Archive for June 2021

Wednesday, June 30, 2021

DocC Is Unusable for Open Source Projects

Jesse Squires (tweet, Hacker News):

The problem with DocC is hosting and distribution — arguably the most important aspect of this type of tool! What’s the point of generating amazing docs for your library or SDK if you can’t easily distribute or publish them for your users? When you run DocC, it produces a .doccarchive package that includes all the HTML, CSS, JavaScript, and other resources for your documentation website. According to the docs on distribution, you must host this .doccarchive on your web server and implement various rules to rewrite incoming URLs. The example provided defines rules in an .htaccess file for Apache.

[…]

DocC fails to deliver for this extremely popular use case — in my opinion, the most popular. DocC does not work with GitHub Pages — a significant barrier for adoption for essentially all open source projects in the Apple developer community. I experimented with some hacks, but was unable to make DocC do what I need. The GitHub Pages server environment is a bit opaque to the user, but it is intended for hosting static sites (Jekyll, for example), which DocC does not produce. DocC creates a Vue.js web app and requires that you run your own web server to dynamically serve it, as described above. The process feels clunky and overcomplicated compared to GitHub Pages.

[…]

It feels like Apple built DocC for Apple.

Paul Hudson:

As things stand, the generated documentation is effectively a sealed box – the Apache rewrite rule references a theme-settings.json file, which suggest some customization is going to come, but I don’t know to what extent. I can imagine bigger companies wanting their corporate branding integrated, or their regular site navigation.

The web pages are also very heavy on the JavaScript and honestly I’m not sure why – the reference documentation and articles are simple beasts, and if DocC could flatten them to plain HTML then I imagine the rewrite rules would just go away. At the same time, Apple’s own documentation system is completely inaccessible with JavaScript turned off, so I don’t hold out a great deal of hope here.

Update (2021-07-02): Helge Heß:

We are going to look at the documentation archive produced, the good&bad and how to generate a static website.

Remixing Old Tracks in Spatial Audio Is “Sacrilegious”

Bob Lefsetz:

I got the following e-mail from a producer/engineer:

I just want to try and alert you to the potential seismic scam happening with this Atmos roll out. Atmos catalog remixing is being done by the truckload in a handful of Nashville, LA, and NYC rooms right now and has been for a couple of years, and almost none of it is being overseen or approved by the artist or original producer or mixer. And these versions- according to Apple- will be the new standard versions, superseding the original versions, now designated by Apple to the dustbin of history.

[…]

In the rush to make content for Apple, labels are jamming this crap out with little QC and -again- almost no input from artists.

[…]

And what I’ve learned is…the Spatial Audio and stereo versions are not only different, the process affects the punch, the essence of the originals!

I compared Spatial Audio tracks to their HD equivalents on Amazon Music and I found exactly what one writer said: the vocal gets lost. Instead of being up front and in your face, it’s buried more in the mix.

Via Nick Heer:

No matter how good I thought Marvin Gaye’s “What’s Going On” sounded in Atmos, it is a bit like doing a 3D movie conversion on “2001: A Space Odyssey”. The person creating the remix, no matter how well-intentioned, has no idea what the original mixer or the artist would have wanted in this situation.

Previously:

Update (2021-07-03): Nilay Patel:

Turned Apple Music spatial audio off for good. I appreciate the effort but it’s a lot of complication for everything to sound slightly more hollow. The 3DTV of music.

Update (2021-07-09): David Sparks:

Thankfully, spatial audio is nothing like that. It comes through as different, and it is most definitely noticeable. However, it is also subtle, and in the case of some of my favorite older jazz tunes, it feels like a really good remaster. Luckily, everything came through sounding like it did before but in 3D instead of 2D. In short, I’m sold, and I want more.

A few playlists I would recommend if you want to give this a try are Apple’s Jazz in Spatial Audio playlist. Art Blakey’s “Hipsippy Blues” feels like one of the most improved tracks. I expect that’s because so many of Art Blakey’s albums were recorded live in clubs that this treatment feels natural. Another album worth checking out is the L.A. Philharmonic’s Celebrating John Williams album, which also got the Dolby Atmos treatment.

Oregon Trail for iOS Is Back

Mark Wilson:

A new version of The Oregon Trailout now for iOS devices that subscribe to Apple Arcade—begins to wrestle with this tension. Developed by an Australian team at Gameloft, a prominent mobile game developer, the new version mostly plays like the old Oregon Trail you know. You get a wagon, buy supplies, and gather a team to join you on the journey. Along the trail, you ford rivers, break legs, and shoot way too many pounds of buffalo to possibly carry back.

What’s different is that Native American history scholars gave input. That input led to more human, and historically accurate, representations of Indigenous people, culminating in the first playable Native American characters in any Oregon Trail game.

Previously:

Faster App Launching in iOS 15 and Monterey

Apple:

All programs and dylibs built with a deployment target of macOS 12 or iOS 15 or later now use the chained fixups format. This uses different load commands and LINKEDIT data, and won’t run or load on older OS versions.

Noah Martin:

The app binary is broken into segments which each contain a chain of fixups that can be either binds or rebases (there are no more lazy binds). Each 64 bit rebase location in the binary now encodes the offset it points to as well as the offset to the next fixup[…]

[…]

This very compact encoding means the entire process of walking the chain can be contained within the existing size of the binary. In my tests over 50% of dyld data’s contribution to binary size is saved since only a small amount of metadata is reserved to indicate the first fixup on each page. The end result was an over 1mb size reduction for large Swift apps.

[…]

[The] chained fixups group all changes for each memory page together. Dyld can now process them faster with one pass through memory, completing rebases and binds at the same time. This allows OS features like the memory compressor to take advantage of the well known ordering, not needing to go back and decompress old pages during binding.

Previously:

Update (2021-07-06): See also: Hacker News.

Why You Can’t Roll Back Big Sur’s System Volume

Howard Oakley:

If you as a user make a snapshot of the System volume, you’ll get an unsealed replica of the System volume that can’t be used to replace the new sealed snapshot, and hasn’t even been blessed to make it bootable. Trying to roll back to that would only end in failure.

What has been tried earlier in Big Sur is preserving the previous bootable sealed snapshot rather than deleting it once a macOS update has been completed. This isn’t a cheap option, though: it would probably require up to 15 GB of free space on the System volume. Because of that, macOS would need to remove it automatically after a period of a week perhaps, which sets a time limit on its use for a rollback.

It’s unclear why Apple doesn’t provide an option in its updaters to automatically preserve the old snapshot for a maximum of one week, to support rollback over that time. Unfortunately, it’s not something the user can achieve any other way.

Previously:

Tuesday, June 29, 2021

Lightroom Classic 10.3

Adobe (via Agen Schmitz):

Super Resolution enables you to get the most out of your images by intelligently improving image quality while maintaining sharp edges and color accuracy. Powered by AI technology, Super Resolution increases the width and height by 2x each for a total of 4x pixels.

[…]

Starting with version 10.3, Lightroom Classic runs natively on Apple Silicon devices for the optimal experience and performance. Tethered Capture is supported on Apple Silicon devices under the Rosetta emulation mode.

[…]

With this release, you will experience performance improvements while selecting and updating metadata for multiple images.

Previously:

GitHub Copilot

Nat Friedman:

We spent the last year working closely with OpenAI to build GitHub Copilot. We’ve been using it internally for months, and can’t wait for you to try it out; it’s like a piece of the future teleported back to 2021.

GitHub (Hacker News):

With GitHub Copilot, get suggestions for whole lines or entire functions right inside your editor.

[…]

GitHub Copilot is available today as a Visual Studio Code extension. It works wherever Visual Studio Code works — on your machine or in the cloud on GitHub Codespaces. And it’s fast enough to use as you type.

[…]

GitHub Copilot works with a broad set of frameworks and languages. The technical preview does especially well for Python, JavaScript, TypeScript, Ruby, and Go, but it understands dozens of languages and can help you find your way around almost anything.

inimino:

Cargo-cult programming has always been a problem, but now we’re explicitly building tools for it.

fzaninotto:

I’ve been using the alpha for the past 2 weeks, and I’m blown away. Copilot guesses the exact code I want to write about one in ten times, and the rest of the time it suggests something rather good, or completely off. But when it guesses right, it feels like it’s reading my mind.

It’s really like pair programming, even though I’m coding alone. I have a better understanding of my own code, and I tend to give better names and descriptions to my methods. I write better code, documentation, and tests.

Francisco Tolmasky:

I think one reason things like GitHub Copilot don’t resonate with me is that when I do want code written for me, it’s for an interesting enough problem to merit a library (like CodeMirror). I just don’t find myself in these glue code purgatories that these demos aim to eliminate.

IOW, I feel like I’ve been living the dream of “having the hard stuff done for me” for ages now. It’s called, ironically enough, @github and @npmjs … and it’s awesome! It’s often thoughtfully encapsulated in a nice API, as opposed to copy/pasting from stackoverflow… at scale?

Update (2021-07-02): Feross Aboukhadijeh:

I’ve been testing #GitHubCopilot in Alpha for the past two weeks. Some of the code suggestions it comes up with are eerily good.

Here’s a thread with some examples that I found surprising.

Alexey Golub:

Gonna spend an entire today working in VS Code w/ #GitHubCopilot today. Curious to see where this will take me✨

For starters, here it was able to infer the usage of CliWrap from previous lines and apply it to solve an entirely different problem. All based on a single comment 🤯

Marcel Weiher:

As far as I can tell, it’s an impressive piece of engineering that shouldn’t exist. I mean, "Paste Code from Stack Overflow as a Service" was supposed to be a joke, not a product spec.

Matt Diephouse:

GitHub Copilot could definitely be helpful while implementing a custom Collection in Swift.

Or an Encoder or Decoder.

Or to work with Strings.

Maybe Copilot could provide analytics about which APIs people find difficult to use and what operations they want to perform?

See also: Dave Verwer, Hacker News.

Update (2021-07-06): Patrick McKenzie:

I’m probably more bullish on this product than my model of most programmers. Contrary to naive expectations, it doesn’t decrease demand for programmers; it probably decreases unproductive time of junior programmers stumped by the “white page problem.”

For many years folks, often non-technical, have mentioned tauntingly “Wait until you automate programmers out of a job” and that was the exact opposite of what happened when we introduced cutting edge AI like compilers and interpreters to liberate programmers from programming.

Remote Wiping of WD My Book Live Drives

Dan Goodin (Hacker News):

Western Digital, maker of the popular My Disk external hard drives, is recommending that customers unplug My Book Live storage devices from the Internet until further notice while company engineers investigate unexplained compromises that have completely wiped data from devices around the world.

The mass incidents of disk wiping came to light in this thread on Western Digital’s support forum. So far, there are no reports of deleted data later being restored.

Tim Hardwick:

The WD My Book Live is the company’s network-attached storage device with the book-style design that can stand upright on a desk. The drive is typically connected to computers via USB and connects to a local network via ethernet. Meanwhile, the WD My Book Live app lets users access their stored files remotely through Western Digital’s cloud servers.

Following further reports, a pattern has gradually emerged in shared device logs that points to a remote command initiating a factory reset on affected devices beginning at around 3:00 p.m. on Thursday and continuing throughout the night.

Dan Goodin:

Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but also a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows.

The vulnerability is remarkable because it made it trivial to wipe what is likely petabytes of user data. More notable still was that, according to the vulnerable code itself, a Western Digital developer actively removed code that required a valid user password before allowing factory resets to proceed.

Howard Oakley:

In both cases, those worst affected by the loss of backups are those who have entrusted those backups to just one destination: iOS/iPadOS devices to iCloud, and local backups to ageing My Book Live storage. While neither should have resulted in such data loss, and both Apple and Western Digital need to investigate and act in their users’ best interests, no one should ever rely on a single backup set, nor a single method of making backups.

Previously:

Allowing iOS Security Updates Without Upgrading

Filipe Espósito:

Apple has never been flexible when it comes to iOS updates. While users can choose not to install an update, you will be left without security fixes if you don’t install the latest version of iOS available. Although Apple still updates iOS 12 for older iPhones and iPads, devices currently supported by the company don’t have the option to run this operating system with the latest security updates.

Benjamin Mayo:

For the first time, Apple will allow users to stay on the previous major version when iOS 15 ships in the fall. Users will have the choice to stay on iOS 14 and receive important security updates, or upgrade to iOS 15 to take advantage of all the new features.

So, more like the Mac. Bravo.

Friday, June 25, 2021

Download Full Installer

Armin Briegel:

A while back I wrote up a blog post on deploying the Install macOS Big Sur application. As one of the solutions, I posted a script (based on Greg Neagle’s installinstallmacos.py) which listed the pkgs from Apple’s software update catalogs so you could download them.

During and after WWDC, I wanted to see if I could build a SwiftUI app. I thought that building a user interface for this task would be a nice practice project.

[…]

I put it on GitHub. You can just download the app from the release page and use it, or clone the repo and take a look at the code.

Previously:

More iCloud Calendar Spam

Thomas Reed:

Recently, we have seen an increasing number of reports from iPhone users about their calendars filling up with junk events. These events are most often either pornographic in nature, or claim that the device has been infected or hacked, and in all cases they contain malicious links. This phenomenon is known as “calendar spam.”

[…]

These pages will redirect to a variety of App Store apps. Mostly, these are junk VPNs or supposed security apps. They mostly have high ratings, and have been around for 4+ years, but the total number of ratings given is low. This could be an indication that the ratings have been reset periodically.

Worse, many of these apps have high price, short duration subscriptions. In most cases, prices are around $8.99 or $9.99 per week.

Sami Fathi:

Apple has not publicly commented on what specific measures it has taken to solve the issue, but through a video posted by Apple Support, that has so far garnered more than 97,000 views, it has a solution.

The video advises that users, logically, unsubscribe from these spam calendars. The video doesn’t offer any insight into what proactive measures users can take to not receive the invitations in the first place.

Previously:

Apple Attacks Sideloading

Apple (ArsTechnica, MacRumors, 9to5Mac, Hacker News, 2, 3):

Thanks to all these protections, users can download any app on the App Store with peace of mind. This peace of mind also benefits developers, who are able to reach a wide audience of users who feel confident downloading their apps.

[…]

Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store. Because of the large size of the iPhone user base and the sensitive data stored on their phones – photos, location data, health and financial information – allowing sideloading would spur a flood of new investment into attacks on the platform.

[…]

Studies show that third-party app stores for Android devices, where apps are not subject to review, are much riskier and more likely to contain malware as opposed to official app stores.

[…]

100,000 new apps and updates are reviewed every week on average by a team of over 500 dedicated experts, who review apps in different languages.

[…]

By providing additional distribution channels, changing the threat model, and widening the universe of potential attacks, sideloading on iPhone would put all users at risk, even those who make a deliberate effort to protect themselves by only downloading apps through the App Store.

Needless to say, I do not find this very convincing. Apple’s perspective is certainly valid, but this is, as expected, not trying to be a fair presentation of the different options. Rather, it’s a skewed framing that ignores the downsides of Apple’s approach and the upsides of the alternatives. It assumes that App Review is effective at catching scams and privacy violations. (Try calculating from the numbers above how much review time each app gets.) Apple wants you to think that with sideloading customers would be on their own in determining which apps to trust. And that the different things the App Store does are only possible if bundled together.

Sami Fathi:

Speaking to Fast Company, Apple’s head of user privacy, Erik Neuenschwander, said that opening the doors to sideloading apps on iPhone and iPad, which would enable users to download apps from the web and other app marketplaces besides Apple’s App Store, could lead users to be “tricked or duped” into “some dark alley.”

John Gruber (tweet):

I think it’s good, fair, and cogent. I highly encourage you to read it — it’s not long — then come back for my annotations below.

[…]

What the sideloading arguments ignore are the enormous tradeoffs involved. Yes, there would be benefits — a lot of cool apps that aren’t permitted in the App Store would be installable by as many iOS users as want to install them. But many non-technical users would inevitably wind up installing undesirable apps via work/school requirements or trickery that they could not be required or tricked into installing today.

There are tradeoffs either way, but I just don’t see the basis for these assertions. I don’t hear stories about lots of non-technical Android users doing this. Businesses can already force employees to install certain apps, and these apps can already bypass App Review via Apple’s enterprise program. Centralizing app distribution in the App Store makes it a magnet for fraud and scams, because it’s much easier to game the App Store than traditional marketing and distribution. This, combined with the false sense of security that Apple offers, may actually lead to more users being tricked.

Typical users install more apps on their less capable phones than they do on their far more capable PCs. This is as close as we can get to proof that Apple’s App Store model on iOS hasn’t just worked, but has proven to be wildly successful and popular with users.

Or maybe phones and PCs are just different. Controlling for that by looking at the Mac, where users have a choice between the two models, does it seem like the Mac App Store is wildly more successful?

I’ll admit it: if Mac-style sideloading were added to iOS, I’d enable it, for the same reason I enable installing apps from outside the App Store on my Mac: I trust myself to only install trustworthy software. But it doesn’t make me a hypocrite to say that I think it would be worse for the platform as a whole.

Worse because users would choose to sideload and regret it? Or because they would be forced to sideload to get key apps? I think the benefits far outweigh the downsides in the first case. The second case is I think the strongest argument against sideloading, but I think the evidence from Android is that in practice it’s not much of a concern. Users are not, in fact, sideloading an extra creepy version of the Facebook app. They still have to download it from the Google Play Store. If anything, I think this points to the benefits of sideloading maybe being less than we’d hope. The vast majority of Android users probably don’t sideload at all. With so much inertia behind the App Store, and the fear mongering and user interface nudging that Apple would inevitably apply, it may not be feasible for most businesses to succeed outside the App Store.

The above is a goal of the App Store — and I would argue that [ensuring apps are trustworthy] remains the primary goal. But clearly the App Store serves another goal for Apple: making the company money. […] That’s a conflict of interest, and it detracts significantly from Apple’s entirely legitimate trustworthiness argument defending the App Store model for distribution.

If you were designing a system primarily to protect customers, the last thing you’d want is for the entity reviewing apps to be making money on each one sold. And, just as you’d expect from such an arrangement, we see scammy apps among the top sellers and legitimate apps rejected for business rather than safety reasons.

Guilherme Rambo:

Side loading wouldn’t mean that the sandbox just suddenly goes away. The stuff described here could very well be done by an app in the App Store today with an exploit, we know how good they are at finding scams…

I think the problem is that people read “side loading” and they immediately think of jailbreaking, which allows apps with arbitrary signatures and entitlements to run on the device. That’s very different from just side loading apps as they exist today (and with notarization).

Scott:

Today’s media blitz by @Apple re: #sideloading is nothing short of appalling in the sheer amount of bullshittery.

Riley Testut:

It’s clear Apple’s very concerned w/ antitrust legislation, as this document is effectively just a scare-tactic predicated on some misleading information[…]

Marco Arment:

The best thing Apple could do to protect the safety and security of iOS touted so heavily in that sideloading PDF:

Lift the most anticompetitive IAP rules.

Without them, no government would have enough reason to force larger changes like sideloading or alternative app stores.

Apple’s continuing their gross PR strategy of conflating:

- IAP restrictions
- App Store distribution
- app review
- iOS’s technical security

…to confuse people into thinking they’re all equally required parts of the whole iOS app-security package.

But they’re not.

Nick Heer:

In a parallel universe — one in which Apple cut its commission over a period of several years, as Phil Schiller suggested, and where it was not so prohibitive with its anti-steering rules — would it be getting sued by developers over its App Store rules, investigated by governments around the world, and be facing a battery of proposed legislation that would, if passed, eliminate the most compelling qualities of its products? I cannot imagine the situation would be this heated. But we do not live in that universe; in this one, that is the gamble Apple is making, and customers and developers are left hanging in the balance.

Also — and this is a little thing — but the repeated use of the “locked Apple” privacy graphic in that report is, I think, maybe not the greatest way of disabusing people of the notion that Apple’s ecosystem is so closed-off that it entraps users.

Ryan Jones:

It makes me furious.

Apple has apparently decided it’s worth ~$5B to let politicians rewrite the App Store rules.

Or they are really confident in their lobbying.

Steve Troughton-Smith:

You’d think if Apple actually wanted to avoid regulatory pressure they would reduce their rates across the board, and stop abusing their monopoly position by unjustly interfering in other peoples’ business models, but no, they want to have their cake and eat it too 🤷‍♂️

[…]

All of the malware scenarios Apple lists in its 16 page report could be done on the App Store today. The solution would be to ban the developer’s accounts and revoke the app’s signatures — which would also work in a world where those apps were sideloaded. No change at all.

Apple’s trying to pretend that opening up a little means opening everything up completely. It doesn’t.

Michael Love:

I wish Google would release data on what % of Android users turn on “Allow unknown sources” (system option to allow sideloading), because I bet it’s extremely small and it would completely undercut all of these Apple arguments about sideloading and malware.

nougatmachine:

My favorite part about this latest evolution of the PR push is when they say it’s acceptable on the Mac because so few people try new apps on the Mac, as though this is a natural state that Apple in no way could influence

Previously:

Update (2021-06-29): Michael Love:

“Our phones would be just as insecure as Android phones if it weren’t for App Review [which incidentally Google also has]” is… not the best sales pitch.

You could talk about how great the Secure Element is or benefits of integrated HW/SW design, but nope, gotta be App Review.

The idea that because a small % of Android users click through several very scary warning screens in order to install a small number of non-Google-reviewed apps, Android has 47x as much malware as iOS is quite a take.

Mike Rockwell:

The App Store is holding the platform back. There’s a lot that Apple could do to improve the status quo, but apps would still be rejected for absurd reasons and garbage games designed to separate you from your money will always find their way to the top of the charts.

Update (2021-07-02): Damien Petrilli:

A lot are only seeing the downsides of alternative App Store, but there are a lot of upsides that might emerge.

One of them being cross platform license. Purchase your App on iOS, get the license on Android too. So you can switch without losing your purchases.

This stuff is pretty common on Mac/PC but not on mobile. Google and Apple are far too happy to have this cost of leaving their walled garden (in addition to the loss of all your books / movies / tv shows).

“Just switch” they say.

The anti-steering rule, in addition to keep Apple’s revenue safe, is also clearly targeted toward preventing users to get cross platform accounts.

Forcing “sign with AppleID” is the same. Apple, under the cover of ‘privacy’, want to limit the loss of user market control.

Kosta Eleftheriou:

Apple: Apps may only use public APIs.

Telegram: “VJJoqvuTfuIptuWjfx” 😅

The Washington Post:

He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin.

Update (2021-07-03): Glenn Fleishman (tweet):

While unfettered sideloading might not be what’s best for users, Apple is using a classic motte-and-bailey tactic to push back: instead of advocating for a position unpopular with its critics and that Apple likes (the bailey), the company instead pushes a connected but much more defensible position (the motte). Apple’s goal is total control of its platform and a generous cut of all revenues that pass through. That’s the bailey in this case—what Apple wants but would struggle to defend if stated openly. The motte, Apple’s easily argued position, is that smartphone users want to be safe and secure. The logical fallacy is Apple’s suggestion that if it were to loosen any control, iOS would fall like Rome to the barbarians when, in fact, there are existing counterexamples inside the Apple ecosystem itself.

[…]

Apple and regulators might reach compromises that don’t go as far as my suggestions above, but the paper is convincing only about certain aspects of Apple’s arguments. And there’s something about technology giants that brings politicians in the United States together across the aisle.

[…]

Apple oddly notes that “A study found that devices that run on Android had 15 times more infections from malicious software than iPhone.” The footnote cites Nokia’s 2020 Threat Intelligence Report 2020. That’s an accurate citation, but a bizarre statistic. The report says an average of 0.23% of mobile devices were estimated to be infected each month. Given that a couple billion Android and iOS/iPadOS smartphones and tablets are in use globally, that means roughly 5 million are infected at any given time…and that over 300,000 of those are iPhones. That number seems quite high relative to what we know about iOS security.

Update (2021-07-06): See also: Accidental Tech Podcast.

Ring and the App Store Strategy Tax

Dieter Bohn:

Here is an amazing web page that exists because of and is entirely designed to deal with Apple’s App Store rules. It’s the page the Ring iPhone app takes you to when your subscription to view old footage has expired. Click it, what do you notice?

There are no subscribe buttons. There are no subscribe links.

Apple doesn’t allow apps to indicate to users that there may be ways to pay for things outside the Apple Payment system. Even links to web pages that apps host themselves are apparently reviewed

In fact, there are no links whatsoever that will take you directly to subscription options or even Ring’s homepage, nor is there any text on the page even describing how to do it. The only interactions are watching a video or talking to a chatbot.

[…]

Similarly, the chat bot requires a few extra interactions before you get to a subscribe page.

The user experience is better on Android.

See also: Netflix.

Wednesday, June 23, 2021

Xcode 13 Column Breakpoints

Keith Harrison:

Command-clicking on the symbol shows the code actions menu where you can set a column breakpoint[…] Xcode shows the breakpoint as a small carat at the column in the source code[…]

[…]

In the WWDC 2021 video on breakpoints they show an example of column breakpoints working with a complex set of Swift closures. When Xcode hits the breakpoint it allows you to inspect the anonymous parameter of the closure ($0).

This looks great. I hope they can get it working as shown in the video.

Password Reset iCloud Account Vulnerability

Laxman Muthiyah (Hacker News):

Therefore, the attacker would require 28K IP addresses to send up to 1 million requests to successfully verify the 6 digit code.

28k IP addresses looks easy if you use cloud service providers[…] And it worked!!! 🎉🎉🎉 Now I can change the password of any Apple ID with just their trusted phone number 😇

[…]

As you can see in the email screenshot, [Apple’s] analysis revealed that it only works against iCloud accounts that has not been used in passcode / password protected Apple devices.

I argued that even if the device passcode (4 digit or 6 digit) is asked instead of 6 digit code sent to email, it will still share the same rate limits and would be vulnerable to race condition based brute forcing attacks. We will also be able to discover the passcode of the associated Apple device.

[…]

They concluded that the only way to brute force the passcode is through brute forcing the Apple device which is not possible due to the local system rate limits.

He doesn’t seem to believe that, but I lean towards believing Apple there.

Apple offered him a bug bounty of $18K, which I do agree seems low given the vulnerability that he did demonstrate:

They need not reward the upper cap of the iCloud account takeover ($100k) but it should at least be close to it considering the impact it has created.

After all my hard work and almost a year of waiting, I didn’t get what I deserved because of Apple’s unfair judgement.

Apple seems to be developing a reputation for being slow and stingy in responding to security bounties, which I don’t think is a good sign for the security of its platforms. Do they want to incentivize hackers to do the right thing or not?

Previously:

Update (2021-07-30): See also: Catalin Cimpanu.

Mail App Extensions

Apple:

Meet MailKit: the best way to build amazing experiences on top of Mail. MailKit enables apps to easily and securely interact with the Mail app for macOS. We’ll deep dive into the MailKit API, and show you how to create extensions for composing messages, message actions, secure email, and content blocking.

Joe Rossignol:

In the WWDC session, Apple indicated that older Mail app plug-ins will stop functioning in an unspecified future macOS release.

Plug-ins still work in Monterey, and SpamSieve’s is already in public beta.

Currently, MailKit’s functionality is very limited. Unless it’s expanded in a future version, I think a lot of plug-ins will not be able to make the transition to extensions, a loss to both their users and developers.

For SpamSieve, I’m cautiously optimistic about extensions. In theory, the current Monterey API is sufficient to implement the core SpamSieve functionality, though implementing some of the more advanced features would require API changes (FB9176051, FB9176075, FB9176097). I say, “in theory,” because MailKit in the Monterey developer beta doesn’t work as designed/documented. Extensions are supposed to be able to access the raw data of the message, but currently they receive either incomplete data (FB9175977) or none at all (FB9176011).

This takes me back to why I wrote a Mail plug-in in the first place. I had resisted doing so because I didn’t want to rely on an unsupported private API. But the reason I ended up making a plug-in is that the official API (AppleScript rule actions) was buggy. The private API ended up being more reliable and faster. And I’ve even been able to patch Mail to fix some (FB7035263) but not all (FB7145734) of Mail’s AppleScript bugs and to tweak the interface to make it more readable.

The private API has proven amazingly stable. I’ve always tried to make minimal hooks into Mail, and so the updates needed due to Mail code changes have been minor. The main hurdles have been unrelated to the API itself:

So, while I’m excited to be able to build on a public API, I’m more excited that these other issues could potentially all go away, so that installation could be as simple as checking a box in Mail’s preferences. This could get the user experience back to what it was like before sandboxing.

The main downside of extensions is that, as mentioned, they are limited to only the specific features that Apple has decided to open up. They are paving a naturally worn path, which is great, but they are also prohibiting anyone from walking off of the road. Secondly, since extensions run in an isolated process they are at the mercy of any bugs in Mail itself. Increased security rules out good patches along with bad ones.

My plan for SpamSieve is as follows:

Privacy Implications of Live Photos

Mark Hurst:

When you tap the circle on the bottom of the screen to take the photo, and you hear the artificial “click-shh” shutter sound, Apple stores a three-second video: 1.5 seconds of video before you tapped the button, and 1.5 seconds after you tapped it. That’s video and audio.

[…]

Millions of people around the world are taking videos when they think they’re taking photos. And millions more, posing for the camera, assume they’ll appear in a photo, but they’re actually in a video, including sound, before and after the shutter goes off.

At least you can now use Settings ‣ Camera ‣ Preserve Settings ‣ Live Photo so that it remembers to stay off, but:

Apple’s world-famous UI design team wants to make sure you understand: if you want Live Photos permanently turned OFF, you must have Live Photo set to ON.

He cynically connects this to revenue:

Activating (and automatically re-activating) Live Photos ensures that Apple devices will use the most possible data: videos, after all, take up a lot more space than photos.

And even if someone has turned off iCloud hosting, the extra use of data ensures that Apple will be able to issue that glorious warning message as soon as possible: “Your iPhone is running out of space.” By which Apple means: buy an even bigger overpriced device.

This could also be explained by Apple wanting users to be able to take advantage of a new feature that they may not be aware of. There is certainly some logic to recording the most data possible since otherwise the opportunity will be gone forever, whereas it can always be pruned later. As far as I know, though, Apple does not provide a way for you to see how much extra space is being used by Live Photos, nor a way to remove the video and audio data in bulk.

And there are also privacy implications because Live Photos defaults to on, most users don’t know how to turn it off, and all of this unexpected audio is stored, not end-to-end encrypted, on Apple’s iCloud servers (in iCloud Photo Library or iCloud Backup).

Tuesday, June 22, 2021

Matter’s Smart Home

Dan Moren:

Matter accessories have not yet hit the market, which is why the support Apple is rolling out in the newest versions of most of its operating systems—iOS 15, iPadOS 15, and tvOS 15—is only billed as a “developer preview” targeted at those making smart home apps or accessories.

The arrival of Matter does not signal the demise of HomeKit—in fact, HomeKit will continue to exist as a layer on top of Matter, positioning it as a parallel to existing accessories.

[…]

So if Matter just looks like HomeKit, what’s the real advantage? The main appeal is the interoperability, which should broaden the devices available to HomeKit users.

Previously:

OldOS: iOS 4 Built in SwiftUI

Zane Kleinberg (via Hacker News):

OldOS is a testament to the days of yesteryear, showcasing what iOS once was ten years ago. The ethos of the app is to merge the technologies of today with a pixel-perfect recreation of the user experience of the past. The vast majority of apps in OldOS are fully functional — meaning they seamlessly integrate with the data on your phone to deliver a live, emulator-esque experience. What does this mean? Well, you can play your music in iPod, get directions in Maps, surf the web in Safari, view the current weather in Weather, and much more. By the same token, no shortcuts were taken in fully fleshing out the operating system. You can change your background, adjust settings, search apps, et cetera. There are a few apps still not ready for primetime but don't worry, they're coming soon.

With OldOS, you no longer need to worry about securing a legacy iPhone to experience nostalgia — it's available on your daily driver.

John Gruber:

Once you get past the surface aesthetic differences, it’s also interesting as a way to remember how many little things iOS has added over the years. iOS is so much richer now. You couldn’t do anything in list views back then. E.g., if you wanted to delete a note in Notes, you had to open the note and tap the Trash button. In a view hierarchy, you couldn’t go back just by swiping from the left edge of the display — you had to tap the Back button in the navigation bar at the top of the display.

Testing the Apollo Spacecraft

Ken Shirriff (via Alexis Gallagher):

To test all the components of Apollo, NASA created (and patented) a complex system called Digital Test Command System. The testing control room (pictured below) sent digital commands to the spacecraft, to control and monitor all parts of the spacecraft.

At the spacecraft, racks of test equipment decoded the digital commands and operated components. The Apollo Guidance Computer (AGC, below) needed to be operated remotely, which brings us back to the Computer Buffer Unit. It converted test commands into serial data for the AGC.

[…]

Apollo test hardware had corrosion problems in the Florida humidity. To solve this, they zip-tied a desiccant packet inside. If the humidity sensor turned pink, you needed to replace the packet. The box was pressurized with nitrogen through a valve to keep moisture out.

Previously:

Google Messages Adds End-to-End Encryption

Abner Li (via Hacker News):

Back in November, Google announced that it would start testing end-to-end encryption in Messages for Android. After being limited to the beta channel, E2EE is now rolling out to all stable users.

With end-to-end encryption enabled, Google or other third parties cannot read the contents (text and media) of your RCS chats as it’s in transit between the sender and receiver. Google is using the Signal Protocol and offers a technical paper with more details. 

Google:

Messages also uses this central database to include SMS and RCS messages in Android system backup, so messages can be transferred to a new client or device. Starting from Android version P, the Android system backup is end-to-end encrypted with a secret key derived from the user’s lock screen PIN/pattern/passcode so Google servers can’t access it.

Previously:

Update (2021-06-29): Chaim Gartenberg:

Over the past 15 years, Google has introduced more than a dozen messaging services spanning text, voice, and video calling.

[…]

Here’s a breakdown of Google’s major messaging offerings over the years, with currently active services in bold[…]

Via Nick Heer:

I would love to know the inside story of why there are so many disjointed and failed attempts to launch such a seemingly straightforward platform-level feature.

John Gruber:

My first thought was that this exemplified my argument the other day about Google’s lack of institutional focus. But it sort of works against my argument that Sundar Pichai is shepherding Google in a more focused direction — a bunch of these false steps in messaging were under his leadership.

Update (2021-07-26): Juli Clover:

Verizon today announced that it is planning to adopt Messages by Google as its default messaging service on Android devices, joining AT&T and T-Mobile. That means all three major carriers in the United States will support the RCS standard on Android devices as of 2022.

Monday, June 21, 2021

Amazon Appstore Lowers Fees

Elias Saba (via Hacker News):

The Amazon Appstore has announced that it will be reducing its cut of developer revenue from 30% to 20% for developers that earn less than $1 million in revenue per year. The new terms, which Amazon is calling the Amazon Appstore Small Business Accelerator Program, will also provide developers with AWS promotional credit in an amount equivalent to 10 percent of the developer’s revenue if they earn less than $1 million in revenue per year. If a developer chooses to use those AWS credits, that brings their total Amazon Appstore revenue share up from 70% to an equivalent of 90%.

Previously:

altool Update and notarytool

Rosyna Keller:

So here’s a thread of some new stuff in Xcode 12.5’s altool 4.047.1207[…]

[…]

For any altool invocation that accepts -p @keychain, you can now use --keychain <path to keychain.keychain-db> to specify the keychain db to store to or retrieve from.

[…]

If you’re cursed with DSL or another type of connection that doesn’t let you do ANYTHING if you saturate an upload connection, there’s a new --throttle <Kbps> option that lets you set a max Kbps value, as an integer.

I can’t remember if this is very new, but there’s a new --show-progress option that shows progress during altool operations and doesn’t require you to use --verbose.

Apple:

Notarization works in tandem with macOS to help people safely download software for their Mac outside of the App Store. Discover how notarytool can help you quickly and easily notarize your Mac app for distribution. We’ll show you how you can now notarize your apps with just a single command, and how to bring notarization into your continuous integration workflows.

Rosyna Keller:

altool is effectively deprecated for notarization (but not for the App Store!). The new normal is notarytool and the docs have been updated to discuss notarytool.

notarytool includes such neat features as a wait/--wait [sub]command that replaces manually manual polling in altool. When enabled, notarytool only returns on error, or if the submission has been fully processed and it reaches a final state (Accepted, Invalid, et cetera)

[…]

Unlike altool, notarytool has zero external dependencies other than a base macOS install. You can even grab the Xcode 13 Command Line Tools installer, extract notarytool, and run it on any Mac running macOS 10.15.7 or later, without installing full Xcode.

The fact notarytool, like stapler, is a standalone binary means you can put it on a server without having to install Xcode to use it.

[…]

The notice of altool deprecation and the altool-specific docs are now on their own page.

Rosyna Keller:

It supports webhooks too (--webhook <callback url>) but the process for that hasn’t been fully documented yet. There’s just a small aside in the new notarization documentation that it’s a valid option. So if you don’t want to use wait, you can be asynchronously notified.

I’m still seeing lots of cases where altool gets stuck, and the upload never finishes. It eventually logs an error and exits, but the process reports success, which confuses my build script. Then I can’t try it again without doing a new build because it thinks an upload is already in progress. Hopefully notarytool will work better.

Previously:

Update (2021-07-02): Howard Oakley:

She also said that the Notary service has been streamlined, and now has a dedicated backend which should be both more reliable and faster. Performance targets are for notarization to be completed within 15 minutes for 98% of submissions, and most to be finished in less than 5 minutes.

The main issue I have is that uploading fails so frequently that it often takes me multiple tries and over an hour to submit a build. Only then does the 5–15 minutes start counting.

Update (2021-07-06): Armin Briegel:

When Apple introduced notarization with Catalina, I published a post describing how to notarize a command line tool. At WWDC this year, Apple introduced updates to this process with Xcode 13 (currently in beta). Most importantly, there is a new command line tool called notarytool.

I have been seeing better reliability with altool since switching the transport from DAV to HTTPS.

Update (2021-07-26): Sasmito Adibowo:

Now it’s time to look at all those developer tools Apple delivered and see how it can improve our work as software engineers.

Reimplementing Security Code AutoFill

Tyler Hall:

I’m very, very close to writing a KeyboardMaestro macro to grab the latest 2FA code from Messages.app to work around this.

Tyler Hall:

Here’s what ended up working.

Click the menubar’s clock to activate Notification Center.

[…]

Take a screenshot.

[…]

OCR the text contained in that cropped image, which should hopefully contain our two-factor code.

[…]

Extract the code using a shell script.

[…]

Type the code into the current app (probably your non-Safari browser).

Previously:

Update (2021-06-29): Keyboard Maestro:

Nice macro. FYI, I can crop from the right side using the SCREEN function. Or OCR directly from the cropped area using the Area option and the IMAGE contextual function, or combine both directly.

Update (2021-12-20): Tyler Hall:

To my surprise, very nice reader azorpheunt provided a real solution in the comment section earlier today.

Their solution is to grab the most recent text from Messages.app’s actual SQLite database and parse the token from that. Not only is this way, way faster - it’s much more error-proof as well.

How to “Select All” in Mobile Safari

Nelson Aguilar (via John Gordon):

It should be simple to select and copy all text on a webpage in Safari, but it won’t work as it does in other apps. Usually, you can press-and-hold down anywhere on a page and choose “Select All” from the edit menu, but that functionality is disabled in Safari and WebKit-based browsers by default — including in the latest iOS 14 version. Luckily, there is a workaround to getting a “Select All” button back.

[…]

You can get the Force Select All shortcut for free from RoutineHub, which is your best option since it will always have the most up-to-date version, but you can also grab it directly from the link below.

Friday, June 18, 2021

Chuq on the Apple Ecosystem

Chuq Von Rospach (tweet):

Apple giving a basic app away for free inhibits other developers from tackling that idea, and limits their ability to make enough money to warrant doing the hard investment in doing a real killer version of an app of that type. I do wish Apple would choose to either commit hard to an app and make it best of show, or kill the app and open the market to other companies. Instead, they do a middle policy of doing minimal work on an adequate app, making it harder for non-Apple apps to thrive, but not really serving the needs of the users very well, either.

[…]

Apple, I think, has too many things they’ve built and committed to market and not enough resources committed to properly maintain and push them forward.

[…]

A side aspect of this “benign neglect?” thing I see is that software quality at Apple, which for years was rock solid, has become more hit and miss.

[…]

[Podcasts is] example of a bad trend I see out of Apple, a refusal to embrace and compete in existing market areas, but instead trying to use their existing ecosystem to force people into exclusive relationships with Apple.

[…]

At Palm I was involved in the launch of the app store and the developer programs, and I really came to learn and love the challenges of that role. I also really came to believe -- and argue for -- strong support for the independent developers, not just for the big development houses, because I believe that’s where the new developers mature out of that go on to big things, and that’s where the true innovation on a platform happens.

[…]

Apple has never been that interested or great at relationships with developers, and I say that with great respect for many members of Apple’s DTS/Devrel teams, some of whom are friends and who have spent years fighting the good fight internally as well.

It’s gotten worse over the years, and while I will cut Apple some slack -- I don’t think people remotely understand the complexity and difficulty of doing things at the scale Apple has to do them -- but where Apple has over the years had opportunities to improve things for developers and make these platforms more appealing, they have consistently chosen to not take those opportunities.

[…]

App Review is far too often inconsistent, arbitrary and leaning into hostile and abusive.

[…]

But if Apple were to ask my opinion, which it won’t, I’d suggest starting with asking itself why it decided words like “arrogance” and “entitlement” were the defining points of their policies, and figure out how to replace “how little can we do to stop the bleeding” with “what should we do to fix this?”

Marco Arment:

Nails the problem Apple has with developer relations, from someone with very relevant experience.

Rich Siegel:

I loved this post. Friends of mine have heard me say that when Apple was hungry they were easier to work with. Some day they’ll be hungry again, but people have long memories.

Ken Kocienda:

Here’s an even better reason to generate goodwill: it’s the right thing to do. The world is a better place when everyone tries to help each other, and a worse place when everyone tries stick it to each other because they believe they can get away with it.

Previously:

Why Doesn’t iCloud Warn Before Deleting Backups?

Erin Sparling:

Every drawing that I’ve ever done on my iPad is now lost, because I chose to use the iCloud backup service as a backup service.

[…]

But even though everything worked as expected, my decade of work is unrecoverable, because @Apple does not proactively notify their customers of pending backup deletions. I would have gladly bought an iPad last fall had I known the choice was “keep using this or we erase it all”

Or I could have done a local backup before erasing my device, had I known that iCloud Backup should have an asterisk next to the name.

Or I could’ve exported all of the files. Or printed them. Or uploaded them to Dropbox or Backblaze… or even Flickr!

He had erased “the iPad and give it to a family member so that they can teach during a pandemic” and planned to restore from iCloud Backup later, unaware that iCloud deletes backups after 6 months, without telling you that it’s going to do this, and even if your account isn’t full.

Previously:

Playing Lossless Audio on Macs

Kirk McElhearn:

I haven’t written much about Apple’s new foray into lossless, high-resolution, and Dolby Atmos music. I’ve written about high-resolution music plenty over the years, and it’s clear that, for the vast majority of listeners, it’s just marketing and won’t make a difference.

But Apple has added music formats that can’t even be played back on Macs, without changing a hidden setting.

[…]

The Music app doesn’t cause this to change automatically, so you’ll need to change it. And while you can probably leave it set to 96,000 Hz all the time, this could cause problems if you’re playing back music at other sample rates.

Previously:

AppShopper Shutting Down

Marianne Schultz:

We’ve had a great run, getting our legs under us a few months after the launch of Apple’s App Store in 2008 but it’s not feasible to keep the site up anymore. The largest factor was Apple’s decision to remove apps from its affiliate program back in 2018, which eliminated the largest source of revenue for AppShopper. Additionally, the App Store has changed dramatically over the years, with many developers moving to a free-to-download model and adding in-app purchases, decreasing the need to wait for a price drop in order to try an app, one of AppShopper’s key features.

Previously:

Thursday, June 17, 2021

macOS 12: Localized Keyboard Shortcuts

Thomas Clement:

If you are using a non-US keyboard, prepare yourself to relearn a number of keyboard shortcuts in Monterey as the OS now translates shortcuts to the position of the key on the keyboard rather than the actual shortcut key.

Some seem uncomfortable with the idea but it actually fixes a number of shortcuts that were picked only because they work nicely on a US keyboard layout but are not so great or even terrible on other layouts. But yes this is going to be confusing and disrupting for awhile.

Actually some of the key translations do not preserve the position on the keyboard and pick some other keys. For example ‘cmd ;’ translates to ‘cmd )’ for me which are different keys on the keyboard. I’m not sure what the logic is.

Most disturbing thing is it translates ‘cmd 0’, ‘cmd 1’ and ‘cmd 2’ to ‘cmd À’, ‘cmd &’ and ‘cmd É’.

These are the same hardware keys but without having to hold shift which is ok but this also breaks using the numeric keypad.

Peter Kamb:

I guess that is discussed at 5:23 in “What’s new in AppKit”, although I didn’t realize until right now that it would mess with my Dvorak standard shortcuts.

Thomas N:

Dvorak should not be impacted, nor ⌘C. The localization is about previously unreachable shortcuts like ⌘[ in French :)

Previously:

Safari 15 Announced

Tim Hardwick:

In addition, a new tab design on macOS puts your active tabs front and center, allowing you to see more of the page as you scroll. At the same time, the new tab bar takes on the color of the webpage and combines tabs, the tool bar, and the search field into a single compact appearance.

On iPad, the new tabs design and tab groups work just like on Mac, with instant syncing across devices. On iPhone, the new tab bar appears at the bottom under your thumb with a tap, and it’s possible to swipe between them, or swipe up into a grid view.

Stephen Hackett:

To further minimize Safari’s UI, the tab bar and address field have been collapsed into one new user interface. When a tab is active, it expands into a full address field. Taken all together, Safari looks radically different than before[…]

I think I like the changes for iPhone. The controls are easier to reach at the bottom of the screen, and it’s quicker to switch between tabs.

For Mac, the new design makes no sense to me, and I’ll likely switch to Chrome if it can’t be disabled:

The purported benefit of all this is that you get slightly more vertical space to devote to the page content. I don’t think it’s worth the tradeoffs. If I wanted to save vertical space I would put the tabs in the sidebar (like in Edge), which would also make it easier to see their titles when there are lots of them.

Upgrade:

Jason isn’t mad at Safari, just disappointed.

Steven Shen:

New #Safari tab design on #iPadOS15 (9.7-inch, 50-50 Split View) is completely unusable.

Jen Simmons and Jon Davis:

There’s a lot of news coming out of WWDC21 about WebKit and the web technology that’s shipping in Safari 15 on Apple’s platforms. Many of the new features were announced on Monday, at this year’s WWDC21 Keynote, and listed in the Safari 15 Beta Release Notes. But that’s not all, and we’re excited to share it with you.

Filipe Espósito (Hacker News):

Web browser extensions are used to add more features to a browser, with things like ad blockers, VPNs, password managers, and much more. Previously restricted to Safari on the Mac, web browser extensions are now coming to Safari on the iPhone and iPad with iOS 15.

Developers will now be able to create universal extensions that work on Mac, iPhone, and iPad with the new software available later this year.

Sami Fathi:

On iOS 15, iPadOS 15, and macOS Monterey, Safari will automatically upgrade web connections for sites to the HTTPS protocol, in the case they’re loaded in HTTP.

Saagar Jha:

Quiz: one of these windows is in Private Browsing, and one isn’t. Which one is which?

Jeff Nadeau:

Cmd-Shift-Up/Down move through tab groups, and Left/Right moves between tabs. This lets you navigate through tabs and groups like they’re a 2D matrix.

Alexander Käßner:

You can use (at least) one of these ways to colorize the Safari 15 toolbar:

apply a "background-color" to <body>

or:

<meta name="theme-color" content="#000">

See also: Chris Hannah.

Kevin Gutowski:

Y’all see the new default html form controls in Safari???!? Woah 🤯

Juli Clover:

The current Safari Technology Preview release is built on the new Safari 15 update included in macOS Monterey, and as such, it includes several Safari 15 features. There’s a new streamlined tab bar with support for Tab Groups to organize tabs, along with improved support for Safari Web Extensions.

Previously:

Update (2021-06-17): Zhuowei Zhang:

To get the old tab bar on Safari for macOS 12, create /Library/Preferences/FeatureFlags/Domain/Safari.plist and reboot.

Update (2021-06-18): Michele Galvagno:

Not mentioning the full content leaking opaque under the address bar while scrolling… 🤦‍♂️

Nick Heer:

Over the past several releases of MacOS and iOS, Apple has experimented with hiding controls until users hover their cursor overtop, click, tap, or swipe. I see it as an extension of what Maciej Cegłowski memorably called “chickenshit minimalism”. He defined it as “the illusion of simplicity backed by megabytes of cruft”; I see parallels in a “junk drawer” approach that prioritizes the appearance of simplicity over functional clarity. It allows UI designers to avoid making choices about interface hierarchy by burying everything but the most critical elements behind vague controls.

Riccardo Mori:

The utter user-interface butchery happening to Safari on the Mac is once again the work of people who put iOS first. People who by now think in iOS terms. People who view the venerable Mac OS user interface as an older person whose traits must be experimented upon, plastic surgery after plastic surgery, until this person looks younger. Unfortunately the effect is more like this person ends up looking… weird.

[…]

The point I’m making with all this pixel peeping is that these are negligible measurements. Getting rid of the Tab bar with the excuse that you’re saving space is the stinkiest bullshit I’ve ever smelt in a while. 28 pixels for any of the current Mac displays is nothing.

[…]

This way of browsing is not a problem in search of a solution, Apple. You have so many more UI issues to fix, instead you add some more by ‘revolutionising’ Safari.

Mark Gurman:

People will be a bit confused by the moved URL bar. Managing tabs is far more confusing and slower to reach. Opening a private window is slower too. Worst of all is that sharing websites is hidden behind an extra menu. They need to roll back some of it.

Mike Rockwell:

I’m reserving judgement on the new design for now, but the radical changes coming in Safari 15 brings the sorry state of third-party browser support on iPhone and iPad to the fore. If the changes to the overall design make Safari miserable to use for you, you’re basically stuck. […] Safari is the only game in town because Apple is unwilling to give developers the freedom to build apps that can actually compete.

Previously:

Update (2021-06-29): Matt Birchler:

I think the biggest cost for me in my usage is that tabs seem to take up more space than before, but somehow also seem like they give me less information.

[…]

But moving all of these controls under a menu means I have a harder time accessing them.

[…]

What makes this more inconvenient is that since the “more” button is attached to each tab, it means these controls are constantly moving around the interface, so it’s hard to develop muscle memory for accessing them.

Federico Viticci:

This is also a good one: try to open Safari Reader options in iOS 15.

In iOS 14 (left) there’s a button for Reader, which also works for options. Easy.

iOS 15: long-press More to enable Reader (no more aA button). To find options, you have to scroll this entire menu. 😔

Jesper:

It’s like a desire to pick a controversial decision and, by sheer force of leaning into it hard enough, somehow make it palatable and right and true, without ever needing to tackle or confront the legitimate criticisms.

Nick Heer:

Inconsistencies at big companies are to be expected. But it is fairly shocking to see, in a WWDC session, such a blatant dismissal of the visual interface trends creeping throughout Apple’s operating systems and applications. The teams that work on Safari, Music, and Notification Centre should talk to Jiabao when they get the chance.

Niki Tonsky:

New Safari UI is so NOISY when switching between tabs. Lots of unnecessary animations.

Back/forward buttons now OUTSIDE current tab, feels illogical.

How to rearrange tabs? (dragging a tab drags the whole window)

How to control CURRENT tab? Tab controls disappear when selected

Chance Miller:

The workaround for bringing back the old Safari tab bar design no longer works [in Monterey beta 2]

Update (2021-07-02): John Gruber:

I think the new Safari interface is a noble experiment — intriguing ideas that were worth trying out. But I don’t know anyone who thinks, in practice, that they’re not a huge regression in usability. I’d love it if Apple just went back to the previous Safari interface for tabs and browser chrome. It’s crazy to me that even the Share button is now an extra click or tap away. If Apple ships this design for the Mac it’s going to push a lot of current Safari users to Chrome or other Chromium-based browsers.

Update (2021-07-03): John Gruber (tweet):

All the other [iOS Safari] controls are inside the “···” popover menu.

The old design has no “···” menu because it doesn’t need one. It has an “aA” button at the top which can be long-pressed to toggle Reader Mode and when tapped shows a popover menu of site-specific viewing options. At the bottom it has one-tap buttons for Share and Bookmarks. I use the Share and Bookmarks buttons all the time on my iPhone.

The system-wide standard iOS/iPadOS Share popover menu is one of the best UIs Apple has come up with in the last decade. It is extremely useful, very well supported by both first- and third-party apps, and extraordinarily consistent across the entire system. […]

I also think the “aA” button is a much better idea than putting all the options previously contained therein in the catch-all “···” menu. Long-pressing “aA” to toggle Reader Mode feels intuitive; long-pressing “···” to toggle Reader Mode feels like they just didn’t know where else to put it. […]

Bookmarks are almost completely lost in the new design, and unless I’m missing something, there’s no longer any way to run bookmarklets.

[…]

One can only presume that Apple’s HI team thinks they’re reducing needless “clutter”, but what they’re doing is systematically removing the coherence between what apps look like and the functionality they offer.

Juli Clover:

This is a really good overview of the problems with Safari in iOS 15 and macOS Monterey. I absolutely hate the Safari changes and I hope Apple tweaks things before these updates see a public launch.

Lalit Bar notes that, with the current Safari Technology Preview, you can actually drag the window by clicking on a tab. This is possible because it requires a long click to rearrange or extract tabs. This addresses my objection about not having enough safe empty space for window dragging, though:

It’s extremely off-putting and norm-breaking. I absolutely hate this.

Update (2021-07-06): Accidental Tech Podcast.

Update (2021-07-13): Jeff Perry:

Apple has moved the tab bar (or address bar as many call it) from the top of the screen to the bottom. This is obviously meant to make it more usable for bigger phones. As an iPhone 12 Pro Max user, this is a welcome change, but the problem is how this new bar behaves.

[…]

It is almost impossible to use the bottom buttons on the website when the floating bar is active, making it incredibly frustrating as a user.

[…]

The new design also entirely ruins all muscle memory we have with Safari. We no longer can go by memory on where the Share button, reload button, or back buttons are.

Five Antitrust Bills

Cecilia Kang (via Nick Heer):

House lawmakers on Friday introduced sweeping antitrust legislation aimed at restraining the power of Big Tech and staving off corporate consolidation. If passed, the bills would be the most ambitious update to monopoly laws in decades.

The bills — five in total — take direct aim at Amazon, Apple, Facebook and Google and their grip on online commerce, information and entertainment. The proposals would make it easier to break up businesses that used their dominance in one area to get a stronghold in another, would create new hurdles for acquisitions of nascent rivals and would empower regulators with more funds to police companies.

Ben Thompson:

This bill, sponsored by Cicilline (D-RI) and co-sponsored by Lance Gooden (R-TX), bans covered platforms from giving an advantage to their own products, services, and lines of business over competitors; disadvantaging competing products, services, and lines of business; or discriminating between similarly situated business users.

[…]

  • Forbids the platform from restricting the right of third-party businesses to use their own data generated on the platform
  • Requires platform owners to allow users to uninstall pre-installed applications and change defaults
  • Bans anti-steering provisions (i.e. Spotify being able to tell iOS users to subscribe online or link to the web)
  • Restricts the platform owner from treating the platform’s own products differently in search or rankings

Rebecca Kern:

Cicilline told reporters Wednesday that a proposal prohibiting tech platforms from giving an advantage to their own products over those of competitors would mean Apple can’t ship devices with pre-installed apps on its iOS operating platform.

Via Nick Heer:

I would love to know what Cicilline believes an empty shell of an operating system looks like.

[…]

And what is the goal here? I agree in theory with limiting a platform owner’s ability to use that unique power and privilege to stifle competition. But if a user has to configure everything about their system manually, well that just sounds horrible.

Previously:

Update (2021-06-18): Nick Heer:

Rich Luchette, a senior adviser to Cicilline, tweeted a clarification:

Just to correct the record, this is not what Cicilline said. iPhones can be shipped with pre-installed apps, but Apple could not stop someone from un-installing or changing their default settings under the non-discrimination bill.

In another example of Bloomberg’s stellar reporting, Kern has updated this article to reflect this understanding. However, in Benedict Evans’ analysis, the actual text of the bill more closely reflects the initial report.

Update (2021-07-02): John Gruber:

I don’t think it’s any exaggeration to say that the Jayapal bill would profoundly change Apple and all of Apple’s products, platforms, and above all, services — in ways that ultimately would be ruinous for the company as we know it. It’s a “throw the baby out with the bathwater” bill that betrays a profound misunderstanding of how platforms evolve. Even if it is just an anchoring strategy to make Cicilline’s own bill look moderate in comparison, Apple should be extremely concerned that Jayapal’s bill is even on the table.

David Heinemeier Hansson:

I had actually put off reading the bills directly for several days, because I feared the usual disappointment. That these bills were going to be timid, around-the-edges, squint-to-see-silverlining type of deals. I shouldn’t have. These bills are bold. Really bold.

Wednesday, June 16, 2021

Tightening the Mac App Store Screws Again

Timo Perfitt:

caching server utility is henceforth REJECTED from the app store. calling an apple command line tool to call another apple tool via XPC is FORBIDDEN and just because we have a TEMPORARY EXCEPTION it does not it should be USED.

i should appeal. i literally have no idea when temp exceptions are appropriate. is it when app wants to show preferential treatment to a specific developer?

[…]

i call an apple tool as a normal user and get back json about caching servers on the network. i then format the data and display it to make it a useful IT tool. NOT ALLOWED.

I can see where Apple’s coming from because it probably didn’t intend this XPC interface to be public API. But it would be nice to have a clearer policy of when you can use the com.apple.security.temporary-exception.mach-lookup.global-name entitlement and when you can’t. There are definitely apps in the store that use it (including Microsoft Word). This particular use seems harmless, and the app sounds useful.

Maxwell Swadling:

Unfortunately Apple is no longer accepting updates to Max Inspect, my app for inspecting entitlements, signing, etc. of Mac apps all in one place.

Max Inspect also uses that entitlement and has been in the Mac App Store since 2018. Now it can no longer be updated due to an unannounced change to an unwritten rule. As far as I know, there is no other API for checking an app’s notarization status. (Apparency uses it, too.)

Remember when Phil Schiller suggested that the Mac App Store should be the “go-to place” for developer tools? That can’t happen if the existing tools get kicked out.

Previously:

macOS 12 Removes PHP

Developer Tools Engineer:

PHP has been removed in macOS Monterey.

Perl, Python 2, and Ruby are still there. Python 3 is only available if you install Xcode. Emacs was removed a release or two ago.

Previously:

Update (2021-06-16): Tcl also remains.

Update (2021-06-18): See also: Hacker News.

Stripe Tax

Stripe (tweet, Hacker News):

Stripe Tax lets you calculate and collect sales tax, VAT, and GST with one line of code or the click of a button. Know where to register, automatically collect the right amount of tax, and access the reports you need to file returns.

Internet businesses are required to collect taxes in over 130 countries and in most US states. Staying compliant can be challenging, especially as your business scales. Tax rules and rates change constantly and vary based on what and where you sell. If you ignore these complexities, you risk paying penalties and interest on top of uncollected taxes.

We built Stripe Tax to simplify tax compliance, so you can focus on growing your business.

They only charge 0.5%, but the catch seems to be that you still have to actually send the money to each jurisdiction multiple times per year. Apple, Paddle, and FastSpring will handle that for you.

See also: The untold story of Stripe (via Hacker News).

Previously:

iMessage State Not Syncing

Philipp Defner:

After waking up the computer, messages from hours ago stay unread until I click on each conversation to make the badge go away. Restarting Messages.app doesn’t fix that. Clicking on a conversation sometimes replays the messages with a “new message arrived” notification sound for each message.

iMessage stopped syncing my conversations’ unread status around the time I updated to Catalina. So I have to view each conversation on each device to clear the notification number.

Tuesday, June 15, 2021

Automattic Acquires Day One

Eli Budelli (MacRumors, Hacker News):

We’re excited to welcome Day One to the Automattic team. Day One is a private journaling app that makes writing for yourself a simple pleasure. A beautifully designed user experience has earned the app prestigious awards including App Store Editor’s Choice, App of the Year, and the Apple Design Award, along with high praise from The New York Times, The Washington Post, Time, Wired, and more.

Paul Mayne:

By joining Automattic, I’m now more confident than ever that the preservation and longevity of Day One is sure. This acquisition will provide Day One access to the same technological, financial, and security benefits that WordPress.com, Tumblr, and other Automattic entities enjoy.

[…]

I’ll be remaining at the helm of Day One, leading the same passionate team that has been responsible for the development and design behind the app today.

Matt Mullenweg:

For many years I’ve talked to anyone who will listen about my vision of making Automattic the Berkshire Hathaway of the internet, and Paul’s decision to continue to grow his amazing business as part of Automattic is a great validation of the way we’ve been building our culture and long-term orientation in our business.

Safari IndexedDB Bug

Feross (Hacker News):

Ran into a spectacularly awful Safari bug in the latest Safari (14.1.1 on macOS and iOS 14.6).

Opening an IndexedDB database fails 100% of the time on the first try. 😩

This was apparently introduced about three weeks ago in iOS 14.6 and macOS 11.4 and has been fixed in the current preview version of Safari.

Previously:

Modifying NSTextLists in Code

Martin Pilkington:

By setting these NSTextLists, you can give NSTextView enough information to let users make changes to the list through regular text editing. However, NSTextView will not actually respond to any changes you make in code (for example, adding a list). That requires a LOT more work…

Sony v. Cox

Mitch Stoltz and Lara Ellenberg:

In going after internet service providers (ISPs) for the actions of just a few of their users, Sony Music, other major record labels, and music publishing companies have found a way to cut people off of the internet based on mere accusations of copyright infringement. When these music companies sued Cox Communications, an ISP, the court got the law wrong. It effectively decided that the only way for an ISP to avoid being liable for infringement by its users is to terminate a household or business’s account after a small number of accusations—perhaps only two. The court also allowed a damages formula that can lead to nearly unlimited damages, with no relationship to any actual harm suffered. If not overturned, this decision will lead to an untold number of people losing vital internet access as ISPs start to cut off more and more customers to avoid massive damages.

Be careful if anyone on your network is running a file server or downloading/uploading copyrighted content using BitTorrent.

iOS 15: On-Device Siri

Christian Zibreg:

By running speech recognition directly on the device rather than continuing to rely on the cloud for speech-to-text processing, Siri now runs much faster simply because you don’t have to wait for it to finish talking to the cloud just so she could understand what you’re saying.

Now Apple’s digital assistant is much snappier for requests that don’t require online sources! Also, Siri on iOS 15 and iPadOS 15 takes advance of on-device personalization, which lets its speech-recognition engine and understanding improve as you use your device.

[…]

With Siri’s speech-recognition engine processing the audio of your request without uploading it to Apple’s servers, your privacy actually increases when using offline Siri.

Finally we get back offline voice control, which—since Siri was added in 2011—has only worked when Siri was disabled. Aside from improving performance and reliability, this should also reduce cellular data usage. Unfortunately, one of the main things I do with Siri is make reminders, and despite seemingly not requiring any Internet data lookup, that is apparently not one of the features available for offline use.

Mitchell Clark:

Apple processing Siri requests on-device should help its users be more confident about the privacy of their data: back in 2019, we learned that contractors were listening to some Siri requests, something that wouldn’t happen if those requests were being handled by your phone alone. While Apple eventually tried to make that situation right by being more transparent and making Siri recordings opt-in, handling more Siri requests on the phone is a good way to make the service a little more trustworthy.

Previously:

Monday, June 14, 2021

Concurrency in Swift 5 and 6: Data Races

Douglas Gregor:

An explicit goal of the concurrency effort for Swift 6 is to make safe-by-default also extend to data races. The type system and language model work together, through features like actors, Sendable, and global actors, to eliminate data races.

However, there is a lot of Swift code out there that was developed without the Swift concurrency model. Some portion of that code is going to have to change to fit within the constraints of Swift’s concurrency model, but it’s not going to be rewritten in a month or even a year. We need to consider what it’s going to look like to migrate the Swift ecosystem to Swift 6, and expect that this process will take years.

[…]

To enable the incremental rollout of Swift 6’s safe-by-default for data races, we’ll allow the use of concurrency features in Swift 5 with a “relaxed” enforcement model that allows incremental adoption[…]

See also: Swift by Sundell.

Previously:

Swift Overloads That Differ Only in Async

Gwendal Roué:

I wish users could use the same method names in both synchronous and asynchronous contexts.

[…]

But I face “Invalid redeclaration” compiler errors, as expected according to the proposal.

[…]

Should I rename my async variants with some funny name? await asyncRead()? But the proposal itself wants to avoid C#’s pervasive Async suffix.

[…]

[The] new Core Data apis described in the WWDC21 conference Bring Core Data concurrency to Swift and SwiftUI face the same problem. They worked around the overload error by defining async methods with a different signature[…]

He found a workaround using the non-public @_disfavoredOverload attribute.

Ben Trumbull:

Methods in the same module cannot overload only on async-ness, but methods bridged from ObjC or in a different Swift module may.

Previously:

Reporting App Store Scams

Tim Hardwick (Hacker News):

Apple has used its app review process as a bulwark in recent legal assaults on its App Store policy, and put particular emphasis on the security benefits for iOS users when buying apps. However, an investigation has found that almost 2% of the top 1,000 highest grossing apps on a given day were some sort of scam.

According to The Washington Post, which conducted the investigation, scam apps have been “hiding in plain sight” in Apple’s App Store, including several VPN apps that duped users into paying for software they didn’t need, a QR code reader that asked users for a $5 weekly subscription for a feature that’s already built into Apple’s native Camera app, and some apps that fraudulently appropriated the branding of Amazon and Samsung.

It would be interesting to know how that compares with the Google Play Store. Given that most of the revenue comes from a small fraction of the apps, you’d think that the highest grossing ones could be especially well vetted. Instead, as Kosta Eleftheriou has reported, looking at the top charts seems to be a good way of finding scams.

Apple (Reddit):

In addition, two updates have been made to the App Review contact form. If you appeal an app rejection, you can now specify if you believe your app was rejected due to unfair treatment (including political or other bias). And you can now report an app if you believe it presents a trust or safety concern, or is in violation of the App Store Review Guidelines.

Francisco Tolmasky:

Imagine if a city that bragged about having the best police force on Earth waited 14 years before begrudgingly agreeing to set up a 911 line so that citizens could actually call the police

Tanner Bennett:

Users still cannot report apps though. Gotta cough up $100 to contact the app review team here.

Francisco Tolmasky:

Does this make Apple the first company to implement a reverse bug bounty, where you have to PAY to report vulnerabilities?

Previously:

Amazon Ships $7,000 Empty Camera Box

Jaron Schneider (via Hacker News):

A photography duo from Alamosa, Colorado recently ordered a Sony Alpha 1 camera from Amazon as an investment in their business in a transaction that they report cost them more than $7,000. But instead of receiving the new camera, the two only found empty boxes.

[…]

Worse, Chiles found that Amazon insisted that the package had been properly delivered, verified, and refused to issue him a refund. When speaking to an Amazon representative, his problems were dismissed.

[…]

Chiles says that he and his wife have proof that the package was not correctly delivered, as the UPS tracking label lists the weight of the box as just two pounds. The Sony Alpha 1 box weighs 3.22 pounds according to official listings[…]

Apparently, this was shipped directly from Amazon, not a Marketplace seller.

ageitgey:

My recommendation is to skip Amazon for anything expensive or at high risk of shipper theft/fraud. Your customer experience will not be the same as when they lose a $10 package. They will treat you like a criminal no matter what your past history with Amazon is.

sbarre:

As others have also said, doing a chargeback risks Amazon closing your account permanently.

So if you’re prepared to take that risk and never buy from Amazon again, sure.. go for it..

But given the centralization of vendors this can have bigger downsides than upside.

Previously:

Friday, June 11, 2021

Removing the Manual Boost

Keith Collins, in 2019:

But as Apple has become one of the largest competitors on a platform that it controls, suspicions that the company has been tipping the scales in its own favor are at the heart of antitrust complaints in the United States, Europe and Russia.

Apple’s apps have ranked first recently for at least 700 search terms in the store, according to a New York Times analysis of six years of search results compiled by Sensor Tower, an app analytics firm. Some searches produced as many as 14 Apple apps before showing results from rivals, the analysis showed. (Though competitors could pay Apple to place ads above the Apple results.)

[…]

Spotify complained to European regulators in March that Apple was abusing its role as the gatekeeper of the App Store. By April, all but two of Apple’s apps disappeared from the top results for “music.”

An Apple spokeswoman said the company could not verify the data because it did not keep a record of historical search results.

Just like it has never tried to calculate whether the App Store is profitable. Phil Schiller and Eddy Cue said that Apple wasn’t putting its thumb on the scale. Rather, “the algorithm had been working properly. They simply decided to handicap themselves to help other developers.”

However, the Epic trial has revealed an e-mail from Tim Sweeney reporting that Apple’s then-new Files app was ranking ahead of Dropbox when searching for “Dropbox.” In the replies from Apple employees, we learn from Debankur Naskar, the lead for “SEO experiences in the App Store”:

I think the Files app was manually boosted on the top for the query “Dropbox” during last WWDC. We are removing the manual boost and the search results should be more relevant now[…]

It would be nice if we could chalk this up to one rogue employee, but the e-mails show that Naskar’s boss, VP Matt Fischer, didn’t admonish him for gaming the search results, but rather for doing so without first getting his approval to do so. It sure doesn’t sound like Apple has ruled out such manipulation.

Somewhere there’s probably a similar e-mail explaining Bing’s recent accidental human error.

Sean Hollister (Slashdot):

Apple tells The Verge that what we think we’re seeing in these emails isn’t quite accurate. While Apple didn’t challenge the idea that Files was unfairly ranked over Dropbox, the company says the reality was a simple mistake: the Files app had a Dropbox integration, so Apple put “Dropbox” into the app’s metadata, and it was automatically ranked higher for “Dropbox” searches as a result.

I’m slightly skeptical of that explanation — partially because it doesn’t line up with what Naskar suggests in the email, partially because Apple also told me it immediately fixed the error (despite it apparently continuing to exist for 11 months, hardly immediate), and partially because the company repeatedly ignored my questions about whether this has ever happened with other apps before.

[…]

Besides, the distinction between a “manual” boost and any other kind of boost may be purely academic. Algorithms are written by people, after all. If Apple can build a 42-factor algorithm that gives its own apps favorable results, why would it need to override that algorithm and risk its emails getting caught up in a lawsuit years from now?

It could just tweak that algorithm at will — which is exactly what it did to resolve the WSJ and NYT’s scrutiny two years ago.

Previously:

Update (2021-06-13): See also: Hacker News.

Fanhouse vs. Apple

Jasmine (via Hacker News):

I cofounded @fanhouseapp 8 months ago to empower creators to monetize their content. We pay creators 90% of earnings. Now, Apple is threatening to remove Fanhouse from the app store unless we give them 30% of creator earnings.

[…]

In writing and over the phone, we explained to Apple that we could pay them 30% of our revenues (from our 10% take rate). It’ll be harder to cover costs and build features as a startup, but at least it’d be coming from us. Apple insisted on taking 30% of creators’ total earnings.

Apple:

If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not use their own mechanisms to unlock content or functionality, such as license keys, augmented reality markers, QR codes, etc. Apps and their metadata may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than in-app purchase.

I don’t like this rule for many reasons, including that it makes certain business models, like selling e-books, impossible because Apple’s 30% would mean losing money on each sale. And it doesn’t seem fair for the hardware platform vendor to get a larger cut than the site/app/content platform that connected the creator and fan and delivered the content.

That said, reading the rule, it seems very clear, and I wondered why Funhouse would go to the effort of developing an app that tries to get away without using In-App Purchase when they’d only be forced to remove it.

That is, I wondered until I saw that Fanhouse’s presumably largest competitor, Patreon, gets to do it.

Jacob Kastrenakes:

Apple allows Patreon to offer third-party payment solutions for creators rather than use in-app purchases, avoiding the fee. Other apps aren’t afforded that privilege. Apple and Patreon did not respond to a request for comment on the arrangement.

Nick Heer:

I tried upgrading one of my subscriptions to a level that had entirely digital perks, and Patreon threw up its own payment form. I tried subscribing to a creator account and once again saw Patreon’s own form, not an in-app purchase dialog.

I don’t understand the distinction between Patreon and other apps that sell content. But, whatever it is, Apple seems to have agreed last year when it approved Fanhouse that it fell into the same category. Now, it’s changing its mind about Fanhouse, but presumably not about Patreon, so it’s even less clear what the rules are:

Why do big corporations that can afford to pay get the biggest breaks?

There’s also the famous rule created for WeChat:

Apple:

(vii) Apps may enable individual users to give a monetary gift to another individual without using in-app purchase, provided that (a) the gift is a completely optional choice by the giver, and (b) 100% of the funds go to the receiver of the gift. However, a gift that is connected to or associated at any point in time with receiving digital content or services must use in-app purchase.

Does the 100% mean they lose money on credit card transactions? And why can you give money to other users and buy them physical goods, or buy ads from the developer of an app, but you aren’t allowed to tip the developer of the app?

Previously:

Update (2021-07-02): Nilay Patel:

Patreon’s Jack Conte tell us that the company doesn’t have a special deal with Apple to avoid App Store fees… but it’s still unclear why Patreon doesn’t have to pay, while others do.

Settlement for AppleCare Privacy Invasion

spencerdailey (via Hacker News):

Back in 2018, I encountered what I’d consider the cardinal sin of opsec by an Apple store employee. He asked me to disable my Mac’s password before I turned it in for a multi-day off-site repair. The casual manner in which he asked me led me to assume this was not the first time he had pushed this question, and that it was a common practice at this store (Barton Creek Mall in south Austin, for those who care).

Apple customers already place a great deal of trust in repair technicians who have the user’s password, but disabling it for logging in means everyone who handles or has physical access to the device could trivially steal data from it or install malware on it. A Mac going offsite gets handled by several intermediaries, not just the technicians.

The only safe option is to make several backups and then erase the device before getting it repaired.

Benjamin Mayo (Hacker News, also: MacRumors):

Apple has settled a case with a 21-year-old student after she sent her iPhone to a repair facility in 2016 only to find that employees had uploaded personal explicit images and videos to her Facebook account from the phone during the repair process.

The student had sent in her iPhone to Apple to get repaired. The invasion of privacy ultimately took place at a repair center in California, run by Pegatron, an Apple contractor. The Telegraph reports Apple paid out millions in settlement compensation.

2016, meaning that this lawsuit was already well underway when Apple’s lobbyist recently argued against independent repair shops on the grounds that its own repair service offered better privacy.

Kevin Purdy:

This kind of arrangement isn’t unusual. In fact, large companies almost always outsource repair and servicing to third parties. But it is also not something they readily acknowledge when they’re arguing against right to repair laws. And for good reason. As it turns out: the incidence of misdeeds by employees at authorized service providers are actually pretty common – and certainly no less common than independent repair shops. In 2019, for example, an Apple Genius Bar employee was caught texting intimate photos of a customer to himself under the guise of helping her with a repair. The same thing happened in 2016 at an Apple Store in Brisbane, Australia.

Also, there is lots of evidence that, far from emphasizing quality of service, OEMs work to spend as little as possible on authorized repair. Note the 2019 ICE raid on a Texas-based Samsung authorized repair provider CVE Technology that discovered undocumented workers performing authorized repair on Samsung devices.

In fact, when asked directly at the 2019 FTC Nix the Fix symposium whether there was any data to support industry’s contention that authorized repair is either higher quality or more secure than independent repair, Walter Alcorn of the Consumer Technology Association (CTA) admitted straight out that there was none.

Previously:

iOS 15 Weather App

Tim Hardwick:

Apple today at WWDC revealed a new iOS weather app with additional features, like full-screen maps and live weather notifications. The new app includes many features similar to Dark Sky, which Apple acquired last year.

[…]

There’s also new animated backgrounds that more accurately reflect the sun’s position and precipitation, and notifications highlight when rain or snow starts and stops.

This looks much improved, though I’m not sure yet whether it will win me over.

Chance Miller:

One of the headlining changes in the iOS 15 Weather app is the interface. It features an all-new design that changes based on the current conditions in your area. For example, if it’s raining outside or there is rain coming soon, the app will adjust its layout to show the hourly forecast, next-hour precipitation, and the radar at the top.

On the other hand, if there’s no rain in your area, the app focuses on the 10-day forecast and current conditions at the top, and pushes other things such as the radar towards the bottom.

I hope it’s not like the Mac Weather widget, where the 5-day forecast—yes, Macs only get half as many days—completely disappears when it’s currently raining.

Sadly, despite the new Weather app being written using the cross-platform SwiftUI, it won’t be coming to iPadOS or macOS this year. The Translate app, introduced in iOS 14, still isn’t available for Mac, either.

Previously:

Update (2021-10-21): Federico Viticci:

The daily forecast at the top of the screen now features a contextual summary of what you should expect for the rest of the day; the 10-day forecast below it is more spaced out and features redesigned weather symbols along with colored bars to indicate low and high temperatures for each day, both of which I like.

Ajaay:

If you’re seeing a bar next to today’s weather colored in yellow, red, blue, or green lines, it essentially tells you the temperature range for the day.

[…]

In case you’re wondering what is the temperature range for a particular day in your region, you need to first understand what range each of the colors indicated inside the Weather app corresponds to.

[…]

An overview of these color codes will also appear when you open a location’s Temperature Index.

[…]

For days where the temperature range is shorter than the range expected for the next 10 days, their bars will be shorter.

This is cute, but I find it less usable than simply showing the temperatures throughout the day, as in Weather Line, Weather Strip, and Yahoo Weather. Also, unlike those apps, Apple’s Weather doesn’t show preciptation times more than a day ahead.

Live Text

Tim Hardwick:

In iOS 15, Apple is introducing a new feature called Live Text that can recognize text when it appears in your camera’s viewfinder or in a photo you’ve taken and let you perform several actions with it.

For example, Live Text allows you to capture a phone number from a storefront with the option to place a call, or look up a location name in Maps to get directions. It also incorporates optical character recognition, so you can search for a picture of a handwritten note in your photos and save it as text.

This looks really cool. I find it hard to believe that Intel Macs aren’t fast enough to support it, though. And why doesn’t it work in Preview?

Previously:

Update (2021-06-18): Kawaljit Singh Bedi:

macOS Monterey OCR works on captchas also.

Update (2021-07-27): Sami Fathi:

The latest beta update of macOS Monterey, released to developers today, has brought Live Text functionality to Intel-based Mac computers, removing the requirement for users to use an M1 Apple silicon Mac to utilize the feature, according to Rene Ritchie.

Thursday, June 10, 2021

Digital Legacy and Account Recovery Contacts

Juli Clover:

With iOS 15, Apple is introducing a new Digital Legacy program that designates people as Legacy Contacts to let them access your Apple ID account and personal information in the event of your death.

[…]

This is an important new addition to iOS because right now, if someone passes away with a locked iPhone, iPad, or Mac, it’s difficult if not impossible to get access to the device, even with access to a death certificate.

[…]

Alongside the Digital Legacy program, Apple is also letting users set Account Recovery Contacts. People set as an Account Recovery Contact will be able to help you regain access to your Apple ID should you forget your password.

It’s good to see Apple catching up here. However, it’s not clear to me whether this means that your Legacy Contacts will be able to legally access content that you had purchased from the iTunes Store or App Store. Apple can offer direct access to photos, but other data can only be accessed by running an app.

Previously:

Update (2021-06-13): Judging by the localized strings files in iOS 15, it seems that the legacy contact will receive access to purchased apps but not to licensed media content. I’m not sure how much you can do with the apps, though, because how would you associate them with your data from the backup? And how could they operate on your iCloud data while running on your legacy contact’s device?

How to Test Swift async/await Code With XCTest

Giovanni Lodi:

Because async/await is a feature at the Swift language level, to test an async function we can use the same approach we’d use to consume that code in production: call it with await.

[…]

To appreciate how neater this is than the approach we used before the introduction of async await, let me show you the same test but for a chopVegetables version using callbacks and Result.

[…]

Unfortunately the XCTAssertThrowsError and the other assertion APIs don’t support concurrency yet, so do catch is the only option to test the error path of async code.

Wednesday, June 9, 2021

iOS 15 Cursor Placement and Text Selection

Benjamin Mayo:

After being unceremoniously removed in iOS 13, Apple has restored the magnifying glass (loupe) when interacting with text on iOS 15.

Now, when a user starts to move the text cursor, a bubble appears above their finger magnifying what is shown below. This makes it really easy to see where the text cursor is being placed, and where text will be inserted.

See also: Mitchell Clark.

Previously:

Low Power Mode for Mac

Juli Clover:

According to Apple, Low Power Mode on Mac reduces the system clock speed and the display brightness in order to extend your battery life even further. This means that if you’re doing less intensive tasks like watching videos or browsing the web, you can eke even more out of your Mac’s battery.

On the Mac, Low Power Mode is compatible with the MacBook (Early 2016 and later) and MacBook Pro (Early 2016 and later).

Previously:

Constant Literals in Objective-C

Andrew Madsen:

In 2012, with the release of Xcode 4.4 and LLVM 4.0, Apple introduced Objective-C literals for three more common Objective-C types: NSArray, NSDictionary, and NSNumber.

[…]

However, unlike NSStrings, these literals were just syntactic sugar for calls to the regular alloc/init methods at runtime, and as such they couldn’t be used to initialize global variables.

[…]

Xcode 13 ships with a new major release of Clang/LLVM, version 13. New in this release is support for constant literals for NSNumber, NSArray, and NSDictionary.

[…]

I take this to mean that even where these kinds of literals are not used to initialize global variables, ie. anywhere else they’re used in your code, the compiler may optimize them into the CONST section of your binary.

[…]

Apple has updated the plutil command line tool included with Xcode so that it can create Objective-C source files containing constant literals from plist data.

Previously:

FaceTime in iOS 15 and Monterey

Juli Clover:

In iOS 15 and its sister updates, you can create a link to a FaceTime conversation that can be shared anywhere. Using this link, friends and family members who do not have an Apple device can log into a FaceTime call using a web browser.

