Archive for March 22, 2021

Monday, March 22, 2021

Firefox’s New Referrer Policy

Sergiu Gatlan:

The new user privacy protection feature against accidental leaking of sensitive user data will be introduced in Firefox 87.

Once updated, the web browser will automatically trim user-sensitive information like path and query string information accessible from the Referrer URL.


Butterfly Keyboard Class Action Lawsuit

Juli Clover (tweet):

Apple customers unhappy with the butterfly keyboards used in MacBook models from 2015 on will be able to proceed with a lawsuit against the Cupertino company, as the judge overseeing the case has given it class action status [PDF]. The suit covers anyone who purchased a MacBook with a butterfly keyboard in California, New York, Florida, Illinois, New Jersey, Washington, and Michigan.

Adi Robertson:

This suit claims Apple knew for years that its butterfly switches were defective — and that its incremental changes weren’t fixing the core problem. It cites internal communications inside Apple, including an executive who wrote that “no matter how much lipstick you try to put on this pig [referring to the butterfly keyboard]…it’s still ugly.”

See also: TidBITS.


Update (2021-03-23): Nick Heer:

A document (PDF) filed in this lawsuit in August last year suggests — if you read between the heavy redactions — that Apple was aware of its poorer performance as far back as June 2013[…] But I am more curious about why it took so long to address these glaring problems. Why did this seem, from an outsider’s perspective, to not be among the highest priorities in the company? Why not, after the first year, stick the guts of the newer MacBook Pro model into a revised version of the old case? The question for me is not as much why did Apple try this keyboard in the first place? as it is why did it continue selling Macs with this keyboard? — that, for me, is a greater concern.

See also: Hacker News.


Update (2021-11-15): Adi Robertson:

Sadly, I got the MacBook during Apple’s bad keyboard years, and I guess it couldn’t handle my typing volume and intensity. I’ve broken so many keys on butterfly keyboards that I gave up on getting them repaired and stacked a Bluetooth keyboard on my laptop with a cardboard separator.

How NetNewsWire Handles Threading

Brent Simmons (Hacker News):

Every notification and every callback happens on the main thread.

Though a given object (or small system) may use a serial queue internally, it never, ever lets that fact leak out beyond its own boundaries.


Some developers I’ve known seem to think that being good at concurrency makes them badass. Others seem to think that senior developers must be great at concurrency, and so they should be too.

But what senior developers are good at is eliminating concurrency as much as possible by developing a simple, easy, consistent model to follow for the app and its components.


I know you’re worried about blocking the main thread. But consider this: it’s way easier to fix a main-thread-blocker than it is to fix a weird, intermittent bug or crash due to threading.

Brent Simmons:

It also improves the experience of our developers, who can concentrate on the feature they’re working on instead of on how the feature can live safely in a multithreaded universe.

Best of all: nobody is spending time tracking down a maddening threading bug that never happens on their machine, and then implementing a speculative fix — only to find later that it’s not the fix but now, actually, there’s a new crashing bug, which might have been triggered by that “fix”… and so on, forever.

Developer morale is important!


Backblaze B2 Leaks Metadata to Facebook

Ben Cox (Hacker News):

@backblaze’s B2 web UI seems to submit all of the names and sizes of my files in my B2 bucket to facebook. I noticed because I saw “waiting for” at the bottom while trying to download a backup…


I even opted out of their tracking widget thing!


Believe that’s the Facebook pixel we use for tracking, we’ve forwarded to our web team for review in case that is not intended behavior.


An update on the fix we pushed: we removed the offending code from the logged in web pages.


The pixels we use are primarily for audience building when we advertise on other platforms like Facebook for example. You can read about it in our terms[…]

Adam Brown:

The “Advertising Cookies” section says that you don’t use them. Then in the FB section, you say that it’s so people can easily share pages and content the user finds interesting. Then you slip in a catch-all “we may use it for advertising”.

Tomáš Kafka:

I hope you realise this isn’t a ‘frontend issue’, but a security breach. As a customer with sensitive data, I don’t want you ‘pushing a fix’, I want you to do a full review of how this happened, and a process to not let 3rd party trackers access user data ever again.

Colin Snover:

Regrettably, this is just another example of Backblaze’s inability/unwillingness to follow basic software development best practices. To those saying “they should notify all users”: they should, and they probably won’t, because they haven’t before.

There is a long history of engineering problems. Just one example: it seems to still be the case that the Backblaze client reports files as successfully backed up as many as eight hours before they are actually committed to the server. If something happens to your Mac in the interim, you won’t be able to restore them.


Update (2021-03-23): Backblaze:

We take the privacy of our customers’ data and personal information very seriously and have made completing the root cause analysis a top priority. Our Engineering, Security, and Compliance/Privacy teams—as well as other staff—are continuing to investigate the cause and working on steps to help ensure this doesn’t happen again. We will update this post as we have more information to share.


Sami Fathi:

In September of last year, the Australian Competition and Consumer Commission (ACCC) launched an investigation into Apple’s App Store and Google’s Play Store to examine the experiences of consumers, suppliers, and developers in Australia.


In a submission to the commission, Apple says that it’s “surprised to hear that developers have legitimate concerns about their ability to engage with Apple in the app review process,” and that it “invests significant time and resources in engaging with developers directly” to ensure the quality of apps on the platform.

Mark Gurman:

Apple’s 20-year developer relations chief and VP Ron Okamoto (who oversaw App Store review, policies, organizing of WWDC, developer communications, awards, SDK distribution and more) has retired. He’s been replaced by longtime marketing exec Susan Prescott.

See also: Andy Lee.