Archive for August 23, 2022

Tuesday, August 23, 2022 [Tweets] [Favorites]

Implementing the Swift Parser in Swift

Mattt Thompson:

SwiftSyntax is a Swift library that lets you parse, analyze, generate, and transform Swift source code. It’s based on the libSyntax library, and was spun out from the main Swift language repository in August 2017.

Douglas Gregor:

We have started a project to reimplement the Swift parser in Swift, to become part of the SwiftSyntax library. The current implementation can parse much of the Swift grammar already.

[…]

The main goal of this project is to fully replace the C++ implementation of the Swift parser for all clients.

[…]

The parser will attempt to recover from syntax errors, maintaining as much of the program structure as is feasible. It has no side effects, and in particular produces no errors regardless of how ill-formed the input source text is. Instead, all errors are described in the syntax tree itself, and can be diagnosed by a separate pass that identifies such errors.

[…]

SwiftSyntax is designed to maintain all “trivia” (including whitespace, comments, etc.) precisely as it occurs in the source text, so that a syntax tree can be rendered back into text that is byte-for-byte identical to the original source.

See also: Swift Abstract Syntax Tree (via Helge Heß).

Previously:

Pixelmator Photo Switching to Subscriptions

Andrius Gailiunas (MacStories, AppleInsider, MacRumors):

Pixelmator Photo will now cost $4.99 per month, $23.99 per year, or $54.99 for a lifetime license but existing paid users get unlimited access for free. Also, Pixelmator Photo for Mac is coming! What’s more early subscribers will get access to it for the same monthly price, which will go up when the Mac version is out.

[…]

For now, a free app with locked features is the only way to provide a free trial on iOS and iPadOS.

[…]

[On] iOS, the prices of other, less powerful apps are so low that pricing the app at, say, $29.99 puts people off, especially with no free trial. However, the current low price ($7.99) isn’t sustainable in the long run.

[…]

We’d love to charge one price for the app across all platforms – Mac, iOS, and iPadOS – and this is only possible with a subscription.

Pixelmator Photo is their nondestructive photo editor, not the original app that’s more like Photoshop and Acorn.

Previously:

Zoom Updater Vulnerabilities

Lily Hay Newman (Hacker News):

Wardle found that he could change the name of the software he was trying to sneak through to contain the markers Zoom was broadly looking for and get the malicious package past Zoom’s signature check.

[…]

Wardle found that using a Zoom tool known as updater.app, which facilitates Zoom’s actual update distribution, he could trick the distributor into accepting an old, vulnerable version of Zoom instead, after which an attacker could exploit old flaws to get full control.

[…]

Wardle noticed that there is a moment after the installer verifies the software package—but before the package installs it—when an attacker could inject their own malicious software into the Zoom update, retaining all the privileges and checks that the update already has.

Corin Faife:

Zoom has updated its Mac app to address the vulnerability, with version 5.11.5, which is available for download now.

Ole Begemann:

Fyi, you don’t have to give the Zoom installer your admin password:

  1. Download the Suspicious Package app
  2. Open the Zoom installer file (.pkg) in Suspicious Package
  3. Drag the .app file from Suspicious Package into your Applications folder

See also: Bruce Schneier.

Previously:

Apple Silicon Virtualization Apps

Howard Oakley:

There are currently three major apps to run macOS as a guest on an Apple silicon Mac with Monterey 12.5 as a host:

There’s also my free app Viable now in beta 3.

[…]

All four of these apps currently use Apple’s Virtualization framework to download, install and run macOS guests, thus have almost identical core features and shortcomings. The one notable exception to this is VirtualBuddy, which apparently uses an undocumented method of booting a Monterey guest into Recovery mode. That’s essential if you want to downgrade or disable Secure Boot, for example if you want to turn SIP off in your VM.

[…]

None of the apps supports Apple ID connections, which is a serious problem for making the transition to Ventura: this means that a Monterey VM can’t run App Store apps at all, except for Apple’s free apps, such as Numbers.

[…]

By far the most economical solution is to create a new volume on which to keep your VMs; when that’s added to Time Machine’s exclusion list, then snapshots won’t be made of that volume either.

My main interest in virtualization is for running old or beta versions of macOS for testing. Lately, I’ve been doing this without virtualization, just using separate partitions and external SSDs on a separate Mac. However, I only bring one Mac with me when I travel, and I don’t trust installing a beta version on the internal SSD. For a while, I used an external SSD. This was kind of a pain because I couldn’t set it up using my secondary Intel Mac. It would only boot my M1 Mac if I ran the installer and each update from the M1 Mac itself—taking it out of commission for hours. With the Ventura beta, I was unable to get the beta to even install on the external SSD (neither the full installer nor updating from the Monterey beta). So, I’ve not set it up yet, but using virtualization seems like a more promising option.

Previously: