Archive for July 2022

Friday, July 29, 2022

Scrubbing Through iOS 16’s Music App

Jason Snell:

The real advance, though, is in how you control volume or scrub through a track. Previously, you needed to put your finger down on the dot itself, and then slide the dot back and forth. If you missed the dot, you failed. In iOS 16, the entire area of the bar is swipeable. You just put your finger down, anywhere, and slide it back and forth.

Picking a Portable Power Station

Adam Engst:

The big name in the field appears to be Jackery, and its Explorer 160 costs only $139.99 for 167 watt-hours of energy storage with an AC outlet, USB-C port, two USB-A ports, and a DC 12V port. It’s reasonably light at 3.97 pounds (1.8 kg), which is important given the amount of gear I have to pack. The only downside is that its USB-C port puts out just 15 watts, not enough to charge the MacBook Pro while in use. I could plug the MacBook Pro into the AC outlet, but that seems limiting when there’s a USB-C port. The Explorer 300 puts out 60 watts over USB-C, but its 293 watt-hour capacity jacks its weight up to 7.1 pounds (3.22 kg) and price to $299.99.

[…]

After several hours of research, I finally unearthed the $89.99 TECKNET Portable Power Station, a 155-watt-hour, water bottle-sized device with a carrying handle that weighs 3.75 pounds (1.7 kg) and features a three-prong AC outlet, a 45-watt USB-C port, and three 18-watt USB-A ports.

[…]

If you can imagine needing to jump-start your car or charge digital devices while on the road, I highly recommend something like the Tacklife jump starter. Just make sure you have the appropriate cables—I’ve added a Lightning cable to the USB-C and micro-USB cables that came with mine.

It claims to offer 12 months of standby time.

Deep Codable

Mike Lewis (via Dave Verwer):

I recently built DeepCodable, a package to encode and decode arbitrarily-nested data into flat Swift structs, by defining the coding paths with a result builder. I personally have been wanting something like this for a long time when interacting with third-party APIs, so I decided to build it.

Update (2022-08-02): Jsum:

Jsum is a JSON object-mapping framework that aims to replace Codable for JSON object mapping. It takes a lot of inspiration from Mantle, if you’ve ever used it back in Objective-C land.

[…]

Codable is often thought of as not being flexible enough. Many common problems with it are outlined in the replies to this Swift Forums post. In my opinion, Codable requires you to give up its most valuable feature—synthesized initializers—too often, and this is why it feels so cumbersome to use.

Codable and JSONDecoder don’t offer a lot of up-front decoding customization, and miss a lot of common use cases. All of these missed use cases mean you have to implement init(decoder:) and manually decode every single property for that type, even if you only needed to adjust a single property’s behavior.

Using Stage Manager and Spaces Together

William Gallagher:

Because you’ve already chosen Stage Manager in your first or regular Space, it’s on for all of them. And when you turn it off, you are turning it off for all of them.

So what you end up with is a Mac desktop that has you focusing on just the apps and documents you need for your current task. Most other items you use are there in the Stage Manager column of icons and so are a click away.

And an entire new set of apps and documents is a swipe away in a second Space.

Thursday, July 28, 2022

Ventura Notifies User of New Login Items

Thomas Clement:

wow so now Apple is going to use my personal name in user notifications to tell users I’m personally installing login items on their machine. I think there’s a difference between the app (that users voluntarily install) doing things and me doing things. That’s… very wrong.

macOS seems to have gotten his name from the code signature on his app. The notification is a potentially useful feature, but it would be better if it reported the name of the app that added the login item. The user doesn’t have a good way of finding the app that corresponds to the reported developer name. Also, showing the developer’s name is especially confusing in the case of an indie developer, where it shows a personal name rather than the name of a company. The notification makes it look like a hacker named “Thomas” broke into your Mac.

Rich Siegel:

This is really terrible UX, and if you see it while testing macOS 13 please report it as a bug.

Update (2022-10-17): Marcin Krzyzanowski:

security by obscurity or what. What’s the point of that 🤔 it literally cannot be more generic information Image

This is going to be so confusing for users.

Update (2023-01-05): Adam Maxwell:

This has all been working fine since 2010, so obviously Apple needed to change something. Aside from the obvious notification bug, TeX Live Utility users have no idea who this “Adam Maxwell” guy is, and shouldn’t have to learn.

Matt Birchler:

OMG, months into Ventura and I still get notifications like this when I reboot. Literally no idea or explanation what this is.

Previously:

Update (2023-02-03): Christina Warren:

The never-ending “Background Items Added” pop-up for an item I already disabled or already know about is the most annoying part of Ventura after the new System Settings design.

Tim Hardwick:

Numerous Mac users are repeatedly encountering a bug in macOS Ventura that throws up Login Items notifications for various background app processes every time they start up their machine, even when the processes in question have been disabled.

[…]

Scouring the complaints across Reddit, Twitter, Apple Support Community discussions, and various other app-specific forums, app processes such as Google Updater, Adobe CC Helper, and Dropbox are repeatedly cited as culprits, but these only appear to be referenced more often because they are popular apps with background processes. Almost any third-party background process can seemingly be referenced in the persistent Login Items notifications.

Update (2023-02-14): Norbert M. Doerner:

The new bug in macOS 13.2 can hopefully be fixed by using Apples Terminal.app and paste and run this command:

sfltool resetbtm

You may need to restart your Mac once to see this in effect.

Unfortunately, the resetbtm option for the sfltool command line tool is not documented by Apple, the man page does not list it.

Update (2023-02-16): macOS 13.3 Beta:

Fixes an issue introduced in macOS Ventura 13.1 that caused the system to post excessive “Background Items Added” notifications after toggling items in System Settings > General > Login Items. Toggling items in macOS Ventura 13.2 doesn’t cause excessive notifications, but that release doesn’t automatically correct the issue inherited from macOS Ventura 13.1.

Studio Display Audio Issues

Seth Willits:

Audio recording from my Apple Studio Display microphone is still fundamentally broken in every app. Latest OS and display firmware versions.

And for what it’s worth, I filed this back in May as FB10017937. No response from Apple yet.

For the last month or so, the speakers on my Studio Display have been broken. Whenever I start playing music (or any other audio), it works for a few seconds and then cuts out.

Internet of Shit:

I have one of the new Apple Studio displays.

Recently, it started being weird: webcam and sound would only work sometimes…

Kirill Zakharov:

Friendly reminder to restart your Studio Display 🤦‍♂️

Indeed, this worked for me. I had restarted and shut down my Mac, but I’d forgotten about restarting the display.

Holger Laufenberg:

YOU HAVE TO RESTART your studio display on occasion, especially if you run into issues with the3 camera, microphone or speakers. The studio display runs its own internal version of IOS that operates the camera, speakers and microphone. Much like ANY other device that runs its own operating system, you can’t run it indefinitely without ever restarting it. You will eventually run into issues and your device does funny stuff. I got my studio display on march 18th and yesterday the camera started acting up, then the microphone etc. After hours with Apple support and trying all kind of things to isolate the issue, it occurred to me that we did EVERYTHING except restart/reboot the display itself. because it has no power button and no software control to restart it, the only way to do it is to unplug it from the power source, wait at least 1 full minute and plug it back in. Of course it immediately solved all the issues.

We spent so long asking for a basic 5K Retina display but never thought to specify that it should have a power button and a decent camera.

Mario Guzman:

I have to restart both my Apple Studio Displays. Otherwise, audio gets choppy and eventually just cuts out completely. Rebooting the Mac doesn’t help. You literally have to power cycle the entire Studio Display(s). Happens about every 5-6 weeks for me it seems.

I rarely use the display’s speakers, so it’s quite possible that my display also had this problem before but that it was temporarily cured by restarting after the firmware update in May.

Previously:

Update (2022-08-02): See also: 9to5Mac, MacRumors, iMore.

Francisco Tolmasky:

Just make a display. Sometimes it feels like Apple just can’t do stuff without making it weird. Can’t just ship multiple windows on iPadOS without “re-imagining multitasking”. Can’t make a good display without putting shoving old iPhone inside of it.

Update (2022-08-04): Gus Mueller:

My Studio Display’s microphone was fucked up, so of course I had to reboot it to make it work again. Which of course meant I had to unplug it. Has anyone figured out how to remote ssh into this guy so we can just reboot it from the terminal?

Previously:

PackageKit SIP Bypass

Mickey Jin (tweet):

I found some new attack surfaces in the macOS PackageKit.framework, and successfully disclosed 15+ critical SIP-Bypass vulnerabilities. Apple has addressed 12 of them with CVE assigned so far.

[…]

Moreover, an attacker could get arbitrary kernel code execution with the SIP-Bypass primitive. I did find a new way to do this on the macOS Monterey, but I couldn’t share the exploit here right now, because it is related to another unpatched 0-day.

[…]

The service provides only one method to shove files from one place to another place[…] However, there is no check for the incoming clients, and any process can fire the XPC request to the service. Therefore, we can abuse the service to bypass the SIP restriction.

And another issue:

In short, the system command /usr/libexec/configd has a special TCC entitlement: kTCCServiceSystemPolicySysAdminFiles, which grants the command permission to change a user’s home directory and forge the user’s database file TCC.db. An attacker could inject a malicious dylib into the process to enjoy the special TCC permission.

Previously:

Purgeable Mac Apps

Daniel Jalkut (tweet):

For months now, I have been scratching my head over a small but persistent number of “crash reports” affecting a few of my apps. The issue is most prevalent in MarsEdit, where I have a handful of users who run into the issue multiple times per day.

[…]

Here we have a message asserting that MarsEdit was terminated, on purpose, and better still, it includes an explanation! As far as explanations go, “CacheDeleteAppContainerCaches” is not much of one, but it did give me something to go on. Searching for the term yielded pertinent results like this post about Apple Mail and Safari “suddenly quitting.” Unfortunately, they all seem to be scratching their heads as much as I am.

[…]

With some tinkering, I was able to narrow down the reproduction steps to running the “Free Up Purgeable Space” action. It turns out this is invokes a system API responsible for trying to delete caches, etc., from a Mac. Normally the system only does this when disk space is critically low, but CleanMyMac gives you the option to exercise the behavior at any time.

Quinn:

As you’ve surmised, the exception code 0xbaddd15c (‘bad disc’, which sounds worse than it is) seems to be related to our CacheDelete subsystem.

[…]

CacheDelete won’t delete files out from underneath a running app so, if it needs to delete something, it terminates the app. It should only do that when the app is essentially invisible to the user.

macOS really doesn’t like it when the disk is almost full.

Here’s a list of other such exception types.

See also: Howard Oakley.

Wednesday, July 27, 2022

Photos Bug Could Share Albums with the Wrong People

Josh Centers:

Enter a name for the shared album. Then, click in the Invite People field and start typing a contact’s name. As you type, Photos automatically suggests entries from your contacts. So far, so good.

But let’s say you inadvertently hit the wrong key and press Delete to fix it—perhaps typing andy when your contact goes by andrew. As long as there are any autocomplete suggestions showing, instead of deleting the last character you typed, as you’d expect, Photos adds the top suggestion to the invite list! Which is exactly the opposite of what you wanted to do.

Touch ID on a Mac Desktop, Deconstructed

Jason Snell:

I want a mechanical keyboard and Touch ID!

[…]

I decided to attach some velcro tape on the keyboard and the bottom of my desk, positioning the keyboard so that the Touch ID sensor was at the very front of the underside of my desk.

[…]

I feel bad about using Karabiner to make a keyboard less productive, but that’s what I did: I re-mapped the keyboard’s keys to a useless function, so that mistyped keys will have no effect.

My experience has been that Touch ID is rarely useful on the Mac for anything except logging in, and that I can do with the Use your Apple Watch to unlock apps and your Mac option. Are there cases where you can use Touch ID but not an Apple Watch? Should there be?

I think when I try to Apple Pay it always sends the request to my phone.

Update (2022-07-28): Obviously, lots of people don’t have an Apple Watch, but I believe Snell is an Apple Watch user, and yet he was still motivated to do this to get access to Touch ID.

Update (2022-09-26): Jason Snell:

I’ve now done what I threatened to do at the end of that piece: I’ve broken into the keyboard, removed the important bits, and then reassembled it into a little 3-D printed case that contains just the Touch ID button.

Swift Tuple Overloads

Novall Swift:

Did you know with WeatherKit you can request any combination of data sets and it’s returned as a tuple?

This is great if you only need a subset of data!

Here I’m requesting to include the current weather and daily forecast, and I can extract just what I need.

[…]

let (current, daily) = try await WeatherService.shared.weather(for: location, including: .current, .daily)

Kyle Howells:

How is it doing this for 2,3+ items?

By just having 8 copies of the same method defined! Which also means 8 is props is your max.

[…]

If this sort of thing is something we are going to be living with for a while, then Apple needs to build in some sort of automatic coalescing into the documentation and Xcode auto complete because this is a very messy and confusing documentation experience.

Perhaps someday Swift will support variadic generics.

Previously:

Disappearing Safari Extensions

Jeff Johnson:

I’ve received a number of bug reports from customers saying that the extension doesn’t appear in Safari. And when my app calls the API [SFSafariApplication showPreferencesForExtensionWithIdentifier: completionHandler:] to show the extension in Safari Preferences, there’s an error “SFErrorDomain error 1”.

[…]

My command above forces Launch Services to re-register the Safari app. In order to diagnose the issue, I saved the output of lsregister -dump to a file both before and after re-registering Safari. When I compared the files, there were a number of differences, mostly trivial (e.g., timestamps), but one big difference stood out to me. The extension point com.apple.Safari.web-extension appeared in the “after” dump but not in the “before” dump[…]

[…]

I don’t know what caused the com.apple.Safari.web-extension extension point to become unregistered with Launch Services. That’s still a mystery. Obviously this appears to be some kind of OS bug that occurs on Big Sur but not Mojave.

Jeff Johnson:

If anything, the bug gotten worse. It’s happening to me rather frequently now. And it continues to happen to other Safari users, not just users of my Safari web extension Tweaks for Twitter, but to users of all Safari web extensions from every developer.

As a reminder, if your Safari web extensions have disappeared, you can restore them with a command in Terminal:

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -f -R /Applications/Safari.app

However, this command might not restore your extension data. I’ve found that in some cases, Safari not only forgets the extensions, it also erases the extension storage!

Previously:

Tuesday, July 26, 2022

Git Tower 9

Tower:

Auto-expand changesets: A new view option has been added to configure behaviour of auto-expanding diffs in the History changeset views. You can find it under “Diffs in Changeset” in the “View” main menu.

This is great. I always want to see the changes expanded unless they’re huge.

Show branch/commit in History: You can now reveal a branch, tag or any commit in the Tower’s History view by selecting “Reveal in History” from the context menu.

This refers to clicking on a branch/commit in the sidebar, not one shown as a bubble in the history. It then reveals it in the history, which is nice.

Snapshots: Create snapshots of your working copy or individual changed files. Changes are safely stored in a stash but they remain in your working tree. This feature is available from the context menu of changed files or from the “Working Copy” main menu.

In other words, you can now easily save in-progress work without creating a commit. I used to do this by creating a stash (which clears the working copy) and applying it (but saving the stash).

Large diffs: Large diffs are not displayed automatically anymore. Instead, you will be prompted to display the diff. The threshold for displaying the warning can now be configured in the General preferences.

This should prevent freezes when skimming through lots of commits.

Previously:

Update (2022-08-02): Bruno Brito:

It all starts with a brand-new Merge UI! The primary goal was to make it more explanatory and consistent for merge sequences and when editing revisions.

Swift Proposal: Move Function

SE-0366 (forum):

In this document, we propose adding a new function called move to the swift standard library, which ends the lifetime of a specific local let, local var, or consuming function parameter, and which enforces this by causing the compiler to emit a diagnostic upon any uses that are after the move function. This allows for code that relies on forwarding ownership of values for performance or correctness to communicate that requirement to the compiler and to human readers.

[…]

As a function, move is rather unusual, since it only accepts certain forms of expression as its argument, and it doesn’t really have any runtime behavior of its own, acting more as a marker for the compiler to perform additional analysis. As such, many have suggested alternative spellings that make move’s special nature more syntactically distinct[…]

[…]

Another useful tool for programmers is to be able to suppress Swift’s usual implicit copying rules for a type, specific values, or a scope. The move function as proposed is not intended to be a replacement for move-only types or for “no-implicit-copy” constraints on values or scopes. The authors believe that there is room in the language for both features; move is a useful incremental annotation for code that is value type- or object-oriented which needs minor amounts of fine control for performance.

Previously:

Update (2022-07-28): See also: Hacker News.

Netflix Adds External Subscription Button

Filipe Espósito:

Earlier this year, Apple began allowing “reader” apps to provide external links for customers so they can log in and pay for a subscription from outside the App Store. Now Netflix is rolling out an option in its iOS app that takes users to its website in order to finish a new Netflix subscription.

[…]

When you tap the subscribe button, a message says that “you’re about to leave the app and go to an external website.” The app also notes that the transaction will no longer be Apple’s responsibility and that all subscription management should be done under Netflix’s platform.

Netflix was already not using In-App Purchase, but this change lets them explain to customers without accounts how they can create one. Before, instead of clicking a button to open the site, they had to make a phone call.

Eric Seufert:

Once again we see the use of heavy-handed, intimidating language in intransigent, disruptive modals designed to suppress consumer use of off-platform services. This is clearly a significant hurdle to open payments and commerce. And the privacy point is absurd.

Michael Love:

I’m now delightedly realizing that when my new website launches with its accompanying “buy directly from Pleco and save 20%” ad campaign I can totally reciprocate here and spread FUD about buying through Apple.

It’s accurate FUD, too - Apple actually does reject refund requests sometimes (and we can’t overrule them when they do), they do lose purchases sometimes (and we can’t always retrieve them when we do); I can with absolute sincerity say the safest place to buy Pleco is from us.

Heck, I’ll put up a dang comparison chart showing the price difference + availability of refunds + where money goes + support response times + fact that actual humans are reading your email and not responding from a script; “why waste money + put up with Apple’s crappy support?”

But only “reader” apps can do this.

Previously:

Update (2022-08-08): John Gruber:

We can (and should) quibble with some of the design details and language of this warning dialog — why is the headline font so big? why is Netflix’s own name in quotes? — but on the whole this is the way things should be. Developers should be able to steer users to the web for payments and subscriptions, and users should know they’re being steered to the web, and that anything they pay for outside the app won’t work like in-app payments do.

Mail Links and Percentages

Dr. Drang:

Yesterday, John Voorhees wrote a nice article at MacStories about creating links to specific email messages. His system is in the form of a Shortcut, but the real work is done by an AppleScript. The AppleScript is an extension of one John Gruber wrote 15 years ago.

[…]

The questions I needed to answer were:

  1. Are reserved characters used in message IDs?
  2. If so, do they need to be percent-encoded in a message URL?

[…]

None of the reserved characters caused a problem except the percent sign itself.

However, that does not mean that the strings are valid URLs, and in fact even putting the message ID in unencoded angle brackets will prevent it from working with NSURL. I think what’s happening here is that Mail is receiving the URL as a string and removing the percent escapes directly, without actually parsing it as a URL.

So, if you store unencoded links you are setting yourself up for trouble if Mail changes how it works, if you ever want to redirect the message: scheme to a different app, or if you want to detect message: URLs that are embedded in a document. Lots of e-mails unfortunately don’t follow the specification, and I’ve seen Message-ID headers that include the " and ) characters, as well as spaces, which could mess up the way Markdown interprets the links.

If you want to handle more than the percent symbol, here’s an AppleScript that will escape the other characters, too:

use AppleScript version "2.4"
use framework "Foundation"

on URLFromMessageID(_messageID)
    set _components to my NSURLComponents's alloc's init
    _components's setScheme:"message"
    _components's setHost:("<" & _messageID & ">")
    return _components's |URL|'s absoluteString() as Unicode text
end URLFromMessageID

Another issue to be aware of is that the Message-ID header sometimes includes text outside of the angle brackets. This should not be included in the URL. However, if you are using Mail’s message id AppleScript property, as Gruber’s script does, it will remove the extraneous text for you (just as it removes the angle brackets themselves).

Previously:

But 15 years after adding support for these URLs, Apple still hasn’t exposed a direct way to copy them from any given message other than drag-and-drop.

Monday, July 25, 2022

Apple Retail Store Time Machine

Michael Steeber:

The Apple Store Time Machine is a celebration of the places and products that have shaped our lives for more than twenty years. This interactive experience recreates memorable moments in Apple history with painstaking detail and historical accuracy.

Via John Gruber:

It’s effectively a Mac game that you download and explore. The “levels”, as it were, are exquisitely-detailed 3D recreations of four iconic Apple Stores, including the Fifth Avenue “cube” in New York.

Update (2022-07-26): See also: Michael Steeber.

Update (2022-08-02): Jason Snell:

Steeber’s project brought up memories of my own. I covered the Palo Alto mini store opening for Macworld!

The Talk Show:

Special guest Michael Steeber joins the show to discuss his new project, The Apple Store Time Machine — an intricately-detailed explorable walkthrough of four of Apple’s original retail stores.

Missed Security Updates Due to Content Caching

Howard Oakley:

The assumption is that, if you follow Apple’s guidance with automatic updates enabled, when Software Update reports your Mac is up to date, then everything is hunky dory.

[…]

In my case, as with many, when any of my Macs tries to download and install security data updates from my Content Caching server, they fail to install. Disable that server, so those Macs are forced to connect direct to Apple’s servers, and the same updates install first time, without error.

[As] a matter of policy, Apple doesn’t inform users when it pushes security data updates, nor does it reveal their current versions, nor is it easy to discover whether anything is wrong with the software update process. Unless you use third-party software and sites like this, your Mac(s) could have failed to install every one of the six security updates pushed by Apple since problems started in early June, and you’d be none the wiser.

Update (2022-07-28): Nicholas Riley:

Disabling the server, clearing the cache and reenabling did NOT work for us; had to disable then use “silnite au” to check for/install updates.

Rich Siegel:

I can confirm this has happened to me as well.

Update (2022-08-08): Howard Oakley:

After reporting this to Apple via Feedback, and supplying sysdiagnoses to help its engineers get to the bottom of the problem, I was finally told that the problem had been fixed a week or so ago. On Thursday 4 August it had the first chance to try out the latest security update, and I’m delighted to report that everything worked as it should: all four of my Macs downloaded and installed that update successfully.

Update (2022-08-29): Howard Oakley:

While my Content Caching server worked fine for the macOS security update, the old problem returned with the two security data updates the following day. Just as before, the workaround was to temporarily disable the service, force the updates on other local Macs, then to enable Content Caching again.

This is a reversion to the behaviour of June and July, which can leave client Macs with old versions of macOS security data updates, which is a serious security problem.

Too Much Transparency in macOS 13

Matt Birchler:

This is what Safari’s download window has looked like for years on macOS. It’s pretty well laid out, but I always have trouble reading it at a glance.

Matt Birchler:

Today I’m back complaining about contrast and legibility again with the updated Home app in macOS Ventura.

I wanted to add an accessory today and I stared at the window for a few seconds, explored the menus, and didn’t see a way to do it. I eventually did notice the small, nearly transparent plus symbol in the top right of the window, but good lord, that’s not good.

Previously:

Personal App Distribution

Steve Streza:

To make a small app for a friend,

  • Mac: Send a .app, maybe right-click > Open
  • Windows: Send a .exe or .msi installer
  • Linux: Send a .appimage
  • Android: Enable dev mode, send a .apk
  • iOS: Spend $100/year, set up TestFlight, make a new build every 3 months because they expire

And, unless you want to give the friend a role on your App Store Connect account to make them an internal tester, you also have to wait for your TestFlight submission to go through Beta App Review.

Previously:

Friday, July 22, 2022

Reverse Engineering SwiftUI’s NavigationPath Codability

Brandon Williams and Stephen Celis:

An interesting feature of NavigationPath is that it is capable of encoding and decoding itself to JSON, even though all of its type information has been erased. This is powerful because it makes state restoration as simple as serializing and deserializing data, but how does it work?

[…]

Is it possible to recreate this seemingly magical functionality ourselves? Can we really take a nebulous blob of stringy JSON and turn it into values with static types? Well, the answer is yes, by using a little bit of runtime magic and Swift’s new existential super powers.

[…]

We can use an underscored Swift function that is capable of turning a type into a string.

[…]

Just as there is an underscored Swift function for turning a type into a string, there is also one that goes in the reverse direction[…]

Previously:

Apple Re-enables Bluetooth on Every Update

Jeff Johnson:

I believe this issue started with iOS 14 and macOS 11, but in any case it definitely happens now with every iOS 15 and macOS 12 update, including today’s iOS 15.6 and macOS 12.5 updates, on every device I own. (I think Apple stopped re-enabling Bluetooth for Big Sur security updates after Monterey was released.) I finally decided to file a bug with Apple[…]

Apple:

We reviewed your report and determined the behavior you experienced is currently functioning as intended.

Previously:

Bluetooth Remains Unusually Painful

Catherine Thorbecke (via Hacker News):

In the two decades since it was first included in products available to the general public, Bluetooth has become so widespread that an entire generation of consumers may not be able to remember a time without it.

[…]

“I have a very love-hate relationship with Bluetooth,” said Chris Harrison, a professor of Human-Computer Interaction at Carnegie Melon University. “Because when it works, it’s amazing, and when it doesn’t, you want to rip your hair out.”

“The promise was to make it as seamless and easy as possible,” he said. “Bluetooth never quite got there, unfortunately.”

Bluetooth has got to be the least reliable modern standard. Apple’s proprietary enhancements for AirPods and its other headphones help but don’t go far enough. I’m continuing to develop ToothFairy to try to make common Bluetooth tasks easier. That’s been a success for me as a user, though as a developer it has been frustrating, as the APIs are incomplete and unreliable.

Previously:

Privileges.app

SAP:

Privileges for macOS is designed to allow users to work as a standard user for day-to-day use, by providing a quick and easy way to get administrator rights when needed. When you do need admin rights, you can get them by clicking on the Privileges icon in your Dock.

