Archive for February 2022

Monday, February 28, 2022

Still No Instagram iPad App

Chance Miller (via Ryan Jones, MacRumors):

This time around, Mosseri has taken a slightly different approach to address this complaint. In response to a tweet from Marques Brownlee about the lack of an iPad app, Mosseri this time acknowledged that Instagram gets this request “a lot,” while simultaneously saying there aren’t enough iPad users to justify the work.

[…]

Also, just a note: analyst data indicates that Apple likely shipped over 51 million iPads across all of 2021. I’m sure a pretty high percentage of those iPad users have an Instagram account and would love a way to use the social network that doesn’t involve a web app.

Matt Birchler:

I can’t share details, of course, but ask any iOS developer how many users demanded an Apple Watch app and then proceeded to never use that watch app.

Don’t get me wrong, I would love to see a great Instagram app for the iPad too, I just have to don my PM hat for a minute here and see where he’s coming from.

This may also be related to advertising. They can get more information about you if you read Instagram from your phone. And an iPad sweet solution bypasses App Tracking Transparency.

Previously:

Update (2022-03-09): Francisco Tolmasky:

I trust they have the numbers to know it’s not worth it, which is sad, but goes back to the same points about the iPad as always. This is interesting though since it kind of reveals demographic info (iPads seem to not meaningfully intersect with Instagram’s target demographic).

Instagram feels like a “companion app” to me — much like Messages. It’s the thing I’m doing while I’m doing something else. I prefer to respond to a text on my phone, even while using the iPad, because multitasking is so disruptive on the iPad.

Jesse Squires:

At least around ~2015-2016 the real answer to this was “tech debt”

And, based on my experience, I imagine addressing that is still a low priority

alan:

The most outrageous thing is they already built iOS tablet UI for their Windows app (which was the iPhone app running under osmeta’s translation layer) and they let the code rot when they ditched the Windows app

But they could have just used it for an iPad build at any point

Rob Jonson:

The crazy thing to me is what this says about what an app becomes in the hands of a big company. The work that is ‘a bit extra that we obviously do’ for indie devs becomes an enormous undertaking for a giant sclerotic company.

Axel Rivera:

I don’t really care that much about an IG iPad app. What I’d like to see is a native Mac App comparable to TweetDeck.

Update (2022-04-13): Michael Love:

For anyone watching, this is a major reason for our lack of investment in iPad development - only way we can monetize things like mouse / kbd / multi-instance support is to launch a standalone iPad app, Apple won’t let us sell an “iPad Feature Enhancements” or whatever add-on.

Previously:

Jim Dalrymple Retires From Writing

Jim Dalrymple (tweet):

After almost 30 years of reporting on Apple, I am retiring.

I guess the biggest question is what happens to The Loop. Daily posts will stop, but the site will remain online, and we’ll use it to host The Dalrymple Report podcast, which Dave and I have decided to keep going. I may be officially retired, but I still have things to say and opinions to give.

Over the past couple of years, I have taken time to address issues in my personal life. In that time, I realized that there is so much more to life than work—I’ll be honest, that revelation came as a massive shock to me, but I couldn’t be happier.

Thanks and congratulations to Jim. I’ve been reading his work since the MacCentral days. Hopefully, Dave Mark will continue writing somewhere.

App Store Small Business Program Now Allows Transfers

The App Store Paid Applications Agreement used to say:

Beginning January 1, 2021, You will not be eligible for the App Store Small Business Program if You participate, either as the Transferor or the Recipient, in the transfer of a Licensed Application. For example, if You transfer a Licensed Application from Your developer account to another developer account using the App Store Connect tool, both you (the Transferor) and the other developer account (the Recipient) will not be eligible to participate in the App Store Small Business Program. Similarly, if another developer transfers a Licensed Application from its developer account to Your developer account using the App Store Connect tool, both you (the Recipient) and the other developer account (the Transferor) will not be eligible to participate in the App Store Small Business Program.

Steve Troughton-Smith notes that this has been removed. It now says:

If You participate, either as a Transferor or a Recipient (hereafter referred to as an “App Transfer Party”), in the transfer of a Licensed Application, the proceeds associated with that Licensed Application will be included in the calculation of total proceeds of any App Transfer Party to determine eligibility for participation in the App Store Small Business Program. For example, if You transfer a Licensed Application from Your developer account to another developer account using the App Store Connect tool, the proceeds associated with that transferred Licensed Application will be included in the calculation of Your total proceeds and in the calculation of the total proceeds of the developer account to which you transferred the Licensed Application. If a Licensed Application is transferred multiple times in a given calendar year, the proceeds associated with that Licensed Application will be included in the calculation of total proceeds of each and every App Transfer Party.

I received a different notification e-mail from Apple, which didn’t mention this change.

Tyler Hillsman:

Good news! Now about that “no app transfers for apps with iCloud entitlements” thing…

See also: Filipe Espósito.

Previously:

Swift Type Checking Is Undecidable

Slava Pestov, in 2020:

More precisely, the introduction of SE-0142 and SE-0157 has made canonical type computation into an undecidable problem.

[…]

Clearly, the GenericSignatureBuilder is able to solve word problems for at least some semi-groups today (as well as protocols that don’t correspond to semi-groups; which is any protocol that has at least one associated type that does not conform to the protocol recursively). After all, the standard library and a large amount of user-written code makes use of generics, and works correctly.

We are also aware of examples where we don’t manage to canonicalize types properly, causing miscompiles and crashes. We’ve been fixing these gradually over time, but we continue to discover more problems as we fix them. This was a strong hint that the underlying approach was not correct, which is why I spent some time thinking about the fundamentals of this problem. Indeed, we can now see that the reason we have struggled with correctness in this area of the language is that a solution is impossible in the general case.

What we need to do is come up with an appropriate restriction to the combination of SE-0142 and SE-0157. If a protocol obeys the restriction, the algorithm should always terminate with the correct result. If a protocol does not obey the restriction, we want to be able to produce a diagnostic instead of crashing or miscompiling.

Note that the C# and other languages also have undecidable type systems.

Slava Pestov:

A year and a half ago I wrote how Swift type checking is undecidable, then last year I sketched out a new way of formalizing Swift generics as a term rewrite system . Since then I’ve been working on implementing this idea with the goal of replacing the GenericSignatureBuilder.

[…]

It uses a lot of memory, because answering generic signature queries requires keeping these rather large lazily-built GenericSignatureBuilder instances around for each generic signature the type checker encounters. In extreme examples you can make it allocate gigabytes of memory and end up with an effectively non-terminating compilation.

[…]

The new implementation is called the “Requirement Machine”. The source code is in the lib/AST/RequirementMachine directory of the source tree. […] I’ve measured a significant memory usage reduction when the Requirement Machine was enabled for queries in Swift 5.6.

[…]

I started writing a paper about the Requirement Machine. I’m not going to post a PDF yet because it is still a work in progress. In particular, the minimization algorithm is not documented, and some parts are out of date since it represents the state of the design from June last year. If you’re curious, install a TeX distribution and run “make” in the docs/RequirementMachine directory of the source tree.

Friday, February 25, 2022

Musings on Modern Mapping

Adam Engst:

Because I’m a runner and race director, I often need to map out a running course to determine distances and share with others. Numerous services provide such features, but I’ve found On The Go Map best at providing the features I need in an easy-to-use interface. (For mapping out a biking route, where ending up with a cue sheet listing all the turns is incredibly helpful, I would switch to Ride With GPS.)

[…]

On The Go Map is all you need when you know where you want your course to go or when the number of possibilities is quite limited. But what if you are looking for a 10-mile course in an unfamiliar area? Plotaroute.com might be helpful in that case. It has all of On The Go Map’s features and more, albeit in a cluttered, difficult-to-use interface.

[…]

I want to mention another mapping service that’s unique as far as I know: RunGo. Visual maps work well for courses on well-marked roads, as shown above, but they’re less helpful for people trying to follow a trail course in the woods. […] Instead, RunGo lets you create custom routes that provide users with turn-by-turn audible directions on an iPhone, Apple Watch, or Android smartphone, just like Apple’s Maps and Google Maps.

Twitter Needs a Retraction Mechanism

Will Truman (via Nick Heer):

I think the concerns about an edit button are overblown, but there would be very little downside to Twitter having a “retraction” option, wherein the tweet is left up but with a strikethrough indicating it is not or is no longer valid.

If you want to combat misinformation, make it easy for people to retract inaccurate information they have relayed.

Right now it’s kind of a choice of deleting it and causing confusion, or leaving it up and potentially misinforming people who don’t see the update.

I think strikethrough plus a link to a replacement tweet would be good.

Previously:

Web3 Choke Point: App Stores

Elizabeth Lopatto:

One problem with cryptocurrency is that the technology is fairly user-hostile, at least to normal users of the internet. And so centralized services have sprung up for the non-technical, such as Coinbase, OpenSea, Metamask, VeVe, and Rarible. Meanwhile, mainstream payment apps — Venmo, PayPay, and so on — have added cryptocurrency capabilities. This is likely how the general public will get involved with crypto, assuming they do so at all. These services may also be used by people who do understand cryptocurrency since even the savvy may appreciate user-friendly interfaces and protection from scams.

To get to these apps, users will go through the Google and Apple app stores. So if those centralized ways of accessing cryptocurrency want to stay in Apple’s and Google’s app stores, well, functionally, Apple and Google will be setting the terms of content moderation for Web3.

[…]

So Apple’s mores are perhaps less of a problem for pure cryptocurrency and more of a problem for NFTs, an area Coinbase is planning to get into this year.

Previously:

System Preferences Reimagined

BasicAppleGuy:

As features have continued being added to macOS, Apple has opted to force new preferences inside existing ones to avoid icon overcrowding. Focus Mode on iOS is crammed into the new ‘Notifications & Focus’ tab on macOS, Night Shift is a tiny button on the bottom right under the Display settings, and the Control Centre is managed behind the ‘Dock & Menu Bar’ icon through a process of having the user individually click-through 15+ different tabs to customize their Menu Bar.

And while some settings are crammed together, others feel needlessly scattered. AppleID, Family Sharing, Internet Accounts, & Users & Groups are four different preference icons, while on iOS they are essentially all managed under a single tab.

I’m not thrilled with this particular reimagining, but this is an area that Apple should be looking at.

Shawn Adrian:

Am I the only one who can literally never find a thing on this panel without using search?

I used to know exactly where each icon was, but several versions ago the order changed, then the icons changed, and now I spend a long time hunting every time I open the window. It’s better to just open the relevant pane using LaunchBar.

Previously:

OSXPhotos Python Tool

Rhet Turnbull (via Stephan Arlt):

OSXPhotos provides the ability to interact with and query Apple’s Photos.app library on macOS. You can query the Photos library database — for example, file name, file path, and metadata such as keywords/tags, persons/faces, albums, etc. You can also easily export both the original and edited photos.

[…]

If you encounter missing photos you can tell osxphotos to download the missing photos from iCloud using the --download-missing option. --download-missing uses AppleScript to communicate with Photos and tell it to download the missing photos. Photos’ AppleScript interface is somewhat buggy and you may find that Photos crashes. In this case, osxphotos will attempt to restart Photos to resume the download process. There’s also an experimental --use-photokit option that will communicate with Photos using a different “PhotoKit” interface. This option must be used together with --download-missing[…]

[…]

Photos tracks a tremendous amount of metadata associated with photos in the library such as keywords, faces and persons, reverse geolocation data, and image classification labels. Photos’ native export capability does not preserve most of this metadata. osxphotos can, however, access and preserve almost all the metadata associated with photos.

This uses SQLite and reverse engineering rather than the more limited PhotoKit.

Thursday, February 24, 2022

Passware Bypasses T2 Rate Limiting

Ben Lovejoy:

Until recently, however, it wasn’t practical to mount brute-force attacks on Macs with a T2 chip. This is because the Mac password is not stored on the SSD, and the chip limits the number of password attempts that can be made, so you’d instead have to brute-force the decryption key, and that is so long it would take millions of years.

However, 9to5Mac has learned that Passware is now offering an add-on module that can defeat Macs with the T2 chip, apparently by bypassing the features designed to prevent multiple guesses.

[…]

The process is still slower than usual, at a relatively sedate 15-ish passwords per second. In theory, this could still take thousands of years, but most people use relatively short passwords which are vulnerable to dictionary attacks. The average password length is just six characters, which can be cracked in around 10 hours.

Belkin CONNECT Pro Thunderbolt 4 Dock

Juli Clover:

It includes two Thunderbolt 4 ports (one upstream and one downstream), two HDMI 2.0 ports, a USB-C port, two USB 3.1 USB-A ports, two USB 2.0 USB-A ports, an SD card slot, a Gigabit Ethernet port, and a 3.5mm audio jack.

It’s $400, compared with $360 for the CalDigit one that had more Thunderbolt and USB ports (but no HDMI).

Previously:

Google Drive Flags .DS_Store Files for Copyright Infringement

Malcolm Owen (tweet, Hacker News):

Users of Google Drive can potentially receive an email warning that a file of theirs “violates Google Drive’s Terms of Service,” specifically its copyright infringement policy. However, it appears that Google’s automated file scanning system has deemed a fairly common file as a false positive.

In posts to Reddit, as reported by Bleeping Computer, the system is being tripped up by “.DS_Store.” Specific to macOS, .DS_Store holds custom attributes relating to the folder it is contained within.

Previously:

DYMO Label Printer RFID DRM

Mike Peterson (Hacker News):

The latest Dymo label printers sport RFID readers that can authenticate the labels that customers place within the printers. According to the Electronic Frontier Foundation, this allows Dymo to distinguish between first-party labels and cheaper alternatives.

Dymo touts the benefits of the chipped label paper in its sales literature, including auto-detection and remaining label counts. However, the chipping also forces Dymo customers to purchase first-party labels that are more expensive than many of their competitors.

It sounds like, if my current printer breaks, I won’t be able to use the remainder of the labels I’ve already purchased.

emireg:

The chip inside each roll is a special NFC that identifies the label dimensions and remaining label count. The NFC comes pre-loaded with 0xFFFF-Count in a special register that increments when hit with a non-password protected NFC command emitted by the printer when any label is ejected. So even if you don’t print, you just eject, the labels are depleted. There seems to be a buffer at the end for this kind of “rewind” process or user error … but it’s limited. A roll of 50 labels might have a counter that can be hit 60 times. The command to reset this counter is password protected.

There are many label converters (print shops that make blank labels) bent out of shape about this. Moreover, there are entire industries (think dental offices) that have standardized their processes around custom die cut labels made specifically for their use case. Since DYMO won’t bless the labels, they will never work in the LabelWriter 550.

When the 550 was launched I started hearing about it from my customers. I bought one off Amazon and the reviews were terrible. A few weeks later I checked and DYMO deleted the 550 product page and renamed their older 450 to become the 550, effectively inheriting the thousands of decent reviews from the 450… hiding the upset customers of the 550.

Currently, at least, the DYMO 450 product page on Amazon seems to be intact, though that model is no longer for sale.

Previously:

OneDrive Root Change and Files On-Demand

Adam Engst:

I don’t use OneDrive, but users are up in arms after its most recent update made the Files On-Demand approach mandatory, removing the option to keep all files local with a single switch. Microsoft explained this move, but users remain unhappy for a variety of reasons.

The workaround seems to be to “pin” files or folders, which keeps them local. If you want everything local, you have to pin all your top-level folders. Unfortunately, and this is causing consternation for users who have vast amounts of data stored in OneDrive, that means you have to redownload everything from the cloud.

Tim Hardwick:

What this has meant in practice for many users is that any local copies of files synced to OneDrive have been summarily wiped from their Mac since the update was rolled out.

[…]

On top of these errors, some users are also experiencing problems with files refusing to download or open correctly in their default application.

Tim Hardwick:

In an update to its original blog post introducing this aspect of its new “Files On-Demand Experience,” Microsoft has now responded to these concerns by explaining that the first version of Files On-Demand is built on several pieces of technology that are now deprecated by Apple in macOS 12.3, currently still in beta.

John C. Welch:

I don’t have a problem with FOD as a concept, but I had it turned off for specific reasons, one of which is that I regularly work disconnected, which makes FOD kind of useless.

[…]

OneDrive and FOD are at this point lying to me. It’s not even completely downloading the file placeholders for folders until you click on them. So if you weren’t aware of this, and were offline and clicked on a FOD’d folder, you’d think it was empty, that you had lost data.

John C. Welch:

To be blunt: were a random script or executable do what OneDrive is doing here, namely deleting data without so much as a warning, we would call that script malware and warn the world about it so suitable countermeasures could be implemented. That OneDrive gives you an as yet manual method to eventually get all the files that were already local back to that benighted state doesn’t change the malware-like behavior OneDrive is engaging in here.

[…]

[Apple] required you to move the OneDrive folder, they most certainly did not make you force everyone to Files-On-Demand, insinuating otherwise is quite insulting to your customers’ intelligence.

John C. Welch:

Using OneDrive on an external drive is now a real problem, one that may not be fixable

A lot of workflows that depended on those files being in a specific place are broken

[…]

The OneDrive root change alone will take months to sort out, along with any bugs caused or discovered. Throwing the FoD change on top of it was just foolishness

[…]

In any event, even though I know for a fact that the problems people are seeing now were reported during the beta cycle, I think the team either blew off the data[…]

Previously:

Wednesday, February 23, 2022

Permute Rejected From the App Store

Charlie Monroe (tweet):

The update got rejected because someone at Apple suddenly (this feature in this form has been around from the very beginning) decided that Permute does not correctly implement the option to detect external subtitles. This feature allows Permute to detect .srt or .ass files in the same folder as the video file and merge them together.

[…]

In order for Permute to be allowed to automatically scan the folder, it needs to show you an Open dialog where you select the root folder (i.e. your start-up drive, in technical terms the path “/”). This is so that it covers external drives as well.

Now, out of the blue, Apple has decided the the open dialog must not open with the root folder selected, but must be opened with the home folder selected.

[…]

In case you are fans of irony – the official rejection reason says “app does not achieve the core functionality” – yet it does and Apple is forcing me to break it.

See also: Jonathan Deutsch.

Previously:

Bypassing AirTag Security

Bruce Schneier:

A Berlin-based company has developed an AirTag clone that bypasses Apple’s anti-stalker security systems. Source code for these AirTag clones is available online.

So now we have several problems with the system. Apple’s anti-stalker security only works with iPhones. (Apple wrote an Android app that can detect AirTags, but how many people are going to download it?) And now non-AirTags can piggyback on Apple’s system without triggering the alarms.

Bruce Schneier:

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up[…]

[…]

In a similar story, someone used an AirTag to track her furniture as a moving company lied about its whereabouts.

Previously:

EU Says Apple Avoiding Compliance With ACM

Sami Fathi (tweet):

Apple would rather pay a maximum of €50 million in fines than address concerns brought forward by the Dutch competition authority regarding developer access to third-party payment methods on the App Store, the EU’s head of digital policy, Margrethe Vestager, has said.

During a speech about the digital economy and privacy (via TechCrunch), Vestager said that Apple “essentially prefers paying periodic fines, rather than comply with a decision of the Dutch Competition Authority on the terms and conditions for third parties to access” the App Store.

Natasha Lomas:

“We want our work on the gatekeepers to inspire other jurisdictions in the same way,” she said. “And we’re seeing it happen – for example in Japan, the UK, and Australia. In the US, several bills are progressing through Congress and Senate, and they share many features with our proposal. This is very encouraging because it means that there is a great degree of global consensus.”

Previously:

Path Finder Subscriptions

Steve Gehrman:

You may be wondering, is this Path Finder 11? No, from now on it’s just called “Path Finder”. We’ve decided from now on we will no longer use version numbers in the apps name. There is still exists an internal build number which you can use to determine if you have the latest build, but Path Finder will now be an constantly evolving, frequently updated app.

We plan on at least one new build per month. You will no longer have to wait until the major release to get out latest and greatest improvements.

[…]

Big releases are always a nightmare. So we are saying goodbye to big releases and switching to a very simple subscription model.

[…]

If you purchased Path Finder 10 less than a year ago, the new Path Finder will run using your License key until you reach the one year mark.

It’s $2.95/month or $29.95/year.

Previously:

How to Check an APFS Backup Store

Howard Oakley:

Checking dozens or even hundreds of backup snapshots stored on hard disks can take many hours.

If you don’t check the snapshots, there’s little point in checking your backup storage, as all your backups are stored in snapshots.

As snapshots are read-only, if they develop errors, it appears that they can’t be repaired anyway.

If a backup snapshot develops an error, there’s no way to replace it, as snapshots can’t be copied from another volume.

Howard Oakley:

Checking and repairing disks is one of the more important tasks performed by Disk Utility, but ever since the introduction of APFS, it has been more fraught than it should have been. One of its most persistent and pervasive problems has been complete failure because Disk Utility has been unable to unmount volumes or containers.

[…]

The best news of all is that [in Recovery] you can still use the command tool fsck_apfs directly, and work around this bug in Disk Utility. The bizarre twist is that you can use Disk Utility’s Unmount tool to unmount volumes and containers which the app itself appears unable to unmount successfully.

[…]

Apple recommends that you first check and repair volumes within a container, then the container itself, and finally the disk (which you can do completely within Disk Utility). That is oddly the exact opposite order previously recommended by many, and duplicates checks on volumes which are normally repeated when you check their container.

Howard Oakley:

All you can then do [if fsck_apfs finds an error] is delete the whole snapshot, knocking a hole in your backups which can never be replaced. Disk Utility’s typical response only rubs salt into the wound by telling the user to make a backup of the affected disk. As it’s currently impossible to copy backup snapshots to another disk, a single error on that storage compromises all your backups stored there: every single one of them, and there’s absolutely nothing that macOS offers to help that.

I think it’s best to use multiple Time Machine drives and rotate them regularly.

Howard Oakley:

Neither the Time Machine menu nor tmutil verifychecksums work with regular backups to APFS volumes. I’m very grateful to winmaciek for pointing out that this is possible for a special backup using the contextual menu which appears when you Control-Shift-Click on the disk icon in the Time Machine pane.

This produces a special backup which might contain checksums and therefore could be verifiable. However, kapitainsky has checked the log, and reports that all this does is verify the FSEvents database, which has nothing at all to do with integrity checking. Without documentation from Apple, we’re left to guess what this feature does. In any case, there’s no apparent way to make these the default, so even if they do check integrity, they’re of very limited use.

Although APFS does use checksums within file system metadata, it currently has no option to store or check them for file data.

Previously:

Tuesday, February 22, 2022

Swift 5.6 Features in Xcode 13.3 Beta 3

Apple:

Swift now allows existential types written with the any keyword. An existential type is a type that can hold a value of any type conforming to a specific protocol. The any keyword creates a syntactic distinction between existential types and protocol conformance constraints. The any keyword is an important syntactic indicator that you’re using an existential type, because there are fundamental limitations on the capabilities of these types, such as the inability to conform to protocols. [SE-0335]

[…]

Swift now provides an incremental migration path for data race safety. APIs can adopt concurrency without breaking clients that haven’t adopted concurrency. An existing declaration can introduce concurrency-related annotations (such as making its closure parameters @Sendable) and use the @preconcurrency attribute to maintain its behavior for clients who haven’t adopted concurrency[…] [SE-0337]

[…]

The standard library now provides the withUnsafeTemporaryAllocation(of:capacity:_:) and withUnsafeTemporaryAllocation(byteCount:alignment:_:) functions. You can use these functions to cheaply allocate raw storage for a brief duration. The system allocates storage on the stack if possible. [SE-0322]

Previously:

Update (2022-03-07): Paul Hudson:

Swift 5.6 introduces another barrage of new features to the language, while refining others as we get closer to Swift 6. In this article I want to introduce you to the major changes, providing some hands-on examples along the way so you can see for yourself what’s changing.

Git Tower 8

Bruno Brito:

While accessing a branch’s history, you can now toggle the “Compare” icon to compare that branch against a different local branch, so that you only see the commits that have been made on the feature branch.

[…]

By comparing your local branches to a base branch, [the Branches Review] view will help you identify which branches have been stale or become obsolete, so that you can clean up your Git repository with confidence.

[…]

When right-clicking a branch, you will now have the option to pin it. Pinned branches will appear in the new “Pinned” section in the sidebar.

[…]

You can filter branches, tags and submodules using the input field at the bottom of the sidebar.

Previously:

Objective-C Messages to nil

psu:

In the more modern versions of the runtime, the area that the runtime uses to write the result of the method call is zero’d out no matter what the type of the return value will be. In older versions of the runtime you could get into trouble because this “return 0” behavior only worked if the method returned something that was the size of a pointer, or integer, on the runtime platform. And on PowerPC if you called a method that returned a float or double you could get all kinds of undefined suffering.

Anyway, I was having a chat with a nerd friend of mine at work, and we both got curious if this behavior dated back to the original Objective-C runtime or if it was added at some point. With the entire Internet at our fingertips surely this could not be that hard to figure out.

[…]

The long post verifies that the original Objective-C runtimes threw an error told to send messages to nil, and that this was changed to the current fall-through behavior in a release of some software called “ICPack 201”. This package was released by a company called Stepstone, which originally developed and owned the language in the 80s.

Why Lattner Left the Swift Core Team

Chris Lattner (Hacker News):

To answer your question, the root cause of my decision to leave the core team is a toxic environment in the meetings themselves. The catalyst was a specific meeting last summer: after being insulted and yelled at over WebEx (not for the first time, and not just one core team member), I decided to take a break. I was able to get leadership to eventually discuss the situation with me last Fall, but after avoiding dealing with it, they made excuses, and made it clear they weren’t planning to do anything about it. As such, I decided not to return. They reassure me they “want to make sure things are better for others in the future based on what we talked about” though.

On Swift Evolution, my original intention was to continue participating in the forums, but after several discussions generating more heat than light, when my formal proposal review comments and concerns were ignored by the unilateral accepts, and the general challenges with transparency working with core team, I decided that my effort was triggering the same friction with the same people, and thus I was just wasting my time.

[…]

It is obvious that Swift has outgrown my influence, and some of the design premises I care about (e.g. “simple things that compose”) don’t seem in vogue any more.

[…]

I think that Swift is a phenomenal language and has a long and successful future ahead, but it certainly isn’t a community designed language, and this isn’t ambiguous.

I think many initially hoped that Lattner would have a BDFL sort of role, but after he left the company that became incompatible with Apple’s desire to drive the design in support of its private internal plans. At present, the only Core Team member from outside of Apple seems to be Saleem Abdulrasool of Google Brain.

Previously:

Apple Sales Support and UPS

Dave Winer:

I’ve been feeling pretty good lately, but when I have an interaction with Apple, I think seriously I should just write off the $1300 I paid for the iPhone 13 Pro and get a high-end Android phone. I probably won’t because I’m locked in to so many Apple services.

Anyway, 17 days after buying the phone from Apple, $1300 plus tax, it is still not here. UPS says it will be delivered tomorrow, but they’ve said that every day in the last week.

[…]

The person recited some boilerplate saying that Apple will issue the refund when they receive the phone. I stopped her and repeated I don’t have the phone so I can’t return it.

Dave Winer:

I’ve spent hours on the phone with Apple people, tried using the support address on Twitter, and have gotten conflicting advice from Apple people, and they’ve lost the case a couple of times.

Dave Winer:

After trying to get help from Apple Support on Twitter, I wrote an email to Tim Cook, the CEO of Apple. Within an hour of sending the email, I got a phone call from someone in “Apple Retail Executive Relations” who was empowered to blow through the problem. A third iPhone was sent, this time via Fedex, which is, in my experience, much more reliable in this area than UPS.

[…]

There’s not much more to say that isn’t spelled out in the email to Tim Cook, so I’ll just leave it there, except to say at all levels Apple people knew what the right thing to do was, but their system wouldn’t let them do it. That is, until we got to someone who was at most a couple of hops from the CEO, who was empowered to solve the problem.

John Gordon:

Based on my experience with Apple’s one day express shipping I recommend going to Apple Store for iPhone purchase or service. Lots of things are in bad shape now.

Previously:

Authenticator App Clones

Craig Grannell (also: MacRumors):

Kevin Archer is an indie developer who makes Authenticator App by 2Stable, a feature-rich, premium and suitably named take on, well, an authenticator app. There are of course other, similar, apps on the App Store. But he today revealed just how similar.

On Twitter, he claimed another developer lifted text from his app (including a section on Apple Watch support, despite the other app not supporting Apple’s wearable). When testing the app, Archer found a review request during onboarding, which doesn’t appear to align with Apple guidelines. And, naturally, there’s a weekly IAP subscription, because of course there is.

There are more clones that directly lift his copy and that don’t even work.

Previously:

Monday, February 21, 2022

Apple TV’s “Universal Search” Is a Black Hole

Joe Rosensteel:

If a movie is located within a service that I’m already paying for, then I’d like to get that. I don’t want to browse all of the services, and I don’t use websites that claim to have a complete catalog of where movies are available because that’s not always true, and they also can’t take into account movies that I have already paid for in my library.

It’s not an easy problem to solve, but Apple at least seemed interested in solving it when they introduced Universal Search for Apple TV. Unfortunately, Apple doesn’t seem so interested in this problem anymore—and Universal Search has become increasingly useless and frustrating.

[…]

Because of Apple’s infamous App Store rules, Hulu can’t actually tell me what I’m missing. Searching within the Hulu app on my iPhone will show “Dune,” which is why it’s being indexed for universal search… but tapping on it for more info only generates this error message: “Sorry, but your subscription doesn’t include that movie. You can manage your subscription from your account page.”

And it’s hard to imagine that this inaccurate data is really just there by mistake. It’s far more likely that this is an attempt to drive unsuspecting users into viewing their video ads, or inducing them to sign up for their add-on services (that can’t actually even be referenced on Apple’s platforms).

An Unsolicited Streaming App Spec

John Siracusa:

I subscribe to a lot of streaming video services, and that means I use a lot of streaming video apps. Most of them fall short of my expectations. Here, then, is a simple specification for a streaming video app. Follow it, and your app will be well on its way to not sucking.

This spec includes only the basics. It leaves plenty of room for apps to differentiate themselves by surprising and delighting their users with clever features not listed here. But to all the streaming app developers out there, please consider covering these fundamentals before working on your Unique Selling Proposition.

[…]

It’s a sad state of affairs when the original TiVo on-screen interface bests most modern streaming apps in terms of predictability, legibility, and consistency.

This is a really good list. It’s depressing how bad virtually all of these apps are at what seem like basic features.

brandononearth:

As a former designer on one of these apps, these basic features will likely never arrive. Corporate incentives prioritize features that either make you watch more ads, or make you watch more content. If the feature doesn’t do that, it’s an internal uphill battle to get it built.

Alas, Apple in the services era is no longer in a position to swim against that tide.

Nick Heer:

We had just finished watching a recent Marvel movie in the Disney Plus app on our Apple TV, and were waiting for the post-credits scene to play. But midway through the credits, the screen changed to a view where the video was playing at a thumbnail size and there were a couple of onscreen buttons. We tried scrubbing over to the thumbnail to return it to a fullscreen view, but it was not selectable. One of the buttons was marked “Play Movie” or something similar, so we clicked on that one thinking it would let us play it from where we left off, but it restarted the movie. So we scrubbed to the very end where we could see the post-credit scene, pressed play, and it immediately shrank to that thumbnail screen with two buttons.

This is a Marvel movie — a movie where scenes in and after the credits are entirely normal — playing in the parent company’s app. And, as far as I can figure out, there is simply no way to watch the post-credit scene.

Dan Moren:

My personal addition to this list is better recognition of when you’ve finished an episode (I’m sorry, I’m not always going to watch all five minutes of credits—you should be able to figure that out).

Rui Carmo:

Although the Vodafone Portugal Android TV app does take me to the last channel I was watching when I launch it, it plays it in the background behind a “currently on” display that takes up the whole screen, and I have to do three clicks on the remote to make it go away.

John Siracusa:

The number one complaint, by far, was that streaming apps make it too difficult to resume watching whatever you were already watching. As I noted earlier, conflicting incentives easily explain this, but people still hate it. A reader who wished to remain anonymous sent this story of how customer satisfaction gets sacrificed on the altar of “engagement.”

[…]

People don’t feel like they are in control of their “data,” such as it is. The apps make bad guesses or forget things they should remember, and the user has no way to correct them. Some people told me they have simply given up. They now treat their streaming app as a glorified search box, hunting anew each time for the content they want to watch, and keeping track of what they’ve already watched using other means, sometimes even using other apps. (I imagine this flailing on each app launch may read as “increased engagement.”)

Finally, there was a long tail of basic usability complaints: text that’s too small; text that’s truncated, with no way to see more; non-obvious navigation; inscrutable icons and controls; and a general lack of preferences or settings, leaving everyone at the mercy of the defaults. Oh yeah, and don’t forget bugs, of course. Multiple people cited my personal most-hated bug: pausing and then resuming playback only to have it start playing from a position several minutes in the past. Have fun trying to fast-forward to where you actually left off without accidentally spoiling anything for yourself by over-shooting!

See also: Accidental Tech Podcast.

Previously:

Update (2022-03-09): Jesse Squires:

Notably, @plex checks off all these boxes.

Isaiah Carew:

fire tv is actually pretty good. and despite being related to amazon TV — this big is different.

usually it will display the movie/show so long as it’s available somewhere — even on a service you don’t subscribe to.

Andres Guadamuz:

Can we discuss again the brilliance of this meme?

Update (2022-09-14): Jezper Söderlund:

Today we wanted to see the next episode of The Americans on @DisneyPlus, continuing where we left off yesterday. It takes 13 clicks to get there in their Apple TV app. Not ok.

John Siracusa:

The “Continue watching” section was eleven rows of icons down from the top of the Disney+ Apple TV app the last time I tried to watch the latest episode of She-Hulk.

Time Machine Skips Some Files in iCloud Drive

Howard Oakley:

Documents stored in user folders created by the user in iCloud Drive appear to be backed up most reliably, and appear in both snapshots and backups. That assumes, of course, that they aren’t evicted and left as stub files.

Documents stored in folders created and maintained by apps are less reliable. Those of third-party apps appear to behave as user documents, in both snapshots and backups, so long as they aren’t evicted. However, documents in the folders managed by Apple’s ‘special’ apps using paths of the form com~apple~specialapp, including Numbers, Pages and Keynote, aren’t reliably backed up by Time Machine.

[…]

The third lesson, then, is that you can’t rely on Time Machine to back up documents stored in iCloud Drive. It might do a good job, or it could omit them completely from its backups.

Previously:

Network Time Machine Backups

Ivan Drucker:

For desktop Macs, it’s easy to keep an external Time Machine drive permanently connected. But, speaking from my experience as a consultant, I find that the vast majority of laptop users, myself included, are unlikely to plug in a drive regularly.

[…]

The Time Capsule’s void has been filled by third-party NAS products, though I suspect many Mac users are generally unaware of this category of product. I have set up several NAS devices as Time Capsule replacements for clients, and while they do work, none are perfect, many are too complex or expensive, and some share problems (notably slow performance) with the Time Capsule while introducing a few of their own.

In this article, I will detail my quest to find or build a better Time Capsule and solicit the collective wisdom of the TidBITS community to further that quest. To the extent that I conclude anything, it is that when it comes to network backup for the Mac, there are many choices, each with tradeoffs, and you’ll need to decide what makes the most sense for your situation.

It seems like the easiest way is to use Share as a Time Machine backup destination with an old Mac.

Previously:

Update (2023-09-05): Stephen Hackett:

Say you have a Mac mini on your network, and a MacBook Pro. You can hook up an external drive to that Mac mini, and within a few minutes, be backing your MacBook Pro up across your network using Time Machine.

Here’s how to do it.

Nick Heer (Mastodon):

Then I got to the part in the guide where it says I should be able to authenticate and mount the drive, and I hit a wall: I could not move past the user name and password dialog. It was not that my password was being interpreted as though it was incorrect — that comes later — but that it would accept it and then show the dialog again. I could not even mount the external drive in Finder, and sometimes it struggled to mount any drive on the host MacBook Air. I kept seeing errors like “The operation can’t be completed because the original item for ‘Remote Backup’ can’t be found”, and “There was a problem connecting to the server ‘Remote Backup’. You do not have permission to access this server.”

[…]

System370 on Reddit pointed out in a months-old thread that smbd needs to be granted Full Disk Access permissions in System Preferences on the host Mac. That is the SMB protocol daemon; SMB is the file sharing protocol used to mount the drive on a remote Mac. I enabled Full Disk Access for the daemon, completed Time Machine setup on my MacBook Pro, and it is now creating a Time Machine backup remotely.

Previously:

Friday, February 18, 2022

Chrome OS Flex

Tim Hardwick:

Google has announced early access to Chrome OS Flex, a method of replacing the operating system on older PCs and Macs “within minutes” to essentially turn them into Chromebooks.

[…]

The idea is that if you have an aging Mac lying around that can’t run macOS 12 Monterey, then you can install Chrome OS Flex on it using a bootable USB stick and then try out what Google’s cloud-first operating system has to offer.

[…]

However, there’s currently no Google Play Store, and Google has outlined some other, mainly system-level limitations of OS Flex that distinguish it from Chrome OS on native Google devices.

Previously:

Where Mac Catalyst Falls Short

Steve Troughton-Smith (tweet):

The biggest glaring hole in UIKit on macOS is its handling of document-based apps. […] No Apple app is dogfooding this aspect of Catalyst, and it shows.

[…]

If you dig in, you will find that Catalyst gives you all the tools you need to build a settings window using the UIKit window scene APIs. I have sample code that demonstrates just that. However, there are still missing pieces[…]

[…]

The number one user request in my apps, and the number one topic I’ve been asked about from developers over the past two years, is all about putting UI in the menu bar.

[…]

While I appreciate the new configuration APIs added to UICollectionView to perform the function of a regular table view, unfortunately by default they just don’t give you a table view that works as expected on macOS. You’ll be hundreds of lines in just trying to match the basic behavior one might expect from an AppKit NSTableView, with selection and inactive states, and completely on your own when it comes to type-select or more-esoteric AppKit-wide keyboard shortcuts. Beyond that, UICollectionView in general just doesn’t have the mechanics to understand the distinction between a click, double-click, touch, keyboard trigger, or stylus touch — they’re all just ‘a selection’.

[…]

Unfortunately, only a subset of NSToolbar-related functionality is bridged, which means you’ll have to start using your own AppKit bridge if you need things like a search field, for example, or custom-drawn views like a Safari-style URL field, volume slider, or where you want a manually-specified fixed size.

[…]

Inspector panels was one aspect of AppKit bridging that was originally touted, unofficially, as an option for Catalyst developers. However, there just simply is no way to get UIKit-based content in such a panel window.

[…]

However, beyond the most basic changes to padding in Interface Builder and SwiftUI, your layout is going to need a ton of work to be able to run in both [idiom/scaling] modes without a million ifdefs, and you’re really left out to dry here.

Don’t Use Text Pixelation to Redact Sensitive Information

Dan Petro (via Hacker News):

To show you why, I wrote a tool called Unredacter that takes redacted pixelized text and reverses it back into its unredacted form.

[…]

The key thing we’re focusing on is that the redaction process is inherently local. In cryptographic terms, we’d say it has no diffusion. A change of one pixel somewhere in the original image ONLY impacts the redacted block it belongs to, meaning that we can (mostly) guess the image character by character. We’ll do a recursive depth-first search on each character, scoring each guess by how well it marginally matches up to the redacted text.

[…]

The bottom line is that when you need to redact text, use black bars covering the whole text. Never use anything else. No pixelization, no blurring, no fuzzing, no swirling. Oh, and be sure to actually edit the text as an image. Don’t make the mistake of changing your Word document so that it has black background with black text.

Previously:

Dutch ACM Wants Existing Apps to Support External Payments

ACM (Hacker News):

The Netherlands Authority for Consumers and Markets has concluded that the revised conditions that Apple has imposed on dating-app providers are unreasonable, and create an unnecessary barrier. The new conditions stipulate that dating-app providers must develop a completely new app if they wish to use an alternative payment system. Apple has informed ACM about these new conditions. App providers cannot adjust their existing apps. ACM finds this to be an unreasonable condition that is at odds with the requirements that Apple had set out. ACM is of the opinion that, as such, Apple still does not comply with ACM’s requirements. Apple must therefore pay another 5 million euros. The total of all penalty payments currently stands at 20 million euros.

Jon Porter:

The revenue Apple gains through in-app purchases from dating apps in the Netherlands is likely to make up an insignificant fraction of its global takings. But the dispute is significant for the early precedent it could set amidst an international wave of scrutiny over Apple’s App Store policies.

[…]

Interestingly, the ACM’s notice posted today doesn’t specifically mention Apple’s intention to collect a 27 percent commission on in-app payments made through alternative payment systems.

Apple previously failed to meet the ACM’s deadline for changing its policy, which saw it liable for a weekly fine of €5 million (around $5.7 million) until it complied.

Joe Rossignol:

The ACM will continue to fine Apple five million euros per week, up to a maximum of 50 million euros, until it feels the company has fully complied with the order.

Florian Mueller:

If the alternative payment option saved end users a significant amount of money, I’m quite sure the transition would work (and would be worth developers’ while).

[…]

It strikes me as odd that the ACM does not describe those [other] issues even at a high level. Why aren’t they being more transparent?

Previously:

Newegg Refund Scandal

Jez Corden (Hacker News):

Popular tech outlet Gamers Nexus recently reported an incident with Newegg, which has long been a staple for PC builders. The Gamers Nexus team purchased a motherboard from Newegg, and later decided to return it having realized that it was no longer required. Newegg then claimed that Gamers Nexus had damaged the motherboard, and then declined to offer a refund. After several months wrangling with Newegg, it seems the company had attempted to get the motherboard repaired themselves, while also denying the refund. Considering that Gamers Nexus had never even opened or used the motherboard, naturally this raised suspicions.

After exhausting all customer service options, Gamers Nexus went public on his sizeable YouTube channel. As you might expect, this led to an immediate refund from Newegg, and a return of the motherboard in question. And this is where the fun really begins.

The damage to the motherboard was not consistent with the type of damage that would occur in transit, featuring bent pins. The motherboard also had an RMA sticker on it, which would appear to indicate that Newegg had attempted (and failed) to repair it with the manufacturer prior to selling it on as “open box.”

teddyh:

I have a theory[…] NewEgg decides to decline the RMA just because they can, claiming whatever excuse they are forced to make up when anyone asks. (NewEgg went back and forth regarding whether it was thermal paste on the motherboard or damaged pins on the CPU socket.)

GN knows they didn’t damage the motherboard, since they didn’t even open the shipping box, so they relate the story to their surprisingly large audience, and the whole story blows up.

NewEgg goes “Oops, bad publicity, we’d better refund them.”

GN wants the motherboard returned, too.

NewEgg goes “Oh crap. We said the motherboard was damaged, so if we actually send the real motherboard back, GN will see that it’s fine and know we lied. But GN said that they never opened the shipping box, so GN has never seen the motherboard. We can just send back any old motherboard which is actually damaged. Genius!”, and NewEgg picks a motherboard which is marked as damaged in their inventory system, and ships it to GN.

Jeff Johnson:

I discovered a decade ago that Newegg doesn’t pay return shipping changes for defective items.

Randy Wigginton Answers Questions on Quora

Randy Wigginton (via Dave Mark):

I started attending Homebrew Computer Club meetings. Since I was unable to drive, I asked if anyone lived near me that could give me a lift to the meetings. A really nice guy came up and said he lived close and could give me a ride. I answered, “Great! What’s your name?” His answer: “Steve. But my friends call me Woz”.

In 1977, I joined Apple Computer as their first software engineer and employee #6. While at Apple, I worked on many products, most notably Applesoft Basic, the Apple Disc Drive, and THE Spreadsheet. Also I wrote MacWrite, the first WYSIWYG word processor, for the launch of the Macintosh in 1984.

Previously:

Thursday, February 17, 2022

Taming Links on macOS with Open In

Mike Schmitz:

With Open In, you can trigger a list of installed browsers when you click a link and choose the one you want it to, well, open in.

For the last several years, I’ve been using PasswordWallet as my bookmark opener, because it lets me specify which browser to use for each site. Usually I want to use Safari, but some sites only work in Firefox or Chrome. This way I don’t have to remember.

But there’s a lot more nerdy goodness to be had than just selecting from multiple web browsers. For example, if you add Zoom as an option for browser links, there’s a URL Rewrite section that gets added with a pre-configured regular expression[…] This allows you to open the Zoom link directly in the app, with no additional effort.

[…]

You can also create custom rules for when a file is open from a specific path, is coming from a specific application, or when a keyboard modifier is pressed. For example, I have a rule that allows me to open the file directly in Preview if I hold down the Command key[…]

Previously:

Have you tried Default Browser app by @apexskier? This app is set as the default browser and forwards URLs to the browser you most recently had active. No need to be tied to one default browser. Genius.

Satish E. Viswanath:

Browserosaurus and Finicky are slightly less GUI-based apps that let you do similar things with links and apps.

Apple SSD Benchmarks and F_FULLSYNC

Hector Martin (Hacker News):

It turns out Apple’s custom NVMe drives are amazingly fast - if you don’t care about data integrity.

[…]

On Linux, fsync() will both flush writes to the drive, and ask it to flush its write cache to stable storage.

But on macOS, fsync() only flushes writes to the drive. Instead, they provide an F_FULLSYNC operation to do what fsync() does on Linux.

[…]

So effectively macOS cheats on benchmarks; fio on macOS does not give numbers comparable to Linux, and databases and other applications requiring data integrity on macOS need to special case it and use F_FULLSYNC.

[…]

So, effectively, Apple’s drive is faster than all the others without cache flushes, but it is more than 3 times slower than a lowly SATA SSD at flushing its cache.

As far as I can tell, the summary is:

  1. fsync() does different things on Mac and Linux for historical reasons.
  2. Many non-Apple SSDs don’t actually flush their cache when doing F_FULLSYNC; they seem faster because they lie.
  3. Compared with other SSDs that actually do flush, Apple’s are (for unknown reasons) much slower, though they are faster when not flushing. Or, perhaps, these non-Apple SSDs are lying, too.
  4. Often, what you really want is F_BARRIERFSYNC, not F_FULLSYNC.

Dominic Evans:

Surely that’s a mischaracterisation to claim they’re “cheating” — this is just legacy diversions. On earlier versions of the Linux kernel and in posix fsync() didn’t used to flush the cache either. Darwin independently added the special fnctl to do a “FULLSYNC” long ago

Yes newer kernels (2.6 onward or something?) changed the semantics of fsync() to request the full cache flush too. Darwin didn’t change their fsync because they already had their fnctl to provide the option where needed.

Dominic Giampaolo, in 2005:

On MacOS X, fsync() always has and always will flush all file data from host memory to the drive on which the file resides. The behavior of fsync() on MacOS X is the same as it is on every other version of Unix since the dawn of time (well, since the introduction of fsync anyway :-).

I believe that what the above comment refers to is the fact that fsync() is not sufficient to guarantee that your data is on stable storage and on MacOS X we provide a fcntl(), called F_FULLFSYNC, to ask the drive to flush all buffered data to stable storage.

Rosyna Keller:

Force Unit Access, what this “flush to permanent storage, not disk cache” command is called, is ignored by the majority of drive types (either through lying firmware or a bridge).

It’s not enabled by default in most kernels (Linux, Windows) due to synchronous writes being slow.

[…]

However, every disk Apple ships actually supports Force Unit Access (F_FULLSYNC), and is under a different flag because most cross-platform developers don’t expect fsync() to actually be synchronous, leading to massive performance losses compared to drives that don’t support it.

If you write software they uses full flushing on firmware that isn’t a lying liar and actually goes through a flush to permanent storage, remember that every time you’re doing the full sync, you significantly impact the performance of the entire system, not just your software.

Andrew Wooster:

I was the backupd performance lead and I’d love to move on but it keeps coming up. 🤷‍♂️🤷‍♂️

[…]

I am thankful for the various people at Apple who made sure Apple hardware functioned correctly. Otherwise it would’ve been impossible to have both performance and correctness. The former is easy if you ignore the latter.

Unfortunately, there were problems in another layer that made Time Capsules corrupt their data all the time.

Hector Martin:

So you’re saying my WD NVMe drive lies about flushes, and yet they’re 10x slower than not flushing? Must be really bad at lying then…

The problem is Apple SSDs are 1000x slower when flushing. That’s called a firmware bug.

Maynard Handley:

As I described elsewhere, the traditional solution to ordering writes on unix is fsync. This is a highly sub-optimal solution because it does much more than required.

Apple’s solution is to use the equivalent of barriers, rather than flushes, to enforce ordering; and it works every bit as well as the equivalent solution (barriers rather than flushes) in a CPU pipeline.

Scott Perry:

There’s a third sync operation that lets you have your performance and write ordering too: F_BARRIERFSYNC. SQLite already uses it on Darwin, and it’s part of the best practices guide for I/O reduction

Update (2022-03-09): See also: Howard Oakley, MacRumors, Howard Oakley, JP Simard.

Russ Bishop (Hacker News):

I tested a random selection of four NVMe SSDs from four vendors. Half lose FLUSH’d data on power loss. That is the flush went to the drive, confirmed, success reported all the way back to userspace. Then I manually yanked the cable. Boom, data gone.

The other half never lost data confirmed after a flush (F_FULLFSYNC on macOS) no matter how much I abused them. All four had perf hit from flushing so they are doing some work.

Top two performers on flush? One lost data 40% of the time. The other never lost any.

I guess review sites don’t test this stuff. Everyone just assumes data disappearing on crash/power loss is just how computers work?

I feel bad for the other two vendors who must have test suites and spent engineering hours making sure FLUSH works, only to find out no one cares

Knitrino Rejected From App Store

Lauren Rosenblatt:

Knitrino, maker of an app by the same name that helps knitters navigate tricky projects and find unique patterns, recently signed on to support Epic Games, the North Carolina-based game and software developer behind Fortnite, in its lawsuit alleging Apple is violating antitrust laws and has a monopoly on the app ecosystem.

[…]

After a back and forth argument with Apple to get its knitting app on the store — and a realization that there weren’t many options if they didn’t make it on the digital marketplace — Knitrino signed on in support of Epic. Attorneys for Knitrino filed a legal brief in January alleging Apple’s policies drive up consumer costs, restrict innovation and reduce consumer choice.

“The knitters should get to decide,” said Andrea Cull, co-founder of Knitrino and a knitter herself. “The fact that Apple can say your waiting customers can’t have this, and there was nowhere else to go. To think you spent two years building something for it to never see the light of day.”

Via Kosta Eleftheriou:

Knitrino appealed Apple’s decision to its own review board. It was rejected in 19 minutes.

David Barnard:

“The feeling that we had when we were going through this was like hitting a wall, but not being able to see the wall […] I don’t know how tall this wall is. I don’t know if I can walk a few miles that way and get around it. We were just feeling around in the dark.”

Duncan Babbage:

The irony here: the rejection seems to be for trying to supply physical goods as part of the fulfillment of an App Store purchase. For which Apple allows and instructs developers to use an external payment processor within their apps… the exact privilege Epic was suing for.

I don’t really understand what happened here. They should have known about the physical goods rule, but the app was eventually approved, and presumably Apple didn’t cave on that part. Yet the solution couldn’t have been just removing the physical goods because the article says:

After the first rejection, Knitrino made some technical changes and tried again. For the next several days, the founders went back and forth with Apple — making changes, reapplying and receiving what seemed like irrelevant portions of Apple’s policies pasted back in response.

[…]

Knitrino did later get Apple’s approval, though the sisters aren’t clear what led to the reversed decision.

So they still don’t know what they did “wrong” and have no way of knowing whether a subsequent reviewer will decide that it should never have been approved.

Previously:

Google Search Is Dying

DKB (Hacker News, Reddit):

Reddit is currently the most popular search engine. The only people who don’t know that are the team at Reddit, who can’t be bothered to build a decent search interface. So instead we resort to using Google, and appending the word “reddit” to the end of our queries.

[…]

Why are people searching Reddit specifically? The short answer is that Google search results are clearly dying. The long answer is that most of the web has become too inauthentic to trust.

Dan Grover:

It’s true; you can get better signal when you’re looking at discussions with actual people (even people you don’t know), with the added social context + validation of the specific subreddit.

I’ve noticed two separate things:

So, whereas I used to rely almost exclusively on Google, I now do site-specific searches where possible. Otherwise, I use Bing by default and Google as a backup.

Nick Heer:

But “DKB” is right about one thing: even if you are skeptical of the extent to which you can treat those charts as an indicator of trust in Google’s results — as I am — that results page is still pretty poor. The bizarre relationship between Google and marketers often means the first page is full of display ads and results that are effectively ads.

Kevin Roose:

The evolution of Reddit from nerd water cooler to toxic sludge pit to “only website left with usefully indexed user-generated content” is one of the weirder tech stories of the last decade.

Previously:

Update (2022-03-23): Abhinav Sharma (via Hacker News):

There’s been a lot of complaining about Google’s search results lately, especially when it comes to high-stakes subjective queries. But no viable competitor has emerged despite many new search engines launching lately.

At least nothing good enough that people are excitedly sharing “Hey, have you tried X lately, it’s way better than Google.” What follows is an effort to explain what’s going on and a pitch for an open-source project I’ve been working on that tries to solve the problem in a new way.

Update (2022-06-24): Charlie Warzel:

Like many, I use Google to answer most of the mundane questions that pop up in my day-to-day life. And yet that first page of search results feels like it’s been surfacing fewer satisfying answers lately. I’m not alone; the frustration has become a persistent meme: that Google Search, what many consider an indispensable tool of modern life, is dead or dying.

[…]

Haynes agrees that ads’ presence on Search is worse than ever and the company’s decision to prioritize its own products and features over organic results is frustrating. But she argues that Google’s flagship product has actually gotten better and much more complex over time. That complexity, she suggests, might be why searching feels different right now. “We’re in this transition phase,” she told me, noting that the company has made significant advancements in artificial intelligence and machine learning to decipher user queries. Those technical changes have caused it to move away from the PageRank paradigm. But those efforts, she suggested, are in their infancy and perhaps still working out their kinks. In May 2021, Google announced MUM (short for Multitask Unified Model), a natural-language-processing technology for Search that is 1,000 times more powerful than its predecessor.

Nick Heer:

Earlier this year, our washing machine was not completing a cycle correctly. The model number seems to be one of those ones specific to a long-departed retailer; so, after I was unable to find a copy of the manual, I resorted to more general searches. Turns out that appliance troubleshooting seems to be one of the more polluted genres of query. DuckDuckGo and Google searches alike returned page after page of keyword-filled junk intended solely to rank highly.

Update (2023-03-08): See also: Hacker News.

G Suite for Education Reduces Free Storage

Shantanu Sinha, in 2021:

We’ve learned that a one-size-fits all approach isn’t what educators need from tools like G Suite for Education. Whether you’re in a rural elementary school, urban university or homeschool setting, our technology and tools should adapt so you can focus on what matters most: teaching and learning. That’s why we’re making a few changes to provide you greater choice and flexibility in selecting the best tools to empower your institution.

[…]

Our free edition G Suite for Education will be renamed to Google Workspace for Education Fundamentals. If you’re currently using this edition, you won’t see any changes besides a new name and new features. We’ll keep building new solutions for this free version by listening closely to educators and their needs.

[…]

Google has traditionally offered unlimited storage to qualifying schools and universities for free. However, as we’ve grown to serve more schools and universities each year, storage consumption has also rapidly accelerated. Storage is not being consumed equitably across — nor within — institutions, and school leaders often don’t have the tools they need to manage this. To support schools into the future and ensure fair distribution of this valuable resource, we will be implementing a new pooled storage model and helping admins and school leaders manage their storage.

Bryan William Jones (Hacker News):

Looks like the unlimited storage that Google promised my university a couple years ago is being discontinued, and the entire institution is being limited to 100TB… I can fill that 5 times over with our data.

[…]

This feels like Google Reader all over again.

Via Oliver Hunt:

Yeah, so google is pretty much entirely a bait and switch operation: they offer vastly more storage than others, and they do so for “cheaper” but if people actually use that storage they will cancel or start charging for the service.

Even at google’s scale they cannot give things away for free. Email can be “free” because they mine it for data - gmail is why amazon no longer includes order details in email. Android is “free” because they get to harvest all their user’s data.

Previously:

Update (2022-03-09): Nick Heer:

It all reeks of dishonesty. Why should anyone trust Google if it constantly pulls these bait-and-switch moves? It also smells of market position abuse. How many other companies can start and stop projects on a whim? How many other companies can give away storage until individuals and businesses and institutions are fully locked-in, and then turn around and charge them a fortune? The only reason this does not have a greater negative effect on Google is because its primary business has nothing to do with selling services. So long as its dominant advertising business is raking in cash, it has the flexibility to do this same trick over and over.

Update (2022-03-23): John Gordon:

Google’s top secret option for Google apps users facing doom

Pair Networks and Linode Acquired

Pair, in 2018:

Today, Liberated Syndication, Inc. (LSYN), the Pittsburgh-based podcast hosting network, announced that it has closed its acquisition of pair Networks, Inc.

You can read the press release here.

Frederic Lardinois:

Akamai, the company you probably mostly think of as a content delivery network but that also offers security and edge computing services, today announced that it has acquired Linode. The price of the acquisition is $900 million, with Akamai expecting Linode to add about $100 million in revenue for its fiscal year 2022.

[…]

“The opportunity to combine Linode’s developer-friendly cloud computing capabilities with Akamai’s market-leading edge platform and security services is transformational for Akamai,” said Akamai CEO and co-founder Dr. Tom Leighton in today’s announcement.

Update (2022-03-09): See also: Accidental Tech Podcast.

Wednesday, February 16, 2022

Surprises When Using Markdown in SwiftUI

Marco Eidinger (via Dave Verwer):

A nice surprise is that SwiftUI supports GitHub Flavored Markdown (GFM). […] An Apple engineer confirmed the use of GFM in the Apple Developer forum.

[…]

Using a string literal in Text works. Fine, but using a string variable does not! […] The trick is to use init(_:) of LocalizedStringKey.

[…]

You might run into the situation that you have an AttributedString with line breaks (\n), but those line breaks are not displayed.

The trick is to add the .inlineOnlyPreservingWhitespace option when initializing the AttributedString.

BBEdit 14.1

Bare Bones Software:

Image files are browseable in disk browsers and projects, and openable into ordinary window sidebars. The image view includes metadata details, and a “Remove Metadata” button is available for deleting image metadata if desired. (BBEdit will create a macOS version snapshot of the image file before doing so, if possible.) BBEdit will attempt to pick a background color (shade of gray) that provides reasonable contrast with the image. If desired you can adjust the background color using the slider adjacent to the image, and BBEdit will remember this setting per-image.

The File Info item (in the navigation bar) and “Get Info” command (from the menu bar or contextual menu) will show an image thumbnail and the image metadata in respective tabs in the info popover.

[…]

“Process Lines Containing” provides the option to invert the match test, such that lines which do not match the provided search string or pattern are collected, rather than those which do.

[…]

BBEdit can load codeless language modules written using YAML or JSON. This may lower the barrier to entry, since (depending on your individual predilections) either is simpler to read (and write) than XML property lists. The keys and values remain as documented.

[…]

For documents in languages for which a language server is installed and running, “Show Symbol Help” on the Edit menu will show detailed information based on the start of the selection range in the document. (This is based on the LSP “hover” feature, for those who are curious.)

Previously:

Omni Automation Now in Shortcuts

Ken Case:

This multi-platform automation for our apps—called Omni Automation—is now extended by Shortcuts to the rest of the platform’s automation world. Shortcuts on the Mac makes that power more accessible than ever, both to end users and to developers creating the app ecosystem.

In addition to bringing over the OmniFocus Shortcuts actions we already support and ship on iPhone and iPad, we’ve added two new Shortcuts actions to all our apps which integrate with Omni Automation. By including “Omni Automation Script” and “Omni Automation Plug-In” actions with each of Omni’s applications, our robust device-independent application scripting merges with Apple’s updated Shortcuts automation frameworks in the iOS, iPadOS, and macOS operating systems.

Ken Case:

For anyone who uses any of our apps on an iPhone or an iPad, we’re starting out the year with updates across the board. With these updates, Omni Automation in Shortcuts is available across all of our apps and on all platforms.

Previously:

Android Privacy Sandbox

Anthony Chavez:

Today, we’re announcing a multi-year initiative to build the Privacy Sandbox on Android, with the goal of introducing new, more private advertising solutions. Specifically, these solutions will limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID. We’re also exploring technologies that reduce the potential for covert data collection, including safer ways for apps to integrate with advertising SDKs.

The Privacy Sandbox on Android builds on our existing efforts on the web, providing a clear path forward to improve user privacy without putting access to free content and services at risk.

​​We realize that other platforms have taken a different approach to ads privacy, bluntly restricting existing technologies used by developers and advertisers. We believe that — without first providing a privacy-preserving alternative path — such approaches can be ineffective and lead to worse outcomes for user privacy and developer businesses.

Sami Fathi:

Unlike Apple’s ATT, which requires all apps to ask for user consent before tracking them across other apps and websites, however, Google’s Privacy Sandbox will limit app ability as default while also looking for new privacy-preserving ways to enable mobile advertising.

[…]

Google’s approach is striking a different tone, with Snapchat, who had previously said ATT presented a “risk” to its business, saying in a statement that it is “excited to collaborate with Google to develop new privacy-preserving standards for Android.” Google said it would receive input across the industry as it builds Privacy Sandbox over the next two years.

Previously:

Update (2022-03-09): John Gruber:

Two years puts them around three years behind iOS, which implemented App Tracking Transparency (ATT) last year. Or maybe that’s just three years until Android jumps ahead of iOS on privacy guards against surveillance advertising, since ATT is the “blunt”, “ineffective” approach Google is attributing to “other platforms”.

Ron Amadeo (via John Gruber):

That bit about being a sandbox for “compatible SDKs” is the big catch for the SDK Runtime and the Android Privacy Sandbox. It’s optional. Chrome’s Privacy Sandbox, even if it is a watered-down privacy solution, is at least starting with the progress of blocking third-party cookies. The existing tracking methods in Chrome will be blocked, and Google is offering an alternative solution that will have some (again, watered-down) privacy benefits. Google has not announced plans to block or limit any existing tracking techniques on Android. Android apps have a lot more privileges than a website, and developers could choose to ignore this and include an ad SDK that does not use the SDK sandbox.

Nick Heer:

I am finding it hard not to read the details as an overcomplicated way to meet in the middle without clear benefits. Google’s market dominating advertising business means regulators will surely raise concerns if any Android ad tech companies are affected by more meaningful changes, so Google must take a more cautious approach. But that means the result will likely be ineffective for privacy.

The Asymmetry of App Review

Steve:

My experiences with Microsoft dev relations over the past decade have been nothing but positive and frictionless. My experiences with Apple have been nothing but combative and “computer says no”

Via Florian Mueller:

As for “computer says no,” the problem is that Apple has to handle such huge quantities of app submissions every day that they have to automate the process to a high degree, and flexibly assign new requests to whoever is available to respond. That makes the experience impersonal most of the time.

[…]

It’s also understandable that Apple says you must submit an actual app to them to get a decision. You can’t just describe what you plan to develop and ask them whether they will approve. Here, again, the problem is not that they do it that way: the problem is that if you actually create that app and they reject it, it’s one click for them (plus another to reject your appeal) and an enormous loss for you as a developer.

Tim Carr:

That feeling every time you hit the “Submit for Review” button knowing that a single reviewer at Apple might decide your entire app was never ok and torpedoes it off the App Store - it is unique, never had that horrid fear anywhere else.

Tim Carr:

I still remember being halfway thru a long drive to a week’s vacation & having to stop in a random timmyho’s summer-hot parking lot in order to plead with an App Reviewer who actually called me, for the life of my app. Highest-stakes call of my life ever

David Barnard:

I think the asymmetry of App Review is still lost on Apple. For indie developers our hopes and dreams (and sometimes our finances) hang in the balance, for the App Review team it’s just another app rejection among tens of thousands. I know they think they get it, they just don’t.

Dave Wood:

This is my biggest problem with Apple right now. Not the payment %. That Apple alone has the power to outright kill your business.

No company should be able to decide if another company (or their business plan) should exist. That’s a job for society & the governments we elect.

Jason Snell:

If developers don’t have to bet it all on an App Store acceptance, it also means that they might be more willing to build daring and interesting apps that currently are too risky. Sure, being on the App Store would remain the goal of most developers (it’s hard to imagine it wouldn’t remain the most important real estate on iOS), but many more things are possible if the all-or-nothing gamble is gone.

[…]

The App Review process has gotten a reputation as a capricious and draconian system, but Apple has probably approved many apps that reviewers aren’t thrilled about–either because they don’t want the trouble or because they’re concerned they’ll be limiting the utility of iOS itself if they don’t.

A no-longer-exclusive App Store might tighten its rules and become more opinionated. It might even be more willing to reject shady developers, blast scam apps, and decline certain types of apps altogether. Apple acts as if today’s App Store is just curating the platform, but it’s not–it’s judge, jury, and executioner. If you can fall back on telling developers to release their apps on their own, it’s easier to be a curator.

Perhaps, but there’s still the problem of the bad incentives that come from getting 30% of each scam sale.

Jeff Johnson:

Playstation and Xbox have around 2500 games each. They are truly curated.

App Store and Play Store have around 2-3 million apps each. They are not curated.

Apple would have to drop at least 99% of apps to make App Store “curated”. 20K titles is a reasonable number.

Michael Love:

This is an aspect of “consoles != phones” that Microsoft ought to push a lot more; if there were only 3000 iPhone apps and mine was one of them, I’d have no reason to complain about 30%.

(at the final PalmSource conference, they were working on a curated store charging 70%)

Francisco Tolmasky:

It’s really bizarre we cede major aspects of the @AppStore’s narrative. As stated below, anyone who uses the store knows it isn’t curated at all, but we don’t push back on that. It’s like an energy CEO saying “but if we get rid of coal plants, the air will stop being so clean!”

Part of the problem is that it’s been repeatedly shown that people aren’t built to combat such bold lies, and at such high frequency. Just about every part of the @AppStore narrative from Apple is blatantly false. So you get decision paralysis as to which part to argue against.

Ross Boucher:

It really is bizarre. If third party stores could exist, someone would definitely have made an actually curated store by now.

Francisco Tolmasky:

I’d love an actually kid-focused @AppStore, instead of an @AppStore that seems designed to get kids addicted to “games” that are thinly-veiled slot machines. But that would require losing 30% of the revenues from those games, which is the only true @AppStore guideline.

Previously:

Update (2022-03-09): tannedNerd:

I think the most frustrating part of app review is the inconsistency. Ive seen it happen while I worked at FANG level companies down to my own apps and doing contracting for startups. Each time you submit an update you are rolling the dice that a feature that was perfectly fine for every single app submission previously will be flagged for rule a violation.

A perfect example is one of the apps I do contract work for has a web view directory feature that doesn’t have any login pages on it directly, but after about 3-4 clicks you can get to one for the people who’s listings are on there. After 7 years of this app functioning exactly like this (and 1.5 years of sign in with apple existing) they decided it violated the app store rules because it didn’t feature sign in with apple... It took an app store appeal and almost 2 weeks of back and forth over the exact wording of the sign in with apple rules to get them to agree that the original reviewer had overstepped their bounds.

Although my absolute favorite rejection has been for putting a small apology to my users that I had quarantine due to a covid exposure and thats why the app update was delayed as I was unable to work and keep my family safe. It again took an appeal and 2 weeks for the apple to realize that my app hadn’t suddenly become a covid app, which should have been obviously from the first glance at the covid flagging.

Nick Heer:

So the iPhone’s App Store is not a carefully curated selection of only the best apps for the iPhone after all. It is a flea market with a few high-profile vendors. It is completely backwards. Great developers should be rewarded for building high quality apps. Instead, they are frightened every time they submit an update to the store while watching yet another crappy horoscope app with abusive in-app purchases creep up the charts.

Update (2022-04-11): Damien Petrilli:

It’s a forgotten point but this should be addressed by the upcoming anti monopoly laws.

Apple could prevent any competition by just “forgetting” to approve their accounts.

So far, the laws don’t seem to handle retaliation unless they forbid Apple app signing entirely.

Ben Sandofsky:

Our bug fix update has been rejected because of our app preview. It was added 18 months ago with zero complaints from App Review. I am getting extremely tired of this theater.

FlickType Lawsuit Allowed to Proceed

Sarah Perez:

The judge has ruled that at least half the claims can proceed and is giving Eleftheriou the opportunity to amend the remaining items that were dismissed.

[…]

In his own lawsuit against Apple, Eleftheriou aims to document what he alleges were an unfair series of rejections for his Apple Watch keyboard app, FlickType, from the App Store. At the time, Apple told Eleftheriou his app offered a “poor user experience” and noted full keyboard apps were not allowed for Apple Watch. But, he says, it then allowed competitor keyboard apps as well as third-party apps (like Nano for Reddit, Chirp for Twitter, WatchChat for WhatsApp and Lens for Instagram) to launch on the App Store — the latter using an integratable version of the FlickType keyboard, in seeming contradiction to Apple’s earlier claims over FlickType’s poor usability.

When Apple chose to approve FlickType in January 2020, the keyboard app reached the App Store’s top 10 paid app list and generated $130,000 in revenue during its first month, Eleftheriou said. But this soon made it a target for scammers who launched barely usable competitors boosted by fake ratings and reviews, he claims.

Via Kosta Eleftheriou:

In court, Apple didn’t address each cause of action individually, but instead made “a series of broad arguments” claiming that even if this is all true, it shouldn’t matter because they’re not breaking any laws.

[…]

While they advertise the App Store as a “safe and trusted” marketplace and “a great opportunity for all developers to be successful”, Apple also told the court that I couldn’t “reasonably and justifiably” rely on such “general statements.”

[…]

Apple has blocked entire categories of apps from ever seeing the light of day, for self-serving reasons.

A wave of lost innovation is just waiting to happen, and we shouldn’t have to wait for Apple to approve it.

Previously:

Saturday, February 12, 2022

Improving macOS Widgets

Stephen Hackett:

Apple killed off Dashboard at exactly the wrong time. Just one year after Catalina killed Dashboard, Apple started allowing developers to bring their iOS widgets over to the Mac in macOS Big Sur. Sadly, they all got stuffed into the slide-out Notification Center user interface[…]

Notification Center is a real mess. Even on a Pro Display XDR, you get three visible notifications. That’s it.

They’re narrow, too.

I was not a heavy user of Dashboard, but I miss it because the new iOS-style widgets are a huge regression. They’re not interactive. They generally have fewer features or display less information than their iOS counterparts, despite having access to the Mac’s larger display. And they’re unreliable. My Mac frequently forgets all my widgets. I configure them all again. They persist for a few reboots, then sometime in the middle of the day they’ll spontaneously disappear again.

Steve Troughton-Smith:

Widgets need a permanent home in the Mac UI, not hidden off in a Notification Center nobody looks at anyway. Alternative would be massively improving Launchpad to work much more like SpringBoard, and allow you to set that in place of your desktop

John Gruber:

But forcing them into Notification Center on MacOS is poorly considered. The Mac has bigger displays than any iPad, yet has less screen real estate for visible widgets than an iPhone.

Nick Heer:

At WWDC 2007, when Steve Jobs announced the “sweet solution” for iPhone apps, Dashcode was envisioned as a way to build those web apps. The idea was that developers could take their existing Mac OS X widget and convert it to work as an iPhone web app. That, obviously, was not well-received, and an official SDK for native apps was launched the following year. Dashboard withered and died, but not before Dashcode bit the dust. Yet, it took until just a couple of years ago for widgets to once again be a multi-platform effort, now with SwiftUI and, as Hackett wrote, without interactivity. Curious.

BasicAppleGuy:

When Mac OS X 10.7 launched in 2011, Dashboard stopped being an overlay and became a separate page accessed via a swipe gesture, hotkey, or the LaunchPad. By OS X 10.10, Dashboard was disabled by default, and in macOS 10.15, it was removed from the OS entirely.

[…]

Many factors contributed to the success of widgets in iOS 14. First, Widgets became more customizable and provided users with the content they care about. Second, Widgets became more prominent; rather than being relegated to the side panel, Widgets adorned a user's Home Screen however they liked (a 'however they liked' that remains strictly restrained by Apple as to the placement and size of said Widgets). And lastly, third-party apps flooded the App Store allowing for the creation of custom Widgets which furthered the degree of personalization available. This personalization for content, coupled with increased visibility and an enthusiastic developer base, propelled Widgets to popularity. With Dashboard on Mac OS X, Apple did little to promote or enhance the platform beyond its initial release, and widgets were slowly set adrift into a sea of forgotten features.

JF Martin:

This is what we get: a small, vertical, cramped band of widgets. The interface is complex, slow even of fast Macs. I don’t know why Apple is confining them in this small and constrained space, maybe for the sake of some sort of cohesive visual experience to Apple’s other hardware platforms. This design is based on arbitrary rules that we, the users, cannot be related to anything as we have the big screen has a reference. I don’t think Apple had to create such an experience just to make it easy to select a widget and its size. I find it surprising that nobody thought of mocking up a better way of managing widgets in the modern era.

Previously:

Update (2022-02-16): Stuart Breckenridge:

For all of the reasons in this article—and more—we decided not to implement widgets in #NetNewsWire on macOS.

Riccardo Mori:

The usefulness of Dashboard and the concept of the ‘desk accessory’ or widget started waning for me as soon as I got my first iPhone in 2008. Ironically enough, for many quick tasks and quick information retrieval, the iPhone has become the tangible desk accessory. In a way, fetching the smartphone to check things like the weather forecast, the status of a package that I should receive soon, or to make a calculation or unit conversion, is less disruptive of the workflow I’m having on the Mac than having an overlay or a dedicated space within the Mac UI itself.

[…]

Konfabulator’s approach was to embed the widgets in the desktop itself, where they remained, beneath all open windows and apps, always ready to be glanced at when needed, and existing rather unobtrusively when not. If you needed to customise them, you could do so by using the Konfabulator menu extra or by right-clicking on them directly.

[…]

A similar approach can also be seen in Panic’s Stattoo, an app developed in 2004–2006 that certainly didn’t want to replace Konfabulator or Dashboard, but whose idea was to offer a limited selection of widgets that could be placed on your desktop and display useful information like weather, date/time, battery status, song playing in iTunes, email headers, even RSS feeds.

The Time to Fix Web Security Bugs

Bruce Lawson:

One of the reasons Apple gives for the #AppleBrowserBan is to protect user’s privacy and security by fixing bugs quickly:

“By requiring use of WebKit, Apple can provide security updates to all our users quickly and accurately, no matter which browser they decide to download from the App Store.”

Ryan Schoen, Project Zero (Hacker News):

Specifically: after a vendor receives a report of a security issue, how much of the “time to fix” is spent between the bug report and landing the fix, and how much time is spent between landing that fix and releasing a build with the fix?

[…]

Chrome is currently the fastest of the three browsers, with time from bug report to releasing a fix in the stable channel in 30 days. The time to patch is very fast here, with just an average of 5 days between the bug report and the patch landing in public.

[…]

WebKit is the outlier in this analysis, with the longest number of days to release a patch at 73 days.

[…]

For Apple, we’re pleased with the acceleration of patches landing, as well as the recent lack of use of grace periods as well as lack of missed deadlines.

Previously:

Dynamic MacBook Pro Schematic Wallpapers

BasicAppleGuy:

After releasing the MacBook Pro schematics, it became obvious that they lacked an element that I had often included in some of my earlier works: dynamic mode. This specially formatted .heic file automatically changes the wallpaper based on Mac’s appearance (i.e., light or dark mode). When I initially released the wallpapers, I just didn’t have the time or energy to create a complementary set of night-mode wallpapers. But over the past few weeks, whenever a moment presented itself, I have been slowly designing a collection of dynamic wallpapers for both the 14 & 16-inch MacBook Pro. These wallpapers complement existing styles: Cyborg Red, Matrix Green, Deep Teal, Rainbow, M1 Pro, & M1 Max with a ‘Dark Mode’ version combined into a dynamic wallpaper.

Previously:

Microsoft’s Open App Store Principles

Brad Smith:

This regulatory process begins while many governments are also moving forward with new laws to promote competition in app markets and beyond. We want regulators and the public to know that as a company, Microsoft is committed to adapting to these new laws, and with these principles, we’re moving to do so.

[…]

We want to enable world-class content to reach every gamer more easily across every platform. We want to encourage more innovation and investment in content creation and fewer constraints on distribution. Put simply, the world needs open app markets, and this requires open app stores. The principles we’re announcing today reflect our commitment to this goal.

[…]

We will hold our own apps to the same standards we hold competing apps.

We will not use any non-public information or data from our app store to compete with developers’ apps.

[…]

We will treat apps equally in our app store without unreasonable preferencing or ranking of our apps or our business partners’ apps over others.

[…]

We will not require developers in our app store to use our payment system to process in-app payments.

[…]

We will not prevent developers from communicating directly with their customers through their apps for legitimate business purposes, such as pricing terms and product or service offerings.

[…]

Nonetheless, we recognize that we will need to adapt our business model even for the store on the Xbox console. Beginning today, we will move forward to apply Principles 1 through 7 to the store on the Xbox console.

Florian Mueller:

In 2020, Microsoft declared itself in agreement with app store principles laid out by the Coalition for App Fairness (without joining the organization), yet left open the question of whether and when those principles should apply not only to mobile devices and Windows, but also to gaming consoles like the Xbox. Apple pointed, and will keep pointing, to gaming consoles in its defense against Epic Games. On the one hand, it’s understandable that Judge Yvonne Gonzalez Rogers was wondering--especially in light of some Epic-internal emails along the lines of “why go after Apple, not Sony?”--why Epic was suing Apple rather than the makers of platforms on which it makes a lot more money and, therefore, pays far greater commissions to platform owners. And she worried about spill-over effects of whatever she would decide (though a case like that doesn’t really matter much until the appeals court has spoken). On the other hand, smartphones and consoles are not even an apples-to-oranges comparison: even the minority of consumers who own a gaming console at all have a smartphone in reach 24 hours a day, and access to a console for only a fraction of that time. Therefore, during large parts of the day, and in countless everyday situations, a smartphone is our only computing device at hand, while we always have alternatives to a gaming console[…]

[…]

Apple has made itself “the Enemy of the States” (1, 2). The only ally it has left is Google, and even Google is urging Apple to support an open messaging standard rather than cash in on classism and bullying.

[…]

Microsoft aims to be the Gorbachev of app store governance. It considers the opening up of these platforms as inevitable--a question of when, not if.

Becky Hansmeyer:

As I think about Microsoft cleverly positioning themselves as a developer’s best friend, I can’t help but assume that Apple execs are whining “they’re making us look like the bad guys!” instead of asking themselves, “ARE we the bad guys?”

Previously:

Update (2022-03-09): See also: Hacker News.

Friday, February 11, 2022

git config blame.ignoreRevsFile

Arnout Boks (via Cédric Luthi):

A long-standing objection to making bulk changes to code using automated tools (e.g. to conform to a given code style) is that it clutters the output of git blame. With git 2.23, this does not have to be the case anymore!

[…]

Because these bulk changes render git blame useless, many teams refrain from applying automated style changes of this magnitude. That means they have to live with either a coding standard that they would rather not have, or with a codebase that does not follow their standards.

[…]

Using --ignore-rev, one can specify a commit to be ignored by git blame.

[…]

When multiple bulk commits were added over time, it takes quite some effort to add a --ignore-rev for each of them in order to get a ‘clean’ output for git blame. Luckily, git also provides a way to make this easier on us. In your repository, create a file to hold commit hashes of commits to be ignored by git blame. Naming this file .git-blame-ignore-revs seems to be a common convention.

Bug Opted Users Back In to Sharing Siri Recordings

Juli Clover (tweet):

The second beta of iOS 15.4 addresses an iOS 15 bug that was allowing the iPhone to upload some Siri recordings to Apple even when users had previously opted out of doing so, Apple said in a statement to ZDNet.

[…]

There is no word on how many recordings Apple accidentally collected nor who was affected.

Pieter Arntz:

The Improve Siri & Dictation setting was turned off in 15.2 to fix a bug that was introduced in iOS 15. This bug enabled the setting for some users who had previously opted out. In other words, recordings were being kept for some users who had opted out of the setting instead of being deleted.

This class of bug—an update opting users back into something they had opted out of—seems to be really common for Apple.

What is painful is that the bug affected mostly people that had on purpose opted out from being recorded. Since identifying the bug, Apple has stopped reviewing and started removing audio received from all affected devices.

One thing that is unfortunately considered standard behavior for Apple is that it kept the information under its hat until it was fixed. It is clear from its statements that the company has known about the bug at least since before the introduction of version 15.2 (December 13, 2021).

Previously:

Update (2022-02-11): Jeff Johnson:

Every iOS and macOS update re-enables Bluetooth.

Thursday, February 10, 2022

AirTag Updates to Address Unwanted Tracking

Apple (Hacker News):

In an upcoming software update, every user setting up their AirTag for the first time will see a message that clearly states that AirTag is meant to track their own belongings, that using AirTag to track people without consent is a crime in many regions around the world, that AirTag is designed to be detected by victims, and that law enforcement can request identifying information about the owner of the AirTag.

[…]

We’ve heard from users who have reported receiving an “Unknown Accessory Detected” alert. We’ve confirmed this alert will not display if an AirTag is detected near you — only AirPods (3rd generation), AirPods Pro, AirPods Max, or a third-party Find My network accessory. In the same software update, we will be updating the alert users receive to indicate that AirPods have been traveling with them instead of an “Unknown Accessory.”

Juli Clover:

While these are the immediate changes that Apple is making, Apple is also working on new safety features set to be implemented later this year. Precision Finding, improved display alerts, and louder sounds will make AirTags more difficult to use for people-tracking purposes.

Nick Heer:

But all of these software changes are, necessarily, iOS software updates. The sole recourse available for Android users is downloading the Tracker Detect app — which has apparently been installed over a hundred thousand times since it launched in mid-December — and manually scanning for AirTags every so often.

[…]

Even in the U.S., where iOS is the market share leader, Android still represents 47% of smartphone users. That represents tens of millions of people in the U.S. alone who are vulnerable to being tracked by an AirTag to a precise degree, thanks to iOS’ large market share. What about them?

John Gruber:

The same features that help prevent AirTags from being used to stalk people without their knowing could also alert a thief that whatever it is they’ve stolen has an AirTag attached. There’s no way for AirTags to serve both purposes, so Apple is increasing the protections against unwanted tracking, and emphasizing that AirTags are solely intended for finding your own lost items.

Previously:

Update (2022-02-16): Kashmir Hill (Hacker News):

I decided to examine both claims by planting three AirTags, three Tiles, and a GPS tracker on my husband and his belongings to see how precisely they revealed his movements and which ones he discovered.

[…]

When he got into Manhattan, the AirTag became my most powerful tracker, outperforming the GPS device, and allowing me to tell a photographer exactly where he was at all times.

The Tile tracker was not quite as well-informed. Its system is similar to Apple’s but far fewer people have the Tile app on their phones than own Apple devices.

[…]

The alert said he could make the AirTag play a sound, but when he attempted to do so, his phone wouldn’t connect to the device. This happened multiple times, and he started to get frustrated.

Juli Clover:

New York Attorney General Letitia James today sent out a consumer alert with “safety recommendations” to protect New Yorkers from AirTags (via The Mac Observer).

Update (2022-07-06): Hannah Rose May:

An apple AirTag was put on me to track my location Saturday night. I’m sharing what happened to me so you know what to look for as I had never heard of this prior to Saturday night.

macOS 12.2.1

Juli Clover (download):

Some affected users saw their Mac's battery life drop from 100% to 0% while in sleep mode overnight after installing the macOS 12.2 update, with both Intel-based Macs and Apple silicon-based Macs affected. The problem stopped when Bluetooth was disabled or when Bluetooth accessories were disconnected from the Mac, which was not an ideal solution for users.

Apple addressed the problem in macOS Monterey 12.3 beta 2 yesterday, but now Mac owners will not need to wait for the macOS Monterey 12.3 launch to fix their Bluetooth battery drainage issues.

Apple:

Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Howard Oakley:

Initial testing unfortunately demonstrates that one major bug in 12.0.1, 12.1 and 12.2 hasn’t been fixed: the Finder still leaks memory badly when its Find feature is used.

I hope it fixes this bug introduced in 12.2.

See also: Mr. Macintosh.

Previously:

Update (2022-02-11): Pieter Arntz:

Apple says it has addressed this vulnerability with improved memory management in iOS 15.3.1, iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.

[…]

The vulnerability is a use-after-free (UAF) issue in WebKit that could lead to OS crashes and code execution on compromised devices.

Update (2022-02-16): Lloyd Chambers:

Every day now, waking my 2019 Mac Pro from sleep “loses” the LG 5K Thunderbolt 3 display, sometimes 2 or 3 times a day.

[…]

But wait, there is more fun: after rebooting and logging in, the Finder desktop will not appear for 2-3 minutes, and the machine is more or less unusable. Activity Monitor shows no significant CPU, disk or network activit, so I don’t know what this POS is doing. The whole process makes it a 5-minute affair to get back to work, which has all been torn down by having to reboot.

The network/kernel_task hang is no better in macOS 12.2.1. I am now restarting my Mac twice a day to avoid it.

Update (2022-03-07): On the plus side, it seems like macOS 12.2 may have fixed the frequent lsd crashes that I had been getting. However, I’ve now seen several occurrences of a bug where I unlock the screensaver and it’s as if I was logged out—all the apps have to relaunch, with some state not restored properly.

Micro.blog Moving iOS App to React Native

Manton Reece:

We are a small team, and maintaining so many different versions of our apps is difficult. On top of that, why invest so much time in Apple-only frameworks when Apple could upend our business with a new App Store tax or other disruptions?

Going forward, the tentative plan is to abandon most of the current iOS codebase for Micro.blog, instead sharing it predominantly with Android using React Native. This will free up development time to keep making the Mac version even more Mac-like, sticking with AppKit.

Mobile platforms like iOS and Android are much more similar to each other than either one is to the Mac. I love the Mac and don’t want to compromise the UI on macOS with a cross-platform framework. macOS also remains the only open Apple platform, so investing in it feels right.

Previously:

Update (2022-02-11): Micro.blog is combining the Android and iOS apps, whereas 1Password combined Mac with other non-iOS platforms. Apple would like developers to use Catalyst or SwiftUI to combine the iOS and Mac apps, but neither company decided to do that.

David Barnard:

Apple has lost the hearts and minds of so many talented developers. They’ll realize soon enough just how valuable a resource they’ve squandered. Yes, people will still build for their platforms, but when it’s purely transactional, things are just… different.

Manton Reece:

First, to clear up some potential confusion: we are not abandoning iOS! I still love my iPhone, even if I’m very frustrated with how Apple is treating developers. We are embracing Android more fully, and limiting how much time we spend in Apple-only frameworks. Our iOS apps will still be the best we can make them.

[…]

The toolchain for React Native makes me a little nervous. It uses every package manager you can think of: Node, Yarn, Ruby Gems, CocoaPods… It feels fragile, but there are so many thousands of developers using this framework, I’m also not very worried about it breaking.

Update (2022-02-16): Matt Birchler:

Whenever we hear about a company moving to non-native app development, I always hear people say it’s because the company either took massive funding and needs to develop fast, quality be damned.

That’s not the case here.

[…]

I have felt alone out here banging the drum of, “developers don’t use things like React and Electron because they hate you,” so I’m eagerly watching my feeds to see if that’s the conclusion people come to here or not.

Steve Troughton-Smith:

One thing I haven’t heard: are React (Native) & Jetpack Compose dependable? Is SwiftUI outlier here, in how much of a mess it is in production? Or is that inherent in the other UI frameworks it’s competing with?

Apple’s UI frameworks have never been bottom of the barrel before

Rebecca Sloane:

I never said ReactNative is bad. However, based on my experience using ReactNative I can’t think of one person whom I love so little as to be willing to recommend they use it.

See also: Manton Reece.

Interoperable Private Attribution

Martin Thomson:

For the last few months we [Mozilla] have been working with a team from Meta (formerly Facebook) on a new proposal that aims to enable conversion measurement – or attribution – for advertising called Interoperable Private Attribution, or IPA.

IPA aims to provide advertisers with the ability to perform attribution while providing strong privacy guarantees. IPA has two key privacy-preserving features. First, it uses Multi-Party Computation (MPC) to avoid allowing any single entity — websites, browser makers, or advertisers — to learn about user behavior. Mozilla has some experience with MPC systems as we’ve deployed Prio for privacy-preserving telemetry. Second, it is an aggregated system, which means that it produces results that cannot be linked to individual users. Together these features mean that IPA cannot be used to track or profile users.

This has been proposed to the W3C.

Previously:

Update (2022-02-16): See also: Hacker News.

Wednesday, February 9, 2022

New Apple Technotes

Daniel Jalkut:

Apple’s published several new Developer Technical Notes, many of which draw on content that was previously published as Developer Forums answers.

It could use an RSS feed. The old technical notes are still available in the archive.

Previously:

Update (2022-09-03): Mihai Parparita has set up an unofficial RSS feed.

Tap to Pay on iPhone

Apple (Hacker News):

Apple today announced plans to introduce Tap to Pay on iPhone. The new capability will empower millions of merchants across the US, from small businesses to large retailers, to use their iPhone to seamlessly and securely accept Apple Pay, contactless credit and debit cards, and other digital wallets through a simple tap to their iPhone — no additional hardware or payment terminal needed. Tap to Pay on iPhone will be available for payment platforms and app developers to integrate into their iOS apps and offer as a payment option to their business customers. Stripe will be the first payment platform to offer Tap to Pay on iPhone to their business customers, including the Shopify Point of Sale app this spring.

[…]

Once Tap to Pay on iPhone becomes available, merchants will be able to unlock contactless payment acceptance through a supporting iOS app on an iPhone XS or later device. At checkout, the merchant will simply prompt the customer to hold their iPhone or Apple Watch to pay with Apple Pay, their contactless credit or debit card, or other digital wallet near the merchant’s iPhone, and the payment will be securely completed using NFC technology. No additional hardware is needed[…]

I guess merchants will still need to have magnetic/chip card readers, but this should be more convenient in many circumstances.

Dan Moren:

I’m surprised to see Apple announce it in a press release—maybe this is about getting ahead of the people who dig into software releases to find unannounced features.

[…]

Also absent is any mention of the iPad, with good reason: current iPads don’t have NFC chips built-in.

Joe Rossignol:

Then vs. Now

Previously:

dsdump Beta

Derek Selander:

To celebrate Apple’s “opensourcening”, I’m releasing a beta, executable-only release of dsdump.

0 time spent on Swift, but lots of ❤️ with the dyld shared cache, Objective-C… and it can run natively on your M1 Mac or your checkra1n/Corellium/whatever’d device

[…]

Generic listing of dyld shared caches contents used for that particular platform

[…]

dsdump dumps iOS 15 ObjC classes in the cache.

[…]

You can filter objc classes with the -f command.

[…]

Use the -x option to search all dsc modules for references to the symbol. This could either be external or undefined symbols. i.e. Find all modules that call to an undefined reference containing the name “csops”.

It’s available here.

Previously:

CalDigit TS4 Thunderbolt Dock

Michael Potuck:

CalDigit has unveiled the latest iteration of its popular Thunderbolt Station series and it’s really gone all out. The TS4 Thunderbolt dock comes with an impressive array of 18 ports for Mac (and PC) to offer what the company calls “extreme connectivity.”

You get 3 Thunderbolt 4 ports (a gain of one), 3 USB-C, 5 USB-A, DisplayPort, SD, microSD, Ethernet, and various audio jacks. I’d still like to see one of these with more USB-A ports to avoid needing a hub, too.

Previously:

Monday, February 7, 2022

2021 Six Colors Apple Report Card

Jason Snell (tweet, Hacker News):

It’s time for our annual look back on Apple’s performance during the past year, as seen through the eyes of writers, editors, developers, podcasters, and other people who spend an awful lot of time thinking about Apple.

[…]

John Siracusa said, “Every new Mac Apple introduced in 2021 was a hit. The new MacBook Pros have rescued that product line after years of decline and dysfunction. The multi-colored 24-inch iMac is a breath of fresh air after nearly two decades of white and gray models. Though the transition is not yet complete, all the new and existing Apple silicon Macs are great: quiet, cool, reasonably priced, and fast, fast, fast.”

[…]

Adam Engst said, “The big hole in Apple’s Mac lineup is an affordable high-resolution display to give the laptops something to connect to and to let iMac users expand to a second large screen.”

[…]

Rich Siegel said, “Many of the ill-conceived UI and visual design decisions that were introduced in Big Sur are still in Monterey, although fortunately things haven’t really gotten much worse.

[…]

Guilherme Rambo said, “I think there’s still a lot of work to be done on Mac software. I’ve had numerous issues with macOS Monterey, especially related to Bluetooth, which keeps breaking with every major OS update. Not to mention the awful state of the Shortcuts app, which has been improving with the new point releases, but is still far from what I would call production-quality.”

[…]

Brent Simmons said, “I always believed Apple would draw a line at outright lying — but they continue to lie about what selling software was like before the App Store. They lie about what the review process does and about how developers are treated equally. As a developer, I find this profoundly disillusioning.”

[…]

Paul Kafasis said, “I think Apple’s App Store policies are having a real, negative impact on the world. It may not matter to most consumers, but it matters to me as a developer, and as a user who can see that we’re surely losing things due to their heavy-handedness.”

Federico Viticci:

The greatest compliment I can pay to Apple’s renewed approach to the Mac is that, for the first time in a decade, they got an iPad user like myself interested in the Mac again.

[…]

Speaking of software holding back hardware, there’s no better example of this predicament than the latest generation iPad Pro with an M1 chip.

[…]

If you were to ask me to recall what’s new in tvOS 15 off the top of my head, I don’t think I’d be able to answer that. The ability to see HomeKit cameras on the big screen maybe? The redesigned video player?

None of this matters for me because Apple did the one thing I wanted to see in TV hardware, and they did it extremely well: they redesigned the Siri remote and brought back physical buttons.

[…]

At this point, it’s fair to say that Apple is merely the maker of a HomeKit API and aggregation dashboard (the Home app). If Apple wants to compete with Amazon and take back control of the home from the Echos of the world, they need to make more hardware, and they need to make it fast. And that’s not even to mention the clunky and outdated design of the Home app, the lack of interactive HomeKit widgets on iOS, or absence of Home complications on the Watch.

Previously:

Update (2022-02-08): Matt Birchler:

This graph really stood out to me, too. For a company who very much sees themselves as a group trying to do good in the world, this narrative feels like it’s getting away from them.

Nick Heer:

There were big problems: MacOS Monterey bricked some Macs, a software update overheated some HomePod models to the point where they stopped working, Siri is still Siri, and Shortcuts shipped in an unusable state across all platforms. But there are little things that also do not work correctly that are as aggressively grating. On my Mac, every Quick Look preview flashes bright red. When I use CarPlay, audio sometimes does not initiate and I have to reconnect my phone. Nine of the bugs I filed in 2021 were about scroll position not being maintained in several high-profile applications. Searching Maps still returns locations thousands of kilometres away, even when there is a matching result around the corner. Apple’s Podcasts service became a mess. Mail does not return accurate search results for my inbox, let alone any other folder. Album artwork does not sync properly to my iPhone. If I resume playing music I have paused on my Mac, it will sometimes play with no audio, and I have to change tracks to force it to re-download. iOS’ autocorrect changes “can” to “can’t”, which is an open problem with “more than 10” reports. Media keys do unexpected things in MacOS. Dragging tracks to the bottom of the play queue in Music reverses their play order. There are a hundred more problems like these which I have reported in the last year.

I am sometimes running beta releases, but my main Mac is almost always on the latest public release. Right now, Music often crashes when switching between Apple Music, local library, and search views — on the very latest released version. A common response is that Apple needs time to fix bugs after release but, even if these operating systems mostly stabilize by about February, it is not fair that even typical users on the public release track have four or five months of frustrating bugs every year.

Even then, stability is not a given because of major new bugs introduced in maintenance releases.

Dan Masters:

What’s even the point of using macOS anymore? I recently switched to a Mac for work, and I’m astonished at just how unreliable it’s become.

My MBP kernel panics at least daily while sleeping. Other times I can’t even wake it, as many report here.

Tom Bridge:

We need better relationships between MDM developers and Apple, with more give and take, more conversations, more impactful input, and a better cadence for partnerships. I know that my take is different than many, but I’m a different sort of developer in my day job than most. When it comes to the App Store, Apple has some hard choices to make, lest they risk having the whole thing slip right through their fingers in the form of federal regulation of their spaces.

See also: Josh Centers and TidBITS Talk.

Update (2022-02-16): Jason Snell:

This year I’m happy to present a few charts from Six Colors member, Duke University professor, and data-visualization expert Kieran Healy that take the initial Report Card scores and slice them in a few interesting ways.

Nick Heer:

One reason I gave Apple’s software quality a score of two out of five in the Six Colors report card is because every time my partner wants to open the same PDF in Books on her iPad, it “cannot be opened” until various incantations are performed. Maddening.

John Gruber:

Resentment over App Store policies continues to build. Rip-off apps continue to appear in App Store.

See also: The Talk Show (tweet), Upgrade, Jeff Johnson, Kieran Healy, Steve Troughton-Smith.

Update (2022-03-09): Matt Birchler:

I wanted to add my takes, so consider this a write-in ballot.

The Danger of Sideloading Chromium

Peter Ammon:

The sideloading debate is really about Chrome. Sideloading Fortnite is about money, but sideloaded Chrome is an existential risk, threatening to do to iOS what it has done to Windows and Mac.

Peter Ammon:

So many users live in Chrome and use nothing else. You may think that development is good or bad, but it’s obviously undesirable from Apple’s perspective, since it gives Google extra leverage over Apple’s products.

If your users live in Chrome, then you are at Google’s mercy. You are dependent on Google to make any changes. Apple can add features like Do Not Disturb, but they’re borderline useless if Chrome doesn’t use native notifications, which for many years they did not.

It’s hard to find examples on the Mac side. But on iOS, it would be bad (from Apple’s perspective) if features like Face/TouchID web auth, Apple Pay, Pencil, iPad trackpad, etc. required Chrome support before any users saw them. That’s the existential risk to Apple.

Jen Simmons, Apple Evangelist:

Gosh. Catching up with tech Twitter this morning and there seems to be an angry pocket of men who really want Safari to just go away.

Do we really want to live in a 95% Chromium browser world? That would be a horrible future for the web. We need more voices, not fewer.

Ironically, Apple believes that the way to ensure this is by only allowing one voice on iOS. In the short term, that probably is slowing the advance of Chrome, albeit by preventing Apple’s customers from accessing certain sites and features. But this is depressing as a long-term strategy.

Safari should not merely be good enough to keep iOS users from abandoning the platform in order to switch browsers. It should be good enough that Apple doesn’t fear Chromium browsers taking over if users were allowed to choose. Exclusive features help, but they alone are not the answer. Users and developers both need better compatibility with the Web as it is, not as Apple wishes it were. I prefer Safari, but I can’t always use it. If macOS restricted browsers the way iOS does, I would have to get a PC or run an emulator or something.

Similar logic applies to the debate around Web apps vs. native apps on the desktop. The way to avoid a monoculture and get more native apps is not to ban Web apps. It’s to make it so that native apps can do more and work better, so that developing, distributing, and selling them is easier—so that users and developers choose them.

To bring this full circle, I’m not sure I want to know the percentage of people who buy Macs to essentially use them as really nice Chromebooks. Here the dominance of Chromium works to Apple’s advantage, in a way, because currently Apple makes the best notebook hardware for running Chrome. But in terms of what’s best for the Web and for macOS as vibrant platforms, I hope it’s not satisfied with this outcome.

Previously:

Update (2022-02-08): Lea Verou:

That is so awfully dismissive and tone deaf. No, people don’t want Safari to “just go away”. People (of all genders!) want Apple to respect user choice and stop forcing everyone to use Safari on iOS whether they want to or not. It’s pretty simple, really.

Damien Petrilli:

If [sideloading Chrome being an existential risk vs. Fortnite being about money] was the case, Apple would have lessen the grip on the App Store to remove the pressure while keeping the “only webkit engine” rule on iOS.

That would have been a lot easier to win in court. Instead, they fight to keep all the money and the 27% in NL is a hint to it

“Games account for approximately 70 percent of the entire App Store’s revenue, and 98 percent of in-app purchase revenue.”

If an alternative game store opened and made them lose all this money—as the App Store isn’t competitive enough-pretty sure Apple would be pissed

Peter Ammon:

I think this is exactly what will happen. We already see it somewhat with the drop to 15% commission. Of course Apple will fight court rulings, but if my theory is right, side-loading is the hill they’ll die on. We’ll see!

Jonathan Deutsch:

Apple had serious insecurities what opening up might mean.

They didn’t want iOS to become the Mac, and they didn’t want the Mac to become Windows.

Control is in Apple’s DNA.

[…]

Flash scarred Apple as a 3rd party causing the top system instability.

There used to be openness voices that could push back before the EPMs took over. Now their worst instincts are forefront.

Jeff Johnson:

Everyone whines about Chrome “taking over”, but nobody talks about how Safari had literally a 6 year head start over Chrome (January 2003 vs. late 2008/early 2009) but was surpassed nonetheless on the desktop.

How did Apple let that happen? Looks like gross incompetence to me.

And Chrome used WebKit until 2013. However, Google was able to massively promote Chrome using its own Web properties, and there’s not much Apple could have done about that other than stop funneling users to Google Search.

Why did Apple drop Safari for Windows? They ceded that whole market both for users and for web developers. Massive mistake.

Where’s Safari for Android?

Google bothered to write a web browser for iOS. Apple did not bother, and then Apple whines about losing?

[…]

The irony is that Apple aided and abetted Google’s dominance in a number of ways.

Apple happily took Google money to make it the default web browser in Safari. Still does!

Apple was a ringleader in the WHATWG coup to overthrow the W3C. Now a few browser vendors control the web.

I would argue that iOS lockdown actually hurt Firefox the worst of the major browsers[…]

Alex Riviere:

There is no way to debug mobile safari on anything other than a Mac. This is a very high barrier of entry to debug slight rendering differences on safari.

Michael Love:

It’s not just about web. App developers are subject to our own monoculture because Apple intentionally limits Safari to prevent web apps from competing with native + force us to the App Store.

It’s literally the Same. Exact. Thing. that Microsoft did with IE 20 years ago.

If we’re going to be stuck with a monoculture either way, I’d prefer a monoculture built around open-source Chrome over one built around a proprietary app store and closed-source frameworks.

See also: Jen Simmons, Ryan Christian.

Update (2022-02-11): Hartley Charlton:

Apple has also been criticized for demanding apps that browse the web to use the WebKit framework and WebKit Javascript on iOS and iPadOS, a policy that effectively bans non-WebKit based browsers. This has caught the attention of regulatory agencies, including the UK’s Competition and Markets Authority (CMA), which said that “due to the WebKit restriction, Apple makes decisions on whether to support features not only for its own browser, but for all browsers on iOS.”

[…]

Following consultation with developers, the CMA is considering forcing Apple to reverse the ban on non-WebKit based browsers to allow for more competition. It is unclear if Apple’s latest push for feedback is related to the growing regulatory pressures around Safari.

Bruce Lawson:

The interesting predicate of this argument is that Apple intend to keep Safari as the sad, buggy app that they’ve allowed it to wither to, because it has no competition. I emphatically do not want Chromium to win. Quite the opposite: I want Apple to allow the WebKit team to raise its game so there is an excellent competitor to Chromium.

WebKit is available on Windows, Linux and more. Safari was once available on Windows, but Apple silently withdrew it. SVP of software Eddy Cue, who reports directly to Tim Cook, wrote in 2013

The reason we lost Safari on Windows is the same reason we are losing Safari on Mac. We didn’t innovate or enhance Safari….We had an amazing start and then stopped innovating… Look at Chrome. They put out releases at least every month while we basically do it once a year.

There is browser choice on MacOS, and 63% of MacOS users remain with Safari (24% use Chrome, 5.6% use Firefox). As everyone who works on browsers knows, a capable browser made by the Operating System’s manufacturer and pre-installed greatly deters users from seeking and installing another.

Update (2022-03-09): Jack Wellborn:

By going all in on JavaScript-based cross platform development, Microsoft has clearly decided to become Google before Google becomes Microsoft.

So why doesn’t Apple want to support progressive web apps? People assume it’s just because progressive web apps would hurt App Store revenue. While I am sure that’s certainly a factor, I suspect the App Store is the least of Apple’s concerns. Like Microsoft, I suspect Apple sees progressive web apps as an existential threat. Unlike Microsoft however, Apple can’t address this threat by completely embracing progressive web apps. At the end of the day, Microsoft can become Google because they are both software and services companies.

See also: Hartley Charlton.

Update (2022-06-24): Alex Russell (via Hacker News):

Contrary to claims of Apple partisans, iOS engine restrictions are not preventing a “takeover” by Chromium — at least that’s not the primary effect. Apple uses its power over browsers to strip-mine and sabotage the web, hurting all engine projects and draining the web of future potential.

Friday, February 4, 2022

App Store External Purchase Fee: 27%

Apple (Hacker News):

A recent order from the Netherlands Authority for Consumers and Markets (ACM) will allow developers of dating apps on the Netherlands App Store to use alternate payment processing options. These changes will compromise the user experience, and create new threats to user privacy and data security. We have appealed the ACM’s decision. In the meantime, we are required to make the mandated changes and are providing further details today which satisfy our legal obligations in the Netherlands while helping to protect users from these increased risks.

Benjamin Mayo (also: MacRumors):

Apple typically charges 30% commission on purchases made using its In-App Purchase system. The commission levied on alternative payment systems has been set at … 27%, net of tax.

Netherlands dating apps can choose to offer alternative payment systems by linking out to a website, or using a native in-app flow.

[…]

Each month, developers will have to send a report to Apple that lists their sales. Apple will then send out invoices for its commission, that must be paid within 45 days.

Stephen Hackett:

Check out the text the company is going to require developers to show on a modal sheet prior to allowing users to go outside the App Store to make a payment:

Title: This app does not support the App Store’s private and secure payment system

Body: All purchases in the App Name app will be managed by the developer “Developer Name.” Your stored App Store payment method and related features, such as subscription management and refund requests, will not be available. Only purchases through the App Store are secured by Apple.

Federico Viticci:

This is perfect* – it’s implying-without-technically-saying-it that other payment services aren’t “private and secure”.

Apple mastering the art of legalese is where we’re at in 2022. Proper regulation can’t come soon enough.

*ridiculous and downright user-hostile

Nick Heer:

Just look at the striking twist in language here. The title and final sentence the body text literally say that the app’s payment mechanism is different from Apple’s, and that Apple’s is “private and secure”. But it implies the payment standard used by the developer is less private and has inferior security to Apple’s own — even though Apple requires all developers to use a private and secure payment processor. Apple is selling asbestos-free cereal, while requiring all other cereals to be asbestos-free but not allowing them to label themselves as such.

Marco Arment:

  • Separate app, only available in Netherlands
  • Cannot also support IAP
  • Must display scary sheets before payment
  • Website links are all to a single URL specified in Info.plist with no parameters
  • Must submit monthly report to Apple listing EVERY external transaction

Tim Schmitz:

Apple is afraid to compete fairly against other payment methods because they know the current IAP system wouldn’t win a fair fight.

See also:

Previously:

Update (2022-02-08): Dave Verwer:

I know some of you will see this as unnecessarily kind to Apple, and I’ll make sure not to read this week’s unsubscribe reasons 😰 but I really don’t think anyone benefits. Apple certainly doesn’t look good. I was quite shocked at the arrogant tone of yesterday’s announcement. However, they are behaving in a predictable way for a company being told what to do by courts.

I’ve said this before too, but I would support a bigger rethink of how the App Store works. A shake-up that focuses on downloads and usage more than taking a percentage cut of financial transactions. One that makes sure that the largest companies in the world, who get massive value from the platform, pay something instead of nothing. I don’t know what that model looks like, but I can only really see changes of that magnitude putting an end to this current situation.

Kosta Eleftheriou:

Steve Jobs on the greed and outlandish profits that ruined Apple[…]

Jon Brodkin:

Apple notes that it “has audit rights pursuant to the entitlement’s terms and conditions,” which “will allow Apple to review the accuracy of a developer’s record of digital transactions as a result of the entitlement, ensuring the appropriate commission has been paid to Apple.”

Benjamin Mayo:

I’m not sure you could find a webpage more emblematic of the idiom of following the letter of the law, rather than the spirit of the law. They are also simultaneously appealing the decision and that tone comes across in the text too, as if each sentence is dripping with resentment.

[…]

This court ruling is on enabling competition for in-app payment systems, rather than the general monopoly of mobile app stores. However, the two are obviously inextricably linked. No one is going to use a third-party payment system when the saving compared to Apple’s built-in offering is a measly 3%. These current terms will not incite competition in payment systems as no developer will ever implement one.

[…]

Apple’s stated policy is not long-term sustainable. I don’t know whether it will be changed as a result of these proceedings, or a different lawsuit down the road. It will change.

Bruno Virlet:

They try to get away by finding the limit where they respect the ruling, while still ensuring it’s so complicated and painful that no developer chooses to use out-of-store payments.

Florian Mueller:

The 30% cut is not the only problem, and not even the most important one.

Joe Rossignol:

The Netherlands’ Authority for Consumers and Markets (ACM) has fined Apple five million euros for a third consecutive week for allegedly failing to satisfy the requirements it set regarding alternative payment systems for dating apps, according to Reuters.

The ACM today said it has still not received enough information from Apple to assess whether Apple has properly complied with the order, the report states. The competition regulator will continue to fine Apple five million euros per week, up to a maximum of 50 million euros, until it finds the company has come into compliance.

John Gruber:

The strangest aspect of Apple’s new guidelines is that they’re intended specifically and solely to address the ACM requirements, and we already know they do not. […] Neither the ACM ruling nor Apple’s updated guidelines seem ambiguous here, but clearly Apple’s guidelines don’t comply with “Providers must be able to choose both options.”

[…]

Both Apple and Google obviously want purchases to be made using their built-in purchasing. Google’s thinking seems to be that if third-party payment options can only be offered alongside their built-in Play Store processing, most users will just use the Play Store option. Apple’s thinking seems to be to make offering third-party payment processing so unappealing to developers (including the requirement that they use an entirely different SKU just for the Netherlands version of their app) that they won’t even bother.

[…]

The reduced commission rate of 27% isn’t completely arbitrary — clearly it’s based on a rough estimate of 3% for payment processing fees. But 3% isn’t enough to cover most developers’ actual payment processing. […] Consider Stripe, which is incredibly popular (and deservedly so). Stripe charges 2.9% plus $0.30 per transaction.

[…]

That’s the warning sheet for apps providing their own in-app payment processing; there’s a similar required warning sheet for apps that link users to the web to make payments. The language here is clearly slanted — perhaps laughably so.

[…]

It strikes me as inherently problematic for Apple to demand anything from transactions that take place outside the app.

[…]

Another restriction on web-based payments: an app can only have one URL that users are sent to, and that URL cannot contain any parameters[…]

Matt Birchler:

Shout out to John for mentioning the flat fee also usually associated with payments, which will mean it’s not break-even for merchants, it’s a net negative in most cases. Literally no one else seems to be mentioning this, which is wild because it meaningfully changes the math.

[…]

I will never stop finding it funny that the argument is, “yes, the App Store fees are monstrously high compared to every single other way people sell apps today, but have you seen game consoles?”

Francisco Tolmasky:

I do wish more of the conversation (and the ACM’s ruling) was around the user vs. Apple. Another way to look at this is that Apple believes you should pay them a markup for using a dating app.

I’ve mentioned before that for small app shops, the 15-30% commission could be the difference between being able to afford hiring full time support or another developer. Those are new features, bug fixes, and support you’re missing out on in your favorite apps.

And just look at the purposefully miserable experience they’re designing for out-of-store purchases. Sure, the goal is for to not be used… but what if it is? Is this what Apple wants, a bad experience for users? That’s where we’ve finally gotten to now? Deliberately bad design?

Update (2022-02-11): Matt Birchler:

That’s a lot of manual work for both sides, and I don’t see how it could ever scale to more than a few of Apple’s smaller markets.

[…]

I would suggest that Apple should, and will, build third party payments into the in-app purchase system. After all, why not? If Apple is getting their 12/27% and is saving money on processing payments, then what difference does it make to them how hard they make it for merchants to use another payment provider?

[…]

Based on my replies every time I talk about Apple Pay, I know for a fact that many people think that Apple is processing this payment, but that could not be further from the truth, every Apple Pay transaction you’ve made outside of Apple.com is happening through a third party payment provider already and it’s not disclosed anywhere in the UI.

John Gruber:

EU has lower credit card processing fees than the U.S. Stripe, for example, charges 1.4% plus €0.25 per transaction. That’s still about 4% for a €10 transaction, though.

Jason Snell:

For a company that says it is focused on delighting its customers, it has always chosen to maximize App Store revenue. Why else can you not buy Kindle books in the Kindle app, for example? Apple cares more about its cut and about pushing iPhone users to Apple Books than it does about the iPhone being the worst device on which to be a Kindle user.

If I sound despondent it’s because I am. Apple will fight tooth and nail to keep the money it feels it is owed. Yet third-party developers helped make the iPhone what it is, and Apple profits mightily off the iPhone. Regulators continue to test Apple, but the results will just add complexity without actually benefiting developers or consumers substantially.

Update (2022-02-16): David Heinemeier Hansson:

Every time Apple mobilizes its law machine to squash a developer in court, foil democratic accountability in the legislatures, or give regulators the middle finger, Apple wounds the relationship with developers. They can win every battle in court, lobby around every hearing in the house, and pay all the trifling regulatory fines, and still ultimately end up losing something far more long-term important than a monopoly tax rake.

[…]

Apple was in our corner. Apple was our escape. Oh how the world has turned. I guess you either die a hero (salute Commodore) or you live long enough to become the villain (hello Apple).

So here we are twenty years later. Apple has planted all the same seeds of discord with developers as Microsoft did in the 90s. But somehow even more ruthlessly and greedy than the boss that came before it. What a story arc.

See also: Accidental Tech Podcast, Upgrade.

Facebook Blames Apple, Usage Declines

Kif Leswing (Hacker News, MacRumors):

Facebook said on Wednesday that Apple’s App Tracking Transparency feature would decrease the company’s 2022 sales by about $10 billion.

[…]

Meta shares sank 23% in extended trading on Wednesday after the company warned about numerous challenges and came up short on user numbers. Facebook said first quarter revenue will be $27 billion to $29 billion, while analysts were expecting that number to exceed $30 billion.

Via John Gruber:

Worth noting that on Facebook’s analyst call, when pressed on this $10 billion figure, Wehner offered nothing to back it up. Really strong vibes of “The problem isn’t us, or our products — it’s mean old anti-competitive Apple.” It doesn’t seem like anyone bought that line.

Alex Sherman:

Facebook parent Meta lost more than $232 billion in value Thursday. That’s the biggest one-day drop in value in the history of the U.S. stock market.

There’s a kind of symbiosis here where Facebook wants to blame Apple, and Apple wants to take credit for protecting users from it. But the amount of protection is far less than commonly understood, and Facebook’s main problem is not App Tracking Transparency, but rather fading interest from its own users.

Alex Heath:

Since its inception, Facebook’s user growth has essentially been up and to the right.

[…]

Not only was user growth across Facebook, Instagram, and WhatsApp essentially flat last quarter, but the main Facebook app lost 1 million daily users in North America, where it makes the most money through advertising.

John Gruber:

All social networks are fleeting. They’re like hit TV shows — they come and go. Facebook itself (i.e. the blue app) and Instagram aren’t going to disappear, but their times as the new hotness are gone and will never return.

Nick Heer:

This alarmist story is accompanied by a chart illustrating the year-over-year declines in the prices of shares in Meta, Pinterest, Snap, and Twitter. It gives enormous credence to Mark Zuckerberg’s claims that App Tracking Transparency, which rolled out last spring in iOS 14.5, is to blame for a forecasted decline in advertising revenue.

But Facebook has made the same claim before, even as earnings grew. Also, it is not like a negative impact by App Tracking Transparency is some sort of universal truth, as implied by the Times.

Previously:

Update (2022-02-08): Ben Thompson:

The latter’s App Tracking Transparency (ATT) initiative severed the connection amongst e-commerce sellers, app developers, and Facebook by which Facebook achieved that ROI, and while the company is better positioned than anyone else to build a replacement, it is important to note that the impairment entailed in probabilistically measuring ad effectiveness instead of deterministically is a permanent one.

[…]

Still, Facebook’s forecast, disappointing as they were to investors, was for $27-29 billion in revenue this quarter; this is still a major player in an advertising market dominated by the three companies mentioned in this article, with one looming dark horse.

[…]

One of the biggest questions about the advertising landscape going forward is if Apple is going to move down to the “Apps + Discovery” quadrant that remains Facebook’s purview. If the company did they would have an unbeatable advantage: remember, Apple has made clear through its App Store policies and testimony in the Epic case that it views apps on the App Store as first party for Apple (this is how the company justifies its anti-steering provisions, likening links to websites to putting up signs in its own store for another, even though the signs in question are in the app and not the App Store). It follows, then, that Apple would see no inconsistency in denying Facebook the ability to have knowledge about installation and conversions derived from a Facebook ad, even as Apple has perfect knowledge of those installations and conversions from its own ads.

Update (2022-02-16): Peter Kafka:

Facebook is still making an enormous amount of money from advertising — analyst Michael Nathanson estimates the company will generate $129 billion in ad revenue in 2022.

[…]

Another way of putting it, via Alex Austin, the CEO of Branch, a company that helps advertisers figure out how their campaigns are working: After Apple introduced its anti-tracking changes in the spring of 2021, advertisers who used Branch’s services to measure paid ads on iOS dropped by 20 percent. Instead, Branch customers spent more time using the company’s services that track “organic” marketing campaigns using tools like email, and on services for advertisers who used Google’s Android phones — where those anti-tracking measures don’t exist. “It’s clear that the market is still figuring out how to handle [Apple’s new rules] on iOS, and shifting focus to Android and organic channels on iOS,” he told Recode.

Facebook says it’s working on a fix to make things better for advertisers in the near term via an “aggregated event measurement” workaround. Which in plain English means that while it won’t be able to tell advertisers which individual users clicked on a link or downloaded an app after seeing an ad, it can tell them what a larger group of users did.

Via Dave Mark:

Obviously, the goal was better privacy, not a move against Facebook specifically.

I mean, I don’t think that’s obvious. We’ve long known that Tim Cook doesn’t like Zuckerberg, and Facebook is obviously a major Apple rival and potentially a direct competitor in the AR space. It would be great for Apple if Facebook were less powerful. What reason do we have to take the privacy rhetoric at face value?

Mike Isaac and Jack Nicas:

The executives have also jabbed at each other. In 2017, a Washington political firm funded by Facebook and other Apple rivals published anonymous articles criticizing Mr. Cook and created a false campaign to draft him as a presidential candidate, presumably to upend his relationship with former President Donald J. Trump.

Update (2022-03-09): Ben Thompson:

It’s worth underlining this point: the App Store would not be nearly the juggernaut it is today, nor would Apple’s “Services Narrative” be so compelling, were it not for the work that Facebook put in to build out the best customer acquisition engine in the industry (much to the company’s financial benefit, to be clear)[…]

Facebook was by far the best and most efficient way to acquire new users, while Apple was able to sit back and harvest 30% of the revenue earned from those new users. Yes, some number of users came in via the App Store, but the primary discovery mechanism in the App Store is search, which relies on a user knowing what they want; Facebook showed users apps they never knew existed.

Thursday, February 3, 2022

Have Monterey Updates Gotten Smaller?

Howard Oakley:

By my reckoning (and your mileage may vary), the 12.1 update was 2.8 GB for Intel and 3.2 for M1, which are about 1 GB smaller than the equivalent updates for Big Sur. macOS 12.2 update was smaller still, at 2.4 (Intel) and 2.75 GB (M1).

[…]

The only cost of Monterey’s smaller updates is longer time required to ‘prepare’ each update prior to its installation, which has risen from 15 minutes (macOS 11) to 30 (macOS 12).

I continue to have problems, starting with Mojave or Catalina, where sometimes an update doesn’t complete and I have to power cycle the Mac several times.

Previously:

Optionals in Swift Objective-C Interoperability

Fabián Cañas (via Zev Eisenberg):

The scroll view property, which should be nonnull, or in Swift, not optional, is never given a value on initialization. So what happens when we use if from Swift?

[…]

Any Objective-C things we want to do with these objects succeeds, which is nearly everything since they’re Objective-C objects. We’ve entered the territory of undefined behavior. It’s a sort of “Objective-C mode”.

There are things we can do to detect this non-optional nil condition. […] The problem is that since Swift doesn’t think this value can be nil, it’s not trivial to check.

[…]

If you make a Swift extension to the Objective-C class and call them on one of these nil things that aren’t supposed to exist, those methods still get called.

I guess this is because methods defined in Swift are by default not dynamic.

Nonnull array properties in Objective-C get bridged to Swift in a very strange way. […] This situation doesn’t look self-consistent. Under some conditions, Swift will create an Array if it doesn’t find one where it’s expected.

Previously:

How Well the Spotify App Works

Chance Miller:

First and foremost, Spotify is indeed much faster and more reliable than Apple Music when it comes to loading and searching for music.

[…]

The number one reason my experiment is over is because of Spotify’s absolute insistence that if you use Spotify for music, you must also use it for podcasts. This manifests itself in multiple different ways, one of the most notable being the barrage of podcast recommendations in the “Home” tab of the Spotify app.

[…]

Additionally, Spotify will even try and make playlists for you that mix and match podcasts and music.

[…]

I have other issues with Spotify, including its poor adoption of Apple standards like AirPlay 2, and its poor support for local files.

I tried it recently and found the interface strange and inefficient.

Via Matt Birchler:

I know people swear by Spotify, but every time I’ve tried to use it, it’s a dumpster fire of an experience for me.

Previously:

Update (2022-02-04): Matt Birchler:

Yesterday I complained that Spotify doesn’t support your own MP3, but that’s not technically true!

You gotta add them to a playlist and sync that playlist over to your phone, which isn’t at all what I want personally, but they do have it, so correction issued!

Too Big to Fail App Review

Eric Benjamin Seufert:

The presence of certain apps is so imperative to the App Store’s broader consumer appeal that Apple has no choice but to allow those apps to defy its various platform rules and restrictions. These apps are too big to fail: if Apple were to enforce its rules against these apps and block them from the App Store, it would suffer extreme commercial consequences.

[…]

This creates a very fine line for Apple to navigate, especially in the case of Netflix. Apple must allow the products that are too big to fail to skirt (or appear to skirt) its App Store policies while preserving the agency and legitimacy to enforce those policies for the developers of mobile-only games.

Previously:

Update (2022-02-04): Marco Arment:

Now, in practice, this gets a bit messy when dealing with extremely popular, must-have services for so many people like Facebook, Instagram, and WhatsApp.

Facebook knows that Apple can’t REALLY kick them off the App Store.

…probably.

Hang Up and Call Back

Brian Krebs:

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

Andrew Abernathy:

A problem here in my experience is legit fraud departments leave callback numbers that don’t match the phone number on the back of the credit card; if you call the number on the card they don’t know what you’re talking about. Fraud depts are training us to trust random ass calls.

Pieter Gunst:

Once I gave my member number, the attacker used the password reset flow to trigger a text message from the bank.

They used this to gain access to the account.

Then read some of my transactions to give the call more credibility

Patrick McKenzie:

Wish more banks would do what Stripe does here: “Log into your account and use the ‘auth a support rep’ feature. I will read you some digits, you verify they match, then read your digits to me.”

Chris Messina:

Apple Support now sends push notifications to your devices to verify that it’s you calling.

Corey Hoffstein:

My bank just called me about something, but couldn’t tell me what it was about unless I answered my security questions.

Sorry, I’m going to assume it’s fraud and hang up 100% of the time.

I called the bank myself. Turns out it was legit.

What a stupid, broken security model.

Oluseyi Sonaiya:

I just received a phone call purporting to be Apple Inc., with a recorded voice telling me my “iCloud account had been breached,” not to perform any actions, and to press “1” to connect with “Apple Support.”

If you receive this call, it’s a scam.

[…]

There is some persistent vulnerability in US phone networks that is allowing spammers to spoof the phone numbers and caller ID information of known brands. It shows up as "Apple Inc." on my phone, too.

Brian Krebs:

You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Update (2022-02-04): John Bowdre:

I’ll also add: if you can’t find a company’s support phone number on their website, they don’t want you to call. Use some other contact method. The number you found via search is probably a scam.

Wednesday, February 2, 2022

Decimal vs. Double

Jesse Squires:

More importantly, Decimaldoes not conform to either BinaryFloatingPoint or FloatingPoint, but begins its protocol conformance at SignedNumeric, which has the single requirement to implement func negate(). This reveals why Decimal cannot be a drop-in replacement for any of Swift’s floating-point types — most functionality is defined in the lower floating-point protocols. Similar to how mixing numeric types like Int and Double in a single expression is a compiler error in Swift, Decimal does not play nicely with the other numerics. Additionally, some common functionality is missing. For example, Decimal does not conform to Strideable like the other numerics, which means you cannot create ranges of Decimal values. Depending on your problem domain, Decimal can be difficult to adopt.

Rob Napier:

I don’t generally recommend Decimal for money. I recommend Int, and store everything in the base unit, most commonly “cents.” It’s more efficient and often easier to use.

Rob Ryan:

Two benefits of Decimal: (1) You can do precise decimal calculations … e.g. add Double of 0.1 ten times ≠ 1.0 (!); (2) You want to enjoy more significant digits … e.g. print Double representation of 12345678901234567890 and it’s not actually 12345678901234567890.

Previously:

ScreenCaptureKit Added in macOS 12.3

Apple:

Use the ScreenCaptureKit framework to add support for high-performance screen recording to your Mac app. The framework gives you fine-grained control to select and stream only the content that you want to capture. As a stream captures new frames of video, it passes your app a CMSampleBuffer that contains the video data and its related metadata.

Jesper (Hacker News):

And interestingly accompanied with a pull request to OBS to integrate it right away (under the banner of "Developer Ecosystem Engineering"), with changes that seem to follow the current work and adhere to its development process, ie not just a code dump or kthxbai.patch file against a months-old revision.

Maxwell Swadling:

why in the world would Apple add a ‘ScreenCaptureKit’ to macOS but still include the orange dot in the video output! no streamer wants that. no viewer wants that.

Previously:

The Case for “Mark as Unread” in Messages

Matthew Bischoff:

But the most popular messaging app on iOS, Messages, has never implemented “Mark as Unread” even though users have been clamoring for it for years and it’s been rumored that they tested it. What’s even wilder is that iMessage doesn’t have any other in-app way for the user to signal that they need to return to a message in order to respond to it. The only gesture toward anything like this is an obscure Siri integration.

Messages routinely get forgotten and go unanswered. The missing “Mark Unread” button has no doubt caused countless accidental ghostings, avoidable arguments, and missed opportunities. And its lack has likely made life more difficult for users with conditions that affect memory or follow-through, like ADHD and depression, who may not be able to respond in the moment and have no easy way to record their intention to do so.

John Gruber:

I love Messages. I know there are a bunch of ways Apple could and should improve it, but I can’t think any single feature that I want more than “Mark as Unread”.

I want it to (as it used to) sync the read states across all my devices so that I don’t have to “read” the same message multiple times.

David Zarzycki:

Pro tip / workaround: always screen iMessages via the notification center. This lets you read the messages without changing the read/unread status. Also relentlessly exit the Messages app before locking your phone to avoid accidentally setting the read bit at unlock.

Update (2022-02-04): Mike Rockwell:

I’d also like to see a visual indicator showing where the new messages begin when you jump into a thread with multiple unread items.

John Gordon:

To be reminded of a message one must ask siri “remind me of this message”. There’s no nonSiri option.

Schneier on Sideloading

Bruce Schneier (post):

I would like to address some of the unfounded security concerns raised about these bills. It’s simply not true that this legislation puts user privacy and security at risk. In fact, it’s fairer to say that this legislation puts those companies’ extractive business-models at risk. Their claims about risks to privacy and security are both false and disingenuous, and motivated by their own self-interest and not the public interest. App store monopolies cannot protect users from every risk, and they frequently prevent the distribution of important tools that actually enhance security. Furthermore, the alleged risks of third-party app stores and “side-loading” apps pale in comparison to their benefits. These bills will encourage competition, prevent monopolist extortion, and guarantee users a new right to digital self-determination.

Previously:

Update (2022-02-08): Guilherme Rambo:

Apple (and people who defend Apple no matter what) make it out as being a big deal that’s going to completely destroy the security of the platform and harm a huge number of innocent users. The reality is way less exciting…

[…]

What about malware? Well, if a bad actor has a vulnerability, I bet they could slip it through App Review without any problems. App Review is not composed of infosec experts. They’re there to ensure that Apple can make their money out of our apps, mostly

What about private API? Again, private API is not a magical thing that gives an app every power it wants. Besides, many apps you know and love from the App Store are probably using private API in one way or another, that’s just the reality of building for a complex platform

[…]

“But then Facebook would force people to sideload so they could spy”. It’s not that simple. Facebook wouldn’t be able to do whatever they want in the app (see above). There’s also at least one instance that proves that people are not willing to do that (Fortnite on Android)

[…]

By putting so much effort into defending that the security of iOS depends on the App Store review process, Apple is basically saying that they’re not competent enough to make a secure mobile operating system, and at the same time telling us that macOS is not secure.

Craig Hockenberry:

When is Apple going to pull it’s head out of its ass and form a bunco squad for App Review?

Took about 30 seconds to identify this as phishing for Facebook credentials that’s been active for over a week.

John Gordon (tweet):

The best reason I know if for competing App Stores is that Apple’s App Store is trash.

Consider the case of the LuniScanner App; #85 in “Business” in the US App Store.

[…]

The VPN app has 22.9K ratings with an average of 4.7/5 by people like “yessirbruh”. The ‘most critical’ ratings (only accessible on iOS) make clear it is a scam with clever subscription pattern that tricks users into paying a high weekly rate.

The Scanner App is the similar scam that bit my family. It has 174K ratings and 5 stars. The vast majority are obviously purchased. The “critical” reviews mention unwitting subscriptions. A screenshot that appears on first launch shows how it works for the “Free” app with add-in purchases[…] This covers the entire screen. It appears that one cannot use the App without clicking Continue. In fact if a user closed this screen the App can be used. Of course most naive users, inducing our family member, will click Continue so they can start their “free trial”. Except that’s NOT what Continue does. Within 3 days charges will start. In our case, not $10 a month, but $5 a week.

The family member has some reading and processing issues, and a trusting nature, that made him particularly vulnerable to a scam. He thought “5 stars” actually meant something. It didn’t occur to him that Apple would allow fake reviews; he trusted Apple.

Chris Hannah:

When I think about buying software from a users perspective, it seems a lot clearer.

Let’s say you pay £1000 for a mobile computer from a company. Then a separate company spends time to develop software for said device.

Why can’t I, as a user, buy that software directly from the developer?

From a developer’s perspective, my business is with the user, not with the manufacturer. And from a user’s perspective, my business is with the developer, also not with the manufacturer.

To be more specific, I don’t have any issue with the App Store existing, and I wouldn’t also mind an option where developers can sell notarised/sandboxed software outside of the store. But…

I think there also needs to be a way where you can buy software without Apple being involved at all. Surely after paying £1000 for a phone, I have earned the privilege of installing software on it? Or do I not actually own my phone?

Also, why does the manufacturer need to know what software I have installed on my devices? I thought Apple loved privacy?

Tom Brand:

You wouldn’t tolerate App Store Only on your Mac/PC. Why should you mobile phone be any different?

EFF:

The decision incorrectly presumed that, if customers are aware of the restrictions when purchasing a device, then competition in that market is sufficient to rein in Apple’s anticompetitive conduct and users are not locked into the App Store.

[…]

We also urged the court to not to buy Apple’s arguments that it needs to keep control over app distribution to protect users’ security and privacy. Despite Apple’s claim that only its paternalistic approach to security and privacy can protect users, Apple bans apps and features that would serve a wider range of those needs, like VPN apps for international travelers and apps that tell the user if their device has been jailbroken. More broadly, our antitrust laws are based on the principle that competition is the best way to create better, safer products, so Apple’s argument that more competition would be harmful to users shouldn’t fly with the court.

Jesper:

Take can today reveal a partial draft of developer guidelines aimed at qualifying applications distributed via sideloading, designed as a contigency plan if events force Apple to open up application distribution.

Previously:

Update (2022-02-11): JF Martin (tweet, Hacker News):

I’m changing my mind on the sideloading of apps on the iPhone. I’m all in, and it is all Apple’s fault. I’m the one who wrote, “A Message to Apple Developers: We Don’t Need Another Android Platform”. And yet, I’m changing my mind. In a perfect world, I wouldn’t want sideloading, but we’re not in a perfect world. Apple isn’t perfect. The App Store isn’t perfect. Developers aren’t perfect. The App Store review team isn’t perfect. Everything isn’t perfect.

If the App Store was scam-free, entirely free of copycats, I would trust Apple’s review team in its abilities. It’s not the case. Apple can’t honestly defend the App Store as being a secure place. It is not. The App Store today is full of crap. Sideloading has nothing to do with this fact.

In a world where sideloading is possible, I expect a proliferation of “curated” App Stores. Those stores won’t be perfect, either. They will probably be full of highly questionable applications. Horror stories involving scams will be inevitable. The world isn’t perfect. But it is not the issue at play here.

Epic Appeals Ruling in Apple Lawsuit

Juli Clover (ruling):

Both Apple and Epic Games have decided to appeal the original ruling as neither company was satisfied with the outcome. Epic Games wanted the court to force Apple to support third-party App Stores, which did not happen.

[…]

In the filing, Epic Games again argues that Apple’s App Store restrictions and fees are harming developers and consumers, calling the App Store unnecessary.

[…]

Epic Games argues that the court made an error when it found no Sherman Act violation against Apple, which would have painted Apple as a monopolist and would have likely resulted in a very different ruling.

Florian Mueller:

On this basis, Epic warns against “disastrous consequences” because “Section 1 would not reach firms with the market power to coerce non-negotiable terms,” which would “incentivize anticompetitive behavior.” One way to respond to this is: “So what? You still have Section 2. Higher hurdle, but still.”

I’m surprised that Epic puts this part front and center. Should Epic believe that this is its strongest point, then I wouldn’t be too optimistic about the prospects of its appeal. I am in favor of reasonably strong antitrust enforcement, but I don’t think unilateral conduct should just be imported into Sec. 1.

[…]

Epic does manage to demonstrate some inconsistencies in the district court’s reasoning that have implications for the rule-of-reason analysis. I’ve said before that one can find errors in that judgment (just like there are typos), but the question is whether anything changes the outcome.

[…]

Judge YGR decided the singe-brand market question against Epic based on an unreasonably high standard with elements that other (higher) courts had rejected.

[…]

From a policy point of view, I can’t see--and apparently various lawmakers and regulators can’t see either--why the in-app payment system for non-digital goods and services must be viewed as inextricably linked to app distribution. There would be a huge policy problem, however, if companies like Apple could just defend themselves by saying “we decided to combine the two, so it’s not tying.”

Florian Mueller (Hacker News):

35 U.S. states led by Utah and Microsoft have officially thrown their weight behind Epic’s appeal through amicus curiae briefs filed with the United States Court of Appeals for the Ninth Circuit.

Florian Mueller:

The Antitrust Division of the United States Department of Justice, speaking on behalf of the United States of America, has filed the following brief, formally in support of neither party but practically supporting some of the most important elements of Epic’s appeal[…]

Previously:

Update (2022-02-04): Florian Mueller:

What Apple is telling the ITC there is this: even if [Ericsson] patent infringements are identified, the iPhone can’t be banned because it’s a product category of its own. There’s nothing else quite like it. Android smartphones may also be smartphones, but they are not iPhones, so they are not "like" articles (which would count as a potential replacement under the ITC’s rules).

In the Epic Games v. Apple App Store antitrust case, however, Apple argued that there was a broad market for game distribution.

Tuesday, February 1, 2022

Software Paper Cuts

Matthew Bischoff (tweet):

When software isn’t polished, when it’s full of things that feel like paper cuts, it becomes less joyful and more frustrating. It sucks all the opportunity for delight out of the room.

The more insidious thing about these bugs is that they’re rarely reported by users or caught by automated testing tools because they’re too small to complain about or too obscure to write tests for. Great QA testers can find and file these types of bugs, but they usually flounder at the end of a long backlog of new features. This means that if you’re an engineer on a piece of software, you’re the person who’s best able to notice and fix these bugs. Yes, you might have to convince your boss or your product manager to set aside some time every so often to do so, but I promise your users will be grateful, and your product will improve in meaningful ways if you do.

Nathan Lawrence:

The most frustrating part of these issues is that they always look small, but they’re so often downstream reflections of a significant architectural decision that will have to someday be reversed if the problem is to be corrected.

Jordan Morgan:

The issue with these kinds of things is that they start as paper cuts, sure. But they don’t end that way. A few here and there will inevitably add up over the years to something much worse. You go from paper cuts to a laceration, and then a straight gaping hole in your app.

What follows? The refactor. The ground up rewrite.

The New York Times Buys Wordle

Marc Tracy (Josh Wardle, Hacker News, MacRumors, Jason Kottke):

The sudden hit Wordle, in which once a day players get six chances to guess a five-letter word, has been acquired by The New York Times Company.

The purchase, announced by The Times on Monday, reflects the growing importance of games, like crosswords and Spelling Bee, in the company’s quest to increase digital subscriptions to 10 million by 2025.

Wordle was acquired from its creator, Josh Wardle, a software engineer in Brooklyn, for a price “in the low seven figures,” The Times said. The company said the game would initially remain free to new and existing players.

Thomas Karpiniec:

It’s a legitimately delightful story. A programmer built a deceptively simple game and executed it well. It grew organically through the power of the web since anybody can access a webpage, unhindered by app stores, operating systems or gatekeepers. Many people (including me) have enjoyed playing the same puzzles with their friends and comparing results. Ultimately the programmer had a nice payday for his efforts. Great stuff. Most likely it will die a slow death under the auspices of the NYT, relegated to some sort of games subscription.

[…]

But the phenomenon wasn’t really about the sheer human joy of finding five letter words, was it? The masterful thing is how it stoked and took advantage of the dark patterns of social media without having to get its own hands dirty. Ninety percent of the brilliance is in the “Share” copy-paste.

Previously:

Sunsetting Stack Overflow Jobs

Stack Overflow:

On March 31, 2022, we will discontinue Stack Overflow Jobs and Developer Story. This includes all job listings, saved searches, applications, messages, recommended job matches, job ads, developer story, saved resumes, and the salary calculator.

[…]

The problem is often finding the right opportunity and job boards and sourcing are ineffective solutions. The effort it would take us to truly differentiate in this space is not one we could justify.

Exiting this space allows us to refocus on products that build on our core strengths: knowledge reuse and building communities at scale.

Tom Wright (via Hacker News):

The Jobs section of Stack Overflow launched in 2011 and was, at its heart, a jobs board – albeit one that was barely recognisable compared to its peers. Employers could post high-quality job ads linked to helpful company profiles. Candidates could maintain a “developer story” linked to their Stack Overflow profile, indicate their status (active or passive), and could of course browse through the job ads. As well as candidates responding to ads, hiring managers could use a powerful search to identify and message candidates that would likely be a good fit.

The genius of Stack Overflow Jobs was that it was a pure value add, which did not detract at all from the core user experience of the main Stack Overflow Q&A site. It was never forced on anyone and the service on the main site was not degraded for those who opted not to engage with it. On the other hand, Jobs benefited massively from the close integration with the main site. Linked profiles, for example, added a degree of transparency for both parties – candidates could easily demonstrate their communication and technical skills via their interactions on the main site, whilst employers could showcase their team by linking their company profiles to those of their current employees.

Previously:

Update (2022-04-26): Ruffin Bailey:

But then, today, a reason for the change finally hit me: They were already cutting off the small fish in Jobs (see another rant here where StackOverflow Jobs basically told my current medium-sized company to shove it). What might the big companies complain about with the old job listings?

The old StackOverflow Jobs listings required companies to compete on salary. The new “branding-only” listings don’t.

Should You Ever Repair Permissions?

Howard Oakley:

One of the less-recognised benefits of SIP was that it effectively prevented this from happening, although improvements in system installers undoubtedly played their part as well. The signed and sealed System volume in Big Sur and Monterey is an even better guarantee that everything on that volume must now be in perfect condition.

[…]

El Capitan provided a short break from repairing permissions. Once Sierra had been released, Apple quietly posted a support note (long since removed, and not archived) recommending a new procedure, which could fix a long list of problems[…]

[…]

In March 2020, Apple changed the procedure again, to running a new tool repairHomePermissions in Recovery mode, then reinstalling macOS. By June 2020, Apple had removed its support note, silently erasing all trace of these procedures.

[…]

The problems that Apple originally attributed to damaged permissions on preference files often arose without any mishandling on the part of the user, nor by apps. The only explanation which fits the facts is that those problems were attributable to bugs in cfprefsd which became prominent in Sierra, and lingered for a couple of years.

I continue to get lots of customer support requests due to messed up file permissions, ownership, and ACLs. Many of these seem to be caused by incorrect manual migrations or restorations from backup. I’m not sure whether these could have been fixed using the Repair Home app, as I had forgotten it existed.

Previously:

Update (2022-11-30): Howard Oakley:

The big mystery is the repairHomePermissions tool. While this is present in Ventura, it has no man page, no usage information, and proves to be a launcher for an app that doesn’t even exist outside Recovery mode. Neither can I find an Apple Support article that mentions it any more.