Archive for July 2021

Wednesday, July 28, 2021 [Tweets] [Favorites]

1Password Takes Second Round of Venture Capital

Jeff Shiner (tweet):

Today we’re announcing a new investment round in 1Password. Our current investor Accel led this round and a number of incredible folks including Ashton Kutcher’s Sound Ventures and top executives from Shopify, Slack, Squarespace, Google, Eventbrite, MessageBird and Atlassian also came on board.

[…]

We’ve grown from 177 people to 473 awesome folks. This has allowed us to greatly expand what 1Password can do to help consumers and businesses alike including[…]

[…]

Initially I wasn’t open to the idea as we’re profitable and did not need the money. But investment rounds have some real benefits. They help spread the word that we are an enduring and successful company which attracts both customers and talent. So we gave it further thought and went back to what we valued most from the first round – having smart folks invested in our success who can help and guide us. That, and ensuring we could retain full control of our destiny. If we could accomplish the same here then it would truly make sense for us to proceed.

Mary Ann Azevedo:

[The] company announced that it raised $100 million in a Series B round of funding that doubles the company’s valuation to $2 billion.

You may recall that the previously bootstrapped 1Password only raised its first round of external capital in 2019 – a $200 million Series A led by Accel that represented the venture firm’s largest single investment in its 35-year history.

[…]

Profitable since day one, 1Password recently crossed the $120 million in ARR (annual recurring revenue) mark, according to CEO Jeff Shiner. Over 90,000 businesses use its SaaS platform[…]

Previously:

Apple’s Q3 2021 Results

Apple (Hacker News):

The Company posted a June quarter record revenue of $81.4 billion, up 36 percent year over year, and quarterly earnings per diluted share of $1.30.

[…]

“Our record June quarter operating performance included new revenue records in each of our geographic segments, double-digit growth in each of our product categories, and a new all-time high for our installed base of active devices,” said Luca Maestri, Apple’s CFO. “We generated $21 billion of operating cash flow, returned nearly $29 billion to our shareholders during the quarter, and continued to make significant investments across our business to support our long-term growth plans.”

Jason Snell (transcript):

There will be a lot more to say about it momentarily, but here are the charts….

John Voorhees:

After the break, we’ve compiled a graphical visualization of Apple’s Q3 2021 financial results.

Michael E. Cohen and Josh Centers:

Q3 iPhone revenues shot up an impressive 49.8% year over year, from $26.4 billion in Q3 2020 to $39.6 billion this quarter.

[…]

The iPad brought in $7.4 billion in revenue, handily beating the $6.6 billion it brought in one year ago, an increase of 11.9%. You would have to go back to 2012 to find a June quarter in which iPads brought in more revenue than this year.

[…]

Apple’s Mac products also exhibited strong growth, with a year-over-year increase of about 16%, from $7.1 billion in revenue in Q3 2020 to $8.2 billion this quarter. Cook said this was a new Q3 record for the Mac, thanks to the new M1-based iMac.

[…]

In plain English, the chip shortage that’s affecting the entire supply chain is looming over Apple. While Apple said it was able to mitigate those issues in Q3, it’s looking less likely in Q4.

Eric Slivka:

Gross margin for the quarter was 43.3 percent, compared to 38.0 percent in the year-ago quarter.

Juli Clover:

Apple now has more than 700 million paid subscriptions, which is up 150 million from last year, and is four times the number of subscriptions that Apple had four years ago.

David Sparks:

However, the most interesting number for me was services, which represent 21% of Apple’s revenue. That’s right. Apple makes more now on services than it does on the Mac and [iPad] combined.

This causes me a slight pause because historically, Apple has always been a product company. They made gizmos and we gave them money for the gizmos. Being in the gizmo business lead Apple to a particular set of priorities and serious commitment to customer experience.

Edward Snowden:

Apple today: “In 3 months, we spent $10 billion on dividends and $66b on stock buybacks.”

Sure sounds like a good time to commit $10b to improving iOS security, since companies are selling iPhone hacks for less than your lunch money to actual murderers[…]

Previously:

XLoader Malware

Ben Lovejoy:

XLoader malware has now migrated from Windows machines to attack Macs too. An evolution of the malware known as Formbook, it lets an attacker log keystrokes, take screenshots, and access other private information.

Worryingly, the malware is sold on the dark web for $49, enabling anyone to deploy it against both Windows and Mac users …

The good news is that it does require user action to trigger it. Attackers typically send an email that contains the malware embedded into Microsoft Office documents.

Alexey Bukhteyev and Raman Ladutska (via Objective-See):

The malware now features a more lucrative economic model for the authors as compared to Formbook. Customers may only buy the malware for a limited time and are only able to use a server provided by the seller; no panel sources codes are sold anymore. Thus, a “Malware-as-a-Service” scheme is used. Centralized C&C infrastructure allows the authors to control how the malware is used by the customers.

Previously:

Hydromac Malware

Bill Toulas:

The infection begins with dropping a legit copy of Adobe Flash Player, which is also very common among macOS malware strains. Still, MapperState’s features, encryption scheme, debug symbols, and strings were all hidden, encrypted, or stripped. By digging deeper, the researchers were able to confirm that the malware had the capability to fetch more payloads and also check for installed AV tools, but not much else was discerned.

This is where the flashcard app leaks come into play, as the researchers recently used what decrypted strings they held to search on the internet, and the gods (Google) answered. Someone based in San Diego had created a flashcards app account with content matching what was found in MapperState’s code. In the published flashcards, the researchers found another macOS malware named “Hydromac,” which appears to have the same commands as in their sample.

Taha Karim (copy, Hacker News):

The chain of different stages has become very complex nowadays and the analysis phase takes more time, due to the malware authors’ understanding of how reverse engineering is being done, but also countering the tools we wrote to decrypt their malware.

[…]

To close this chapter, it is worth noting that this is not the first time critical information is leaked via Flashcards apps, interestingly this week Bellingcat has reported that US Soldiers exposed Nuclear Weapons Secrets via Flashcard Apps, as they were using them for learning purposes.

Previously:

Tuesday, July 27, 2021 [Tweets] [Favorites]

Inside Apple’s CSAT Solutions Repair Depot

Chance Miller:

While some Apple products are repaired directly in Apple Stores, Apple contracts many of its Mac repairs to third-party providers, including CSAT Solutions based in Houston, Texas. A new report today from Insider today sheds light on what workers describe as a “sweatshop”-like conditions inside the Houston facility, with 13-hour days, broken air conditioning, and unrealistic expectations.

[…]

Technicians are said to be tasked with completing every repair in less than an hour, something that employees said is “impossible to sustain.”

[…]

Employees who spoke to Insider corroborated that Apple auditors do indeed visit CSAT Solutions, but that employees are instructed to “do certain tasks differently” when auditors are around to avoid any potential trouble.

Previously:

Safari Frustrations

Perry Sun (via Hacker News):

With IE now out of the way, the distinction of ‘most-hated browser’ goes to Apple’s Safari – which all along had been a close second to IE.

In a similar vein, Safari has consistently lagged behind competing browsers in supporting modern web APIs and features, presenting considerable challenges for developers wanting to create products that work consistently across all the major browsers (Chrome, Edge, Firefox, and Safari).

However, the annoyance with Safari gets deeper and more nuanced, which I’ll explain further below.

I guess it was about time for another one of these posts to gain traction. I don’t think the Internet Explorer analogy is entirely fair, but the frustrations for developers and users are real.

Not being a Web developer, I don’t have much of an opinion about which specific APIs or Web standards Safari should be supporting better. But my experience as a user is that its compatibility continues to decline. In the last month, I encountered problems using the American Express, Discover, and Subway sites. The same actions worked fine in both Chrome and Firefox. I’m also still seeing GPU-related crashes each day, though I’m told this may be fixed in Monterey. Apple is busy trying to reinvent tabs and toolbars, but I just want a browser that works.

Apple dragged their feet in adding support for PWAs in Safari, and when they finally did, limited the capabilities of a PWA so that native-like app functionality wouldn’t be possible, like notifications or a home screen icon shortcut – to name just a few of the many restrictions imposed by Apple.

I think iOS has supported home screen icons for Web pages since day one, so I guess this is referring to customizing the menu that you get when you long-press on an app icon.

The reason for Apple’s self-imposed limitations on PWA-related web APIs? They’ll tell you they’re for user privacy reasons, which may be valid in certain cases.

But most of us know the dominant reason is because fully-capable PWAs would compete against the iOS App Store – robbing Apple of 30% cut in revenue it rakes in when an app is purchased, or an in-app purchase is executed.

It’s not clear to me that the stuff that doesn’t work is primarily related to privacy. But, either way, I would like users to be able to opt into running fully-capable PWAs, especially since that’s the only release valve for all the apps that Apple won’t allow in the App Store.

Previously:

Update (2021-07-28): Jen Simmons:

If you make websites, what do you need browser engineers to add to WebKit (Safari’s rendering engine)? What HTML, CSS, JS, Web APIs are missing — impacting your ability to get your job done. What do we most need to add / change / fix / invent to help you?

Dave Rupert:

When I think about Safari, it has a reputation as a little bit of a prima donna to the Pixar characters in my brain. From the humble -webkit-appearance: none to make buttons not look like trash on iOS to even more sophisticated tricks polyfilling scroll-behavior: smooth, every project has “one-offs” written inside it to appease Safari. It adds up to a non-zero amount of cognitive load that I maintain as a developer to support Safari.

Tim Perry (via Hacker News):

These APIs are already part of the fabric of the web. These are popular webapps (Noteflight has 6 million users, Excalidraw has 22,000 github stars), many users want to use them, and they have core functionality that only works well in Chromium.

[…]

So, outright ignoring popular features will not stop them happening, and risks either giving all market share to Google, or all browsers being forced to follow Google’s standards. What the hell do we do instead?

Safari, Firefox and others need to make better proposals for these use cases.

Safari 15 Changes in Beta 4

Juli Clover:

Apple today seeded the fourth betas of iOS and iPadOS 15 to developers for testing purposes, with the updates coming two weeks after Apple released the third betas.

Juli Clover:

The fourth beta of iPadOS 15 that was released today introduces tweaks to Safari, with the [iPadOS] Safari layout now mirroring the updated layout that was introduced in macOS Monterey Beta 3.

[…]

While the separate tab bar is enabled automatically when updating, in the Safari section of Settings, there is an option to toggle on the original compact tab bar that merged everything together.

Federico Viticci:

There are more changes to Safari for iPhone in iOS 15 beta 4:

  • The share button is back in the tab bar
  • Reload button is back, next to domain name
  • Quicker access to bookmarks
  • One-tap Reader button appears on articles

Additionally:

  • The tab bar now automatically minimizes when interacting with buttons on websites.
  • There’s a new ‘docking’ behavior for the tab bar above the keyboard when you tap into search boxes on websites.

Overall, seems like Apple is adapting to websites after all.

Federico Viticci:

There’s a total of six different touch targets in the iOS 15 beta 4 tab bar in Safari.

These exclude the ability to long-press the tab bar, swipe across it to change tabs, and swipe it up to open the Tabs view.

I’m…starting to think a single, small toolbar just won’t do. 😬

Michael Love:

They’re already desperately trying to make this UI work and it’s a brand new UI; imagine if a year or two from now they want to add some new option to it.

Curtis Herbert:

I really do appreciate the experimentation, but the new Safari feels like something I’d take to the UI Design Labs at WWDC and they’d push me to use native controls that users expect and already know, have better tap targets, & stop cramming too many things in a small space.

Josh Centers:

I find the new Safari design in iPadOS 15 b4 to be every bit as confusing as before, but without the space-saving cleverness of the previous design.

Tyler Hall:

If Safari on macOS Monterey is heading in a similar direction where web page titles are going to be even more truncated, that’s going to make me sad. I guess we should do something about it.

Here’s TheTitle.app

It’s a silly Mac app that is just a window title bar. It floats above all the other windows on your Mac and keeps an eye on your web browsers. As you move from browser to browser and web page to web page, TheTitle shows you the full page title - unobscured. Problem solved.

Previously:

Update (2021-07-28): John Gruber:

I think it’s fair to say there are [9] touch targets, because the left and right sides are effectively previous/next tab buttons.

Nick Heer:

There is some good news: the “⋯” Button of Mystery has been scrapped and replaced with the standard share button. There’s also a reload button in the address bar right beside the URL — but it is grey, while every other tappable control in Safari is blue.

[…]

In this context, reconfiguring Safari so that the entire user interaction happens in the lower half of the screen is a win for usability, but a loss for muscle memory. I think this once-in-a-lifetime update could make sense in the long term. But when coupled with some of the space constraints created by this specific iteration and how cramped the controls are, it is hard to argue in favour of this interpretation of Safari.

John Gruber:

How is a normal person going to get into Reader Mode come fall, when they upgrade from iOS 14?

John Gruber:

Mobile Safari versions 1–14: no one ever had to explain anything.

Mobile Safari 15: “See, you don’t get the genius of this design, let me explain…”

Riccardo Mori:

That reload icon beside the site name is so tiny one needs a fine-point stylus to tap it. Pull to Refresh on the other hand is a 10-plus-year-old tried-and-true gesture which I think fits best in this otherwise tragic Safari redesign.

Peter Novak:

The reload button placement is disastrous. Every. Single. Time. I want to type an address, I reload the page I’m currently on.

Ezekiel Elin:

My complaint with todays address bar is that the reload button moves and seems to find itself in the dead middle of the “address bar” a lot

Federico Viticci:

I wish I was kidding at this point, but the Safari tab bar in iOS 15 beta 4 can get busier.

Here’s what happens if you do a Google search, have an extension active, and have just downloaded a file.

(Magnifying glass, text label, dot on share.)

Michael Love:

The internal politics behind this stupid address bar are probably quite terrifying.

John Gruber (tweet):

But there’s an awful lot of non-sharing stuff crammed into the Share menu — the ᴀA menu items from the current version of Safari (text size, Reader mode, disabling content blockers temporarily, etc.) are all in “Share” now. It’s better than the “···” menu in betas 1–3, but really, this is more like changing the “···” glyph to the Share glyph. It’s still two menus’ worth of features stuffed into one monolithic menu.

John Gruber:

But my big problem with this tab bar — both on Mac and now iPad — is that it’s very hard to see which tab is the current (selected) tab. The visual indication for “selected” is just a very slightly different background tint — whether you’ve got “Show color in tab bar” enabled or not. You can even scroll the current tab out of view. Why is that possible? I don’t see how this is better than the Safari 14 tab bar in any way, and I see a lot of ways that it’s worse.

ps3zocker:

It get’s worse, and worse. On the latest macOS beta, they added a stroke around the traffic lights so that they look better when the titlebar has a background color. The address bar is now outlined to make it different from the tabs that look otherwise the same. Yikes.

Safari uses a darker stroke then the rest of the system and it looks really bad.