Non-Apple users can join a one-on-one FaceTime call or a Group FaceTime call, effectively making FaceTime a more platform-agnostic video service that is no longer just limited to iOS users. You do, however, need an iOS user to start a FaceTime call and send a link.

I’ll be interested to hear how the end-to-end encryption works from an arbitrary Web browser.

Tim Hardwick:

Apple at WWDC has announced several new upcoming FaceTime features for Apple devices, like spatial audio, voice isolation, wide spectrum, FaceTime Links, SharePlay, and more.

Previously:

Update (2021-06-29): Benjamin Mayo:

It is incredibly tempting to glibly pass off many of these new FaceTime additions as features targeting an era that (we all hope, at least) has passed, and Apple is late to the game. I’m pretty sure I tweeted a joke to that effect on keynote day. On reflection, though, it is an unfair view.

Tuesday, June 8, 2021

StoreKit 2

Apple:

StoreKit 2 delivers powerful, Swift-native APIs for in-app purchases and auto-renewable subscriptions. Learn how you can easily implement in-app purchases and subscriptions, and discover APIs for retrieving product information, handling transactions, determining product entitlements and customer status, as well as comprehensive testing support in Xcode.

Jake Mor:

The Refund API doesn’t let you programmatically issue a refund to your customers. It merely lets you show a sheet to customers, so they can request a refund from Apple. They hear back within 48 hrs.

Ryan Jones:

This makes it look like Devs control the refund. So we get all the ire, even more. With no control.

nut_bunnies:

When Apple really doesn’t want to do something but is pressured into offering a “sweet solution,” you can just feel the contempt they have for the people asking for the full thing

On the plus side, it does look like StoreKit 2 makes lots of things easier.

Kosta Eleftheriou:

Google Play does what?? 🤯

“You may get an automatic refund if you uninstall a paid app shortly after first buying it”

Previously:

Update (2021-06-13): Jacob Eiting:

This is huge. You are now able to get to IAP transactions IDs from the customer order ID present in customer emails.

This will help a ton with the evergreen “I purchased this thing, where is my content” support ticket.

Update (2021-10-20): Michael Love:

Bunch of new StoreKit stuff they didn’t mention at all, though it appears they still aren’t allowing developers to actually initiate refunds likely due to the fact that the whole backend is made out of tin cans + string.

“Invoice Lookup” is nice, but only works if the user has a receipt, which they usually don’t - Google has supported search by email from the beginning and they’ve done it safely/anonymously (have to enter it exactly + they don’t display it).

Apple:

StoreKit 2 introduces powerful new Swift-based APIs that make supporting in-app purchases and subscriptions easier than ever. You can now easily determine product entitlements and eligibility for offers, quickly get a user’s history of in-app purchases, find out the latest status of a subscription with one simple check, provide a way to request refunds and manage subscriptions from within your app, and more. StoreKit 2 also uses Swift concurrency and JSON Web Signature to simplify how you retrieve product information and handle transactions.

Jacob Eiting:

“Wow, StoreKit2 is going to kill RevenueCat”

The reality:

Update (2022-10-13): Craig Hockenberry:

You know what would be great? The TestFlight sandbox working with StoreKit2 as well as Xcode does.

I have never seen it return currentEntitlements and that’s a hell of a thing to be missing if you want to test behavior for PAYING customers.

At this point, I’d prefer TestFlight to use the production App Store backend.

Let testers pay for real or hand out promo codes as needed.

The current situation achieves nothing.

Joe Cieplinski:

Could not agree more. Getting paid is about as crucial a function of shipping an app as can be, and yet we’re still ultimately left to cross our fingers and ship to the general public before we know for certain it’s working properly.

Update (2024-02-01): Luc Vandal:

Is it just me or StoreKit 2 is far from reliable on macOS? Products or subscriptions not loading, app unable to connect to the StoreKit service (XPC), etc. It’s pretty flawless on iOS. 🦗🦗🦗 from the StoreKit team or on Apple Dev forums (which is not surprising).

Update (2024-05-07): Luc Vandal:

Working with StoreKit 2 is frustrating. Production often differ from debug, dealing with Family Sharing adds another layer of complexity. Hopefully, we’ll see significant improvements this June. It’s frustrating to debug production issues blindly, so a more robust solution would be highly welcomed.

Shortcuts for Mac

Apple:

Shortcuts is coming to macOS, and your apps are a key part of that process. Discover how you can elevate the capabilities of your app by exposing those features as Shortcuts actions. We’ll show you how to build actions for your macOS apps built with Catalyst or AppKit, deploy actions across platforms, publish and share shortcuts, and enable your app to run shortcuts from other apps. We’ll also take you through how Shortcuts fits in with existing Mac automation technologies like Automator and AppleScript.

Mitchel Broussard:

Shortcuts will be integrated throughout macOS Monterey, in the menu bar, Finder, Spotlight, and even with Siri. Apple also noted that users will be able to import existing Automator workflows into Shortcuts, and Automator will remain supported.

Stephen Hackett:

Developers of traditional Mac apps — even those built with AppKit — can add Shortcuts support to their projects via Intents, just like support is added in iOS apps.

That might seem surprising, but considering that Apple pitched this as the start of a longer transition, getting traditional Mac apps on board is going to be required if Apple wants to discontinue Automator somewhere down the line.

[…]

Moving workflows from Automator to Shortcuts couldn’t be easier. Drag and drop your .workflow file onto Shortcuts, and it will be transformed into a Shortcut automatically.

This seems to be because Apple has re-implemented its own built-in Automator actions in Shortcuts. Third-party Automator actions don’t work in Shortcuts.

Maynard Handley:

Does it have debugging?

Does it have logging?

Does it have the ability to cut and paste SECTIONS of a shortcut?

To duplicate then modify a shortcut?

As far as I can tell, the answers to these questions are No, except that you can duplicate shortcuts and then edit them. I wasn’t able to play around with Shortcuts much because it kept crashing in SwiftUI (which it’s implemented using). I was curious to try the new SwiftUI focus and keyboard navigation features, but alas they seem to be a work in progress.

Previously:

Update (2021-06-13): Jeff Nadeau:

/usr/bin/shortcuts

Mert Dumenci:

Because I’m so excited about this (and Shortcuts for Mac in general), another fun tip: try chaining shortcut runs!

shortcuts run "Resize" —input-path photo.jpg | shortcuts run "Resize" | shortcuts run "Resize" —output-path resized.jpg

Update (2021-06-29): Dr. Drang:

All in all, this looks like everything I wanted in Mac Shortcuts. As I said in the post two years ago, the ability to run every kind of automation from every other kind of automation is key to making a fluid system, where you can use each tool for what it does best. Also, it means that third-party automation tools like Keyboard Maestro, which has a good AppleScript dictionary for running its macros, will fit in well with the new environment even before they incorporate Intents that are directly accessible from Shortcuts.

There is one oddity left unresolved. The emphasis Apple put on being able to run shell scripts from Shortcuts and vice versa seems to be at odds with its declaration with the release of Catalina that built-in scripting languages are being deprecated[…]

Previously:

Update (2021-09-07): Jason Shell:

On the Mac side it is also really, really rough, even on the latest beta. I got a crash within 30 seconds and there’s also a lot that doesn’t quite work right...

Steve Troughton-Smith:

While I’m on the topic of macOS 12 & SwiftUI frustration, there is… a lot of work… the Shortcuts app still needs, to be ready to ship in a macOS 12 RC. It feels like Shortcuts is really struggling with SwiftUI too, which makes me feel a little better about my apps

Update (2021-10-15): John Voorhees:

One of the worst UI elements in Shortcuts for Mac is the image picker. It opens by default as a single column list of thumbnails and every time you resize it, all the thumbnails reload and the M1 iMac beachballs. Window resizing arrows disappear at times too. Super frustrating 😭

Steve Troughton-Smith:

We’re only a couple weeks away from a macOS 12 RC at most, so now is the time for tough love. The general OS reliability is pretty mixed, and Shortcuts is dangerously close to torpedoing its first outing on the Mac and poisoning the well on Apple’s efforts to modernize automation

It would probably be wise to launch Shortcuts with a ‘Beta’ label; it needs a free pass to evolve for a while

Ezekiel Elin:

Cannot control Low Power Mode with Shortcuts in Monterey 🙃

Josh Ginter:

Here’s how to run a shortcut from the menu bar in Shortcuts for macOS Monterey.

Howard Oakley:

As an introduction to future articles about Shortcuts and how to get more out of it, this article provides an overview of the last 28 years of scripting the Mac.

[…]

Four months after WWDC, Apple has released precious little documentation for developers; indeed, what it has produced in Xcode to date states that the interface required to support Shortcuts isn’t generally available in macOS 12, but is confined to Catalyst apps, which contradicts presentations given at WWDC, which stated clearly that Shortcuts was supported in AppKit, which is generally accessible. As a result, for most third-party developers Shortcuts support is unlikely to be feasible with the release of Monterey, and the only support is going to come in macOS itself and Apple’s own apps, much of which is still based on Shortcuts in iOS and iPadOS.

Previously:

Update (2021-10-28): Stephen Hackett:

I am loving having Shortcuts on my Mac, but I really do wonder if using SwiftUI to build it was the right call. A lot of the controls are finicky, but this pop-up is just about the saddest looking thing I’ve ever encountered in a first-party Mac app

Previously:

Update (2021-12-03): David Sparks:

I worry that folks eager to try Shortcuts for Mac are going to get frustrated when the creation process fails them. (For example, I spent 10 minutes fighting with Shortcuts this morning to set a variable.) Once new users get a Shortcut built, there is no guaranty it will perform correctly given the current state of things. To make this worse, there is very little in the way of error reporting. A lot of times the Shortcut will fail with no feedback whatsoever to the user so you don’t know if you made a mistake in constructing it, or if the feature you called is just broken.

Update (2021-12-17): Nicholas Riley:

Wow, people were not kidding about Shortcuts on Mac. Could not find a way to copy and paste actions and eventually realized it was copying/pasting the shortcuts (in the window behind) instead. Back to iPad…

Update (2022-02-11): Dr. Drang:

Upgraded to Monterey over the weekend, and today is my first day looking at Shortcuts on a Mac. You people have been far too generous. So much normal Mac behavior either doesn’t work or is inconsistent. An absolute piece of shit. And you say it was worse a few months ago?

John C. Welch:

I can create an event on my Exchange Calendar in the “Add New Event” shortcut, or any calendar Calendars can see, (which is something you can’t do via AppleScript, and has been that way since iCal first supported Exchange. Can’t imagine why I am so cynical about Apple’s automation “commitment”), but you can’t do that for Contacts. […] The Finder shortcuts are still so basic as to be not useful. You can’t just make a new file. You can’t make a new folder. I don’t know why Apple bothered with it if they’re going to limit it that much.

Update (2022-06-03): Peter N Lewis:

Sigh, so the shortcuts utility does not match names in a way that is composed/decomposed agnostic, and NSTask actively decomposes all arguments (!?!?) with fileSystemRepresentation, which makes it quite hard to use NSTask to run shortcuts in a way that is unicode-safe.

Update (2023-04-21): John Gruber:

Shortcuts on Mac continues to look like it was written by developers who have never used a Mac.

TestFlight Finally Coming to the Mac

Sami Fathi:

Apple today announced that TestFlight, which allows developers to public test their apps before launch, will be coming to the Mac as part of wider tools meant to improve app development.

Apple:

Learn how you can manage builds and testers, collect feedback, and deploy your macOS app. Discover enhancements for internal testing and new features that integrate with Xcode Cloud to make testing even easier on all platforms.

From what I’ve heard it will only work with macOS 12 Monterey and later.

Previously:

iOS 15 and iPadOS 15 Announced

Alex Guyot (iOS 15 preview, features, iPadOS 15 preview, features, Julio Ojeda-Zapata, Hartley Charlton):

This year’s updates include significant improvements to core first-party apps, new controls for maintaining focus, system-wide text and object recognition in images, and much more.

On the iPad-only side of things, Apple has announced a variety of new multitasking interface elements, feature parity with the iPhone’s Home Screen, quick note capturing available at any time in any app, and an overhauled Swift Playgrounds which supports building and shipping complete SwiftUI apps to the App Store.

Previously:

Update (2021-06-13): Matthew Panzarino:

So I ask Borchers and Marineau-Mes to talk a little bit about multitasking. Specifically Apple’s philosophy in the design of multitasking on iPadOS 15 and the update from the old version, which required a lot of acrobatics of the finger and a strong sense of spatial awareness of objects hovering out off the edges of the screen.

Craig Hockenberry:

It appears that there’s no way to dismiss the multitasking buttons if you trigger them accidentally.

Which means you can’t have your own UI anywhere near the top middle of the screen and risk an errant tap.

James O’Leary:

the multitasking stuff from WWDC killed me, I thought for years there was a revolution coming, 12 years in, its just a crippled + opaque version of what we’ve had all along...if you’re going to do that, just do the windowing system and stop wasting all these years...

macOS 12 Monterey Announced

Apple (features, John Voorhees, Mitchel Broussard):

Connect, share, and create like never before. Say hello to exciting new FaceTime updates. Explore a redesigned and streamlined Safari. Discover and invent powerful new ways to work using Universal Control and Shortcuts. Stay in the moment with Focus. And so much more.

Howard Oakley:

You may recall my rather pessimistic speculation as to which models might be supported by macOS 12 last week, which ran[…] I’m delighted to report that Apple’s confirmed list of supported models is considerably more generous[…]

José Adorno:

With the second major software update to take advantage of the Apple Silicon, here are the features Apple introduced that will be only available to its Macs with proprietary processors.

Previously:

Update (2021-06-13): Joe Rossignol:

Apple has not explained why any of these features are not available on Intel-based Macs. For what it’s worth, Google Earth has long offered an interactive 3D globe of the Earth on Intel-based Macs both on the web and in an app.

Josh Centers:

Overall, maintaining support for old devices while restricting certain new features to more capable recent models is a great strategy. That way, fewer people are forced to buy new hardware just to participate, but the new features encourage hardware upgrades for those who want to take advantage of them.

Let’s dig into the details, first for iOS 15 and iPadOS 15, moving on to macOS 12 Monterey with side trips for Universal Control and AirPlay on Mac, and finishing off with watchOS 8.

Howard Oakley:

Over the last few years, major versions of macOS have brought huge changes which many users are still wrestling with: a brand new file system (APFS in 10.13), privacy controls (10.14 onwards), loss of support for 32-bit code (10.15), notarization (10.15), startup volume groups (10.15), and sealed system volumes (11), for example. This year there don’t appear to have been any such shocks coming in the new.

Monday, June 7, 2021

Emerge (Sponsor)

My thanks to Emerge for sponsoring the blog this week.

Emerge helps teams build better, smaller apps. It offers binary profiling to enable developers to see the full impact of their changes as they make them and actionable insights to provide suggestions on ways devs can improve their code.

Emerge

Emerge integrates with your CI workflow and comments on your pull requests with granular binary size diffs and insights. Developers can dive even deeper on Emerge’s platform with interactive visualizations that enable you to explore and understand your app’s binary, track your app size over time, and even compare your app against competitors!

Our team has experience reducing the size of Airbnb’s iOS app by over 10%. Now we’re bringing our new development experience to apps everywhere.

Want to see an example of Emerge’s build analysis? 🧐 Check out an App Store build of Reddit.

🚀 Get started with Emerge right now!

WWDC 2021 Links

General:

Customer Stuff:

Documentation:

What’s New:

Release Notes:

Key Sessions:

Live Blogs:

Podcasts:

Other:

This post will be updated as I find new links. If you see anything good that I missed, please tweet or e-mail me.

Previously:

On Walled Gardens

Joanna Stern:

All it takes is some bedtime reading of Epic’s 365-page findings document to see just how aggressive Apple executives have gotten in carrying out Steve Jobs’ 2010 vision to, as the finding document quotes him, “tie all our products together so we further lock customers into our ecosystem.”

[…]

Those of us living with multiple Apple gadgets know the garden is pretty darn nice. We’re suffering no more than that person seated in first class next to the lavatory. But are we missing out?

I set up camp in the increasingly harmonious Android/Windows garden, talked to experts and dug through court documents. In the end, I found three strong reasons to justify Apple’s garden—and three strong reasons we need more holes in its walls.

John Gruber:

The people who use the term “walled garden” in this context typically do so as a pejorative. But that’s not right. Literal walled gardens can be very nice — and the walls and gates can be what makes them nice.

[…]

Better than “walled garden”, I like the comparison to theme parks. People love theme parks. Not everyone, of course, but a lot of people. They’re fun, safe, and deliver a designed experience. They’re also expensive, and the food, to put it kindly, generally sucks.

Point taken, but I think this analogy breaks down because:

Dieter Bohn:

During the Epic v. Apple trial, a new metaphor popped into my head and I can’t shake it. As I was looking at the emails that Apple executives were sending each other and reading their testimony during the trial, I kept thinking I’d seen this kind of behavior and even some of the justifications before. And so here it is:

Apple is a carrier.

I mean “carrier” as in cellular network carrier, as in Apple is Verizon or T-Mobile or (shudder) AT&T. Here’s how the metaphor works: The most important thing to any carrier is feeding the Angry God of ARPU (average revenue per user). That number must go up to please shareholders and pay executives, and the carriers have engaged in any number of shenanigans to make it happen.

[…]

Before the iPhone, carriers could (and did) point to any number of smartphones and rightfully boast about the incredible things those phones enabled. The Blackberry, the Treo, the Moto Q, and more all did things that nobody would have thought possible just a few years before. But the carriers would take credit for them while at the same time making demands that kneecapped those phones’ capabilities. They used their monopoly on wireless customers to dictate phone design, software capabilities, and business models.

Indeed.

Previously:

Update (2021-06-07): Nilay Patel:

Smartphones are not just a nice thing you can have — they are the primary (and often only) computer for vast numbers of people. They are a conduit of culture! Condemning all those people to living in a “theme park” is even worse than a “walled garden” imo

Old Apple Conceptual Documentation

Daniel Martín:

Just found that the old Apple conceptual documentation is still available for offline searches. Extract the .docset from the .dmg and load it in a tool like Dash.

There’s a lot of good stuff in here that has been removed without replacement from the current docs. Opening the package produces an error from the Installer app:

This package is incompatible with this version of macOS.

The package is trying to install content to the system volume. Contact the software manufacturer for assistance.

But you can expand it via Terminal:

pkgutil --expand-full /Volumes/ConceptualDocset/ConceptualDocset.pkg ~/Downloads/ConceptualDocset

Update (2021-06-13): Howard Oakley:

Third-party attempts to document Mac OS X have been brave, but none has stood the pace of change. Amit Singh’s Mac OS X Internals from 2006 was replaced around 2017 by Jonathan Levin’s outstanding trilogy *OS Internals, which was marred only by its lack of an index. But no sooner had Levin completed his series than he abandoned it in favour of documenting Android.

DocC looks exciting, and demonstrates that Apple recognises its problem, at least in part. But it falls into several well-known traps.

First, it concentrates on documenting calls within an API by individual function. For a developer who already understands how that sub-system in macOS works, that’s essential. But trying to grok major topics like Attributed Text simply isn’t possible by referring to individual functions within the API. You first need to get your head around how sub-systems are designed and function, the conceptual information which Apple was once so good at providing. Good conceptual documentation is structured and written quite differently from that for classes and functions with an API, as Apple well knows.

Update (2021-06-18): See also: Hacker News.

giantrobot:

From my perspective, I was in SWE at Apple for over a decade, their documentation started going downhill as iOS development ramped up. By the time they got to the yearly release cycle for macOS and iOS documentation was an afterthought. Most was generated with doxygen from inline docstrings.

The reason I think the quality and quantity dropped was the internal schedules barely (or don’t) leave enough time for the engineering work so there’s very little time available for high level documentation. Internally tons of “documentation” existed as Radar comments or exchanges on internal mailing lists. Maybe a group’s wiki had some crystallized documentation or high level architectural descriptions but good luck accessing it from outside that org. My favorite was some discussion about overall design or architecture that got the “let’s take this offline” where all the helpful details ended up shared in an in-person meeting.

The internal secrecy and rapid development pace made it really difficult to get good overviews of technologies internally.

Kernel Assisting the Objective-C Runtime

This is really cool, and I just realized that I forgot to link to it after last year’s WWDC.

Pierre Habouzit:

Faster, priority-inversion-less GC (speed)

@mikeash wrote about it a long time ago, however it turns out this was relatively slow and could also fail (if a thread was observed in the critical section).

The general idea is still the same, but instead of observing the other threads PC, we use a scheme where at startup the runtime tells the kernel where the code reading the IMP caches “unsafely” is, and gives a “recovery PC”.

Now when a GC is triggered, instead of asking for all the other threads PCs, the kernel is told to “force” the PC of threads in the critical section to the recovery path, there’s no waiting, and it can’t fail.

it’s also 10-100x as fast as before.

David Smith:

This is one of the wildest optimizations I’ve seen. How do you make a reader-writer lock with zero instructions? You uh… ask the kernel to move all the reader threads out of the critical section 😱😱😱

Just like… longjmp someone else from outside 🤯

Pierre Habouzit:

I really feel that working at @Apple gives one a unique convergence of “all the things” that is mostly unmatched in the rest of the industry and some of us are lucky enough to have the opportunity to take advantage of it ;)

Previously:

Friday, June 4, 2021

Downgrading BridgeOS

Mr. Macintosh (tweet):

Let’s go over a quick example of why you might want to downgrade BridgeOS. You updated to macOS Big Sur 11.4 from 11.3. After the update, you’ve found that something is not working right. The T2 chip handles many things including, fan speed, battery, power, charging & sound (speakers & microphone). So in this example, maybe you are getting audio cracking noise (has happened in the past). Now you thinking that the new version of bridgeOS might be causing problems on your T2 Mac.

The 2nd example is macOS Update testing. If you are a system administrator in charge of updating a large fleet of Mac testing is very important. Part of that macOS Update process is updating BridgeOS. An example of this is if you upgrade a T2 Mac from 11.3 to 11.4. BridgeOS is updated in the process. Now that this T2 Mac is on the latest version of BridgeOS it normally can not be downgraded. Even if you boot back to recovery and install 11.3, BridgeOS will remain the same updated version. Set this Mac on the shelf because you will never be able to take it through a full update process again until 11.5.

[…]

You could always upgrade BridgeOS via automatic download with Apple Configurator 2.

[…]

We can now download full BridgeOS IPSW Files directly from Apple the same way we do now with Apple Silicon M1 Macs. We can then use the BridgeOS IPSW File to restore/revive BridgeOS to your T2 Mac. The difference here is that Apple WILL stop signing for previous versions of BridgeOS. The signing process follows iOS and is canceled usually about one week after the release of a new update. Apple leaves ONE previous version signed (for 7 days) so you can now downgrade to that version!

Previously:

Update (2021-06-13): Howard Oakley:

Let me ask you a simple question: supposing you installed the Monterey beta on an external disk, what would happen to that Mac’s firmware and its Recovery features? Given that Monterey is likely to bring firmware updates to most if not all Macs, how might that affect yours? That’s what I try to answer in this article – and it’s of great importance to all those who install beta-releases, as well as everyone considering upgrading in the autumn/fall.

The answer to these questions depends on which architecture your Mac has, and how it stores and maintains the different parts of what we loosely refer to as firmware.

M1racles: M1ssing Register Access Controls Leak EL0 State

Hector Martin (tweet, Hacker News, Bruce Schneier):

A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly exchange data between them, without using memory, sockets, files, or any other normal operating system features. This works between processes running as different users and under different privilege levels, creating a covert channel for surreptitious data exchange.

The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.

[…]

The ARM system register encoded as s3_5_c15_c10_1 is accessible from EL0, and contains two implemented bits that can be read or written (bits 0 and 1). This is a per-cluster register that can be simultaneously accessed by all cores in a cluster.

[…]

Really, nobody’s going to actually find a nefarious use for this flaw in practical circumstances. Besides, there are already a million side channels you can use for cooperative cross-process communication (e.g. cache stuff), on every system. Covert channels can’t leak data from uncooperative apps or systems.

Halide Mark II Launch Postmortem

Ben Sandofsky (tweet):

There’s powerful App Store features only supported though subscriptions: a paid app has one price, that is more or less the same around the world. With subscriptions, you can set per-country pricing.

[…]

Half the challenge of a big upgrade is supporting the old version of your app. In small updates, you would build your new features into the old app hidden behind flags, and un-hide them when they’re ready to release. We couldn’t do that in our case, because too much of Mark II would change. When we say it was like a whole new app, we really mean it.

[…]

There was one post-launch surprise that was out of our control: the only way for us to offer the choice between Pay-Once and subscriptions is to make the app free to download, and throwing up a “paywall” at launch. The App Store doesn’t surface this clearly: it just lists it on the “Free” charts. Many folks downloaded Halide expecting it to be free, and get upset that we ask for payment.

[…]

We dug deeper and found it to be a bug when iOS needs to free up memory. Sometimes iOS terminates the program that manages your photo library assetsd. There’s nothing we can do short of telling users to restart their phone.

[…]

While subscribers outnumber Pay-Once buyers by almost five to one, Pay-Once revenue makes up 39% of total revenue. We really think that it’s important to cater to a segment of your users that would not even consider a subscription at any cost out of principle.

Previously:

TCC Bypass in XCSSET Malware

Stuart Ashenbrenner, Jaron Bradley, and Ferdous Saljooki (via Juli Clover, Dan Goodin):

In the latest macOS release (11.4), Apple patched a zero-day exploit (CVE-2021-30713) which bypassed the Transparency Consent and Control (TCC) framework. This is the system that controls what resources applications have access to, such as granting video collaboration software access to the webcam and microphone, in order to participate in virtual meetings. The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, or other permissions without requiring the user’s explicit consent — which is the default behavior. We, the members of the Jamf Protect detection team, discovered this bypass being actively exploited during additional analysis of the XCSSET malware, after noting a significant uptick of detected variants observed in the wild. The detection team noted that once installed on the victim’s system, XCSSET was using this bypass specifically for the purpose of taking screenshots of the user’s desktop without requiring additional permissions.

[…]

If any of the appID’s are found on the system, the command returns the path to the installed application. With this information, the malware crafts a custom AppleScript application and injects it into the installed, donor application.

[…]

Once all files are in place, the custom application will piggyback off of the parent application, which in the example above is Zoom. This means that the malicious application can take screenshots or record the screen without needing explicit consent from the user. It inherits those TCC permissions outright from the Zoom parent app.

Unfortunately, Apple’s fix does not seem to precisely target the actual vulnerability and introduced more problems.

Previously:

Thursday, June 3, 2021

Apple Developer Relations

Marco Arment (tweet, Hacker News):

Apple’s leaders continue to deny developers of two obvious truths:

  • That our apps provide substantial value to iOS beyond the purchase commissions collected by Apple.
  • That any portion of our customers came to our apps from our own marketing or reputation, rather than the App Store.

For Apple to continue to deny these is dishonest, factually wrong, and extremely insulting — not only to our efforts, but to the intelligence of all Apple developers and customers.

Previously:

Update (2021-06-04): Jesper:

Epic’s inability to use another payment processor is just a symptom of the same disease. Beyond the mobility of huge companies, it affects the everyday lives of developers and customers as being users – this is where we live, and Apple are not being reasonable stewards of this community.

See also: Accidental Tech Podcast.

Update (2021-06-07): Riccardo Mori:

I’ve purchased or downloaded apps from the App Store since the beginning, and I can confirm everything Arment says.

Becky Hansmeyer:

There’s a cloud hovering over Apple Park again, and it’s not just the pandemic. It’s bruised developer relations. It’s alleged anti-trust violations. It’s App Store scammy-ness. It’s the weight of a million different expectations and quibbles, from “make the iPad more like the Mac” to “let the iPad be an iPad,” from pro hardware announcements to satisfy developers, to hints of an augmented reality revolution to satisfy those hungry and excited for the post-staring-at-screens era.

Nick Statt (tweet):

Apple will host its second all-virtual Worldwide Developers Conference starting Monday, giving the iPhone maker its annual opportunity to showcase upcoming changes to its software platforms and maybe some new hardware, too. But more important than in years past is that Apple communicates it cares about developers and actively wants to make their lives easier.

[…]

“For me, it seems very clear that Apple thinks it owns the platform and the users, and thus can demand whatever it wants from developers with little to no recourse available to said developers,” Troughton-Smith said. […] “The Tim Cook testimony on the final day really rubbed developers the wrong way, when it seemingly became clear that Apple views the App Store as a way to monetize its IP and that if they had to give up control, they would find some other way to squeeze developers for what they ‘owe,’” Troughton-Smith said. “It feels like a toxic relationship, and is dramatically asymmetrical: Developers bend over backwards to fit within Apple’s ever-changing rules, knowing Apple can end their businesses overnight.”

Dan Moren:

Usually, the hours before Apple’s keynote event are filled with speculation and excitement, but this year there is far more frustration and antipathy than I can remember seeing in my decade and a half covering Apple. There’s always been some degree of dissatisfaction, especially amongst developers, but it’s hard to escape that the current story about Apple is less about its products and more about its attitude.

Previously:

Update (2021-06-13): John Gruber:

What’s weirdest about Apple’s antitrust and PR problems related to the App Store is that the App Store is a side hustle for Apple. Yes it’s earning Apple $10+ billion a year, and even for Apple that’s significant. But it’s not Apple’s main business by a longshot. To my knowledge no company in history has ever gotten into antitrust hot water over a side business so comparatively small to its overall business. Apple doesn’t need this.

[…]

I don’t think the developers are wrong, but even if they are wrong, it’s not good for Apple that they’re so unhappy, and feel so aggrieved. It’s not good for Apple that developers don’t see the App Store as a platform that works in their interests.

Cory Zanoni:

Of the 57 apps on my phone, only two are App Store recommendations[…]

[…]

I’ve bounced around Android phones for a while but never stuck with one as my main phone for long. I struggle to find apps I like using. Meanwhile, it’s apps that brought me to iPhones and apps that keep me there.

On The Talk Show, Craig Federighi and Greg Joswiak respond to Arment, calling his sentiments “bizarre” and “not founded in reality.” It’s too bad they were so dismissive, because his views are widely held and grounded in specific things that Apple has done and said in the last few years. One could argue that developers have misinterpreted these, but calling the inferences crazy is not going to convince anyone.

More Documents From Epic vs. Apple

Ryan Jones:

Here’s all the Apple vs Epic court files OCR’ed.

[…]

I also converted all the PPT to PDF, so they can be searched now too.

Steve Troughton-Smith:

Ooh there are plenty of interesting documents I missed from the Epic trial, like this 2015 Apple report on the Mac App Store and why developers are rejecting it (including testimonials)

In 2017, Apple planned on adding… A/B product pages, and paid upgrades to the App Store?

Matt Gallagher:

The lack of progress on Mac App Store issues (from 6 years ago) is a tragedy. Apple should dogfood the real-world development stack (notarisation, package managers, third-party CI hosting, CD pipelines, App Store review, etc). Shouldn’t need surveys for the blatantly obvious.

Steve Troughton-Smith:

Reading this, you’d get the impression that the Epic v Apple suit was designed just to get Apple to the negotiating table and change its policies by turning developers against them (which is exactly what happened). The antitrust sharks circling made this the best possible shot

To be fair, dev sentiment has been simmering for the past decade, and it’s only now that it looks like something might actually happen that a lot of us are comfortable talking about it. We lost an entire generation of 3rd-party innovation on iOS that just didn’t fit the App Store

Steve Troughton-Smith:

Wherein Apple strongarms Uber into switching to IAP, knowing that Uber would have to raise subscription prices and pass Apple’s 30% along to the consumer

This is interesting because Apple specifically mentioned in the trial that Uber and other physical goods are not subject to the 30%, and that this is by design because they can’t guarantee that the service was delivered.

Internal Tech Emails:

Phil Schiller forwards a Six Colors report card to other Apple execs, highlighting App Store/developer comments from @jamesthomson, @rgriff, @Ihnatko, @gruber, and Katie Floyd

Steve Troughton-Smith:

As late as August 2007 Apple still hadn’t committed to opening up the iPhone to developers beyond EA. Also: 15” MacBook Air and ‘Tablet’ were penciled in for 1H 2008? They thought they were mere months away from those products?

Internal Tech Emails:

App Store execs discuss Google’s app review process

James O’Leary:

holy whackamole some app reviewer at Apple pulled some tmobile app that required the customer service company death sentence, immediate training and mitigation because it screwed up everything

[…]

i feel really bad for the tmobile coo, schiller lecturing him about app review email dates and you were told to comply, etc etc. like it’s his fault Apple’s doing this weird money grab. Services(tm)!

Previously:

Update (2021-06-05): Matthew Panzarino:

The gist of it is that SVP of Software Engineering, Bertrand Serlet, sent an email in October of 2007, just three months after the iPhone was launched. In the email, Serlet outlines essentially every core feature of Apple’s App Store — a business that brought in an estimated $64 billion in 2020. And that, more importantly, allowed the launch of countless titanic internet startups and businesses built on and taking advantage of native apps on iPhone.

Forty-five minutes after the email, Steve Jobs replies to Serlet and iPhone lead Scott Forstall, from his iPhone, “Sure, as long as we can roll it all out at Macworld on Jan 15, 2008.”

Update (2021-06-13): John Gruber:

This email is simultaneously not surprising — because he’s Phil Schiller, steward of the Apple brand, and because, of course, at some point surely some discussion was had within Apple about the permanence of 70/30 — but also shocking, because, my god, it spells out a game plan that would have kept Apple out of all this.

Update (2021-08-21): Sean Hollister:

After sifting through over 800 documents spanning 4.5 gigabytes, here are the roughly 100 things I learned.

Previously:

Web Apps in Epic v. Apple

Adi Robertson:

For Apple it’s a win if Nvidia is providing an amazing service through the Safari browser outside the App Store, obviously. “Has Apple done anything to stop Nvidia from offering GeForce Now on Safari?” lawyer asks. Patel says no.

Nilay Patel:

Apple is basically making the argument that web apps are a good competitor to native apps, which, well… they are not. Famously they are a “shit sandwich,” according to @gruber

Dieter Bohn and Tom Warren:

Though the term itself hasn’t really come up explicitly, what’s being discussed are Progressive Web Apps, or PWAs. If you’re unfamiliar, think of them as slightly more advanced web apps that you can “install” directly from your web browser onto your home screen. Google has been pushing the idea (though support for PWAs on its own platforms is a little mixed), and some companies like Microsoft and Twitter have wholeheartedly embraced PWAs.

Not Apple, though. There are a variety of reasons for that — ranging from genuine concern about giving web pages too much access to device hardware to the simple fact that even Apple can’t do everything. There’s also the suspicion that Apple is deliberately dragging its feet on support for features that make PWAs better as a way to drive developers to its App Store instead.

[…]

All of this is compounded by yet another Apple policy: no third-party browser engines. You can install apps like Chrome, Firefox, Brave, DuckDuckGo, and others on the iPhone — but fundamentally they’re all just skins on top of Apple’s WebKit engine. That means that Apple’s decisions on what web features to support on Safari are final. If Apple were to find a way to be comfortable letting competing web browsers run their own browser engines, a lot of this tension would dissipate.

Alex Russell:

Apple’s iOS browser (Safari) and engine (WebKit) are uniquely under-powered. Consistent delays in the delivery of important features ensure the web can never be a credible alternative to its proprietary tools and App Store.

Previously:

Wednesday, June 2, 2021

Stack Overflow Acquired by Prosus

Joel Spolsky:

Today we’re pleased to announce that Stack Overflow is joining Prosus. Prosus is an investment and holding company, which means that the most important part of this announcement is that Stack Overflow will continue to operate independently, with the exact same team in place that has been operating it, according to the exact same plan and the exact same business practices. Don’t expect to see major changes or awkward “synergies”. The business of Stack Overflow will continue to focus on Reach and Relevance, and Stack Overflow for Teams. The entire company is staying in place: we just have different owners now.

This is, in some ways, the best possible outcome. Stack Overflow stays independent. The company has plenty of cash on hand to expand and deliver more features and fix the old broken ones.

Prosus:

Prosus N.V. ("Prosus"), a global consumer internet group and one of the largest technology investors in the world, announced today that it has entered into a definitive agreement to acquire Stack Overflow, a leading knowledge-sharing platform for the global community of developers and technologists, for approximately US$1.8 billion.

[…]

With expertise in scaling communities in high-growth markets globally, Prosus can help accelerate Stack Overflow’s growth ambitions, with a particular focus on reaching a wider international community, while also further scaling the company’s Teams product to position Stack Overflow at the center of product and technology development within major enterprises globally.

Previously:

Update (2021-06-04): Prashanth Chandrasekar (tweet):

Once this acquisition is complete, we will have more resources and support to grow our public platform and paid products, and we can accelerate our global impact tremendously. This might look like more rapid and robust international expansion, M&A opportunities, and deeper partnerships both on Stack Overflow and within Stack Overflow for Teams. Our intention is for our public platform to be an invaluable resource for developers and technologists everywhere and for our SaaS collaboration and knowledge management platform, Stack Overflow for Teams, to reach thousands more global enterprises, allowing them to accelerate product innovation and increase productivity by unlocking institutional knowledge.

Jeff Atwood:

Today’s sale of Stack Overflow, most importantly, lets Stack Overflow continue as an independent site -- and also mints 61 new millionaires.

eevee:

any assurances that it’s “business as usual” are absolutely worthless, because the people making those assurances JUST ACCEPTED A CANVAS SACK WITH A DOLLAR SIGN ON IT IN EXCHANGE FOR ANY ABILITY THEY HAD TO MAKE THAT DECISION

A Global Perspective on the Apple App Store Ecosystem

Apple (MacRumors):

Apple today announced that the App Store ecosystem facilitated $643 billion in billings and sales during 2020, a 24 percent year-over-year increase. An independent study by economists from the Analysis Group found that developers selling goods and services across many categories grew their businesses while reaching customers around the world. App creators applied their creativity and passion to help people stay connected, healthy, and entertained — while the App Store played a vital supporting role as developers adapted to the year’s challenges and brought new innovations to life.

“Independent” means funded by Apple. “Facilitated” means that it counts estimates of physical goods bought from Amazon and other retailers, if the purchase (or subscription?) was initiated using a (non-browser?) app.

Previously:

Amazon Sidewalk

Alex Hern (via Hacker News):

Amazon customers have one week to opt out of a plan that would turn every Echo speaker and Ring security camera in the US into a shared wireless network, as part of the company’s plan to fix connection problems for its smart home devices.

The proposal, called Amazon Sidewalk, involves the company’s devices being used as a springboard to build city-wide “mesh networks” that help simplify the process of setting up new devices, keep them online even if they’re out of range of home wifi, and extend the range of tracking devices such as those made by Tile.

Mike Prospero and Ian Morris:

As mentioned above, Sidewalk is essentially an open network. That means that any device that is Sidewalk-enabled can connect to your Sidewalk bridge. However, those devices don’t have unfettered access to your Wi-Fi network — no one’s going to be watching Netflix using your Wi-Fi — nor can you see what devices are connected to your Sidewalk bridge. Additionally, any information that’s sent via Sidewalk Bridges is encrypted.

However, if you’re uncomfortable with the idea of others using your network, you can opt to turn off Sidewalk. You can’t selectively turn off Sidewalk for specific devices; rather, you can only activate or deactivate it for all Echo and Ring devices linked to your account.

This is done in the settings of the Alexa app. I don’t recall opting out or even being aware of this when setting up my Echo, but when I checked the setting today it was already disabled.

Dan Goodin (via John Gruber):

Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.

Update (2021-06-04): John Gruber:

The thing to consider is whether you trust Echo and Ring devices with your privacy. If you do, you might as well participate in Sidewalk. It’s not that different, conceptually, from Apple’s Find My network.

Slow Testing With Xcode 12.5 and Big Sur

OlKir1143:

When running app in iOS 14.5 simulator launch takes incredibly long time (more than 30 seconds). In comparison launching installed app in simulator - 2 seconds, launching app on the real device (iOS 14.4) - 6 seconds.

[…]

When running against simulator Xcode says “launching app”, “attaching to app”, and then “running app”, at the running app stage we get a ~30 second pause. debugserver at 100% activity at that time.

Via Chris Fish:

I have noticed that our regular dev lifecycle has tanked significantly since updating to 11.3. It takes up to 10 seconds to attach the debugger. If I run the app without attaching the debugger automatically it flies.

This is reported as starting with macOS 11.3. I didn’t see any problems with that version, but since updating to macOS 11.4 I’ve seen incredible slowness testing my Mac code. Running an individual unit test used to be almost instantaneous. Now there is a delay of 10 seconds or so between launching xctest (i.e. when Xcode starts showing “Testing…”) and when the test actually begins running. Turning off “Debug executable” doesn’t help. Sampling the process shows that xctest is waiting for the access() call, as it tries to load my test bundle. Meanwhile, the tccd process pegs the CPU.

I guess the problem must be triggered by something in my project—or perhaps just its (modest though non-trivial) size—since it doesn’t occur with a fresh project (though even that has high CPU use for tccd). I’m not sure what TCC doesn’t like. The test bundle and all the frameworks that it links to are code signed. The delay occurs on three different Macs, one of them a clean installation.

Another Xcode 12.5 issue: the “Run ‘Test/Class’” command (Command-Control-Option-U) is always disabled, even though Xcode shows the tests and I can run them by clicking the diamond.

Previously:

Update (2021-06-05): Ashley Bischoff:

Just as an eensy correction to the quoted article—I believe that Full Disk Access may have been introduced in macOS 10.14 Mojave?

Previously:

Tuesday, June 1, 2021

2021 Apple Design Award Finalists

Apple:

The Apple Design Awards honor excellence in innovation, ingenuity, and technical achievement in app and game design.

It’s surprising to see Nova on the list because lately only apps in the Mac App Store have been eligible. (And no Mac apps have won in the last few years.)

Previously:

Update (2021-06-13): Apple:

“This year’s Apple Design Award winners have redefined what we’ve come to expect from a great app experience, and we congratulate them on a well-deserved win,” said Susan Prescott, Apple’s vice president of Worldwide Developer Relations. “The work of these developers embodies the essential role apps and games play in our everyday lives, and serve as perfect examples of our six new award categories.”

Nova did not win, and the only Mac app that did was Alba, a multi-platform game.

macOS 11.4 Breaks Full Disk Access for Helper Tools

Jerry Krinock:

I have been going through hell trying to maintain Full Disk Access for my apps’ background agents. I think something has changed with Full Disk Access[…]

[…]

Before Full Disk Access became a thing in macOS 10.15, my apps’ background agent was a command-line tool, shipped within my apps’ bundle, and launched intermittently by launchd tasks. Testing in early betas of 10.15, I could not find any way for a command-line tool to get Full Disk Access. (This may have been fixed in later versions.) Copying the design I saw in another app (Arq Backup) which had a working background agent, I spent several months replacing my command line tool with a Service Management Login Item which runs constantly.

webjib:

Before updating to 11.4, if user granted Full Disk Access to the main app, the Helper Tool got Full Disk Access too, as stated here by eskimo.

But now, it’s not working anymore. The Helper Tool doe not inherit from the main app, either the Full Disk Access but also the authorisations like Automation for Finder.

It remains frustrating how it’s mostly not documented how TCC is suppposed to work. And how, even when you figure it out, it seems to randomly fail on certain Macs until macOS is reinstalled and/or you disable SIP and delete the database.

Previously:

WWDC 2021 Preview

Parker Ortolani:

Every WWDC has its moments, but there are some moments in particular that are impossible to forget. From earthshaking announcements to retrospectively goofy quotes, there are so many memories that bring a smile to our faces. As we approach WWDC 2021, let’s take a look back at some of those moments.

Donny Wals:

I figured I’d put together a little guide to making the most out of WWDC without being completely overwhelmed and intimidated by the sheer volume of content that Apple is about to unleash on us all.

Previously:

Update (2021-06-02): Tom Harrington:

The unofficial WWDC Slack team is back for another year!

Update (2021-06-05): Scott Knaster:

I just made a new WWDC-flavored story video! It’s about Douglas Adams, legendary author of The Hitchhiker’s Guide to the Galaxy, and his visit to WWDC in 1990.

WWDC 2021 Wish Lists

Becky Hansmeyer:

I really enjoy reading wishlists and predictions, so this year I’ve compiled a WWDC 2021 Community Wishlist. You’re welcome to contribute, just submit a pull request (or send me a note on Twitter and I’ll add it for you).

[…]

Ability for [SwiftUI] views to become/resign first responder, and to identify the current first responder

[…]

TestFlight for Mac

[…]

For Apple to chill out and allow apps like Riley Testut’s Delta emulator to be installed on iOS devices in some sanctioned way (remember, emulators are not illegal)

For Apple to chill out and let developers accept payments via some approved processors (i.e. Stripe)

[…]

Subscription cancellation API for developers.

Casey Liss:

Given my constant kvetching about this, it should be of no surprise that the #1 thing I want from Apple is improved documentation.

[…]

My money is on Combine being neutered — if not straight-up scuttled — by an over-zealous SwiftUI champion, politicking within Apple. I surely hope that isn’t the case, because a rising tide raises all boats.

[…]

The iPad hardware is ridiculously powerful. Please, please, can we have some software improvements to match?

Federico Zanetello:

We saw a lot of new SwiftUI documentation being added during the past year, including some technical articles. However, there’s no way to discover when new material is added, beside constantly monitoring all documentation pages.

[…]

My wish for this year is to see MetricKit reports not being limited to once a day, allowing reports as fast as the competition.

[…]

It would be great if Feedback Assistant would send notifications/emails when any new update occurs, not just when there’s a new reply to a feedback.

Majid Jabrayilov:

SwiftUI provides you both List and ScrollView, but under the hood, these views still use the UIKit implementation of UITableView and UIScrollView. I love how UITableView works and the API it provides us. But SwiftUI’s List and ScrollView don’t expose all the powerful features of UITableView and UIScrollView.

Andy Ibanez:

Unfortunately, as it has been the case for many years now, there is not really much you can do when you attempt to integrate with the settings app as it is now. You can create a Settings bundle, but it is all managed by a plist. You cannot have any more complex settings that would allow users to login to dedicated service accounts or do anything else remotely complex.

[…]

SwiftUI is my favorite framework introduced in the past few years, but when it comes to debugging issues with it, it can sometimes be more complicated than I’d like.

[…]

Fast forward to iOS 14, and Apple introduced a new widget system. While I love these widgets and actually use them constantly, they are mostly info widgets and you can’t do much with them. Shall a widget be able to perform actions, they will launch the app. You cannot do much with them.

John Sundell:

I’ll post a detailed #WWDC21 wishlist article next week, but honestly, if we only got a new version of Xcode in which Swift syntax highlighting, error reporting, and auto-complete always worked fast, accurately and predictably, I’d be more than happy 😅

Rory Prior:

If literally the only thing to come from WWDC this year was a fix for Xcode so autocomplete didn’t randomly fail every day I’d be so happy.

Matt VanOrmer:

I’d take a redesign of the Home app as a start — so much potential, all locked behind a mess of tiles, rooms, zones, scenes, and painfully limited automation options.

[…]

[It’s] time for iOS 15 to finally let Shortcuts power users self-identify as such and unlock the ability to automate any shortcut with any Automation trigger.

[…]

The available notification settings on iOS have been lacking for a long time[…]

[…]

As it stands, initiating an Emoji search requires you to tap two buttons to escape back to the typical QWERTY keyboard: one to close the Emoji search by opening the Emoji keyboard, and once to swap from that keyboard to QWERTY. This confusing dance is extremely unintuitive (why would I click the button covered in Emojis when I want the opposite?), and could be solved with something as simple as a small “X”-to-close button tucked into the Emoji search UI.

And, perennially:

Dan Moren:

The fix seems straightforward enough: allow users to add words to iOS’s dictionary so they can stop fighting with autocorrect. Whether this takes the form of a contextual popover menu, a section somewhere in Settings, or somewhere else entirely doesn’t particularly matter—the important part is giving the control to users, rather than some obtuse machine-learning algorithm that already seemingly likes to replace real words with non-words.

Which, while we’re at it, suggests that Apple ought to give us an option to have autocorrect unlearn words as well. If the system is going to act as though it knows better than the users, it should actually know better. Or it should let us flag words and terms that we don’t use and remove them from the iOS dictionary at well. Let us make our mistakes, instead of having them made for us.

Chris Hynes:

While auto-correct frustrates every iPhone user at one time or another, I imagine it’s an insanely complex feature to get right. After using it for 13 years now, I find that I have a list of small things I’d love to see change rather than a few number of really big changes.

Previously:

Update (2021-06-02): Jason Snell:

One feature that the Mac desperately needs from iPadOS is, believe it or not, Shortcuts.

[…]

I’d like to see the ability to run iPhone apps on macOS. Yes, they’re small, but so what?

[…]

I’d like to see someone from Microsoft appear on Apple’s virtual stage to explain that Windows for ARM will run on Apple silicon, even if it’s just in a virtual environment. Support for Boot Camp would be even better but seems a lot less likely.

[…]

I know it’s pretty rich for me to conclude a long list of demands by making this point, but I’m serious: The single most important addition to macOS this fall should be a focus on stability and reliability.

Update (2021-06-04): Craig Hockenberry:

Here is my anti-wish list - things I do not want to see:

More multi-tasking gestures in iPad OS. Make multi-tasking spatial, or make it stop. I hate user interfaces that are driven by guessing.

More features in macOS that I’ll never use. It’s great as-is, just fix bugs and everyone will be happy.

More Siri improvements that have nothing to do with parsing my commands.