We believe all users, including all developers, can benefit from using Privileges. Working as a standard user instead of an administrator adds another layer of security to your Mac and is considered a security best practice. Privileges helps enable users to act as administrators of the system only when required.

Via Rich Trouton:

However, Toggle privileges’s time-limited admin feature for Privileges is its most misunderstood feature. The reason is that while the ability to set a time limit is only available if you’re using the Toggle privileges function, many users assume that this time-limited admin is available universally to all the functions used to get admin rights using the Privileges app.

It is not. Time limited admin is only available using the Toggle privileges function. If you’re not using the Toggle privileges function, there is no time limitation and you cannot set one from within the Privileges app.

[…]

What if you want time-limited admin outside of using the Toggle privileges function? You will need to use a separate mechanism. In my case, I usually point folks towards using PrivilegesDemoter.

TextExpander Takes Venture Capital

TextExpander:

TextExpander, a developer of productivity software, today announced a $41.4 million financing round and the addition of SaaS industry leader J.D. Mullin as the company’s new CEO. The financing is led by global growth equity investor Summit Partners and will support continued investment in R&D, hiring and customer acquisition, and will help to further accelerate TextExpander’s rapid growth.

[…]

Today, the company has more than 100,000 monthly active users (MAU) who have employed 560 million expansions in the last year alone.

[…]

Prior to joining TextExpander, J.D. was an Executive-in-Residence at Summit Partners. Previously, he spent two years leading the QuickBooks Time business unit at Intuit following its acquisition of TSheets, a leading SaaS-based time tracking and scheduling program.

[…]

“With this investment from Summit Partners, we will continue to advance enterprise capabilities and expand our team to support a growing base of loyal customers.”

Ingrid Lunden (Hacker News):

Alongside the funding, the company is also appointing a new CEO, J.D. Mullin, who is taking over from Philip Goward, who co-founded the company originally with Greg Scown. TextExpander was born out of another developer platform they built called Smile — you can read more about that early history, with an interesting nod to how they originally met at Macworld and how the threat of a clone led them to build for iOS after first launching on Mac, here — and both are keeping seats on the board and remaining involved in aspects of development.

[…]

For now, it sounds like some of the investment will go toward helping TextExpander work with those behemoths but on a functionality basis. There will be, for example, efforts to expand integrations with the likes of Salesforce to both help build better repositories of “sources of truth” as well as to build more use cases for where TextExpander might be applied.

Previously:

Zendesk to Be Acquired

Reuters, in February:

Zendesk Inc (ZEN.N), the software company under activist shareholder pressure to abandon its $3.9 billion all-stock acquisition of the parent of online survey portal SurveyMonkey, said on Thursday it had rejected an acquisition offer from a consortium of private equity firms for as much $16 billion.

Zendesk (Hacker News):

Zendesk, Inc. (NYSE: ZEN) today announced it has entered into a definitive agreement to be acquired by an investor group led by leading global investment firms Permira and Hellman & Friedman LLC (“H&F”) in an all-cash transaction that values Zendesk at approximately $10.2 billion.

[…]

Zendesk started the customer experience revolution in 2007 by enabling any business around the world to take their customer service online. Today, Zendesk is the champion of great service everywhere for everyone, and powers billions of conversations, connecting more than 100,000 brands with hundreds of millions of customers over telephony, chat, email, messaging, social channels, communities, review sites and help centers.

Ron Miller:

But the SaaS market has shifted dramatically over the last few months, and Zendesk has been caught in the middle of it in a maelstrom of investor drama. Earlier this month, the company concluded it would stay independent, a move that caused the stock price to plunge.

[…]

For Zendesk, it gave unhappy investors a way to get some return on their investment[…]

It sounds like they aren’t profitable yet, and instead of raising more money to try to grow their way out of it, they went with a private equity firm that will likely cut spending/development and try to run it more efficiently. This is good for customers in so far as the service will likely stay around, but I would not expect to see a lot of improvements.

Previously:

Weathergraph 1.0.107

Tomas Kafka:

Interactive chart, just in time for summer trips! Need to know the exact conditions for a given hour? Long press the chart to show all the data, or press and slide your finger over the chart to “scrub” through the forecast.

Between this and the improved legend introduced in another recent update, it’s much easier to get a feel for what different heights on the graph mean.

Previously:

Wednesday, July 20, 2022

macOS 12.5

Juli Clover:

macOS Monterey 12.5 adds a bug fix for a Safari tab issue and it adds the option to restart, pause, rewind, or fast-forward a live sports game that’s in progress. Apple’s release notes for the update are below.

You can download the installer and IPSW.

Howard Oakley:

There are about 50 security fixes for Monterey, detailed in this article. These include three in the kernel. Big Sur security release notes are here, and those for Catalina are here.

Mr. Macintosh:

If you have one of the following Macs DO NOT update to 12.5.

  • MacBookPro9,1
  • MacBookPro10,1
  • MacBookPro11,3
  • iMac13,x (units with dGPUs)
  • iMac14,x (units with dGPUs)
  • OR IF YOU UPGRADED YOUR GPU TO KEPLER in your iMac or Mac Pro!

Apple changed something and the Kepler GPU patches are not working correctly now. For now stay on 12.4 until more information comes in.

Previously:

Update (2022-07-25): Mr. Macintosh:

Some users install the RC version thinking it’ll be the public release

Sometimes it is, and everything is fine

In this case, RC1 turned out to be beta software

This is a good reminder that an RC is not the final version until Apple confirms the public build version is the same

Drobo Files for Bankruptcy

Gannon Burgett:

Drobo was founded in San Jose, California back in May 2005 under the name Data Robotics. Over the years, its line of Drobo products took hold in the data storage market, offering simple solutions for anyone needing to store and back up their digital data. Unlike many of its competitors, Drobo succeeded in simplicity, with a proprietary technology that allowed users to hot-swap hard drives without the need to manually migrate data.

[…]

At a time when RAID solutions weren’t necessarily commonplace in the consumer world, Drobo offered a lifeline to creatives who wanted a simple solution to keeping their data safe. Things started taking a turn, however, at the turn of the decade, with a few notable names in the photography industry publicly announcing they were no longer using Drobo products due to their unreliability and slow speeds.

[…]

Over the years under this ownership, Drobo release new products on an annual basis, but started to feel the heat as the likes of Buffalo, Lacie, Promise Technology, QNAP, Synology, Western Digitals and others improved their simplicity and expanded their respective product lines at a price below what Drobo’s proprietary technology came in at.

William Gallagher (Hacker News):

[The] company appears to have been badly affected by the coronavirus. In February 2020, the company tweeted about production delays, and in March 2020, its CEO Mihir Shah addressed concerns over how the coronavirus would affect the company.

liberoj:

When expressing a concern about sending my unit into Drobo (post bankruptcy filing) my support person reassured me with this:

For the company bankruptcy, we are not closing.

“The restructuring process will enable us to continue servicing our customers and partners and make the necessary investments to achieve our strategic objectives.”

“StorCentric concluded that the voluntary Ch 11 reorganization is the best way to fix our balance sheet and we will remain fully functional during the restructuring process.”

Update (2023-05-16): Kevin Purdy:

Now, AppleInsider reports that, based on an email sent by StorCentric, the bankruptcy shifted from reorganization-minded Chapter 11 to liquidation-focused Chapter 7 in late April.

The writing for Drobo was on the wall, or at least on its website. Text at the top of the homepage notes that, as of January 27, 2023, Drobo products and support for them are no longer available. “Drobo support has transitioned to a self-service model,” the site reads. “We thank you for being a Drobo customer and entrusting us with your data.”

Chris Espinosa:

The death of Drobo also means the end of Retrospect, the first major file backup system for Macs which dated from 1989.

Update (2023-05-17): Adam Engst:

The initial version of this article raised the question of what would happen to Retrospect, which was also owned by StorCentric. I’ve now heard from Robin Mayoff, director of Retrospect Support (and a Retrospect employee since 1995), that Retrospect (and another StorCentric subsidiary Nexsan) has emerged from Chapter 11 under new company ownership. Mayoff posted this Alive and well note in Retrospect’s support forum yesterday[…]

[…]

If my math is correct, Retrospect’s new ownership marks the company’s eighth incarnation across 33 years, a history that exceeds even our own.

FogBugz Moves to IgniteTech

IgniteTech (via Rich Siegel, Hacker News):

IgniteTech™, the company “Where Software Goes to Live™,” today announced a transition of two software products from the ESW Capital portfolio to IgniteTech. Two solutions previously managed under the DevGraph Business Unit, FogBugz and ScaleArc, have transitioned to IgniteTech effective immediately.

[…]

The transition is also good news for all existing IgniteTech customers because it adds two additional titles available to them at no additional cost under IgniteTech Unlimited — the groundbreaking, Netflix-style licensing model that gives every customer access to the entire IgniteTech enterprise solution portfolio at no additional cost.

Daniel Jalkut:

Several months ago I made the leap and migrated all my data out of FogBugz. I’ve shared a pair of Python scripts that make it easy to “Dump FogBugz”, whether for backup or migration purposes.

Previously:

Update (2022-07-25): See also: Core Intuition.

Pirijan:

I thought it might be insightful to share some inside-baseball from my time at Fogcreek Software during it’s last years (~2014-2019).

Tuesday, July 19, 2022

Butterfly Keyboard Lawsuit Settlement

Juli Clover:

Apple will pay $50 million to settle a 2018 class-action lawsuit over the faulty butterfly keyboards that were used in MacBook machines between 2015 and 2019, reports Reuters.

[…]

The lawsuit covers only customers in the above-mentioned states, and lawyers are expecting maximum payouts of $395 to customers who replaced multiple keyboards, $125 to people who replaced one keyboard, and $50 to people who replaced key caps. The settlement is preliminary and will need to be approved by the judge overseeing the case.

Nick Heer:

One of the particularly frustrating aspects of this lawsuit is the degree of redaction in documents and transcripts. There are filings where entire pages are effectively eliminated. That is not unusual, of course, but it is irritating for those of us who want to understand what happened with these keyboards. When the components that were changed between different models are treated as a corporate secret, it is unlikely we may ever know when Apple first found problems and why it took so long to fix them.

Previously:

Update (2022-07-25): Joe Rossignol:

The settlement still needs to receive final court approval. In the meantime, here is everything to know about the agreement as currently proposed.

Update (2022-11-30): Nick Heer:

I am writing this in part to once again express my dismay that this suit was settled before substantial information was made public about this keyboard’s development and failure rate.

Update (2022-12-16): Juli Clover:

Back in July, Apple agreed to pay $50 million to settle a class-action lawsuit over the faulty butterfly keyboards that were used in MacBook machines between 2015 and 2019, and now emails about the settlement are going out to MacBook Pro owners eligible for a payment.

Update (2023-01-06): I received my notice of the settlement, which includes:

A Settlement has been reached with Apple Inc. (“Apple”) in a class action lawsuit alleging that the “butterfly” keyboard mechanism in certain MacBook laptops is defective, and can result in characters repeating unexpectedly; letters or characters not appearing; and/or the keys feeling “sticky” or not responding in a consistent manner.

Apple denies all of the allegations made in the lawsuit, denies that any MacBooks are defective, and denies that Apple did anything improper or unlawful. The proposed Settlement is not an admission of guilt or wrongdoing of any kind by Apple.

Update (2023-05-29): Nick Heer:

I am still irritated this lawsuit was settled before substantive information was publicly disclosed. Perhaps the similar Canadian class action will help explain how these keyboards were developed and then stayed on the market for so long.

Update (2024-07-03): Juli Clover:

Two years after Apple paid $50 million to settle a class-action lawsuit over faulty MacBook butterfly keyboards, funds from the settlement will be going out to affected customers.

[…]

MacBook owners who had at least two topcase replacements from Apple within four years of purchase are set to receive a maximum of $395, while customers who had one topcase repair will receive up to $125. Those who had keycap replacements are eligible for up to $50.

The first affected Macs were sold more than 9 years ago.

Update (2024-08-09): Tim Hardwick (Hacker News):

Apple customers who were affected by Apple’s flawed MacBook butterfly keyboard design have begun receiving settlement funds, two years after Apple paid $50 million to settle a class action lawsuit.

Confusing Swift Evaluation Order

June Bash:

didDelete?(deleteItem(Item()))

[…]

This was surprising to me because i was thinking the order of operations would be:

  1. Evaluate function parameters
  2. Pass parameter into function if available

But instead it acts more like an @autoclosure.

It’s also confusing to me because in Objective-C the arguments are evaluated when the receiver is nil.

Dimitri Racordon:

print(whole.describe(whole.insert("Bar")))

John McCall:

Swift uses a strict left-to-right evaluation order in most situations. In this case, that causes the value of whole to be copied before the other arguments to describe are evaluated

As with the first example, splitting the code into multiple lines changes the behavior.

We’ve considered changing the evaluation of this so that self is not evaluated by copy but instead by immutable borrow, which in this case would cause this code to not compile due to an exclusivity error when the variable is modified while being immutably borrowed.

Previously:

Update (2022-08-29): See also: Slava Pestov.

Years of macOS Updates

Andrew Cunningham:

The end result is a spreadsheet full of dozens of Macs, with multiple metrics for determining how long each one received official software support from Apple.

[…]

For all Mac models tracked, the average Mac receives almost exactly seven years of new macOS updates from the time it is introduced, plus another two years of security-only updates that fix vulnerabilities but don’t add new features.

[…]

Macs that are sold for an abnormally long time—the 2014 Mac mini that was available until 2018, the 2013 Mac Pro that was available until 2019, or the 2015 MacBook Air that was available until 2019, to pick three examples that Ventura doesn’t support—don’t get software updates for longer just because Apple sold them for longer. This differs from the timeline Apple uses to provide hardware repair services, which is determined based on “when Apple last distributed the product for sale.”

[…]

This has led to a gradual decline in the amount of time that Macs could expect to get new macOS releases, but the amount of software support was well within the normal historical range for Macs released in 2014 and 2015. Ventura changes that for Macs released in 2016, in particular. Those models are getting new macOS updates for less than six years from their release date, the least since 2006 and a year or two less than Mac owners could expect in the very recent past. It’s not a historical low, but it’s a noticeable step backward.

[…]

It’s also worth stressing that while there are at least mildly compelling reasons for dropping support for older 4th- and 5th-gen Intel CPUs in Ventura, as best we can tell, those reasons don’t really extend to most of the Skylake-based Macs.

Paul Haddad:

I’d probably be more OK with the situation if the OS releases were actually adding significant new features or if Apple wasn’t making supporting old releases harder than it should be.

Previously:

Peakto 1.0

CYME:

Opening Peakto is like opening all your catalogs at once and seeing all your images in ONE app. No matter what editing software you use. Peakto is the control tower that regroups your catalogs from Apple Photos, Aperture, Lightroom Classic, Luminar AI/Neo, Capture One, iView Media–and from your folders. Without creating extra copies of your images.

[…]

Panorama, a new feature introduced in Peakto, puts the power of AI at your service. Thanks to image recognition, Panorama categorizes all your photos, whatever their format or location, and gives you a smart overview without modifying the arrangement of your catalogs.

[…]

In Peakto we introduce Instants. Instants will gather under one roof all the master files and all the modified versions of an original shot. Instants act like a magic wand, allowing you to find all versions of a shot and bring them together instantly, while giving you invaluable insight on the story of your edits.

It’s $189 or $99/year. You have to pay before you can download the trial:

Statistics show that 95% of software downloads do not result in actual use. At almost 700Mb per download that’s a lot of energy cost for the planet…. That’s why Peakto is not available as a free download.

Previously:

Update (2022-10-18): There is now a free trial, available either by filling out a form to get a download link or via the Mac App Store. The App Store version is 120 MB but needs to download 650 MB at launch before you can use the app. The app can then be updated without having to redownload the ML model.

Monday, July 18, 2022

OmniFocus 3.13 and Voice Control

Ken Case:

OmniFocus 3.13 provides a wide range of improvements to Omni Automation—perhaps most notably adding support for Speech Synthesis, but also a number of other improvements as well.

With these automation enhancements, OmniFocus 3.13 can now take full advantage of the new Voice Control features offered the latest iOS, iPadOS and macOS releases, delivering an incredible level of voice-driven productivity.

If you’re new to Apple’s Voice Control feature, it empowers control of a Mac, iPhone and iPad entirely with one’s voice. It isn’t Siri; it’s control. Voice Control offers an enhanced command and dictation experience, giving full access to every major function of the operating system. For someone with motor limitations, Voice Control is transformative; but one doesn’t need to have motor limitations to have it enhance the experience of using OmniFocus.

As someone without such limitations, I’m most interested in the potential for voice interactions on my iPhone, where the lack of a physical keyboard makes many tasks feel slow and plodding. I love using my iPhone—and now my Apple Watch—to create new OmniFocus actions, and I’ve long done this by using Siri to add reminders. But I postpone as much of the other stuff as possible until I’m back to my Mac because I know it will be so much easier there. That’s not ideal because a major benefit of OmniFocus is that it lets me get stuff out of my head; having to remember which changes to apply later works against that. I find myself using Siri to make new actions to remind myself to adjust other actions—because that’s easier than making the changes directly right then.

So, my hope is that I can use these new Voice Control features as sort of the equivalent to keyboard shortcuts. In theory, voice can offer quick random access to commands without having to first locate them with my eyes and then fingers. It can also work hands-free, when my fingers are otherwise occupied or in gloves.

It’s important to note the differences between VoiceOver, Voice Control, and Siri:

Voice Control lets users control the entire device with spoken commands and specialized tools, while Siri is an intelligent assistant that lets users ask for information and complete everyday tasks using natural language.

Voice Control (iOS, Mac) happens on device, and my experience is that it’s faster and more accurate than Siri, since it’s working with a much more restricted domain of commands and doesn’t need to talk to a server. You can also freely mix it with dictation so that you can navigate within an app and enter text into fields without switching between separate listening modes, though there are separate Dictation and Command modes if you prefer not to rely on this. Voice Control itself is also a mode, which is great because you don’t have to prefix every command with “Hey Siri”. You can turn on Voice Control either in Settings or by asking Siri. Once enabled, you can toggle it by saying “Wake up” or “Go to sleep.”

The catch is that, out of the box, Voice Control only has a system-level vocabulary. You can tell it to tap a button by name or by number and dictate text into fields. But it doesn’t know about OmniFocus-specific terms such as actions, projects, or deferment dates.

iOS and macOS do, however, let you add your own custom Voice Control commands, which are akin to the old Speakable items. With this announcement, Omni has added a library of Voice Control commands that are specific to OmniFocus. And you can make your own using OmniFocus’s JavaScript API.

Installing these commands on iOS is kind of awkward. For example, if I want to defer an action for 1–7 days or until a particular day of the week, I have to click 14 links to add those individual shortcuts. Then, in Settings, I have to add a custom command for each, select the shortcut, set it to only be active in OmniFocus, and type the voice phrase to trigger it. Then, the first time I invoke the shortcut, I have to confirm that, yes, I want to allow it to access OmniFocus.

Fortunately, this setup only has to be done once, and only for the commands that you plan to use. I found it easier to add the shortcuts from my Mac and then have them sync to my iPhone via iCloud. The Voice Control setup has to be done on the iPhone itself, though. True, you can skip creating Voice Control commands because the shortcuts are automatically accessible via Siri, but I think Voice Control just works better. (In trying to group the OmniFocus shortcuts into a folder, I realized that drag and drop from the list view in Shortcuts for Mac still doesn’t work. Neither does dragging a folder to the bottom of the sidebar. And you can’t sort the shortcuts alphabetically until Ventura.)

I’d like to see Apple move Voice Control in the direction of the new App Shortcuts, so that apps could simply tell the system which custom commands they offer. It’s great that users can add their own custom commands based on shortcuts, but commands provided by the app vendor should be built into the app, and I should be able to just tap a bunch of items in a list to enable or disable them. If there’s a bug to fix, this could be done once in the app instead of requiring each customer to download an updated shortcut.

Voice Control setup works much better on macOS. There, you can import and export XML files which contain lists of commands. So, instead of installing one shortcut for each day of the week and creating a Voice Control command for each, I can just import a single file that adds all 7 commands. There’s also a giant file that adds commands for all of the menu items.

Why import the commands when I already have the shortcuts that I imported for iOS? Those shortcuts do work on macOS, but to use them from Voice Control you would need to set them up in System Preferences. (That part doesn’t sync from iOS.) So you might as well set them up with the XML file on the Mac, as that’s much easier. Secondly, custom Voice Control commands on macOS are able to send the command’s JavaScript directly to OmniFocus via a URL scheme. This is much faster than trampolining to the Omni Automation shortcut that passes the JavaScript along to OmniFocus. Again, it would be nice if iOS could catch up to macOS here.

How well does it all work? Sometimes the voice command does what I expect quickly, and I feel like I’m saving time, even vs. tapping the Share button to invoke a plug-in for adjusting the defer date. It’s generally faster and more reliable than Siri. I’m excited for the possibilities of mixing commands with dictation, though it’s too early to tell whether this will become a core part of my workflow. I’ve also run into a few glitches. Sometimes Shortcuts spins for a while and then reports a timeout error, though OmniFocus does perform the command. Also, when I change the defer date from the action editor, this doesn’t get reflected in the interface until I close the editor, so it appears as though nothing happened.

Omni says the editor updates promptly in OmniFocus 4 (currently in beta). The new version also features a new list interface where you can select actions without having to enter a separate edit mode. This also opens up more possibilities for voice interactions, as you can tell it to Select Next Item and then make changes directly from the list. To me, this really shows the potential for Voice Control because it goes beyond what I could do with my finger. Not only is it hands-free, but I can also (as I’m used to on the Mac) do stuff without having to open and close the action editor. In that case, Voice Control can help overcome the limitations of both the iPhone’s software keyboard and its small screen.

Previously:

Update (2022-08-02): Automators:

Sal Soghoian takes David and Rosemary on an epic automation adventure. Starting with a look back at Automator on the Mac, and looking at the star Shortcuts developers now—before diving into Sal's latest project of custom voice control with OmniFocus and beyond.

Facebook Encrypting Links to Prevent URL Stripping

Bruce Schneier:

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties.

Martin Brinkmann:

Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser’s Tracking Protection feature is set to strict. Firefox users may enable URL stripping in all Firefox modes, but this requires manual configuration. Brave Browser strips known tracking parameters from web addresses as well.

[…]

Facebook could have changed the scheme that it is using, but this would have given Facebook only temporary recourse. It appears that Facebook is using encryption now to track users.

[…]

The main issue here is that there it is no longer possible to remove the tracking part of the URL, as Facebook merged it with part of the required web address.

Previously:

Invasive Spotlight Indexing

Lloyd Chambers:

The thoughtless design of providing no facility to defer/delay Spotlight indexing is bad enough. But to perform intensive Spotlight indexing when the user is needs the machine to perform well—that is design incompetence to the point of offensive. Ditto for when a CPU and disk-intensive program is running, one that the user wants done as soon as possible.

Spotlight destabilizes the performance of your Mac. You just never know when you can count on things running as they should.

What I’m asking Apple to do is to add something akin to the “Stop this backup” menu item that Time Machine offers. That works great—it will defer the backup for an hour. A “Defer indexing For...” menu command would surprise and delight me.

It’s great to have tools like TimeMachineEditor, but in my opinion there should be a built-in way to restrict both Time Machine and Spotlight to only run during certain hours and to postpone them for a specified amount of time.

Sometimes I want the Mac to be quiet, but I don’t want to turn it off because it’s still doing something important like uploading to a cloud backup. That by itself wouldn’t cause fan noise or much hard drive grinding. But sometimes a Spotlight process decides to go crazy, and then the Mac is loud for hours or even days unless I’m in a position where I can unmount the drive that it happens to be indexing.

I’ve mostly worked around this by disabling Spotlight indexing on all my spinning hard drives. However, it no longer (since APFS?) seems to be possible to exclude Time Machine drives. And, of course, my Time Machine drive has more indexable content than any single drive that I have, so there is a lot of work for Spotlight to do.

As best I can tell, the most invasive indexing is actually caused by something going wrong with the index files. Sampling the processes shows threads like com.apple.metadata.spotlightindex.Compaction that seemingly use lots of CPU and I/O forever. In such cases, I use sudo mdutil -E to delete the Spotlight index. That, of course, triggers many hours of legitimate work for Spotlight to build a new index, but then it’s eventually quiet—until the next time compaction gets stuck.

Friday, July 15, 2022

Ev Williams to Step Down From Medium

Ev Williams (via Hacker News):

Next month will be the tenth anniversary of the launch of Medium. As we gear up for the next decade, I’ve decided to hand over the CEO reins.

Casey Newton:

As I wrote at the time, by some measures Medium was succeeding. It had started 2021 with around 700,000 paid subscriptions, and was on track for more than $35 million in revenue from its $5 monthly subscription offering. At the same time, internal data showed that it largely was not high-quality journalism that was leading readers to subscribe: it was random stories posted to the platform by independent writers that happened to get featured by the Google or Facebook algorithms.

[…]

Nieman Lab’s Laura Hazard Owen wrote an essential guide to Williams’ whipsawing in 2019. Among the things Medium tried during his tenure, from its launch to the present day[…]

[…]

On the high end, well funded digital publishers from BuzzFeed to Vice to the Atlantic excelled at publishing high-quality journalism. And on the low end, Substack emerged to let solo creators develop thriving, sustainable careers by offering individual subscriptions. […] In such a world, Medium had no obvious advantage. With its owned and operated publications gone, it became a general-interest web magazine staffed by freelancers and dependent on Google.

M.G. Siegler:

In fact, in many ways, that would be my critique of Medium on the front-end. It has gone from utter elegance through to various stages of clutter and buttons to get people to sign up or download the app, etc. I just want people to be able to read without anything but the words in front of them.

But few people know that better than Coach Tony who is maybe the Medium power user since the get-go. And now he gets the run the joint. So that’s exciting. Just don’t ruin this beautiful writing canvas.

Previously:

Apple Argues to Get Epic Injunction Thrown Out

Juli Clover:

Apple today submitted its final filing in the ongoing Apple v. Epic legal battle, which is playing out in the United States Court of Appeals for the Ninth Circuit. Both Apple and Epic Games chose to appeal the original ruling as neither company was satisfied with the outcome.

The appeal battle has been ongoing since January, but it is wrapping up with Apple’s cross-appeal brief, which follows Epic’s opening brief, Apple’s own opening brief, and Epic’s cross-appeal brief.

[…]

Apple goes on to point out that Epic Games in fact no longer meets the legal requirement of “standing” because it is not an iOS developer and cannot be impacted by a Guideline that applies to iOS developers.

They can take away your standing simply by terminating your developer account?

Previously:

Industry Trade Groups

The App Association:

The App Association gives a voice to small technology companies. Our mission is to help members promote an environment that inspires and rewards innovation while providing resources to help them raise capital, create jobs, and continue creating incredible technology.

Florian Mueller:

From time to time it’s unfortunately necessary to expose astroturfers.

[…]

A few months ago I had a conversation with a policy officer of one of the other large corporations supporting ACT. By now it seems it really is mostly Apple who’s footing the bill and setting the agenda, but they’re not alone (yet). When ACT came up, I criticized that company for supporting an organization that claims to speak on small app developers’ behalf while actually working against them (and for Apple). The excuse was this: "But in the SEP policy debate we are faced with all those professors who are funded by Qualcomm."

The Competitiveness Coalition:

Fundamentally, the American Innovation and Choice Online Act is a dangerous piece of legislation that will do nothing to drive down costs for Americans and rather help Communist China’s quest for global dominance.

[…]

The Competitiveness Coalition is dedicated to spotlighting how American tech drives our economy and supports our competitive edge. We are building a campaign-style infrastructure using a combination of earned, paid and digital media, as well as grassroots and grasstops advocacy, and corresponding government relations activity.

Emily Birnbaum (tweet):

A group fighting antitrust legislation targeting the biggest US tech companies presents itself as a grassroots advocate for American taxpayers, yet it hasn’t disclosed a significant source of funding from one of the industry’s giants: Amazon.com Inc.

[…]

Amazon’s public policy shop believed the Competitiveness Coalition could serve as a counterweight to the Chamber of Progress, a left-leaning tech association it also funds led by former Google executive Adam Kovacevich, according to the people. While the Chamber of Progress provides a pro-tech voice on the left, some Amazon public policy officials determined that they needed a similar group on the right.

Previously:

Update (2022-07-19): Nick Heer:

This is not so different from the language used by Facebook’s front group, American Edge, which claims antitrust regulation will “ultimately hand victory to China”.

Update (2022-09-03): Florian Mueller (Hacker News):

Not only Ericsson--the complainant in three parallel ITC investigations--but also the ITC staff brought motions to compel because Apple refused to provide information on its funding of ACT.

[…]

Let me show you the documents because it’s really interesting to see how evasive Apple and its astroturfers are. I believe that would come out is essentially that ACT is a lobbying contractor, like an extension of Apple’s lobbying department. And again, that would have implications not only in the SEP context but even more so with respect to mobile app stores. For instance, next month the United States Court of Appeals for the Ninth Circuit will hear Epic Games’ appeal, and ACT is one of Apple’s amici.

Update (2022-09-09): Florian Mueller:

The best thing to do would simply be to defund ACT. I really wonder why the decision makers in Cupertino believe they’re actually getting value out of ACT, unless offending app developers (by falsely speaking in our name) has value in and of itself. Policy makers in D.C. and Brussels largely know already that ACT is not the App Association, but the Apple Association. ACT’s claims--such as that small app developers face SEP licensing problems--often don’t withstand scrutiny.

But as long as Apple uses ACT as a tool, it must answer questions--at least the U.S. government’s legitimate questions.

CP/M Now Officially Open Source

Martin Maly (via Hacker News):

Of course, it was “opened” a long time before, but with an unclear clause, mentioning “Unofficial CP/M Web Site” as a licensed place.

The discussion is not over yet, but we believe this statement is equivalent to the well-known BSD or MIT licenses.

See also: Digital Research Source Code.

Thursday, July 14, 2022

Inject: Hot Reloading in Swift

Krzysztof Zabłocki (tweet):

If you only used Apple platforms, you can be surprised to learn how many platforms have embraced hot-reloading decades ago. Whether you write Node or any other JS framework, there is a setup for you to use hot-reloading. Go also offers hot-reloading (This blog leverages that feature).

[…]

Eight years have passed since Swift Playgrounds are still here, and they got better, but are they reliable? […] In my experience: not really.

[…]

Similar story [with SwiftUI Previews], it’s great when it works, but it works unreliably in bigger projects and tends to break more times than they work.

[…]

I recognized that Playgrounds approach might have been too heavy-handed, so today, I’m open-sourcing. A very focused micro-library called Inject that, when paired with InjectionForXcode, will make your Apple development much more efficient and enjoyable!

[…]

Hosts leverage auto-closure, so each time you inject code, we create a new instance of your type with the same arguments as initially, allowing you to iterate on any code, memory layout, and everything else. The only thing that you can’t change is your initializer API.

See also: his previous project Traits.

Previously:

Performance of Microsoft Teams

shilocase (via Hacker News):

Teams is murdering my MacBook Pro 16" i9 with 16GB RAM every day. This was supposed to be the most kick-a$$ laptop at the time but Microsoft is slowly killing it with Teams. It causes serious lags and randomly decides when it wants to share the screen successfully. Other times, it just shows screen but no audio or vice versa.

[…]

My entire system. Mail, Calendar, Finder, and Preview (all Apple Apps, which should run super fast) started running like garbage with lags between 5 and 10 seconds - that's no joke. Upon reboot, it was normal again until I ran Teams for another meeting... reboot.

[…]

I found an MS article mentioning how Teams uses memory because of this Chromium feature due to easier development. I don't care about the ease of development. I CARE about it working and NOT DELAYING MY PRODUCTIVITY.

There’s a long thread. This is with the Electron version of Teams. Microsoft has announced that it’s switching from Chromium to Edge later this year, though I’m not sure how much that will help.

I’ve also heard of people preferring the Web version of Teams since the app is Intel-only.

Previously:

Giving a Shit As a Service

Allen Pike:

In some ways, that’s the fundamental value proposition of a small boutique, whether it be a furniture shop or a software studio.

[…]

I used to puzzle over why potential clients who reached out to me always seemed to get more interested in hiring us if I tried to dissuade them by asking challenging questions. I think the biggest reason is that pushing back demonstrated that I care. If you email 4 software studios for a quote and 3 say “Sure, here’s a quote” but the 4th says “Hm, we certainly could build it but we can’t be sure about cost without knowing X and Y, and here are some other concerns we’d have” then the 4th is going to seem like they give a shit.

Via Nick Heer:

The most impressive trick is to pull this off at scale.

I’m not sure I’ve ever seen that pulled off.

Previously:

Most Fraudulent Apps Still on the App Store

Frederik Lipfert:

In March 2021, Avast shared a list of 133 fraudulent apps for which Sensor Tower estimated a total of 500M downloads and total revenue of $365M generated by the applications in their lifetime.

We found that over a year later, more than 60% of these reported scam apps are still active on the AppStore. According to our calculations, these apps are scamming users for anywhere north of $100M annually.

It’s almost ridiculous how easy it is to identify these Apps just based on publicly available information. Heck, you just need to read some of the one star reviews on the App Store.

See also: Darragh Murphy.

Previously:

Simplify Gmail Safari Extension Blocked Over IAP

Michael Leggett:

Apple is telling me that I HAVE to add in-app payments to my browser extension, Simplify Gmail which currently has no in-app purchases.

[…]

My understanding of the rules was that, IF I use in-app payments, I HAVE to use Apple’s in-app payments.

AND that if I do not use their in-app payments, the app can in no way collect money or link outside the app to collect money for any reason.

The problem seems to be that he’s offering a free app for accessing a paid service. Netflix and other “reader” apps can do this, but in general it’s not allowed.

I am so close to removing Simplify from Safari.

It is by far the most difficult browser to support and not just b/c of Apple’s App Store rules.

Michael Leggett:

They also confirmed my options for further updates are to (1) remove app, (2) add IAPs, or (3) adopt a freemium model.

Michael Leggett:

The 3rd option (and the one I plan to attempt) is only available to me because Simplify modifies an email app. I think this came from the big dispute with Hey.

Previously:

Wednesday, July 13, 2022

Alfred 5

Running with Crayons:

The Workflow Editor has been rewritten from the ground up to be higher performance, more efficient, user-friendly and accessible.

[…]

The new Workflow Palette gives you an easy way to navigate, discover and use the broad range of workflow objects available.

[…]

Workflow creators can now add simple user-facing preferences to workflows, making them easier for users to install and set up.

[…]

Alfred’s Automation Task object adds an ever-growing collection of configurable actions you can add to your workflows as building blocks, without having to think about the code behind it; From resizing images and moving files to getting the current Safari tab or switching to Dark Mode.

InterfaceBuilder.swift

Maximilian Mackh (tweet):

InterfaceBuilder.swift lets you quickly build complex UIKit layout in code, speed up native app development and is completely open source.

[…]

The SwiftUI approach to layout in code is objectively fantastic and has inspired many aspects of this library. On the flip side, actual SwiftUI layout behaviour is very similar to self-sizing elements in HTML and abstracts many complexities to the underlying mystery layout engine. As with HTML, minor changes to the engine result in widely different layout behaviour. Whether this approach makes sense or not is debatable, but one thing is for certain: iOS has not (initially) been designed for, or particularly good at, self-sizing. In conjunction with several ways to cause unexpected redraws through Combine, it’s no wonder performance remains an issue.

[…]

Since SwiftUI (plus new APIs) come bundled with OS releases, this is a recipe for broad range of inconsistencies.

The name “InterfaceBuilder” is apt because it’s replacing the Interface Builder part of Xcode and also because it uses Swift result builders to set up interfaces.

I think part of the reason people like SwiftUI is that it has so many batteries included. A longtime weakness of Cocoa is that it doesn’t offer much in the way of reusable controllers or make it easy to set up interfaces in code (though that has improved somewhat). Imagine if Apple had continued iterating on NSController and made a Swift DSL for views and auto-layout. I think that could have been pretty great, and it would have been built atop a mature foundation, which you could drop down to if needed.

Apple went a different way. But this is not something only Apple can do. You can make the API/DSL that you want on top of AppKit or UIKit and then write your apps to that. You may not be able to use SwiftUI today, but you can use it as inspiration and evolve your code in that direction.

Previously:

Update (2022-10-07): Steve Troughton-Smith:

Playing with Swift Result Builders to make SwiftUI-style UIKit layout. No autolayout, no Interface Builder (and no SwiftUI). So much of what’s good about SwiftUI could have been done without the magic, the unreliability, or the upheaval.

Update (2024-02-27): Michel Fortin:

MFXUI is a collection of helpers to build user interfaces for macOS, iOS, and tvOS using in a declartive style similar to SwiftUI. It builds hierarchies of AppKit or UIKit views and has some provisions for bindings. In the most cases, MFXUI uses the system views unchanged, only adding extension methods and initializers (many of which are provided by UXKit).

DevAnt: Upcoming Mac App Distribution Platform

Realmac Software (tweet):

License and protect software, deliver updates to customers, collect crash reports and feedback — no additional coding necessary. Integrate one SDK instead of days of coding.

It’s not available yet, and there are not a lot of details, but this is definitely intriguing.

Previously:

Migration Assistant Magic

Nick Heer:

You agree, it opens Migration Assistant on your new Mac — you open it manually on your old one — and then it runs a few tests in the background to automatically select the fastest transfer method.

In my case, this was peer-to-peer at a painfully slow three-to-six megabytes per second. To move the half-million files from my old Mac, it was looking like a twelve hour operation. But I remembered I had a first-generation Thunderbolt cable laying around and an adaptor — and the tip Siracusa relayed in that podcast episode: Migration Assistant will automatically switch to the fastest method available, even partway through a migration.

Peer-to-peer is faster than regular Wi-Fi, and it always seems to be at least twice as fast as the original estimate that it gives. I recently migrated my server from an old MacBook Air to an M1 Mac mini, and I didn’t have an adapter for the old Thunderbolt port. So it took a while, but the most important thing is that it did the job properly and unattended.

Thunderbolt is much faster but not as much faster as I expected.

Introductory Programming Assessment Must Accommodate Copilot-like Assistants

David Kopec:

There are certain standard problems that we are accustomed to assigning because completing them demonstrates the ability to implement fundamental simple algorithms. A prior strategy to reduce plagiarism has been to provide scaffolding code or put a spin on a problem to make it unique. Unfortunately, Copilot-like assistants are almost as capable in these scenarios as they are at writing generic simple algorithms. In my own preliminary testing on a (what I believe to be) unique scaffolded assignment of my own creation for an introductory class, Copilot was able to contextualize the comments and write most of the smaller functions accurately with just a little bit of my assistance.