Developer Account Terminated After Reporting Security Issue

Khaos Tian:

lol apparently reporting security issue to Apple product security can lead to termination from Apple Developer Program? Got a notice of termination from the personal account that has no activity recently today 🙃

Looks like I’m getting ghosted by WWDR & Product Security forks

That’s one way to make sure I don’t waste my time on sending security issues to them in the future I guess ¯\_(ツ)_/

Also it’s kinda annoying that macOS still shows the misleading alert when the signing certificate is revoked…

Saagar Jha:

Reminder that developing software for macOS means that Apple will turn around and call it malware if they terminate your developer account, because people who report security issues in good faith obviously write apps that will damage your computer.

Previously:

Update (2021-07-28): See also: Hacker News:

Nika Kirkitadze (via Hacker News, tweet):

A few weeks ago, I received an email from Apple, where says that my developer membership has terminated. This is a massive blow to me.

The letter says that I have fraudulent conduct, but I believe that’s not true.

Apple just sent a warning message to me and, after 14 days, removed all my apps at the same time.

I am disappointed, of course. But a more critical issue is that I don’t know what went wrong and how to fix it. I tried to communicate with them but always was getting exact generic words and texts but nothing concrete.

Apple is super confident about its judgment. They applied the most severe punishment to me, without mentioning any details.

Monday, July 26, 2021 [Tweets] [Favorites]

macOS 11.5.1

Juli Clover:

According to Apple, macOS Big Sur 11.5.1 brings important security updates and is recommended for all users.

Apple:

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

I encountered some problems applying this update (on top of 11.5). Software Update repeatedly stopped the download midway. After the download had completed, clicking the button to install it would try to download it again instead of restarting the Mac to begin installation.

See also: Mr. Macintosh (tweet, standalone download link), Howard Oakley.

Previously:

Update (2021-07-26): See also: Pierre Igot.

Rumors About the Next Pro Macs

Tim Hardwick:

On Twitter, Dylandkt claimed that Apple’s “high end iMac” is not expected to release in the fourth quarter of 2021 alongside Apple’s “M1X Macs” – a reference to Apple’s redesigned MacBook Pro models – because “Apple simply does not want their devices to compete for attention and delays in product releases have led to this timetable.”

In previous claims, Dylandkt has remained adamant that an “M1X” Apple silicon processor is destined for high-end “Pro” Macs, which could include the upcoming MacBook Pro models and a larger, more powerful iMac model. Apple is expected to release 14-inch and 16-inch MacBook Pro models at some point between September and November.

I’ve been waiting for the new iMac (27-inch or Pro) to use my DTK coupon that expires at the end of this year, though I might be persuaded to get a 16-inch MacBook Pro (which hasn’t been updated since its release in 2019) if there’s an external display available.

Juli Clover:

A new Mac Pro that’s coming in 2022 is set to use Intel’s Ice Lake Xeon W-3300 workstation chips, according to an Intel leaker that WCCFtech says has offered reliable information on Intel Xeon chips in the past.

I’ve not heard anything about timing for the Apple Silicon Mac Pro, except that Apple announced in June 2020 that the full product line would transition within two years.

Previously:

Apple Business Model: A Naive Nostalgic Look

Jean-Louis Gassée:

At first, the App Store looked like another product in charge of propping up sales volume and profit margin for the main act, the iPhone. That didn’t last. The App Store became more than an iPhone support function, it became a gigantic business in itself. One that Apple doesn’t disclose but bundles into the Services category. The Services number includes much more than the undisclosed App Store revenue, it encompasses services such as iCloud and Music revenue, Apple Care, and the more visible Apple TV activities.

In the company’s latest SEC filing for the quarter ended in March 2021, Apple’s Services reached $16.9B, exactly as much as the $16.9B number for the combined Mac and iPad revenue, although still far form the $48B iPhone revenue for that quarter.

[…]

What happens to priorities, to company culture? What will be sacrificed and what will be preserved? For example, if budgetary restrictions are needed, what will be prioritized: the next Ted Lasso or the next Apple Silicon processor?

[…]

I don’t have immediate worries for Apple’s culture. But I’m old enough to have seen strong companies lose their way as their priorities changed and they lost sight of their strengths.

I think we’ve been seeing tradeoffs favoring services over customer interests for a while now. Today, I was trying to play a song in Monterey’s Music app. It was stored locally, but I couldn’t get to the Library section of the app. The main part of the window was entirely devoted to an ad for Apple Music, and there seemed to be no way to dismiss it except to subscribe. There was no “x” or “Later” button, even on hover. Clicking outside of the border or in the sidebar didn’t close it. Eventually, I figured out that it would go away if I pressed Esc.

Previously:

Update (2021-07-27): Nick Heer:

But this new focus on recurring services revenue — predictable monthly payments from as many buyers as possible — has created plenty of opportunities for Apple to degrade its existing product offerings. As the iTunes Store gave way to the Apple Music streaming model, iTunes was replaced with the much worse Music app, which feels like an old <frame>-based website given the façade of a desktop application. Applications across MacOS and iOS now interrupt users with advertisements in a nagging reminder that your multi-thousand-dollar purchase of a hardware product is merely the beginning of your financial relationship with Apple.

[…]

One thing not mentioned by either Gassée or Apple is that about one-fifth to one-quarter of Apple’s services revenue is from Google for making it the default search engine across Apple’s ecosystem. I mentally subtract $3 billion from this category in the quarterly earnings report to create a truer estimation of how Apple’s own-brand services are performing.

Smaller Preferences Tab Icons in Big Sur

Marc Edwards:

I believe macOS Big Sur changed the prefs tab icon size, and because of that, most Mac apps now have blurry icons. I was unable to find a size in the macOS Human Interface Guidelines, but dropping a solid image into your Xcode project reveals the full image area for the asset. In this case, it’s 54×54 pixels on a Retina display, which means prefs tab icon assets need to be exactly 27×27pt to render sharply. Please note that the icons themselves are only around 22×22pt, with the additional space just being padding.

I found it tricky to make a custom icon look right next to an SF Symbol. Vectors help it look sharp at different resolutions, but they don’t help with scaling. It really has to be drawn at the desired size or the stroke widths will be off. And this applies recursively: you can’t just draw a sub-element and then scale it to the right size, or its strokes won’t match the rest of the icon. Naive scaling of a vector icon actually looks worse than scaling down a bitmap.

Previously:

Friday, July 23, 2021 [Tweets] [Favorites]

iDOS Emulator to Be Removed From the App Store

Juli Clover (Hacker News):

iDOS 2 has been available in the App Store since 2014, and its predecessor, iDOS, was first released in 2010. iDOS has had issues with Apple before, and in 2010, Apple pulled the original emulator app from the App Store. Changes were made, and the app was allowed back in the App Store in 2011, but there have still been ongoing troubles with Apple.

iDOS 2 went four years without an update because of Apple’s restrictions on iTunes file sharing and bundling game files without ownership, but in 2020, Li implemented document storage and was able to once again update the app.

Since 2020, iDOS has been able to run games and programs accessed through file sharing, which Apple now says is not allowed.

This is frustrating for several reasons:

Chaoji Li (Hacker News):

Long time iDOS users are aware that we have been able to update iDOS meaningfully since last year, because we have enabled file sharing access which gives iDOS the ability to run custom games or programs.

We didn’t play any trick to fool the reviewers, on the contrary, for any submission, we always provide the following note up front to them:

This version enables Document Browser mode, but it

  • doesn’t download code from internet,
  • doesn’t provide store front,
  • only runs emulation in a small portion of screen.

We are perfectly aware of AppStore policy on interpreted code. The reason of this submission is that there are similar apps on AppStore, running js or python code. In principle, iDOS is no different. No security risk since the user code is running inside emulator within the app sandbox.

App Review:

During review, your app installed or launched executable code, which is not permitted on the App Store.

Specifically, your app executes iDOS package and image files and allows iTunes File Sharing and Files support for importing games. Executing code can introduce or changes features or functionality of the app and allows for downloading of content without licensing.

Please note that while educational apps designed to teach, develop, or allow students to test executable code may, in limited circumstances, download code, such code may not be used for other purposes and such apps must make the source code completely viewable and editable by the user.

Well, there’s no reason the x86 assembly code couldn’t be made viewable and editable…

Dan Moren:

Over the last few years, Apple has been advancing the narrative that the iPad is just as good as a traditional computer, but if Apple is going to continue to dictate the boundaries of its capabilities by arbitrarily deciding what software can and can’t do on the platform, the truth is simple: this platform, good as it is, will never be as good as a computer. And Apple will have no one to blame but itself.

Craig Grannell:

It’s been back on the store with this exact same functionality for a while now, and received several updates. I’d hoped this was a sign Apple was changing its tone on retro gaming and emulation, but feared it was not. And Apple’s seeming distaste for emulated classic games feels further cemented by it not approving entirely legal retro-gaming streaming service Antstream Arcade for the App Store.

Previously:

Update (2021-07-26): Drew Crawford:

Policies against Real Apps are implicitly a vote for Facebook. So developers make Facebook.

macOS 11.5

Juli Clover:

macOS Big Sur is a minor update focusing on small changes and bug fixes. According to Apple’s release notes, the update improves the Podcasts app by allowing the Podcasts Library tab to be adjusted to show all shows or only followed shows.

It also addresses an issue that could cause Apple Music not to update play count or the last played date in the library, and it fixes a bug that caused smart cards not to work when logging into M1 Macs.

I first saw this update on Wednesday, but then it disappeared and I wasn’t able to download it until yesterday. Now it’s available via Software Update and direct download.

Previously:

iOS 14.7

Juli Clover:

According to Apple’s release notes for the update, iPadOS 14.7 introduces an option for two Apple Card members in the same family to combine their cards, plus it adds new Podcasts options and fixes a bug that could cause audio to skip when using USB-C to 3.5mm headphone jack adapters. Apple’s full release notes are below[…]

Lisa Vaas:

The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware.

Previously:

Through the Blast Door

Nick Heer:

This weekend’s first batch of stories from the “Pegasus Project” — a collaboration between seventeen different outlets invited by French investigative publication Forbidden Stories and Amnesty International — offers a rare glimpse into the infrastructure of modern espionage. This is a spaghetti junction of narratives: device security, privatized intelligence and spycraft, appropriate targeting, corporate responsibility, and assassination. It is as tantalizing a story as it is disturbing.

“Pegasus” is a mobile spyware toolkit created and distributed by NSO Group. Once successfully installed, it reportedly has root-level access and can, therefore, exfiltrate anything of intelligence interest: messages, locations, phone records, contacts, and photos are all obvious and confirmed categories. Pegasus can also create new things of intelligence value: it can capture pictures using any of the cameras and record audio using the microphone, all without the user’s knowledge. According to a 2012 Calcalist report, NSO Group is licensed by the Israeli Ministry of Defense to export its spyware to foreign governments, but not private companies or individuals.

OCCRP:

The phones of Panyi, Thakurta, and Vaqifqizi were analyzed by Amnesty International’s Security Lab and found to be infected after their numbers appeared on a list of over 50,000 numbers that were allegedly selected for targeting by governments using NSO software. Reporters were able to identify the owners of hundreds of those numbers, and Amnesty conducted forensic analysis on as many of their phones as possible, confirming infection in dozens of cases. The reporting was backed up with interviews, documents, and other materials.

[…]

The strongest evidence that the list really does represent Pegasus targets came through forensic analysis.

Amnesty International’s Security Lab examined data from 67 phones whose numbers were in the list. Thirty-seven phones showed traces of Pegasus activity: 23 phones were successfully infected, and 14 showed signs of attempted targeting. For the remaining 30 phones, the tests were inconclusive, in several cases because the phones had been replaced.

John Scott-Railton:

We @citizenlab conducted peer review.

Here’s an explainer THREAD.

Daniel Cuthbert:

NSO Group has a full zero-click zero-day iMessage exploit chain that can install the Pegasus spyware on the latest version of iOS at the time of writing (14.6).

Craig Timberg, Reed Albergotti, and Elodie Guéguen:

Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.

And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person — in Mangin’s case, a Gmail user going by the name “linakeller2203.”

Ivan Krstić:

For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. […] Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.

Timberg et al.:

The investigation found that iMessage — the built-in messaging app that allows seamless chatting among iPhone users — played a role in 13 of the 23 successful infiltrations of iPhones.

[…]

In a 2,800-word email responding to questions from The Post that Apple said could not be quoted directly, the company said that iPhones severely restrict the code that an iMessage can run on a device and that it has protections against malware arriving in this way. It said BlastDoor examines Web previews and photos for suspicious content before users can view them but did not elaborate on that process.

It’s not clear to me how this was done. Is there a flaw in the BlastDoor sandbox? Or is Messages not actually using it for all decoding of untrusted data, e.g. images?

Reed Albergotti:

Apple has so many bugs that it can’t fix them all, and can take years to implement fixes. It created a bug bounty program in 2016, which it says pays the most in the industry. But inside and outside the company, the view is that it has room for improvement. A lot of room.

One former employee told me the security team would send canned responses (to ensure they would not be vetoed by the marketing team) to researchers who submitted bugs. That kind of communication does not lead to good relationships with security researchers.

[…]

Apple is famously shy about sharing anything, especially acknowledging problems, and that is true when it comes to security. Apple argues that it’s better that way. The less hackers know, the better. That is why Apple makes it difficult to even locate traces of malware on iPhones.

As @craiu told me, that means we don’t know the extent of the problem. He said if Apple allowed more analysis of iPhones for malware, it would generate bad press, but make iPhones more secure.

Stefan Esser:

With PEGASUS in the news again. Never forget that behind closed doors people will tell you that when PEGASUS was found the first time in the wild Apple forbid researchers to put the samples in the public and they complied because they were scared for their app(s) in the @AppStore

Whenever Apple claims the @AppStore is required for security keep in mind those “secret” stories where Apple managers threatened security companies to shut up because otherwise their apps in the @AppStore might get extra reviewed….

Stefan Esser:

Interesting in this PEGASUS research is also that we have been right: making persistence hard does not stop phone hacks instead it makes them even harder to find because less to no artifacts on the disk. Without introspection of the computers in our pockets we are doomed :P

Nikias Bassen:

This is the problem with Apple (and Google) locking out their users. It actually helps the bad actors since the user cannot see what is happening on the device, and after the fact you can’t even get a sample of the malware without a jailbreak.

Stefan Esser:

iOS attack have been ongoing for years. They were invisible because Apple denies introspection of iPhones. This is part of their marketing to claim iPhones are invulnerable compared to the competition. Then iOS exploitation capabilities slipped into the hands of NSO who are notorious for getting caught apparently. So finally the world learned that this is real. But only because one of the many players has been caught in the act. Since they were caught the first time the only other player that has been found was the campaign Google found. No other iOS drive by attacks or malware has ever been found. And no this is not because it doesn’t exist. It is because nobody can see it. Much to the joy of Apple management.

Dan Moren:

Tech Crunch’s Zack Whittaker linked to a tool that can help you check if your phone was compromised.

I downloaded and tried out the Mobile Verification Toolkit so you don’t have to and, well, it’s definitely not user friendly. I had to install some command line updates via Homebrew, which took a little bit of trial and error after the instructions proved to not be exactly correct for my system, then had to make a decrypted copy of my iPhone backup, plus had to make sure I’d downloaded the correct definitions file to compare it to.

How likely is it that the evidence would be included in a backup?

Simone Manganelli:

Huh?

Israeli spyware company NSO Group has said repeatedly that its surveillance tools do not work against smartphones based in the United States

Why would that matter for 0-click iMessage vulnerabilities?

Matthew Green:

Many attacks used “network injection” to redirect the victim to a malicious website. That technique requires some control of the local network, which makes it hard to deploy to remote users in other countries. A more worrying set of attacks appear to use Apple’s iMessage to perform “0-click” exploitation of iOS devices. Using this vector, NSO simply “throws” a targeted exploit payload at some Apple ID such as your phone number, and then sits back and waits for your zombie phone to contact its infrastructure.

[…]

Adding a firewall is the cheap solution to the problem, and this is probably why Apple chose this as their first line of defense. But actually closing this security hole is going to require a lot more. Apple will have to re-write most of the iMessage codebase in some memory-safe language, along with many system libraries that handle data parsing.

[…]

NSO can afford to maintain a 50,000 number target list because the exploits they use hit a particular “sweet spot” where the risk of losing an exploit chain — combined with the cost of developing new ones — is low enough that they can deploy them at scale. That’s why they’re willing to hand out exploitation to every idiot dictator — because right now they think they can keep the business going even if Amnesty International or CitizenLab occasionally catches them targeting some human rights lawyer.

See also:

Previously:

Update (2021-07-26): Nick Heer:

The reporting associated with the Pegasus Project has been enlightening so far, but not without its faults. The confusion about this list of phone numbers is one of those problems — and it is a big one. It undermines some otherwise excellent stories because it is not yet known why someone’s phone number would end up on this list. Clearly it is not random, but nor is it a list of individuals whose phones were all infected with Pegasus spyware.

See also: Wired, MacRumors, TidBITS.

Thursday, July 22, 2021 [Tweets] [Favorites]

Git Tower 7

Julian Rothkamp:

The first thing you will notice after updating to Tower for Mac version 6 is our new dock icon.

[…]

After adapting the toolbar to the new design, we decided to go one step further and remove Tower’s “Navigation Bar” right below the toolbar.

[…]

Across the whole app you will find new as well as redesigned icons.

Julian Rothkamp:

Version 7 gives you the option to easily give your commits more context by directly referencing issues, commits and files.

[…]

Similar to issues numbers, you can search and autocomplete commit references by typing “c:”.

[…]

If you want to quickly reference specific changed files from your working copy, simply do so by typing “\”.

[…]

For a quick overview of the list of available commands, just type “/”. Tower will show you command suggestions to help you discover available completion actions easily.

[…]

If you start your commit message with the “fixup!” or “squash!” keywords in the subject field, Tower lets you choose an existing commit you want to fixup or squash, respectively. After making that commit, you can switch to your HEAD branch’s history and will find a bright yellow button at the top to conclude the process.

The version numbers are changing so quickly now.

I still wish I could just drag and drop a file onto Tower to see its history.

Previously:

Hopper 4.8

The new version of Hopper includes an important change:

Initial support for the new DYLD shared cache of macOS Monterey,

This version allows it to open the shared cache rather than failing outright. However, Hopper is not yet able to show all of the symbols. Also, each architecture now has four separate files, so you may have to try several before finding the framework that you want.

Hopefully the format of the shared cache doesn’t keep changing each year, because not having working tools makes it harder to track down crashes and other bugs.

Previously:

Wednesday, July 21, 2021 [Tweets] [Favorites]

Windows 11: Android Apps

Tom Warren (Hacker News):

Android apps will run natively on Windows 11 and will be downloadable from Amazon’s Appstore, via the new Windows store that’s included in the operating system.

[…]

Microsoft is also partnering with Intel to use its Intel Bridge technology to make this a reality, although the Android apps will still work with both AMD and Arm-based systems.

Presumably, the bridge is only necessary for the parts of the apps compiled for ARM, and the Java bytecode can just run in a Windows JVM.

Steve Troughton-Smith:

I hope Microsoft goes beyond simply running Android apps in a VM; provide a path towards a native-feeling Fluent Windows app, like Catalyst does for UIKit apps on the Mac. Is it an also-ran, or is it the future of consumer app development on Windows?

Previously:

Windows 11: Windows Store Changes

Dieter Bohn:

At the end of a surprisingly eventful, exciting presentation of Windows 11, Microsoft CEO Satya Nadella came on the video feed to deliver some closing remarks. He laid out his vision for Windows 11 as a “platform for platform creators,” and in doing so, he issued a subtle but nonetheless stinging critique of Apple.

Nadella’s speech was almost entirely about building a case that Windows would be a better platform for creators than either macOS or (especially) iOS. He argued that “there is no personal computing without personal agency,” insisting that users should be more in control of their computers.

Nadella called out the changes Microsoft is making to its app store rules, allowing more types of apps, Android apps, and — most importantly — allowing apps to use their own payment systems if they so choose.

Nilay Patel:

If you had told me in 2000 that in 2021 Microsoft would be positioning itself as the champion of creators and developers while Apple was being pilloried in Congress for being a monopolist... I would have probably flamed you on Slashdot?

Zac Bowden (via Steve Troughton-Smith):

The new store features policy changes that allows app developers to submit unpackaged Win32 apps, such as raw .exe and MSI applications.

Microsoft is also allowing app developers to use their own content delivery networks for app hosting and updates, meaning app updates no longer have to come directly from the Microsoft Store.

Finally, the company has announced that app developers can now use third-party commerce platforms, and Microsoft won’t take a revenue cut from apps that do.

Jay Peters:

But the deal has one important caveat: it doesn’t apply to games, Microsoft confirmed to The Verge.

[…]

Microsoft is largely on the side of apps and games being different because its bottom line depends on it. During the Epic trial, the company testified that it sells expensive Xbox hardware at a loss and makes its profits from the 30 percent cut it takes of game sales and subscriptions. But it also seemed like Microsoft was saying that PC games were different: the company recently announced that it would lower its cut of game revenues in the Microsoft Store from 30 to 12 percent starting on August 1st.

Steve Troughton-Smith:

Microsoft opening up the Windows Store to any arbitrary exe file or installer URL has kicked off a mad rush for everybody to get their apps listed there — because why wouldn’t you be in the Store, now? It’ll rapidly become the first & only place most users look for software

Previously:

Windows 11: ARM64EC

Marc Sweetgall:

ARM64EC is a new application binary interface (ABI) for Windows 11 on ARM that runs with native speed and is interoperable with x64. An app, process, or even a module can freely mix and match ARM64EC and x64 as needed. The ARM64EC code in the app will run natively while any x64 code will run using Windows 11 on ARM’s built-in emulation.

[…]

Traditionally, rebuilding an app for ARM has meant recompiling the entire app. The result is a great native experience for the customer that unlocks the full power of the ARM device. However, from a developer perspective, porting an app can be all-or-nothing, since all the binaries within a process need to be rebuilt before a customer can see the benefit.

With ARM64EC, you can choose to start small and build incrementally. You can identify a part of your codebase that would benefit most from native performance and rebuild it as ARM64EC. The rest of the app will remain fully functional as emulated x64, but the recompiled ARM64EC parts will now have native speed. Over time, you can recompile more of the app as ARM64EC to further improve performance and conserve battery life for your app’s customers.

Via Rosyna Keller:

Windows 11 is bringing back the Mixed Mode Manager!

[…]

Instead of allowing arbitrary ARM apps to load arbitrary x64 code in-process, the ARM app needs to have its ABI “massaged” to look more like the x64 ABI.

Previously:

Windows 11 Announced

Panos Panay (Hacker News):

We’ve simplified the design and user experience to empower your productivity and inspire your creativity. It’s modern, fresh, clean and beautiful. From the new Start button and taskbar to each sound, font and icon, everything was done intentionally to put you in control and bring a sense of calm and ease. We put Start at the center and made it easier to quickly find what you need. Start utilizes the power of the cloud and Microsoft 365 to show you your recent files no matter what platform or device you were viewing them on earlier, even if it was on an Android or iOS device.

Windows has always been about helping you work how you want, by offering flexibility of multiple windows and the ability to snap apps side by side. New in Windows 11, we’re introducing Snap Layouts, Snap Groups and Desktops to provide an even more powerful way to multitask and stay on top of what you need to get done. These are new features designed to help you organize your windows and optimize your screen real estate so you can see what you need just the way you want in a layout that’s visually clean. You can also create separate Desktops for each part of your life and customize them to your liking – imagine having a Desktop for work, gaming or school.

John Gruber:

Microsoft is doing something very interesting with app icons — they’re using different shapes for each of them, rather than forcing them all into the exact same roundsquare shape. That’s an idea Apple should copy.

Nick Heer:

On the surface, it is more of an iterative update than any new version of Windows for a long time; it seems like, with Windows 10, Microsoft established a good foundation that does not require radical changes. At the time, Microsoft even went so far as to claim that Windows 10 would be the “last version of Windows”. Things change.

Ben Thompson:

Of course Windows remains essential software, with a billion-plus userbase of its own, and a critical part of the enterprise landscape in particular (although, as the company highlighted in the presentation, COVID re-established the importance of the PC for consumers as well). What gives Microsoft more freedom-of-movement, though, is that Windows is no longer the core of its business. This remains CEO Satya Nadella’s biggest triumph; I recounted how he shifted the company away from its Windows-centricity in 2018’s The End of Windows[…]

[…]

Microsoft, like Apple, is responding by doing what they do best, but, because it’s Microsoft, it’s the exact opposite of Apple: instead of more deeply integrating and doing everything themselves in an attempt to appeal to consumers, they are opening up and removing limitations in an attempt to appeal to developers, and by extension consumers who don’t want to be bound into Apple’s ecosystem.

Nilay Patel (via John Gruber):

We’ve got a special episode of Decoder today — I’m talking to Satya Nadella, the CEO and chairman of Microsoft.

Nick Heer:

Officially, Windows 11 is incompatible with processors in computers released starting just a few years ago, but even more recent models are going to be stuck on Windows 10.

Jack Wellborn:

As successful as Apple has been, they aren’t an immediate threat to Microsoft. Fundamentally, one is primarily a consumer technology company and the other is a business technology company. While each has tried to drink the other’s milkshake, neither has meaningfully succeeded. The biggest and most immediate threat to Windows is not anything made by Apple. It’s Chromebooks.

[…]

These aren’t features to lure Mac or iPad users to Windows. They are to keep Windows customers, consumers and businesses alike, from switching to Google.

Previously:

Tuesday, July 20, 2021 [Tweets] [Favorites]

BBEdit 14

Bare Bones Software (tweet):

BBEdit 14.0 and later feature built-in support for the Language Server Protocol, (occasionally referred to here as “LSP”, not to be confused with Lightspeed Pascal).

[…]

Completions supplied by the language server are significantly more accurate and complete than those available using the built-in mechanisms.

If a language server supports the “signature help” feature, BBEdit enables the “Show Parameter Help” command on the Edit menu; choosing this will open a panel providing assistance for filling in function parameters at the current insertion point (if applicable).

If a language server reports issues (errors and warnings) for a file in which you’re editing, ranges corresponding to those issues get highlighted according to their severity, and the corresponding lines are highlighted in the line number bar.

[…]

Command-double-click on a word will direct the request to an appropriate language server and perform the equivalent of “Go to Definition”, if possible.

I’m really excited about this, as it enables all sorts of IDE-type features. I’d long hoped that Xcode would add an API to make its indexing information available to external editors. In a way, this is better because it also works with languages not supported by Xcode. It uses an open protocol that’s implemented by various open-source language implementations. If you’re using a custom language, you can write your own LSP server.

As you might expect, to get this working requires installing a server package for each language (links here). C-family languages and Swift “work” out of the box if you have Xcode installed. I put that in quotes because, although the language server is pre-installed and pre-configured:

clangd relies on a “compilation database” which provides necessary information about compiler options and lists the files relevant to the current project workspace. The compilation database is a JSON file named “compile_commands.json” which lives at the root directory of the project.

Without this, it won’t even know what NSString is. There’s a sample shell script that you can set up to generate the compile_commands.json for each Xcode project. Note that this JSON only contains information about the project files and how they’re compiled. It’s not a list of the actual symbols to be indexed, like with ctags, so it does not need to be regenerated frequently.

One issue I ran into is loose C/Objective-C files that aren’t part of an Xcode project. For example, I like to view/search the header files from Apple’s SDKs. It’s not obvious how to generate a compilation database for those files, nor where to put it. So I end up with spurious warnings about types (even intptr_t) and macros (such as API_AVAILABLE) that were declared in an included file. My workaround for this is to configure .h files as Objective-C++ and then turn off LSP for Objective-C++ files. I mostly care about it in .m files, anyway.

The compilation database does not include information about Swift files, and sourcekit-lsp for Swift doesn’t seem to be able to figure out my project structure itself. So, when editing a Swift file, I get live reporting of syntax errors, which is great, but it doesn’t offer completions of symbols from the same framework or know how to find definitions. But neither, thankfully, does it show warnings for symbols that it doesn’t know about.

More new stuff from the release notes:

Notes are mostly like ordinary text documents, except that you don’t have to remember to save them or even make up a name if you don’t want to. BBEdit keeps notes all together in a “notebook”. Notes exist on disk as text files; there’s no secret file format involved.

[…]

Added “Repeat Last Command” to the Edit menu.

[…]

When dragging an image or an HTML file into a Markdown document, BBEdit will generate appropriately formatted Markdown references.

[…]

Added the ability to drag files (not folders) from an FTP/SFTP browser window to the Finder (and other applications that want files). When the item is dropped in its destination, BBEdit will download the file as indicated.

[…]

Added “Precompose Unicode” to the Text menu. This command will convert decomposed Unicode pairs (such as a letter followed by a combining accent or diaresis) into a single Unicode character, where possible.

[…]

Added a new script attachment point, to provide additional control over the text generated when you drop an image file into a BBEdit editing view.

It also adds language modules for R, Lisp, Go, and Rust—and a nice new icon for Big Sur. This is definitely one of the bigger BBEdit upgrades.

Pricing is unchanged, $50 for new licenses and $30 for upgrades.

See also:

Previously:

Update (2021-07-26): See also: Hacker News, TidBITS.

Monday, July 19, 2021 [Tweets] [Favorites]

Owner Accounts on M1 Macs

Howard Oakley:

In the next few days those using M1 Macs will be updating to Big Sur 11.5, blissfully ignorant of how, as an admin user, their Mac could refuse to update. Because now, in addition to regular users, admin users and root, there’s another class of admin user: the Owner.

[…]

If you install a second operating system, on internal or external storage, the Owner needs to agree to hand over Ownership to users of that second system. And that’s where problems can occur, with a combination of puzzlement and frustration. Last week, when trying to perform a macOS update on a second operating system on my M1 Mac mini, I only succeeded at the third attempt, after a total of five hours.

Previously:

Update (2021-07-26): Howard Oakley:

So during this creation of the default state, the OIK, the private half of a public-private key pair, is generated and stored in the Secure Enclave. Also created is a new User Identity Key (UIK) for Activation Lock. This is sent to Apple for certification, where it’s checked to see if it’s associated with a lost Mac using the Find My Mac service. If it is, then certification is refused and that attempt to set that Mac up fails. If the UIK is certificated successfully, then that User Identity Certificate (ucrt) is used to sign in RemotePolicies, which provide constraints for LocalPolicies.

[…]

Creating and maintaining LocalPolicies requires a user to have access to the private OIK in the Secure Enclave, making that user an Owner. Apple states: “Access to the Owner Identity Key (OIK) is referred to as “Ownership.” Ownership is required to allow users to resign the LocalPolicy after making policy or software changes.”

[…]

M1 Macs always start their boot process from their internal storage, even when they’re then going to boot from a second operating system stored elsewhere. To be able to boot from that second OS, it requires a LocalPolicy with an OIC attached, and Ownership has to be handed off to an Install User created when that OS is installed.

[…]

Handing off Ownership to the Install User is more of a problem, as users are only created once the installation is complete. To accommodate that, macOS offers to copy a user from the current boot system as the Install User, and the primary admin user, on the second OS.

He notes that the process doesn’t “always work as expected, particularly when using beta releases,” and that there is “no way to identify Owners or Install Users.”

The Print Shop Club

Benj Edwards:

In 1984, Brøderbund Software released “The Print Shop,” a pioneering desktop publishing app that allowed anyone with a PC to easily make large banners, signs, and greeting cards at home for the first time. Here’s what made it special.

[…]

One of the coolest features of The Print Shop was that you could type in any message, and the program would automatically format it so that it could be printed in a large font horizontally on a continuous feed of paper. Since graphics capability wasn’t common in printers in those days, the letters of the words in the banner were usually composed of simple blocks or many smaller characters grouped together to form the shapes of larger letters.

This was one of my favorite Apple II apps. I used it to make lots of foldable greeting cards, posters, and banners—where the flaw of the tractor-feed printers of the day was turned into a feature.

The Print Shop Club (via Brad Fitzpatrick, Hacker News):

We’ve created this website as a tribute to David, Martin, and The Print Shop, and all of the fond memories children, parents and teachers from the 1980s have of it. On this site we’ve emulated the Apple II and The Print Shop software, so that visitors can easily use The Print Shop to create their own cards, posters and banners. See the Documentation page to read The Print Shop manual, or just get started by clicking on the application window on the Application page once the Click to Start message appears.

It prints by downloading a PDF file.

Previously:

New Apple Podcasts App Still Unreliable

Dan Moren (tweet):

Apple, the de facto leader in podcast discovery, seems to have screwed up what was once its biggest asset in favor of trying to capitalize on a new feature.

[…]

Unfortunately, when Apple started rolling out the podcast subscription feature, it came with a (presumably unintended) side effect: new podcast episodes sometimes don’t show up. Back in May, Jason speculated about some of the possible causes, the most likely culprit being Apple changing how it handles podcasts behind the scenes.

But more than two months later, this problem persists.

[…]

I haven’t seen any direct acknowledgment from Apple about this issue over the last two months, much less any indication of what went wrong and how it plans to fix it.

Previously:

SwiftUI Examples for macOS

Gavin Wiggins (tweet):

There are plenty of books, videos, and online resources for developing iOS apps. Despite the fact that iPhone and iPad apps require a Mac for code development, there is little information about actually creating native Mac applications. The examples provided below demonstrate various aspects of Mac app development using the latest versions of Swift and SwiftUI. Hopefully these examples will provide a useful resource for Mac developers.

Previously:

Friday, July 16, 2021 [Tweets] [Favorites]

Pocket Casts Acquired by Automattic

Chance Miller:

Following its acquisition of the popular Day One journaling app last month, Automattic has announced that it is also acquiring the popular podcast application Pocket Casts. For those unfamiliar, Automattic is the company behind WordPress.com and Tumblr.

Eli Budelli (Hacker News, Slashdot):

As part of Automattic, Pocket Casts will continue to provide you with the features needed to enjoy your favorite podcasts (or find something new). We will explore building deep integrations with WordPress.com and Pocket Casts, making it easier to distribute and listen to podcasts.

[…]

Co-founders Russell Ivanovic and Philip Simpson will continue to lead Pocket Casts as part of Automattic.

Ashley Carman:

Pocket Casts launched in 2010 and sold to NPR and a group of other public media groups eight years later. […] It started monetizing through a program called Pocket Casts Plus, which charges users a monthly subscription fee for features like desktop app access and a standalone Apple Watch app, in 2019.

Pocket Casts initially went up for sale in January after its board of public media members voted to do so. The app, which is free to download, was losing money, and NPR reportedly lost $800,000 on it last year.

Previously:

Unclack 1.1.1

Base11 Studios:

Unclack is the small but mighty Mac utility that mutes your microphone while you type. No more getting called out for clacking your way through a Zoom meeting on your clicky keyboard!

Via Nick Heer:

This is, for me, a perfect addition to my work-from-home software toolkit, and it is free.

Reddit’s Disrespectful Design

Ognjen Regoje (via Hacker News):

I’ve stopped using Reddit mostly because I no longer wanted to support a site that has aggressively started to employ disrespectful design patterns. Not only that, but they kept trying to present them in a way that made it seem like they’re doing it for the sake of their users.

Here are examples of dark (perhaps dark is too strong but they’re certainly at least grey) patterns that I noticed[…]

wting:

I was the EM for Reddit’s Growth team around this time. I am responsible for / contributed to a few features like the current signup flow, AMP pages, push notifications, email digests, app download interstitials, etc.

There was a new product lead who joined with many good ideas, but some of them were dark patterns that I heavily protested. After a few months of this, it was obvious that I was going to be reigned in or let go; I immediately transferred to a different org.

iOS Zero-day to Steal Authentication Cookies

Dan Goodin (Hacker News):

The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft.

[…]

Attacks targeting CVE-2021-1879, as the zero-day is tracked, redirected users to domains that installed malicious payloads on fully updated iPhones.

[…]

In one wave, a Nobelium-controlled web server profiled devices that visited it to determine what OS and hardware the devices ran on. If the targeted device was an iPhone or iPad, a server used an exploit for CVE-2021-1879, which allowed hackers to deliver a universal cross-site scripting attack. Apple patched the zero-day in late March.

Previously:

Thursday, July 15, 2021 [Tweets] [Favorites]

Xcodes.app

Robots & Pencils (via Christian Selig):

The easiest way to install and switch between multiple versions of Xcode.

[…]

  • List all available Xcode versions from Xcode Releases’ data or the Apple Developer website.
  • Install any Xcode version, fully automated from start to finish. Xcodes uses aria2, which uses up to 16 connections to download 3-5x faster than URLSession.
  • Just click a button to make a version active with xcode-select.
  • View release notes, OS compatibility, included SDKs and compilers from Xcode Releases.

Distributing Unnotarized Mac Apps in an RTFD File

Jeff Johnson (tweet):

Gatecrasher is an empty Mac app that I created in Xcode in a few minutes. It has no code other than the standard NSApplicationMain and the default MainMenu.xib file with the main menu and window. Gatecrasher isn’t signed with an Apple code signing certificate and isn’t notarized; it has only an “ad hoc” (codesign -s -) code signature with no identity. I compressed Gatecrasher into a zip file, but as you’ll see, that’s not what you’re downloading. Instead, I embedded the zipped app into a “rich text” document (.rtfd file) in TextEdit and then compressed it. That’s what you’re downloading. You can unzip the rtfd, double-click to open it in TextEdit, follow the simple instructions written inside, and you’ll end up with an app that you can double-click to launch — all without any macOS Gatekeeper alert, and all without any Developer ID or notarization.

[…]

You can distribute an unsigned, unnotarized .pkg file inside an .rtfd file, and when you double-click the package (after saving to remove the quarantine), TextEdit will run the macOS installer.

[…]

I’ve been told that double-clicking an embedded .zip file doesn’t work right if a third-party app such as The Unarchiver is the default handler for archives on your Mac rather than the built-in Archive Utility. However, after removing the quarantine on the .zip, you can still drag it out of TextEdit and drop it into Finder, and then unarchive it to bypass Gatekeeper.

This relies on his previously reported issue where saving a document in TextEdit removes the quarantine attribute. (Apple did not consider this a security issue and thus wouldn’t pay the bounty.)

Previously:

Leaking Files With TextEdit

Paulos Yibelo (tweet, Hacker News):

I quickly realized that TextEdit can be tricked into thinking the file opened is an RTF-HTML file even when the file extension is TXT. The ability to inject HTML into a TXT file obviously opened lots of potential attack vectors.

[…]

I found out the CSS property <style> @import { "url "} </style> was allowed to load local CSS files. However, the only scheme that worked was file:/// and not even http/s://. While this means we can’t make external requests, it also means we can hit or open other files that are stored locally on the device. This creates a very obvious DOS vulnerability that acts like a blind SSRF by writing a recursive file inclusion or, reading files with infinite data streams like /dev/urandom, /dev/zero. a 2kb text file can crash your mac. COOL, but completely useless.

[…]

While they did a good job blocking TextEdit from making external requests, [AutoFS] was the one thing they forgot when they allowed file:/// scheme, on OSX file:///net/11.22.33.44/a.css connects to 11.22.33.44.

[…]

By combining the <style> CSS attribute with the <iframedoc> attribute, an attacker can first include an unclosed style tag, embed the contents of the file they want to steal and then leak the content as dangling parameters to their evil site as soon as the file is open.

This was addressed in macOS 10.15.1.

Previously:

Safari 15 Changes in Beta 3

Juli Clover (tweet, Hacker News):

In the third developer beta of macOS Monterey, which came out this morning, Apple has overhauled the design of Safari, making the tab bar more similar to the current tab bar in macOS Big Sur.

[…]

The new and separate tab bar is enabled by default when upgrading to macOS Monterey beta three, but Apple has included an option to revert to the original Monterey design. If you to go View and toggle off "Show Separate Tab Bar," you can use the original design.

Dieter Bohn:

I’m sorry these tabs are STILL terrible. Why are they floating buttons? Which one is active?

Jeff Johnson:

It looks like there are 3 address bars.

Francisco Tolmasky:

You know, like, I dunno, make the buttons still look like textfields since they used to literally be the URL field, but now just won’t make any sense at all.

Dan Masers:

This still looks like a usability nightmare – I had to check the address bar to figure out which tab was selected. Not to mention, it is aesthetically atrocious.

Sean Heber Heber:

I’m excited to see that Apple is changing the Safari tab situation so much during beta, but at least for macOS, the screenshots I’ve seen still look pretty wrong. There’s no clear hierarchy there and the tab buttons are disconnected from the content. This shouldn’t be so hard.

The hierarchy is wrong. The tabs should be on the top (like b2), but not so close you can’t grab the window and safely move it. The address bar should be inside the space of the active tab and visually connected together. Only the active tab/address bar should be tinted.

Steve Troughton-Smith:

IMO, browser tabs should be attached to their content; it is already excruciating trying to teach tabs to non-technical people, and floating roundrects in a toolbar just makes it worse.

beezischillin:

I might be alone with this but I really dislike Apple increasing the overall height / element margins on the top controls of Safari. They’ve been consistently doing it bit by bit with each new release and it constantly feels like I’m losing screen estate that could be filled with content to bits that are not and that I rarely interact with enough to justify it taking up so much space. I really liked the slim header part of Safari previously, especially switching from Windows and its set of browser design conventions.

• • •

Juli Clover:

Apple today released the third betas of iOS 15 and iPadOS 15, and the company is continuing to refine the suite of new features that are coming in the update. There have been multiple complaints about Safari on iOS, so in the third beta, Apple has introduced some refinements.

Federico Viticci:

In beta 3, the address bar is now docked above the keyboard. There is a new search UI and support for quick website searches too. Getting better!

Peter Steinberger:

The new Safari input method is better; this animation from bottom to top on edit was so attention-grabbing. But ugh look at the clear button clipping! And the animation is a total hack.

Federico Viticci:

Oh my, what happened to Safari in iPadOS 15 beta 3? 😬

Tabs flying around more than before, distracting animations, new tabs now open on the right, but new links don’t every time.

[…]

Having used Safari for iPadOS 15 beta 3 some more, I don’t think any of it makes sense right now. I’d be shocked if it doesn’t revert to previous design like Monterey did.

Marco Arment:

A simple answer to make iOS 15’s Safari more usable and readable, without messing up web content, and keeping the controls on the bottom like in beta 3:

A toolbar.

A standard iOS toolbar.

Fixed in size and place.

No modes.

No content behind or around it.

We have the space.

Adam Bell:

Safari in iOS 15 has this wild new swipe gesture for opening a new tab

Previously:

Update (2021-07-26): Jeff Kirvin (tweet):

As far as the tab crowding in the first iPad screenshot, that’s why if you’ll notice in the other two, I’ve got the tabs split out into a tab group called “Safari.” This, again, is the reason that tab groups and this new UI came out at the same time. They’re designed to be used together to prevent having too many address bars on screen at once by subdividing your pages by subject or some other logical grouping.

This is why I’m depressed that Apple backed off of this on the Mac and from what Gruber was saying, will be backing off on the iPad as well. The new beta 3 interface on the Mac doesn’t make any sense because it has the address bar of the site you’re using on a different line from the address bars of other sites you have open. It breaks the UI logic. The first thing I did when I installed the new Monterey beta was turn that off and revert it all to one line. It’s not so much that I need the vertical space, but I think the new design makes more sense.

Via John Gruber:

There’s a general sense of “everyone dislikes the new Safari designs” and I know that’s not true, even though public sentiment is strongly against them. So even though I don’t find Kirvin’s arguments compelling, I thought it was worth linking to them, because I do think he explains what the designers of the new Safari UIs were shooting for.

That this is the best defense I’ve seen of the Safari 15 redesign makes me more convinced that it was a mistake.

Peter Maurer:

The new tab bar was supposed to save vertical space. But now that the tab bar is separate from the location bar again, the new look actually uses more vertical space. Worst of both worlds!

Federico Viticci:

Just another day being unable to order takeout because iOS 15 Safari’s bottom bar makes this checkout button untappable.

John Gruber:

The arrogance of this design is really something when you consider that all the sites that it breaks are sites that were designed for the way Mobile Safari previously defined the mobile web.

Abner Li:

Chrome for Android tried a similar Safari on iOS 15 redesign years ago, and a designer on that project provided some interesting insight into why Google abandoned it.

See also: The Talk Show.

Wednesday, July 14, 2021 [Tweets] [Favorites]

Weather Strip 1.1

Robin Stewart:

Weather Strip’s groundbreaking week-long hourly view shows you the whole forecast at a glance, so you can more quickly choose the best times to go outside — or check on likely weather for upcoming events and outings.

Via John Gruber:

I’ve never seen weather forecasts presented quite like this. A very glanceable presentation of precipitation chances, cloud cover, and, of course, temperature.

So far it only supports one location at a time, and I’m not sure yet how accurate the forecasts will turn out to be, but I love the core design. It’s easy to see both the outlook for the week and for the next 12 hours. There’s lots of information packed into a clever visual design. The numbers and percentages are also available if you want to see them.

Previously:

Privacy War in the W3C

Issie Lapowsky (Hacker News):

But appealing to antitrust regulators was only one prong in Rosewell’s plan to get Google to delay its so-called Privacy Sandbox initiative. The other prong: becoming a member of the World Wide Web Consortium, or the W3C.

[…]

But what is perhaps more alarming, Soltani and Snyder argue, is that the new entrants from the ad-tech industry and elsewhere aren’t just trying to derail standards that could hurt their businesses; they’re proposing new ones that could actually enshrine tracking under the guise of privacy. “Fortunately in a forum like the W3C, folks are smart enough to get the distinction,” Soltani said. “Unfortunately, policymakers won’t.”

Nick Heer:

The “tech giant” framing of this piece obscures the multisided battle that is going on within these discussions. There are browser vendors — like Apple and Brave — that are more privacy-conscious, but with conflicts of interest, as well as people who advocate for these features with fewer conflicts. There are representatives of the big privacy-hostile tech companies: Google and Microsoft have web browsers, while Amazon and Facebook do not. And then there are ad tech companies that are smaller than the big tech companies but, as I have repeatedly argued, can be almost as creepy.

Previously:

Twitter Changes Fleets and Replies

Ilya Brown (via Hacker News, MacRumors):

We built Fleets as a lower-pressure, ephemeral way for people to share their fleeting thoughts. We hoped Fleets would help more people feel comfortable joining the conversation on Twitter. But, in the time since we introduced Fleets to everyone, we haven’t seen an increase in the number of new people joining the conversation with Fleets like we hoped. Because of this, on August 3, Fleets will no longer be available on Twitter.

July Clover:

Twitter users will soon be able to change who can reply to their tweets after they’ve posted them, the company has announced.

Limiting who could reply to a tweet was already an option, thanks to a feature rolled out last year, but users had to choose who could reply before posting the tweet. Now they can make that decision after the post has gone live.

Previously:

Time Capsule Thermal Flaw

Wesley Hilliard (via gbdoc):

According to a German data recovery company, Datenrettung, the Time Capsule has a design flaw leading to failure and data loss in the aging machines. Golemreports that the German company has seen several Time Capsule failures, all with the same flaw.

[…]

The “parking ramp” is the part of the HDD that connects the drive to the external enclosure. Unfortunately, as the poorly-ventilated Time Capsule heats up, the two materials heat at different rates, leading to eventual wear and destruction of the parking ramp.

The data recovery company suggests that users that rely upon the Apple Time Capsule should seek a new backup solution.

Howard Oakley (Hacker News):

Does your Mac still back up to an Apple Time Capsule? If so, it’s time to replace it, or at the very least its hard disk. The last model, the 802.11ac numbered A1470, is now more than three years old, and the risks of its hard disk failing are climbing every day. All older models, manufactured before 2013, are now running on borrowed time, as they’ve turned eight at least.

[…]

Apple stopped making Time Capsules over three years ago, and there isn’t any strong candidate for their complete replacement. For most, this will mean returning to separate Wi-Fi base station and storage systems.

Replacement storage is the more difficult, and the first question to ask is whether you really want or need networked storage.

Previously:

Tuesday, July 13, 2021 [Tweets] [Favorites]

More Trouble With the Apple Security Bounty

Nicolas Brunner (Hacker News):

In march 2020 I found a way to access a User’s location permanently and without consent on any iOS 13 (or older) device. This seemed like a critical issue to me — especially with Apple’s focus on privacy in the last years.

The report got accepted and the issue was fixed in iOS 14 and I got credited on the iOS 14 security content release notes. However, as of today, Apple refuses any bounty payment, although the report at hand very clearly qualifies according to their own guidelines. Also, Apple refuses to elaborate on why the report would not qualify.

[…]

Right now, I feel robbed. However I still hope, that the security bounty program turns out to be a win-win situation for both parties. In my current understanding however, I do not see any reason, why developers like myself should continue to contribute to it. In my case, Apple was very slow with responses (the entire process took 14 months), then turned me away without elaborating on the reasons and stopped answering e-mails.

Steve Troughton-Smith:

I’m not sure why one of the richest companies in the world feels like it needs to be so stingy with its bounty program; it feels far more like a way to keep security issues hidden & unfixed under NDA than a way to find & fix them.

[…]

If you did have knowledge of some major security flaws, why would you ever submit them to a bounty program if your last 10 submissions went nowhere and took months/years of fruitless email chasing? This stuff should be like clockwork

As an example: did you know any iOS app can read your iCloud account’s full name & email address without any kind of permissions prompt or access to your contacts? What about your phone number? Or recent searches in Photos? I figured this was worth a security report… in 2019

See also: Stop the Medium.

Previously:

Update (2021-07-15): Csaba Fitzl (tweet):

Since Apple started their Apple Security Bounty program I have submitted around 50 cases to their product security team. I thought I will share my experiences working with Apple in the past 2 years. This will be useful to anyone thinking about participating in the program, and will help setting up expectations.

[…]

The issue is that even if you ask for an update, you don’t get any. Often times, it feels like I’m sending emails into a black hole. This is really frustrating. Even a reply like “we don’t have any update at the moment” would be nice, but often times that is also missed.

[…]

Although compared to many programs in H1 or BugCrowd, they are not an outlier here, but some cases can easily go over a year. Especially design issues, which are typically addressed only in the next major release (e.g.: macOS 12). I’m personally tracking 7 such cases.

[…]

Once the issue is fixed Apple will review the case and decide if it’s eligible for a bounty or not. I think this is the worse part of the whole process. This can take extremely long time, I have issues, which were fixed in the initial release of Big Sur (half year ago!) and a decision hasn’t been made yet. […] I think this is the part why you can’t rely on them for living, unless you have a buffer for a year or two.

Update (2021-07-26): Nick Heer:

Apple says that it pays one million dollars for a “zero-click remote chain with full kernel execution and persistence” — and 50% more than that for a zero-day in a beta version — pales compared to the two million dollars that Zerodium is paying for the same kind of exploit.

[…]

Security researchers should not have to grovel to get paid for reporting a vulnerability, no matter how small it may seem. Buy why would anyone put themselves through this process when there are plenty of companies out there paying far more?

The good news is that Apple can get most of the way toward fixing this problem by throwing money at it. Apple has deep pockets; it can keep increasing payouts until the grey market cannot possibly compete. That may seem overly simplistic, but at least this security problem is truly very simple for Apple to solve.

Previously:

Overview of TCC Bypasses by Accident and Design

Phil Stokes (via Hacker News):

Full Disk Access means what it says: it can be set by one user with admin rights and it grants access to all users’ data system-wide. […] When Alice grants FDA permission to the Terminal for herself, all users now have FDA permission via the Terminal as well. The upshot is that Alice isn’t only granting herself the privilege to access others’ data, she’s granting others the privilege to access her data, too.

Surprisingly, Alice’s (no doubt) unintended permissiveness also extends to unprivileged users. As reported in CVE-2020-9771, allowing the Terminal to have Full Disk Access renders all data readable without any further security challenges: the entire disk can be mounted and read even by non-admin users. Exactly how this works is nicely laid out in this blog post here, but in short any user can create and mount a local snapshot of the system and read all other users’ data.

[…]

Because of this complication, administrators must be aware that even if they never grant FDA permissions, or even if they lock down Full Disk Access (perhaps via MDM solution), simply allowing an application to control the Finder in the ‘Automation’ pane will bypass those restrictions. […] Granting FDA in the usual way requires an administrator password. However, one can grant consent for automation of the Finder (and thus backdoor FDA) without a password.

[…]

Administrators need to be aware that TCC doesn’t protect against files being written to TCC protected areas by unprivileged processes, and similarly nor does it stop files so written from being read by those processes.

Previously:

Bypassing TCC By Changing the Environment

Matt Shockley (tweet, Medium):

TCC stores these user-level entitlements in a SQLite3 database on disk at $HOME/Library/Application Support/com.apple.TCC/TCC.db. Apple uses a dedicated daemon, tccd, for each logged-in user (and one system level daemon) to handle TCC requests. These daemons sit idle until they receive an access request from the OS for an application attempting to access protected data

[…]

Obviously being able to write directly to the database completely defeats the purpose of TCC, so Apple protects this database itself with TCC and System Integrity Protection (SIP). Even a program running as root cannot modify this database unless it has the com.apple.private.tcc.manager and com.apple.rootless.storage.TCC entitlements. However, the database is still technically owned and readable/writeable by the currently running user, so as long as we can find a program with those entitlements, we can control the database.

[…]

Essentially, when the TCC daemon attempts to open the database, the program tries to directly open (or create if not already existing) the SQLite3 database at $HOME/Library/Application Support/com.apple.TCC/TCC.db. While this seems inconspicuous at first, it becomes more interesting when you realize that you can control the location that the TCC daemon reads and writes to if you can control what the $HOME environment variable contains. […] Thus, I could set the $HOME environment variable in launchctl to point to a directory I control, restart the TCC daemon, and then directly modify the TCC database to give myself every TCC entitlement available without ever prompting the end user.

So SIP is still protecting the normal path, but the system relies on tccd, which has been redirected to a different path. Apple fixed this 4.5 months later, in July 2020.

Patrick Wardle:

TCC continues to be a massive pain in the butt for legitimate software/app developers.

...but for hackers? Yah, not so much at all 😭😭😭😭😭

For example (as a legitimate soft dev), how can my updater tell if my app was already granted certain TCC privileges (so I don’t have to re-prompt the user)?

And why do I have to manually restart TCCd to avoid a myriad of (broken) caching issues?

Previously:

Gatekeeper LaunchAgents Bypass

Csaba Fitzl:

On macOS Mojave Gatekeeper only verifies executables, which are run with the open command or the user double clicks. It won’t verify files, that are executed through other means like, directly executing a binary ./myapp regardless of the quarantine attribute. If you can place a plist file inside LaunchAgents/LaunchDaemons, the command inside will also be executed. Prior to Catalina there is a way to trick users to drag & drop files in the LaunchAgents folder.

On macOS Catalina lot has changed, the most notable one regarding gatekeeper is that it will verify files when executed via classic ‘exec’ methods.

I don’t think that the suggested drag install trick works because it’s impossible to make a single symlink for every user’s home folder, each of which has a different username.

TeamViewer Local Privilege Escalation Vulnerability

Csaba Fitzl (tweet):

This is a rather old vulnerability I found in TeamViewer back in 2020, and reported it through VCP/iDefense. TeamViewer fixed the vulnerability last November[…]

The TeamViewer macOS client used a PrivilegedHelperTool named com.teamviewer.Helper to perform specific tasks that require root permissions. Back in 2020 it used a deprecate model to perform IPC communication, called Distributed Objects. It was wide open, and any client could invoke the remote object’s functions, and some of those lead to direct privilege escalation.

Previously:

Monday, July 12, 2021 [Tweets] [Favorites]

States v. Google Play Store

Jon Porter (Hacker, News, MacRumors):

Google used anticompetitive practices in an attempt to “preemptively quash” Samsung’s Galaxy Store, and prevent it from becoming a viable competitor to its own Play Store. That’s according to an antitrust lawsuit filed by a coalition of three dozen state attorney general, which accuses Google of illegally attempting to control app distribution on Android. The suit also alleges Google paid off app developers to stop them circumventing its store.

The allegations challenge one of Google’s core defenses of its policies, which is that unlike Apple’s iOS rules, Android allows both competing app stores and side-loading apps directly. The lawsuit is effectively claiming that this openness is a facade, because while customers technically have the choice of where to get their apps from, Google’s business practices have prevented a viable app store competitor from emerging.

Makena Kelly and Russell Brandom:

The lawsuit, filed by 36 states and Washington, DC, in California federal court, challenges Google’s policy forcing Google Play app developers to pay a 30 percent commission fee on sales made through the app. Google recently expanded the fees to cover more digital goods purchased on the Play Store, taking particular aim at a number of prominent apps that had previously been able to sidestep the tax. The full complaint, which you can view here or at the bottom of this article, lists the defendants as Google, Alphabet, and subsidiaries in Ireland and Asia.

Dieter Bohn:

Pre-installing apps and not allowing companies or users to delete them is a classic carrier move.

Later this year, streaming apps will have to offer Google in-app purchases. If they don’t, they’re disallowed from even hinting that there are other ways to subscribe outside the Play Store.

Just like on iOS.

Florian Mueller:

The fact that Epic’s and the class-action plaintiffs’ complaints are going to be amended, while 36 states take action as well (and in the same district, the Northern District of California), makes it likely that Judge Donato will consolidate all of those cases pretty soon. And then Google will have to take on not only Epic Games and the class-action plaintiffs but also 36 states at the motion-to-dismiss stage.

[…]

The damage that Google has been doing and continues to do to customer choice, competition, and innovation with its Google Play terms and policies becomes clearer and clearer. For example, the state AGs note that Google even tried to bully Samsung into giving up its Galaxy Store in the sense of just allowing Samsung to let it look like a Galaxy Store, while actually letting Google run it all (including in-app payments, of course). If Samsung had agreed to that “white-label” approach, Samsung’s customers wouldn’t have access to Fortnite now after Google threw it out of the Google Play Store last summer.

Dieter Bohn:

Here’s Google’s initial response to the lawsuit in blogpost form. It’s a classic in the “we are confused this is so strange why is anybody mad?” genre

Previously:

Apple’s Camera Design Choices

System Plus Consulting (PDF, via Hacker News):

This report aims to offer insight into the physical and cost evolution of the camera modules and CMOS image sensors in the last six years of Apple flagship smartphones.

The analysis covers the rear and front-facing RGB camera modules as well as the front-facing Near Infrared (NIR) module. This includes the complete structure, design, and all components of the camera modules. It covers the dimensions, technology nodes and stacking technology in the CMOS image sensors.

[…]

All rear sensors have 12 megapixels (Mp) despite the trend among other leading OEMs to go as high as 108 Mp. This has allowed Apple to sometimes retain image sensors between iPhone generations while improving camera performance from module upgrades and algorithm tweaks.

Update (2021-07-15): Rob Jonson:

DXOMARK have a shootout amongst their top scoring cameras. The winner in the zoom category is the Samsung using a dedicated 64MP tele lens.

It’s a pretty clear win.

Dynamic Libraries Bypass Gatekeeper

Csaba Fitzl:

Patrick Wardle had a talk a couple of years ago about GK issues, which can be found here: Gatekeeper Exposed He showed that during that time someone could bypass GK with loading a dylib external to the main application.

[…]

The problem is that an attacker can load a dylib through other means as well, using the deprecated NSCreateObjectFileImageFromMemory API.

[…]

I found this odd behavior when I wrote about screensavers for my Beyond the good ol’ LaunchAgents series. I noticed that if I place a downloaded screensaver in its location, it will be loaded without any user prompts, which was really weird as I expected GateKeeper to shout in my face.

[…]

Shared libraries, like dylibs, frameworks, plugins, etc… will be loaded by macOS without any user prompt if they were notarized. This bypasses Gatekeeper effectively as an attacker has plenty of options to get the user to drag and drop a plugin to a certain location, or drag and drop a framework to an existing application overwriting a previous one. Once the shared library is in its place it can be loaded.

Update (2021-07-15): Csaba Fitzl:

Ok, so this only works if LV is disabled. Basically this allows you to “install” any system plugin like screensaver, colorpickers, etc… without prompting the user. This is just 1 option but you can get really creative.

This is referring to the com.apple.security.cs.disable-library-validation entitlement. Screensaver plug-ins, at least, are sandboxed, though they can access the network.

Previously:

Gatekeeper and File Quarantine Bypass

Zack Whittaker:

Over the years, Macs have adapted to catch the most common types of malware by putting technical obstacles in their way. Indeed, macOS flags potentially malicious apps masquerading as documents that have been downloaded from the internet. And if macOS hasn’t reviewed the app — a process Apple calls notarization — or if it doesn’t recognize its developer, the app won’t be allowed to run without user intervention.

But security researcher Cedric Owens said the bug he found in mid-March bypasses those checks and allows a malicious app to run.

Owens told TechCrunch that the bug allowed him to build a potentially malicious app to look like a harmless document, which when opened bypasses macOS’ built-in defenses when opened.

Patrick Wardle (Hacker News):

This bug trivially bypasses many core Apple security mechanisms, leaving Mac users at grave risk[…]

[…]

…and especially worrisome, turns out malware authors are already exploiting it in the wild as an 0day.

[…]

The core of the blog post digs deep into the bowels of macOS to uncover the root cause of the bug. In this section, we’ll detail the flaw which ultimately results in the misclassification of quarantined items, such as malicious applications. Such misclassified apps, even if unsigned (and unnotarized), will be allowed to run uninhibited. No alerts, no prompts, and not blocked.

[…]

Finally, we’ll wrap things up with a brief discussion on protections, most notably highlighting the fact that BlockBlock already provided sufficient protection against this 0day.

Jaron Bradley:

The details behind how the vulnerability can be abused by attackers are:

  1. An attacker manually crafts an application bundle by using a script as the main executable. (example: myapplication.app/Contents/MacOS/myapplication where “myapplication” is a bash script). For this to work, the script name must match the application name and they must not create an Info.plist file.
  2. The application can then be placed in a dmg for distribution.
  3. When the dmg is mounted and the application is double-clicked, the combination of a script-based application with no Info.plist file executes without any quarantine, signature or notarization verification. This will work on any system running macOS versions 10.15 to 11.2.

It’s fixed in macOS 11.3.

Lorenzo Franceschi-Bicchierai:

An Apple spokesperson said that the company deployed rules to detect malware abusing this bug to its anti-virus app XProtect. These rules are automatically installed in the background, meaning all MacOS devices, including those running older versions of MacOS will get this protection as well.

Previously:

Friday, July 9, 2021 [Tweets] [Favorites]

Pulse Network Logger Goes Open Source

Alex Grebenyuk (tweet):

Pulse is a powerful logging system for Apple Platforms. Native. Built with SwiftUI.

Record and inspect network requests and logs right from your iOS app using Pulse Console. Share and view logs in Pulse macOS app. Logs are recorded locally and never leave your device. Learn more at kean.blog/pulse.

This looks like a good project if you want to see SwiftUI in action.

Previously:

Open-sourcing the Micro.blog Apps

Manton Reece:

I’ve been thinking a lot lately about the longevity of Micro.blog and where we need help to continue to grow the platform and community. As we approach 4 years since the public launch, there are some parts of the platform and supporting services that should be shared more widely, so that I’m not the bottleneck on every little change.

As a next step, all the native apps for iOS and macOS are now open source, available on GitHub[…]

See also: Core Intuition.

Apple Music Lobotomizes Siri

Dave Scocca:

I have an iTunes library of almost 15,000 songs, mostly ripped from my CDs but with a number of iTunes store purchases. I have a 256 GB iPhone to allow me to have my music with me, and my new-ish Civic has CarPlay. It used to be great–I could use either the car’s voice control button or (later) “Hey Siri” and request music and have it played.

Since activating Apple Music, that process has gone completely to hell. Siri seems to have no idea of what music might actually be stored on the phone. At first, I could play an album using the phone controls or the CarPlay interface, but if I asked Siri to play the exact same album I would be told that it couldn’t be played because I didn’t have cellular data enabled for music streaming. I have tried adding the words “from my library” to various places in my requests to Siri, and it generally does nothing.

If I ask for a specific song, I can often get it–but after the song, instead of continuing on with the album, it goes to whatever the Apple Music algorithm might think is appropriate.

If I ask for one of my specific playlists, using a phrase like “Play the playlist ‘Five Star’ from my library, shuffled”, Siri goes to Apple Music and shuffles something called “Kill Rock Stars/5RC Experimental”.

Previously:

Woz on Right to Repair

Derek Wise (Hacker News):

Apple is often brought up when talking about right to repair, usually in reference to their anti-repair practices. In response to a Cameo request, Steve Wozniak spoke for almost 10 minutes on the importance of right to repair and how it has impacted his life.

[…]

He then focused on the way that Apple, at its founding, was positively impacted by the open schematics of the time. “When starting Apple, I could never afford a teletype for input and output.” He then spoke about how he was able to use a tv to output the signals. “That all came from being able to repair things, modify them, and tap into them yourself.”

Moving on from his own repair experience, he questioned, “why stop the self-repair community? Why stop the right to repair people? Look at the Apple II. It shipped with full schematics… this product was the only source of profits for Apple for the first ten years of the company.”

The video is here.

See also: Mixerology.

Previously:

Update (2021-07-13): Jesper:

You can do this with multiple ton vehicles, often filled with tens of gallons of flammable propellant just to make things interesting, but also with separate computer networks, tight clearances and miniaturized components out the wazoo.

Why you should not be able to do this with mobile phones and tractors has only ever had one honest answer[…]

Migrating 2FA Codes From Authy to iCloud Keychain

Dan Moren:

Nice as it would be if Apple’s new system could simply import all your codes from Authy—or other apps like Google Authenticator—it doesn’t seem as though that’s an option for that at present, which isn’t entirely surprising given the security issues involved.

[…]

I found a tip that lets you easily display all of your time-based one-time password (TOTP) setup keys from Authy using the Authy Desktop app for Mac and Google Chrome.

The end result was that I spent about an hour laboriously copying each setup code into the appropriate password entry in the Safari Technology Preview’s Password section and—just to be on the safe side—logging in to each website to make sure it worked.

I’m interested in using this feature to enter 2FA codes more easily and to sync them using iCloud Keychain, but testing it out is giving me doubts:

Previously:

Update (2021-07-09): Dave Wood:

I’m surprised Apple even added this as a feature. Just like storing 2FA codes in 1Password, it’s no longer 2FA if both factors are stored together.

Another Western Digital 0-Day

Brian Krebs (Hacker News):

But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can’t or won’t upgrade to the latest operating system.

At issue is a remote code execution flaw residing in all Western Digital network attached storage (NAS) devices running MyCloud OS 3, an operating system the company only recently stopped supporting.

[…]

But according to Domanski, OS 5 is a complete rewrite of Western Digital’s core operating system, and as a result some of the more popular features and functionality built into OS3 are missing.

[…]

Domanski said MyCloud users on OS 3 can virtually eliminate the threat from this attack by simply ensuring that the devices are not set up to be reachable remotely over the Internet. MyCloud devices make it super easy for customers to access their data remotely, but doing so also exposes them to attacks like last month’s that led to the mass-wipe of MyBook Live devices.

Western Digital remains my favorite brand for bare hard drives. They have consistently good reliability, prices, and quiet operation. But we keep being reminded to stay away from their software.

Previously:

Thursday, July 8, 2021 [Tweets] [Favorites]

Generic Test Classes in Xcode 12.5

Jon Reid:

Once or twice in my career, I’ve written an abstract test suite as a superclass, where the subclasses provide some sort of factory method. Then all the test cases in that suite get repeated for the specific instances.

I do this all the time. It’s useful when I’m making a new, optimized version of a class and want to make sure it passes all the same tests as the original. And sometimes I need multiple implementations because certain APIs are broken on certain versions of the operating system.

Maybe you’ve wanted to repeat the same tests for a different object. For example, you may want to run the same test cases over different types that implement a protocol. Maybe you tried defining a generic XCTestCase, hoping to reuse the test suite across a few types. If you tried this before, you know that it didn’t work. XCTest uses introspection and follows specific rules to gather test cases and test suites. It didn’t pick up anything generic.

But Xcode 12.5 adds support for generic test suites. Here’s how it works. Write a generic subclass of XCTestCase.

[…]

And unlike the days when I did this with a quasi-abstract base class, XCTest will not run any tests for the top-level generic suite.

This is great. Also, note that in simpler cases his example with a factory method:

class AbstractSuite<T>: XCTestCase { … }
class OneClassTests: AbstractSuite<OneClass> {
    override func makeSpecificObject() -> OneClass? {
        /* Make instance of OneClass*/
    }
}

is more than you need. I often want to test a family of classes that all follow the same interface I. Then you can just do:

class AbstractSuite<T: I>: XCTestCase { … }
class OneClassTests: AbstractSuite<OneClass> {}

and have the base class call T() directly. The subclasses don’t need any code.

Previously:

Panic’s 2016 App Store Feedback

Internal Tech Emails:

Panic’s @cabel shares App Store thoughts with Phil Schiller

Some of these sentences seem very familiar, so I wonder if this e-mail has been published before, though I can’t seem to find the link. In any event, what a good communicator Cabel Sasser is. His first point about App Store–induced stress reminds me of what Rich Siegel has spoken about, and that situation hasn’t changed. Most of the other points are also still valid today, although Apple did add a limited way to reply to customer reviews, and subscriptions make it possible—albeit curiously difficult—to implement trials without having to keep purchasing “‘fuel’ to keep the Transmit truck rolling.”

Previously:

Microsoft’s April 1998 Meeting With Steve Jobs

Internal Tech Emails has an interesting letter from Microsoft’s Ben Waldman that discusses negotiations over ClarisWorks (Apple agreed not to advertise their own product and instead preload a video promoting Microsoft Office), QuickTime, and Internet Explorer (bundling and promoting it in exchange for Microsoft having it ready when Mac OS X shipped).

The meeting took place the month before WWDC, where Apple would announce that Rhapsody was becoming Mac OS X and that Carbon would be added. Waldman writes:

Of course, this won’t be positioned as Rhapsody cancellation -- they’ll say that you’ll still have OpenStep/Yellow Box, and be able to run it on Windows, and on MacOS, except that will be one year later, and that Apple will do the “right thing” and preserve peoples’ investment in MacOS, while still providing an advanced UI runtime for people who want it (and it will still be accessible from Java). While Rhapsody required developers to do a lot of work to get pre-emption and protection, in this scenario, Apple does “95% of the work.” Later, however, in a smaller group, I asked Steve point blank if he’d ever believed in Rhapsody, and he said “no,” adding something about his duty being to NeXT shareholders.

The way I’ve heard the story told before, Carbon wasn’t part of the plan until Scott Forstall argued for it after key developers rebelled at the idea of rewriting in Cocoa. But perhaps something like that was always at the back of Jobs’ mind. It’s not clear to me when work on it started.

At the time, Apple apparently hoped to get Mac OS X running on PowerPC 604 Macs with 32 MB of RAM, but it officially shipped requiring at least a G3 and 128 MB of RAM.

Previously:

Update (2021-07-15): See also: Hacker News.

WWDC 2014 Video With Larry David

Sam Henri-Gold:

today’s vibe: scrapped WWDC 2014 intro film feat. Larry David, JB Smoove, and Evan Spiegel

See also: YouTube.

John Gruber:

One joke that might have played as funny in 2014 but wouldn’t in 2021 is the central conceit of the video — that Apple’s head of app review is a capricious jerk who makes approval decisions based on inscrutable whims.

I don’t think that would ever have gone over well.

Previously:

Wednesday, July 7, 2021 [Tweets] [Favorites]

Backblaze Computer Backup 8.0

Yev Pusin:

Our latest version is pretty great: It cranks up the speed—letting you upload at whatever rate your local system can attain—all while reducing stress on key elements of your computer by an order of magnitude.

[…]

We’ve also re-architected the way we handle file copies. In our previous 7.0 version of Backblaze Computer Backup, the client app running on your laptop or desktop made a copy of your file on your hard drive before uploading it. In version 8.0, this step has been removed. Now the client reads the file, encrypts it in RAM, and uploads it to the Backblaze data center. This results in better overall system performance and a reduction in strain on HDDs and SSDs on your laptops and desktops.

What about large files that don’t fit in RAM or that would use more RAM than you want? This seems like the perfect time to use an APFS file clone to ensure a consistent snapshot of the data.

In version 8.0, you’ll get more information about what is getting uploaded and when. When we transfer large files, sometimes the app will appear to “hang” on uploading a part of that file, when in reality that file’s already been transmitted and we’re starting to work on the next batch of files. The UI will now reflect upload status more clearly.

The most important question for me is, if the UI reports that the upload is complete, does that actually mean that the file exists on Backblaze’s server and that it can be restored? Or, as with previous versions, does it require additional information to be uploaded by the client over the next 1–8 hours?

And, secondly, does this update address the longstanding issues with large bzfileids.dat files?

iOS: Closing of the Frontier

Francisco Tolmasky:

I think the @AppStore may represent a “Closing of the Frontier” moment (in the American history “Frontier Thesis” sense) that may in part explain the dramatic slowdown in UI and UX innovation in iOS (and even more so in iPadOS) following the iPhone’s initial dramatic launch.

It’s no secret that macOS has… borrowed many of its now familiar workflows from 3rd party devs. Spotlight (Watson and QuickSilver), Widgets (Konfabulator), and iCloud Drive (Dropbox) to name just a few. And to be clear, this a good thing and has generally been wll received.

The key thing here is that these utilities started on the “fringe”… the frontier.

[…]

And IMO a big reason for that is because there’s no “frontier” for enthusiasts to experiment and possibly break into the mainstream. Innovation can only come from Apple, where changes are riskiest. The ecosystem has no way to derisk through organic growth in the market.

And jailbreaking doesn’t (and can’t) serve this role. It’s a big scary binary switch (that is constantly being mitigated by Apple). You can’t install “one well known cool system extension.” There’s either jailbreaking your phone, or not.

No one can invent the next Dropbox on iOS, and perhaps not even on Android. I guess the frontier is now the desktop platforms, but do they have enough mindshare for the next big thing to break through?

Tanner Bennett:

On iOS, the features they take come from jailbreak tweaks.

• Control center was SBSettings
• BiteSMS had quick reply before iOS
• PredictiveKeyboard (obvious)
• Someone delivered multitasking before  did, but it’s a stretch to call that a Sherlock; same with dark mode

It’s actually crazy how many things the community beat Apple to, year after year. Most of them are obvious steps forward, but still a lot of them are definite Sherlocks.

Dan Grover:

Even before “Sherlocking” became a verb, like half of System 7.5 was random 3P hacks that Apple bought out -- including the menubar clock! Sandboxed app stores were a faustian bargain: less stuff to Sherlock, but it bridged gap and made regular users behave more like power users.

Previously:

GitHub Copilot and Copyright

Rian Hunter (via Hacker News):

I do not agree with GitHub’s unauthorized and unlicensed use of copyrighted source code as training data for their ML-powered GitHub Copilot product. This product injects source code derived from copyrighted sources into the software of their customers without informing them of the license of the original source code. This significantly eases unauthorized and unlicensed use of a copyright holder’s work.

Julia Reda (tweet):

Since Copilot also uses the numerous GitHub repositories under copyleft licences such as the GPL as training material, somecommentators accuse GitHub of copyright infringement, because Copilot itself is not released under a copyleft licence, but is to be offered as a paid service after a test phase. The controversy touches on several thorny copyright issues at once. What is astonishing about the current debate is that the calls for the broadest possible interpretation of copyright are now coming from within the Free Software community.

[…]

In the US, scraping falls under fair use, this has been clear at least since the Google Books case.

[…]

The short code snippets that Copilot reproduces from training data are unlikely to reach the threshold of originality. Precisely because copyright only protects original excerpts, press publishers in the EU have successfully lobbied for their own ancillary copyright that does not require originality as a precondition for protection. Their aim is to prohibit the display of individual sentences from press articles by search engines.

[…]

On the other hand, the argument that the outputs of GitHub Copilot are derivative works of the training data is based on the assumption that a machine can produce works. This assumption is wrong and counterproductive. Copyright law has only ever applied to intellectual creations – where there is no creator, there is no work. This means that machine-generated code like that of GitHub Copilot is not a work under copyright law at all, so it is not a derivative work either.

Luis Villa:

“independent creation” is a doctrine in US law that protects you if you write the same thing without knowing about the first thing. May or may not apply here, but I mention it because it is non-intuitive and speaks directly to “but what if the code is the same”.

There is an observable trend in US law, based on fair use and older notions in US copyright law of the need for creativity, that judges give a looooot of leeway to “machines that read”. Copilot fits pretty squarely in that tradition.

[…]

Article 4 of the 2019 Directive seems to clearly make Copilot’s training unambiguously legal in the EU, but authors can explicitly opt out.

[…]

Note that this is an interesting example of what I wrote about in the context of databases, where rights are not the same across countries, making it hard to write a generic global license.

James Grimmelmann:

Almost by accident, copyright law has concluded that it is for humans only: reading performed by computers doesn’t count as infringement. Conceptually, this makes sense: Copyright’s ideal of romantic readership involves humans writing for other humans. But in an age when more and more manipulation of copyrighted works is carried out by automated processes, this split between human reading (infringement) and robotic reading (exempt) has odd consequences: it pulls us toward a copyright system in which humans occupy a surprisingly peripheral place. This Article describes the shifts in fair use law that brought us here and reflects on the role of robots in copyright’s cosmology.

[…]

Infringement is for humans only; when computers do it, it’s fair use.

Previously:

GitHub Support just straight up confirmed in an email that yes, they used all public GitHub code, for Codex/Copilot regardless of license.

Adam Jacob:

Those of us who remember when open source was the novel underdog, allowing us to learn, grow, and build things our proprietary peers could not - we tend to see the relationship to corp $ in OSS as a net benefit, pretty much always.

That’s because we remember when it wasn’t so, and it took a lot of work to make it legit. But if you started your career with that as the ground truth, you’re much more likely to see the problematic aspects of it; that your open code can be used by folks in ways you dislike.

GitHub Copilot and API Keys

Mohammed Abubakar:

For starters, it’s an assistant that can help you with better code suggestions, but it has been recently brought to notice that the AI is leaking API keys that are valid and still functional.

First reported by a SendGrid engineer, he asked the AI for the keys, and it showed them.

Linus Groh:

@GitHubCopilot gave me a staging.airbnb.com/api link with a key that still works (and stops working when changing it), so...

Airbnb haven’t noticed they leaked that somewhere OR GitHub is feeding private code to Copilot OR somehow it’s intentionally public.

Previously:

Software Vulnerabilities in the Boeing 787

Ruben Santamarta (PDF):

IOActive has documented our detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

Andy Greenberg (Hacker News):

IOActive’s attack claims—as well as Honeywell’s and Boeing’s denials—are based on the specific architecture of the 787’s internals. The Dream liner’s digital systems are divided into three networks: an Open Data Network, where non-sensitive components like the in-flight entertainment system live; an Isolated Data Network, which includes somewhat more sensitive components like the CIS/MS that IOActive targeted; and finally the Common Data Network, the most sensitive of the three, which connects to the plane’s avionics and safety systems. Santamarta claims that the vulnerabilities he found in the CIS/MS, sandwiched between the ODN and CDN, provide a bridge from one to the other.

But Boeing counters that it has both “additional protection mechanisms” in the CIS/MS that would prevent its bugs from being exploited from the ODN, and another hardware device between the semi-sensitive IDN—where the CIS/MS is located—and the highly sensitive CDN. That second barrier, the company argues, allows only data to pass from one part of the network to the other, rather than the executable commands that would be necessary to affect the plane’s critical systems.

[…]

But even granting Boeing’s claims about its security barriers, the flaws Santamarta found are egregious enough that they shouldn’t be dismissed, says Stefan Savage, a computer science professor at the University of California at San Diego, who is currently working with other academic researchers on an avionics cybersecurity testing platform. “The claim that one shouldn’t worry about a vulnerability because other protections prevent it from being exploited has a very bad history in computer security,” Savage says. “Typically, where there’s smoke there’s fire.”

Via Bruce Schneier:

This being Black Hat and Las Vegas, I’ll say it this way: I would bet money that Boeing is wrong. I don’t have an opinion about whether or not it’s lying.

Previously:

Tuesday, July 6, 2021 [Tweets] [Favorites]

Apple to Decentralize From Silicon Valley

Mark Gurman:

Just a few years after completing the multibillion-dollar Apple Park headquarters in Cupertino, California, Apple Inc. is ramping up efforts to decentralize out of Silicon Valley. I’m told that executives at the highest levels of the company recognize that hiring and retaining talent will be one of the biggest challenges to its future success, and reducing its reliance on the Valley is a key step in mitigating that issue.

Apple has traditionally operated on the principle that ambitious technologists yearn for a place in Silicon Valley where they can put their mark on the next iProduct. The company’s top brass for years fought against decentralization. But that thinking has changed for several reasons based on what I’ve heard from Apple employees.

[…]

Some members of Apple’s executive team had been pushing to decentralize out of Cupertino for years before a fuller realization came into place more recently. Johny Srouji, Apple’s head of custom silicon, was one of the strongest proponents of such a shift, I’m told. His group opened up offices in Florida, Massachusetts, Texas, Israel and parts of Asia years ago. It has since expanded in Germany, Oregon and San Diego.

Eddy Cue, Apple’s online services chief, has also pushed for decentralization, investing in multiple Los Angeles offices and a location in Nashville. The chief operating officer, Jeff Williams, has internally discussed the cost benefits of a more global workforce, and Deirdre O’Brien, the retail and HR chief, has evangelized for the diversity benefits.

Tim Hardwick:

The company is said to be “losing talent” because employees are struggling to afford the high cost of living in the San Francisco Bay Area, despite being high earners by most standards.

Previously:

Audacity’s New Privacy Policy

Tim Hardwick:

Two months ago, Audacity was acquired by Muse Group, which owns other audio-related projects including the Ultimate Guitar website and the MuseScore app. According to Fosspost, changes to the privacy policy section on the Audacity website indicate that several personal data collection mechanisms have since been added by the parent company.

Audacity:

Personal Data we collect

  • OS version [I presume they mean App version.]
  • User country based on IP address
  • OS name and version
  • CPU
  • Non-fatal error codes and messages (i.e. project failed to open)
  • Crash reports in Breakpad MiniDump format
  • Data necessary for law enforcement, litigation and authorities’ requests (if any)

The first four are pretty common for Mac apps to collect without opt-in, as part of a software update check. I don’t think IP addresses really count as personal data if they are not linked with other identifying information. Otherwise, anyone with a Web site who didn’t disable logging would be considered to be collecting personal information.

I don’t think error codes or crash reports should be collected without the user opting in.

The last item has people worried, but I’m not really sure what it means. You could imagine that Audacity is collecting information about which audio files you’re editing and making that available to companies who want to sue for copyright infringement. Or it could just be boilerplate saying that Audacity will comply with lawful requests for the not very personal information that it is collecting anyway. Whether or not it’s spelled out in a privacy policy, most companies probably don’t have a choice about that.

workedintheory:

We believe concerns are due largely to unclear phrasing in the Privacy Policy, which we are now in the process of rectifying.

See also: Reddit, Hacker News, 2, 3.

Update (2021-07-07): Syenta:

I have already uninstalled it and cleared out the %AppData% folder where I found the LastLog which listed:

Kalk = A calculator
WindowsApps
OpenSSH
Powershell
Python

None of which are in @getaudacity folder Why would you list things not used by Audacity like Kalk

Shoshana Wodinsky (via Nick Heer):

First came plans to add telemetry capture. Then came a new contributor license agreement. Then last week came a privacy policy update that some Audacity die-hards say turns the software into “spyware.” But Audacity isn’t “spyware”—if only because virtually every app we use is some form of spyware these days.

[…]

Ray adds that its data collection is “very limited” and only includes “pseudonymized” IP addresses that are “irretrievable after 24 hours,” system information that includes “OS version and CPU type,” and optional error report data—not users’ microphone recordings or personal details.

[…]

Also worth mentioning here is that some of the other products under the Muse Group umbrella—like the music notation software MuseScore—feature nearly identical privacy policies, which suggests the parent company just updated Audacity’s policies for some consistency across its catalog. But that doesn’t excuse the piss-poor wording on its original draft, which Ray swears will be “revised” soon enough.

cookiengineer (via Hacker News):

Stepdown as Maintainer of this Fork

Disclaimer: I really thought long about this, and I haven’t slept in two days due to ongoing harassments of 4chan.

As the first people were literally arriving at my place of living, where they knocked on my doors and windows to scare us, I am hereby officially stepping down as a maintainer of this project.

I don’t understand how this escalated.

Update (2021-07-14): Tom Nardi (via Hacker News):

While there was still a segment of the Audacity userbase that was skeptical about remote analytics being added into a program that never needed it before, representatives from the Muse Group seemed to be listening to the feedback they were receiving. Keary assured users that plans to implement telemetry had been dropped, and that should they be reintroduced in the future, it would be done with the appropriate transparency.

Unfortunately, things have only gotten worse in the intervening months. Not only is telemetry back on the menu for a program that’s never needed an Internet connection since its initial release in 2000, but this time it has brought with it a troubling Privacy Policy that details who can access the collected data. Worse, Muse Group has made it clear they intend to move Audacity away from its current GPLv2 license, even if it means muscling out long-time contributors who won’t agree to the switch. The company argues this will give them more flexibility to list the software with a wider array of package repositories, a claim that’s been met with great skepticism by those well versed in open source licensing.

Boop 1.3.1

Ivan Mathy (via Matt Birchler):

Sometimes you need to do something, and it’s just way easier to Google something like “json formatter online” and paste your data into whatever the first result is. It’s not your fault Xcode prints out escaped strings. And who knows how to get the character count in Terminal? I mean why would that access token be URL encoded? Speaking of, does that JWT look base 64 encoded to you? Also that JSON response is one big line it’s really hard to read. Oh boy, that XML document is just a complete mess. I wonder what the MD5 for the password I use everywhere is? Oh, here we go, md5generator dot com, you’re my savior!

JUST BOOP IT ALREADY.

I tend to do these sorts of things in BBEdit by writing a text filter script and invoking it using the LaunchBar-style Commands window. But Boop seems like a nice, single-purpose app with a convenient interface and lots of transformations built in. It’s open source and extensible via JavaScript.

Didi Chuxing Removed From Chinese App Store

Tim Hardwick:

Apple has been informed by China’s cyberspace regulator that it must remove the Didi Chuxing ride hailing app from the Chinese App Store following concerns about the Uber rival’s possible misuse of personal data.

The app in question is owned by Didi Global, which Apple has $1 billion invested in. Bloomberg reports that the ban was announced on Sunday by the Cyberspace Administration of China, citing serious violations on the company’s collection and usage of personal information, without going into detail.

Previously:

Monday, July 5, 2021 [Tweets] [Favorites]

Brickit

Jason Kottke (also: David Pogue, Hacker News):

A new iOS app called Brickit has been developed to breathe new life into your old Lego pile. Just dump your bricks out into a pile and the app will analyze what Lego bricks you have, what new creations you can build with them, and provide you with detailed build instructions. It can even guide you to find individual pieces in the pile. View a short demo — I’m assuming they’re using some sort of AI/machine learning to do this?

This is a great idea. I wasn’t able to really test it out because most of our bricks are Duplo, which it doesn’t support. It was able to count the loose Lego bricks but didn’t have any suggestions for what to make with them.

Brave Search Public Beta

Yan Zhu:
the new search engine we’ve been working on at @brave is now in public beta! search.brave.com
  • we don’t track clicks or queries
  • we don’t profile you
  • for localized results, we only use IP and don’t store it
  • we show you what % of results are served from our own index
Brave:
Brave Search uses its own index, but also ensures fully anonymous search, is transparent in how search results are ranked, and integrates with a privacy-preserving browser on desktop and mobile – an across-the-board combination of independence and privacy which no other provider offers. For a detailed comparison of Brave Search versus other search engines, please see our side-by-side chart here. […] Brave Search is not displaying ads during this early part of the beta phase,
John Gruber:
Biggest thing I dislike about Brave Search is the font. It’s a typeface called Poppins that, almost unbelievably, is a free font from Google.
That and it feels slow. The search results seem OK, though. Not as good as Google, but at least in my early testing it’s comparable to DuckDuckGo/Bing, which is a promising start. The main issue for me is that there’s no built-in way to set Brave Search as the default in Safari, though you can use it as a secondary serach engine or via LaunchBar. Previously:

Update (2021-07-09): Adam Engst:

Put bluntly, Ecosia failed. It’s not that it didn’t work, nor did it always provide poor results. But too often, I’d find myself questioning its results or knowing they weren’t what I wanted. Ecosia relies on Bing, just like DuckDuckGo (which I’ve tried and discarded in the past as well), so I gave up and went back to Google. I’m all in favor of privacy, but not at the expense of frequent search failures. […] When Brave first released Brave Search in private beta, I jumped at the chance to try it. And you know what? It was pretty darn good. Now and then, I’d find myself sending a search directly to Google after Brave Search didn’t find what I wanted, but it passed the annoyance test that Ecosia and DuckDuckGo had failed. […] The Goggles proposal is interesting and worth a read. In essence, it offers a way to create a plurality of rankings rather than require users to submit to a single ranking, even one that attempts to personalize itself to their desires. […] We can hope that Apple adds Brave Search to Safari’s search engine list soon—I’ve submitted it as a suggestion via Apple’s Feedback Assistant app, and I’d encourage others to do the same.

PDFpen Acquired for $6 Million

Sam Chandler:

Today, I’m excited to announce Nitro’s acquisition of PDFpen, the much-loved suite of PDF productivity apps for Mac, iPad and iPhone developed by Smile, Inc.

[…]

With the acquisition of PDFpen, we have found the perfect complement and addition to extend the Nitro Productivity Platform to even more customers and users. The PDFpen team has deep roots in developing intuitive, easy-to-use and highly popular apps for Mac, iPad and iPhone users, and we’re thrilled to be adding their expertise to expand Nitro’s core capabilities across those platforms. And, we’re just as excited to welcome the phenomenal PDFpen team to the Nitro family. Together, we share common values, an intense focus on the customer and a relentless passion to transform how the world works with documents.

Smile:

We are excited to announce the acquisition of PDFpen by Nitro. We at Smile believe Nitro is well placed to take the PDFpen product to the next level.

I don’t really understand what this means for Smile, since I thought they had some of the same people working on both PDFpen and TextExpander.

Previously:

Update (2021-07-13): Adam Engst:

Nitro will pay $6 million in cash for PDFpen, and the entire PDFpen team will be joining Nitro. Sam Thorpe noted that Nitro was extremely interested in the team’s roadmap for PDFpen and appreciation of the nuances of developing for Apple-focused customers, so it seems safe to say that we shouldn’t expect to see significant technical or interface changes. The name will also remain the same, though likely with some Nitro cobranding. What may change eventually is the licensing model, with subscriptions being offered after a few more major releases.

[…]

The recurring revenue generated by the subscriptions will help pay for developing the integrations with other systems—document signing, analytics, SDKs, and so on—that large organizations find compelling.

[…]

From Smile’s perspective, the PDFpen acquisition allows the company to focus on its TextExpander business, which has been growing in terms of employees and platforms.

Gaia GPS Acquired

Kristin Hostetter (via Matt Stoller):

Pocket Outdoor Media (parent company to SNEWS, Backpacker, and nearly 30 other active living brands) announced news that will catapult the Boulder-based company into a powerful position in these industries: It has purchased Outside Magazine, Outside TV, Gaia GPS, Peloton Magazine, and athleteReg.

[…]

As the world’s leading backcountry mapping app, Gaia GPS will provide mapping, route finding, and navigation across the Outside platform, benefiting readers of Backpacker, Trail Runner, Climbing, and SKI.

[…]

But perhaps what excites Thurston the most is how these brands will come together to fortify the powerful value proposition of its membership program, Active Pass.

This doesn’t sound like good news for fans of the app.

Previously:

Friday, July 2, 2021 [Tweets] [Favorites]

EU Competition Chief on iOS Sideloading

Juli Clover (tweet):

In ongoing antitrust discussions about App Store competition, Apple has maintained that allowing users to install apps outside of the App Store would have dire privacy consequences, but European Union digital competition chief Margrethe Vestager said today that Apple must not use privacy excuses to limit competition.

In an interview with Reuters, Vestager said that privacy and security are of “paramount importance,” but she does not believe that customers would be sacrificing security when sideloading an app.

Previously:

Update (2021-07-06): See also: Hacker News.

Link Rot

Mark Graham (via Hacker News):

As part of the Internet Archive’s aim to build a better Web, we have been working to make the Web more reliable — and are pleased to announce that 9 million formerly broken links on Wikipedia now work because they go to archived versions in the Wayback Machine.

Jonathan Zittrain:

It turns out that link rot and content drift are endemic to the web, which is both unsurprising and shockingly risky for a library that has “billions of books and no central filing system.” Imagine if libraries didn’t exist and there was only a “sharing economy” for physical books: People could register what books they happened to have at home, and then others who wanted them could visit and peruse them. It’s no surprise that such a system could fall out of date, with books no longer where they were advertised to be—especially if someone reported a book being in someone else’s home in 2015, and then an interested reader saw that 2015 report in 2021 and tried to visit the original home mentioned as holding it. That’s what we have right now on the web.

[…]

In 2010, Justice Samuel Alito wrote a concurring opinion in a case before the Supreme Court, and his opinion linked to a website as part of the explanation of his reasoning. Shortly after the opinion was released, anyone following the link wouldn’t see whatever it was Alito had in mind when writing the opinion.

[…]

We found that 50 percent of the links embedded in Court opinions since 1996, when the first hyperlink was used, no longer worked. And 75 percent of the links in the Harvard Law Review no longer worked.

People tend to overlook the decay of the modern web, when in fact these numbers are extraordinary—they represent a comprehensive breakdown in the chain of custody for facts.

Glenn Fleishman:

My first essay about the dangers of link rot appeared in Adobe Magazine in 1997. The link died and the location of the essay changed within a year or so. Now it’s entirely lost.

Previously:

This leads to a contempt for the past. Too much of what was created in the last fifty years is gone because no one took care to preserve it.

Since I run a bookmarking site for a living, I’ve done a little research on link rot myself. Bookmarks are different from regular URLs, because presumably anything you’ve bookmarked was once worth keeping. What I’ve learned is, about 5% of this disappears every year, at a pretty steady rate. A customer of mine just posted how 90% of what he saved in 1997 is gone. This is unfortunately typical.

We have heroic efforts like the Internet Archive to preserve stuff, but that’s like burning down houses and then cheering on the fire department when it comes to save what’s left inside. It’s no way to run a culture. We take better care of scrap paper than we do of the early Internet, because at least we look at scrap paper before we throw it away.

Custom Fonts in iOS and macOS apps

Sarah Reichelt (via Peter Steinberger):

Now the font file is in the project but there is still more work to do.

[…]

Now go to the Info.plist file. Right-click in the blank space below the existing entries and select “Add Row” from the popup menu. In the box that appears, start typing “Font” using an upper-case “F”. When you see “Fonts provided by application”, select that.

[…]

But the exact name is not always obvious and is rarely the file name. So the best thing to do is to ask the app what fonts it now has available. This will also act as confirmation that the font file is being included correctly in your project.

[…]

For a Mac app, you do not need to specify the font file name in your Info.plist file. Instead, you have to tell the Info.plist where to look for custom fonts in your project directory.

Previously:

Thursday, July 1, 2021 [Tweets] [Favorites]

APFS Volume Names Are Still a Unicode Mess

Howard Oakley (tweet):

This article stems from Thomas Tempelmann’s (@tempelorg) observation on Twitter that, if you name a volume in Disk Utility, it can remain in Unicode normalized Form C, which isn’t compatible with the rest of macOS, which expects Form D to be used.

[…]

If you do use Disk Utility to create two volumes with what appear to be identical names, but actually differ in their normalisation, then behaviours become stranger still.

[…]

The underlying problem seems to be a bug in Disk Utility, which fails to normalise volume names to Form D as the Finder does. But there’s also a bug in Spotlight indexing which results in volumes with Form C names not being indexed at all. APFS brought us many great things, but this initial design decision has only brought problems, complexity and bugs like these.

Thomas Tempelmann:

To all #Mac users who have accented chars (or umlauts) in their volume (disk) name: If #Spotlight doesn’t work for you, then try renaming your volume in Finder once to “abc”, then back to your preferred name. That might fix Spotlight.

Previously:

macOS 12 Monterey Public Beta

Juli Clover:

The macOS Monterey Public Beta is available to anyone with a compatible Mac and it does not require a developer account. This guide walks you through some simple steps on installing the beta software.

Before downloading the update, it's worth noting that Apple does not recommend installing the macOS Monterey Public Beta on your main Mac, so if you have a secondary machine, use that.

The release versions of DropDMG and ToothFairy are compatible with the Monterey public beta. I recommend updating to the public beta versions of EagleFiler and SpamSieve before installing Monterey.

Jason Snell:

The good news is, for all the recent fears among Mac users that Apple might be attempting to collapse Mac, iPhone, and iPad into a single amorphous product, macOS Monterey still feels unreservedly like a Mac. Apple wants its platforms to share features, but it also recognizes that each serves a different (albeit overlapping) audience.

[…]

And this year, Apple has chosen to make dramatic interface changes to Safari across not just macOS but iOS and iPadOS as well. I think the changes work fairly well on the iPad, but they’re kind of a mess on the iPhone and, unfortunately, the Mac.

[…]

Though Shortcuts has already surpassed Automator in terms of ease of use as well as functionality, it’s still a very young app—there’s plenty of room to grow over the next few years. Only with this version can you hide steps of a shortcut to make the rest of the file easier to read, for example. Shortcuts also shows its new arrival on the Mac by generating dialog boxes and alerts that look nothing like standard Mac interface elements. In the end, either Shortcuts needs to feel like the rest of macOS or the rest of macOS needs to come to Shortcuts—but right now, it’s neither fish nor fowl.

[…]

I don’t have much to report on group FaceTime based on early betas of macOS Monterey and iOS 15 other than to say that I found them pretty buggy, with video and audio cutting out and individual participants sometimes appearing more than once.

[…]

Most notably, macOS Monterey does nothing to address the failure of notifications, Notification Center, and widgets from macOS Big Sur.

John Voorhees:

I haven’t run into any show-stopping bugs, and this year’s beta is far more approachable than the Catalina or Big Sur betas were. Those updates included fundamental shifts in the way the OS worked that made the update uncomfortable for some users. There’s some of that in Monterey, but less than in the past couple of years. Instead, Monterey introduces a collection of enhancements to existing system apps and new cross-system feature integrations that make the update useful immediately.

[…]

Bottom line, I’d like to see the unification of the tab bar and toolbar rolled back or an option added to settings to turn it off. I applaud the effort to free up more space for content and also appreciate the more unified look afforded by the extension of websites’ colors to the tab bar, but the usability cost of cramming so much into one horizontal strip is too high.

[…]

I wasn’t expecting to enjoy the new Focus feature as much as I have. A lot of thought has gone into Focus, which allows for finely-tuned setups that highlight what a simple, blunt tool Do Not Disturb was. There’s more to Focus than specifying who and what apps can interrupt you in certain contexts, but even just that unlocks a tremendous amount to control over the barrage of daily notifications everyone receives.

Previously:

Update (2021-07-02): See also: Hacker News.

iOS 15 and iPadOS 15 Public Beta

Federico Viticci:

I don’t think iOS and iPadOS 15 are massive updates like iOS and iPadOS 13 or 14 were. There are dozens of interesting new features in both updates, but none of them feels “obvious” to demonstrate to average users like, say, dark mode and iPad multiwindow in iOS and iPadOS 13 or Home Screen widgets in last year’s iOS 14. And, for the most part, I think that’s fine. The wheel doesn’t have to be reinvented every year, and the pandemic happened for everyone – Apple engineers included.

[…]

Of all the new features in iOS and iPadOS 15, the one I’ve been using – and enjoying – the most is Focus, which already feels like it has been part of iOS for years now.

[…]

Conversely, I’m not so sure the new Safari will be an instant success with iPhone and iPad users; of all the features I covered in this story, I wouldn’t be surprised if Safari ends up being the one Apple tweaks the most before the public release of iOS and iPadOS 15. I’ve been struggling to adjust to the new Safari on both my iPhone and iPad, and although I believe there are some good ideas in it, many of them feel rushed and counterintuitive.

[…]

A good way to think about iPadOS 15’s revamped multitasking is the following: what you can accomplish with Split View, Slide Over, and multi-window isn’t changing, but Apple is making it easier and faster for everyone to discover and use those features.

Previously:

Google Sunsets the APK Format for New Android Apps

C. Scott Brown (via Hacker News):

Starting in August 2021, Google will require all new Android APKs to land on the Play Store as App Bundles instead.

This will invariably result in smaller file sizes and other boons for the end-user.

[…]

However, there are two significant issues with AABs. The first is that developers who want their apps to appear in other distribution channels — such as the Amazon App Store or Huawei’s App Gallery — will need to manually export APK versions of their apps.

[…]

The other issue is that developers will need to give Google their app signing key to export an AAB app as an APK.

ridaj:

The good: .aab can be optimized by the Play store for the device that is requesting them (for example stripping resources that don’t apply to a particular device)

The bad: it will be more difficult for non-Google app distribution storefronts to jump-start their catalog by grabbing APKs from the Play Store, because they won’t be able to get one neat APK per listing via some APK downloader. (For apps that do want to get listed on those storefronts, life won’t be very different.)

The ugly: APK distribution is a “zero-trust” model which allows the developer and the user to not have to trust the store not to make any changes to the application. In fact that’s what prevents the kinds of “good” optimizations mentioned above: Google can’t reach into an APK to strip resources that are irrelevant to a particular device, because doing so would invalidate the APK’s signature. By forcing apps to be deployed with keys under Google’s control, this trust model is broken. The Play Store no longer guarantees through cryptography that APKs haven’t been tampered with between the developer’s build system and the recipient device.

A lot of developers seem to be upset by this last bit, though from an Apple developer’s perspective, Apple already has all the keys, anyway (since it generates them for you); and apps from the store get re-signed by Apple’s key, so that users can’t see whether it was signed by the developer.

Previously:

Update (2021-07-02): For Apple developers, the keys are generated locally, and the private key stays on your Mac. Only the public key is given to Apple. Also, I agree with commenter Jean-Daniel that zero-trust is of limited value because you have to trust the platform, anyway.

Ron Amadeo (Hacker News):

Developers can keep a local copy of the signing key they upload to Google, allowing them to generate valid updates that can be installed over Google Play versions. Developers can also download signed “Distribution APKs” from the Google Play Developer Console, which are old-school universal APKs that can be uploaded to other app stores. If you’re concerned about Google changing your app without your consent, Google says an optional new “code transparency“ feature will let developers verify that the hashes on downloaded app code match what they uploaded.

[…]

For Google, Android App Bundles are a big deal. At Google I/O 2018, the company said that if every app switched to bundles, Google would save 10 petabytes of bandwidth per day, which is an incredible number, indicating the scale the Play Store operates at.