Silicon has caught up with the iMac Pro. I sold mine a few months ago, hoping to get the best value for it. Since selling it, I’ve missed it and its presence on my desk. This is the first time that’s ever happened to me when selling a piece of hardware. But I expect that whatever Apple has in store for the new iMac with Apple Silicon inside will run circles around the iMac Pro and still be whisper quiet.

John Gruber:

The cooling system of the iMac Pro is simply uncanny. I’d hold it up as the best Mac Apple made, period, of the entire Intel era.


Update (2021-03-14): Jason Snell:

Maybe someday there will be a tell-all book written by someone inside Apple during the 2010s. Maybe we will eventually know exactly what happened that led to a bit of a lost decade for the Mac, one that will be remembered for a failed attempt to rethink the Mac Pro and a series of questionable hardware decisions that hobbled Mac laptops for years.


But in my opinion, there’s a single Mac model that tells a good portion of the story all on its own. It’s a Mac that was a remarkably good computer on its own, but also one that represented an approach to the Mac that Apple itself would end up repudiating.