Archive for January 2023

Tuesday, January 31, 2023

Disk Mount Conditioner

Peter Hosey:

TIL about Disk Mount Conditioner, a macOS feature like the Network Link Conditioner but for file I/O. Throttle throughput or add latency to make a device behave like something slower. See man dmc(1) for details.

dmc(1):

The Disk Mount Conditioner is a kernel provided service that can degrade the disk I/O being issued to specific mount points, providing the illusion that the I/O is executing on a slower device. It can also cause the conditioned mount point to advertise itself as a different device type, e.g. the disk type of an SSD could be set to an HDD. This behavior consequently changes various parameters such as read-ahead settings, disk I/O throttling, etc., which normally have different behavior depending on the underlying device type.

Previously:

CNET’s AI-powered SEO Money Machine

Mia Sato and James Vincent:

CNET is the subject of a swirling controversy around the use of AI in publishing, and it’s Jaffe’s team that’s been at the center of it all. Last week, Futurism reported that the website had been quietly publishing articles written using artificial intelligence tools. Over 70 articles have appeared with the byline “CNET Money Staff” since November, but an editorial note about a robot generating those stories was only visible if readers did a little clicking around.

[…]

Daily mortgage rate stories might seem out of place on CNET, slotted between MacBook reviews and tech news. But for CNET parent company Red Ventures, this SEO-friendly content is the point.

[…]

This type of SEO farming can be massively lucrative. Digital marketers have built an entireindustry on top of credit card affiliate links, from which they then earn a generous profit. Various affiliate industry sites estimate the bounty for a credit card signup to be around $250 each. A 2021 New York Timesstory on Red Ventures pegged it even higher, at up to $900 per card.

Via Nick Heer:

It seems to me there are actually two controversies here. The first is the publication of miserable articles generated by some computer program, but these are all bland crappy articles that nobody should be reading. The second concern is, I think, much worse: these are financial articles often presented as advice — on a technology news website, no less — which are designed to exploit search engines to get extraordinary kickbacks.

Previously:

Reverse Engineering the MacBook Clamshell Mode

Alin Panaitiu:

You notice you never use the MacBook built-in display anymore, and it nags you to have it in your lower peripheral vision.

Closing the lid is not an option because you still use the keyboard and trackpad, maybe even the webcam and TouchID from time to time.

[…]

Why isn’t there a way to actually disable this screen?

[…]

In the pre-chunky-MacBook-Pro-with-notch era, the lid was detected as being closed using magnets in the lid, and some hall effect sensors. So you were able to trick macOS into thinking the lid was closed by simply placing two powerful magnets at its sides.

[…]

I usually search for code on SourceGraph as it has indexed some large macOS repos with dyld dumps. Looking for RequestClamshellState gives us something far more interesting though[…]

But to call the private API he needed private entitlements, which must be signed by Apple, unless that check is disabled after turning off System Integrity Protection. Even then he ran into a blocker. Still, it’s an interesting tour through how to dig into macOS.

Disabling the MacBook Screen Lock Key

Mark Dominus:

If you tap the mystery button momentarily, the screen locks, which is very convenient, I guess, if you have to pee a lot. But they put the mystery button right above the delete key, and several times a day I fat-finger the delete key, tap the corner of the mystery button, and the screen locks. Then I have to stop what I am doing and type in my password to unlock the screen again.

[…]

This question was tough to search for. I found a lot of questions about disabling touch ID, about configuring the touch ID key to lock the screen, basically every possible incorrect permutation of what I actually wanted. I did eventually find what I wanted on Stack Exchange and on Quora — but no useful answers.

[…]

The key to the mystery was provided by Roslyn Chu. She suggested this page from 2014 which has an incantation that worked back in ancient times. That incantation didn’t work on my computer, but it put me on the trail to the right one.

[…]

defaults write com.apple.loginwindow DisableScreenLockImmediate -bool yes

Update (2023-02-01): Robin Kunde:

I actually want to use the button to lock the screen, but for me it is too unreliable. It locks only half the times I press it, and if I rest my finger too long after pressing, Touch ID immediately unlocks the screen again.

Monday, January 30, 2023

Using JavaScript in a Swift App

Douglas Hill:

If you’re writing an iOS app using Swift and trying to solve a problem you’re sure has been solved before, you may look for existing code that solves that problem. It’s likely you’ll first think of looking for open source code written in Swift[…] However, we don’t need to limit ourselves to Swift. […] In this article, we’ll look at how to call JavaScript code from Swift using JavaScriptCore.

[…]

This sort of code is inviting code injection security vulnerabilities. Instead, we can set our input URL as a variable in the JavaScript environment and then reference it by name.

JSContext lets us read variables (in Swift) from JavaScript using objectForKeyedSubscript(_:) and set variables using setObject(_:forKeyedSubscript). Oddly, this API is nicer to use in Objective-C since these map to subscript syntax so you can read and set values like in a dictionary. Subscript syntax doesn’t seem to work in Swift here.

Safari Safe Browsing Blocks GitLab in Hong Kong

Sam Biddle (tweet, via Tim Sweeney):

When Safari users in Hong Kong recently tried to load the popular code-sharing website GitLab, they received a strange warning instead: Apple’s browser was blocking the site for their own safety. The access was temporarily cut off thanks to Apple’s use of a Chinese corporate website blacklist, which resulted in the innocuous site being flagged as a purveyor of misinformation. Neither Tencent, the massive Chinese firm behind the web filter, nor Apple will say how or why the site was censored.

[…]

The episode raises thorny questions about privatized censorship done in the name of “safety” — questions that neither company seems interested in answering: How does Tencent decide what’s blocked? Does Apple have any role? Does Apple condone Tencent’s blacklist practices?

[…]

The block came as a particular surprise to Ka-cheong and other Hong Kong residents because Apple originally said the Tencent blocklist would be used only for Safari users inside mainland China. According to a review of the Internet Archive, however, sometime after November 24, 2022, Apple quietly edited its Safari privacy policy to note that the Tencent blacklist would be used for devices in Hong Kong as well. (Haija, the Apple spokesperson, did not respond when asked when or why Apple expanded the use of Tencent’s filter to Hong Kong.)

[…]

The block on GitLab would not be the first time Tencent deemed a foreign website “dangerous” for apparently ideological reasons. In 2020, attempts to visit the official website of Notepad++, a text editor app whose French developer had previously issued a statement of solidarity with Hong Kong dissidents, were blocked for users of Tencent web browsers, again citing safety.

Previously:

Switching on iCloud Photos

Matthias Gansrigler:

65 photos were unable to upload, according to Photos on my Mac. Why? I couldn’t honestly tell you. Photos didn’t tell me. It should have, if you ask me. I’d have liked to know. And there’s no way to retry to sync those photos with iCloud. They’re just in the “Unable to Upload” smart-album forever.

Albeit, a bit of online research reveals an Apple support document with one of the weirdest and Apple-unlike solutions to a problem I’ve ever come across:

Step 1: Export the photos in question “unmodified” to a folder on your disk.
Step 2: Delete them from Photos (scary)
Step 3: Import those photos you just exported into Photos again to retry their syncing.

It worked (mostly), but still, why can’t I just do this in Photos itself?

[…]

An interesting tidbit: All my synced devices show a different photo count.

Previously:

DOJ Accuses Google of Abusing Ads Monopoly

David McCabe and Nico Grant (via Hacker News):

The Justice Department and a group of states sued Google on Tuesday, accusing it of illegally abusing a monopoly over the technology that powers online advertising, in the agency’s first antitrust lawsuit against a tech giant under President Biden and an escalation in legal pressure on one of the world’s biggest internet companies.

The lawsuit said Google had “corrupted legitimate competition in the ad tech industry by engaging in a systematic campaign to seize control of the wide swath of high-tech tools used by publishers, advertisers and brokers, to facilitate digital advertising.” The lawsuit asked the U.S. District Court for the Eastern District of Virginia to force Google to sell its suite of ad technology products and stop the company from engaging in allegedly anticompetitive practices.

Previously:

NSURLSession Connection Leak

Jeff Johnson:

What it doesn’t tell you is that if you don’t invalidate the session (via finishTasksAndInvalidate or invalidateAndCancel), then the internet connection created by the session remains open until the app terminates, even after the delegate method URLSession:task:didCompleteWithError: has been called, and even after the app’s code no longer has a strong reference to the session. It’s more than just a potential memory leak.

[…]

The NSURLSession API seems peculiar, because you would expect URLSession:task:didCompleteWithError: to be, you know, the end. Shouldn’t you be able to freely (pun intended) dispose of the connection at that point? The reality, however, is that you need to invalidate every used session.

Friday, January 27, 2023

SwiftUI in timing.is App

Bardi Golriz:

It took a few hours to fall in love with SwiftUI. So much so that we instantly decided to abandon a cross-platform codebase and go fully native on iOS. […] Towards the latter stages of development, we even re-considered our decision to go with it. At the end, we didn’t drop it for a couple of reasons. We were too deep into the process. Being a bootstrapped operation that was already severely behind schedule, we couldn’t afford to restart. But this wasn’t why. Despite the regular friction, we still loved it. Because like any commitment, you must let the majority rule. It was fun at least 51% of the time. But let’s talk about the <= 49% that wasn’t.

[…]

[ScrollView] was the control that we wrestled with the most. An infinite scroll is expected in a calendar app. Executing this was relatively straightforward, but only moving forward in time. Because trying to load items on demand scrolling up resulted in a noticeable jitter. I asked on StackOverflow, and 2k views since, it’s apparent there’s no native approach that works. I actually raised this in a WWDC lab with a SwiftUI engineer last year, and their recommendation was to 1) create a LazyVStack with a ridiculously large data set in both directions and 2) scroll to today onAppear. A creative workaround, except unfortunately scrollTo behaves unreliably inside a LazyVStack. It would usually not even come close to the intended target, occassionally missed it by a little, and rarely correctly.

[…]

Views will refresh unnecessarily. And in a calendar with an infinite scroll, this will lead to noticeable slowdowns. You’re always literally one @Published property away from triggering one.

[…]

Finally, in case I forget again, remember an @EnvironmentObject will trigger a view update even if the view has no reference to any of its properties. An inexpensive way to determine unnecessary redraws is by setting the background colour of a view to Color.random, a clever trick by Peter Steinberger.

[…]

when you are editing an entry, we want the title field’s cursor position to be at the beginning. But, alas, not possible.

Previously:

Update (2023-01-30): See also: Hacker News.

Weather Machine

Electric Dream Machine:

Weather APIs are notoriously complicated—every vendor offers their own proprietary data structures, unit types, and request formats. With Weather Machine, you can write just one integration and get highly accurate global forecasts from The Weather Company, AccuWeather, AerisWeather, and many other sources.

[…]

Dark Sky’s single-response JSON format remains the gold standard for developer friendliness. Weather Machine makes every data source drop-in compatible with Dark Sky’s API, so you can switch over in minutes.

[…]

Weather Machine is the underlying platform that we built to power our own weather app, Hello Weather.

