Archive for December 27, 2021

Monday, December 27, 2021

Firefox 95’s RLBox

Jack Wallen (via Hacker News, MacRumors):

RLBox is a new method of sandboxing, which makes it easy to efficiently isolate subcomponents and make Firefox more secure. RLBox uses WebAssembly to isolate possible buggy code.


How RLBox works is complicated, but it breaks down by first compiling a process into WebAssembly, and then the converted process is then re-converted into native code. What this does is prevent code from moving between different portions of a program and limits access to only specific areas of system memory.

iOS Development Tips

Rony Fadel (tweet):

How to QuickLook an object in Xcode if you only have its address


How to demangle Swift symbols


Asserting on which queue your code is running


Reading a [SwiftUI] view’s size without affecting its layout


Diagnosing slow Swift build times


iOS 15 Autocorrect

Steve Troughton-Smith:

Apple really needs to throw out its crowdsourced machine-learned autocorrect system entirely. Autocorrect used learn from everything I typed, now it interjects with typos & weirdisms from random internet users. It’s been a complete train wreck since they introduced this stuff

I continue to see this stuff, too.

Ken Kocienda:

Autocorrect is as much psychology as technology. When I made the autocorrect system for the original iPhone, I thought a lot about whether people would understand the results they got. Even if people didn’t get want they want, I still wanted the results to seem sensible.

Building a trustworthy piece of software is as much about not doing the wrong thing as it is doing the right thing, and I think many developers don’t quite understand how one weird result can undo the positive perceptions from fifty good results.

Oluseyi Sonaiya:

But… WHY is the iOS keyboard so bad? It has actually regressed in the past two years, and I’m not talking about the spelling suggestions; I’m talking about the blue-underline grammar replacement substituting two words for one, duplicating the preceding word. How did this ship?!


Update (2021-12-28): Chris Hynes:

Never auto-correct a word that is already a valid word


When an auto-capitalized correction is retyped by the user, don’t preserve capitalization


When I tap the space bar, I sometimes tap it too high and hit a letter in the row above. I’d love auto-correct to see that I’m typing real words, but intermixing c, v, and b in with them.


Tap and hold on completion bar could show different forms


So why is it that this “Replace…” feature seems to be… better?


Sadly, note that the Undo feature is extremely buggy. Sometimes it highlights the word and the previous space. Other times it highlights everything from 2 corrections ago to the current cursor position.


Highlight corrections prominently, especially previous word corrections


Ability to turn auto-complete on and off on the fly

Nick Heer:

My iPhone has, for months, automatically changed “can” to “can’t” in nearly every context.

John Gruber:

I’m not 100 percent sure it started with iOS 15, but for a few months now, whenever I try to type “20” (twenty) on my iPhone, iOS replaces it with “2.0”. Every time.

See also: Christopher Baugh.

Update (2021-12-29): John Gruber:

If you have an app installed with the string “2.0” in its name, that will cause “20” to autocorrect to “2.0”. I in fact have such an app installed on my iPhone. At least one reader has seen the same thing with “1.0” for the same reason.

The best workaround is to create a do-nothing text replacement in Settings → General → Keyboard → Text Replacement, with the phrase “20” and shortcut “20”. I.e., set both fields to the digits of twenty.

Favicon Analysis

Adam Doppelt (tweet, via Hacker News):

Recently my team was tasked with building a favicon fetcher. As a warmup, I looked to see how Chrome handles favicon loading. Do you know that the favicon loader in Chrome is many thousands of lines of code? Why is it so complicated?

We realized we knew very little about the favicon ecosystem. Eventually we decided to fetch the Tranco top 100,000 websites and analyze their favicons.

2% are not square, and 21.1% of .ico files are actually PNGs.


FLoC and Manifest V3

Dieter Bohn:

If Google sticks to its roadmap, by this time next year Chrome will no longer allow websites to use third-party cookies, which are cookies that come from outside their own domains. The change theoretically makes it vastly more difficult for advertisers to track your activities on the web and then serve you targeted ads. Safari and Firefox have already blocked those cookies, but when it comes to market share, Chrome is currently the leader and so its switchover is the big one.


And so today, the company is forging ahead with an “origin trial” for one of these new technologies, the Federated Learning of Cohorts (FLoC). In an origin trial, websites are able to begin testing without asking browser users to turn on specific flags. The feature itself will be slowly turned on inside Chrome via the usual process of introducing it into developer builds, then beta, then finally in the shipping version most people use.


FLoC will be part of that privacy sandbox and further should protect your identity by only associating you with a cohort if that cohort is sufficiently large. Chrome will also change what FLoC cohort your browser is associated with on a regular basis, say once a week or so.


But whether FLoC is actually anonymous is very much up for debate. Bennett Cyphers at Electronic Frontier Foundation recently put up a handy post detailing some of the biggest concerns with FLoC.

Dieter Bohn (Hacker News):

Google is going it alone with its proposed advertising technology to replace third-party cookies. Every major browser that uses the open source Chromium project has declined to use it, and it’s unclear what that will mean for the future of advertising on the web.

See also: Amazon (Hacker News), Brave, DuckDuckGo (Hacker News), GitHub (Hacker News), Vivaldi, WordPress (Hacker News).

Paramdeo Singh:

The primary way an end-user can avoid being FLoC’d is to simply not use Chrome, and instead choose a privacy-respecting browser such as Mozilla Firefox.

But website owners can also ensure that their web servers are not participating in this massive network by opting-out of FLoC.

To do so, the following custom HTTP response header needs to be added[…]

Eric Rescorla (via Hacker News):

Although any given cohort is going to be relatively large (the exact size is still under discussion, but these groups will probably consist of thousands of users), that doesn’t mean that they cannot be used for tracking. Because only a few thousand people will share a given cohort ID, if trackers have any significant amount of additional information, they can narrow down the set of users very quickly. There are a number of possible ways this could happen[…]

Daly Barnett (tweet, Hacker News):

Manifest V3, Google Chrome’s soon-to-be definitive basket of changes to the world of web browser extensions, has been framed by its authors as “a step in the direction of privacy, security, and performance.” But we think these changes are a raw deal for users. We’ve said that since Manifest V3 was announced, and continue to say so as its implementation is now imminent. Like FLoC and Privacy Sandbox before it, Manifest V3 is another example of the inherent conflict of interest that comes from Google controlling both the dominant web browser and one of the largest internet advertising networks.

Manifest V3, or Mv3 for short, is outright harmful to privacy efforts. It will restrict the capabilities of web extensions—especially those that are designed to monitor, modify, and compute alongside the conversation your browser has with the websites you visit. Under the new specifications, extensions like these– like some privacy-protective tracker blockers– will have greatly reduced capabilities. Google’s efforts to limit that access is concerning, especially considering that Google has trackers installed on 75% of the top one million websites.


Update (2022-01-26): Paul Wagenseil (via John Gruber):

Google has ditched its planned user-profiling system, FLoC, and is instead developing a new system called Topics, the company announced today (January. 25).