Archive for September 2021

Tuesday, September 21, 2021 [Tweets] [Favorites]

Swift 5.5 Released

Ted Kremenek:

Swift 5.5 is a massive release, which includes newly introduced language capabilities for concurrency, including async/await, structured concurrency, and Actors.

[…]

[…]

John Sundell:

Before Swift 5.5, if we wanted to make an enum that contains associated values conform to Codable, then we’d have to write all of that code manually. However, that’s no longer the case, as the compiler has received an upgrade that now makes it capable of auto-synthesizing serialization code for such enums as well.

[…]

If needed, we could even customize what keys that are used for the associated values within a specific case. For example, here’s how we could declare that we’d like the youTube case’s id value to be serialized as youTube

John Sundell (tweet):

In general, these kinds of issues can be worked around using a compile-time platform check — but before Swift 5.5, we’d have to first break our List out into a separate expression, and then apply different listStyle modifiers separately using an #if-based operating system condition[…]

[…]

When using Swift 5.5, we now have the option to inline #if directives right within our expressions. So, going back to our ItemList, we can now conditionally apply each of our listStyle modifiers completely inline — without first having to break our expression up into multiple parts[…]

Joshua Emmons:

Sadly, these [async/await] features require runtime support. Which means, at least for the time being, async is iOS 15-/macOS 12-only.

For those of us supporting older deployment targets, this can be a bit of a let down. But not all hope is lost! We can build clean, flattened-out async handling on our own.

David Ungar:

If your incremental (i.e. Debug) builds seem to be too slow, here some things to try[…]

Previously:

Monday, September 20, 2021 [Tweets] [Favorites]

iOS 15 and iPadOS 15

Apple (iOS release notes, iPadOS release notes, Hacker News):

iOS 15 is packed with new features that help you connect with others, be more present and in the moment, explore the world, and use powerful intelligence to do more with iPhone than ever before.

Federico Viticci (extras):

Surprisingly, iOS 15 doesn’t introduce any notable improvements to what made its predecessor wildly popular last year. In fact, as I’ll explore in this review, iOS 15 doesn’t have that single, all-encompassing feature that commands everyone’s attention such as widgets in iOS 14 or dark mode in iOS 13.

As we’ll see later in the story, new functionalities such as Focus and Live Text in the Camera are the additions that will likely push people to update their iPhones this year. And even then, I don’t think either of them sports the same intrinsic appeal as widgets, custom Home Screens, or the App Library in iOS 14.

[…]

But after three months of running iPadOS 15 on my M1 iPad Pro, I can’t help but feel like power users will still be left wishing for more. Yes, iPadOS 15 brings extensive keyboard integration for multitasking with a plethora of new keyboard shortcuts and yes, the new multitasking menu and improvements to the app switcher benefit everyone, including power users, but iPadOS 15 is a foundational update that focuses on fixing the basics rather than letting the iPad soar to new heights.

Dan Moren:

So it is with iOS 15, a release that appears with at least one of its most touted features, SharePlay, delayed until later this year, and another impressive piece of functionality—Universal Control—demoed but never even present in the betas. What’s left is a hodgepodge of interesting ideas and occasionally misguided attempts to prescribe how people should use their mobile devices. It’s an update that’s got a lot to recommend it, but that’s simultaneously tough to recommend, if only because it’s difficult to point to a single big feature that will make a huge difference in the life of the average user.

[…]

The reason that Time Sensitive notifications are significant is twofold. Firstly, they’re a class of notification that you can allow to break through your Focus, even if you haven’t specifically allowed notifications from that app. Secondly, they work with the second new major notification feature, Scheduled Summary.

Jason Snell:

In iPadOS 14, holding down the Command key would display a simple list of app-specific features and key equivalents. In iPadOS 15, Apple has expanded this feature to make it more like the iPad equivalent of the Mac menu bar. Not only does it list keyboard shortcuts, but it can list every command in the app (with suspiciously familiar labels like File and Edit). You can click or tap any of them to execute them. iPad apps that build out the Mac menu bar for their Catalyst version can pick this feature up for free. It’s another way that the Mac and iPad are increasingly complementing one another.

Then there’s the Globe key. Initially intended for supporting multiple languages, in iPadOS 15, the Globe key has become something much bigger: it’s a symbol for global keyboard shortcuts. (The Globe key appears on most modern Apple keyboards. If your keyboard doesn’t have a Globe key, don’t worry—you can use the Hardware Keyboard settings area to map a less-used modifier key such as Caps Lock to the Globe key.)

Hold down the Globe key in any app in iPadOS 15, and instead of seeing app-specific commands, you’ll see a list of functions that are available everywhere on the iPad.

Juli Clover:

A new Focus mode cuts down on distractions by limiting what’s accessible and who can contact you, and notifications can now be grouped up in daily summaries. There’s an option for a new Safari design that moves the tab bar to the bottom of the interface, and Tab Groups keep all of your tabs organized.

Joe Rossignol:

Apple recently updated its iOS 15 features page to indicate that Find My network support for AirPods Pro and AirPods Max has been delayed until “later this fall,” implying that the feature will not be available with the initial release of iOS 15.

Joe Rossignol:

According to the iOS 15 features page on Apple’s website, the following features require an iPhone with an A12 Bionic chip or newer, which means the features listed below aren’t available on the iPhone X or any older models.

It does still run on devices all the way back to the iPhone 6s, though.

Previously:

Hide My Email

Tim Hardwick:

At its WWDC keynote on Monday, Apple announced that iCloud is getting a premium subscription tier called “iCloud+,” which includes tentpole privacy features like Private Relay and Hide My Email. Another feature included in iCloud+ that wasn’t discussed in the keynote is the ability to create a custom email domain name.

I think it’s better to use another e-mail provider, but at least with a custom domain you can more easily change in the future.

Apple:

Expanding on the capabilities of Sign in with Apple, Hide My Email lets users share unique, random email addresses that forward to their personal inbox anytime they wish to keep their personal email address private. Built directly into Safari, iCloud settings, and Mail, Hide My Email also enables users to create and delete as many addresses as needed at any time, helping give users control of who is able to contact them.

It appears that you can set it forward to a non-iCloud address. So you can improve your privacy by hiding your real e-mail address from sites, but you also reduce it by routing your mail through Apple, and add a dependency on iCloud.

Tim Hardwick:

The following steps show you how to create a new dummy email address with Hide My Email, for use in Safari and Mail.

Previously:

iCloud Private Relay

Michael Grothaus (via John Wilander, Alex Guyot):

The obvious comparison people will make is that iCloud Private Relay is Apple’s version of a VPN (something I have called for in the past for the company to offer). But from an engineering perspective, Private Relay’s privacy protections make VPNs look weak.

[…]

iCloud Private Relay uses a dual-hop architecture. When you navigate to a website through Safari, iCloud Private Relay takes your IP address, which it needs to connect you to the website you want to go to, and the URL of that site. But it encrypts the URL so not even Apple can see what website you are visiting. Your IP and encrypted destination URL then travels to an intermediary relay station run by a third-party trusted partner.

See also: WWDC, Nick Heer, Hacker News, Accidental Tech Podcast, MacRumors, TidBITS.

John Gruber:

It’s a little weird that Apple doesn’t want to talk about who these “trusted partners” are, because if we don’t know who they are, how are we supposed to trust them?

Stephen Nellis and Paresh Dave:

Apple’s decision to withhold the feature in China is the latest in a string of compromises the company has made on privacy in a country that accounts for nearly 15% of its revenue.

Tim Hardwick:

According to Apple, “regulatory reasons” prevent the company from launching Private Relay in China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, and the Philippines.

Apple mentioned these country limitations in June, but it seems that Private Relay will not be available in Russia either, after Apple apparently disabled the feature there over the last day or so.

Spencer Dailey:

Hats off to Apple’s architects. At first glance, the principle behind this “dual hop” seems inspired by Tor, a browser that “directs Internet traffic through a free, worldwide, volunteer overlay network” with an encryption scheme that promises to “conceal a user’s location and usage” from prying eyes. The main issue with Tor has always been that it’s slow. Apple claims Private Relay works “without compromising performance”. There are reasons to be very skeptical of that claim by Apple (more on that later), but nevertheless, Private Relay will certainly be far faster than using Tor.

[…]

Private Relay will ruffle the feathers of ISPs and local network administrators.

This is a power move reminiscent of 1) when Apple launched the iPhone and decoupled phone software from the carrier, and 2) when Apple launched iTunes and CD-selling music labels had to come on board.

The industry will push back, leading to friction for consumers.

Many local area networks, such as WiFi on college campuses, will end up prohibiting Private Relay traffic. This will lead to inconvenienced users, who will be presented with dialogs to disable Private Relay for that network. I’m sure ISPs of all sizes will be tempted to also put in place hard blocks.

Florian Forster (via Hacker News):

If a user enables this feature, your RIBA [Risk Based Authentication] seriously will have a bad time. This is because, as you can see below, the user’s IP Address will be more or less useless as a signal. As of writing this blog I was in Switzerland and the IP used to egress my traffic was in a region located in the US. If this also tends to change a lot and fast you can basically throw away IP addresses as data of your RIBA.

Saagar Jha:

As expected, using Private Relay may get you flagged on certain sites, such as Wikipedia. Haven’t hit a captcha yet but I’m not looking forwards to it…

Frank A. Krueger:

Funny side-effect of iOS’s new private browsing: websites keep signing me out and reporting irregular login attempts. I have to remind myself that I sometimes live in Sweden now.

John Voorhees:

Private Relay currently has a significant impact on Safari’s performance. Here’s my Internet speed outside Safari using the Speedtest Mac app.

David Sparks:

My connection was noticeably slow and laggy. After a bit of troubleshooting, I discovered Private Relay is the culprit.

Dave Wood:

Why does iCloud Private Relay randomly turn itself back on? I didn’t reboot or anything here. And, the option to disable it again is missing. (Usually appears again if you go back a menu and forward again).

jda-blue:

I have a VPN app that uses a tunnel to route traffic, and I’m finding that port 80 traffic cannot be routed when Private Relay is enabled. Oddly, it’s just port 80 traffic. HTTP traffic over 8080 or other ports still work fine.

Specifically, connecting the socket using the connect() function for a port 80 address always returns the same error "No route to host".

Jason Snell:

Essentially, Apple has decided to launch iCloud Private Relay as a beta when iOS 15 ships in the fall, and the feature will be turned off (for now) by default. Paying iCloud users will be able to turn it on and try it out.

John Gruber:

Here’s my concern about iCloud Private Relay compatibility, though: if web publishers want to make sure their sites are compatible with iCloud Private Relay, they can make it work. They might just need more time. But everyone knows there are sites that aren’t interested in your privacy. That’s the whole reason Apple even made this feature. For a lot of websites, if the answer to an iCloud Private Relay compatibility issue is “Disable iCloud Private Relay”, that’s fine by them. For a lot of privacy-invasive web publishers, their goal, I suspect, is to break iCloud Private Relay, not fix their shit-ass websites to work with it.

Previously:

DuckDuckGo Email Protection

Sami Fathi (Hacker News):

DuckDuckGo today announced its brand new Email Protection feature that will allow users to save themselves from being tracked by trackers embedded into emails by forwarding them to a free and personalized DuckDuckGo email before being sent to their actual email.

[…]

One of the largest cornerstones of DuckDuckGo’s offering, compared to Apple’s Hide My Email, is its cross-platform compatibility.

[…]

DuckDuckGo is pledging that it never saves a user’s email and that even when emails are sent to its servers to be cleansed from trackers, that information remains private.

Previously:

Mail Privacy Protection

Apple:

In the Mail app, Mail Privacy Protection stops senders from using invisible pixels to collect information about the user. The new feature helps users prevent senders from knowing when they open an email, and masks their IP address so it can’t be linked to other online activity or used to determine their location.

Ben Lovejoy (MacRumors):

One of the new privacy features included in iCloud+ is what Apple calls Mail Privacy Protection. While that’s designed to protect Apple Mail users from overly intrusive marketeers, some are worried that it could badly hurt small publishers of email newsletters.

That’s because it will deny them access to a key metric used to sell the advertising that makes many such newsletters viable…

Casey Newton (Hacker News):

And so it’s no surprise that some observers look at Mail Privacy Protection and see a threat. “This is another sign that Apple’s war against targeted advertising isn’t just about screwing Facebook,” Joshua Benton wrote in Nieman Lab. “They’re also coming for your Substack.”

[…]

But after conversations with newsletter writers and media executives today, I’m not sure that people doing email-based journalism have all that much to worry about from the shift.

Nick Heer:

Email open rates are notoriously unreliable. Some sources will say that open rates are underreported; others will say that they are way too high. That is because open rates are determined by the number of times that a tracking pixel in an email is downloaded. If users have images turned off, it will not be triggered; if a user’s email client automatically goes to the next message when an email is deleted, it may register as the email being opened again and again.

Eric Blair:

It sounds like like MPP proxies will pre-download images regardless of whether you open the email. The effective open rate will look like 100% for Mail users. Since the download is out of band from the viewing, the access time is also meaningless.

Andrew Grant:

Apple.

Also Apple.

Previously:

Record App Activity

Jason Cross:

Apple is always expanding privacy features, and with iOS 15 you have a powerful new tool to find out which apps are accessing your phone’s features and data.

