Archive for February 3, 2022

Thursday, February 3, 2022

Have Monterey Updates Gotten Smaller?

Howard Oakley:

By my reckoning (and your mileage may vary), the 12.1 update was 2.8 GB for Intel and 3.2 for M1, which are about 1 GB smaller than the equivalent updates for Big Sur. macOS 12.2 update was smaller still, at 2.4 (Intel) and 2.75 GB (M1).


The only cost of Monterey’s smaller updates is longer time required to ‘prepare’ each update prior to its installation, which has risen from 15 minutes (macOS 11) to 30 (macOS 12).

I continue to have problems, starting with Mojave or Catalina, where sometimes an update doesn’t complete and I have to power cycle the Mac several times.


Optionals in Swift Objective-C Interoperability

Fabián Cañas (via Zev Eisenberg):

The scroll view property, which should be nonnull, or in Swift, not optional, is never given a value on initialization. So what happens when we use if from Swift?


Any Objective-C things we want to do with these objects succeeds, which is nearly everything since they’re Objective-C objects. We’ve entered the territory of undefined behavior. It’s a sort of “Objective-C mode”.

There are things we can do to detect this non-optional nil condition. […] The problem is that since Swift doesn’t think this value can be nil, it’s not trivial to check.


If you make a Swift extension to the Objective-C class and call them on one of these nil things that aren’t supposed to exist, those methods still get called.

I guess this is because methods defined in Swift are by default not dynamic.

Nonnull array properties in Objective-C get bridged to Swift in a very strange way. […] This situation doesn’t look self-consistent. Under some conditions, Swift will create an Array if it doesn’t find one where it’s expected.


How Well the Spotify App Works

Chance Miller:

First and foremost, Spotify is indeed much faster and more reliable than Apple Music when it comes to loading and searching for music.


The number one reason my experiment is over is because of Spotify’s absolute insistence that if you use Spotify for music, you must also use it for podcasts. This manifests itself in multiple different ways, one of the most notable being the barrage of podcast recommendations in the “Home” tab of the Spotify app.


Additionally, Spotify will even try and make playlists for you that mix and match podcasts and music.


I have other issues with Spotify, including its poor adoption of Apple standards like AirPlay 2, and its poor support for local files.

I tried it recently and found the interface strange and inefficient.

Via Matt Birchler:

I know people swear by Spotify, but every time I’ve tried to use it, it’s a dumpster fire of an experience for me.


Update (2022-02-04): Matt Birchler:

Yesterday I complained that Spotify doesn’t support your own MP3, but that’s not technically true!

You gotta add them to a playlist and sync that playlist over to your phone, which isn’t at all what I want personally, but they do have it, so correction issued!

Too Big to Fail App Review

Eric Benjamin Seufert:

The presence of certain apps is so imperative to the App Store’s broader consumer appeal that Apple has no choice but to allow those apps to defy its various platform rules and restrictions. These apps are too big to fail: if Apple were to enforce its rules against these apps and block them from the App Store, it would suffer extreme commercial consequences.


This creates a very fine line for Apple to navigate, especially in the case of Netflix. Apple must allow the products that are too big to fail to skirt (or appear to skirt) its App Store policies while preserving the agency and legitimacy to enforce those policies for the developers of mobile-only games.


Update (2022-02-04): Marco Arment:

Now, in practice, this gets a bit messy when dealing with extremely popular, must-have services for so many people like Facebook, Instagram, and WhatsApp.

Facebook knows that Apple can’t REALLY kick them off the App Store.


Hang Up and Call Back

Brian Krebs:

Many security-conscious people probably think they’d never fall for a phone-based phishing scam. But if your response to such a scam involves anything other than hanging up and calling back the entity that claims to be calling, you may be in for a rude awakening. Here’s how one security and tech-savvy reader got taken for more than $10,000 in an elaborate, weeks-long ruse.

Andrew Abernathy:

A problem here in my experience is legit fraud departments leave callback numbers that don’t match the phone number on the back of the credit card; if you call the number on the card they don’t know what you’re talking about. Fraud depts are training us to trust random ass calls.

Pieter Gunst:

Once I gave my member number, the attacker used the password reset flow to trigger a text message from the bank.

They used this to gain access to the account.

Then read some of my transactions to give the call more credibility

Patrick McKenzie:

Wish more banks would do what Stripe does here: “Log into your account and use the ‘auth a support rep’ feature. I will read you some digits, you verify they match, then read your digits to me.”

Chris Messina:

Apple Support now sends push notifications to your devices to verify that it’s you calling.

Corey Hoffstein:

My bank just called me about something, but couldn’t tell me what it was about unless I answered my security questions.

Sorry, I’m going to assume it’s fraud and hang up 100% of the time.

I called the bank myself. Turns out it was legit.

What a stupid, broken security model.

Oluseyi Sonaiya:

I just received a phone call purporting to be Apple Inc., with a recorded voice telling me my “iCloud account had been breached,” not to perform any actions, and to press “1” to connect with “Apple Support.”

If you receive this call, it’s a scam.


There is some persistent vulnerability in US phone networks that is allowing spammers to spoof the phone numbers and caller ID information of known brands. It shows up as "Apple Inc." on my phone, too.

Brian Krebs:

You may have heard that today’s phone fraudsters like to use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Update (2022-02-04): John Bowdre:

I’ll also add: if you can’t find a company’s support phone number on their website, they don’t want you to call. Use some other contact method. The number you found via search is probably a scam.