[…]

I am suggesting that exams and exam-like evaluation will need to be a greater percentage of the mix. We can be creative. An oral presentation can in some instances demonstrate knowledge as well as an exam. A project coded live in class on machines that do not have AI assistants enabled, can serve as a pseudo exam.

Previously:

Tuesday, July 12, 2022

macOS 13.0 Ventura Public Beta

Juli Clover:

Public beta testers can download the macOS 13 Ventura update from the Software Update section of the System Preferences app after installing the proper profile from Apple’s beta software website.

John Voorhees:

On the Mac, Stage Manager is very different from the Mac’s traditional windowing systems, but it’s also very easy to get the hang of, which bodes well for new users coming from the iPad. And, of course, the feature is entirely optional, so anyone with whom it doesn’t click can ignore Stage Manager completely. However, as you’ll read below, I think everyone should give Stage Manager a chance because I’ve been surprised at how much I enjoy using it.

[…]

I’ve got a beta version of at least one of Apple’s OSes running on devices year-round, and have learned from experience that with a few precautions you can avoid major disruptions to using your Mac.

Whether a backup is sufficient protection depends on how much you use iCloud. It’s safer to use a separate Apple ID account for beta testing, though doing so can be a real pain.

Stage Manager would benefit from a set of keyboard shortcuts and trackpad gestures specific to it. For example, I’d like a keyboard shortcut to invoke Stage Manager instead of having to use Control Center. I’d also like to hold down a modifier key as I open a new app as a way to open it in the current window setup instead of opening it on a new stage, then switching back to the set of apps I was using, and dragging the new app into that set.

Second, pulling an app from one set of apps in the strip into the set you’re currently working on is too difficult. That’s because only the top app in the set can be dragged onto the stage.

John Voorhees:

One of the things that struck me after I’d finished my Ventura preview and read what @viticci wrote about iPadOS is there are far more ways to combine apps on Stage Manager’s stage on an iPad than there are on the Mac. I hope was see some of that make its way to the Mac soon.

Jason Snell:

I have to admire Apple’s insistence on this topic. Over the decades it’s tried windowshades, a floating application bar, Dock minimization, single-window mode, Exposé, Spaces, Mission Control, Full Screen, and Split View, and while many of those features have been embraced by some Mac users, the company still doesn’t think that it’s cracked it.

[…]

On one level, the Mac is approaching a level of interface-management complexity that threatens to bend in on itself and require some sort of manager for interface managers. The Dock contains running apps, but also other apps, but also minimized windows. And then there’s the Stage Manager shelf, which holds window groups. And you can group windows together in Stage Manager groups, or alternately group them in separate Spaces, or both. You can put some apps in Full Screen or Split View, which will themselves generate their own Spaces.

[…]

And yet on another level, I think Apple might be on to something here with Stage Manager. As I used it, I didn’t really expect to like it—I am generally someone who observes Apple making these attempts to work on window management, dutifully tries them out, and then turns them all off. But I have to admit, I think Stage Manager may have rooted out a real truth about how people (or maybe how I) use a Mac.

[…]

Stage Manager also feels a bit like an admission on Apple’s part that Full Screen mode, which strives to create an iPad-like experience on the Mac, misses the mark. I never use Full Screen mode, even on apps that would benefit from the utter takeover of my Mac’s display, because it really doesn’t work well with Finder.

He also tests Continuity Camera and finds Shared Tab Groups unreliable.

Previously:

Update (2022-07-19): Julio Ojeda-Zapata:

That’s why I’m kind of excited about the Mac version of Stage Manager. Even though the Mac already does windowing well, I’m feeling more bullish on the macOS version of Stage Manager than the iPad version because it fits in naturally with other windowing approaches on the Mac. I’ve been using it a lot.

iOS 16 and iPadOS 16 Public Beta

Juli Clover:

Public beta testers who have signed up for Apple’s beta testing program can download the iOS and iPadOS 16 updates over the air after installing the proper certificate from the Public Beta website.

Federico Viticci:

Stage Manager, while still in need of refinements in several areas, is a game-changer for people like me, and it signifies a major course correction on how Apple thinks about iPadOS for power users.

[…]

The new Lock Screen is the proper follow-up to iOS 14 widgets we’ve been waiting for, and it’s going to be the feature that will push millions of people to update their iPhones to iOS 16 right away later this year.

[…]

When you click on the three-dot button in the title bar of an app window, you’ll get a popup menu with text labels. The menu used to only be comprised of icons; I find the inclusion of labels (which was brought in last week’s beta) a welcome change that does a better job at explaining what each feature does.

[…]

[With] Stage Manager you can’t place an app window exactly anywhere you want: there are “zones” of the stage where windows “snap” (for lack of a better term), and the more windows you bring in, the more Stage Manager will try to, well, manage them for you by rearranging them ever so slightly so that everything can be as accessible as possible.

Dan Moren:

If you were hoping to be able to strew widgets willy nilly wherever you wanted on your lock screen—what do you think this is, Dashboard? You get basically two places to put widgets: a small line that goes above the clock, containing the date by default, and a larger box below the clock. […] However, these aren’t the same full-color complex widgets that you can put on the iPhone’s Home screen—many of them even look almost identical to their Apple Watch counterparts, like the circular temperature widget or the next event calendar widget.

[…]

I’m not sure these are the features that will finally sell me on Focus modes, but it does seem clear that this is a system Apple is interested in counting to improve, and it’s becoming increasingly compelling.

Previously:

watchOS 9 Public Beta

Victoria Song:

Head to Apple’s beta software page in the mobile version of Safari

Alex Guyot:

This year’s changes to the Workout app may be more significant than usual, but otherwise watchOS 9 fits this formula quite snugly. While it may not make for the most glamorous year-over-year updates, the strategy has cemented the Apple Watch as the most popular smartwatch in the world — by far.

[…]

Medications is an all-new first-party app on the Apple Watch, as well as another view within the Health app for iOS.

[…]

The Calendar app has finally seen some love in watchOS 9. Previous versions of this app have been read-only views of your events for a single day at a time. The new version is much nicer and more fully-featured. You can add events directly from your wrist, customize the view between ‘Up Next’, ‘Day’, and ‘List’, and zoom out to a week or month view of your calendar.

Previously:

Kaleidoscope 3.5

Kaleidoscope 3.4:

The ability to share a diff with others via PDF definitely makes collaboration easier. You can open the PDF and add comments via your favorite PDF editing software. You could even write comments with your Apple Pencil on your iPad. You’ll share with your team exactly what you have on your screen, showing all the changes that Kaleidoscope has found. Or someone can get your help on their code by giving you their Kaleidoscope windows as a PDF that makes commenting easy.

I had been doing this with screenshots. PDF is much better.

Kaleidoscope 3.5:

By default, Kaleidoscope 3.5 will normalize JSON files when opening them. This enables humans to actually compare the content, and provides major speed improvements when comparing large files.

[…]

You can now send any file list in Shortcuts to Kaleidoscope to compare that list as a folder. On our blog, we describe how to use that to compare popular archive formats like .zip or .jar.

I was wondering how this would work—how do you collect the extracted archives in Shortcuts to send them all to Kaleidoscope at once? The answer is that you don’t. You send it the batches separately, and they get collected in the front window.

Previously:

Multi-Factor Authentication Recovery Distrust

Chris Siebenmann (Hacker News):

But both of these situations have some things in common. I can actually talk to real people in both situations, and both have out of band means of identifying me (and communicating with me).

Famously, neither of these is the case with many large third party websites, which often have functionally no customer support and generally no out of band ways of identifying you (at least not ones they trust). If you (I) suffer total loss of all of your means of doing MFA, you are probably completely out of luck. One consequence of this is that you really need to have multiple forms of MFA set up before you make MFA mandatory on your account (better sites will insist on this).

[…]

More broadly, this is a balance of risks issue. I care quite a bit about the availability of my accounts, and I feel that it’s much more likely that I will suffer from MFA issues than it is that I will be targeted and successfully phished for my regular account credentials (or that someone can use ‘account recovery’ to take over the account). If loss of MFA is fatal, my overall risks go way up if I use MFA, although the risk of account compromise goes way down.

It seems like most sites that use two-factory authentication don’t offer recovery codes.

Previously:

Friday, July 8, 2022

Disable Live Text for Easier Selecting in Preview

Adam Engst:

Alas, cropping, which is one of the most common things I do in Preview, became harder in Monterey, thanks to the addition of Live Text. That’s because Preview sometimes thinks I want to select text in the image rather than drag selection handles. Annoyingly, this problem is not predictable—I can run into it with a particular screenshot but have trouble reproducing with the same screenshot later. Plus, the frequency with which I experience the problem has been falling, perhaps due to Apple improving the logic behind selecting.

If you’re suffering from a click-and-drag giving you a text selection when you want a rectangular selection, I’ve found a trick for increasing your chances of being able to use the selection handles. Resize the window so you can see the canvas on the edge where you need to grab the selection handle. Then, approach the handle from the canvas side so macOS sees your click and drag as happening just outside the area where there’s text.

Or you can turn off Live Text entirely from the Language & Region pane of System Preferences. It seems like this should just be handled with a modifier key, though, like you can hold Shift to select a square or hold Option to select from the center.

I still miss how the iCab browser would let you hold a key to select text within a clickable link…

Previously:

Update (2022-07-08): Joe Groff:

In Preview specifically, you can also pick between text vs. rectangular vs. auto selection in the Tools menu.

Update (2022-07-12): Steve Troughton-Smith:

Having Live Text on by default is a mistake in both Safari and Photos. It breaks decades of expectations for drag and drop for a fairly niche purpose that should be modal. I’m consciously having to try to avoid it every time.

CompileIt for HyperCard

Tom Pittman in 2007 (via David Kopec):

When HyperCard came out, Bill Atkinson said there would never be a HyperCard compiler. Strictly, he was right, because you can write self-modifying scripts in HyperCard, and that just can’t be compiled in any reasonable way. But I figured that most of what people do can be compiled, and I could punt the rest. Besides, it would be fun to prove Atkinson wrong.

Pundits were also saying that HyperCard was too limited to do useful things. I decided to prove them wrong at the same time by writing my compiler entirely in HyperCard. I did that. I never used any other programming tool besides ResEdit (and a text editor) for any version of CompileIt, not even the first one, which I wrote completely in HyperTalk. It was incredibly slow, but it worked. Then I compiled it in itself, and it got much faster.

Tom Pittman:

The commercial version of CompileIt has full access to all (68K) ToolBox calls and can generate just about any (again 68K) code resource. I have done INITs and whole programs strictly in CompileIt. In fact, after CompileIt was working (1994) everything I ever did on the Mac (including CompileIt itself) was compiled in CompileIt -- until 2004, when I started migrating my tool base to the new language I call Turkish Demitasse (T2). Most of the tools I used in the transition to T2 were still running in HyperCard and/or CompileIt.

[…]

I see that both CompileIt and Double-XX are also available on the MacintoshGarden archive site.

When HyperCard was converted to PPC I tried converting CompileIt to generate PPC native code, but it got too messy and I gave up.

Amazon to Drop Prime Cancellation Dark Patterns in Europe

Natasha Lomas (via Slashdot):

The coordinated complaints about Amazon’s confusing and convoluted cancellation process for Prime were announced back in April 2021 — so it’s taken just over a year for the e-commerce giant to agree to change its ways.

Following the engagement with EU regulators, the Commission said today that Amazon started to make some revisions to the Prime web interface — such as labelling the cancel button more clearly and shortening the explanatory text — but today’s announcement is that it has agreed to further simplify the experience by further reducing the text so consumers do not get distracted by warnings and deterred from cancelling.

There’s a video showing the steps.

Previously:

Xcode 14: Swift Package Plug-ins

Marco Eidinger:

WWDC 2022 video “Meet Swift Package plugins” explains how to perform actions on Swift packages and Xcode projects with Swift package plugins.

[…]

Both plugin types were introduced in Swift 5.6 and work in Xcode 13.3 when used on Swift packages. So what’s new in Xcode 14 (Swift 5.7)?

[…]

Command plugins can be triggered within Xcode

[…]

Command plugins can be executed on Xcode projects

Rather than just on Swift packages.

Previously:

Thursday, July 7, 2022

Apple TV Siri Remote Firmware Update

Juli Clover:

There is no word on what’s new with the Apple TV Siri Remote, but it likely includes minor bug fixes and performance improvements.

[…]

Apple also does not provide details on how to update the Siri Remote, but the software will be installed over the air automatically through the Apple TV.

Cédric Luthi:

Yesterday, Apple released a firmware update for the Apple TV remote. Today, the mute and volume up/down buttons stopped working on my TV. 🤬 I don’t believe in coincidences! If anyone knows how to downgrade the firmware from 0x0070 to 0x0061, please share.

DenniSundaY:

Indeed I hope it’s more than ‘minor bug fixes’ as the remote gained a major bug with the previous update, the laggy volume controls that many people are experiencing namely…

I have definitely been seeing the laggy volume controls. Is there a way to block future firmware updates once you get to good one?

Update (2022-07-12): Josh Hrach:

Before this update, the latest Apple TV remote couldn’t control our TV volume. Looks like the hours I spent over a year ago on the phone with a senior Apple advisor and sending tvOS sysdiagnoses finally paid off.

Tatsuhiko Miyagawa:

Whatever this is, it broke the volume buttons on my Siri remote, paired with an LG TV.

Skipping the iPhone 14

Jason Snell:

If reports are true, the iPhone 13 mini will be the last of its line, replaced by a larger iPhone 14 Max this fall. And as someone who owns and loves an iPhone 13 mini, this makes me sad.

[…]

First, let’s consider the report that the iPhone 14 line will only feature a new A16 processor on the Pro phone models. So not only would the regular iPhone 14 models not get access to rumored innovations like an always-on display, they might not be any faster than the current-year models!

[…]

I really do believe the iPhone mini design will be back. One possibility is for Apple to simply alternate between iPhone models so that the mini appears one year and the Max the next. It’s also not impossible that Apple might just bring the mini design back every few years since it obviously has a following–just not a big one.

This is “my year,” but my iPhone 12 mini is still going strong, and I can’t see replacing it with model that’s larger and has a year-old processor. At this point, my best guess is that this form factor will return in the next iPhone SE, though presumably that will also have iPhone 14’s older processor. It would be nice to be able to get the latest processor and camera in the smaller size.

Update (2022-07-10): See also: Accidental Tech Podcast.

UIs Are Not Pure Functions of the Models

Jesper:

View models and functional UI look like solutions, and they are indeed effective ways of managing complexity by making all the constituent state visible and enumerated. But in my experience they also encourage a way of programming where you bind as much as possible, and the problem with that is that, as the title of the post notes, UIs are not pure functions of the models.

If you go from one place in your UI to another, you may want to be stopped because there are things that don’t validate or don’t fly. You may have pending changes that should neither automagically apply nor be lost. Both SwiftUI and React have state as a first-class concept and are theoretically well-equipped to handle this; what’s worse is that we don’t have a handle on it.

We don’t know how to think in state. For the edited-but-not-saved text of a text field, sure. For the in-progress-but-not-committed-changes in what is at least partially modal, somewhere in the UI? Hm, well, that sounds like a tree of Redux reducers - and therefore model data - or a bunch of nested view models to me. The SwiftUI talk mentions “sources of truth” a lot. Here, the source of truth for the hitherto unsaved data is nebulous. Living in 107 state variables? Living in provisionally updated properties of an ObservableObject that is kept uncommited from the database or real source of truth?

Previously:

Blackbird: a Reference Architecture for Local-First Connected Mobile Apps

Marcel Weiher (tweet, Hacker News):

Blackbird depends crucially on a number of architectural elements: first are stores of the in-process REST architectural style. These can be thought of as in-process HTTP servers (without the HTTP, of course) or composable dictionaries. The core store protocol implements the GET, PUT and DELETE verbs as messages.

The role of URLs in REST is taken by Polymorphic Identifiers. These are objects that can reference identify values in the store, but are not direct pointers. For example, they need to be a able to reference objects that aren’t there yet.

[…]

Blackbird refines the MVC view update mechanism by adding the polymorphic identifier of the modified item in question and placing those PIs in a queue. The queue decouples model and view even more than in the basic MVC model, for example it become fairly trivial to make the queue writable from any thread, but empty only onto the main thread for view updates. In addition, providing update notifications is no longer synchronous, the updater just writes an entry into the queue and can then continue, it doesn’t wait for the UI to finish its update.

[…]

In Blackbird, there is a single channel for backend communication: a queue that takes a polymorphic identifier and an http verb. The polymorphic identifier is translated to a URL of the target backend system, the resulting request executed and when the result returns it is placed in the central store using the provided polymorphic identifier.

[…]

One aspect of this part of the architecture is that backend requests are reified and explicit, rather than implicitly encoded on the call-stack and its potentially asynchronous continuations. This means it is straightforward for the UI to give the user appropriate feedback for communication failures on the slow or disrupted network connections that are the norm on mobile networks, as well as avoid accidental duplicate requests.

Parts of it are open source in MPWFoundation. For more about polymorphic identifiers, see this post.

Previously:

Model View Controller Store: Reinventing MVC for SwiftUI With Boutique

Joe Fabisevich (tweet):

Apple has never provided a blessed architecture for SwiftUI, and many developers have spent thousands of hours filling the gaps with their own ideas. A familiar approach for many developers is to take the MVVM pattern many people adopted in their UIKit/AppKit apps and translate it to the needs of SwiftUI. That can work well enough, but you begin to see some cracks in the architecture when you need to manage state and data flow due how heavily SwiftUI leans on having a single source of truth. Others have taken the path of integrating powerful libraries such as The Composable Architecture which provide you with the tools to reason about your entire application. TCA takes inspiration from redux, more specifically The Elm Architecture, two patterns that are rather incredible in how they allow you to define your entire application as a tree of state. But TCA’s great power comes with great responsibility a very high learning curve, which can make it difficult to learn personally. TCA’s goals are much more of a fit for solving problems with a very high level of complexity, which may not be necessary for every app.

[…]

You can think the Store as the storage for your model objects, in SwiftUI this would be your single source of truth. If you model your data correctly then your user interface will always do what you expect it to do. That relationship between data and user interface is why Views having a single source of truth is so important.

I’ve built a batteries-included Store that comes with everything you’ll need out of the box called Boutique to be the foundation for that data. Boutique does no behind the scenes magic and doesn’t resort to shenanigans like runtime hacking to achieve a great developer experience.

Bodega:

Bodega is a straightforward actor-based library for writing files to disk with an incredibly simple API. Bodega is fully usable and useful on its own, but it’s also the foundation of Boutique.

[…]

Bodega provides two kinds of storage for you, DiskStorage and ObjectStorage. DiskStorage is for writing Data to disk, and ObjectStorage builds upon DiskStorage allowing you to write any Codable object to disk using a very similar API.

Both DiskStorage and ObjectStorage are implemented as actors which means they take care of properly synchronizing disk reads and writes.

Boutique:

Boutique is a simple but powerful persistence library, and more. With its dual-layered memory + disk caching architecture Boutique provides a way to build apps that update in real time with full offline storage in only a few lines of code using an incredibly simple API.

[…]

Storing images or other binary data in Boutique is technically supported but not recommended. The reason is that storing images in Boutique’s can balloon up the in-memory store, and your app’s memory as a result. For similar reasons as it’s not recommended to store images or binary blobs in a database, it’s not recommended to store images or binary blobs in Boutique.

[…]

The Store is a simple way to gain the benefits of offline storage and realtime updates, but by using the @Stored property wrapper we can cache any property in-memory and on disk with just one line of code.

Previously:

Wednesday, July 6, 2022

Lockdown Mode

Apple (MacRumors, Hacker News):

Apple today detailed two initiatives to help protect users who may be personally targeted by some of the most sophisticated digital threats, such as those from private companies developing state-sponsored mercenary spyware. Lockdown Mode — the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura — is an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security.

[…]

Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.

Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.

And no configuration profiles. This sounds great, though I would rather see something like Little Snitch for iOS to help protect against rogue apps.

See also: Lorenzo Franceschi-Bicchierai, Ron Deibert.

Previously:

EU Approves Digital Markets Act and Digital Services Act

Hartley Charlton (Hacker News):

European Union lawmakers have approved landmark legislation to heavily regulate Apple, Google, Meta, and other big tech firms.

[…]

Under the DMA, gatekeepers may have to:

  • Allow users to install apps from third-party app stores and sideload directly from the internet.
  • Allow developers to offer third-party payment systems in apps and promote offers outside the gatekeeper’s platforms.
  • Allow developers to integrate their apps and digital services directly with those belonging to a gatekeeper. This includes making messaging, voice-calling, and video-calling services interoperable with third-party services upon request.
  • Give developers access to any hardware feature, such as “near-field communication technology, secure elements and processors, authentication mechanisms, and the software used to control those technologies.”

There are many more requirements, including one I hadn’t seen before: allowing third-party voice assistants as the default.

EFF (via Nick Heer):

The final bill avoids transforming social networks and search engines into censorship tools, which is great news. It also retains important principles under the previous internet rules that helped to make the internet free, such as allowing liability exemptions for online platforms for the speech of others and limiting user monitoring. And it improves things as well, by imposing higher standards for transparency around content moderation and creating more user control over algorithmically-curated recommendations.

However, the DSA is not a panacea for all problems users face online and the final deal isn’t all good news: It gives way too much power to government agencies to flag and remove potentially illegal content and to uncover data about anonymous speakers.

Previously:

Update (2022-07-25): See also: Hacker News.

Slow Mac Disk Image Writing

Howard Oakley:

While reading from each of the Disk Images was almost as fast as from the SSD, write speeds were severely reduced. The sparse bundle was least impaired, with a write speed just under half that of the SSD, but all three disk images wrote at less than 20% of SSD speed, with the encrypted disk image the worst of all, at less than 1%.

[…]

Given the high write performance of the SSDs used, this can only indicate that macOS is intentionally throttling threads responsible for performing writes to the encrypted disk image, and to unencrypted disk images too.

[…]

This difference may reflect Apple’s historical usage of disk images, which have been most commonly used for reading rather than writing. However, that has now changed, with write performance becoming important to the user in:

  • encrypted disk images used as a substitute for the absence of folder encryption in APFS;
  • both encrypted and unencrypted sparse bundles used for shared Time Machine backup storage;
  • unencrypted disk images used as Block Device storage in virtualisation.

Howard Oakley:

There’s a new twist: results differ when the image is still mounted after creation, and after unmount-remount.

I haven’t done encrypted UDSP, but
enc UDRW is 55 MB/s first time, 900 remounted;
enc UDSB is 360 first, 4.3 GB/s remounted;
plain UDRW 1.3 GB/s falls to 970 MB/s.

Previously:

Update (2022-07-07): Howard Oakley:

This article presents a lot more data, which both clarify and confound. The TL;DR is that writing to macOS Disk Images – whether plain .dmg, sparse disk images, or sparse bundles – is a complete gamble. Sometimes they perform fairly well, and sometimes they’re excruciatingly slow.

[…]

As things stand, the only type of Disk Image which can be relied on to deliver acceptable write performance is the sparse bundle. If encrypted, when it has been freshly made and hasn’t been unmounted, write speed can be abysmal. But once written to and unmounted, it’s likely to deliver write speeds 60%-70% of those of the host SSD.

Thomas Tempelmann:

The disk (block) image device driver does not cache any decrypted fata and also does not allow the use of macOS disk block cache to be used, all probably in order to prevent finding any unencrypted data in memory by an attacker. Thus, every time the file system driver wants to access a block, eg. to traverse the directory b*tree, it’ll have to fetch the block from the SSD and then decode it. And I also suspect that even when encryption is not used, the block cache is denied, thus causing bad performance even then.

AppleScript Broken in macOS 12.5 Beta 5

Luc Beaudoin brought to my attention that there is a serious bug in the current Monterey beta. So far it’s affected every app I’ve tried that uses AppleScript. The script will fail with error -609 (connectionInvalid). Sometimes the script succeeds the first time, but then it will fail every subsequent time.

I can reproduce the error with a script as simple as:

tell application "Safari" to get URL of document of window 1

or this similar script for BBEdit.

Until this bug is fixed, I recommend not updating to the latest Monterey beta, as it is likely to cause widespread breakage. Even if you don’t write scripts yourself, many apps rely on them under the hood. For example, there are confirmed problems with:

I have filed a feedback (FB10565806) about this, as has Beaudoin (FB10563311).

Update (2022-07-07): It also affects the Dock and SuperDuper.

Update (2022-07-12): This seems to be fixed in the release candidate.

Tuesday, July 5, 2022

M2 Mac Thermal Concerns

Vadim Yuryev (video):

We discovered SEVERE thermal throttling with Apple’s new M2 MacBook Pro, proving that it needs a BETTER cooling system with two fans instead of one. We exported 8K Canon RAW and saw temps hit 108°C, more than we’ve ever seen on a Mac, even an Intel Mac.

[…]

The fan was maxed out at 7200RPM the ENTIRE time, so there was nothing the MacBook Pro could do to cool itself down except for HEAVILY throttle down the M2 chip. This led to much worse performance than the M1 Pro chip, which didn’t have to max out its fans.

Via Marco Arment:

This is concerning if it’s not a fluke.

It suggests that M2 thermal load is higher than M1 by enough to warrant different cooling needs (and different buying decisions) if your workload heavily stresses the GPU.

Curious about the Air. 30W seems like too much to passively cool.

Previously:

Update (2022-07-06): See also: Hacker News.

Gary and Hardware Unboxed have not been able to reproduce the problem.

Update (2022-07-10): See also: Accidental Tech Podcast.

Update (2022-08-29): Snazzy Labs:

The M2 MacBook Air launched to a lot of dramatic hullabaloo—reports of thermal throttling and a slow SSD were just a few of the controversies that befell the redesigned fan-favorite. We’ve found some of the complaints to be credible, many to be false, and generally find ourselves in love with this little machine.

The Power of SwiftUI “task” View Modifier

Majid Jabrayilov:

The task view modifier starts the unstructured async task and binds it to the view lifecycle. SwiftUI automatically cancels ongoing tasks whenever the view disappears by propagating cooperative cancellation.

[…]

Another variant of the task view modifier allows us to observe equitable data and run the async task whenever the data changes. The task lifecycle is still bound to the view lifecycle, but SwiftUI also cancels the ongoing job whenever data changes and creates a new one for the latest data.

[…]

Usually, we want to debounce requests to our servers and make them after a slight pause. We can quickly achieve this effect by leveraging the power of the cooperative cancellation and data observing capabilities of the task view modifier.

PACMAN Attack on M1 Processor

Carly Page (Hacker News, paper):

The attack, appropriately called “Pacman,” works by “guessing” a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn’t been maliciously altered. This is done using speculative execution — a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation — to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct.

What’s more, since there are only so many possible values for the PAC, the researchers found that it’s possible to try them all to find the right one.

[…]

The researchers — which presented their findings to Apple — noted that the Pacman attack isn’t a “magic bypass” for all security on the M1 chip, and can only take an existing bug that pointer authentication protects against.

Samuel K. Moore:

Other researchers familiar with PACMAN say that how dangerous it really is remains to be seen. However, PACMAN “increases the number of things we have to worry about when designing new security solutions,” says Nael Abu-Ghazaleh, chair of computer engineering at University of California, Riverside, and an expert in architecture security, including speculative execution attacks. Processors makers have been adding new security solutions to their designs besides pointer authentication in recent years. He suspects that now that PACMAN has been revealed, other research will begin to find speculative attacks against these new solutions.

Yan’s group explored some naive solutions to PACMAN, but they tended to increase the processor’s overall vulnerability.

[…]

“People used to think software attacks were standalone and separate from hardware attacks,” says Yan. “We are trying to look at the intersection between the two threat models. Many other mitigation mechanisms exist that are not well studied under this new compounding threat model, so we consider the PACMAN attack as a starting point.”

Joseph Ravichandran:

Our goal is to demonstrate that we can learn the PAC for a kernel pointer from userspace. Just demonstrating that this is even possible is a big step in understanding of how mitigations like pointer authentication can be thought of in the spectre era.

We do not aim to be a zero day, but instead aim to be a way of thinking about attacks/ an attack methodology.

The timer used in the attack does not require a kext (we just use the kext for doing reverse engineering) but the attack itself never uses the kext timer. All of the attack logic lives in userspace.

Provided the attacker finds a suitable PACMAN Gadget in the kernel (and the requisite memory corruption bug), they can conduct our entire attack from userspace with our multithread timer. You are correct that the PACMAN Gadget we demonstrate in the paper does live in a kext we created, however, we believe PACMAN Gadgets are readily available for a determined attacker (our static analysis tool found 55,159 potential spots that could be turned into PACMAN Gadgets inside the 12.2.1 kernel).

BrooksT:

The design flaw is in the ARM v8.3 architecture, and it just happens that the M1 is the only commercial chip on that architecture at this time. When other v8.3 systems ship, they’ll have the same flaw.

Previously:

Pruning iOS “System Data”

frownface84:

Phone had about 6gb of free space yesterday and was out of space when I woke up this morning. What’s this 10gb worth of system data?

AwsomeOHdog:

Why would “System Data” be using almost 40 GB of storage?

Mizikame (via Meek Geek):

Erase the device via Settings > General > Transfer or Reset iPhone > Erase All Content and Settings

Go through Setup Activation Assistant > Setup Manually > Get to Apps & Data Screen > Choose Restore From iCloud Backup

[…]

Do NOT backup to a computer or IT WILL restore the same GB allotment amount of the unnecessary System/Other Data before erasing the device and that will defeat the purpose of the fix

A classic Apple situation: remove the ability to directly access files to make things simpler and more foolproof, but then if something goes wrong the only tool you have is nuking it from orbit.

Simone Manganelli:

So annoyed that “System Data” is still a thing on iOS. Give me the goddamn ability to delete all the dumb log and cache files taking up 6 fucking GB of data!!

Changed the photos that sync to my iPad from a year back to just three months back.

Disk space taken by photos stayed constant at ~5.3 GB. “System Data” dropped from 6.6 GB to 2.9 GB. 🙄🙄🙄

Previously:

Update (2022-07-06): Matt Sephton:

I do this Restore from iCloud dance every few months. I’m only 10% free on a 64GB phone which makes things worse. I need to call my bank after I do it, which is the main hassle.

Apple Maps Location Scan Slows Down Wi-Fi

Ben Kuhn:

I just did another round of “what’s making my Zoom calls stutter every 60s” and this time the culprit was… APPLE #!*$ING MAPS. That’s right, Macs now come preloaded with software to ruin wifi latency :(

You can fix by revoking Maps’ location access in Preferences[…]

This time, Maps was requesting a location scan every 60s, which triggered a wifi network scan, which, as previously discussed, tanks your latency for a few seconds.

Adam Engst:

Complaints about website loading have been trickling in of late, and while the details vary, the commonality has been that the problems started with macOS 12.4 Monterey. Sometimes the problem was just with Safari; other times, it affected Chrome and other browsers too. In some cases, the entire page would refuse to load; in others, only portions of the page would fail.

The solution to the problems I’ve seen so far is simple: in System Preferences > Network, turn off Limit IP Address Tracking for each network adapter you use (Ethernet and Wi-Fi below—they look surprisingly different).

Previously:

Friday, July 1, 2022

FCC Commissioner Calls for TikTok to Be Remove From App Store

Brendan Carr (Hacker News):

TikTok is not just another video app.

That’s the sheep’s clothing.

It harvests swaths of sensitive data that new reports show are being accessed in Beijing.

I’ve called on @Apple & @Google to remove TikTok from their app stores for its pattern of surreptitious data practices.

[…]

Tiktok’s pattern of misrepresentations coupled with its ownership by an entity beholden to the CCP has resulted in U.S. military branches and national security agencies banning it from government devices.

John Gruber:

This whole charade about moving U.S. TikTok users’ data to servers run by Oracle is a facade — there’s nothing stopping ByteDance employees in China from accessing the data on those servers. The Biden administration shouldn’t merely request that Apple and Google ban TikTok from their App Stores, they should demand it.

Nick Heer:

As a reminder, Carr works for the FCC, not the FTC. Nor does Carr work for the Department of Commerce, which was most recently tasked with eradicating TikTok from the United States. While frequent readers will know how much I appreciate a regulator doing their job and making tough demands, I feel Carr’s fury is misplaced and, perhaps, a little disingenuous.

Carr’s letter follows Emily Baker-White’s reporting earlier this month for Buzzfeed News about the virtually nonexistent wall between U.S. user data collected by TikTok and employees at ByteDance, its parent company in China. The concerns, Baker-White says, are claims of persistent backdoors connected to Chinese military or intelligence which allow access to users’ “nonpublic data”.

[…]

But, you know, maybe they should be worried about that simpler situation. I think Baker-White buried the lede in that big, long Buzzfeed story[…]

Emily Baker-White:

Project Texas’s narrow focus on the security of a specific slice of US user data, much of which the Chinese government could simply buy from data brokers if it so chose, does not address fears that China, through ByteDance, could use TikTok to influence Americans’ commercial, cultural, or political behavior.

Nick Heer:

One of the frustrating characteristics about Carr’s letter is that he is, in many ways, completely right — and I just wish he had raised these concerns about literally everything else applicable. From the perspective of a non-American, his concerns about intrusive surveillance reflect those I have about my data being stored under the control of American companies operating under American laws. Sure, Canada is both an ally and a participant in the Five Eyes group. But it is hard to be reassured by that when the U.S. has lost its moral high ground by wiretapping allies and entire countries.

Chance Miller:

In its response today, ByteDance confirmed that some employees do need “have access to TikTok U.S. user data.” It went on to clarify, however, that these employees are “subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.”

As noted by Reuters, however, ByteDance also committed to making changes that will “fully safeguard user data and U.S. national security interests.” The company said that it is in the process of finalizing “new advanced data security controls” in partnership with Oracle.

Previously:

Update (2022-07-08): Karl Bode:

If you were to dig through the resulting news reports covering Carr’s empty letter, you’d be hard pressed to find a single one that could be bothered to note that Carr doesn’t have any regulatory authority over social media or app stores, the letter has absolutely no meaningful legal backing to support his request, or that Carr himself has absolutely zero credibility on consumer privacy issues.

Via Nick Heer:

Bode’s coverage of Carr’s regulatory history is also worth reading. If the collection of and access to Americans’ private data — maybe by a foreign government — really is a giant security concern, there are meaningful levers Carr could pull. But it is easier to blame this one app because it is very popular.

Update (2022-07-12): See also: The Economist (via Hacker News).

Update (2022-07-19): See also: Hacker News.

Porting Graphing Calculator From C++ to Swift

Ron Avitzur:

C++ is and always has been an effective language for managing complexity in large projects, so why did I change languages? I was incredibly impressed with Apple’s Augmented Reality technology.

[…]

I’ve worked the last 18 months rewriting everything. Here’s what I’ve learned.

[…]

In the end, the port is vastly more maintainable, readable, and compact. When I ported individual sections of functionality, the Swift source typically measured 30% the size of the corresponding C++ code.

[…]

The biggest challenge of the port was achieving comparable speed. Decades of iterative refinement and low-level optimization on every release set a high bar for performance. Navigating Swift’s myriad Unsafe APIs in performance-critical code was difficult, but effective. The biggest remaining challenge is minimizing ARC retain/release overhead navigating expression trees. Relying on ARC eliminated a great deal of code complexity. The C++ code handled expression memory management manually, which was both extremely fragile but also very fast. The Swift version is smaller, easier to write correct code and reason about, but has performance-critical sections where I know that traversing a tree will not change any reference counts but have no way to communicate to the compiler that the ARC retain/release overhead is unnecessary.

Oliver Hunt:

I learned to write Swift in the same way I learn every language: writing a raytracer, and what Ron is saying mostly matches my experience with it. In general it produces code that is Fast Enough, but getting high performance is still harder than C++.

[…]

Unneeded retain/release from ARC in perf critical tree traversal consumes easily >10%, and in some cases >20% of run time in my code - just finding out about the unsafe work arounds was challenging, using it made the code much more unwieldy, and itself created new perf problems.

[…]

I’ve also encountered issues with the performance of generic code, where perf is also difficulty to debug, and much harder to reason about than C++. Part of this is to make it possible to maintain ABI compatibility with generic code (though I’m convinced it should be faster)

Previously:

Update (2022-07-05): Joe Groff:

One major limitation is the nonuniform representation of unspecialized generics in SIL, which means they lose a host of optimizations in addition to having the indirection overhead

Having done it all in native code, I'm also not convinced that was the right call vs. using a higher-level bytecode and interpreter to represent unspecialized generics more compactly

See also: Hacker News.

ConcurrencyPlus

Chime (via Matt Massicotte):

TaskQueue

Conceptually similar to a serial DispatchQueue, but can accept async blocks. Unlike with an unstructured Task, this makes it possible to control the ordering of events.

[…]

CancellingContinuation

Just like a CheckedContinuation, but will automatically resume by throwing if it is deallocated without being resumed manually. This is useful for situations where you cannot guarantee that a closure will be called. An example of such a situation is an XPC call.

FontExplorer X End of Sales

FontExplorer:

As of June 30th 2022, FontExplorer X products are no longer available for purchase or renewal[…] we will not offer any updates and/or support after June 30th, 2023.

[…]

We are working on an exciting new product! Sign up for our newsletter to be the first to know when it’s released. In the meantime, take a look at our cloud based individual offer from Monotype Fonts.

WebKit Moves to GitHub

Jen Simmons:

WebKit is 100% on Git. The SVN repo is officially retired.

Previously:

CMA on WebKit Security Bugs

Open Web Advocacy (Hacker News):

The CMA [UK Competition and Markets Authority] says [Apple’s browser] ban not only doesn’t protect security it could make it worse!

[…]

Out of each of the three major browser engines, Safari has had the had highest number of Browser Code Execution Vulnerabilities.

[…]

If we look at how long it takes Apple to patch vulnerabilities the picture looks even worse.

[…]

Apple doesn’t even apply all the patches to versions of the operating system that are still heavily used. When iOS 15 only had 0.93% of users installed, Apple wasn’t applying all of those security patches to iOS 14.

Florian Mueller:

When lobbying against such initiatives as the Open App Markets Act, Apple emphasizes two pet pretexts: privacy and security--and in order to give the term security more gravitas, Apple--and all sorts of people beholden to it--stress that it’s about national security. What no one can deny is that Apple is the market leader in the U.S. smartphone business, so security issues affecting the iPhone are, by extension, an issue of concern to the country as a whole. But at the heart of Apple’s national security argument resides a total non sequitur:

Apple considers it an axiom that whatever Apple does is inherently secure, and whatever anyone else does is inherently insecure. It’s Apple’s version of what’s called infallibility in connection with various religions.

[…]

What I find so interesting about the OWA’s work (by the way, here’s a link to their response to the UK CMA’s interim report) is that they’ve compiled information that throws into doubt Apple’s conclusory claim of monopolistic behavior being in the interest of (national) security.

Previously: