Archive for April 2021

Friday, April 30, 2021

Apple Developer Tools Memory Lane

Dave Verwer:

I lost about two hours yesterday to this tweet from Davide Di Stefano. Xcode 2 was the first version I used, but this video of Xcode 3 from Kevin Vinck took me on a delightful trip down memory lane, which ended in finding this YouTube channel and this video introducing Project Builder. Despite being such low resolution you can’t read the text, I watched more of it than I should have for a Thursday afternoon. 😬 I loved seeing features in Project Builder that are still a part of Xcode today.

Previously:

VMware Fusion on Apple Silicon Later This Year

VMware (tweet):

However, for those that need to run another operating system like Linux or Windows, Rosetta 2 doesn’t support Virtualization, and Apple silicon Macs don’t support Boot Camp. That means it’s time for us to innovate and rebuild our beloved desktop hypervisor for Macs, VMware Fusion, to support the next generation of Apple hardware.

[…]

Even with that said, and note that I’m using ‘debug’ builds which perform slower, in my 12 years at VMware I’ve never seen VMs boot and run like this.

[…]

And as far as we are aware, there is no way to buy a Windows 10 ARM license for a Mac with Apple silicon.

[…]

So, to be a bit blunt, running x86 operating systems on Apple silicon is not something we are planning to deliver with this project.

So no testing older versions of macOS, either.

That said, the team is planning to deliver a Public Tech Preview of VMware Fusion for macOS on Apple silicon before the end of this year, and we can’t wait to get it in the hands of every Apple silicon Mac owner.

Previously:

Catalina Security Update 2021-002 Breaks OpenCL

Gus Mueller (tweet):

Core Image, another framework by Apple and one that Acorn relies on heavily, uses OpenCL to process images when its renderer is set to “software” mode (the other mode is to use the GPU). Core Image tries to use OpenCL and then fails, so all images come out empty.

The quick fix is to tell Core Image not use the software renderer, and then Core Image will move everything to the GPU for processing and use Apple’s Metal framework instead of OpenCL — for most cases. I think there is still hardware out there that can’t use Metal, so it might fall back to OpenCL in that case.

[…]

Nothing in the release notes for the security update mentions OpenCL. I’m baffled and completely in the dark as to what the changes were or why they were done.

Colin Cornaby:

Also spent the morning diagnosing this. Catalina Macs suddenly stopped completely tests successfully, traced the timing back to the security update.

In our case, OpenCL breaking also breaks parts of CoreImage.

Previously:

Update (2021-05-07): Mr. Macintosh:

Catalina 2021-002 & Mojave 2021-003 Security Updates are causing boot problems on the iMac Pro.

After installing the update, some users are getting a prohibitory sign.

Update (2021-05-25): Gus Mueller:

Good news, Apple released Security Update 2021-003 Catalina yesterday for 10.15.7, and it appears to have fixed the regression which broke Acorn 6 and below.

Thursday, April 29, 2021

30 Years of Linux

Jeremy Andrews (via Hacker News):

Thirty years ago, Linus Torvalds was a 21 year old student at the University of Helsinki when he first released the Linux Kernel. His announcement started, “I’m doing a (free) operating system (just a hobby, won’t be big and professional…)”. Three decades later, the top 500 supercomputers are all running Linux, as are over 70% of all smartphones. Linux is clearly both big and professional.

Linus Torvalds:

I’m 100% convinced that the license has been a big part of the success of Linux (and Git, for that matter). I think everybody involved ends up being much happier when they know that everybody has equal rights, and nobody is special with regards to licensing. […] The right to fork and do your own thing is important, but the other side of the coin is equally important - the right to then always join back together when a fork was shown to be successful.

[…]

I use this abomination called “micro-emacs”, which has absolutely nothing to do with GNU emacs except that some of the key bindings are similar. I got used to it at the University of Helsinki when I was a wee lad, and I’ve not been able to wean myself from it, although I suspect I will have to soon enough.

[…]

But that “mailing list as an archive” model works very well, and works seamlessly together with the whole “send patches between developers as emails” and “send problem reports as emails”.

[…]

If anything, what is interesting about the last decade is how we’ve actually kept the actual development model really smooth, and what hasn’t changed. […] So for the last decade, we’ve made absolutely huge changes (Git makes it easy to show some statistics in numbers: about three quarters of a million commits by over 17 thousand people).

[…]

So one of the main things the VFS layer does is really handle all the locking and caching of pathname components, and handle all the serialization and the mount point traversal, and do it all with mostly lock-free algorithms (RCU), but also with some really clever lock-like things (the Linux kernel “lockref” lock is a very special “spinlock with reference count” which was literally designed for the dcache caching, and it’s basically a specialized lock-aware reference count that can do lock elision for certain common situations). […] The Linux dcache is simply in a class all its own.

See also: 25 Years Later: Interview with Linus Torvalds (via Hacker News).

Previously:

Update (2021-05-07): Linus Torvalds (via Hacker News):

The other big thing is that you have to be open. And I mean that in multiple ways. It’s really easy to create some kind of “clique” of people, where you have an inner cabal that discusses things in private, and then you see really only the end result (or the fringe work) in the open, because all the important stuff happened inside a company or within a core group of people, and outsiders have a hard time breaking into that clique, and often have a hard time even seeing what is going on in that core group because it was so private and exclusive.

It’s one of the reasons I really like open mailing lists. Not some “by invitation” list. Not something you even have to sign up to participate in. Really open. And pretty much all the development discussions should be there.

[…]

But is it sustainable? Yes. I’m personally 100% convinced that not only is open source sustainable, but for complex technical issues you really need open source simply because the problem space ends up being too complex to manage inside one single company. Even a big and competent tech company.

[…]

I don’t have a “30-year plan”. I don’t even have a 5-year plan. In fact, I don’t plan ahead more than a release or two (which is obviously just a few months).

As an engineer, I have this strongly held opinion that “details matter”. Details are almost the only thing that matters. If you get the details right, the rest will follow.

Apple’s Q2 2021 Results

Apple (Hacker News):

The Company posted a March quarter record revenue of $89.6 billion, up 54 percent year over year, and quarterly earnings per diluted share of $1.40.

[…]

“We are proud of our March quarter performance, which included revenue records in each of our geographic segments and strong double-digit growth in each of our product categories, driving our installed base of active devices to an all-time high,” said Luca Maestri, Apple’s CFO.

Jason Snell (transcript):

It’s Apple’s best non-holiday quarter ever, with all its major product categories way up versus the year-ago quarter.

Mac revenue was $9.1B, up 70% versus last year’s second quarter, and seems to be an all-time record for the Mac. iPad revenue was $7.8B, up 79% versus the year-ago quarter. iPhone revenue, which is typically pretty sleepy in the fiscal second quarter, was up 66% to $47.9B.

The flashy new revenue lines, Services and Wearables, turned in (relatively) modest jumps: Services made $16.9B, up 27%, and Wearables made $7.8B, up 25%.

MacRumors:

Gross margin for the quarter was 42.5 percent, compared to 38.4 percent in the year-ago quarter, with international sales accounting for 67 percent of revenue. Apple

Juli Clover:

Apple saw all-time revenue records for the App Store, cloud services, apple Music, payments services, and more. Apple TV+, Apple Arcade, Apple Fitness+, Apple News+, Apple Card, and Apple One are all “continuing to scale across users” and are contributing to overall growth.

Apple saw 40 million paid subscriptions added during the quarter, reaching a total of 660 million paid subscriptions across all services, which is up 145 million from the year-ago quarter.

Previously:

Update (2021-05-05): Michael E. Cohen and Josh Centers:

That said, Apple is on perhaps the firmest footing it has ever been on. The iPhone, iPad, and Mac are more popular than ever. The risky switch from Intel processors to Apple’s own M1 chip in the Mac has been nothing short of a smashing success, both critically and commercially. And Apple’s Services business seems to have unlimited room for growth. So, while Apple may not exceed these results next quarter—Cook noted that Apple would be “supply-gated, not demand-gated” in the coming quarter, having burned through much of its material reserves to counter supply constraints in Q2—the demand for Apple goods and services seems only to be accelerating, a prospect even sweeter than one of Ted Lasso’s famous biscuits.

Rust at Facebook

Kathy Kam (via Hacker News):

Facebook Open Source is excited to announce our support of Rust Foundation at its highest member tier. Alongside the other fellow foundation members, Facebook is committed to sustaining and growing the Rust open source ecosystem and community.

Facebook (via Hacker News):

Alongside fellow members including Mozilla (the creators of Rust), AWS, Microsoft, and Google, Facebook will be working to sustain and grow the language’s open source ecosystem.

[…]

Our oldest Rust codebase dates to 2016, when the rate of source code changes in Facebook’s monorepo started to encroach on the maximum commit rate that the Mercurial source control management tool could keep up with. In response to this, Facebook’s Source Control team launched a rewrite project called Mononoke with the goal of increasing Mercurial’s commit rate by some additional orders of magnitude to serve Facebook’s thousands of developers and automated processes.

[…]

At the end of 2020, we re-upped our commitment by launching a Rust team in our Programming Languages organization, the same org responsible for Facebook’s C++ standards work and toolchains.

Previously:

Daniel Kaminsky, RIP

Nicole Perlroth (via Hacker News):

He was a respected practitioner of “penetration testing,” the business of compromising the security of computer systems at the behest of owners who want to harden their systems from attack. […] When Daniel was 11, his mother said, she received an angry phone call from someone who identified himself as a network administrator for the Western United States. […] Without her knowledge, Daniel had been examining military websites. The administrator vowed to “punish” him by cutting off the family’s internet access. Mrs. Maurer warned the administrator that if he made good on his threat, she would take out an advertisement in The San Francisco Chronicle denouncing the Pentagon’s security.

[…]

In 2005, after researchers discovered Sony BMG was covertly installing software on PCs to combat music piracy, Sony executives played down the move. Mr. Kaminsky forced the issue into public awareness after discovering that Sony’s software had infected more than 568,000 computers.

Wikipedia:

In 2008, Kaminsky discovered a fundamental flaw in the Domain Name System (DNS) protocol that could allow attackers to easily perform cache poisoning attacks on most nameservers[…]. With most Internet-based applications depending on DNS to locate their peers, a wide range of attacks became feasible, including website impersonation, email interception, and authentication bypass via the “Forgot My Password” feature on many popular websites. After discovering the problem, Kaminsky initially contacted Paul Vixie, who described the severity of the issue as meaning “everything in the digital universe was going to have to get patched.” Kaminsky then alerted the Department of Homeland Security and executives at Cisco and Microsoft to work on a fix.

Kaminsky worked with DNS vendors in secret to develop a patch to make exploiting the vulnerability more difficult, releasing it on July 8, 2008. To date, the DNS design flaw vulnerability has not been fully fixed.

[…]

The actual vulnerability was related to DNS only having 65,536 possible transaction IDs, a number small enough to simply guess given enough opportunities. Dan Bernstein, author of djbdns, had reported this as early as 1999. djbdns dealt with the issue using Source Port Randomization, in which the UDP port was used as a second transaction identifier, thus raising the possible ID count into the billions. […] Kaminsky’s attack bypassed this TTL defense by targeting “sibling” names like “83.example.com” instead of “www.example.com” directly. Because the name was unique, it had no entry in the cache, and thus no TTL. But because the name was a sibling, the transaction-ID guessing spoofed response could not only include information for itself, but for the target as well.

Update (2024-07-29): Claroty:

Luta Security founder, security entrepreneur, and vulnerability disclosure pioneer Katie Moussouris joins the Aperture Podcast to talk about influential researcher Dan Kaminsky, who died April 23 at 42 years old. Katie discusses the breadth of Dan's work as a researcher, and his friendship, empathy, and outreach within the security community.

Wednesday, April 28, 2021

Swift Generics 2: Existentials Boogaloo

Tim Ekl:

It’s been just over two years since we first saw “Improving the UI of generics,” the discussion post about potential changes to make generic types easier to work with in Swift, and five years since the first version of the Swift Generics Manifesto. (Time flies when you’re building a language!) Last week, generics landed back in the spotlight, as Anthony Latsis, Filip Sakel, and Suyash Srijan proposed SE-0309, with a major change that addresses one of the most infamous errors in Swift:

Protocol can only be used as a generic constraint because it has ‘Self’ or associated type requirements.

While this change is still in review (through May 1), it looks very promising — but, as often happens when dealing with the corners of the type system, the details can be a bit opaque. Much like last time, this post will walk through the nitty-gritty of the proposed changes in SE-0309, and offer some practical scenarios where they might improve day-to-day Swift usage.

Previously:

How Facebook Encodes Videos

Facebook (via Hacker News):

But while more advanced codecs like VP9 provide better compression performance over older codecs, like H264, they also consume more computing power. From a pure computing perspective, applying the most advanced codecs to every video uploaded to Facebook would be prohibitively inefficient. Which means there needs to be a way to prioritize which videos need to be encoded using more advanced codecs.

Today, Facebook deals with its high demand for encoding high-quality video content by combining a benefit-cost model with a machine learning (ML) model that lets us prioritize advanced encoding for highly watched videos. By predicting which videos will be highly watched and encoding them first, we can reduce buffering, improve overall visual quality, and allow people on Facebook who may be limited by their data plans to watch more videos.

Mighty

Suhail Doshi (tweet, Hacker News):

We’re excited to finally unveil Mighty, a faster browser that is entirely streamed from a powerful computer in the cloud.

After 2 years of hard work, we’ve created something that’s indistinguishable from a Google Chrome that runs at 4K, 60 frames a second, takes no more than 500 MB of RAM, and often less than 30% CPU with 50+ tabs open. This is the first step in making a new kind of computer.

[…]

One answer is moving more client-side compute to the cloud. […] If you can move the most demanding processing, then battery life can finally improve because video decode and render times (we’re streaming video here) get more efficient with better chipsets. […] If most of the time people spend is in a browser and most of the processing and system resources are offloaded, their computer won’t feel slow as apps become more demanding.

This sounds like an amazing technical achievement, if it works as described, yet also an indictment of the modern hardware/software stack. Personally, I mostly work in native apps and don’t find the Web unacceptably slow, certainly not to the point of wanting to rent a VM in the cloud or give a company all my data.

Previously:

Update (2021-05-03): Francisco Tolmasky:

Anyone who asks “why would anyone need Mighty?” has their critique backwards. It should be: how is it that Mighty is a compelling value prop? How is performance of native apps a non-issue on a $600 iPad, but we’re moving mountains to make web apps bearable on high-end hardware?

Traditionally, the strategy for a disruptive platform that has a built-in disadvantage (in this case performance) is to attack new or neglected markets. The web however has repeatedly insisted on focusing on areas that highlight its weaknesses, while seldom offering anything new.

[…]

@Suhail is right, the web of 2021 isn’t for reading blogs. You know how I know this? Because when I go to a medium.com link, it bounces me into to Medium iOS app. Because not only have we failed to offer the the future, we somehow managed to lose ground too.

The web lost mobile, full stop. And yet I’m still seeing pitches for how “the future of the Desktop is the web” like it’s JSConf 2009.

Tuesday, April 27, 2021

Swift 5.4 Released

Ted Kremenek:

Swift 5.4 includes the following new language features:

  • Support for multiple variadic parameters in functions, subscripts and initializers (SE-0284)
  • Extend implicit member syntax (SE-0287)
  • Result builders (SE-0289)
  • Local functions supporting overloading
  • Property wrappers for local variables

[…]

In Swift 5.4, protocol conformance checks at runtime are significantly faster, thanks to a faster hash table implementation for caching previous lookup results. In particular, this speeds up common runtime as? and as! casting operations.

This was slow enough that in a few cases I had worked around it by using an extension to introduce an instance method to do the test.

The Swift compiler is much better at tracking dependencies between files, resulting in a significant reduction in the number of files compiled for many kinds of changes during incremental builds

Dependencies on member variables and functions of structs, enums, classes, and protocols are now tracked individually by the Swift compiler. This finer granularity speeds and shrinks rebuilds after changes to these entities

There are code completion and type checking improvements, too.

Previously:

Update (2021-05-19): John Sundell:

It’s now possible to create a local variable that’s assigned to an expression that has the same name, without having to manually disambiguate with self.

That was a common annoyance for me.

iOS 14.5 and iPadOS 14.5

Apple (MacRumors, ArsTechnica, Hacker News):

iOS 14.5 brings exciting new features to iPhone, including the ability to unlock iPhone with Apple Watch while wearing a face mask, more diverse Siri voices, new privacy controls, skin tone options to better represent couples in emoji, and much more.

[…]

App Tracking Transparency requires apps to get the user’s permission before tracking their data across apps or websites owned by other companies for advertising, or sharing their data with data brokers. Apps can prompt users for permission, and in Settings, users will be able to see which apps have requested permission to track so they can make changes to their choice at any time.

Apple:

This document describes the security content of iOS 14.5 and iPadOS 14.5.

Federico Viticci:

In the following months, I used Siri to play a variety of music and podcast content in Spotify without ever appending the “in Spotify” qualifier to my requests, and Siri never asked me to pick a different audio player again. By all intents and purposes, this option had the effect of setting a default audio player for Siri on my device.

Apple, however, recently stressed how this new Siri feature in iOS 14.5 shouldn’t be seen as “changing a default app”, for a variety of reasons.

[…]

Apple is continuing to expand Shortcuts with new actions and system integrations in iOS 14.5.

First, there’s ‘Take Screenshot’. As the name implies, you can use this action to programmatically capture a screenshot of whatever is in the foreground when the shortcut runs without having to press the Power + Volume Up buttons.

[…]

You can now also control your device’s orientation lock settings via the ‘Set Orientation Lock’ action. With this action, you can either toggle orientation lock, or you can use parameters to specifically set it to ‘on’ or ‘off’.

[…]

Perhaps more importantly though, this action is the perfect candidate for an automation that disables orientation lock whenever you open video apps like YouTube and Netflix.

Nick Heer:

I keep orientation lock on at all times but now, when I launch Halide, orientation lock toggles off, and then switches itself back on when I leave the app. This does seem like something Apple could provide an API to developers for — the Camera app is able to rotate its UI and the photos it takes without toggling orientation lock — but it is an excellent workaround.

I wish this were a standard per-app preference, like with notifications, cellular, and location access.

Someone1234:

In regard to unlock w/Apple Watch:

  • This is an issue of Apple’s own artificial creation.
  • This doesn’t even solve the issue.

So this all started because Face Unlock didn’t work with masks, that’s not Apple’s fault. But what is entirely Apple’s fault is that they break an option which resolves this only when Face Unlock is enabled: “Require Passcode.”

When you disable Face Unlock you can set Require Passcode to e.g. 15 minutes/1 hr, and it largely mitigates the aggressiveness by which your iPhone re-locks itself while you’re e.g. out grocery shopping in a mask and trying to use a shopping list. But when you enable Face Unlock this option is removed (forced to “Require Immediately”).

So Apple enforces “Require Immediately” in Require Passcode, it blows up in their face, and then instead of backing down when masks broke Face Unlock, they instead over-engineer a solution where you have to buy an Apple Watch to work around it.

Just letting me set a delay for requiring a passcode would offer a much better user experience. I’ve been using Guided Access, which is a pain to turn on and off, doesn’t work with Apple Pay, and doesn’t let me switch to another app.

Previously:

Update (2021-05-03): Hartley Charlton:

In spite of redesigning its Podcasts app with iOS 14.5, long-standing bugs within the app persist, and Apple has introduced a range of new crippling usability problems, according to hundreds of reports from users across Twitter and Reddit.

Update (2021-05-07): Dan Frakes:

Phone life changing

Tom Brand:

I still don’t understand why full screen video isn’t locked to the correct orientation.

Previously:

Update (2021-05-18): Juli Clover:

With Apple now enforcing its App Tracking Transparency rules with the release of iOS 14.5, The Wall Street Journal’s Joanna Stern did an interview with Apple software engineering chief Craig Federighi to talk about Apple’s aim with the feature and how it works.

Ron Gilbert:

If Apple really cared about iOS privacy they would give the user to ability to block any app from reaching the internet. A lot of the iOS apps I used have no need to ping the internet but they all do to gather metrics and do who-knows-what.

Rather than create a complex and unenforceable privacy policy Apple should just let users block the app from using the internet.

Update (2021-05-24): Callum Booth:

Because the Apple Podcast app redesign is a violation of our human rights; a plague upon this fair and pleasant land.

Okay, that’s a bit much. But the redesign is annoying. Anything that gets tweaked should be better to use, right? Well, that hasn’t happened with the new Apple Podcasts app.

Dave Wood:

I filed a bug about the ‘require immediately’ issue even before Face Id. It’s a problem with Touch ID as well…. I was told by an Apple employee at the time who looked at the radar “Don’t hold your breath on that one”.

macOS 11.3

Apple (MacRumors, Howard Oakley):

macOS Big Sur 11.3 adds support for AirTag, includes iPhone and iPad app improvements for Macs with M1, introduces separate skin tone variations for emoji with couples, and adds more diverse voice options for Siri.

It’s good to see some detailed release notes.

Apple:

This document describes the security content of macOS Big Sur 11.3.

Mr. Macintosh:

The full installer of macOS Big Sur 11.3 (20E232) is now available for download.

Jonathan Deutsch:

FB9083476: macOS 11.3 Regression: NSPropertyListSerialization can fail serializing data in the XML Format leading to data loss

FB9083459: macOS 11.3 Regression: NSPropertyListSerialization is 200x slower serializing to data in the XML Format (when it works)

Previously:

Update (2021-05-03): Howard Oakley:

At last Apple has returned to providing extensive release notes to accompany the Big Sur 11.3 update. Because they’re so long and detailed, I won’t attempt to summarise them, but recommend that you read them[…]

Howard Oakley:

It’s what we all really wanted. The largest macOS update ever, a good gigabyte bigger than even the Catalina 10.15.1 update, and more than most major releases of Mac OS X, the Big Sur 11.3 update gives us what we’ve all been asking for: it fixes a lot of bugs. The trouble with getting what you want are the unintended consequences.

For a few, the 11.3 update has proved disastrous, with a clean re-install their only hope of salvation. For most of us, its sheer size has at least been compensated for by the relative brevity of updating. But for those who are more cautious and don’t rush to update, it poses a serious problem: buried in its avalanche of fixes and improvements is one to address a serious security vulnerability, which makes updating an urgent need.

[…]

Using the popular strategy of waiting a few weeks after each update before installing it yourself now turns into a quandary. Is it better to run the risk of updating now, or that of malware making your Mac a victim?

One solution could be for Apple to start releasing Big Sur updates in two streams: security updates only, and full updates.

Colin Cornaby:

Podcasts on the Mac didn’t change in 11.3, right? Kind of odd they moved Podcasts to Catalyst, and now Catalyst on the Mac is back on it’s own track that seems separate from the iOS version.

Previously:

Beware of Signal Recompressing Images and Videos

Jeffrey Paul (Hacker News):

Signal took that 4000x2667 JPEG image comprising precisely 3,916,886 bytes, encrypted it, and transmitted it to my friend. She received a different 4000x2667 JPEG image comprising 784,524 bytes: 80% smaller.

[…]

Did you know that the everyday, normal-sized (<4MB) images you send via Signal are being silently altered in transit to look like dogshit?

[…]

If they feel it’s absolutely necessary for them to do this to continue to exist as a free service: they should be much, much clearer about the fact that this is going to happen, at the time of recompression, and permit you to opt out of sending an altered file. As well as, just, you know, not touching images that are already reasonably sized.

See also: The silliness of iCloud Photo Sharing quality degradation.

Previously:

Friday, April 23, 2021

Mac and iPad Aren’t Meeting in the Middle Yet

Watts Martin:

Since then, I’ve seen a chorus of pundits, both professional and armchair (hi), push two theories that are either at odds or entwined, depending on how you look at them:

  • Surely, a dystopian iOS-like future of only sanctioned App Store purchases lies ahead for the Mac. (Let’s call this the “Hacker News bait” narrative.)
  • Surely, the iPad is going to catch up or even surpass the Mac—it already does so many things so well, and it’s only held back from its potential by an OS with artificial limitations.

[…]

As long as this philosophy on Apple’s part holds—and there’s no evidence that it’s changing—macOS will never be locked down to the degree iOS is, i.e., unable to install non-App Store apps without jailbreaking.

[…]

But that brings us to the second point. Is this the year when the iPad does get to do everything, not just most things, the Mac does? Will we be able to run macOS apps on M1 iPad Pros the way we can run iOS apps on M1 Macs?

Juli Clover:

The maxed out 11-inch cellular model will run you $2,099, which is just about as expensive as the maxed out M1 MacBook Pro. Neither of those price points includes an Apple Pencil or a Magic Keyboard, both of which can be purchased separately.

Jason Snell:

And yet, in 2021, it feels like the same story: Apple killed it on the hardware side, and the software…well, the software lags behind, to put it nicely. Apple built a spectacular sports car, but where are the roads to drive it on?

Jack Wellborn:

Imagine working on an iPad. It works much like an iPad today. It’s running iPadOS, is optimized for touch and has apps in different screens. Now imagine connecting that iPad to a 6K display. Full screen apps are absurd on such a large screen. Instead, imagine apps running on the iPad are now mirrored in macOS as separate windows, which can still be optionally full screened. The screen on the iPad is still in iPadOS, and you can even use touch or the Apple Pencil. Input from either interface updates the other in real time.

Monica Chin:

I really would just like Apple’s next iPad Pro to be a laptop. Not a clamshell, but a Surface Pro type of deal: a tablet with laptop hardware and a laptop OS.

[…]

But now that the iPad Pro is an M1 system, I don’t see why it can’t run macOS apps. Because it has the same hardware as the MacBook Air (including the fanless form factor). So the iPad really should be able to run whatever the MacBook Air can run.

[…]

The result of all this is that we’re moving toward a weird point in the evolution of these two devices where the MacBook can do everything the iPad can do (but it doesn’t have the touchscreen hardware to take advantage of all of it), while the iPad can still only do iPad things (even though features of macOS would take good advantage of its touchscreen capability). It seems like a point where Apple’s goals of “creating a seamless ecosystem” and “selling you many different products” are starting to butt heads.

Christina Warren:

I don’t want a touch screen Mac, I just want to use Mac apps on my iPad.

John Gruber:

Most people clamoring to run Mac apps on their iPad Pro probably do not have a single Catalyst app on their wishlist, of course. But if you mean other Mac apps, real Cocoa Mac apps, then what you really mean is you want to run MacOS on iPad.

Jeff Johnson:

They think they want Mac apps, but what they really want is for iOS to not be locked down. Open up the file system, allow full background multiprocessing, interprocess communication, shell scripts, AppleScript, remove sandbox limitations, etc.

Juli Clover:

“There’s two conflicting stories people like to tell about the iPad and Mac,” says Joz, as he starts on a clarification that will lead him at one point to apologise for his passion. “On the one hand, people say that they are in conflict with each other. That somebody has to decide whether they want a Mac, or they want an iPad.

“Or people say that we’re merging them into one: that there’s really this grand conspiracy we have, to eliminate the two categories and make them one. And the reality is neither is true. We’re quite proud of the fact that we work really, really hard to create the best products in their respective category.”

Jeff Johnson:

A grand conspiracy? They already did it! Fait accompli. Big Sur is iOS, and iOS apps are running on M1 Macs now. The system is read-only, kernel extensions are banned, external booting is basically dead.

Nick Heer:

An iPad that runs MacOS would suck just as much — albeit for different reasons — as a Mac that ran iPadOS. But now that they are all on the same silicon, it makes the ways in which the iPad is limited by its software that much more noticeable. Griffin points out that Apple demoed Final Cut Pro on a Pro Display XDR to show how powerful the M1 is in a Mac, but could not do any of that with an iPad because the software does not exist. He even tries to coax Joz into admitting that Apple is working on professional apps for the iPad, with predictably little success.

[…]

If you toggle between a few resource-hungry apps on a Mac and then go back to Safari, it picks up where you left off; if you open the camera and a few other apps on an iPad and then switch back to Safari, your open tabs might reload. If you pause the music you are listening to so you can watch something in your browser, then try to resume playback, it is a crapshoot whether it resumes correctly, starts the song again, or entirely forgets that you were listening to music — and it is worse with AirPlay.

Previously:

Update (2021-05-03): scott:

It took me half the morning to figure out how to bring up the taskbar on iPad OS using a trackpad, because nothing happens by moving your cursor to the bottom at anything resembling a normal pace, instead you must fling the cursor towards the bottom of the screen like a lunatic.

Matthew Panzarino:

One of the stronger answers on the ‘why the aggressive spec bump’ question comes later in our discussion but is worth mentioning in this context. The point, Joswiak says, is to offer headroom. Headroom for users and headroom for developers.

“One of the things that iPad Pro has done as John [Ternus] has talked about is push the envelope. And by pushing the envelope that has created this space for developers to come in and fill it. When we created the very first iPad Pro, there was no Photoshop,” Joswiak notes. “There was no creative apps that could immediately use it. But now there’s so many you can’t count. Because we created that capability, we created that performance — and, by the way sold a fairly massive number of them — which is a pretty good combination for developers to then come in and say, I can take advantage of that. There’s enough customers here and there’s enough performance. I know how to use that. And that’s the same thing we do with each generation. We create more headroom to performance that developers will figure out how to use.

“The customer is in a great spot because they know they’re buying something that’s got some headroom and developers love it.”

Nick Heer:

I buy this argument, particularly as the iPad is the kind of product that should last years. Since the first-generation iPad Pro, iPads have seemed to be built for software and workflows that are two or three years down the road. But the question about the iPad for about that same length of time is less can you? and more would you want to?, and I hope the answer to that comes sooner than a few years out.

Riccardo Mori:

I kind of buy that argument too, in the sense that it’s the only possible argument Apple can elaborate at this point. But this headroom Joswiak and Ternus are talking about is getting so ridiculously high that I truly wonder whether the whole thing is starting to lose sense.

[…]

Apologies if I’m getting unbearably pedantic here, but I do think that Apple’s narrative here is like You know, the chicken did indeed come before the egg, while I’m rather certain the opposite is true. Creative apps and iOS developers never really waited for Apple; I’ve purchased creative apps for iOS since 2008, and what I’ve noticed is that developers in general, and especially developers of creative apps, have always tried to stay ahead of the curve. And all the iPads I’ve handled in the past ten years have never really struggled when running such creative apps.

[…]

Hardware-wise, an M1 iPad Pro is essentially a Mac with a touch interface. Software-wise, this incredibly powerful iPad is as capable as a 2014 iPad Air 2 (the oldest iPad model that can run iPadOS 14). There is still, in my opinion, a substantial software design gap preventing iPads from being as flexible as they are powerful. Software-wise, iPadOS still lacks flow.

Apple Sued for Removing Purchased Content

Jason Hellerman (Hacker News):

You know all those times you “bought” movies on iTunes? Well, because of the way Apple licenses films from studios, you never really own them. You actually have rented them at a higher fee, for a longer time.

[…]

David Andino is the lead plaintiff in this case. He alleges Apple reserves the right to terminate access to any movie you “purchase.” And that they do this on regular occasions. He wants them to stop telling people they have “bought” things when they really have not.

Eriq Gardner:

This week, U.S. District Court Judge John Mendez made clear he isn’t ready to buy into Apple’s view of consumer expectations in the digital marketplace.

“Apple contends that ‘[n]o reasonable consumer would believe’ that purchased content would remain on the iTunes platform indefinitely,” writes Mendez. “But in common usage, the term ‘buy’ means to acquire possession over something. It seems plausible, at least at the motion to dismiss stage, that reasonable consumers would expect their access couldn’t be revoked.”

Damien Petrilli:

Yup. And some of the movies I got were removes sometimes.

Now I track the number of movies in my account to check which ones.

Apple should send at least an email to have the time to save them but they don’t.

And in another case, a customer lost more than just a few movies:

The complaint, filed on Tuesday in the U.S. District Court for the Northern District of California, goes after an Apple services clause that states a user with a terminated Apple ID cannot access media content that they’ve purchased.

[…]

The plaintiff in the case, Matthew Price, reportedly spent nearly $25,000 on content attached to an Apple ID. When Apple terminated Price’s Apple ID for an alleged violation of its terms and conditions, Price lost access to all of that content.

[…]

The lawsuit doesn’t specify why Price’s account was terminated. However, it does claim that Apple shut down the Apple ID “without notice, explanation, policy or process.”

Previously:

Update (2021-06-07): See also: Tim De Chant (via Hacker News).

Revitalizing the Windows App Store

Zac Bowden:

Furthermore, in addition to the new storefront, Microsoft is also planning to relax some of the policies around what kind of apps can be submitted to the Store by developers.

According to my sources, there are three big changes coming to the new Store that will benefit developers:

  • Allow developers to submit unpackaged Win32 apps to the Store
  • Allow developers to host apps and updates on their own content delivery network (CDN)
  • Allow developers to use third-party commerce platforms in apps

[…]

I’m told that Microsoft will not take a cut from app developers who do leverage their own in-app commerce channel, which I believe would be an industry first.

Via Damien Petrilli:

What is happening here is really important for the antitrust cases as it shows a lot.

Windows store: Microsoft is subjected to competition / underdog and forced to make a fair deal and be opened.

Xbox store: monopoly by Microsoft, they follow Apple / Google 30% walled garden.

We have a pretty clear example here about how big corps are forced to react when they are subjected to competition.

Previously:

Update (2021-05-05): Tom Warren:

Microsoft is shaking up the world of PC gaming today with a big cut to the amount of revenue it takes from games on Windows. The software giant is reducing its cut from 30 percent to just 12 percent from August 1st, in a clear bid to compete with Steam and entice developers and studios to bring more PC games to its Microsoft Store.

Nilay Patel:

It is amazing how even just a little competition changes things fast

Previously:

More App Store Search Ads

Sami Fathi:

Apple is planning to boost its advertising business through a new ad slot on the App Store search page which will allow developers to promote their apps across the entire platform, rather than just when users search for a specific app, according to a new report from the Financial Times.

[…]

According to the Financial Times, citing people familiar with the matter, the company plans to roll out a second ad slot within the App Store , but this time directly within the Search page, by the end of the month. The new ads will appear alongside the current “Suggested” section on the page and will be visible to users across the whole platform.

Everyone has different ideas about how to improve the App Store, but I’ve never heard anyone say that the problem is it doesn’t have enough ads.

Previously:

Update (2021-05-05): Apple:

Apple Search Ads has always made it easy to promote your apps at the top of relevant search results on the App Store. Now you can reach users even before they search with an ad placement on the Search tab. It’s a simple and effective way to help users discover your apps.

BBC (via Hacker News):

Last week’s release of iOS 14.5 placed strict limits on tracking on iPhones - including tracking for advertising.

And Facebook fiercely opposed the change, warning it would favour Apple’s own advertising system.

Patrick McGee:

Apple’s Eric Friedman, head of the fraud unit and whose emails are a journalist’s dream, responds that paid promotion “would be awesome” particularly because bots were already gaming the App Store ranking; so “why don’t we just let them pay us to gain position?”

Friedman conceded the App Store would be “pretty cheesy” if it were inundated with ads, “but at least it would be transparently cheesy.” In any case, he said the App Store’s role as an app discovery tool had become pretty meaningless for consumers.

Friedman later acknowledged that developers would “love” being able to pay for ads in the App Store, but “Tim” — presumably Cook — was “telling the world we make great products without monetizing users. Ads would be weirdly at odds with that.”

Previously:

iTunes Podcast Directory Now Hiding Feed URLs

Marco Arment:

Something’s up with the iTunes API (that most podcast apps use). This isn’t the first missing feedUrl I’ve seen on a public podcast.

Removing this API will make Apple an enemy of open podcasting FAR more than optional paid subscriptions.

Benjamin Mayo:

Apple Podcasts Connect has a ‘Make my feed publicly available’ option so maybe the backend is screwed up whilst they transition databases or something.

Marco Arment:

This checkbox needs to be seriously rethought.

Novice podcasters won’t know the ramifications of unchecking it (not being visible to a huge portion of podcast listeners who use other apps).

Nathan Gathright:

For new shows, it’s checked by default. It looks like existing shows are getting accidentally opted out when they make any change in Podcasts Connect.

Stephen Robles:

Turns out, every one of the checkboxes were unchecked. Podcasters, double check your shows.

Art Crime Podcast:

Approx 15 hours after opting my podcast back INTO being discoverable, it still no longer appears in show results, only episode results.

Marco Arment:

Losing feed URLs from the iTunes API dramatically raises the barrier for new podcast apps to exist and increases the burden on new podcasters to be visible everywhere.

Removing feed URLs from the iTunes API does FAR more damage to the open podcast ecosystem, and changes Apple from a multi-decade benevolent protector to a destructive adversary, much more than introducing proprietary subscriptions.

Russell Ivanovic:

If you think this RSS feed thing going on with Apple Podcasts is just a launch glitch and it’s smooth sailing from here…my 12 years of App Development experience says otherwise. Have fun!

Previously:

Update (2021-04-23): Justin Jackson:

Got a DM from someone at Apple.

I asked about the RSS submission bugs:

“We’ve been having issues with the crawler. Hoping to have it resolved today.” 👍

I asked why public RSS URLs were removed from the API:

“That’s a bug. There was no intention to remove feed URLs en masse.”

This is the sort of thing that would have been good to mention on the System Status page.

He wrote that yesterday, and it was still broken when I started writing this post, but as of now it looks to me like it’s fixed. (Or, I suppose, all the podcasts that I thought to check have manually opted in.)

Spotify Set to Rival Apple Podcasts Subscriptions

Tim Hardwick:

According to a new report from The Wall Street Journal, Spotify will announce a similar podcast subscription feature next week, but in contrast to Apple, the rival streaming service won’t be collecting revenue on any of the content it hosts.

[…]

According to one prediction, Spotify could soon have more podcast listeners than Apple.

[…]

Apple won’t require podcast creators to create content exclusively for Apple, but it does have a number of partners on board ready to create premium podcast content[…]

I just want to be able to listen to everything in the app of my choice.

Previously:

Thursday, April 22, 2021

Exploiting Vulnerabilities in Cellebrite

Moxie Marlinspike:

Since almost all of Cellebrite’s code exists to parse untrusted input that could be formatted in an unexpected way to exploit memory corruption or other vulnerabilities in the parsing software, one might expect Cellebrite to have been extremely cautious. Looking at both UFED and Physical Analyzer, though, we were surprised to find that very little care seems to have been given to Cellebrite’s own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.

[…]

Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned.

[…]

Also of interest, the installer for Physical Analyzer contains two bundled MSI installer packages named AppleApplicationsSupport64.msi and AppleMobileDeviceSupport6464.msi. These two MSI packages are digitally signed by Apple and appear to have been extracted from the Windows installer for iTunes version 12.9.0.167.

[…]

In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software.

Previously:

Update (2021-05-05): Lucas Ropek (via Hacker News):

A Maryland defense attorney has decided to challenge the conviction of one of his clients after it was recently discovered that the phone cracking product used in the case, produced by digital forensics firm Cellebrite, has severe cybersecurity flaws that could make it vulnerable to hacking.

Update (2021-05-19): Riana Pfefferkorn (via Hacker News):

What will be the likely ramifications of Signal’s discovery in court cases? I think the impact on existing cases will be negligible, but that Signal has made an important point that may help push the mobile device forensics industry towards greater accountability for their often sloppy product security. Nevertheless, I have a raised eyebrow for Signal here too.

[…]

So while computer security folks were giggling at Signal’s cute, clever blog post, lawyers like me were sighing. Why? Because of an important life lesson that engineers typically don’t understand: Judges hate cute and clever.

[…]

You aren’t helping your cause when a reporter can’t tell which parts of your blog post are jokes and which parts are serious, or what you mean by your weird coy phrasing. This blog post was plainly written in order to impress and entertain other hackers and computer people. But other hackers aren’t the real target audience; it’s lawyers and judges and the law enforcement agencies that are Cellebrite’s customers. They tend to prefer clear communication, not jokes and references to 25-year-old cult films.

[…]

And meanwhile, the existence of Cellebrite devices has served as, I think, a safety valve to keep backdoor mandates from being imposed on smartphone manufacturers in the U.S. to date, despite the occasional effort to do so.

Menuwhere 1.0

Rob Griffiths (tweet):

This handy $3 utility puts the frontmost app’s menu bar into a pop-up menu at your mouse’s location—say goodbye to those long trips to the menu bar; the main menu is now just a hot key away[…]

There were several classic Mac OS apps that did this, and it’s also similar to the way the NeXT menu bar worked. It’s never been my cup of tea on a desktop Mac, where I find it easy to fling the mouse to the top of the screen. Notebooks may be a different matter, though, as trackpads are slower and less precise. To me, Menuwhere seems best used via the keyboard, both because you can avoid repositioning your hands and because typing eliminates the need for precise cursor movements to navigate the submenus.

Many Tricks:

I have two 27" displays with the menu bar only on the left display. It’s a very long trip from bottom right, even with mouse acceleration.

And if you’re using the keyboard, Fitt’s Law doesn’t apply: Invoke our app, start typing, done.

The first big new feature is an “all apps” menu option: Define a separate hot key, and Menuwhere will show you all the menus from all your apps[…]

Kaleidoscope 2.4.1

Filipe Espósito:

After a long period without major updates, Kaleidoscope has been acquired by Letter Opener GmbH, which is now committed to providing regular updates to the app with new features. Following the release of an update last month to reduce memory usage, Kaleidoscope 2.4 brings new options focused on developers.

The new Xcode Debugger integration provides “ksp” and “kspo” commands in “lldb,” as well as new inputs with the “ksdiff” tool.

Florian Albrecht:

Wouldn’t it be great if one could visually compare what exactly your app does during runtime?

This is where this integration comes in. It helps you send and textual or graphical output of the debugger to Kaleidoscope, so you can inspect differences down to the last character or pixel.

Florian Albrecht:

As it turned out, some AppKit/UIKit classes are notoriously hard to convert into the right destination format. Under the hood, the runtime sometimes uses optimized structures.

In Kaleidoscope 2.4.1 we provide built-in support for the most common objects. In detail:

  • iOS: UIImage and UIView (which includes it’s subclass UIWindow)
  • macOS: NSImage, NSView and NSWindow.

Previously:

Examining Competition in App Stores

The video of the senate judiciary hearing is here and here.

Lauren Goode:

Daru, from Tile, says that when Apple made changes in iOS for the rollout of Find My, Apple started showing people prompts to turn Tile off but not turn off Find My. Also says new “magic onboarding flow” with AirTags isn’t available to third parties like Tile.

Match CLO says Google called Match last night asking why Match’s public testimony was different than what co said about the situation in earnings call earlier this year…Google sr director of public policy says this was not meant to be intimidation, just a standard biz call.

Sen. Lee is asking Tile’s Daru questions about Apple that she says she can’t answer because Apple required Tile to sign an NDA. Lee immediately turns to Apple counsel and asks co to waive NDA, on the spot. (I have a feeling this isn’t going to go very far.)

Juli Clover:

Tile has known about Apple’s work on the AirTag for some time now and has brought it up in prior legal proceedings as it is unhappy to have Apple as competition in the item tracking space. To avoid antitrust complaints, Apple waited to launch AirTags until it had already debuted the Find My Network accessory program, which allows third-party Bluetooth devices like item trackers to integrate into the Find My app alongside AirTags.

The Find My network is open to Tile, but it does require item trackers to work exclusively with Find My, and Tile already has an established item tracking app and its own network that uses smartphones for crowdsourced tracking purposes.

[…]

With the App Store competition hearing kicking off today, Fight for the Future launched an “Abolish the App Store” initiative that calls on people to sign a petition to demand that Congress “end the App Store monopoly.”

July Clover:

Match, meanwhile, complained that it had wanted to add ID verification rules to boost the app’s safety in Taiwan, but Apple would not allow it to do so. Match contacted an Apple executive, who allegedly told the company that it should be glad Apple was not taking all of its revenue. “You owe us every dime you’ve made,” the Apple executive reportedly said.

Previously:

Update (2021-05-24): Lauren Feiner (via Amy Klobuchar):

Spotify Chief Legal Officer Horacio Gutierrez said he could think of “at least four clear examples of threats and retaliation” from Apple after Spotify decided to speak out about alleged anticompetitive behavior and Apple’s fees for developers on digital products purchased through its platform. That included threats of removing Spotify’s app, refusing to promote it, or waiting for months for minor app updates to be approved, he said.

“They’ve basically thrown the book at us in order to make it hard for us to continue to sustain our decision to speak up,” he said.

The App Store Isn’t Catching the Most Egregious Scams

Nick Heer:

One more thing that I think is critical is that it is, right now, impossible to flag an app as a rule-breaker or a scam. Say you download an app and it is, in some way, worth reported to Apple. Let’s start in the App Store, where there is no button to report an app, not even in the app listing’s share menu. If you go to Apple’s Report a Problem website, you will see all of your purchases and downloads from your Apple ID, and you will be be asked a question, “What can we help you with?” for a dropdown menu containing these options[…] If you pick the last one, you’ll be sent to a screen where you will be told to contact Apple Support if you think your Apple ID has been compromised; it has nothing to do with the items you purchased or downloaded.

[…]

But it appears that, if a scam makes its way into the App Store, Apple is entirely dependent on users posting on social media or contacting Apple through another channel to be alerted to problems.

Sean Hollister:

Recently, I reached out to the most profitable company in the world to ask a series of basic questions. I wanted to understand: how is a single man making the entire Apple App Store review team look silly? Particularly now that Apple’s in the fight of its life, both in the courts and in Congress later today, to prove its App Store is a well-run system that keeps users safe instead of a monopoly that needs to be broken up.

That man’s name is Kosta Eleftheriou, and over the past few months, he’s made a convincing case that Apple is either uninterested or incompetent at stopping multimillion-dollar scams in its own App Store. He’s repeatedly found scam apps that prey on ordinary iPhone and iPad owners by luring them into a “free trial” of an app with seemingly thousands of fake 5-star reviews, only to charge them outrageous sums of money for a recurring subscription that many don’t understand how to cancel. “It’s a situation that most communities are blind to because of how Apple is essentially brainwashing people into believing the App Store is a trusted place,” he tells The Verge.

[…]

And we’re starting to hear from Apple insiders, too, that the company’s claims about App Store security are overblown. Eric Friedman, the head of the company’s Fraud Engineering Algorithms and Risk (FEAR) team, will be testifying in next month’s Epic Games trial. In a recent deposition he spoke of the App Review team as “bringing a plastic butter knife to a gun fight” and “more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog.” His team reportedly believed App Review’s job was incentivized to get apps “through the pipe” and “move people through” like TSA employees.

[…]

By the way: you know that app that John Gruber helped draw attention to in 2019, the one that reportedly charged $10 every week for wallpaper you could find free online? It’s still on the App Store. Never got removed.

Nick Heer:

It is remarkable because it is so simple. Hollister was easily able to replicate Eleftheriou’s scam-finding techniques, which combines data that Apple makes publicly available and information estimated by SensorTower. Some of these scams are raking in, according to Eleftheriou and SensorTower’s data, millions of dollars per year, and they are plentiful.

Ben Thompson:

App Review [somehow] seems far more effective in figuring out how to navigate from a privacy policy on a web page to a purchase page (and subsequently rejecting the app) than it is in rooting out scams.

David Heinemeier Hansson:

Now the problem is that Apple is defacto an accomplice to fraud. They knowingly aided and abetted scams that preyed on consumers and cost them millions. They were alerted and warned, specifically and repeatedly, about these scams, and not only did they do nothing, they continued to profit from the scams! Every scam that ran through the in-app payment system paid Apple a 30% cut of the take.

Previously:

Update (2021-05-05): Kosta Eleftheriou:

Apple’s non-answers to Senator @ossoff’s great questions in yesterday’s hearing should anger all of us. They did not offer any explanation for why it’s so easy for me to keep finding multi-million-dollar @AppStore scams that have been operating for years.

Kosta Eleftheriou:

Two years later, the developer account of a fraudulent and LIFE THREATENING app is still up on the @AppStore! 🤯

Update (2021-05-07): Juli Clover:

At the time, Temple Run was a super popular iOS exclusive title, and in February 2012, a fake version of Temple Run hit the App Store charts. Schiller sent out an email to Eddy Cue, Greg Joswiak, Ron Okamoto, Phillip Shoemaker, Matt Fischer, Kevin Saul, and others on the App Store team. “What the hell is this????” he asked. “How does an obvious rip off of the super popular Temple Run, with no screenshots, garbage marketing text, and almost all 1-star ratings become the #1 free app on the store?”

“Is no one reviewing these apps? Is no one minding the store?” he ranted on, before asking whether people remembered a talk about becoming the “Nordstrom” of App Stores in quality of service.

Jesper:

Oh, spin me once again a yarn about how the App Store is inherently slathered in discerning curation; so discerning that low effort scams emerge, and so discerning that automated processes are dreamed up to salvage the situation, with automatically triggered removal of already approved applications without consideration for due process or developer impact the inevitable and apparently desirable outcome.

Previously:

Tuesday, April 20, 2021

Secure ShellFish (Sponsor)

My thanks to Secure ShellFish for sponsoring the blog this week.

Secure ShellFish connects iOS devices to your Mac, Raspberry Pi, and any other SSH server to open terminals, browse the file system, and upload files.

Secure ShellFish

With a location in the Files app, your server content is listed alongside cloud storage and available to third-party apps. Upload files or even directories from any share sheet.

It has extensive Shortcuts support for automating file operations and has widgets for following long-running jobs or tailing log files from the home screen.

Use tmux to keep your terminal sessions alive, picking sessions by thumbnail and passing sessions between devices with Handoff. Select files in the terminal and drag these into other apps as actual file content. Drop items onto the terminal to upload.

There are shell functions to invoke the share sheet, post notifications, and run shortcuts right from the terminal with the files on your server.

Secure ShellFish is made by Anders Borum, who also brought you Working Copy. It is a premium app where you subscribe monthly or purchase a lifetime unlock. Get started with the 15-day free trial that doesn’t convert to a subscription.

iPad Pro (M1, 5th Generation)

Apple (MacRumors, Hacker News):

The addition of the Apple-designed M1 chip delivers a massive leap in performance, making iPad Pro the fastest device of its kind. The 12.9-inch iPad Pro features a new Liquid Retina XDR display that brings extreme dynamic range to iPad Pro, offering a stunning visual experience with more true-to-life details to the most demanding HDR workflows. Cellular models with 5G deliver even faster wireless connectivity when on the go, and to provide users with pro-level throughput for high-speed accessories, iPad Pro now includes support for Thunderbolt. Additionally, an all-new Ultra Wide front camera enables Center Stage, a new feature that automatically keeps users perfectly framed for even more engaging video calls.

Juli Clover:

iPad Pro models with 128GB, 256GB, or 512GB of storage will come with 8GB RAM, while iPad Pro models with 1TB or 2TB of storage will feature 16GB RAM.

Update (2021-07-03): Federico Viticci:

If anything, this new iPad Pro, which I’ve been testing in the high-end 12.9” flavor with 2 TB of storage for the past week, only widens the chasm between its hardware and software: it’s an absolute marvel of engineering featuring the Apple-designed M1 chip, a brand new Liquid Retina XDR display, and 16 GB of RAM that hints at a powerful, exciting future for its software that just isn’t here yet.

[…]

The new iPad Pro’s most fun (and timely, given our current pandemic-ridden world and importance of video calls) addition is a textbook example of what Apple can achieve when its hardware and software teams collaborate to turn complex ideas into simple, intuitive features that make our lives even just a bit better.

Center Stage is a new feature of the ultra-wide front-facing camera of the 2021 iPad Pro that iPadOS uses to “follow you around” as you move during video calls. Made possible by the new 122-degree ultra-wide selfie camera, Center Stage relies on machine learning to recognize you and keep you in the center of the frame as much as possible, zooming and panning around to crop the image accordingly. The way Center Stage works behind the scenes is ingenious: the camera’s ultra-wide field of view is cropped to focus on you; if you move around, the system “pans” to another area of the camera’s field of view that wasn’t previously displayed onscreen to ensure you stay front and center.

Nick Heer:

The thing I keep coming back to, ever since this iteration of the iPad Pro was introduced last month, is that M1 disambiguates the iPad more than you might expect. If these iPad Pro models had exactly the same processor with different branding, there would be all sorts of theories about why the iPad is unable to take advantage of those capabilities in software. But by using the same chip as in all of the M1 Macs — the exact same chip, as Viticci’s benchmarks show — the only possibility for why the iPad is more constrained in software than its Mac cousins is because it is designed that way. There is no other reason.

I’m not sure I agree with this reasoning, since iPad has less RAM, no virtual memory, and a much smaller battery yet with higher expecations for battery life. But, on another level, yes—it is designed that way. There were portable Macs 25 years ago, with much lowlier hardware, doing things that today’s iPad Pro can’t.

David Sparks:

While this new iPad runs faster than a MacBook Pro on some benchmarks, it still is pretty terrible at file management. I know the rallying cry this year is that we need something like Final Cut to take advantage of the sexy new hardware. I’d argue we also need the ability to efficiently work with tags and sort our files. Where Final Cut on the iPad represents the high-hanging fruit, there still is a lot of low-hanging fruit (like adequate file management) on the tree.

[…]

All of this got me wondering how Apple sees the iPad. Do they look at it the way I do, as an alternative computing platform to the Mac, or do they look at it like my kids do, an excellent tablet device but never to be on par with a Mac? Put simply, are we still thinking about cars and trucks? Apple markets the iPad as a truck but develops software as if it is one of those tiny electric cars that feels just a step beyond a golf cart. It’s actually more complicated than that because what they’ve done at this point is build fighter jet hardware with a put-put car software engine.

John Gruber:

The iPad was just a different sort of thing. The pitch for using an iPad instead of a MacBook was basically, Hey, for a lot of the stuff you do, you don’t need the speed of a MacBook. Why not trade that power for a device that’s one-third the weight, meant to be held comfortably in one hand, and half the price? It was a decided trade-off: iPads were lightweight and less expensive, but slow; MacBooks were fast, but heavy and more expensive. It all made intuitive sense.

But then a funny thing happened.

Each successive year, Apple’s A-series chips got faster at a remarkable clip. Yet iPads (and iPhones) weren’t getting thicker and heavier — in fact they were getting thinner and lighter. Intel’s chips improved year-over-year too, but not nearly at the pace A-series chips were.

[…]

The elephant in the room is iPadOS. It’s just not good enough. In the same way that Intel’s chips were holding back Macs, iPadOS has been holding back iPad Pros. With Intel chips, the hardware was holding back the Mac platform. With iPads, it’s the software holding the platform back. This hardware is indisputably amazing, and iPadOS is fine for casual use. But it still feels like I’m trying to do fine detail work while wearing oven mitts for my day-to-day work.

Damien Petrilli:

So got confirmation from Apple support / engineers that when using demanding Apps like games on M1 iPad Pro, the magic keyboard isn’t expected to provide enough power to keep charging it. So the battery is actually draining over time.

iMac 24-inch 2021

Apple (MacRumors, Hacker News):

Apple today introduced an all-new iMac featuring a much more compact and remarkably thin design, enabled by the M1 chip. The new iMac offers powerful performance in a design that’s just 11.5 millimeters thin, with a striking side profile that practically disappears. Available in an array of vibrant colors to match a user’s personal style and brighten any space, iMac features a 24-inch 4.5K Retina display with 11.3 million pixels, 500 nits of brightness, and over a billion colors, delivering a brilliant and vivid viewing experience.

The new iMac also includes a 1080p FaceTime HD camera, studio-quality mics, and a six-speaker sound system — the best camera and audio ever in a Mac. Also, Touch ID comes to iMac for the first time[…]

[…]

To complete the simplified design, iMac comes with a new power connector that attaches magnetically and a beautifully woven 2-meter-long color-matched cable.

That would be even more useful on a notebook computer…

I’d like to see it in person, but I’m a bit skeptical of the white bezel. Everything else sounds pretty great, and there’s no longer a premium for the VESA models.

Many of the specifications are limited compared with the previous model:

So, presumably there will be a new iMac Pro sometime in the next year or so. Perhaps it will have a faster processor than the other M1 Macs. Ideally, for those of us with DTK coupons, this will be out before the end of the year, along with a 16-inch MacBook Pro and an external display.

Mitchel Broussard:

Alongside the brand new M1 iMac, Apple today revealed a collection of accessories for the desktop computer. The biggest product is a new version of the Magic Keyboard that includes support for Touch ID, providing quick access to macOS and even allowing users to switch profiles with the touch of their finger.

Alas, it has the bad arrow key layout, even though Apple already fixed this on its notebooks. I’m not sure whether it’s still bendy or suffers from the Bluetooth problems that forced me back to a wired keyboard.

Previously:

Update (2021-04-20): Scott:

The ONE thing that I didn’t see, am not seeing, that I wanted, NEEDED to see with new iMacs is the ability to use the iMac as an external display over Type C.

Shihab:

Hot take: The iMac didn’t need to be thinner. The bezels (AND CHIN) needed to be reduced.

Update (2021-04-22): Marques Brownlee:

Fun fact: This new iMac is so thin (11.5mm) that it can’t fit a headphone jack on the back (typically 14mm deep) so they HAD to put it on the side.

Stephen Hackett:

The machine’s tiny logic board, two small fans and the improved speakers are all housed in that chin, with the 24-inch display sitting above these internals, not in front of them.

Jason Snell:

That power brick also cleverly includes an Ethernet jack, so that’s one fewer cable that needs to snake across your desk and attach to the back of your iMac. I love the idea, and hope Apple explores a bit more functionality in this brick in the future. If I could plug a couple of USB devices into a hidden power brick instead of having to route them up to the back of my iMac on my desk, I’d love it.

I’d also like Apple to consider making some sort of extension cable or offering a version of the cable in longer lengths; two meters seems like a long distance, but it won’t reach the floor if my adjustable sit-stand desk is in its standing configuration.

[…]

But my bigger disappointment with the iMac stand is that its height is not adjustable. These gorgeous iMacs are going to go out in the world, and then people are going to have to stick old ratty dictionaries and encyclopedias under them in order to get them up to the right height.

Joe Rossignol:

While the Touch ID sensor on the new Magic Keyboard is compatible with all M1 Macs, including the new iMac and last fall’s 13-inch MacBook Pro, MacBook Air, and Mac mini, MacRumors has confirmed with Apple that the Touch ID sensor will not function with the new iPad Pro, even though it also has an M1 chip.

Mr. Macintosh:

I know you have questions, and I’m here to answer them.

Update (2021-05-03): Riccardo Mori:

That’s why these three iMac tiers feel so contrived to me. It’s not an additive configuration model, where you start with a decent base machine (the good tier) and you add meaningful features to it to create the better tier machine, and then you add some more perks to end up offering the best tier machine. With the new iMac you have a subtractive configuration model: you start by what is essentially a reasonable configuration by 2021 standards — the most expensive $1,699 iMac — and then remove functionalities from it to offer two more lower tiers which do cost less, yes, but also leave you with a machine with the bare minimum of ports, performance, memory and storage — and neither of these latter features are upgradable down the road.

I realise that computers are de facto household appliances by now, but this trend towards devices with immutable innards once you pick a configuration at the time of purchase still feels annoying and ridiculous to me. Computers aren’t devices you replace every year. Your needs may change over time. If there’s something you constantly need more of as time goes by is storage space. Internal drives should always be upgradable.

John Gruber:

These new iMacs are just 11.5mm thick. How thin is that? Apple Watch Series 6 is 10.7mm thick. These new iMacs are less than 1mm thicker than a goddamned Apple Watch.

[…]

Making these new iMacs super thin is cool. It’s a statement. From the side they look like big 24-inch iPads. If you don’t think that’s cool and that cool is something Apple should aspire to in its design and engineering, I have no idea why you’re reading anything I write.

Update (2021-05-18): Jason Snell:

When the iMac began to slim down in the middle of the last decade, there was a lot of criticism about Apple having misplaced priorities. After all, the arguments went, it doesn’t matter how heavy or thick an iMac is if you’re just setting it down once and then staring at the screen the rest of the time.

There’s some truth in that, but it’s wrong to discount the importance of a thin, light adjustable iMac.

[…]

I should mention that the screen itself is “color matched” to the iMac, in a way: Apple has supplied background images for each iMac that match its color, and even the General pane of System Preferences is set by default to use an accent color that matches the iMac itself.

[…]

Just above the iMac’s screen is its camera, and while Apple is probably right when it says it’s the best camera ever in a Mac, this is faint praise.

[…]

Center Stage is a feature that actually makes more sense on the iMac than a light, mobile device like the iPad—and yet it’s missing in action. It’s a disappointing case of Apple’s different platforms being out of sync, and the iMac looks worse because of it.

See also: Joe Rossignol, John Voorhees.

Update (2021-05-19): Ryder Mackay:

Spoilers:

defaults write -g NSColorSimulateHardwareAccent -bool YES
defaults write -g NSColorSimulatedHardwareEnclosureNumber -int n

John Gruber:

I know a lot of people are concerned that the white bezel surrounding the display will be distracting. In practice, I found that it just disappears.

[…]

The new Touch ID keyboard is good. If you like the feel of Apple’s recent keyboards, you should like this one too. I got the smaller one, without the numeric keypad. My only layout gripe: I wish Apple would have gone back to the inverted-T arrow key layout that they brought back to the new MacBooks.

[…]

My question is, why go with Touch ID on the keyboard instead of Face ID on the iMac itself?

[…]

The FaceTime HD camera looks really good.

[…]

It’s risky to use a device for a week and declare that it’s an iconic design that will stand the test of time for years to come, but I’ll do it. The 24-inch M1 iMac is an iconic design that will stand the test of time for years to come.

Update (2021-06-02): Quinn Nelson:

The new iMac’s stand articulates even less than the previous iMac. I can forgive tilt, but zero height adjustability in 2021 is unacceptable and encourages poor posture, neck craning, and RSI-resulting behavior for anyone too short or tall. Ergonomics should not be a pro feature.

Update (2024-10-01): Joe Rossignol:

Over the past year and a half or so, some owners of the 24-inch iMac with the M1 chip have encountered horizontal lines abruptly appearing on the computer's screen. There are complaints about this issue across the Apple Support Community, MacRumors Forums, Reddit, iFixit Answers, and several other websites, but it is unclear how many customers are affected in total, or what the underlying cause of the problem is.

Apple TV 4K 2021

Apple (MacRumors, Hacker News):

With A12 Bionic, Apple TV 4K now supports high frame rate HDR (High Dynamic Range) and Dolby Vision video, enabling fast-moving action at 60 frames per second (fps) to play more smoothly and appear more lifelike than ever before.

[…]

Apple TV uses the light sensor in iPhone to compare the color balance to the industry-standard specifications used by cinematographers worldwide. Using this data, Apple TV automatically tailors its video output to deliver much more accurate colors and improved contrast — without customers ever having to adjust their television settings.

[…]

The all-new Siri Remote features an innovative clickpad control that offers five-way navigation for better accuracy, and is also touch-enabled for the fast directional swipes Apple TV users love. The outer ring of the clickpad supports an intuitive circular gesture that turns it into a jog control — perfect for finding a scene in a movie or show. […] The new Siri Remote also has a power button that controls a TV’s power, and another for mute, making it the only remote needed while enjoying TV.

This sounds great, although $179 is still pretty steep if you don’t care about gaming or apps. With Apple TV 3 losing content, I just want a nice way to play the latest video, with a reasonable remote. This seems like overkill.

Joe Rossignol:

The new Siri Remote is included with the new Apple TV 4K and will also be sold separately for $59. The new remote is also compatible with the previous-generation Apple TV 4K and Apple TV HD. Apple also continues to sell the Apple TV HD with 32GB of storage for $149, and orders placed from today onwards will include the new Siri Remote.

Previously:

Update (2021-04-20): Mark V:

So they did a whole shtick about someone looking for lost items in the couch using Find My and in the same presentation introduce a Remote that doesn’t support it? 😂

Eli Rousso:

Apple Remote Evolution, 2005-2021

Dan Moren:

Yep, the new Apple TV 4K has a Thread radio!

Update (2021-04-22): Francisco Tolmasky:

So for $10 less than the new Apple TV remote, you can get an entire Fire TV 4K Stick (which has way better voice recognition).

Benjamin Mayo:

It feels a little silly to be commending something as primitive as a TV remote, but the new Siri Remote deserves it.

[…]

The A12 chip and the overhauled Remote do just enough to serve as a signal that Apple is committed to keeping the Apple TV around. I can allay my fears about its discontinuation. But clearly, there’s a lot more to be done in the living room and I hope Apple has more coming down the pipe in both hardware and software.

Nick Heer:

The colour balancing feature is not exclusive to this new model. It works with any Apple TV that supports tvOS 14.5 and any iPhone with a Face ID array.

Juli Clover:

The newly redesigned Siri Remote, which will be sold alongside the updated Apple TV 4K and is also available on a standalone basis, does not have a built-in U1 chip and does not appear to be compatible with the Find My app.

Update (2021-05-03): Joe Rossignol:

According to Digital Trends, the new Siri Remote lacks an accelerometer and gyroscope, which allowed the original Siri Remote to function as a gaming controller. Apple even required tvOS games to support the Siri Remote following the launch of the fourth-generation Apple TV, but it dropped this requirement in June 2016.

Due to its lack of accelerometer and gyroscope, the new Siri Remote will not be compatible with motion/tilt-based Apple TV games. Instead, users will need to use the original Siri Remote or connect an Apple-certified game controller.

Ryan Jones:

I was about to say and can confirm that 64GB Apple TV is needed to store more screensavers.

I noticed my 32GB only had the ocean ones for example, switched it with the bedroom 64GB. :)

Juli Clover:

Apple has made no mention of Find My integration for the Siri Remote designed for the second-generation Apple TV 4K, but Siri responses to certain requests about the remote suggest that Apple could perhaps have such a feature in the works, or at the least, might have considered adding it.

PoudreCoders:

ATP’s @siracusa : Is it better? Yes, it’s better than the worst remote ever made.

And the bit about the 50% success rate hitting the center of the button was brilliant. Replayed it a dozen times before I could go on.

John Gruber:

Apple’s position is clearly that they’re good with the Apple TV hardware platform as we know it: a premium price for a premium experience.

Update (2021-05-05): Ken Segall:

After nearly six frustrating years—six years!—one of the company’s most inexplicable design blunders was finally corrected. Hello, new Siri Remote.

Update (2021-07-02): Josh Centers:

There’s a new Apple TV on the market (see “Apple Updates Apple TV 4K; Introduces New Siri Remote,” 20 April 2021), but is it worth buying? As the author of Take Control of Apple TV, let me walk you through scenarios depending on how you watch TV now and give my recommendations.

Joe Rosensteel:

The following critique may seem harsh, but it’s honest, and it’s framed in the context of the Apple TV’s history, and the price relative to competition. There are also things I simply can’t test, like HomePod integration, Thread, Fitness+, Apple Arcade, Dolby Atmos, or other features that require hardware, or services, I’m not in possession of or subscribed to. This is a review for people that want to watch TV on their Apple TV.

[…]

By my judgment, the only storage configuration that should currently be for sale is 32 GB. Apple may make some case to justify the 64 GB tiers at a later point in time, but it’s been five and a half years of 64 GB models that don’t do anything substantially different from the 32 GB models. It could buffer content for the household, including music titles, which would make it more valuable in areas with low bandwidth during the day. Maybe an offline mode if you’re going to take this Apple TV to a cabin and want to download some movies or shows? It could download and host your Apple system software updates on your local network instead of each device in your household needing to download the same thing from Apple. iCloud files could be cached there so each time you open the Files app on iOS it doesn’t act like you just woke it up for a melatonin-induced deep sleep. Just really do something with that unused space.

[…]

There isn’t a scenario where I would wish to be put in charge of Apple (for a variety of reasons), and then send this back to development rather than release it right now.

It is important to stress that this is still an imperfect product, with several issues around general usability plaguing it for over half a decade. Adoption of the product has also been hamstrung by the pricing, and will be for the foreseeable future. Apple could cut prices at any time they wanted to, but this product seems specifically engineered to hit these targets, which means it’ll be years before anyone at Apple reconsiders their stance, and even then, an executive might say they still offer tremendous value.

AirTag

Apple (MacRumors, Hacker News):

Whether attached to a handbag, keys, backpack, or other items, AirTag taps into the vast, global Find My network and can help locate a lost item, all while keeping location data private and anonymous with end-to-end encryption. AirTag can be purchased in one and four packs for just $29 and $99, respectively, and will be available beginning Friday, April 30.

[…]

Customers can personalize AirTag with free engraving, including text and a selection of 31 emoji, when purchasing from apple.com or the Apple Store app.

[…]

iOS devices can also detect an AirTag that isn’t with its owner, and notify the user if an unknown AirTag is seen to be traveling with them from place to place over time. And even if users don’t have an iOS device, an AirTag separated from its owner for an extended period of time will play a sound when moved to draw attention to it.

[…]

AirTag is designed for over a year’s worth of battery life with everyday use. The CR2032 battery is user-replaceable and widely available.

This seems very well done, although it’s not clear to me what I would use them for. I don’t misplace keychains or bags. I guess it would be fun to put them in luggage, to be alerted when it arrives, though I’m not sure whether that would trigger the “separated from owner” feature. And, hopefully, AirTag would work from inside the luggage, so you don’t have to buy special tags and put them at risk of theft.

Previously:

Update (2021-04-20): Scott Morrison:

Maybe I am old and just don’t understand these things but I cannot for the life of me grasp how a little bit of leather, stitching and a metal ring justifies a $450 CAD price tag.

Update (2021-04-22): John Gruber (MacRumors):

The timeout period for when an AirTag will play a sound if separated from its owner is currently three days — but that’s not baked into the AirTags themselves. It’s a server-side setting in the Find My network, so Apple can adjust it if real-world use suggests that three days is too long or too short.

John Gruber:

Takes a little longer than I’d wish to get the initial signal — sometimes — but once it has the signal, it’s accurate to within inches.

See also: Apple, Dieter Bohn, Matthew Panzarino.

Update (2021-05-03): Hartley Charlton:

As the two leading item trackers share a number of key features, it may not be immediately obvious which is better for your personal use case. Our guide answers the question of how to decide whether AirTag or Tile is best for you.

Sami Fathi:

Apple has shared considerable information regarding the safety mechanisms in place within its Find My network and AirTags, that prevent unwanted tracking. One of the biggest measures is the ability of an iPhone to detect if an unknown AirTag has been following a person for a period of time. In the unfortunate event that does occur, the iPhone can display an alert.

Mark Wilson (via Hacker News):

Apple declined to answer any of our specific questions, including whether the company consulted domestic violence organizations when designing AirTags and why they did not extend full AirTag protections to Android users. They also declined to address how domestic abusers might exploit AirTags to harass people close to them.

[…]

If you are an Android user—note that Android made up 87% of the worldwide smartphone market share as of 2019—you don’t have the protection of Apple’s network notifications. Instead, an AirTag that has not paired locally with its iPhone in three days will emit a sound. So if you are an Android user who has had an AirTag placed on you, you will know in 72 hours. (Apple told Fast Company last week that it could lengthen or shorten that time span in the future, and it reiterated that point for this article.) If you are an Android user living with an iPhone abuser, however, a hidden AirTag could be pairing far more often.

Sami Fathi:

iFixit has shared the first of its two-part series in tearing down Apple’s AirTag item tracker, revealing that Apple had to make impressive design decisions to achieve its small design, including rethinking the speaker layout.

Update (2021-05-05): Howard Oakley:

Just as Macs can’t activate and add new AirTags, they can’t remove them either.

John Gruber:

If you have a good idea for a third-party product on a big platform, you need to expect that the platform maker will eventually use your idea. If they don’t, maybe it wasn’t that good an idea in the first place. If they do, you should be ready to keep your product viable by going further than the platform maker is willing to go. Target the enthusiast/professional/power user market. If your idea doesn’t have room for an enthusiast/professional/power user tier — hello, Tile — again, maybe it wasn’t that great an idea in the first place, or it was simply a good idea whose time as a viable product has passed. You can say that’s a shame, but it’s hard for me to buy that Tile has been wronged.

Update (2021-05-06): Juli Clover:

Apple’s safeguards include privacy alerts to let iPhone users know that an unknown AirTag is traveling with them and may be in their belongings, along with regular sound alerts when an AirTag has been separated from its owner for three days.

Update (2021-05-24): Jerry Hildenbrand:

To be clear: if you use an Android phone and I drop an AirTag in your trunk under the carpet, you will never know that I am tracking where you go. You’ll never hear it, you have no way of knowing it’s there, and you will come in contact with someone using an iPhone who hasn’t bothered to opt-out of the whole tracking network thing. If you live with the stalker, the AirTag will never ring, so it can be dropped inside your bag and track where you go outside of your car. This is an absolute privacy and security nightmare.

Luckily, it’s a nightmare that is easy to fix: Apple just needs to build a utility that can warn Android users when an AirTag is moving with them, just like it does for iOS users.

See also: iFixit.

Update (2021-06-04): Juli Clover:

At the current time, AirTags play a sound after three days of being away from their owner. After the update, AirTags will begin playing at a random time in a window after eight hours and within 24 hours.

Eight hours seems really short.

Apple is also working to create an app for Android devices that will let them detect an unknown AirTag or Find My network-enabled item that is found to be traveling with them, which will prevent AirTags from being used to stalk Android users.

Update (2021-07-13): Garrett Murray:

AirTags have been a complete failure for us. I bought two, and put one on our cat’s collar. Even here in a densely packed street, it takes an hour to find him at night. You basically have to get within 10 feet of him by heading to a huge general area and walking around.

The Tag constantly reports as unable to connect and when it does ping, the area is a block wide, and, generally very inaccurate.

Update (2021-08-13): Dan Guido:

My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down[…]

Apple Podcasts Subscriptions

Apple (MacRumors):

Starting in May, listeners in more than 170 countries and regions can sign up for premium subscriptions that include a variety of benefits curated by creators, such as ad-free listening, access to additional content, and early or exclusive access to new series.

[…]

The new Apple Podcasts for Creators website helps creators learn more about podcasting, stay informed about the latest news and features, and explore in-depth guides with best practices. Starting today, all creators can access an updated Apple Podcasts Connect dashboard, which has new features that make it easier to manage shows on Apple Podcasts, including the ability to edit metadata, schedule and manage show availability, organize shows into channels, manage multiple users and roles, and learn how listeners are engaging with their shows through new performance metrics and visualization tools. From Apple Podcasts Connect, creators can enroll in the new Apple Podcasters Program, which provides access to all the tools needed to build and distribute premium subscriptions on Apple Podcasts.

[…]

The Apple Podcasters Program, which includes all of the tools needed to offer premium subscriptions on Apple Podcasts, is available to creators in over 170 countries and regions for $19.99 (US) per year.

Peter Kafka:

First take on Apple’s pod plans: creator-friendly way to generate more $ w/out cannibalizing existing biz.

I had thought Apple would require some kind of exclusivity but am told that’s not so: you can distribute pod with ads on Spotify, Apple etc and sell ad-free via Apple too.

Matt Medeiros:

Looks like Apple will keep 30% of your private podcast revenue + the $19.99/year in the first year. Moving to 15% of subscribers in year 2+ -- according to their terms.

Previously:

Update (2021-04-20): Paul Haddad (MacRumors):

What’s the justification behind charging 30% to host podcasts? It’s not like the App Store where there’s a huge review infrastructure and super rich SDK.

Owen Williams:

and you STILL have to host your own RSS feed/files for all of the regular content, i don’t get it

Marco Arment:

Well, this is fun.

Tried going to Apple Podcasts Connect when signed into my developer account. Hit Cancel, signed out.

Now I can’t get into App Store Connect with my dev account.

Always redirects to podcastsconnect, even in another browser.

Update (2021-04-22): Nathan Gathright:

Just like the App Store, Apple owns the customer relationship and can choose to offer a refund if they decide you haven’t fulfilled the benefits offered in your subscription. You have to reimburse the money, but Apple retains their cut, natch.

Ben Thompson:

As a longstanding | critic | of | the App Store, you might expect me to be scandalized by Apple’s podcast subscription offering…and you would be wrong! In fact, Apple’s podcast offering is an excellent example of how the App Store should operate (with one big exception).

Apple’s podcast subscription offering gets four big things right, three of which are the complete opposite of the App Store.

[…]

I’m actually very open to allowing Apple to be my payment processor; in my experience, though, a critical part of the creator business model is having a direct connection with your customers. That is something Apple simply doesn’t allow.

[…]

Apple’s podcast offering, as I laid out above, rightfully competes on the merits with alternative ways of paying for subscription podcasts in the Apple Podcast app. Unfortunately there is a meta competition problem, which is that no one else can offer a podcast subscription service like Apple’s.

Ashley Carman:

confirmed that apple podcast subscription content has to be uploaded through apple’s backend, not through RSS. the regular content that you’ve had in the feed can still go through RSS.

Benjamin Mayo:

The biggest issue I can see for adoption of Podcasts Subscriptions so far is the lack of API/automation support. All subscriber audio has to be manually uploaded in a web interface.

Update (2021-05-03): Jason Snell:

Apple Podcasts Subscriptions has a lot going for it—but its limitations reinforce that this is really just a first attempt. Worse, Apple Podcasts Subscriptions highlights how some of Apple’s App Store policies effectively bar any other podcast app developer from competing with Apple.

See also: Accidental Tech Podcast.

Monday, April 19, 2021

Microsoft xCloud for iOS Launching Soon

Tom Warren (tweet, MacRumors)

Microsoft’s Xbox Cloud Gaming (xCloud) will officially arrive on iOS and PC tomorrow, April 20th. The service will arrive on devices via browsers, allowing Xbox Game Pass Ultimate subscribers to play Xbox games on iPhones, iPads, and PCs.

[…]

Both Apple and Microsoft got into a public war of words over xCloud, and Apple initially insisted that Microsoft would have to submit individual games for review. Apple eventually offered a compromise to allow cloud gaming apps to run on iOS with individually reviewed games, but Microsoft branded it a “bad experience for consumers.”

Apparently, Apple’s compromise was even worse than the sweet solution.

Previously:

Parler Approved for App Store

Chance Miller (tweet, MacRumors, Hacker News, Slashdot):

After removing Parler from the App Store back in January, Apple has reportedly decided to allow the app to come back. According to a new report from CNN, Apple has approved Parler’s latest attempt to return to the App Store follow improvements to the moderation system…

Normally, developers have to develop and submit an app to see whether its gets approved. You can’t ask beforehand whether an approach is acceptable. In this case, Apple is pre-announcing that it will approve the app based on a proposal of how the moderation will work. This is odd because the previously removed version of the app already met the letter of Apple’s guidelines. The issue was that in practice the moderation didn’t work to Apple’s satisfaction. But now it’s pre-approved even though Apple hasn’t even tried the app.

Mark Gurman:

Apple’s decision to reinstate Parler comes ahead of a Wednesday hearing scheduled by the Senate Judiciary Committee’s Subcommittee on Competition Policy, Antitrust and Consumer Rights[…]

I guess that explains it. The letter from Apple to the congressmen is here.

Previously:

Update (2021-05-18): Hartley Charlton:

The controversial social media app Parler has today returned to the App Store, several months after Apple suspended it for breach of App Store rules.

Bartender 4

Tim Hardwick:

Surtees Studios has released Bartender 4 for macOS Big Sur, following extended testing in public beta. As well as macOS 11 support, the popular tool for rearranging or hiding Mac menu bar items now runs native on M1 Macs and comes with several new features and core abilities.

With Big Sur, Apple increased the space between menu bar items, which reduces the space available for icons. To alleviate this problem, Bartender 4 now allows users to revert to pre-Big Sur spacing or even use no spacing so to fit in more menu bar apps.

$15, with a 50% discount for upgrades.

Mac App Store Entitlement Folly

Jeff Johnson:

Xcode has been pushing the “com.apple.security.files.user-selected.read-only” entitlement on us for ten years, and this seemed fine with the App Store too all these years… until a couple days ago. If it turns out that “com.apple.security.files.user-selected.read-only” is unnecessary for my app, and Apple wants it to be removed, then I am happy to remove it… in a reasonable amount of time. But I won’t tolerate a metaphorical gun put to my head, forcing me to remove the longstanding entitlement immediately on threat of not being able to release an app update that’s important to me and my customers. So I’m going to fight that. I did fight it, and I “won”. At least I won this battle, if not the war. In any case, there’s a kind of insanity in rejecting an update for an entitlement already possessed by the version of the app currently available in the App Store.

[…]

For App Store customers, the lesson is that you ought to be very skeptical about App Store review. After all, if I can argue an app reviewer into accepting my submission despite their reservations, then so could a scammer! Note that I never actually explained to app review why I needed the entitlement.

Previously:

Update (2021-05-03): James Thomson:

Got a metadata rejection for Dice because they don’t like the screenshot I used for the sticker pack because it “doesn’t show the app in use”. But it’s not an app, it’s a single sticker.

[…]

It would be churlish to point out that I’ve been using this image for the last 18 months without a problem…

Chuck Geschke, RIP

Adobe:

We’re deeply saddened to share that our beloved co-founder, Dr. Chuck Geschke, has passed away. Chuck was a hero and guiding light for so many of us in the technology industry. He leaves an indelible mark on our company and the world.

Unfortunately, the longer article that this tweet linked to has been moved or removed.

AP (via Hacker News, Slashdot):

After earning a doctorate from Carnegie Mellon University, Geschke began working at Xerox Palo Alto Research Center, where he met Warnock, the Mercury News reported. The men left the company in 1982 to found Adobe, developing software together.

Kim Lyons:

Their first product was Adobe PostScript, the programming language that helped boost the desktop publishing industry.

Geschke was chief operating officer of Adobe from December 1986 to July 1994 and president from April 1989 until his retirement in April 2000. He served as chairman of the board with Warnock from September 1997 to January 2017 and was a member of the board until April 2020, when became emeritus board member.

Matt Rickard:

Geschke and Adobe have an amazing story that goes back nearly 40 years.

Run ins with Steve Jobs, the Photoshop distribution deal, and even a kidnapping…

Previously:

Friday, April 16, 2021

Belkin Car Vent Mount Pro With MagSafe

Nilay Patel:

All of this means I was very excited when Apple added MagSafe charging to the new iPhone 12 line. A series of magnets aligns a wireless charger to the back of the phone, and has enough attachment strength to — yes — hold the phone on a car mount. A dream: you get in the car, seamlessly dink! your phone onto the mount, and drive away, laughing at the suckers fumbling with their cradles and motorized friction arms and other unwieldy ideas.

[…]

Unfortunately it has been six months since the iPhone 12 was announced, and there is a pitiful shortage of MagSafe car chargers. In fact, there are no officially-sanctioned MagSafe car chargers. Instead, there is this Belkin Car Vent Mount PRO with MagSafe, which, as the name suggests, allows you to mount a phone to your vents with MagSafe, in, um, a professional way. However, it does not charge your phone.

Previously:

Kindles Can Finally Display Book Covers on Their Lock Screens

Dan Moren:

I was frankly flabbergasted to see a post on The Verge this morning, reporting that Amazon has—finally!—added the ability to show the cover of whatever you’re currently reading on your Kindle’s lock screen.

Let me tell you: there was much rejoicing. Users have clamored for this feature for a very long time—even those who didn’t have the Special Offers option that shows ads on the lock screen were stuck with the company’s wallpaper options.

Mac Chimes of Death

Stephen Hackett (Hacker News):

We’re all familiar with the Mac’s startup chime. While it has changed over the years, it has greeted users with its friendly tone for decades.

What you may not know is that for years, the Mac also came with a death sound, that would play when the machine was unable to properly boot.

I remember these sounding a lot more menacing in the wild.

Previously:

RCKit Removed From the App Store

Emmanuel Crouvisier:

This really upsets me. There are/were two apps which use the same unpublished API from RevenueCat. One was clearly better in my eyes, with innovative features which the other didn’t have, yet the one of them was able to get kicked out of the App Store by the other being a bully

Curtis Herbert:

This is 100% the danger with apple getting into judgement calls about copycats. In the end, we’re going to have more sad stories like this than we will actual positive net change on the ecosystem.

Kosta Eleftheriou:

Happy to report that the situation has now been resolved amicably between the developers, and a request to cancel the dispute has been sent to Apple.

So @Apple, please undo this unfair takedown - thank you.

Thursday, April 15, 2021

The Mystery of “White Spots” on Apple Trade Ins

Nick Statt (also: 9to5Mac, MacRumors):

The situation soon changed after his laptop arrived for inspection. Suddenly, McGloin was told his MacBook was worth just $140, less than half what Apple originally quoted. The mysterious culprit: “display has 3 or more white spots,” the Apple Store app told him. It’s a defect McGloin doesn’t remember ever seeing, and one that he should have noticed: typically, white spots on an LCD display are evidence of serious damage or burn-in and are clearly visible.

[…]

The company he had been dealing with was not actually Apple, but an Atlanta-based contractor named Phobio. Founded in 2010, Phobio is an enterprise service provider that specializes in offering white label trade-in services other companies can pass off as their own.

McGloin also found Phobio had a pretty questionable online reputation when it came to Apple products.

Dan Moren:

I’ve used Apple’s trade in program a few times in the past, and while I haven’t run into these issues, there does seem to be an odd recurrence of this “white spots” problem—all the more puzzling because several cases, customers have declined the trade in, gotten their devices returned, and been unable to discern the problem described.

[…]

Either way, it’s certainly not the experience that Apple probably wants for its customers, especially since many if not most of the people trading in old Apple products are using the money towards the purchase of new Apple products. But because Apple doesn’t highlight the fact that its returns are done through a third-party, it’s Apple that gets the blame—and it’s the one that needs to fix any issue here as well.

Darío Maestro:

Same thing happened to me. They sent a fake picture of my iPad Pro with a dead pixel and adjusted trade-in value to -$400. After I pushed back, they returned it to me. iPad was completely fine. I traded it in at an Apple Store for the full value.

I bet Phobio is great at privacy, though.

David Heinemeier Hansson:

Both Apple and Phobia refuses to answer any questions about the shady program. What the hell?

Becky Hansmeyer:

This happened to me!

Curtis Herbert:

Me too with the Apple trade in program! It was some of the glue causing a color change. Although in my case after I knew what to look for I did see them. But it is apparently common enough there should really be a warranty repair program.

Previously:

Rust Support in the Linux Kernel

Miguel Ojeda:

Please note that the Rust support is intended to enable writing drivers and similar “leaf” modules in Rust, at least for the foreseeable future. In particular, we do not intend to rewrite the kernel core nor the major kernel subsystems (e.g. kernel/, mm/, sched/...). Instead, the Rust support is built on top of those.

[…]

By using Rust in the Linux kernel, our hope is that:

  • New code written in Rust has a reduced risk of memory safety bugs, data races and logic bugs overall, thanks to the language properties mentioned below.
  • Maintainers are more confident in refactoring and accepting patches for modules thanks to the safe subset of Rust.
  • New drivers and modules become easier to write, thanks to abstractions that are easier to reason about, based on modern language features, as well as backed by detailed documentation.

Wedson Almeida Filho:

In our previous post, we announced that Android now supports the Rust programming language for developing the OS itself. Related to this, we are also participating in the effort to evaluate the use of Rust as a supported language for developing the Linux kernel. In this post, we discuss some technical aspects of this work using a few simple examples.

Peloton Cuts Back on Apple Watch Support

Colin Jenkins (via Hacker News, MacRumors):

One of the selling points of upgrading to the newer, upgraded, and more expensive Peloton Bike+ was the inclusion of the Apple Gym Kit, an Apple platform that makes it very easy to pair the bike with your Apple Watch to see your heart rate and have your workouts directly imported into Apple Fitness and Apple Health.

In fact, when I bought my own Peloton Bike+, I also decided to buy an Apple Watch specifically because of the inclusion of Apple GymKit.

With one of Peloton’s latest updates, they have disabled the direct pairing of the Apple Watch to the Bike+ Bootcamp Classes (in addition to it being already disabled for Strength and Yoga Classes).

Ashley Carman:

A Peloton spokesperson confirmed to The Verge today that GymKit no longer works with Bike Bootcamp classes and instead will “only be available in cycling classes for now.” The spokesperson also said: “Peloton is committed to bringing the GymKit integration to all workouts and disciplines within Apple’s terms of service,” seemingly suggesting bootcamp workouts didn’t fall under those terms.

The speculation that Peloton removed Apple Watch support because they plan to sell their own finess watch doesn’t make much sense. You’d think they wouldn’t want to jeopardize customers continuing to pay the monthly subscription for their bike. Did Apple crack down on them? Why?

Joe Rossignol:

Apple today announced it is introducing new Fitness+ workouts geared specifically toward pregnancy and older adults, as well as several new Yoga, High Intensity Interval Training (HIIT), and Strength workouts for beginners.

It’s interesting that Apple’s subscription product does support strength and yoga workouts.

Meanwhile, Peloton can just switch to one of the alternative channels.

Previously:

Update (2021-04-16): Nilay Patel:

Since Apple’s terms of service for GymKit are not public, it was not clear what terms Peloton had violated, and, in general, “using your expensive smartwatch to sync your heart rate to your expensive stationary bike” is not the sort of thing that should require contract negotiations between huge companies.

[…]

Anyhow, irritating the huge group of wealthy people who own both an Apple Watch and a Peloton Bike Plus is a bad idea, so Peloton has a new statement today clarifying what’s going on. Here it is:

Apple GymKit is designed to work with equipment-based cardio workouts. However, Peloton recently implemented GymKit with Bike Bootcamp, a multi-disciplinary class type that combines strength and cardio, which the feature does not support. Members can still use GymKit to sync their cycling-only workouts to their Apple Watch from the Bike+.

So basically, the Apple Watch does not support switching from biking to lifting weights all in one workout. Fair enough. That said, if people want to use their Apple Watch in goofy off-label ways, it’s weird that Apple is stopping them in this way, no? And certainly adding a “bike bootcamp” workout mode to the Apple Watch fitness app would be relatively easy for Apple, the company that makes the Apple Watch.

Collecting concurrentPerform(iterations:) Results in a Swift Array

David Smith:

Useful pattern for aggregating the results of parallel work in Swift:

let result = Array(unsafeUninitializedCapacity: count) { (buffer) in
  DispatchQueue.concurrentPerform(iterations: count) { (idx) in
    buffer[idx] = processItem(idx)
  }
}

Avoids making an extra buffer copy

If you make the Array up front and try to operate directly on it instead of the UnsafeMutableBufferPointer in that initializer, each thread will get its own copy due to copy-on-write, which generally is not what you wanted.

David Smith:

I would not trust it [with small array elements]. Aligned word-sized non-float things are your friends when dealing with concurrency. If you’re not sure, try TSAN, and consider just using a lock.

Previously:

How a WhatsApp Status Loophole Is Aiding Cyberstalkers

Louisa Stockley:

According to Statista, WhatsApp is the world’s most popular messaging app, with over two billion active monthly users. In the UK it’s present on 58% of smartphones and the number of WhatsApp users in the US is expected to hit 86 million by 2023.

When someone comes online in WhatsApp (that is, they open the app or bring it to the foreground), an indicator changes, setting their status to “Online”. This indicator is public information, and can be used by anyone to build a service that watches out for this online status indicator.

[…]

WhatsApp has other privacy-focused features in the app, so they clearly care about protecting their users at some level. In fact, one of the privacy features allows a user to hide their “Last Seen” time. Some users might understandably believe that this feature hides their presence, but it actually does very little to protect privacy.

Previously:

Wednesday, April 14, 2021

Dynamic Type and In-App Font Scaling

Daisy Ramos:

This is all that’s needed to scale custom fonts with Dynamic Type. Sometimes in content-driven apps there is a need for web technologies for complex layouts / styles. Let’s see if we can support Dynamic Type and web-driven content via WKWebView.

Jeff Verkoeyen:

For iOS 12 and 13 there’s a scattering of iOS bugs and unexpected behavior that result in a windy road toward a swiss cheese of dialed in fonts, but it kind of works for common cases. You can see the different considerations in [this gist].

ThinkPad X1 Nano

Monica Chin:

But one thing is unique about the X1 Nano: it’s the lightest ThinkPad Lenovo has ever made. Starting at just 1.99 pounds, the Nano isn’t technically the lightest laptop on the market. But it’s still one of the best combinations of portability, build quality, and performance that you can buy.

[…]

What looms over that verdict, of course, is the Nano’s price. Technically, it starts at $2,499 and maxes out at $3,719. The good news is that Lenovo’s products are very often heavily discounted, and the current sale prices at the time of publish range from $1,149 to $2,231.

Via John Gruber:

An M1 MacBook Air weighs 2.8 pounds (and an M1 MacBook Pro weighs just 0.2 pounds more — the Air is only ever-so-slightly lighter than the 13-inch Pro).

How about this? My 11-inch iPad Pro attached to Apple’s Magic Keyboard: 2.36 pounds. Lenovo’s X1 Nano even has that beat on weight, and the ThinkPad has a 13-inch display and full-size keyboard.

Previously:

Blocking Discord Channels Marked NSFW on iOS

Jacob Kastrenakes (tweet, Hacker News):

Discord is amping up its restrictions on adult content, with new age gates on NSFW servers and a ban on accessing these servers from iOS devices.

[…]

The NSFW marker does two things. First, it prevents anyone under the age of 18 from joining. But the bigger limitation is that it prevents NSFW servers from being accessed on iOS devices — a significant restriction that’s almost certainly meant to cater to Apple’s strict and often prudish rules around nudity in services distributed through the App Store.

No such rules apply to groups conversing via iMessage or FaceTime.

Kyle Orland:

Apple’s iOS Developer Guidelines say that apps with user-generated content “that end up being used primarily for pornographic content… do not belong on the App Store.” The guidelines allow for “incidental” NSFW content generated by users on web-based services if “the content is hidden by default and only displayed when the user turns it on via your website,” a caveat that apparently isn’t sufficient for Discord’s comfort.

My recollection is that enabling it via a switch in the app, or based on the iOS parental controls settings, is forbidden.

Discord is reportedly in the late stages of acquisition talks—which could value the service at $10 billion—with Microsoft and other parties. The service has over 140 million monthly users and 300 million registered accounts.

reificator:

Every small community I’m on on Discord (meaning the majority of the servers I regularly interact with) sets every channel to `NSFW`, and some mark the server itself. They do this because everyone involved is known to be 18+ (Usually higher than that) and they want to be able to have the same discussions they’d have in person.

These communities are not about porn, are not about anything “distasteful”, but the flag is set there so that if a topic comes up we can discuss it without risking a ban.

In other words these communities are meant to be a Third Place, or an extension of a physical Third Place, particularly recently thanks to COVID.

The content here is literally no different than the content that could show up in a long-running group chat in the Messages app on iOS.

Matthew Bischoff:

When we dealt with this at Tumblr, it became my full time jobs for weeks to find incredibly complex ways to appease Apple’s censors. This happened every time they found a sexy blog they didn’t like. It’s absurd.

Ian Vanagas (via Hacker News):

The competition between internet communication platforms is fierce. Discord wasn’t early to voice channels or group chats. They weren’t unique for targeting their offering to gamers. Other platforms have the same features as them. Yet they are a multi-billion dollar business. How? To borrow an idea from Sarah Tavel, they built a 10x better product AND capture more value from it.

Previously:

Update (2021-04-15): AAPL of Discord:

<cough>Twitter</cough>

Update (2021-04-16): Nick Heer:

Speaking of Twitter, that company expressly permits “graphic violence and consensually produced adult content” within users’ tweets “provided that [users] mark this media as sensitive”. Reddit permits NSFW text and media so long as it is marked. Discord has a similar policy of allowing NSFW media in channels so long as those channels are marked. What makes it different? Is Apple going to demand that Reddit and Twitter also prohibit accessing NSFW media from within those companies’ iOS apps?

Update (2021-04-22): Sarah E. Needleman and Cara Lombardo (via Hacker News):

Chat startup Discord Inc. has halted talks to sell itself to potential suitors including Microsoft Corp. , according to people familiar with the matter, as it resumes interest in a potential initial public offering down the line.

Big Sur Has Changed How macOS Formats Time

Howard Oakley:

A number of those using my free utilities Ulbow, Mints and T2M2, and possibly others, have recently noticed a bug which prevents them from obtaining any log extracts. When you try to get a log extract or, in T2M2, to run a check on Time Machine, you are shown an error dialog reporting that

log command returned an error number 64

[…]

The reason for this occurring is that, contrary to the scant documentation which Apple provides, when the system clock is set to display time using a 12-hour clock rather than 24-hours, log show now formats all its timestamp fields (field 0, timestamp) using a 12-hour clock and AM/PM as appropriate.

I have no earthly idea what possessed Apple to make this change, nor why it hasn’t made this clear in its release notes. However, if you parse or analyse log entry timestamps, it breaks that completely.

Howard Oakley:

Formatting like yyyy-MM-dd HH:mm:ss isn’t defined by Apple, but conforms to Report TR35 from the Unicode Consortium, and is exhaustively defined here. That makes it clear that setting the hour using HH returns the hour in 24-hour format, ranging from 00 to 23.

Yet when a Mac is set to use 12-hour format, that rule is broken: the hour is returned in h format rather than HH, as unpadded digits between 0 and 11, or maybe even 1 and 12. Furthermore, the am/pm value is being added to the string.

[…]

Sure enough, adding the line dateFormatter.locale = Locale(identifier: "en_US_POSIX") to my code restores respect for my formatting.

Howard Oakley:

The advice given is vague and raises more questions:

“if you’re working with fixed-format dates, you should first set the locale of the date formatter to something appropriate for your fixed format. In most cases the best locale to choose is “en_US_POSIX”, a locale that’s specifically designed to yield US English results regardless of both user and system preferences.”

How do we tell if our specific case is one of those “most cases”? What other effects might that setting have? If someone has set their Mac to run in Danish, should we be using something other than a US English setting here? But above all, why on earth would Apple change “in unexpected ways” a fixed format to something unspecified of its own invention which flies in the face of Report TR35? Just why is it impossible to follow the prescribed format string?

Previously:

PyCharm’s Transition to Apple Silicon

Nafiul Islam (via Hacker News):

With the deprecation of Java on the Mac, certain things such as font-rendering on retina screens became more difficult using the version of Java that Oracle released. In order to remedy this, JetBrains forked the OpenJDK project in order to facilitate better control over how the IDEs looked on Macs a well as other HiDPI screens; JetBrains Runtime was born and we bundled it with our IDEs from 2014.

[…]

The change to Apple Silicon meant that we’d need to re-write a lot of JetBrains Runtime, to make sure that we had adequate performance.

[…]

It soon turned out that we had to re-write a lot of the JIT system, a core component of the JVM itself, which was something we had little to no experience in.

Eventually, we did manage to solve this issue with the help of Azul Systems. To hear the whole story, listen to the podcast, where I talk to Konstantin Bulenkov, who had to weather the storm of this fundamental change.

The podcast episode is here.

Monday, April 12, 2021

NHS COVID-19 App Rejected on Privacy Grounds

Leo Kelion (via MacRumors, Hacker News):

An update to England and Wales’s contact tracing app has been blocked for breaking the terms of an agreement made with Apple and Google.

The plan had been to ask users to upload logs of venue check-ins - carried out via poster barcode scans - if they tested positive for the virus. This could be used to warn others.

[…]

Under the terms that all health authorities signed up to in order to use Apple and Google’s privacy-centric contact-tracing tech, they had to agree not to collect any location data via the software.

Florian Mueller:

With UK shops, restaurants and pubs reopening today thanks to a relaxation of COVID prevention rules, it was actually a very smart idea for the NHS COVID-19 app to ask users to scan QR codes when entering such places, thereby enabling the system to inform people if they had been in a virus hotspot at a critical moment.

In the Western world, contact tracing has failed to make a noteworthy positive impact. In parts of Asia, however, those apps made a huge contribution because people were not even allowed to enter restaurants unless the contact-tracing apps on their smartphones greenlighted them (meaning they had not recently been near an infected person for a certain period). It made a whole lot of sense for the UK to adopt what worked in Asia.

[…]

About a year ago, Nature reported on contact tracing apps and mentioned that an earlier version of the NHS app was tested, “[b]ut because this app eschews Apple and Google’s protocol, it will not be able to run in the background on iPhones.” An expert called this “a nail in the coffin.” Obviously, contact tracing is of little use if you actually have to have the contact tracing app running in the foreground all the time.

How should Apple and Google weigh potential health benefits vs. privacy? And what about people who want to contribute their data but aren’t allowed to?

Previously:

Logitech Harmony Remote Discontinued

Logitech:

While Harmony remotes are and continue to be available through various retailers, moving forward Logitech will no longer manufacture Harmony remotes.

We expect no impact to our customers by this announcement. We plan to support our Harmony community and new Harmony customers, which includes access to our software and apps to set up and manage your remotes. We also plan to continue to update the platform and add devices to our Harmony database. Customer and warranty support will continue to be offered.

Jason Snell:

This is real shame. I love my Logitech Harmony remote, and have bought them for my family in the past as well. This isn’t to say that the Harmony was awesome, just that it was better than any other option I’d tried.

But this demise has probably been a long time coming: a lot of people have fewer devices hooked up to their TVs now, many bundled remotes can control multiples devices, and technologies like HDMI-CEC have helped eliminate some needs for universal remotes.

Nick Heer:

For one, there are many other companies that maintain databases of IR remote control codes, not just Logitech, so those codes are not disappearing off the face of the planet just because Harmony is going away. Some of those databases are also open to the public, like this one on GitHub. There are also some other universal options that, like those from Logitech, have those codes in a database and do not require individual programming — Logitech’s Harmony line seems to be the default pick among buyers’ guides, but Joanna Stern’s choice was the Ray Super Remote and TechHive likes a Caavo model. Most importantly, the universal control problem is slowly fading as HDMI CEC becomes more widely used and different remotes can be used with different equipment.

Previously:

Microsoft Acquires Nuance

Microsoft (via Hacker News):

Microsoft will acquire Nuance for $56.00 per share, implying a 23% premium to the closing price of Nuance on Friday, April 9, in an all-cash transaction valued at $19.7 billion, inclusive of Nuance’s net debt. Nuance is a trusted cloud and AI software leader representing decades of accumulated healthcare and enterprise AI experience. Mark Benjamin will remain CEO of Nuance, reporting to Scott Guthrie, executive vice president of Cloud & AI at Microsoft.

Microsoft has accelerated its efforts to provide industry-specific cloud offerings to support customers and partners as they respond to disruption and new opportunities. These efforts include the Microsoft Cloud for Healthcare, introduced in 2020, which aims to address the comprehensive needs of the rapidly transforming and growing healthcare industry.

Previously:

Talon Beta

Talon:

Talon aims to bring programming, realtime video gaming, command line, and full desktop computer proficiency to people who have limited or no use of their hands, and vastly improve productivity and wow-factor of anyone who can use a computer.

Voice Control: talk to your computer
Noise Control: click with a back-beat
Eye Tracking: mouse where you look
Python Scripts: customize everything

Via Nicholas Riley:

Talon now has great accuracy to go with its speed, robustness and cross-platform support (Mac/Win/Linux). It is also quietly a great Mac automation tool, including keyboard triggers, a version of appscript and accessibility hooks (example).

High Performance Numeric Programming With Swift

Jeremy Howard (via Frank Illenberger):

I’ve managed to create a couple of libraries that can achieve the same speed as carefully optimized vectorized C code, whilst being concise and easy to use. […] I will include examples mainly from my BaseMath library, which provides generic math functions for Float and Double, and optimized versions for various collections of them.

[…]

One of the really cool things about Swift is that wrappers like the above have no run-time overhead. As you see, I’ve marked them with the inlinable attribute, which tells LLVM that it’s OK to replace calls to this function with the actual function body. This kind of zero-overhead abstraction is one of the most important features of C++; it’s really amazing to see it in such a concise and expressive language as Swift.

[…]

Normally, because Swift has to handle the complexities of COW, it can’t fully optimize a loop like this. But by using a pointer instead, we skip those checks, and Swift can run the code at full speed. Note that due to copy-on-write it’s possible for the array to move if you assign to it, and it can also move if you do things such as resize it; therefore, you should only grab the pointer at the time you need it.

[…]

I think this is quite remarkable; we’ve been able to create a simple API which is just as fast as the pointer code, but to the class user that complexity is entirely hidden away.

[…]

I also find Swift’s performance is harder to reason about and optimize than C.

Previously:

Update (2021-04-15): Tanner Bennett:

TIL @inlineable is no longer a private attribute

Friday, April 9, 2021

Wix and Their Dirty Tricks

Matt Mullenweg:

Wix, the website builder company you may remember from stealing WordPress code and lying about it, has now decided the best way to gain relevance is attacking the open source WordPress community in a bizarre set of ads. They can’t even come up with original concepts for attack ads, and have tried to rip-off of Apple’s Mac vs PC ads, but tastelessly personify the WordPress community as an absent, drunken father in a therapy session. 🤔

[…]

They are so insecure that they are also the only website creator I’m aware of that doesn’t allow you to export your content, so they’re like a roach motel where you can check in but never check out.

Via Nick Heer:

Much like those recent Intel ads that also parody the Mac vs. PC campaign, Wix’s ads do not make much sense if you give them even a little extra thought. Take the one where a low-budget Bryan Cranston, playing the part of WordPress, collapses to the floor under the weight of forgotten maintenance and implores the site owner to switch to Wix. Sounds promising, except it is comparing a self-hosted software package to a managed platform, so it is not honest. Maintenance is not inherent to WordPress and, if you would prefer not to deal with it, there are managed options available through Automattic and many third-party providers.

[…]

I am not sure what these mean-spirited ads are supposed to achieve, but they do not make me want to recommend Wix to anyone. Quite the opposite. Other platforms are for nice people.

Roger Montti:

The campaign seemed to actually backfire by causing many to express negative reactions toward Wix.

Previously:

Update (2021-04-14): Avishai Abrahami (via Hacker News):

Dear Matt,

I just finished reading your post, and I see that there is a lot of anger and many half-truths that you said. Wow. I guess that we touched a sore point there.

Why are you so angry? Don’t you agree with the shortcomings of WordPress that we raised? We really tried to be fair and only speak about what we know to be a consensus.

It’s kind of amazing that this is real. Tone aside, he’s not helping his case by misrepresenting various issues, including the GPL one:

This isn’t the first time WordPress and Wix have been at odds. In 2016, Matt Mullenweg called out Wix for copying GPL code from the WordPress mobile app and distributing it in its proprietary app. This rendered the entire app in violation of the GPL. Instead of complying with the GPL, Wix responded by removing the GPL-licensed code and forking the original MIT-licensed library that the WordPress mobile app code was built upon. The fork was relicensed under an absurd modification of the MIT that prohibits the code’s redistribution under any copyleft license.

And then he says that it’s not true that Wix doesn’t export because in fact it doesn’t block third-party importers from scraping.

Keyboard Shortcuts and non-US Layouts

Thomas Kainrad (via Hacker News):

During the past 15 months, I have been thinking a lot about keyboard shortcuts and about how different applications handle them. I shouldn’t complain; I knew what I was getting into when I started to build KeyCombiner, an app for learning and looking up shortcuts and text snippets. Still, I didn’t quite know how much of a mess keyboard shortcut handling on the web is.

Do you use an international keyboard layout? Then you already know what I am talking about. You probably have had some issues typing keyboard shortcuts such as alt+/, or cmd+[. This post will help you to understand why this annoyance exists. However, the people who should most urgently read this post are web developers. Are you a web developer? Great! I will explain how you are currently letting down non-US users and how you can get us out of this mess.

There are also issues for Mac apps. A shortcut that makes sense in one language or is ergnomic with one layout may not be with others.

akosweak:

But most importantly, I miss Android keyboard. Yes, I know, that I can install other keyboards, but on the one hand they not as good as on android, on the other hand, if anywhere, on iOS, I’d expect the system keyboard to work properly). I am a Hungarian student in France, I type on three languages on a daily basis. My main problems are[…]

Why There’s No iMessage for Android

Tim Hardwick:

It’s no secret that Apple sees iMessage as a big enough selling point to keep the service exclusive to Apple devices, however new court filings submitted by Epic Games in its ongoing lawsuit with the company reveal just how Apple executives have rationalized their decision not to develop a version of iMessage for Android.

Ben Lovejoy:

It seems Epic did manage to track down Scott Forstall’s phone number and depose him, as the former iOS senior vice president is cited as the source of one piece of evidence presented.

In an agenda for a 2010 executive team meeting, Apple founder and late CEO Steve Jobs wrote that he wanted to “tie all of our products together, so [Apple] further lock[s] customers into [its] ecosystem” [Forstall]

Eddy Cue also talked about what Apple does “to get people hooked to the ecosystem,” and Epic also presents evidence that this is why Apple never offered iMessage on Android.

Craig Federighi, Apple’s Senior Vice President of Software Engineering and the executive in charge of iOS, feared that “iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones” […]

Schiller commented that “moving iMessage to Android will hurt us more than help us.”

Nick Heer:

For some reason, this is being seen as a shocking admission.

John Gruber:

Apple first, users second, developers last — those are Apple’s priorities.

There are certainly reasons to believe that the exclusivity is good for Apple’s business, though it’s possible that if iMessage were cross-platform it would have become more dominant and that would have eventually accrued benefits to Apple.

But it’s a trade-off because this is definitely worse for Apple’s customers. The user experience and and photo/video quality are worse when exchanging text messages with Android-using friends and family. And they aren’t end-to-end encrypted. Selling more iPhones is more important than the privacy of those who already have iPhones.

Previously:

Update (2021-04-14): Dieter Bohn:

I’m less surprised by the fact that Apple executives are just openly worried that people would switch to Android if it has iMessage than I am at how much of these conversations are happening over email.

Anyway iMessage for Android is one of those forever pipe dreams but I guess the case could be make that iMessage could be a gateway service in the way the iPod was a gateway device?

Yeah a stretch. Here’s the only argument that’s ever made sense to me.

Dieter Bohn:

Every time I hear Tim Cook talk about privacy as a human right, I think about the biggest thing his company could do to help ensure that privacy: spread the ability for people to have conversations that are safe from government snooping across the world. And the largest, most impactful way Apple could do that is to release iMessage on Android.

Update (2021-05-07): Russell Brandom (via Hacker News, Nilay Patel, MacRumors):

Eight years later, it seems unlikely that iMessage will ever come to Android, but another passage in the deposition suggests Cue still isn’t entirely won over by Federighi’s case.

Patrick McGee:

Phil Schiller didn’t like the idea of iMessage for Android. Said it sounds like the failed ‘Safari on Windows strategy’.

Blunt response from SVP of software Eddy Cue, who reports directly to Cook:

2013: “The reason we lost Safari on Windows is the same reason we are losing Safari on Mac. We didn’t innovate or enhance Safari….We had an amazing start and then stopped innovating….

…Look at Chrome. They put out releases at least every month while we basically do it once a year.”

Previously:

Update (2022-12-02): See also: Internal Tech Emails (via Hacker News).

Nick Heer:

In the nine years since this exchange took place, it is interesting to reflect on Google’s actual performance in messaging and wonder if, maybe, a universally-accessible service from Apple could have found a more welcoming market than Federighi seems to believe.

Previously:

Apple and Epic’s Proposed Findings of Fact

John Voorhees (also: Court Listener):

Just past midnight Pacific time today, Apple filed Proposed Findings of Fact and Conclusions of Law in its legal dispute with Epic Games. The document, a standard pre-trial filing, is designed to serve as a road map for the trial judge, explaining the facts Apple expects will be admitted into evidence at trial, how the law applies to those facts, and the decision Apple believes the court should reach. In other words, it’s a one-sided account of the disputes meant to persuade the judge that Apple’s legal positions are correct. Epic has filed a similar pleading in the case arguing its side of the story.

Juli Clover:

Tim Sweeney, the CEO of Epic Games, has confirmed Project Liberty in prior interviews and has said that Epic spent months preparing the lawsuit against Apple, though Apple’s court filings provide new insight into the lengths that Epic went to in order to rope Apple and Google into an antitrust lawsuit.

Apple argues that an expansion of antitrust law is unwarranted and that Epic’s product market descriptions are inaccurate because of the other platforms the App Store is competing with. Apple claims that Epic overstates the App Store’s profitability, and that arguments that the review process is ineffective are inaccurate.

Samuel Axon:

The major distinction at play in Epic’s own argument is that iOS is an entire market unto itself and not just one of many competing products in a larger marketplace of video game transactions. If the judge agrees with this classification, Apple may be more likely to be seen as monopolistic.

Another key part of Epic’s argument involves comparing and contrasting iOS with macOS. Apple claims that its strict rules about what apps can and can’t do on the iOS App Store are driven at least in part by concerns about security and privacy for users. Epic points out, however, that Apple claims macOS is secure and private without placing all the same restrictions on the Mac operating system.

[…]

Epic asserts that Apple’s controversial App Review process “does little to keep iOS devices secure,” and it alleges that Apple has on multiple occasions screened apps “primarily for non-security issues—including specifically for anti competitive purposes.”

Apple (PDF):

Apple has never increased its baseline 30% commission. Schiller TT. To the contrary, it has lowered the commission in multiple instances, including subscription services and as part of its small business program.

As I’ve noted, the effective commission has actually increased. The recently announced small business program of course has nothing to do with this case.

When those free downloads are considered—as they should be—the effective commission rate for initial game app downloads in 2008 was about 3%

[…]

Both categories of evidence—market structure and market outcomes—are inconsistent with Apple possessing monopoly power or charging supracompetitive prices.

[…]

Developers need not even leave the App Store to constrain Apple’s ability to raise prices. Hitt TT. If Apple sought to raise its commission, for example, developers could monetize through content or digital currencies sold to consumers through another transaction platform or directly through a web browser (including a web browser on an iOS device).

[…]

IAP obviates the need for (and expense of) tracking, audit, and collection of Apple’s commissions on any in-app purchases of digital content. Schmalensee TT. Indeed, without such automatic processes, a developer using an external payment mechanism could seek to evade a commission owed to Apple, and Apple would have no technological ability to collect any commissions on the sale. Schmalensee TT. This would lead to laborious reconciliation efforts and dispute resolution—turning an automated, near-instantaneous process accomplished through IAP into a fraught and drawn-out one.

It’s weird how Apple is simultaneously arguing that developers have other options for payments and that no other options can be allowed because that would make it harder to count up the 30% that’s owed to Apple.

Florian Mueller:

By mislabeling distributor and retailer margins as “commissions,” Apple seeks to distract from structural differences between shrinkwrapped software distribution and today’s app stores.

Epic (PDF):

In the months that followed, Apple executives and software engineers debated the proper distribution method for third-party applications and specifically whether “Apple signed applications” would be posted exclusively to an “online store”, or whether third parties would be permitted to “distribute on their own”. […] Apple’s security experts remained out of this debate, noting that the question of exclusive distribution is one of “policy”, as opposed to security.

[…]

During the time between the launch of the App Store in 2008 and the introduction of IAP in 2009, in-app payment processing and app distribution were entirely separate and iOS developers were monetizing their apps with in-app payment solutions that were self-provided.

[…]

Web apps have limited functionality compared to native apps. Native apps are “faster”, “use less memory” and “can take advantage of native graphics libraries in a way that is either not available or would have to be shoehorned in a web app or a different kind of application”. (Forstall Dep. […])

[…]

Apple publicly touts the security of macOS, promising Mac users that they can enjoy “Security. Built right in.” and can “[d]ownload apps safelty from the Mac App Store. And the internet.”

[…]

Apple prepared a number of internal white papers [that] explicitly contemplate the possibility of distribution outside the App Store, and assume that “the technical infrastructure [they were] building w[ould] allow for other distribution mechanisms” beyond the App Store. […] This security layer is independent of the app distribution channel.

[…]

In 2013, another app from the same developer was “remov[ed]” “immediately” because Mr. Schiller and Mr. Cue were “adamant” about its removal, despite Mr. Shoemaker’s “protest[s]” that there was no clear justification for doing so under the app review guidelines.

[…]

The FEAR team further believed that […] the process amounts to “a wetware [i.e., a human-led] rate limiting service and nothing more”, and that Apple had not invested sufficient resources to detect and prevent abuse.

Florian Mueller:

Epic: “In June 2018, Apple sought to force Uber and Lyft to adopt IAP for their newly-introduced subscription services.” The remainder of that paragraph is redacted. Was it previously known that Apple tried to require Uber and Lyft to use Apple’s payment system for subscriptions?

Patrick McGee:

Eric Friedman, head of Apple’s FEAR unit — Fraud Engineering Algorithms and Risk — said in a recent deposition that his team believed the App Review team was inadequate to the risks posed by malicious actors, saying they were “bringing a plastic butter knife to a gun fight.”

[…]

However in late 2017 Apple’s FEAR team still called the App Review process inadequate. Friedman said it “was more like the pretty lady who greets you with a lei at the Hawaiian airport than the drug sniffing dog.”

FEAR likened App Review to TSA employees, “under pressure to move people through” and “not able to deflect sophisticated attackers”.

Jeff Johnson:

There shouldn’t be anything particularly surprising to knowledgeable App Store developers. But this is public confirmation that the worst case scenarios, our most “cynical” speculations, are actually true.

Nick Lockwood:

I can’t believe how long Apple has had to address these problems and how little they’ve done.

David Heinemeier Hansson (tweet):

Apple’s App Store was never designed to work. At least not in the way the company purports that it does. Apple presents the App Store as a highly curated, secure mall of apps which have been thoroughly vetted, and that you can safely install without any due diligence. But it’s not and you shouldn’t.

As part of Epic’s lawsuit against Apple, we’ve come to learn that app reviewers typically review 50-100 apps per day. Some times spending less than a minute reviewing an individual app. We’ve also learned that these reviewers are hired without any technical background, let alone any particular expertise with the iOS or macOS platforms.

There’s a term for a practice like this: security theater.

Tony Fadell:

Customers convinced us but so did the fact that Google LOVED that we started with a web apps strategy. Eric Schmidt was a huge supporter & it’s easy to understand why. When SJ saw he could lose control of the iPhone platform, there was a whole hearted shift away from web apps!

Previously:

Update (2021-04-14): Ben Lovejoy:

Internal documents released as part of the Epic Games lawsuit reveal an Apple anti-fraud engineer suggesting that App Store checks were grossly inadequate.

Kosta Eleftheriou:

Apple: “The @AppStore is a place you can trust.”

Also Apple: “Our lawyers told us to remove the ‘Report a Problem’ button to avoid paper trails & liability.”

Remember this?

Kosta Eleftheriou:

You think the @AppStore is “a place you can trust”?

🚨Think again!🚨

How to spot a $5M/year scam, in 5 minutes flat:👇

David Heinemeier Hansson:

Here’s another example. Total scam copy app of the Roku Remote app (the official one is FREE!) that charges people $4.99 PER WEEK?? Stacked with fake reviews. Write-up on Forbes platform. Still chugging along.

Kosta Eleftheriou:

Someone just sent me an app that’s a silly little game, but if I set my VPN to Turkey it becomes an online casino that doesn’t even use Apple’s IAP.

Kosta Eleftheriou (via Hacker News):

Nobody is happy with this app. Most are accusing it of being a scam. Some of the ratings are probably fake too, “boosting” it to 2.4 stars.

Why does any of this matter?

The app is currently the #441 top grossing app across the entire App Store 🤯

Wednesday, April 7, 2021

New Outlook’s Dangerous “Discard” Shortcut

Nick Heer:

Microsoft has two different versions of Outlook in the Outlook for Mac app. One of the keyboard shortcuts changed in New Outlook compared to the “classic” Outlook app is Command–Shift–D. In Apple’s Mail app, this is the shortcut for sending a message. In New Outlook, it discards the message you have just finished writing — without warning or confirmation — where it disappears into the aether.

Previously:

Update (2021-04-15): Albert Andersen:

The good news is that ‘discard’ is not data loss. That draft is sitting in your ‘deleted items’ folder, ready to send. This is probably how it slipped through the cracks: it’s not really gone, so doesn’t meet the normal ‘must prompt’ criteria.

Nick Heer:

When I look in my Deleted Items folder, I see the drafts from when I tested this last night and just now, but none of the discarded drafts preserved the message text, and the subject line was only preserved in one.

Albert Andersen:

Looks like what ends up in the trash will be what was in the last auto save (~30 seconds) of the draft - it doesn’t do an additional save before discarding. So… light data loss.

Albert Andersen:

We’ve changed ‘discard’ to cmd-escape (also closer to other outlooks which use plain esc) in beta ~Thursday and production next month.

Prompting is still on the table too, but first we want to take a stab at making the workflow intelligibly undoable, see if we can make it work without another blocking alert.

Resources for Learning SwiftUI

Jesse Squires:

A few months ago, I shared my notes and resources for learning about compilers and LLVM. It turned out to be pretty popular and folks seemed to find it useful. So I decided to do it again, but this time for SwiftUI.

[…]

Despite not yet using SwiftUI, I do want to. And I know that eventually, I will need to. That is why I have been reading blog posts and keeping notes. All of these notes live in my public TIL repo.

Previously:

The Former Netflix DVD Library Is a Lost Treasure

Jim Vorel:

It’s a strange feeling, to look back to a time merely 10 years ago and think “that was a golden era, wasn’t it?” It feels like it should take longer than a decade for that kind of clarity to develop, but the more time I spend looking at the streaming service landscape as a Paste staff writer, the more I find myself returning to the same conclusion: Netflix, as a service, could once say it offered a film library that was unmatched by any other archive of films in the world. Just a decade ago, the physical media library possessed by Netflix was well beyond 100,000 titles strong, offering a staggering degree of diversity that essentially made it the equivalent of the best-stocked video store in the world. At its peak, in fact, the number of DVD titles possessed by Netflix would have dwarfed the entire streaming libraries of all the major streamers today … combined.

[…]

The shrinking of the physical Netflix DVD library has been a simple enough process to observe for customers who are paying attention to their queue of upcoming deliveries. As the years have gone by, I’ve watched my own queue be decimated by this process, with titles first moving from “queue” to “saved” (essentially a request that Netflix obtain a DVD they no longer have), to then disappearing from the service entirely. Many films I borrowed from Netflix in the last decade no longer show up at all when searched at DVD.com, and they’re exactly the sort of movies you would expect to see disappearing—cult films, foreign films, obscure titles, B-movies, etc.

Via Nick Heer:

The curious thing is that these services are both balkanized — in that they have vast amounts of stuff licensed exclusively to one service — and conglomerated — there are only a handful of parent companies that own all of Hollywood’s major studios. So instead of the music streaming model, where most people just pay for one service and then listen to a massive catalogue of music ranging from mainstream hits to independent artists, the movie industry thinks we’re all going to pay for each of their siloed services[…]

Previously:

History of Flow vs. Asana

Andrew Wilkinson:

This is a story about how I lost $10,000,000 by doing something stupid.

[…]

It turned out that Dustin Moskovitz (@moskov), the billionaire co-founder of Facebook, was a fellow to-do list junkie, and he was quietly working on his own product.

[…]

It was ugly! It was designed by engineers. Complicated and hard to use.

Not a threat in the slightest.

[…]

Suddenly, Asana ads were everywhere.

[…]

In order to stay competitive, we had underinvested in our engineering team due to cash constraints and stretched them across mobile, desktop, and web.

[…]

We lost the war, due to inexperience, product myopia, and a lack of capital in a highly capital intensive and competitive space.

David Heinemeier Hansson:

Flow spread itself thin thinking “the market” had set certain non-negotiable bars, so unless they had, say, an Android app RIGHT NOW, they’d be toast. This led to a me-too, low-quality product full of bugs. Instead of focusing on a smaller, more opinionated, more differentiated product.

[…]

Wilkinson’s tale of regret is steeped in war metaphors. Bringing bigger, badder weapons to this imaginary war with Asana. Locked into a Cold War one-upping game. Of course you’re going to lose if you define your company and your product on the competition’s terms, try to copy whatever they’re doing, but don’t have half the money to do so.

[…]

If you run your company like it was VC funded without the venture capital, yeah, you’re going to wish you had just taken other people’s money.

Update (2021-04-16): Dustin Moskovitz (via Steve Landey):

My version of this story is that Flow and Asana were both small fish in a big pond at the time and we were trying to convince Andrew he should team up with us against much more established competitors. Our budget and team in the years he’s talking about was tiny.

I don’t invite other founders to coffee just to do Bond-villain type gloating.

Tuesday, April 6, 2021

Swift “Collections” Package

Karoy Lorentey (tweet):

I’m thrilled to announce Swift Collections, a new open-source package focused on extending the set of available Swift data structures. Like the Swift Algorithms and Swift Numerics packages before it, we’re releasing Swift Collections to help incubate new functionality for the Swift Standard Library.

[…]

The main benefit of Deque over Array is that it supports efficient insertions and removals at both ends.

[…]

OrderedSet is a powerful hybrid of an Array and a Set.

[…]

OrderedDictionary is a useful alternative to Dictionary when the order of elements is important or we need to be able to efficiently access elements at various positions within the collection.

Previously:

Use Emergency Bypass to Circumvent Do Not Disturb

Josh Centers and Adam Engst:

What’s the difference between Allow Calls From and Emergency Bypass? In essence, you can use Emergency Bypass to allow both calls and text messages. However, it’s not as straightforward as Allow Calls From. There’s no mention of Emergency Bypass in the Do Not Disturb settings, you have to find and enable it for individual contacts, and you shouldn’t confuse it with the unrelated Emergency Contacts used for Medical ID notifications.

[…]

There is one potentially unexpected caveat. If your Mac is awake and running Messages, it will likely capture text messages before they’re sent to your iPhone. In most situations, that’s sensible—you don’t want text message notifications to make sounds on every Apple device you own if you’re actively using your Mac. Obviously, if you’re away from your Mac, it should be sleeping, but if that’s not true for some reason, it could prevent messages from arriving on your iPhone regardless of Emergency Bypass.

[…]

The only thing to keep in mind is that Emergency Bypass will cause your iPhone to make sounds even if Do Not Disturb is on and the ring/silent switch is enabled. That’s the point, of course, but there are situations where silence is essential—a recital, a play, a meditation class. In other words, if Emergency Bypass overrides Do Not Disturb, how can you override Emergency Bypass every so often? Editing individual contact cards is clearly too much work. We found two levels of workaround[…]

This seems so complicated. But, then, it’s also not so simple to describe how you want it to behave.

Switching Back to Mac

Carlos Fenollosa (via Hacker News):

Due to very bad decisions by Apple’s product marketing teams, Mac hardware and software had been in steady decline since 2016.

Therefore, there has been a trickle of articles on the Geekosphere about people switching from Macs to Linux or Windows.

This is the contrarian view. Don’t do it.

The TL;DR is right there in the title: migrating to Linux is fine, but don’t expect a better experience than the Mac.

He really liked the Nautilus file manager, though.

Previously:

Monday, April 5, 2021

Copying the Java API Was Fair Use

James Romoser (tweet, Hacker News):

The Supreme Court on Monday sided with Google over Oracle in a major copyright battle, ruling that Google’s copying of a portion of the Java SE computer program is protected as “fair use.”

The ruling in Google v. Oracle was 6-2, with Justice Stephen Breyer delivering the opinion of the court.

[…]

In siding with Google, Breyer wrote that, assuming for the sake of argument that the lines of code can be copyrighted, Google’s copying is nonetheless fair use.

Mike Masnick:

The background of this case is actually kind of important to understanding what just happened, so here’s a quick(ish) recap.

[…]

One of the big debates in the lead up to the case, and at oral arguments, was what “analogy” best represented what an API was. You can see above Breyer mention the Dewey Decimal System, which is a pretty good analogy.

[…]

Breyer then notes that even though Google asked the Court to say APIs are not covered by copyright, since they can answer the fair use question and dispose of the issue, the court will just assume that APIs are subject to copyright for the sake of exploring fair use, and leave the actual question of copyright and APIs to another day (groan).

Charles Duan:

SCOTUS doesn’t just rule in favor of Google in @googlevoracle, but says that API reimplementation is fair use as a matter of law, meaning that the decision applies to all APIs

[…]

Anyway, this is great news for software folks. The concern was that SCOTUS could just let the jury decision stand, solving Google’s case but leaving an open question for all future software developers.

Florian Mueller:

Given that the justices were pretty much unanimously leaning toward copyrightability in October, it would be quite risky for anyone to consider API declaring code uncopyrightable. However, technically the Federal Circuit’s copyrightability decision hasn’t been affirmed either.

[…]

There’s plenty of people out there now who are celebrating today’s Supreme Court decision as promoting innovation, competition, and openness. In reality, the net effect will be the opposite. When Sun created Java, they allowed everyone to make and publish apps for it. Sun adopted a dual-licensing model under which you could either get Java under the GPL free software license or take a commercial license. Sun is history--it was acquired by Oracle. The next company contemplating the development of a comparable platform will look at what happened in Oracle v. Google. Against that background, it may either be discouraged from making the investment in the first place--or it may be encouraged to pursue an Apple-like platform business model (“walled garden”) and create network effects through a non-open system with cloud components, an exclusive app store, and so forth. In other words, if you can’t own software, you’ll try to own (access to) users.

Jesper:

The ruling managed to find its way to a reasonable outcome, but if these are the tools used to chisel fundamental conditions for developers, companies and people the world over, we are all in bad shape for the future.

John McCall:

Yes, I think this decision does strongly imply that the GNU position that linking a library can be controlled by copyright is incorrect

Previously:

Facebook Breach

Tim Hardwick (Hacker News):

The personal details of more than 553 million Facebook users have been published on a website for hackers, according to multiple reports over the weekend.

[…]

In a statement, Facebook said the data was from a breach of its servers that had occurred in 2019 and it had since plugged the security hole that allowed it to take place.

While the information appears to be old, the details in the shared database include phone numbers, Facebook IDs, names, locations, birthdates and email addresses, all of which could be used in social engineering attacks or hacking attempts.

None of those is easy for users to change.

David Sparks:

If you have a Facebook account, now is the time to be on alert for scammy phone calls from people who will try and social engineer their way into your credit card numbers and bank accounts. There is already a scam where they call and claim to be the IRS and need “immediate payment to avoid criminal prosecution”. I’m sure they’ll come up with even more dreadful ways to abuse this treasure trove of data.

Previously:

Update (2021-04-15): Elizabeth Culliford (via Hacker News):

Facebook Inc did not notify the more than 530 million users whose details were obtained through the misuse of a feature before 2019 and recently made public in a database, and does not currently have plans to do so, a company spokesman said on Wednesday.

Lily Hay Newman (via Hacker News):

De Ceukelaire and other researchers had already alerted Facebook to similar issues. In 2012, Facebook made changes that resulted in the site's “Download Your Information” tool leaking phone numbers and email addresses that users had not supplied themselves through the contact import feature. A researcher disclosed the issue to Facebook in 2013; in 2018, the Office of the Privacy Commissioner of Canada and the Office of the Data Protection Commissioner of Ireland investigated the finding.

[…]

That incident differs from the more recent Facebook controversy, in which attackers were able to "scrape” Facebook by enumerating batches of possible phone numbers from more than 100 countries, submitting them to the contact import tool, and manipulating it to return the names, Facebook IDs, and other data users had posted on their profiles. Still, the lapse spoke to the potential for the contact import tool to access sensitive data and the need to look carefully for bugs and inadvertent behavior in the feature.

Yahoo Answers Shutting Down

Nick Statt:

Yahoo Answers, one of the longest-running and most storied web Q&A platforms in the history of the internet, is shutting down on May 4th. That’s the day the Yahoo Answers website will start redirecting to the Yahoo homepage, and all of the platform’s archives will apparently cease to exist. The platform has been operating since 2005.

Yahoo, which is now part of Verizon Media Group following the company’s sale to the telecom for nearly $5 billion in 2017, announced the change at the top of the Yahoo Answers homepage. The message links to an FAQ, which details the timeline of the shutdown.

Previously:

Tim Cook on Sideloading

Sami Fathi (tweet):

In a wide-ranging interview with The New York Times’ Kara Swisher, on her podcast “Sway,” Apple CEO Tim Cook talks about Apple’s feud with Facebook, its stance on privacy, Apple’s legal battle with Epic Games, and possible future Apple innovations such as Apple Glasses.

[…]

One of Epic Games’ biggest arguments about the Apple ecosystem is the lack of so-called “freedom” for users to download apps from places other than the App Store. Many have long voiced their hope that Apple would allow users to sideload apps onto their device, such as the iPhone. Cook says that sideloading apps, however, would “break the privacy and security” model of the iPhone.

Previously:

Update (2021-04-14): Joe Rossignol:

Notably, Cook said that Epic Games’ desire for Apple to let developers offer their own payment systems in apps “would make the App Store a flea market”:

At the heart of the Epic complaint is they’d like developers to each put in their own payment information. But that would make the App Store a flea market and you know the confidence level you have at the flea market.

The volume of people going into such a market would be dramatically lower, which would be bad for the user, because they would miss out on the innovation like we just heard with the four developers. And the developers would be left out because they wouldn’t have a huge audience to sell to. So nobody wins in that environment.

This is some preztel logic. Of course, there are already lots of apps where customers enter payment information—just not apps selling certain kinds of digital services where Apple prohibits that.

Apple’s dictionary defines a flea market as “a market, typically outdoors, selling secondhand goods,” and the term comes from the idea that the resold items may be infested with fleas. Does an app become secondhand when you buy it directly from the developer rather than through Apple? Does Tim Cook think Apple is making sure there are no bugs?

Kosta Eleftheriou:

Apple has turned the magic of software development from “How cool would this be?” to “How cool would Apple be with this?”

That’s an environment of software suppression, not innovation.

Florian Mueller:

Sooner than I’d have thought, here’s my first follow-up to the publication of the summaries of Apple’s expert witness reports in the Epic Games v. Apple App Store antitrust case.

When I read those summaries for the first time, I tweeted about some of the statements I found in them. This is my tweet about the claim that Apple couldn’t support alternative app stores without not only software but even hardware changes.

Update (2021-04-22): See also: Accidental Tech Podcast.

Apple Music macOS Review

Your Product Sucks:

Apple Music app on macOS Catalina is “not so great”

This one can’t be blamed on Catalyst.

Via John Gruber:

Music on Mac is just an utter embarrassment for Apple. Truly an ignominious fate for iTunes, which started 20 years ago as an exemplar of a great Mac app.

Previously:

Update (2021-04-15): Cabel Sasser:

That is definitely not the UI experience I expected when clicking “more” in Music

Update (2021-08-13): Mark Hughes:

So, I was listening to my last playlist, and realized I don’t own one of the albums, so I figure I’ll grab it off iTunes…

No iTunes app. No “show in iTune Store” action on the album page (Share has since shown back up, because Apple Music is non-deterministic). There’s an iTunes Store on my phone, but I want to download it here on my desktop. Fine, where’s the store page. It’s… missing. After some duck searches, turns out you have to open Apple Music Preferences, check “iTunes Store” in a little grid. I didn’t deselect this, it came deselected, meaning NOBODY is going to see it.

Friday, April 2, 2021

Snapchat’s App Tracking Transparency Workaround

Juli Clover:

Apple has begun rejecting app updates that do not comply with the App Tracking Transparency rules that the company is enforcing starting with iOS 14.5, according to a new report from Forbes.

Apps must ask for permission to access the advertising identifier or IDFA of a user’s iPhone in order to track them across apps for ad targeting purposes, a rule that apps will need to comply with when iOS 14.5 launches. The rule also prevents apps from using other workaround methods for tracking users, which is getting some developers into trouble already.

Ben Lovejoy:

Snapchat owner Snap has tested a workaround to App Tracking Transparency using a technique that has a success rate of around 95% in identifying individual users.

Snap says that it will discontinue the tests once the new privacy rule comes into effect, but that it believes there are other steps it can take without breaking Apple’s rules…

[…]

Snap admitted to the FT that it has been running the tests, but said it would cease doing so when the App Tracking Transparency rules take effect in the next few weeks.

Previously:

Update (2021-04-16): John Gruber:

The whack-a-mole aspect of Apple’s new privacy rules is that while Apple can restrict access to the API that provides access to the IDFA identifier, clever developers can find (perhaps infinite) other ways to combine things they do have access to into a unique, or even just “close enough to unique to be useful for tracking”, identifier. IP addresses, to name just one example, are a big factor that Apple can’t block would-be-trackers from using. That’s what CAID is, but CAID isn’t some rogue effort on the part of surveillance advertisers alone — it has the backing of the Chinese government.

Doing this is clearly against Apple’s rules. The questions are: Can Apple detect these techniques? And what is Apple going to do if they do identify apps in China using CAID in flagrant violation of the App Store rules, if those apps have the backing (implicit or explicit) of the Chinese government?

Apple Arcade Adds Classic Games

Sami Fathi:

Apple today announced that its mobile gaming subscription service, Apple Arcade, is gaining 30 classic games including “Fruit Ninja,” “Monument Valley,” “Solitaire,” and “Cut the Rope” as the service passes a total of 180 titles.

Previously:

The Mac Needs Shortcuts

Jason Snell:

The problem is that today, everything about user automation on Apple’s platforms is fractured. On the Mac, the technologies feel old-fashioned, adrift, and increasingly unsupported. On iOS, Shortcuts has some weaknesses and an every-app-for-itself mindset prevails. And between the two platforms there’s no connectivity at all.

[…]

As much as I like the impetus behind Automator—automation for the masses!—it died on the vine. Apps didn’t support it well, and Apple failed to provide a robust enough library of actions to make it work well on its own. If I ever thought Automator was okay, one glance at Shortcuts (or its predecessor, Workflow) would disabuse me of the notion. Still, I end up using Automator regularly because it allows me to integrate AppleScript and unix/shell scripting directly into the Finder.

[…]

It’s clear to me now: Apple needs to make Shortcuts available everywhere.

[…]

That’s a lot to ask, but since I’m on a roll, I’ll once again suggest that Apple needs to more explicitly support scripting languages on both platforms.

Previously:

“Foil” UserDefaults Property Wrapper

Jesse Squires (tweet):

UserDefaults is one of the most misused APIs on Apple platforms. Specifically, most developers do not handle default values correctly. In fact, I have never worked on a single production codebase at a company where this was done accurately. Most libraries get it wrong, too.

[…]

There are a few libraries that currently provide a property wrapper for UserDefaults. However, the ones that I know about each have a combination of the following issues: (1) default values are not registered, (2) optionals are not handled nicely, (3) the library is extremely complicated for such a simple task.

I like his approach. Mine differs in that:

Previously:

YouTube Testing Removal of Dislike Count

YouTube (via Hacker News):

In response to creator feedback around well-being and targeted dislike campaigns, we’re testing a few new designs that don’t show the public dislike count.

This seems like a bad idea, as dislikes were a good, quick indicator that a video might be misleading or at least controversial.

Previously:

Aho and Ullman Win Turing Award

ACM (via Hacker News, Cade Metz):

ACM named Alfred Vaino Aho and Jeffrey David Ullman recipients of the 2020 ACM A.M. Turing Award for fundamental algorithms and theory underlying programming language implementation and for synthesizing these results and those of others in their highly influential books, which educated generations of computer scientists.

[…]

“Aho and Ullman established bedrock ideas about algorithms, formal languages, compilers and databases, which were instrumental in the development of today’s programming and software landscape,” added Jeff Dean, Google Senior Fellow and SVP, Google AI. “They have also illustrated how these various disciplines are closely interconnected. Aho and Ullman introduced key technical concepts, including specific algorithms, that have been essential. In terms of computer science education, their textbooks have been the gold standard for training students, researchers, and practitioners.”

I have fond memories of Compilers: Principles, Techniques, and Tools, which everyone called the Dragon Book.

Previously:

Long Term iPhone 12 Camera Review

Sebastiaan de With:

The only time that I found the smart image processing on the iPhone noticeably bothersome is when skies get overly tinted blue. It’s clear that the iPhone can now easily detect and segment the sky in a shot, and it applies nice smooth noise reduction to it to get wonderful gradients. But even cloudy skies tend to get a blue cast that isn’t as neutral as you’d like.

[…]

Initially, I hadn’t tested Portrait + Night mode very much. In the few tests I did, though — comparing it to a regular camera and the iPhone 12 mini, which is unequipped with a LIDAR sensor, it works outrageously well[…]

[…]

Flaring on the ultra wide and wide cameras is not just noticeable, but outright bothersome when shooting into light. In the above image, you can see the telltale iPhone ‘green orb’ flare that is a result from internal reflections in the lens. This can be fairly unobstrusive as in that shot, but when shooting many bright point sources of light head-on, can outright ruin a shot.

[…]

Noise reduction is something I never really enjoyed on iPhones, and I find it really bothersome that ProRAW does not give granular control over how much is applied to a final image. When shooting in dark conditions with the iPhone’s less light-sensitive cameras, you can get muddled images that would’ve looked nicer with some grain. It’s almost like a watercolor painting[…]

Previously: