Archive for March 14, 2022

Monday, March 14, 2022

FastScripts 3.1

Red Sweater:

This update introduces an expansion of FastScripts’s own built-in scripting additions, with three powerful new commands for searching, replacing, and splitting text with regular expressions.

These can be used by any AppleScript on your Mac, whether you’re running the script from FastScripts or not. These new commands are also completely free of charge, so if you install and keep FastScripts running in the background, your scripts will always have access to these features.

For comparison, here are some examples of what regular expressions look like using Cocoa via AppleScriptObjC.


Web Views in System Preferences

Jim Nielsen (via Old Unix Geek, Hacker News):

I’m intrigued by the ability to use system colors in CSS and these web views in macOS show how engineers at Apple are leveraging non-standard CSS keywords in Webkit to mimic UIs in macOS which are otherwise built with native system APIs.

It’s kind of like opening the developer tools in an Electron app, except these are native macOS apps with web views parading as system UI.

I’ve poked around in the “Apple ID” and “Family Sharing” panes in the macOS System Preferences where I’ve spotted a few intriguing details.

I ran into one of these Web views in the Music app when trying to manage my Apple News+ subscription.


DuckDuckGo Will Down-Rank Russian Disinformation Sites

Tom Parker (Reddit):

The founder of DuckDuckGo, a Google-alternative search engine that has touted its “unbiased” search results for years, has announced that it has started down-ranking sites based on whether they’re deemed to be associated with Russian disinformation.


The practice of suppressing content that is deemed to be disinformation while elevating content that’s deemed to be “high quality information” is something that has been embraced by Google, particularly on YouTube where so-called “high authority channels” are up to 20x more likely to top search results and censoring “misinformation” is its number one priority.

Prior to Weinberg’s announcement, DuckDuckGo had made multiple statements over a period spanning more than five years that positioned DuckDuckGo as a search engine that provides “unbiased results,” criticized other search engines for failing to show “neutral, unbiased results,” and criticized bias in algorithms.

Via Mike Rockwell:

We want search engines to rank results based on relevancy and that can be determined by numerous factors. That’s literally what search engines do. But they’re making a determination as to whether or not a piece of content is “disinformation” and then down-ranking content based on that. That’s an editorial decision.

And what if they’re wrong? What if they down-rank content that is later found to be true? What if someone is specifically looking for “disinformation” content for research purposes — to see what the opposing perspective has to say in order to better form their opinions or to point at the absurdity?


I don’t use DuckDuckGo directly anymore, that changed last year when I started self-hosting SearX. But I still use DuckDuckGo as one of the search engines powering SearX’s results.

A. Khalid (via Nick Heer):

Earlier this month, DuckDuckGo announced it would pause its relationship with Russian-state owned search engine Yandex.

A number of platforms including the Meta-owned Facebook and Instagram have also demoted posts from Russian state media. Google has been down-ranking search results from Russian state news agencies since 2017.


The primary utility of a search engine is to provide access to accurate information. Disinformation sites that deliberately put out false information to intentionally mislead people directly cut against that utility. Current examples are Russian state-sponsored media sites like RT and Sputnik. It's also important to note that down-ranking is different from censorship. We are simply using the fact that that these sites are engaging in active disinformation campaigns as a ranking signal that the content they produce is of lower quality, just like there are signals for spammy sites and other lower-quality content.

So this sounds like a very coarse adjustment. They are not evaluating whether a given piece of content is disinformation, and I guess true content on these sites will be down-ranked as well. The search results will still be “complete,” just perhaps in a different order than before.

The examples given are sites that are well known to be controlled by the Russian government. It would be interesting to know what the other sites are, and whether they are only targeting Russian sources of disinformation.


Still No Preference to Opt Out of OCSP

Howard Oakley:

Although Apple has made a big thing of protecting privacy, macOS has one hole which Apple acknowledged over a year ago, promised to fix, and hasn’t fulfilled its promises. Every time you open an app, macOS checks the validity of its developer’s signing certificate. If that certificate hasn’t been checked recently with Apple, your Mac connects to Apple’s servers and checks it with them, an action which could reveal information to an eavesdropper.


Above all else, Apple now needs to explain properly to users, particularly those in Ukraine and other nations which are dangerous places to use a Mac, exactly how it protects code signature checks from eavesdropping. Which versions of macOS provide checks using robust protection? What is that protection?

Howard Oakley:

For those who don’t or can’t risk the OCSP exchange and transmission of new hashes, there are solutions which should mitigate against that. For instance, provided that an app has already been run and its cdhashes entered into the local security database, no repeated copies of those hashes should be sent to iCloud. Blocking outgoing connections to and is readily performed using a software firewall such as Little Snitch or LuLu.


Update (2022-03-16): See also: Hacker News.