[…]

This will record a 7-day summary of exactly when and how often all your apps access things like your microphone or microphone, or which web domains they visit. Just come back to this screen a week later for a full report.

You can even tap Save App Activity to export a JSON file of all the data if you’re into that kind of thing.

Nick Heer:

I’ve just saved four days’ worth of app activity. It’s a 27 MB JSON file. An analysis of this would be wild, I am sure.

John Spurlock:

Want a better way view the json files saved from “Report App Activity” in iOS15 beta privacy settings?

I just published a simple web app that runs locally to slice and dice them.

Previously:

Rejected for Mentioning iOS 15 Compatibility

James Thomson:

And, that’s the iOS 15 build of Dice by PCalc rejected for… mentioning iOS 15.

It feels like we’ve been down this road before.

It’s a longstanding unwritten rule, though in this case Apple had already posted the iOS 15 release candidate build and notified developers to submit their updates for iOS 15. So not being able to mention the OS version just adds confusion for users.

Marco Arment:

My Overcast build with the iOS 15 GM SDK, released after the very public event this week, was rejected for mentioning “iOS 15 compatibility” in the release notes.

Such a waste of everyone’s time, Apple. Come on.

Michael Love:

My best guess is that they’re somehow trying to avoid user confusion - they’re worried that if people see a bunch of iOS 15 updates before iOS 15 is out they’ll assume their phone isn’t compatible with it or the updates won’t work on 14 or whatever.

If Apple really doesn’t want users to see these updates before iOS 15 is released, there should be an option to submit your update now but have the App Store hold it for release until iOS 15 ships.

Dave Wood:

They’re probably confused because the change of term from GM to RC. Since iOS 15 is now RC, it is no longer pre-GM so doesn’t violate the rule they quote. Which is even funnier.

Curtis Herbert:

If Apple, year after year after year, pulls the BS of an app rejection because you mention the upcoming release … at some point ya gotta stop trying. Save yourself the headache. Just say “the new iOS” or “today’s update.”

Alexey Chernikov:

Just got rejected for mentioning “the latest iOS.”

Sash Zats:

That’s why you just “bug fixes and improvements”

James Thomson:

It is my understanding that mentioning iOS 15 is allowed in your release notes, as of now, and in future mentioning an unreleased OS should not cause a problem after app submissions for that particular OS have opened.

Thanks to Thompson for relaying an unwritten rule change, but it would be nice to have a written guideline to cite when the memo inevitably doesn’t get out to everyone.

Previously:

Thursday, September 16, 2021 [Tweets] [Favorites]

Shortcuts Outage Caused By Researcher

Nick Heer:

Remember how, back in March, all links to Shortcuts just stopped working?

Frans Rosén (via Federico Viticci):

I found some permission issues when hacking Apple CloudKit. I wrote about three of them @detectify labs, one where I accidentally deleted all shared Apple Shortcuts.

He reported the bugs to Apple and received the security bounty.

Previously:

Performance of the A15

Jason Snell:

Here’s a funny thing about Tuesday’s announcement of the A15 Bionic: Apple didn’t compare its performance to the A14. In the past, Apple has compared the power of its iPhones to previous models. But this year, Apple has chosen to proclaim that the A15 in the iPhone 13 Pro has 50 percent better graphics and CPU performance “than the competition.”

Given that Apple has generally been ahead of its smartphone competition in terms of processor power, this suggests that the A15 shows less improvement over the A14 than it does over the Qualcomm processors in leading Android phones. And it makes me wonder if Apple is perhaps trying to soft-pedal a new chip that isn’t much faster than the older model.

Dylan Patel (tweet, via Meek Geek):

The CPU is claimed to be 50% faster than the competition while GPU is claimed to be 30% or 50% faster depending on whether it is 4 cores or 5 cores. They are sticking with a 16 core NPU which is now at 15.8 TOPs vs 11 TOPs for the A14. There is a new video encoder and decoder, we hope it incorporates AV1 support. The new ISP enables better photo and video algorithms. The Pro models have variable refresh rate, so that likely necessitated a new display engine. Lastly, the system cache has doubled to 32MB. This was likely done to feed the GPU and save on power. SemiAnalysis also believes Apple moved to LPDDR5 from LPDDR4X.

[…]

The most important thing to note is that the CPU gains are identical from the A12 to A14 as they are from A12 to A15. The GPU gains are quite impressive with a calculated 38.5% improvement. This is larger than the A13 and A14 improvements combined.

[…]

SemiAnalysis believes that the next generation core was delayed out of 2021 into 2022 due to CPU engineer resource problems. In 2019, Nuvia was founded and later acquired by Qualcomm for $1.4B. Apple’s Chief CPU Architect, Gerard Williams, as well as over a 100 other Apple engineers left to join this firm. More recently, SemiAnalysis broke the news about Rivos Inc, a new high performance RISC V startup which includes many senior Apple engineers. The brain drain continues and impacts will be more apparent as time moves on. As Apple once drained resources out of Intel and others through the industry, the reverse seems to be happening now.

Eric Slivka:

These scores represent a roughly 10% increase in single-core performance and 18% increase in multi-core performance compared to the A14 Bionic in the iPhone 12 lineup.

Jason Snell:

If accurate, this would place the A14 to A15 performance boost in line with recent updates. What makes this a question at all is that Apple hasn’t directly compared the two chips, instead opting to compare the iPhone to “the competition.”

Previously:

Global Chip Shortage

Nilay Patel (Decoder):

Since the beginning of the pandemic, the demand for microchips has far exceeded supply, causing problems in every industry that relies on computers.

[…]

My guest today is Dr. Willy Shih. He’s the professor of management practices at Harvard Business School. He’s an expert on chips and semiconductors — he spent years working at companies like IBM and Silicon Graphics. And he’s also an expert in supply chains — how things go from raw materials to finished products in stores. Willy’s the guy that grocery stores and paper companies called in March 2020 when there was a run on toilet paper. If anyone’s going to explain this thing, it’s going to be Willy.

Ian King et al. (via Hacker News):

Building an entry-level factory that produces 50,000 wafers per month costs about $15 billion. Most of this is spent on specialized equipment—a market that exceeded $60 billion in sales for the first time in 2020.

Three companies—Intel, Samsung and TSMC—account for most of this investment. Their factories are more advanced and cost over $20 billion each. This year, TSMC will spend as much as $28 billion on new plants and equipment. Compare that to the U.S. government’s attempt to pass a bill supporting domestic chip production. This legislation would offer just $50 billion over five years.

Once you spend all that money building giant facilities, they become obsolete in five years or less. To avoid losing money, chipmakers must generate $3 billion in profit from each plant. But now only the biggest companies, in particular the top three that combined generated $188 billion in revenue last year, can afford to build multiple plants.

Yang Jie et al. (via John Gruber):

Taiwan Semiconductor Manufacturing Co. plans to increase the prices of its most advanced chips by roughly 10%, while less advanced chips used by customers like auto makers will cost about 20% more, these people said. The higher prices will generally take effect late this year or next year, the people said.

Horace Dediu:

IPhone 13 pricing is same as 12. So much for new pricing due to semiconductor shortages.

FlickType Sherlock+’d

Tom Maxwell (Hacker News):

But one, seemingly minor product announcement has caused a stir in the developer community: the new full software keyboard that Apple is adding to the Apple Watch.

It was just last month that Kosta Eleftheriou, the developer of FlickType, announced that his swipe-based keyboard for the blind would be pulled off the App Store over objections by Apple. Its reasoning was unclear[…]

A separate version for the Apple Watch would remain, but then Apple pulled that one as well, telling Eleftheriou that keyboards aren’t allowed on the Apple Watch.

Now Apple has announced its own, nearly-identical keyboard for the Apple Watch — and seven years after the smartwatch was introduced, no less.

Kosta Eleftheriou:

So now we know. See you in court, @Apple.

Dave Mark:

I’m mystified by this decision by Apple, especially given the ratcheted up scrutiny they are under. Did they think no one would make the connection? Or did they not care about that, Sherlock business as usual?

This is much worse than a regular Sherlocking. In the past, Apple would just build a popular third-party feature into the operating system. You can argue about whether there’s a more or less fair way to do that, but at the end of the day it makes sense to have a built-in keyboard. What’s different here is that, not only does the third-party app have to compete with the built-in feature, but Apple is also using App Review to harass the developer and block updates for no good reason. Competing with Apple on an unfair playing field is difficult, but it can be done and has been many times. But you can’t compete when they won’t let you ship your app and won’t even explain why they’re rejecting it.

Rui Carmo:

Seeing the Sherlocking of FlickType streamed live to the world, however, was a major downer (I was one of the Watch beta testers, and loved it). Apple really ought to be better than this, and I expect a fair amount of fallout over the next few days.

Joshua Topolsky:

This is really messed up. Apple forced a keyboard designed for the blind off of the App Store... and then announced its own version of it yesterday. COME ON you can do better than this.

Previously:

Update (2021-09-17): William Gallagher:

Kosta Eleftheriou’s lawsuit had already been filed when Apple unveiled QuickPath. Apple says it has told Eleftheriou that following further explanation from him, it now believes that the app’s accessibility keyboard complies with App Store rules.

In other words, it never should have been rejected.

Sean Hollister:

Yes, Eleftheriou filed his suit nearly six full months before the Apple Watch Series 7 announcement.

[…]

But no, Apple didn’t actually reject every Apple Watch keyboard app in 2019 — Eleftheriou believes his app was singled out for this treatment.

[…]

The company basically admits that removing Eleftheriou’s app was a mistake, and claims it quickly corrected the issue.

But Eleftheriou disputes that last point, saying it took a year of appeals and resubmissions to get his keyboard back onto the store. “From [January 2019] on, I was simultaneously discussing a FlickType acquisition with them, while also being rejected,” he tells me. And Apple initially made it look like those appeals failed, too. “The App Review Board evaluated your app and determined that the original rejection feedback is valid. Please note that all appeal results are final,” reads Eleftheriou from a message he received in May 2019.

In the complaint, he alleges it wasn’t until January 2020, a year after the surprise takedown, that his Apple Watch keyboard extension was approved.

[…]

He’s particularly annoyed with how Apple’s own keyboard has an unfair advantage since it doesn’t need to use its own APIs, and how those APIs are lacking features that Apple publicly promised years ago.

Wednesday, September 15, 2021 [Tweets] [Favorites]

The Future of the App Store

Marco Arment (tweet, Hacker News):

I think the most likely long-term outcome isn’t very different from the status quo — and that’s a good thing.

I would like to see big changes, but I think he’s probably right that we won’t.

Apple will still require apps to use their IAP system for any qualifying purchases that occur in the apps themselves. […] Most apps will be required to also offer IAP side-by-side with any external methods.

[…]

Apple will have many rules regarding the display, descriptions, and behavior of external purchases, many of which will be unpublished and ever-changing. App Review will be extremely harsh, inconsistent, capricious, petty, and punitive with their enforcement.

[…]

I’d expect any app offering external purchases to have a very high chance of being escalated to a slower, more pain-in-the-ass review process, possibly causing it not to be worthwhile for most small developers to deal with.

[…]

Most importantly, many products, services, and business models will become possible that previously weren’t, leading to more apps, more competition, and more money going to more places.

I don’t see why that would happen given the very limited scope of the changes.

Nick Heer:

I keep thinking about the likelihood of the sideloading doomsday scenarios that Arment writes about. […] I could see Facebook creating its own app marketplace for iOS, but I am unclear why developers would need to submit their apps to multiple marketplaces, so long as Apple gets to keep its first-party App Store.

[…]

This modest corrective action is, I think, a good step toward a store that improves users’ experiences while opening up new possibilities. I still hope Apple takes greater advantage to simultaneously release regulatory pressure and the hostility felt by developers.

David Heinemeier Hansson:

Now imagine that Apple abides by the injunction but also attempts to continue forcing IAP upon developers who don’t want it. The gag orders are gone, because that was the anti-steering provisions explicitly prohibited by the injunction. Which means developers have to offer something they don’t want to offer, but they’re free to present that offer as they see fit. Can you see where this is going?

Not the way he thinks, I expect. Apple will probably get away with having lots of rules about the allowable language, require that IAP get top placement, and do various other things to make the non-IAP flow needlessly feel second-class.

Previously:

Magic Lasso Adblock 3.0

Matthew Bickham:

Magic Lasso seamlessly blocks all YouTube ads with a combination of custom, efficient content blocking rules using Safari’s native content blocker API along with a new permission-restricted ‘Magic Lasso Pro’ web extension.

Unlike other ad blockers whose web extensions have unrestricted permissions to read and view any pages you visit, Magic Lasso Pro only has access to pages within the youtube.com domain. Therefore your browsing history beyond YouTube is not accessible to the web extension. Or to the Magic Lasso app.

This feature requires the Pro version, which is $3/month or $30/year (shared across Mac and iOS). Pro also includes a blocker for those annoying cookie pop-up banners. Both features work well in my experience, though sometimes I run into a Safari bug that stops extensions from working until I quit and relaunch.

Previously:

Creating Compile-Time Reminders in Xcode

Robin Kunde:

This attribute will produce a warning if the selected Swift version is available in the version of Xcode you’re using. For 5.5 for example, this would generate a warning in Xcode 13.0 but not Xcode 12.5.

[…]

This attribute will produce a warning if the selected iOS (or tvOS, or macOS) version is equal to or below your deployment target. In other words […] after you remove support for older operating systems.

[…]

By wrapping [a #warning] in this condtional compilation check, you can get Xcode to ignore the statement until you’re using an Xcode version that ships with the given compiler version.

Intuit to Acquire Mailchimp

Intuit (Hacker News):

The planned acquisition of Mailchimp for approximately $12 billion in cash and stock advances Intuit’s mission of powering prosperity around the world, and its strategy to become an AI-driven expert platform. With the acquisition of Mailchimp, Intuit will accelerate two of its previously-shared strategic Big Bets: to become the center of small business growth; and to disrupt the small business mid-market.

[…]

Founded in Atlanta, GA in 2001, Mailchimp began by offering email marketing solutions, and evolved into a global leader in customer engagement and marketing automation fueled by a powerful, cutting-edge AI-driven technology stack.

Previously:

Update (2021-09-17): Ben Bergman (via Hacker News):

When employees were recruited to work at Mailchimp there was a common refrain from hiring managers: No, you are not going to get equity, but you will get to be part of a scrappy company that fights for the little guy and we will never be acquired or go public.

The founders told anyone who would listen they would own Mailchimp until they died and bragged about turning down multiple offers.

[…]

Employees reacted with shock and anger over text, Slack, and Twitter to the deal. They described feelings of betrayal and a cash windfall that seemed to only benefit those at the very top of the 20-year-old company.

Tuesday, September 14, 2021 [Tweets] [Favorites]

Xcode 13 RC

Apple (release notes):

Xcode 13 includes everything you need to create amazing apps for all Apple platforms. Includes the latest SDKs for macOS, iOS, watchOS, and tvOS.

Don’t delete your beta version because this build removes the Monterey SDK. Seems like the iOS stuff isn’t quite ready yet, either.

Previously:

Update (2021-09-16): Nick Lockwood:

So far, Xcode 13 RC seems like a major regression in stability. I've had it freeze up multiple times on my M1 in the last couple of days, after basically no problems for months with 12.5.

Steve Troughton-Smith:

Xcode 13 is so crashy right now 👀 RC goes down multiple times a day, and I can’t even blame Interface Builder or the SwiftUI preview system because I use neither

I’m seeing many reports like this.

iPhone 13 and iPhone 13 Pro

Apple (MacRumors):

Apple today introduced iPhone 13 and iPhone 13 mini, the next generation of the world’s best smartphone, featuring a beautiful design with sleek flat edges in five gorgeous new colors. Both models feature major innovations, including the most advanced dual-camera system ever on iPhone — with a new Wide camera with bigger pixels and sensor-shift optical image stabilization (OIS) offering improvements in low-light photos and videos, a new way to personalize the camera with Photographic Styles, and Cinematic mode, which brings a new dimension to video storytelling. iPhone 13 and iPhone 13 mini also boast super-fast performance and power efficiency with A15 Bionic, longer battery life, a brighter Super Retina XDR display that brings content to life, incredible durability with the Ceramic Shield front cover, double the entry-level storage at 128GB, an industry-leading IP68 rating for water resistance, and an advanced 5G experience.

[…]

Customers can get iPhone 13 for $33.29 (US) a month for 24 months or $799 (US) before trade-in, and iPhone 13 mini for $29.12 (US) a month for 24 months or $699 (US) before trade-in[…]

I’m glad to see the base storage increase to 128 GB. I hope the iPhone mini stays in the lineup. It’s unfortunate that there’s still no good way to unlock it while wearing a mask, unless you have an Apple Watch. I would have loved to see Touch ID on the power button or under the display.

Apple (MacRumors, Hacker News, Slashdot):

Apple today introduced iPhone 13 Pro and iPhone 13 Pro Max, pushing the boundaries of what’s possible in a smartphone. Redesigned inside and out, both models introduce an all-new Super Retina XDR display with ProMotion featuring an adaptive refresh rate up to 120Hz, making the touch experience faster and more responsive. The pro camera system gets its biggest advancement ever with new Ultra Wide, Wide, and Telephoto cameras that capture stunning photos and video, powered by the unmatched performance of A15 Bionic, more powerful than the leading competition. These technologies enable impressive new photo capabilities never before possible on iPhone, like macro photography on the new Ultra Wide camera and up to 2.2x improved low-light performance on the new Wide camera. New computational photography features like Photographic Styles personalize the look of images in the Camera app, and both models now include Night mode on all cameras. Video takes a huge leap forward with Cinematic mode for beautiful depth-of-field transitions, macro video, Time-lapse and Slo-mo, and even better low-light performance. Both models also offer end-to-end pro workflows in Dolby Vision, and for the first time, ProRes, only available on iPhone. iPhone 13 Pro and iPhone 13 Pro Max also include 5G with more bands for better coverage, big improvements to battery life for the best battery life ever on iPhone with iPhone 13 Pro Max, new storage capacity of 1TB, and the Ceramic Shield front cover, tougher than any smartphone glass.

[…]

Customers can get iPhone 13 Pro for $41.62 (US) a month for 24 months or $999 (US) before trade-in, and iPhone 13 Pro Max for $45.79 (US) a month for 24 months or $1,099 (US) before trade-in[…]

I’m not sure what to make of the touted camera improvements. It seems like Apple always says stuff like this, and most years it feels like a small improvement compared with the prior year. But every once in a while it really is a big leap.

Ryan Jones:

Normal person summary of iPhone 13 Pro

  • 1.5-2.5 hours more battery life
  • super fluid animations
  • light blue
  • macro photos
  • Portrait Mode for video
  • smaller notch
  • better cameras

Previously:

Update (2021-09-16): John Gruber:

Last year, the 12 Pro Max had a better camera system than the 12 Pro. Only the 12 Pro Max had the sensor shift optical image stabilization, and only the 12 Pro Max had a 2.5× (as opposed to 2×) telephoto lens. This year, both Pro models have identical camera systems. (And, like last year, the regular iPhone 13 and 13 Mini share the same camera system as each other.)

The iPhone 13 Pro camera modules are entirely different from the non-Pro 13 and and 13 Mini, though. Not just the existence of the new 3× telephoto, but the 1× (wide) and 0.5× (ultra wide) cameras are better on the Pro models.

Kuba Suder:

Updated table of all recent iPhone sizes & weights. Heaviest iPhone ever!

Juli Clover:

All of the iPhone 13 models are heavier than their iPhone 12 counterparts, likely due to the larger batteries that are inside and the thickness increase. Weight comparisons are below.

Jason Snell:

I want to call out Apple’s incremental improvement in battery life. The last couple of years, Apple seems to be on a mission to extend iPhone battery life. The fact that they tacked on 1.5 hours (iPhone 13 mini and iPhone 13 Pro) or 2.5 hours (iPhone 13 and iPhone 13 Pro Max) should not be underestimated. That’s an impressive addition—and if you’re upgrading from a three- or four-year-old phone, the battery life of a new model will be even more impressive.

Quinn Nelson:

Please enjoy getting 4K ProRes off your new iPhone using AirDrop or USB 2.0 via Lightning.

🤦‍♂️

Update (2021-09-17): Tim Hardwick:

The iPhone 13 lineup features new low-power displays, a more efficient A15 chip, larger batteries, and more power-efficient components, all of which make for dramatic improvements when streaming, as the numbers above show.

For example, Apple claims that when streaming video, the iPhone 13 Pro and Pro Max last nine hours and 13 hours longer than last year’s equivalent models, respectively. Taking the same metric, the battery in the iPhone 13 mini manages 13 hours, which is longer than even the iPhone 12 Pro Max.

Josh Ginter:

Here’s what I’m most excited to try out in the new camera system when I get my hands on it next week.

Nick Heer:

Apple’s accessory design guidelines have not been updated with these phones yet. But if the webpage rendering is anything to go by, the bump is now over 50% of the width of the back glass and over 25% of its height.

And, apparently, the phones don’t lay flat in Apple’s cases.

Apple Watch Series 7

Apple (MacRumors):

Apple today announced Apple Watch Series 7, featuring a reengineered Always-On Retina display with significantly more screen area and thinner borders, making it the largest and most advanced display ever. The narrower borders allow the display to maximize screen area, while minimally changing the dimensions of the watch itself. The design of Apple Watch Series 7 is refined with softer, more rounded corners, and the display has a unique refractive edge that makes full-screen watch faces and apps appear to seamlessly connect with the curvature of the case. Apple Watch Series 7 also features a user interface optimized for the larger display, offering greater readability and ease of use, plus two unique watch faces — Contour and Modular Duo — designed specifically for the new device. With the improvements to the display, users benefit from the same all-day 18-hour battery life, now complemented by 33 percent faster charging.

[…]

Apple Watch Series 7 will start at $399 (US), Apple Watch SE starts at $279 (US), and Apple Watch Series 3 starts at $199 (US).

Yep, they’re still selling the Series 3 from 2017.

Previously:

Update (2021-09-16): John Gruber:

Quinn “Snazzy Labs” Nelson flagged Apple for an unfair comparison, regarding just how much more text the larger Series 7 displays can show at a time. The font was the same size, but the line spacing was quite a bit tighter in the Series 7 screenshot. I would also argue that Apple chose text that line-wrapped inefficiently on the Series 6 display, but the difference in line heights is clearly unfair. Apple doesn’t usually play games like that in comparisons. Yellow card issued.

Dr. Drang:

The Series 3 is today’s version of the iPad 2, the 16 GB iPhone, or the 5 GB iCloud free storage tier: The Thing That Wouldn’t Die. But like the iPad 2, it’s a perfectly good device if your needs stay the same as when you bought it.

iPad mini (6th Generation)

Apple (MacRumors, Hacker News):

Apple today introduced the powerful new iPad mini — with a larger 8.3-inch Liquid Retina display — in four gorgeous finishes. Featuring the brand new A15 Bionic chip, the new iPad mini delivers up to 80 percent faster performance than the previous generation, making it the most capable iPad mini ever. A new USB-C port allows faster connectivity, and cellular models with 5G bring more flexible mobile workflows. New advanced cameras, Center Stage, and support for Apple Pencil (2nd generation) enable new ways for users to capture photos and videos, communicate with loved ones, and jot down their ideas when creativity strikes.

[…]

Wi-Fi models of iPad mini are available with a starting price of $499 (US) and Wi-Fi + Cellular models start at $649 (US). The new iPad mini, in 64GB and 256GB configurations, comes in pink, starlight, purple, and space gray finishes.

My iPad mini 2 died a while ago, and I decided to switch to a larger screen with an iPad Air (4th generation) earlier this summer. I don’t regret it. However, this new iPad mini looks really great, pretty much what I was hoping Apple would do.

Previously:

Update (2021-09-16): Joe Rossignol:

Both the iPhone 13 and the new iPad mini are equipped with Apple’s latest A15 Bionic chip, but benchmark results reveal that the chip is downclocked to 2.9GHz in the iPad mini, compared to 3.2GHz in all iPhone 13 models.

iPad (9th Generation)

Apple (MacRumors, Hacker News):

Apple today introduced the new iPad (9th generation), featuring the powerful A13 Bionic chip that packs even more performance and capability into the most popular iPad, all while retaining its all-day battery life. Starting at just $329, the new iPad features a 10.2-inch Retina display with True Tone, a 12MP Ultra Wide front camera with Center Stage, support for Apple Pencil (1st generation) and Smart Keyboard, the intuitive iPadOS 15, and twice the storage of the previous generation.

[…]

Wi-Fi models of iPad are available with a starting price of $329 (US), and Wi-Fi + Cellular models start at $459 (US), in silver and space gray finishes. The new iPad starts with 64GB of storage — double the storage of the previous generation. A 256GB option is also available.

I wish they could get the entry price a bit lower, as it’s still higher specced than it needs to be, but at least it comes with 64 GB now.

Previously:

Monday, September 13, 2021 [Tweets] [Favorites]

The Epic Anti-Steering Injunction Is Narrow

Nick Heer:

The nearly two hundred page order is very readable and well-written, but the injunction ordering Apple to scrap the last sentence of the first bullet in App Store rule 3.1.1 leaves plenty of ambiguity over what developers can do and what Apple must allow. This will undoubtably be clarified with time, but it is the only part of the result that creates more questions than it answers. Apple is apparently interpreting it as requiring the company to, in effect, apply its settlement with the Japan Fair Trade Commission to all apps, not just Apple’s “reader” app category. That means the anti-steering App Store policies will be removed within three months. But it may not mean that Apple must permit alternative in-app purchase options.

John Gruber:

YGR is only striking down the anti-steering rules that inform and link users to out-of-app (which effectively means web) means of sign-up and payment.

Judging by their reactions, both Apple and Epic see it that way too.

John Gruber:

I think the injunction allows, and Apple will enforce, that such links must open outside the app.

MacJournals:

The court specifically, carefully, and methodically examined whether Apple should be forced to allow IAP (in-app purchasing) systems other than the one built into iOS. The court found the arguments for such a ban lacking and declined to allow external IAP methods.

So the third-party IAP approach taken by Fortnite would still not be allowed.

Florian Mueller:

It’s one of those situations in which either side “gets something” and could claim victory, as Apple apparently does though the stock market initially disagreed (I, personally don’t think the decision should have moved the stock at all). This makes it all the more remarkable that Epic doesn’t engage in spin but concedes defeat. It’s not that Epic achieved nothing; but for the time being, all it got is a consolation prize, and that’s why Fortnite won’t return to iOS at this stage.

John Voorhees:

Building alternative storefronts or offering separate payment schemes are no more possible today than they were a week ago. In fact, the Court specifically concluded about the App Store and In-App Purchases, that Apple’s approach is valid[…]

Benedict Evans:

The more I look at this the more questions occur to me. Apps can offer their own payment now, but can Apple require them to offer IAP as well? Yes, on this text. At what price? What if Apple demands both IAP inclusion & price parity? Wouldn’t that mean Spotify was still blocked?

Michael Love:

There’s something unsettling about the fact that all the “actually much narrower” spin on Apple v. Epic has come secondhand through off-the-record “industry sources” and such; if Apple believes YGR did not comprehensively block anti-steering, they should come out and say so.

Personally, I think the injunction is unambiguous in blocking all anti-steering restrictions, and I don’t see anything in the longer opinion to suggest that that wasn’t her intent - she wants something simple to enforce, doesn’t want to get into the weeds of what a “button” is.

I don’t even think it’s particularly clear that developers have to keep offering in-app purchase at all - many of the developers this applies to weren’t offering it in before, the idea that Netflix can only offer an in-app ‘subscribe’ button if there’s an IAP option too is silly.

At the very least, certainly for ‘reader’ apps the combination of existing allowances for selling stuff outside of the app + this new requirement that all apps be allowed to redirect people to other purchase methods should fairly comprehensively end any obligation to use IAP.

Florian Mueller (Hacker News):

Let’s bear in mind that only Epic’s tenth claim succeeded at all. Not only Epic’s federal antitrust claims but also various state law claims failed. The failed state law claims include a couple that were very specifically about offering different IAP systems: Count 8 alleged unreasonable restraints of trade in the iOS IAP processing market under the California Cartwright Act, and Count 9 presented a tying claim related to IAP. Epic’s tenth and last claim--based on California UCL--broadly raised the issue of Epic being “unreasonably prevented from freely distributing mobile apps or its in-app payment processing tool, and forfeit[ing] a higher commission rate on the in-app purchases than it would pay absent Apple’s conduct.” But the court found for Epic under its tenth claim only with respect to the anti-steering provisions.

Florian Mueller:

By coincidence, that case was also an antitrust case as its caption shows. And the same appeals court--the one with which Epic filed its appeal yesterday--clarified that the standard involves “disobedience to a specific and definite court order.” (id.)

The bottom line is that any alleged ambiguity would favor Apple, not developers.

[…]

The question is not whether a developer’s interpretation of the injunction is somewhat reasonable. It’s whether Apple’s interpretation is so unreasonable as to constitute disobedience to a specific and definite court order.

[…]

Apple won’t even have to approve linking out to websites that merely sell digital items consumed in an iOS app.

Ben Thompson:

Judge Gonzales Rogers disagreed with both, defining the market as ‘mobile game transactions’.

[…]

I mentioned above that this was where the decision got a bit complicated; notice that I just used “IAP” and “in-app purchases” to represent two distinct concepts. Specifically, it seems clear that Gonzales Rogers has defined “IAP” to be Apple’s overall commerce system, while “in-app purchases” are purchases made in an app. In other words, Apple is justified in requiring IAP for in-app purchases.

Ryan Jones:

Basically, Judge ruled the same as the Japan anti-steering law, but for all apps: Apple can’t stop linking out.

  • Apple’s 30% rate is not threatened
  • Apple Pay + Stripe is not allowed
  • Apple crushed Epic

Craig Hockenberry:

While the lawyers argue about IAP, the rest of the development ecosystem is stuck with stuff that just plain doesn’t work.

Has anyone been able to get “Reset Eligibility” to work?

Previously:

Why Apple Should Compromise With Antitrust Regulators

Roger McNamee:

Recent news reports alleging mistreatment of some employees, internal policies that conflict with the company’s outward-facing stance on privacy, and efforts to prevent the passage of state laws to enable competition with the AppStore, along with a high profile lawsuit related to AppStore policies have tarnished Apple’s reputation. Despite this, the company has taken a stance towards Congress and regulators that the latter describe as ranging from arrogant to inflexible.

Unless Apple rethinks its approach, regulators will likely have no choice but to undermine its advantage in privacy and security. As a customer, that will piss me off. As an activist trying to reform the tech industry, it will leave me wondering what might have been. I would like to suggest a path to a better outcome.

[…]

It is a strategic error for Apple’s lobbyists and surrogates in Washington to argue against every new antitrust law targeting the tech industry. Apple has made itself a target by being incredibly successful and by adopting communications strategies that mimic tech giants whose anticompetitive behavior is substantially more damaging. Apple is almost certain to lose something, but there is still room to protect your most valuable assets. There may also be an opportunity to gain competitive advantage.

Via Nick Heer:

If there is some ambiguity as to what rules the permanent injunction permits Apple to create around in-app purchases, my hope is that the company uses this as an opportunity to ease off a little. I am not saying that I expect this to happen — today’s judgement indicates that Apple has little reason to stop pursuing its existing App Store strategy, with only the aforementioned exception. But a world in which Apple is not in an antagonistic role with developers is a better one for everyone, assuming that Apple can maintain or improve upon iOS’ privacy and security reputation. These fights are just noise.

M.G. Siegler (Hacker News):

My read is that Apple did win — exactly what everyone always knew they would win. But in winning that battle, they actually lost something far more important. There is no way around it: the judge’s order to stop App Store anti-steering is a big one. And seemingly one Apple did see coming given the Japanese settlement a few weeks back. But this is still a major blow because it both continues and accelerates the boulder rolling down the hill of real reforms to the App Store.

Apple may think that they’re doing enough in a piecemeal fashion to stave off major change, but they’re not. If anything, they need to make a major change to stanch the bleeding. But they won’t do that. They’re both too proud and too arrogant. They’re so sure that they’re in the right here that they don’t see that it actually doesn’t matter.

[…]

They should open things up to win these arguments on the product side of the equation — something which they’re uniquely situated to do thanks to about two dozen aspects of the iPhone. They should compete on the playing field in which they already have home field advantage.

Previously:

Update (2021-09-16): Michael Love:

At some point either Apple will allow sideloading or Safari will (foot-draggingly) reach a threshold where large numbers of apps start going web-only; I think option a is much healthier for iOS than option b, but absent legislative intervention the latter seems more likely.

Previously:

macOS 11.6

Juli Clover:

According to Apple’s release notes, macOS Big Sur improves the security of macOS and is recommended for all users. Apple has also released security update 2021-005 for macOS Catalina, and both updates address an issue that could allow a maliciously crafted PDF to execute code. Apple says that it is aware of a report that this bug may have been actively exploited.

It’s unclear why this update isn’t numbered 11.5.3. It was also weird in that the Update Now button was disabled for me in Software Update even though the text said that the update was available. I had to click the text to see the sheet with the list of updates and then click the checkbox next to it before macOS would start downloading the update.

Apple:

This document describes the security content of macOS Big Sur 11.6.

Howard Oakley:

Congratulations to Mikey @0xmachos, who has worked out that the PDF vulnerability is most probably the same as the Megalodon/FORCEDENTRY iMessage zero click exploit, involving a bug in CoreGraphics decoding JBIG2-encoded data in a PDF file.

See also: Mr. Macintosh (tweet).

Previously:

Update (2021-09-14): Howard Oakley:

Software which has changed version or build numbers between macOS 11.5.2 and 11.6 includes[…]

[…]

Although it does contain some minor fixes – that to SMB looks of potential interest – the 11.6 update is primarily a security update.

[…]

If you’re still running Mojave, this almost certainly means that your macOS is no longer supported by Apple, and may well be vulnerable to either or both of these bugs.

The standalone download is still not available.

Update (2021-09-17): Mr. Macintosh:

The macOS Big Sur 11.6 full installer is now available. 🎉

Zero-click iMessage Attacks

Lily Hay Newman (Hacker News):

These “zero-click” attacks can happen on any platform, but a string of high-profile hacks show that attackers have homed in on weaknesses in Apple’s iMessage service to execute them. Security researchers say the company’s efforts to resolve the issue haven’t been working—and that there are other steps the company could take to protect its most at-risk users.

[…]

Apple did make a major push to comprehensively address iMessage zero-clicks in iOS 14. The most prominent of those new features, BlastDoor, is a sort of quarantine ward for incoming iMessage communications that’s meant to weed out potentially malicious components before they hit the full iOS environment. But the interactionless attacks keep coming. This week’s Citizen Lab findings and research published in July by Amnesty International both specifically show that it’s possible for a zero-click attack to defeat BlastDoor.

Apple hasn’t issued a fix for this particular vulnerability and corresponding attack, dubbed “Megalodon” by Amnesty International and “ForcedEntry” by Citizen Lab. An Apple spokesperson told WIRED that it intends to harden iMessage security beyond BlastDoor, and that new defenses are coming with iOS 15, which will likely come out next month.

[…]

In fact, Citizen Lab researchers and others suggest that Apple should simply provide an option to disable iMessage entirely.

Lorenzo Franceschi-Bicchierai (tweet):

Security researchers found the vulnerability when they were investigating the potential hack of a Saudi activist’s iPhone, according to a new report by Citizen Lab, a digital rights group housed at the University of Toronto’s Munk School that has investigated NSO spyware for years.

The researchers told Motherboard that they believe the attack was carried out by a customer of NSO, the infamous Israeli company that sells spyware to dozens of governments all over the world.

Bill Marczak:

The exploit is invisible to the target, but in our forensic analysis, we found 31 files with the “.gif” extension on a target’s phone. Of course, they weren’t GIFs at all! 27 of them were the same 748-byte Adobe PSD file, and four were PDFs.

See also: Goodbye, iMessage.

Previously:

Update (2021-09-14): Juli Clover:

Today’s iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times.

See also: Hacker News.

Update (2021-09-17): Tom McGuire:

This blog post will analyze the integer overflow in CoreGraphics, CVE-2021-30860. After examining the modified .dylib, it appears that there were other issues that were resolved as well, related to imaging processing. We will focus in on the JBIG2 processing, specifically in the JBIG2::readTextRegionSeg.

MarsEdit 4.5.2

Daniel Jalkut (tweet):

This update brings long-awaited media syncing functionality for WordPress blogs. After you refresh your blog in MarsEdit 4.5, all the existing images and files from your blog will be available for re-insertion from the Media Manager’s “Published” tab.

Historically, this tab has included only files that are uploaded from MarsEdit itself. This limitation was based in shortcomings of the WordPress API (the interface MarsEdit communicates to the blog with), but the API has since been updated to support downloading a complete list of the published media files.

This is really cool. I ran into some issues when syncing large numbers of images, and these have been addressed in the 4.5.2 update.

Friday, September 10, 2021 [Tweets] [Favorites]

History of App Store Policy Changes

Dieter Bohn:

Apple’s app store policies have caused controversy and consternation many times over the years, but few periods have been as active and strange as the last two weeks. For the first time, we are seeing Apple being forced to react directly to lawsuits and regulators with substantial policy changes.

[…]

Here, then, is a very brief history of the major policy changes and statements Apple has made about the App Store over the years. The impetus for these different changes (or, as Apple tends to call them, “clarifications”) has varied, but the trend has remained the same. Apple has worked hard to keep the fundamental, central model of a 30 percent cut intact while softening it around the edges to appease various constituencies.

But just take a look at the timing and cadence of these changes. After a development period from 2007 to 2011 when Apple fills out the features, there’s a large gap when Apple made few notable policy changes. Then, a major shift in 2016 to address some growing discontent among developers. And then, starting in the summer of 2019, there is an ever-increasing cadence of controversies and policy tweaks to address them.

Previously:

Epic Wants Its Developer Account Back

Jay Peters (Fortnite, Hacker News):

Epic Games has asked Apple to reinstate its Fortnite developer account so it can release the game in South Korea, following the passage of a bill that will force Apple and Google to let apps use alternative payment systems.

Steve Troughton-Smith:

Of note, Epic’s preliminary injunction (to keep the Epic dev account & ability to use Xcode, build, sign, and distribute Unreal Engine for Apple’s platforms) is terminated.

I’m not sure what happens here; if Apple is vindictive, Epic may be forced to drop support for iOS & macOS

Juli Clover:

Apple is under no obligation to allow Fortnite back into the App Store, and further, the injunction preventing Apple from banning the Unreal Engine developer account has ended. Apple is well within its rights to remove Epic’s access for Unreal Engine development and distribution.

Juli Clover

In a statement to MacRumors, Apple said there is no basis for the reinstatement of the Epic Games developer account.

As we’ve said all along, we would welcome Epic’s return to the App Store if they agree to play by the same rules as everyone else. Epic has admitted to breach of contract and as of now, there’s no legitimate basis for the reinstatement of their developer account.

Apple says that to be added back to the App Store, Epic Games would need to comply with all of Apple’s App Store review guidelines, which the company has thus far declined to do.

With no developer account, Epic can’t submit to the App Store, so how can Apple tell whether or not the app now complies with the guidelines?

Previously:

Update (2021-09-14): Tim Sweeney:

Like Apple’s attempt to retaliate against all Unreal Engine customers, their refusal to restore Epic’s Fortnite developer account is vindicative and nonsensical. We’re fighting Apple over their iOS terms, but this ban blocks Fortnite from Mac too. Nobody’s arguing about Mac.

Sam Byford:

The South Korean legislation has not yet gone into effect, but if and when it does, according to Apple, that wouldn’t have any bearing on the company’s process for approving developer accounts. Until Epic agrees to comply with the App Store’s app review guidelines, Apple isn’t going to consider its request.

Has Epic really not agreed to do that?

Colin Cornaby:

So there’s a question of Apple restoring Epic’s account.

But couldn’t Epic open a new account either for themselves or through a proxy publisher?

Like if Epic decided to publish Fortnight through EA or something could Apple stop that?

Anti-Steering Ruling in Epic v. Apple

Russell Brandom (via Nilay Patel, Hacker News, 9to5Mac, MacRumors, Slashdot):

Judge Yvonne Gonzalez Rogers issued a permanent injunction in the Epic v. Apple case on Friday morning, putting new restrictions on Apple’s App Store rules and bringing months of bitter legal jousting to a conclusion.

Under the new order, Apple is:

permanently restrained and enjoined from prohibiting developers from including in their apps and their metadata buttons, external links, or other calls to action that direct customers to purchasing mechanisms, in addition to In-App Purchasing and communicating with customers through points of contact obtained voluntarily from customers through account registration within the app.

In short, iOS apps must be allowed to direct users to payment options beyond those offered by Apple. The injunction is scheduled to take effect in 90 days — on December 9th — unless it is enjoined by a higher court.

In a separate judgment, the court affirmed that Epic Games was in breach of its contract with Apple when it implemented the alternative payment system in the Fortnite app. As a result, Epic must pay Apple 30 percent of all revenue collected through the system since it was implemented — a sum of more than $3.5 million.

Juli Clover:

In a statement on Twitter, Epic Games CEO Tim Sweeney said that the company was not happy with the verdict, and at the current time, there are no immediate plans for Fortnite to return to the App Store. Sweeney said that today’s ruling “isn’t a win” for developers or consumers.

[…]

Though Apple did not score a total win, Apple lawyer Kate Adams told members of the media that the ruling was a “resounding victory” that validates the App Store business model. Apple’s official statement highlights the anti-trust portion of the ruling, which went in Apple’s favor. Apple has yet to comment on the outside payment requirement.

[…]

Epic Games plans to appeal the parts of the ruling that it does not agree with, and Apple too will likely submit an appeal to push back on the anti-steering requirements the judge has enacted.

Ben Thompson:

Epic lost on everything else, and has to pay Apple 30% of the money it earned from its own in-app purchase flow. And Apple can still kick them out of the store. Truly a self-sacrifice for developers generally 🤷‍♂️

[…]

One final note: neither this ruling nor the JFTC settlement say that Apple can’t require IAP. In fact this injunction specifically says developers can link out “in addition to” IAP. No mention about offering different prices.

Steve Troughton-Smith:

Apple just lost a huge part of the Epic vs Apple case, breaking open the App Store to alternate payment systems — Apple will almost certainly appeal the ruling, but with the pressure mounting globally over this very issue, I think the writing is on the wall

This also means that Epic was completely justified in the stunt they pulled, adding alternate payments to Fortnite, as Apple’s rules on this, & enforcement thereof, are illegal.

Matthew Panzarino:

This is really a big likely loss for consumer protections. Have fun chasing down all of the fraudulent scammy junk cash grabs that will result. Big win for game/IAP-focused publishers and for Stripe though.

[…]

Imagine a world where Apple had introduced a Stripe partnership a year ago and offered two clear options for developers, web via Stripe or streamlined IAP inside apps.

M.G. Siegler:

Apple needed to tear down the wall proactively and win by competing. And the wild is, they easily could have! (And now will.) In-App/Apple Pay is a great product and has inherent advantages thanks to the iPhone. Just a dumb misread and self-own.

Craig Hockenberry:

Apple is competing against Stripe now.

In my mind, that’s a good thing because Stripe is really fucking great.

If Apple can match their pricing & functionality, they’ll get my business both as a developer and a consumer because I know where they stand on privacy.

Also, when I say “Stripe”, I really mean “Apple Pay”.

Joe Fabisevich:

Stripe is gonna make one hell of an IAP SDK. People keep talking about how Apple has to allow developers to link to the web for payments, but there’s no reason someone like Stripe can’t make a top notch easy to setup native experience.

In my view this is probably one of the best outcomes. Alternative App Stores would be an absolute mess, and while I hope Apple provides some sort of payment plugin to ensure the best experiences, companies that already provide good competitive experiences is a great outcome.

Perhaps it’s the best that could be expected from this case, but there are so many problems that alternate app stores or sideloading would address that this ruling doesn’t.

Steve Troughton-Smith:

Seeing a few people interpret the ruling as devs are now allowed ‘to link out’ to 3rd-party purchasing. To me, this specifically prohibits Apple from stopping devs having buttons or other calls to action to use a different payment provider, in-app or ex-app. No link-out necessary

John Gruber:

That’s not how Apple sees it. It is an ambiguously worded injunction, though. Apple’s take, as I understand it, as well as my take, is that it means apps can steer users to the web in addition to IAP.

Michael Love:

Apple seems to be discreetly leaking that interpretation to a bunch of people, but since the language is lifted directly from the App Review Guidelines it’s very hard to argue that it’s doing anything short of totally blocking the anti-steering portion of 3.1.1.

Whatever version of “buttons” Apple says we’re not allowed to use to direct users to outside purchasing mechanisms, that’s the version of “buttons” that they’re no longer allowed to ban.

See also: Nilay Patel (tweet).

Curtis Herbert:

My guess, new IAP rules will follow Sign in with Apple:

  • Can offer alternate payments, but Apple IAP has to be top billing.
  • Can’t show others without also showing Apple’s.

Sean Heber:

If this is how it goes, it’s not that big a win since supporting 2 payment systems is going to be twice the work and twice the support burden for anyone that isn’t huge. Apple has no incentive to make this situation easier on the developer, either.

Ryan Jones:

We knew the App Store is really a Game Store, but…98% of all IAP revenue comes from games.

[…]

10% of iOS users generate 70% of App Store revenue via games

David Barnard:

Kinda gross TBH that this all really boils down to Apple making billions off free-to-play games selling gems and digital trinkets. The rest of us are just a rounding error — collateral damage in Apple’s ability to keep that income stream and prop up the stock price.

Nilay Patel:

Apple’s anti-steering rules are “an incipient violation of antitrust law” regardless of Epic failing to prove its case, says judge.

Ruffin Bailey:

Apple has to take 3rd party payments.

We can judge Apple by seeing if they...

  1. Do this quickly (they anticipated the possibility & have prepared best case implementations) or
  2. Drag their feet (they’re a poorly run company scrambling to adapt; sell).

See also:

Previously:

Update (2021-09-14): John Gruber:

Judge Yvonne Gonzalez Rogers ruled today on the Epic v. Apple case. It seems pretty clear to me that Apple got a huge victory, and Epic was served an even huger loss.

Thomas Claburn:

Amusingly, the judge trashed Apple SVP of software Craig Federighi’s argument that opening up iOS to all apps, as it does for macOS, would open the floodgates for malware. “While Mr. Federighi’s Mac malware opinions may appear plausible, they appear to have emerged for the first time at trial which suggests he is stretching the truth for the sake of the argument,” the judge noted.

Mitchell Clark:

After discussing notarization and App Review a bit more, she concludes that Apple could implement a system similar to the Mac’s without giving up much of the security iOS already enjoys[…]

Sean Hollister:

Epic will appeal the court’s ruling in Epic v. Apple, a spokesperson confirmed to The Verge.

Sami Fathi:

Epic Games has filed an appeal against the ruling in its case against Apple, further prolonging the already year-long legal battle between the two companies.

Dieter Bohn:

Apple won the vast, vast majority of issues Epic tried to bring up, but also I feel like all of those were long shots. But there is an actual win in all those losses (anti-steering), so I’m fascinating by Epic’s rhetoric here.

Update (2021-09-16): Florian Mueller:

What the court got absolutely right is that the 30% cut is not a market rate for the intellectual property in question. The court even takes note of “Apple’s low apparent investment in App Store-specific intellectual property.” The commission is practically imposed and enforced because of Apple’s app distribution monopoly. The term “gatekeeper” (which is very popular in EU tech policy and law) doesn’t appear in that ruling, but that’s what it’s all about.

Universal Control

Dieter Bohn (Hacker News):

The idea is simple enough: it allows you to use the keyboard and trackpad on a Mac to directly control an iPad, and even makes it simple to drag and drop content between those devices.

What made the demo so impressive is how easy and seamless it all seemed. In a classic Apple move, there was no setup required at all. The segment happened so fast that it even seemed (incorrectly, as it turns out) like the Mac was able to physically locate the iPad in space so it knew where to put the mouse pointer.

See also: Teleport, Synergy.

Federico Viticci:

It can only be started from a Mac running Monterey. You cannot start dragging the pointer from an iPad towards a Mac – it only originates from macOS, and then you can move it around.

It seems to be iPad-only, which is too bad because it would be nice to be able to type directly into my iPhone.

Sami Fathi:

While the feature was previewed at WWDC in June, it’s yet to make an official appearance in any developer beta of macOS Monterey or iPadOS 15, leading to speculation that the feature may be delayed to a future update to the operating systems. However, in the latest macOS Monterey beta released on August 11, Universal Control can be enabled and used between two Macs.

To enable it, users will need to follow the steps outlined in this GitHub post, which requires running a series of Terminal lines, altering system settings, and running commands to enable “Ensemble,” Apple’s internal codename for Universal Control.

Previously:

Thursday, September 9, 2021 [Tweets] [Favorites]

Fire TV Omni and 4-Series

Chris Welch:

Amazon is officially in the TV business. The company has announced its first lineup of Amazon-branded 4K Fire TVs, which will begin shipping in October. This is a major expansion from the company’s “Fire TV Edition” collaborations, where its popular streaming software comes preloaded on sets manufactured by other TV makers. But with its new Omni and 4-Series, Amazon is describing these as “Amazon-built TVs.”

The Omni series is the higher-end of the two, and beyond offering better picture quality, its other key selling point is hands-free voice control. Amazon includes far-field microphones in each model of the Omni series, which comes in 43, 50, 55, 65, and 75 inches.

[…]

The Fire TV Omni sets also include picture-in-picture for checking your smart home cameras, and you’ll see your Ring doorbell feed whenever someone is at the door. Amazon says it will be adding a “smart home dashboard” later this year for more comprehensive controls over your connected home gadgets.

You can get a 43-inch 4K smart TV for about double the price of an Apple TV 4K box with no screen. Amazon has more details here.

John Gruber:

This privacy report focuses on streaming services, not hardware platforms, but related to the previous post re: Amazon’s new Fire TV Omni Series, it’s also the case that Apple TV is the only platform that makes privacy a priority and doesn’t put ads on your screen.

Except for ads for Apple services.

Previously:

Security Researchers Unhappy With Apple’s Bug Bounty Program

Juli Clover:

Apple offers a bug bounty program that’s designed to pay security researchers for discovering and reporting critical bugs in Apple operating systems, but researchers are not happy with how it operates or Apple’s payouts in comparison to other major tech companies, reports The Washington Post.

In interviews with more than two dozen security researchers, The Washington Post collected a number of complaints. Apple is slow to fix bugs, and doesn’t always pay out what’s owed.

Reed Albergotti (tweet, Hacker News):

Ultimately, they say, Apple’s insular culture has hurt the program and created a blind spot on security.

“It’s a bug bounty program where the house always wins,” said Katie Moussouris, CEO and founder of Luta Security, which worked with the Defense Department to set up its first bug bounty program. She said Apple’s bad reputation in the security industry will lead to “less secure products for their customers and more cost down the line.”

[…]

“The Apple Security Bounty program has been a runaway success,” Ivan Krstić, head of Apple Security Engineering and Architecture, said in an emailed statement.

[…]

Payment amounts aren’t the only factor for success, however. The best programs support open conversations between the hackers and the company. Apple, already known for being tight-lipped, limits communication and feedback on why it chooses to pay or not pay for a bug[…] Apple also has a massive backlog of bugs that it hasn’t fixed, according to the former employee and a current employee, who also spoke on the condition of anonymity because of an NDA.

[…]

Tian Zhang, an iOS software engineer, first reported a bug to Apple in 2017. After months of waiting for Apple to fix the bug, Zhang lost patience and decided to blog about his discovery. The second time he reported a security flaw, he says Apple fixed it but ignored him. In July, Zhang submitted another bug to Apple that he says was eligible for a reward. The software was quickly fixed, but Zhang didn’t receive a reward. Instead, he was kicked out of the Apple Developer Program.

Dave Mark:

This is a long article, filled with bug bounty stories, many of them anonymously told. Hard to truly know whether this is the squeaky wheel getting all the attention, or something more problematic. […] Definitely reads like Apple puts less money into bug bounties, shines less of a light onto bug researcher efforts and successes than its competitors.

We’ve been hearing a steady stream of these stories, and it almost doesn’t matter whether they’re representative. The perception is that Apple is stingy and a pain to deal with, and that will affect whether researchers choose to deal with Apple at all. Why, other than ethics, go through a process that sounds worse than App Review when you can blog about it for fame or quickly sell to another party for more money?

Previously:

Update (2021-09-10): Jeff Johnson:

We don’t know for sure that the stories are representative, but we would know a lot more if Apple published any information whatsoever about the bounty payments. Compare the Google Chrome release announcement.

QuickBooks Desktop Subscriptions

Adam Engst:

Unfortunately, AccountEdge was built on a 30-year-old, 32-bit code base that wasn’t compatible with macOS 10.15 Catalina. MYOB tried and failed to update AccountEdge to be a 64-bit app, and eventually stopped selling it. Tonya didn’t mind keeping one of her Macs on 10.14 Mojave so she could keep running AccountEdge temporarily, but we clearly had to switch accounting systems. Such transitions are most easily done at the start of a year, so in late 2020, we started evaluating the alternatives. Two choices immediately presented themselves:

AccountEdge Pro: You have to give MYOB credit for trying. The company’s engineers figured out a way to embed the Windows version of AccountEdge in a custom emulation wrapper, and they made that the official migration path for orphaned Mac users. However, for $15 per month, we weren’t interested in using an emulated Windows app.

QuickBooks: The 800-pound gorilla of the small business accounting world is still Intuit’s QuickBooks. Although the company seemingly sells a $399 desktop version for the Mac, Intuit’s focus is on various cloud versions of QuickBooks Online, with plans starting at $12.50 per month. […] We were also troubled by the idea of working with Intuit, and the company seems to be up to its old tricks, having just announced that it was discontinuing the Mac app that provided direct access to QuickBooks Online without having to use a Web browser.

Intuit:

The QuickBooks Online Windows and Mac desktop apps are no longer supported as of April 20, 2021.

[…]

Due to limited use, we stopped supporting these apps to invest in other functionality that matters to you.

TidBITS eventually decided on Xero.

Meanwhile, the situation for QuickBooks Desktop for Mac has changed (via Hacker News):

For 2022, we are introducing QuickBooks Desktop Mac Plus, an annual subscription-based license for small businesses. We will now be selling our Mac product subscription in place of one-time purchase licenses.

[…]

Our transition to a subscription-forward lineup will occur at the time of our 2022 product release – scheduled for October 12, 2021.

We will offer a limited time exception for the purchase of our Desktop Pro, Premier and Mac 2021 one-time purchase licenses (supported through May 2024) to avoid disruption to you and your clients. These products will be available via QuickBooks Solutions Providers (QSPs) and Intuit sales agents until December 10, 2021.

$199 for the first year, then $299/year.

Previously:

Update (2021-09-10): Michael Love:

I was an upgrade-every-couple-of-years only-use-10%-of-the-functionality QuickBooks user - just as I was with Photoshop - so for me the effect of subscription pricing is that I’ll switch to another product.

As with other subscription products, I’m sure Intuit will more than make up for the loss of smaller customers with the increased revenue from larger businesses. But, as with Adobe, this may create an opening for competitors.

21 Years of Apple Home Page Tabs

James Dempsey (tweet):

The tabs at the top of apple.com have been around for over two decades now.

Looking at the changes over time shows changes in Apple products, priorities, and design. For long-time Apple watchers it also provides a walk down memory lane.

Previously:

Why Is There No iPad or Mac Weather App?

Zac Hall:

For some reason, Apple’s Weather app on iPadOS 15 doesn’t have exactly the same design. Information is still organized into blocks, but a lot of the blocks are weirdly not about weather conditions.

The top of the Weather app for iPad includes a giant banner for a subscription version with more features and fewer ads. I missed the announcement about a paid version of the Weather app, but Apple is really into services these days so it’s no surprise.

[…]

Something else unique about the Weather app for iPad is a neat tidbit about UPS. According to the Weather app for iPad, you can save 50% on global shipping with code REACH from now through July 19. I couldn’t find this curious but helpful data point on the Weather app for iPhone. Now I’m worried folks who check the weather on their iPhone are overpaying for shipping.

[…]

And before you try to tell me this isn’t the Weather app for iPad, hear me out. The Weather widget launches the Weather app on iPhone, and I’m certain the Weather widget launches the Weather app on iPad. That’s just how widgets work!

M.G. Siegler:

Honestly, it’s embarrassing. Apple has outsourced its soul to an absolutely awful weather.com webpage. On load, you’ll see crappy ad after crappy ad. Keep scrolling and you’ll quickly be subsumed by shitty click-bait-y ads. “Kill the Goblin!” And go further still and it’s full-on porn-y spam. Apple is sending millions upon millions of their users to this experience. Apple!

[…]

The whole situation is bizarre. Apple just redid the Weather app in iOS 15 to be more beautiful. And the widgets reflect that. And they throw it all in the trash compactor when it comes time to drill down on the iPad.

Nick Heer:

A native Apple weather app on the iPad is long overdue, but that also goes for MacOS. The weather widget in Big Sur is, as far as I know, the only widget that opens a webpage instead of an app when you click on it.

The macOS weather widget is particularly annoying. It shows fewer days and hours than the iOS Weather app, amongst other missing information, and isn’t interactive. On Big Sur, the widget system has a tendancy to crash, making all the widgets disappear until I manually re-add and re-configure them, which sometimes requires restarting the Mac.

With the iPhone Weather app now using SwiftUI, hopefully iPad and Mac will get basic ports in the next cycle. Really, they deserve something even better, though. Apple should be leading by example.

Dave Mark:

Is weather.com paying for this placement on iPad? Why is the iPhone weather experience so different from iPad? Have long wondered this. Anyone know the real scoop?

Previously:

Tuesday, September 7, 2021 [Tweets] [Favorites]

How to Hard-Lock Your iPhone

Apple:

Apple today announced that it is working with several states across the country, which will roll out the ability for their residents to seamlessly and securely add their driver’s license or state ID to Wallet on their iPhone and Apple Watch.

John Gruber:

When you pay with Apple Pay, you never hand your phone to an employee. It wouldn’t even work, because no one else can authorize an Apple Pay transaction without your biometric authentication. This ID feature for Wallet is exactly like that: it doesn’t work without your biometric authentication, and your phone does not unlock when you use it.

[…]

With a Face ID iPhone, you hard-lock your iPhone by pressing and holding the side button and either volume button. Two seconds or so — just long enough to make the “Slide to power off” screen appear. (That screen also has sliders for Medical ID and Emergency SOS.) With a Touch ID iPhone, you just press and hold the power button.

Once you do this, your iPhone will require your passcode to unlock. You can’t use Face ID or Touch ID to unlock until after you’ve unlocked with your passcode. That means even if someone confiscates your phone by force, they cannot unlock it by pointing it at your face or by forcing your finger onto the Touch ID sensor. Remember to put your iPhone into this mode every time you’re separated from it as you go through the magnetometer at any security checkpoint, especially in the airport.

Super Follows and IAP

Juli Clover:

Twitter today announced the official launch of Super Follows, a new feature that allows creators to provide subscriber-only content that requires a paid fee to access.

Hartley Charlton:

Each Twitter Super Follow subscription is an individual in-app purchase for every account with the feature set up, it has emerged.

The unusual system, spotted by Jane Manchun Wong, means that for every Super Follow there is an individual in-app purchase for that account specifically. Some observers are speculating that each Super Follow in-app purchase will have to be set up manually by Twitter on the App Store, making the system even more unconventional.

[…]

The App Store does not allow for multiple instances of the same subscription, leading other platforms such as YouTube and Twitch to get around this by effectively allowing users to buy a sub-token that can be directed toward a specific creator.

[…]

Apple only allows developers to create up to 10,000 in-app purchases, so it is not clear if Twitter will limit the users eligible to sell Super Follows at 10,000 minus Ticketed Spaces and Twitter Blue.

And yet Apple expects Amazon to use this system to sell 9 million Kindle books.

John Gruber (tweet):

This is incredible. Ostensibly, Twitter is doing what Apple wants them to do. Right now Super Follows payments are even exclusive to iOS. (Once you pay on iOS, you can see Super Follow content on Twitter’s Android and web clients, too, but the only way to pay is on iOS through IAP.) But Apple’s IAP system is so brittle that Twitter has to make a discrete SKU for each and every Super Follow user, and pay Apple 30 percent of the price for the privilege. (Twitter, per its published terms, takes just 3 percent of the first $50,000 in lifetime earnings, then 20 percent after that.) Also, because Apple’s IAP listings in the App Store rank IAP offerings by popularity, Twitter is being forced to reveal data that they quite likely would prefer to keep to themselves.

Buzz Andersen:

This is bonkers and really illustrates the ways that Apple’s IAP rules severely constrain the possible business models on its platform.

Steve Troughton-Smith:

This whole system seems designed to showcase just how ridiculous the hoops Apple makes apps jump through with IAP policies are. App Review, too, theoretically has to review each individual in-app purchase, and each one has to include a screenshot.

Steve Moser:

Twitter’s latest beta update introduces support for providing content creators with Bitcoin tips using the “Tip Jar” feature that Twitter introduced earlier this year. Bitcoin isn’t yet available to select as a tip option for beta users, but code in the beta suggests that Twitter is in the process of rolling it out.

Previously:

Update (2021-09-08): frijole:

reminds me of when comixology had to list every comic via IAP -- and the rejections

ProtonMail Turned on IP Logging for User

Natasha Lomas and Romain Dillet (Hacker News, 3):

ProtonMail, a hosted email service with a focus on end-to-end encrypted communications, has been facing criticism after a police report showed that French authorities managed to obtain the IP address of a French activist who was using the online service. The company has communicated widely about the incident, stating that it doesn’t log IP addresses by default and it only complies with local regulation — in that case Swiss law. While ProtonMail didn’t cooperate with French authorities, French police sent a request to Swiss police via Europol to force the company to obtain the IP address of one of its users.

[…]

ProtonMail’s founder and CEO Andy Yen reacted to the police report on Twitter without mentioning the specific circumstances of that case in particular. “Proton must comply with Swiss law. As soon as a crime is committed, privacy protections can be suspended and we’re required by Swiss law to answer requests from Swiss authorities,” he wrote.

ProtonMail:

As detailed in our transparency report, our published threat model, and also our privacy policy, under Swiss law, Proton can be forced to collect info on accounts belonging to users under Swiss criminal investigation. This is obviously not done by default, but only if Proton gets a legal order for a specific account. Under no circumstances however, can our encryption be bypassed, meaning emails, attachments, calendars, files, etc, cannot be compromised by legal orders.

[…]

Second, ProtonMail is one of the only email providers that provides a Tor onion site for anonymous access.

[…]

Third, no matter what service you use, unless it is based 15 miles offshore in international waters, the company will have to comply with the law. This case does illustrate one benefit of ProtonMail’s Swiss jurisdiction, as no less than 3 authorities in 2 countries were required to approve the request, which is a much higher bar than most other jurisdictions. Under Swiss law, it is also obligatory for the suspect to be notified that their data was requested.

Robert Graham:

ProtonMail has always been clear: they abide by Swiss law and don’t track IP addresses until forced to. Now people are upset at ProtonMail because it works as claimed, not how people assumed because they weren’t paying attention.

Etienne:

[They] provided the IP address and information on the type of device used to the police

Now, of course Protonmail has to comply with Swiss law, but is that what you mean by “No personal information is required to create your secure email account. By default, we do not keep any IP logs which can be linked to your anonymous email account. Your privacy comes first.”

It was confirmed by @andyyen that in criminal cases, Protonmail can log IP addresses, their documentation say “in extreme criminal cases”

IANAL, but I have a hard time seeing how young people squatting buildings in Paris is an extreme criminal case. In any case, I have an issue with this lack of transparency from ProtonMail, if any police service can ask them to log IP addresses, that is not anonymous

Andy Yen (Hacker News):

Under no circumstances can our encryption be bypassed, meaning emails, attachments, calendars, files, etc. cannot be compromised by legal orders.

[…]

Under current Swiss law, email and VPN are treated differently, and ProtonVPN cannot be compelled to log user data.

[…]

Due to Proton’s strict privacy, we do not know the identity of our users, and at no point were we aware that the targeted users were climate activists. We only know that the order for data from the Swiss government came through channels typically reserved for serious crimes.

[…]

We will be making updates to our website to better clarify ProtonMail’s obligations in cases of criminal prosecution and we apologize if this was not clear.

Gareth Corfield (Hacker News):

Today that boast has been replaced with a mealy-mouthed version: "ProtonMail is email that respects privacy and puts people (not advertisers) first. Your data belongs to you, and our encryption ensures that. We also provide an anonymous email gateway."

Regarding Yen’s first point, rogers18445 writes:

Each time you visit protonmail you re-download (cache can be invalidated) their client. It would be trivial for them to serve a specific user a modified client which uploads their encryption keys.

This problem is not specific to protonmail, any service which contends to be secure with respect to some server (the protocol relies on the client to decrypt stuff the server cannot) can be compromised this way because of implicit trust in the client software which can be modified at any time with no notice - making any auditing entirely meaningless in the case of targeted attacks.

Previously:

Fission Exits the Mac App Store

Paul Kafasis (tweet):

We want to be sure to our customers who previously purchased Fission via the Mac App Store are taken care of as well. To that end, we will be transitioning you over to our directly distributed version.

[…]

For almost twenty years, we’ve sold our software directly to our customers via our online store. Our fast and secure purchase process has served our customers very well. Since the Mac App Store opened in 2011, we’ve also experimented there. However, despite a decade of feedback from countless developers and users, Apple has made scant few changes and the store remains beset with issues. When you couple the many shortcomings and issues with Apple’s restrictive policies that preclude most of our software from appearing there, the Mac App Store is clearly a poor fit for us. With the removal of Fission, we no longer have any products in the Mac App Store.

Jeff Johnson:

I remember putting Fission in the Mac App Store, and it sucked, mainly because we had to mangle it and make the app worse for sandboxing.

Steve Troughton-Smith:

A damning indictment of the Mac App Store.

Jonathan Deutsch:

I’d love to see a follow-up to this piece about overall revenue with any other apps/app-makers that have left the Mac App Store.

Frank Reiff:

I’m thinking of removing my apps from the Mac App Store, the revenue from that source is constantly dropping and I’m really only offering it as a convenience for potential customers, especially those with a Mac App Store preference.

James Thomson:

When I was selling via both the Mac App Store, and Kagi, it got up to around 80% MAS sales, and the direction was pretty clear. For something like PCalc which is (less) unlikely to fall foul of App Review, I think it’s still the best place to be.

Previously:

Update (2021-09-08): Steve Troughton-Smith:

Alternate take on the Mac App Store: I only joined the MAS in the past two years after years of my apps being iOS-only. It has since grown to ~30% of my revenue, a chunk that didn’t exist before, and, as competition is low, the App Store editors are eager to show off great apps.

Mike Rockwell:

How can anyone watch so many developers leave and/or completely ignore the Mac App Store and continue to think that the iOS App Store is actually good for the platform?

Apple Delays Child Safety Features

Joseph Cox (tweet, Hacker News, The Verge, MacRumors, TechCrunch):

“Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features,” Apple said in the statement.

It sounds like they are delaying, indefinitely, both the Messages and iCloud Photos components.

Matthew Green:

My suggestions to Apple:

(1) talk to the technical and policy communities before you do whatever you’re going to do. Talk to the general public as well. This isn’t a fancy new Touchbar: it’s a privacy compromise that affects 1bn users.

(2) Be clear about why you’re scanning and what you’re scanning. Going from scanning nothing (but email attachments) to scanning everyone’s private photo library was an enormous delta. You need to justify escalations like this.

(3) As Nick says, client-side scanning is icky to people. There is a reason for this. Considering the number of privacy invasions users have learned to live with, the pushback on this line means something. Learn from it.

(4) Privacy-preserving cryptographic protocols aren’t going to distract people from the fact that what you’re trying to do is uncomfortable.

And (5) if you’re going to make your system design public, make all of it public. Withholding NeuralHash and then having it REed, broken: that was a catastrophe.

There’s also the issue of the secondary server-side hashing algorithm, which Apple seems not to have mentioned until after people started criticizing NeuralHash. Are there other key components not mentioned in the whitepaper?

Kyle Howells:

To me client side scanning is THE issue. Server side, do whatever you want. But MY device should be MINE, and only do what I tell it and/or act for my benefit.

Scan things on “sharing” them, not on “storing” them.

Cindy Cohn (via Edward Snowden):

EFF is pleased Apple is now listening to the concerns of customers, researchers, civil liberties organizations, human rights activists, LGBTQ people, youth representatives, and other groups, about the dangers posed by its phone scanning tools. But the company must go further than just listening, and drop its plans to put a backdoor into its encryption entirely.

Nick Heer:

If you think Apple lacks the backbone to resist political pressure for expanding the CSAM matching database, you definitely cannot hope for wholly encrypted iCloud storage without any way of detecting abuse.

[…]

I am curious about the company’s next steps, though. […] I look forward to a solution that can alleviate many researchers’ concerns, but if — as with the App Store — trust has been burned. Only Apple can rebuild it.

Adam Engst:

The other possibility is that the entire effort is now tainted, making this “delay” just a face-saving way for Apple to drop the technology like the hot potato it became. Would there be a massive public outcry if 2022’s Worldwide Developer Conference came and went with no mention of CSAM detection in iOS 16?

Paul Haddad:

It’s a loss for Apple because all they managed to do is piss off everyone.

Previously:

Monday, September 6, 2021 [Tweets] [Favorites]

Tweetbot 6.3 for iOS

Joe Rossignol:

Tapbots today released version 6.3 of Tweetbot for the iPhone and iPad, with the key new feature being a “Behaviors” menu in the app’s settings that contains several toggle switches for fine tuning your Tweetbot experience.

I like the option to turn off “Tap to Top,” as I often accidentally scroll to the top and then lose my place in the timeline. In theory, I can tap the top again to scroll back down, but sometimes by the time I realize I’ve gone to the top it’s too late.

What I’d really like to see is more behaviors, e.g. being able to configure a swipe to share with OmniFocus in a single gesture. Currently, it’s a multi-step process: tap to show the buttons, tap the Share button, wait for the animation, tap OmniFocus, wait for the panel to show up, tap Save, and wait for the panel to close.

It does let you configure a swipe to add to Safari Reading List, though, which was not previously possible. This also requires a confirmation alert each time, apparently because iOS was designed that way. Apple doesn’t explicitly say so, but I assume that Reading List is considered part of Bookmarks rather than History and so is not end-to-end encrypted.

Previously:

Powering Your Mac: Power Filters and UPS

Howard Oakley:

Providing your Mac with a reliable filtered AC supply is very important to protect it from sustaining damage during electrical storms, when there’s utility maintenance underway, or some idiot trips a circuit-breaker or pulls the mains plug.

[…]

Most Macs are well-protected if the UPS keeps them going long enough to allow an orderly shutdown – a minute or two at most. It’s far better for a Mac to be given that chance than to have no UPS at all.

[…]

When that’s connected to your Mac, the Energy Saver pane should recognise it and offer both display options and Shutdown Options, which determine how quickly your Mac shuts down when mains power is lost and it’s running off the battery in the UPS.

[…]

There’s an important fact which can sometimes be forgotten: the USB interface on a UPS can only be connected to one Mac. If you’ve got two Macs to protect, they each need their own UPS, as one UPS can’t tell two Macs to shut down, except by SNMP, which is considerably more complex to use.

I used APC’s Back-UPS LS for many years with success, but eventually the units (not just the batteries, which I’d replaced many times) failed, and APC discontinued the design that I liked. Lately, I’ve been using a Tripp Lite, which is great except that starting with Catalina the Mac always thinks it’s out of power and needs to shut down. Now the USB connection is useless, and it’s no longer a good solution for a Mac that will be running unattended.

Some other things to consider when getting a UPS:

Update (2021-09-07): Although I think an extension cord will work in practice, the Tripp Lite manual specifically says that doing this will void your warranty.

Callin 1.0

David Sacks:

Today is the public launch of Callin, the first app to offer a new experience we call “Social Podcasting.”

[…]

Callin lets you create, discover, and consume live and recorded audio content in one place. It combines the best aspects of social audio — live conversations and social discoverability — with the best aspects of podcasting — creating a lasting library of shows that users can listen to anytime.

This seems like a non-ephemeral version of Clubhouse. I was going to compare how it handles the privacy of phone numbers, but somehow Apple approved this app even though both the Terms of Service and Privacy Policy links 404.

Our goal was to bring the barriers to podcasting down to zero by turning your iPhone into a studio.

[…]

One of the most magical features of Callin is that recordings are turned into a transcript which you can edit. Callin recompiles the audio based on the edited transcript so the creator never needs to touch an audio file.

Jason Snell recently described a very different workflow:

This week’s episode of Upgrade was a “call-in show,” in which we answered audio questions sent in by listeners. I’ve heard from a few people who wondered how we put the show together, so I thought I’d provide some of the details.

This likely produces a much higher quality result, but with a lot more time and expertise required. He’s also posted a video of his workflow using Ferrite Recording Studio on an iPad.

Tim Hardwick:

Clubhouse, the online audio app that this year became a social sensation, is rolling out spatial audio support for iOS users.

[…]

In the example, individual speakers on a Clubhouse call can be heard as if their voices are in separate locations within a three-dimensional space around the listener, making it seem like everyone is situated in different places in the same a room.

[…]

To be clear, this isn’t Apple’s version of spatial audio, which includes head tracking to make it sound like the sound is coming from your iPhone or iPad, but it shows just how much spatial audio has caught on since Apple began touting the concept.

Previously:

The Persistent Gravity of Cross Platform

Allen Pike:

Each time a cross-platform app has found itself in the crosshairs of the internet, I hear a variant of this question: “What is it about enterprise companies that make so many of them abandon native apps, when they could surely afford to develop one app for each platform?”

[…]

At the highest level, cross-platform UI technologies prioritize coordinated featurefulness over polished UX.

[…]

Where things get interesting is when you look at customer-facing software. Products where the experience is a big contributor to success or failure, and the higher “UX ceiling” that platform-specific UI code enables can help retain paying users. It seems, conceptually, that a big company willing to spend big money to build really nice native Mac and Windows apps would be in a position to outcompete the Electron-based Slacks, Figmas, and Spotifys of the world. Right? So why isn’t that happening?

[…]

When you’re rapidly hiring, rapidly adding client features, and adding support for a third, fourth, and fifth platform, things start to get dicey. […] Hiring more engineers makes for a non-zero improvement, but the exponential – or at least super-linear – nature of coordination overhead means the additional product velocity per new hire can get disturbingly low.

Gus Mueller:

More and more apps written with web tech (such as Electron) are showing up on the Mac desktop everyday. I understand why, but I don’t have to like it.

Previously:

Update (2021-09-14): Fred McCann (Hacker News):

The obvious question is if Electron is so bad, why do companies keep shipping Electron applications? There’s a set of common theories, which do have merit, but I don’t think they explain why Election is gaining so much traction. Before I give you my take, let’s break these down.

[…]

With some notable exceptions, most awful Electron apps are clients of network services. Why does that matter? Haven’t there always been terrible cross-platform applications that were clients of network services?

[…]

The interesting question to me is not whether developers, companies, or users are to blame. It’s not how we could expect a single company to be able to develop applications on multiple platforms with feature parity. The question is what fundamentally changed? Why are internet applications today more often than not controlled entirely by a single company which carries the burden of creating client applications for every user on every platform?

[…]

When protocols are open, there’s more innovation and more choices. If anyone can make a client, every popular internet application will have a high quality native application because there will be a market for people to make and sell them. Not only that, these competing developers are more likely to add features that delight their users. When one company controls a service, they’re the only one who can make the software, and you get what you get.

Thursday, September 2, 2021 [Tweets] [Favorites]

Why Xcode Tools Are Slow After Reboot

Jeff Johnson:

When you attempt to run one of the developer tools, the _xcselect_invoke_xcrun function must look up the actual path of the tool. The paths of Xcode and the developer tools are cached on disk in a database file named xcrun_db located in your $TMPDIR. […]

Perhaps you already see the problem here: the contents of $TMPDIR are emptied on every reboot! Thus, the first time you run a developer tool after reboot, the xcrun_db cache needs to be regenerated.

[…]

Why does it take so long to regenerate the cache? While I was reproducing and diagnosing the issue, I noticed that when I ran a developer tool after reboot, the process syspolicyd went crazy and used almost 100% CPU until the command finished. I took samples of syspolicyd when this happened, and the process seemed to be spending a lot of time in the security framework checking code signing.

[…]

I discovered a way to accelerate the cache regeneration to around 3 seconds, down from over 10 seconds: disable System Integrity Protection.

Note that this also affects non-Apple tools like Git that are bundled inside of Xcode. The last few macOS releases, and especially since Catalina, it seems like my Mac is always pausing at inopportune times to verify security stuff. Often times the delay is much longer than the 10 seconds reported here, and sometimes one CPU core is pegged at 100% doing syspolicyd or tccd for the duration of what I’m doing. Disabling System Integrity Protection isn’t a great solution because it messes up testing.

Update (2021-09-07): Robin Kunde:

I wonder if this has implications for CI services like Circle CI that spin up a fresh VM every time you run a test suite. By restoring the database from cache, one might be able to work around this issue.

Relaxing Anti-Steering Rules for Reader Apps

Apple (Hacker News, 9to5Mac, MacRumors):

Apple today announced an update coming to the App Store that closes an investigation by the Japan Fair Trade Commission (JFTC). The update will allow developers of “reader” apps to include an in-app link to their website for users to set up or manage an account. While the agreement was made with the JFTC, Apple will apply this change globally to all reader apps on the store. Reader apps provide previously purchased content or content subscriptions for digital magazines, newspapers, books, audio, music, and video.

To ensure a safe and seamless user experience, the App Store’s guidelines require developers to sell digital services and subscriptions using Apple’s in-app payment system. Because developers of reader apps do not offer in-app digital goods and services for purchase, Apple agreed with the JFTC to let developers of these apps share a single link to their website to help users set up and manage their account.

The changes don’t go into effect until “early 2022.” Each month they can be delayed is potentially worth a lot of fees.

John Gruber:

Progress. Apple’s anti-steering provisions are the number one thing I have been clamoring to be changed in the App Store rules. I think this should expand beyond just “reader” apps, but one step at a time.

Do you hear that sound? That’s the sound of a significant amount of antitrust pressure being relieved from Apple.

Steve Troughton-Smith:

I look forward to the App Store Guidelines changing rule by rule in individual press releases brought upon by lawsuits and governmental action 🙄

David Heinemeier Hansson (tweet):

How petty can you get? Why does it have to be a single link? Why can’t the Kindle app link to buy another book by the same author when you finish the one you were reading, without having that mean the general link to the store on the Home Screen has to disappear?

[…]

But that’s been Apple’s tactic in all of this: Do barely better than nothing. What’s the absolute least we can get away with? Do that. And from the perspective of a single battle, I guess that makes sense. But I think they’re missing the forest for the trees here. Every time they give barely an inch, they prolong and intensify the overall struggle. Rather than simply getting out of this morass entirely.

Steve Troughton-Smith:

It took the full weight of a national antitrust investigation to make Apple budge by ‘a single link’ for a subset of App Store apps, a policy change that would require no development or code changes on Apple’s part. We’ve got a loooong road ahead of us

James Thomson:

Again with the “let’s add more complicated rules in an effort to stave off antitrust” approach, rather than just ripping off the payment system band-aid[…]

Thomas Clement:

Isn’t it clear enough now that sideloading and alternative stores is the only way? Apple will never let go.

Federico Viticci:

I don’t know friends, these “reader” apps seem pretty suspicious to me. Linking to “the web”? For “account management”? On a “website”? pretty scary stuff

Note that this still doesn’t let you purchase books in the Kindle app.

Joe Cieplinski:

Apple is betting if they give enough concessions to those who can afford lawyers, they won’t have to really change the App Store. They are not wrong.

Indies who haven’t figured out these companies don’t care about them any more than Apple are in for a splash of cold water.

Paul Haddad:

All kidding aside this is great news, awesome to see the small developers come out ahead for once! Congratulations to <checks notes> Amazon, Netflix, HBO, Disney, Google, Hulu, Pandora, Spotify and dozens of others!

Steve Troughton-Smith:

I guess it should be noted that developers & apps don’t self-identify as ‘Reader apps’. Apple decides what is and isn’t a Reader app. And then it will quietly use that as a means to influence how your app works via App Review rejections and opaque addenda to the rules

I could have sworn that during a long-since-past furore Apple introduced the term ‘Reader apps’ out of nowhere as an excuse to give certain apps special exceptions to certain rules

Tim Sweeney:

In Apple’s carefully-worded statement on safety, it’s hard to discern the rationale that this is safe while Fortnite accepting direct payments remains unsafe.

Even more so if Apple deems Roblox, a game from 2006-2021 that became “an experience” mid-trial, a reader app.

Kosta Eleftheriou:

What’s up with “Apple will also help developers of reader apps protect users when they link them to an external website to make purchases”?

What Apple is saying is they want users to keep trusting Apple.

The links will be CLEARLY marked as external links to set boundaries & dissuade users from opening them, and they’re gonna open in a private Safari tab for extra friction - er, I mean privacy.🤷‍♂️

Rob Jonson:

Part of me worries that I might be giving them ideas...

John Siracusa:

Sure, your “reader” app can include one (1) approved link to your website…but will you be allowed to have any text near that link explaining why someone might want to tap on it, or is that still forbidden? This is where we are, mentally, when considering App Store rules in 2021.

David Barnard:

Instead of saying “go to Netflix on the web” the Netflix app can actually link to the account management page on the web. And the sign-in page can actually have a link to create a new account instead of just a sign in button.

It really is that small of a change to a rule that was customer and developer hostile to begin with. It is a big deal, but also not. As with the settlement last week, Apple is very deftly giving the absolute minimum possible. But they are giving.

Previously:

Update (2021-09-10): Nick Heer:

On its face, this is excellent news, though it is still limited. Apple’s definition of “reader” apps is media-centric, so it seems like this would preclude an app like Hey from offering a link to create a paid account on the web. It also does not apply to in-app purchases generally, so this would not resolve Apple’s dispute with Epic Games over Fortnite. But it should mean that Netflix and Spotify will be able to remove the error messages Apple has required to be vague. I see progress.

Matt Birchler:

I love love loved this segment from @siracusa on ATP this week 😂

It boggles the mind how this debate gets people to argue that e-commerce basically isn’t a thing and the world would implode if anyone but Apple processed a transaction.

Also I’m not sure if people understand that when you use Apple Pay on the web, it’s not Apple processing that transaction, it’s a third party payment processor.

John Gruber:

I heard from one reader in the racket wondering if Apple is going to require these apps to also offer Apple’s IAP to be allowed to include a link to a website. I have another friend, who works on a popular subscription app that does use IAP, who’s wondering if they’re going to be allowed to also have a link to their website now, and doubting it.

That’s how much trust Apple has burned.

Dan Moren:

As always, the devil is in those details. The company has never shied away from spelling out exactly when, where, and how developers can present certain information inside their apps. It’s not at all out of the question that Apple would say, for example, that such a link could only appear on, say, a first-launch splash screen or buried deep in a settings screen.

Joe Rossignol:

Following the announcement, some developers have said Apple’s decision is not good enough.

Benjamin Mayo:

In this case, I am perturbed by the fact that there are lot of words, a lot of paragraphs, surrounding what should be a straightforward policy change: allowing developers to link out to their website on the sign-up screen.

[…]

Setting aside Apple’s self-serving and/or contradictory rules around what counts as a reader app, what the heck does a single link mean in a digital world? It’s a hilarious concept.

Joe Rossignol:

Apple said the changes “will help make the App Store an even better business opportunity for developers,” but Morgan Stanley analyst Katy Huberty believes there will be “minimal financial impact” to Apple. In a research note, she said the changes would result in just a 1-2% hit to Apple’s earnings per share in the 2022 fiscal year in a worst case scenario.

The Sub Club Podcast:

On the podcast, we talk with Ben about all things app stores. From Apple’s revolutionary launch of the App Store in 2008 to the monopoly-like powers, both Google and Apple now wield today. With multiple lawsuits filed, government investigations ongoing, and developer sentiment at an all-time low, we take an honest look at the challenges and trade-offs in trying to bring two of the world’s largest companies to heal.

Previously:

Wednesday, September 1, 2021 [Tweets] [Favorites]

South Korea App Store Bill

Sami Fathi (Hacker News):

South Korea today passed a bill that bans Apple and Google from requiring developers to use their own respective in-app purchasing systems, allowing developers to charge users using third-party payment methods, The Wall Street Journal reports.

[…]

The bill is an amendment to the existing Telecommunications Business Act. It aims to ban Apple and Google from unfairly exploiting their market position to “force a provider of mobile content, etc., to use a specific payment method.”

David Heinemeier Hansson (tweet):

But as much as South Korea is an important market, particularly for Google, it’s not the fifty million people there that truly scare either of these companies. It’s the crack in the dam. The one that’ll soon flood their scarecrow arguments on app-store payment mandates around the world.

South Korea just made it a lot easier for every other country in the world to pass their own laws outlawing anti-competitive app store payment mandates. These countries will be able to point to South Korea to show that allowing developers to use Stripe, Square, Braintree, PayPal, or whatever to charge their customers won’t bring about app armageddon. Reality is going to refute the fear that Apple and Google have been working so hard to stoke.

Steve Troughton-Smith:

Lot of the discussion around this, especially from Apple’s side, makes it sound like a potential in-app payment wild west. What that ignores is that there are payment processors that customers do trust — Amazon, Stripe, PayPal, et al

Those services are just as easy, if not easier, as Apple’s to cancel/refund/unsub with. And prices will be lower, as a result, if offered side by side. There is nothing stopping Apple enforcing — by policy — that all apps using IAP must adhere to the system IAP family controls

How does Apple’s in-app purchase stay as a preferred option for consumers given the choice? By competing. Lower rates & better terms for developers. If Apple’s IAP really were the best option out there, developers wouldn’t be looking elsewhere to try and sustain their business

If Apple cared about consumers more than the paltry sum it makes from developer revenue, it would drop App Store & In App Purchase commissions to as low as realistically possible, so that everybody would want to use the system. Match other processors — you can afford to

John Gruber:

I see a clear difference between purchasing an app or game from the App Store and making an in-app purchase within an app or game after having installed it. My understanding of the new South Korean law is that it only pertains to in-app purchases, so the distinction, I believe, is more than just semantics.

[…]

I am confident that the overwhelming majority of typical users are more comfortable installing apps and making in-app purchases on their iOS and Android devices than on their Mac and Windows PCs not despite Apple and Google’s console-like control over iOS and Android, but because of it. And if these measures come to pass and iOS and Android devices are forced by law to become pocket PCs, I think there’s a high chance it’ll prove unpopular with the mass market. The masses are not clamoring for the app stores to be opened up. These arguments over app stores are entirely inside baseball for the technical and business classes.

[…]

The part of Apple’s statement about “Ask to Buy” and parental controls, though, I think is sophistry. It’s certainly true that the “Ask to Buy” feature currently wouldn’t work with third-party in-app payment processing, but that’s because nothing in iOS is built to support outside payment processing for in-app purchases. If required to support third-party payment processing, Apple could and should create APIs to support them through the existing “Ask to Buy” process, and the App Store guidelines could and should be expanded to require supporting all parental control APIs regardless of how payments are processed.

Previously:

Update (2021-09-10): John Gruber:

I have a rough English translation of the law, and my understanding is that the above ban on “delaying” or “deleting” apps is specifically related to retaliation for using their own payment processing. It’s not a ban on removing apps from the stores for just cause.

Previously:

On the Shift From Imperative to Declarative UI

Peter Steinberger (tweet):

The trend of declarative UI on mobile began in 2013 with React Native, which started as a Facebook hackathon project. The goal was to improve the developer experience by bringing everything people loved about the web—rapid development, instant reload, platform agnosticism—to mobile. The first major declarative UI framework, React Native offered a way to build cross-platform apps with very little platform-specific code.

[…]

Today, React Native is a polarizing framework. Some companies are dropping it (like Airbnb), while others are doubling down (like Coinbase).

[…]

Google had similar ambitions to bring web development concepts to mobile, although it took a different approach. Flutter started as a fork of Chrome animated by the question, “How fast could we go if we dropped all that backward compatibility from the web?” […] This didn’t always work out—especially on iOS, where the infamous “jank” problem (choppy animations on first render) hurt the experience, though a recent release has resolved the issue.

[…]

With this in mind, Apple and Google created their own “first-party” solutions, SwiftUI and Jetpack Compose. Both were announced in 2019 and are now becoming production ready.

[…]

Despite their structural similarities, Jetpack Compose tends to be easier to adopt than SwiftUI. Whereas Google distributes Compose as a library that works on every Android version down to 5.0 (released in 2014), most apps that adopt SwiftUI need to target iOS 14 (released in 2020) or later.

Shortcut for Tapback in Messages

Sommer Panage:

On Mac, you can do ⌘+T to bring up your Tapback responses in Messages and then you can use the number keys, 1-6, to select your reaction. 🤯 Get ready for lots of ❤️ and 👍🏻 everyone…

It also works on iPad.

What I’d really like is to be able to choose a Tapback right from the notification, especially if the Messages app isn’t even open.

Catalyst Sample Code Roundup

Steve Troughton-Smith (tweet):

I thought it would be a good idea to round up the various pieces of sample code I've created for Mac Catalyst just to get everything in one place. These are by no means step-by-step guides, merely illustrated examples that have come about over the course of developing my own apps and responding to questions from developers.

Apple Acquires Primephonic

Juli Clover (Hacker News):

Apple today announced that it has acquired classical music streaming service Primephonic, and will be folding it into Apple Music.

Primephonic offers an “outstanding listening experience” with search and browse functionality optimized for classical audio, plus handpicked recommendations and “contextual details on repertoire and recordings.”

Andy Ihnatko:

I’m very pleased and optimistic about Apple’s acquisition of Primephonic. Classical music is idiosyncratic and absolutely requires a bespoke streaming experience. Apple acquires the whole catalog and promises a custom app and experience for classical.

Mainstream platforms are usually disappointing. “We’ve loads of opera…we’ve got ‘Nessun Dorma’ by the Three Tenors and that little girl from ‘America’s Got Talent’! Here’s some 70s soft-rock that our algorithm thinks people who search for opera would rather listen to…”

Well, maybe not that bad. But many of the greats record for labels that don’t have streaming distribution, or aren’t even given a chance to record at all. And much of the best stuff ever recorded is locked up on an opera company’s servers with no plans for distribution.

So it’s a big opportunity for Apple to seriously move the needle. Not just to provide better search and playback tools (which are sorely needed) but to do things like help change a legendary 2009 performance from a thing that fans have heard about to a thing that fans can hear.

Previously:

Update (2021-09-07): Kirk McElhearn:

Apple’s Primephonic acquisition is interesting. The company was a very small player in the streaming market, but with only classical music. Apple making a separate app for classical music is some I would never have expected. I’ve been critical of classical support in iTunes and Music for as long as as I’ve been writing about digital music. While Apple made small improvements over the years, they never got remotely close to providing what classical listeners want. This is very good news.