Previously:

The Enshittification of All Things

Cory Doctorow:

Here is how platforms die: first, they are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die.

I call this enshittification, and it is a seemingly inevitable consequence arising from the combination of the ease of changing how a platform allocates value, combined with the nature of a “two sided market,” where a platform sits between buyers and sellers, hold each hostage to the other, raking off an ever-larger share of the value that passes between them.

[…]

This is enshittification: surpluses are first directed to users; then, once they’re locked in, surpluses go to suppliers; then once they’re locked in, the surplus is handed to shareholders and the platform becomes a useless pile of shit. From mobile app stores to Steam, from Facebook to Twitter, this is the enshittification lifecycle.

[…]

These videos go into Tiktok users’ ForYou feeds, which Tiktok misleadingly describes as being populated by videos “ranked by an algorithm that predicts your interests based on your behavior in the app.” In reality, For You is only sometimes composed of videos that Tiktok thinks will add value to your experience – the rest of the time, it’s full of videos that Tiktok has inserted in order to make creators think that Tiktok is a great place to reach an audience.

Mike Masnick (via Old Unix Geek, Jason Kottke):

We recently wrote about Cory Doctorow’s great article on how the “enshittification” of social media (mainly Facebook and Twitter) was helping to lower the “switching costs” for people to try something new.

[…]

And this, quite frequently, leads to the process that Cory lays out in his enshittification gravity well. Because once you’ve gone public, even if you have executives who still want to focus on pleasing users and customers, eventually any public company is also going to have other executives, often with Wall Street experience, who talk about the importance of keeping Wall Street happy.

[…]

But one of the major problems with this that I’ve discussed for years is that even if you believe (ridiculously) that your only goal is to increase profits for shareholders, that leaves out one very important variable: over what time frame?

[…]

For years, Tim O’Reilly has (correctly) argued that good companies should “create more value than they capture.” The idea here is pretty straightforward: if you have a surplus, and you share more of it with others (users and partners) that’s actually better for your long term viability, as there’s more and more of a reason for those users, partners, customers, etc. to keep doing business with you.

[…]

This is one of the reasons that both Cory and I keep talking about the importance of interoperability. It not only allows users to break out of silos where this is happening, but it helps combat the enshittification process. It forces companies to remain focused on providing value and surplus, to their users, rather than chasing Wall Street’s latest demands.

Eric Schwarz:

It’s a bit depressing because I can make a list of web sites, stores, services, etc. that I can go back and say, “Man, remember when x was good? I miss that.”

Michael Simmons:

Spotify is a vastly superior experience to Apple Music, which shows Apple doesn’t need to innovate their services and can rely on a user base that believes anything “Apple” is superior even when it’s not. Apple Music’s slow performance and lack of device handoff says it all.

Previously:

Apple Appeals UK CMA Decision

Florian Mueller:

On Friday the UK Competition Appeal Tribunal (CAT) published a summary of application (PDF) of Apple’s January 18, 2023 appeal of the November 22, 2022 decision of the UK Competition & Markets Authority (CMA) to make a market investigation reference (MIR) into the markets for mobile browsers (particularly browser engines) and for the distribution of cloud gaming services. The court also announced that the initial case management conference would be held on Tuesday, January 24.

Ben Lovejoy:

Even more crazily, this is the second time that a single word has had a major impact on potential action against the Cupertino company on the very same issues.

The first time came down to the legal difference between an antitrust “study” and an “investigation,” and this time it all hinges on the legal meaning of the word “shall” …

If Apple can win on this procedural technicality, it raises the burden of proof on the CMA for the substantive issues.

See also: Hacker News.

Previously:

Thursday, January 26, 2023

Standard Mac User Accounts

Howard Oakley:

There are a few unexpected features that aren’t available to the normal user, of which the most irksome is accessing the log.

[…]

A traditional argument in favour of running as a normal user is that it separates your data from the system, and from other users. Thankfully, in all recent versions of macOS, you don’t need this any more: macOS is tucked away on a read-only snapshot on your System volume, and Privacy & Security work just the same whether you’re an admin or normal user.

[…]

All built-in macOS security protection applies equally to all users, regardless of their privileges.

Even with an admin account, I get prompted for my password all the time. So, these days, it seems like standard accounts are mostly useful for when the administrator is a different person from the user, who is to be prevented from changing settings or installing certain software. The old recommendation—which I didn’t follow—of having the administrator use a standard account most of time makes even less sense now.

What Happened to Virtual Memory?

alessandro308:

Your system has run out of application memory.

To avoid problems with your computer, quit any applications you are not using.

Jason Koebler:

why do people pretend like RAM is somehow not important on Apple Silicon? I have a $2,000 14" 2021 MBP with 16 gb RAM and I’m regularly getting notices my computer can’t run bc not enough system memory with not that much stuff open[…]

meanwhile I have a 2017 iMac that I installed 32 gb of RAM on myself with a garbage processor but that generally runs large numbers of programs/tabs better than this MBP.

I’ve never quite known what this error means. I’ve been using macOS since the beginning and don’t recall ever seeing it until the later years of using my 2017 iMac. It had 40 GB of RAM, and when I would get this error it never seemed like applications were using a huge amount of memory. Sometimes it looked like the kernel was using 10 GB or so. Even so, how can the system be out of memory when it supports virtual memory and the boot drive has 100 GB of free space?

Meanwhile, my 2022 MacBook Pro has only 32 GB of RAM, and I don’t think it has ever shown this error message. My guess is that this is because the MacBook Pro has a larger SSD and the iMac was in fact running out of space. Perhaps it’s just more confusion caused by displaying purgeable space—that will not actually be automatically purged—as though it’s free.

Previously:

SwiftUI Views Are Lists

Chris Eidhof (Mastodon):

When you write SwiftUI, all your views conform to the View protocol. The name of this protocol is a bit misleading: it could be called Views or ViewList, or something else that suggests plurals.

[…]

As mentioned, the Layout protocol lets you work with these view lists directly as of iOS 16 and macOS 13. You can also use variadic views — a non-public, but stable API — to loop over view lists. The variadic view API is really powerful (for example, you can write things like filter, map and reduce on view lists) but also quite low-level. I have a gist here with some examples, and plan to also write this up soon.

Previously:

Update (2023-01-27): Chris Eidhof:

To deal with these lists of views (e.g. during layout) we can use the underscored variadic view API.

Missing Tweets

Lora Kolodny (Hacker News):

Twitter’s full-time headcount has dwindled to approximately 1,300 active, working employees, including fewer than 550 full-time engineers by title, according to internal records viewed by CNBC.

[…]

Musk has contradicted the internal records obtained by CNBC in a series of tweets, and claimed that Twitter now has about 2,300 full-time working employees and thousands of contractors. CNBC contacted Twitter for clarification and comment but did not immediately hear back.

[…]

Before Musk led a $44 billion leveraged buyout of Twitter last year, Twitter’s headcount stood at about 7,500 employees. Layoffs were rumored internally and expected to take place whether Musk’s takeover went through or not. However, Musk has cut Twitter personnel far more than many expected — or by about 80% according to the internal records and two recent employees who spoke with CNBC.

David Frum:

On my computer, I am checking the latest tweets by people I follow. On my phone, I’m checking whether their most recent tweets are showing up in the “Following” column. I’m just getting started, but even in the first dozen cases, Twitter failed to show me an absolute majority of the tweets I had requested to see.

John Gruber:

With Twitter now, there’s no indication that you’re missing tweets — let alone a huge number of tweets.

[…]

Here’s a speculative thread explaining what might be going on — sounds like a very solid guess to me. In short: after cutting back on servers and entire data centers, Twitter can no longer keep up with its own content.

[…]

At this writing I see a grand total of one mention for my account going back to January 5. My Twitter mentions are nearly completely useless.

Dave Mark:

Totally agree with his take. Something fundamental on Twitter is breaking. 😐

Previously:

Lisa Source Code on 40th Anniversary

Benj Edwards (MacRumors):

As part of the Apple Lisa’s 40th birthday celebrations, the Computer History Museum has released the source code for Lisa OS version 3.1 under an Apple Academic License Agreement. With Apple’s blessing, the Pascal source code is available for download from the CHM website after filling out a form.

[…]

The Lisa was not the first commercial computer to ship with a GUI, as some have claimed in the past—that honor goes to the Xerox Star—but Lisa OS defined important conventions that we still use in windowing OSes today, such as drag-and-drop icons, movable windows, the waste basket, the menu bar, pull-down menus, copy and paste shortcuts, control panels, dynamically movable overlapping windows, and even one-touch automatic system shutdown.

John Gruber:

To this day, I’ve never seen one. The Mac interface captured a certain magic that the Lisa’s quite obviously did not — I think the Lisa ultimately failed more because of that than its price. But its influence on the original Mac is obvious.

Previously:

Mac 30th Anniversary Icons

Robb Knight:

SVG icons extracted from the 30th Anniversary Mac Font

Via Dave Mark:

And if you hover your cursor over the icons, they slowly change color.

Nick Heer:

It is also a reminder that the titanium PowerBook which so clearly set the template for Apple’s current laptops was released closer to the original Macintosh than to today’s Macs.

Previously:

Wednesday, January 25, 2023

ChatGPT vs. Google

Dave Winer:

I went to ChatGPT and entered “Simple instructions about how to send email from a Node.js app?” What came back was absolutely perfect, none of the confusing crap and business models you see in online instructions in Google. I see why Google is worried. ;-)

John Gruber:

The threat to Google is real. That type of search for a clearly-written one-line programming question used to produce excellent results from Google Search. For a number of years, though, search results for queries like that — both at Google and competing search engines — have been littered with junk generated by content farms.

[…]

The problem with Google Search today isn’t specific to programming questions, but the general problem of answering how-to questions in any subject.

The ranking problem is real—these days it’s common for Google search results to be filled with junk. But I think the bigger problem is that Google no longer feels complete. I used to be able to weed out the junk by writing more specific queries. Now, such queries—as well as searches for phrases that I know exist on the Web—commonly turn up nothing.

Previously:

Update (2023-01-27): John Gordon:

Google can’t find things I’ve written on their blogging platform (Yeah, Blogger still works.) It’s a husk now.

Update (2023-01-31): Ameya Paleja (via Hacker News):

The popularity of ChatGPT, the online chatbot built by OpenAI, has brought many to question the survival of search engines such as Google. Paul Buchheit, the creator of Gmail, has also dropped his opinion on the matter, and he thinks that Google's business will last a maximum of two years, he tweeted.

[…]

Google could quickly be pushed into irrelevancy as users throng for more simplistic answers than indexed pages. Even if Google were able to push A.I. products developed in-house into the market almost immediately, Buchheit does not see a way; it could do so without destroying the most valuable part of its business.

Twitter to Revert Hostile “For You” Switch

Kyle Barr:

Twitter has reversed course on its extremely unpopular decision to make an algorithmically generated timeline the default for all Twitter users.

[…]

The change will start on the web version of Twitter before “soon” coming to the iOS and Android versions of the app. The move comes just two weeks after the company made the much-maligned decision to force feed users content based on stuff “You might like.”

It’s not just that they made “For You” the default but also that it would keep switching you away from “Following” after you had selected it, either when returning to the app or if you were scrolling down the timeline but moved your finger slightly to one side.

I still don’t think this makes the official Twitter app usable, as it does not do a good job of loading all the tweets if you’ve been away from the app for a while.

It also wastes a chunk of valuable screen space showing the tab titles even though I never want to use a different tab.

Previously:

LaunchBar Actions for Mastodon

Christian Bender:

Search Mastodon accounts and hashtags easily with LaunchBar.

[…]

This action opens the current post or profile in Safari on your home instance.

[…]

This is a simple action to post a status (toot) on Mastodon.

I had forgotten that LaunchBar now has a JavaScript API that can make these sorts of custom actions feel like built-in parts of the app.

Previously:

Network Connections From mediaanalysisd

Jeffrey Paul (Hacker News):

Imagine my surprise when browsing these images in the Finder, Little Snitch told me that macOS is now connecting to Apple APIs via a program named mediaanalysisd (Media Analysis Daemon - a background process for analyzing media files).

[…]

Apple has repeatedly declared in their marketing materials that “privacy is a human right”, yet they offered no explanation whatsoever as to why those of us who do not traffic in child pornography might wish to have such privacy-violating software running on our devices.

[…]

Integrate this data and remember it: macOS now contains network-based spyware even with all Apple services disabled. It cannot be disabled via controls within the OS: you must used third party network filtering software (or external devices) to prevent it.

Contrary to this post, I think Apple did clearly state that it has abandoned local CSAM detection. And he doesn’t seem to have evidence that his data is being improperly sent to Apple. Still, it’s not clear exactly what mediaanalysisd is doing with the network.

Howard Oakley:

There is no evidence that local images on a Mac have identifiers computed and uploaded to Apple’s servers when viewed in Finder windows.

[…]

Images viewed in apps supporting VLU have neural hashes computed, and those are uploaded to Apple’s servers to perform look up and return its results to the user, as previously detailed.

VLU can be disabled by disabling Siri Suggestions in System Settings > Siri & Spotlight, as previously explained.

Mysk:

No, macOS doesn’t send info about your local photos to Apple We analyzed mediaanalysisd after an extraordinary claim by Jeffrey Paul that it scans local photos and secretly sends the results to an Apple server.

[…]

We analyzed the network traffic sent and received by mediaanalysisd. Well, the call is literally empty. We decrypted it. No headers, no IDs, nothing. Just a simple GET request to this endpoint that returns nothing. Honestly, it looks like it is a bug.

Mysk:

The issue was indeed a bug and it has been fixed in macOS 13.2. The process no longer makes calls to Apple servers.

Was it also a bug that this happened even though Paul had opted out of everything? Or is there no setting for this? Or did he miss a setting?

Jamie Zawinski:

Ok, that may well be. But when my OS was phoning home on my photos yesterday and happens to not be phoning home on them today… that doesn’t really build trust. Intent matters, and we know what Apple’s intent is because they told us. Code matters, and we are not allowed to see Apple’s code.

Maybe the fact that it phoned home with a null response is only because the test photos didn’t match some magic neural net -- congratulations, Apple didn’t report your test images to the FBI.

We cannot know. But suspicion and mistrust are absolutely justified. Apple is examining your photos and then phoning home. The onus is on them to explain -- and prove -- what they are doing and why.

Previously:

Update (2023-01-27): Howard Oakley:

Just checked this evening: this hasn’t changed in 13.2.

Nick Heer:

This bug violated users’ trust. The last time something like this happened was with the OCSP fiasco, when Apple promised a way to opt out of Gatekeeper checks by the end of 2021. As of writing, any such option remains unavailable.

[…]

At the same time, it is unwise to trust alarmist reports like these, either. These are extraordinary claims made without evidence, and they can be dismissed unless proven.

Howard Oakley:

Live Text analysis doesn’t generate neural hashes or other identifiers for an image, in the way that Visual Look Up does.

Any connection to Apple’s servers during Live Text analysis is performed before the image has been analysed, and before the extraction of any text. It cannot, therefore, send Apple any image identifiers or extracted text.

Live Text relies on language asset files, which may need to be augmented or updated over a network connection during text recognition.

macOS 13.1 and 13.2 perform Live Text essentially the same, and will both attempt to connect to Apple’s servers in the event that they need to update language asset files.

Tuesday, January 24, 2023

macOS 13.2

Juli Clover (release notes, security, enterprise, developer, full installer, IPSW):

The update adds Security Keys for the Apple ID, allowing for physical two-factor authentication, which offers more protection against phishing and unauthorized account access. The update also rolls out Advanced Data Protection for iCloud to all users globally.

See also: Howard Oakley.

Matthias Gansrigler:

macOS 13.2 (22D49) seems to have finally fixed the [widget configuration] issue – although it did take an initial

killall Notification\ Centre

to kickstart the widgets after adding and configuring them. But after that, it seems to work reliably.

Matthias Gansrigler:

But: on my Mac, Spotlight can’t find any apps anymore.

Previously:

Update (2023-01-25): Sean Heber:

I just upgraded to macOS 13.2 and now I see this in the Privacy & Security prefs? Uhh.. okay, I guess? I mean… did I have a choice?

[…]

I clicked Allow because I’m a crazy person and it asked for my password and then updated an unnamed system extension and rebooted…

So… uh…. wtf did I just do?!

Update (2023-01-27): Francisco Tolmasky:

Why is my Mac doing all this annoying shit? Oh, right, since I rebooted to install macOS 13.2 it “helpfully” turned Bluetooth back on. Sigh.

Previously:

macOS 12.6.3 and macOS 11.7.3

Apple (full installer):

This document describes the security content of macOS Monterey 12.6.3.

Apple (full installer):

This document describes the security content of macOS Big Sur 11.7.3.

Previously:

Update (2023-01-25): Jeff Johnson:

Here’s a screen recording of Big Sur after installing today’s 11.7.3 update on an M1 Mac mini with a non-retina display.

  1. The window resize widgets are GONE! WTF?
  2. Safari web extension icons are GONE (but Safari app extension icons are fine).

iOS 16.3 and iPadOS 16.3

Juli Clover (security, Hacker News):

Security Keys for Apple ID provide users with the option to add a third-party security key to their account, which will be needed for authentication when logging into a new device or otherwise accessing an Apple ID.

[…]

Advanced Data Protection for iCloud uses end-to-end encryption to provide Apple’s highest level of cloud data security. The feature was made available to users in the U.S. at the end of last year with the release of iOS 16.2, but iOS 16.3 brings it to all users worldwide for the first time.

[…]

Emergency SOS has been updated to prevent accidental emergency calls. Calls can still be placed by holding down the side button along with either the up or down volume button, but now the buttons must be released in order to place the call.

Previously:

Update (2023-01-25): Steve Troughton-Smith:

I was starting to enjoy using Freeform, but then I realized that individual brush strokes were being lost to iCloud sync between my devices. And not just a render issue, as the stroke objects were just gone 😰 That definitely has me spooked away, even if the iOS 16 release notes mention something tangentially related to it. I feel they may be understating the problem…

Kirk Reynolds:

Data loss happened to me while sharing a Freeform doc. Created something to share with my son. Went to his iPad and it was there as a mostly empty doc with random strokes. Looked back at my iPad and it was the same, with no prior revision to go back to.

Cabinet20:

The notes for 16.3 release specifically mention this is fixed. I hope it’s right.

My wife updated to iOS 16.3 and lost 200 Safari tabs.

Ivory 1.0

Tapbots:

Ivory is a brand new app that brings 10 years of experience building the award-winning Twitter app, Tweetbot, over to Mastodon.

[…]

Ivory is currently in Early Access, which means there are features missing and we are actively building them while you get to use the app.

As a big fan of Tweetbot, I’m really excited to see this, though I have little use for it at present since there’s no Mac version. (The iOS version isn’t allowed to run on Apple Silicon Macs.)

Oddly, the app has been available for much of the day but still doesn’t show up in the App Store when I search for it. Lots of other Mastodon clients fill the search results, along with various games and shopping apps. I had to click the direct link.

Federico Viticci:

Elephant aside, what stands out in Ivory is the iconography. For Ivory, Jardine has drawn an entirely new set of icons for the tab bar, compose window, action drawer, and other areas of the app. These icons are lovely: they have a unique line style I haven’t seen anywhere else in iOS; they’re fresh, instantly recognizable, and legible in both light and dark mode. It’s funny how a simple icon set can make Ivory feel so different from Tweetbot, but that’s exactly what I noticed in this first version of the app.

[…]

Ivory is, by far, the smoothest, most responsive Mastodon client I’ve tried on my iPhone and iPad yet. The app’s animations are incredibly fluid on ProMotion displays, and the timeline scrolls quickly with no stutters or other glitches, which I’ve seen in other clients.

[…]

Ivory, like Tweetbot, supports syncing your timeline position via a custom iCloud integration. This has been working very well for me, but as I posted recently, I hope Tapbots will consider implementing Mastodon’s native sync marker API as well.

[…]

The hidden power of filters, however, lies in the ability to create your own with a surprisingly advanced interface. When creating a custom filter, you can include or exclude keywords, then choose to match any or all filters from a selection of the following criteria[…]

[…]

if you hold down the boost icon (boosts are the Mastodon equivalent of retweets), you’ll get the option to boost a post from a different account than the one currently viewing the timeline.

Dan Moren:

While Ivory has been free during the beta period, it will be a paid product within the App Store: you can pay $1.99 per month or $14.99 per year.

See also: Juli Clover.

Previously:

Update (2023-01-25): See also: Rui Carmo.

Homecoming for Mastodon 1.1

Jeff Johnson (Mastodon):

I found that the federated structure of Mastodon could make it ridiculously difficult to follow people, especially if you’re not on one of the biggest instances such as mastodon.social (which is often closed for new sign-ups). Whenever you’re browsing a web page on another Mastodon instance, you can’t simply click a button to follow someone, because you’re not signed in on that instance. You can only follow someone from your own instance, where you have an account.

The trick is to translate or redirect a Mastodon URL on another instance to the corresponding URL on your instance. The only reliable way I knew to accomplish this was to copy the URL and paste it into the search field on the web page of my own instance, but that method was obviously tedious.

His $1.99 Safari extension adds a toolbar button to automate this. I’ve found this very helpful, not only for following new people, but also for boosting posts from different instances after opening them from NetNewsWire into Safari.

Previously:

Mimeo Acquires Motif

Mimeo:

This acquisition will combine the shared passion for empowering creators and producing top-notch products of both Mimeo and Motif, and strengthens Mimeo’s commitment to delivering best-in-class photo products and innovation for every home and business.

Motif:

Motif and Mimeo have been global strategic partners with Apple for over a decade, first as the photobook providers behind Apple’s iPhoto printing services and now as the top photobook product apps in the Apple Mac App Store. With this acquisition, we will continue the tradition of producing the highest quality photobooks and other photo products from the same facilities trusted by Apple.

[…]

You will continue to be able to design beautiful products on the Motif apps this year, yet every photobook, calendar, and card will be printed and shipped by Mimeo.

[…]

For those that utilize Motif’s image curation and AutoFlow technology, which automatically chooses and lays out the best photos for your photobooks, you will still be able to do so. But now you will also have the option to utilize Mimeo Photos’ advanced layout and design toolset.

I like Motif—both the interface and print quality are superior to Shutterfly—so I’m a bit worried about what this means for the app and service. It sounds like they are implying that the app will be gone after 2023, which means that my old projects may no longer be accessible.

Previously:

RAW Power 3.4

Gentlemen Coders:

Adjust images with incredible precision and power, using special controls in Apple’s RAW decoder.

[…]

Work with your Photos library or Finder folders.

[…]

Rate and flag images. Filter by four criteria.

[…]

Multiple windows and tabs. View and edit multiple folders, Photos albums, and files at once.

[…]

Apply presets and adjustments, Auto Enhance, export, and more to multiple images at once.

Previously:

Friday, January 20, 2023

Twitter Makes It Official

Karissa Bell:

In case there was any doubt about Twitter’s intentions in cutting off the developers of third-party apps, the company has quietly updated its developer agreement to make clear that app makers are no longer permitted to create their own clients.

The “restrictions” section of Twitter’s developer agreement was updated Thursday with a clause banning “use or access the Licensed Materials to create or attempt to create a substitute or similar service or product to the Twitter Applications.”

I don’t understand what this means for API users such as NetNewsWire that are not trying to create their own client. What counts as a substitute?

Via John Gruber:

It’s better to put it in writing and make it official, but it just makes Twitter’s claim two days ago that these terms were “longstanding” all the more absurd.

Sean Heber (Hacker News):

But, as much as it pains us to say it, Twitterrific for iOS and macOS have now been removed from both App Stores. If you had a subscription on iOS, it will be automatically cancelled by the App Store.

Finally, if you were subscriber to Twitterrific for iOS, we would ask you to please consider not requesting a refund from Apple. The loss of ongoing, recurring revenue from Twitterrific is already going to hurt our business significantly, and any refunds will come directly out of our pockets – not Twitter’s and not Apple’s.

Tapbots (Hacker News):

While it is time for us to lay it to rest, a new bot will rise in its place and be greater than Tweetbot ever was. Built on an open and free platform, we are proud to introduce Ivory for Mastodon. We have taken everything great about Tweetbot and used it as the starting point for the future of Ivory. We have great plans to make Ivory better than Tweetbot ever could be.

See also: The Talk Show.

Previously:

Update (2023-01-25): Paul Haddad:

A batch of the smaller Twitter 3rd party clients has been banned over the last couple of days. I just can’t tell if they are doing it this way because they are trying to maximize FUD and minimize outrage. Or if they don’t have anyone left who knows how stuff works and are just doing searches for “xyz still works” and then blocking.

Photos Workbench 1.0

Houdah Software:

Photos Workbench works with Apple Photos to help you organize, name, and compare your photos.

[…]

Batch change titles. Give your photos descriptive names

[…]

One-click apply keywords using keyword palettes

[…]

Photos Workbench has a large map that makes adding location information to your photos easy.

Previously:

Identifying Phishing

Adam Engst:

In the past, many phishing attempts were obviously fake, and intentionally so. That’s because they only had to sucker people who were sufficiently inexperienced, credulous, or easily deceived that they would continue to go along with the scam. Now, however, I’m seeing phishing attempts that are more sophisticated and harder to identify quickly.

I’ve been examining phishing attempts for so long that it’s hard for me to imagine what might fool someone else, so I wanted to share some recent attempts that slipped past Gmail’s filters. For each message, I’ve called out some of the ways I identified it as phishing.

Local iOS Backups Repeatedly Prompt for Passcode

Adam Engst:

Instead of preventing AppleMobileBackup from backing up to custom locations without additional permission, Apple chose to mitigate the vulnerability by forcing the user to enter the device’s passcode on every backup or sync connection. And it works: Apple’s new approach prevents the backups from being directed to an unprotected location unless an attacker knows your device’s passcode. If they know the passcode, there’s far worse that they could do with your iPhone or iPad and the data stored on it.

Unfortunately, Apple’s solution is particularly ham-handed because it adds a non-trivial step to every USB or Wi-Fi connection attempt by every iOS/iPadOS user who backs up or syncs locally.

Update (2023-01-21): See also: Hacker News.

Thursday, January 19, 2023

Folders With High File Counts

Mike Bombich (Hacker News):

Any time a folder has more than a few thousand items in it, the filesystem is going to be a lot slower when working with that folder. Adding a new file, for example, requires that the filesystem compare the new item name to the name of every other file in the folder to check for conflicts, so trivial tasks like that will take progressively longer as the file count increases. Gathering the enormous file list will also take progressively longer as the list gets larger.

[…]

Last week, one of our users found the task as shown above. Upon closer analysis, we determined that the “media” folder had 181,274 files in it. In other words, more than 10% of the files on the whole startup disk were in that “media” folder. In extreme cases like this, the delay to retrieve a file list can be so long (i.e. longer than 10 minutes) that the task aborts with an error[…]

[…]

For a contrasting example, consider how Mail organizes a potentially astronomic list of files. If you navigate to the hidden Library folder in your home folder, then to Mail > V10 > {any UUID} > {any mailbox} > {another UUID} > Data, you’ll see folders named by number, four layers deep, until you finally get to a Messages folder with actual files in it.

Apple should also employ this technique for Core Data external storage and Spotlight temporary files.

Previously:

Amazon Closing AmazonSmile

Amazon (Hacker News):

In 2013, we launched AmazonSmile to make it easier for customers to support their favorite charities. However, after almost a decade, the program has not grown to create the impact that we had originally hoped. With so many eligible organizations—more than 1 million globally—our ability to have an impact was often spread too thin.

So if it had grown more—i.e. it was costing Amazon more—they would have kept it?

Once AmazonSmile closes, charities will still be able to seek support from Amazon customers by creating their own wish lists.

Eric Schwarz:

I’ve used this feature almost since the beginning and find it slimy that Amazon would end it with the excuse “it’s spread too thin” when even the small amounts going to some organizations (such as schools and animal rescues) make a big impact.

Annie Palmer (via Hacker News):

Amazon on Wednesday will begin a fresh round of job cuts in what’s expected to become the largest workforce cuts in its 28-year history.

Earlier this month, CEO Andy Jassy said the layoffs would affect more than 18,000 employees, primarily in its human resources and stores divisions.

Rich Johnston:

Today, there are significant redundancies and firing occurring at Amazon, with executives sending statements to staff. This included staff members at the digital comic book publisher and distributor ComiXology, acquired by Amazon and later integrated into the main Amazon site, with reports of up to 50% layoffs.

Update (2023-01-20): this_my_sportsreddit (via mrzaius):

Here’s the most messed up part. I used to work at Amazon corporate, let me tell you how the entire program Amazon Smile got created.

So basically, when a customer wants to buy a product, they usually go straight to Amazon.com and enter what they’re looking for. But there’s also a large segment of customers who begin their search on google, and ends up at Amazon. Well guess what. When that type of search to purchase experience happens, Amazon has to pay google. Internally, Amazon thought that if they could force users to go straight to Amazon, offer a small but obviously less amount of money to charity from each customer than would have been paid to google, it would help kill customers going to google, save Amazon more money than paying google, and be good overall for the brand value of Amazon.

That’s why for the program to work, the user has to start shopping at smile.amazon.com. Until recently, the option to use amazon smile wasn’t even available in the app, and even then the user still had to ‘renew’ being a part of Smile multiple times a year. There is no way for a customer to go through the traditional shopping experience, and then during checkout decide they want to give a portion of their purchase to charity, because giving to charity isn’t the point of the overall program. Amazon Smile was developed by the Traffic Optimization team, whose entire purpose is increasing efficiency and lowering costs of getting customers to Amazon.

Update (2023-01-21): Emily Schmall (via John Gordon):

Amazon’s decision to remove certain charities from the program drew the ire of prominent Republicans, who accused the company and its founder, Jeff Bezos, who was Amazon’s chief executive at the time, of discriminating against conservative groups and indulging in what they described as “woke activism.”

[…]

For some organizations, AmazonSmile donations represented significant support. St. Jude Children’s Research Hospital, for instance, said in November that it had received $15 million in donations over the lifetime of the program.

[…]

Mr. Malone said that “many of the people” who had worked on the AmazonSmile program were among the company employees who were being laid off.

But it was “not a cost-cutting measure.”

Issues With Apple TV Remotes and iCloud Terms

Greg Pierce:

Maybe just lucky, but since upgrading to the newest Apple TV, with the USB-C remote, we've had to reboot the remote periodically to make it work the TV volume.

Despite using Apple TVs for many years, I was not previous aware that you could reboot the remote.

Tim Hardwick:

Several MacRumors forum and Reddit threads have been created to bring attention to the issue, which seems to relate to the Siri Remote's inconsistent Bluetooth connection with the latest Apple TV 4K, even at close proximity.

Apple:

Press and hold the TV/Control Center button and the Volume Down button at the same time. Hold the buttons down for about 5 seconds, or until the status light on your Apple TV turns off and on again.

Benjamin Mayo (via Paul McGrane, Hacker News):

A viral tweet today highlights a somewhat frustrating limitation with the Apple TV software. As of a recent software update, tvOS expects users have access to an iPhone or iPad in order to do things like accept new iCloud terms and conditions, or update their Apple ID settings.

[…]

Apple contacted @hugelgupf to provide a workaround. Apparently, fully signing out of iCloud and back in on the Apple TV will prompt terms and condition screen which can be accepted on the same device. Weird.

Previously:

What About “Log in With Twitter”?

Adam Chandler:

There are many websites, like this one who use Continue with Twitter / Login with Twitter” I assume that many sites responsibly implemented this and still set a password for the user and a user id but one thing I think most of us have not had to think about is what happens with “sign in with” (Apple, Google, Microsoft, Facebook, Twitter) go away?

[…]

With the future of Twitter being so uncertain, anyone who has users who joined via a Twitter OAuth handshake may want to make sure they’re ready for that service that holds thousands of tokens to suddenly stop working.

Previously:

Wednesday, January 18, 2023

HomePod (2nd Generation)

Apple (Hacker News, Reddit, 2):

Packed with Apple innovations and Siri intelligence, HomePod offers advanced computational audio for a groundbreaking listening experience, including support for immersive Spatial Audio tracks. With convenient new ways to manage everyday tasks and control the smart home, users can now create smart home automations using Siri, get notified when a smoke or carbon monoxide alarm is detected in their home, and check temperature and humidity in a room — all hands-free.

[…]

HomePod easily pairs with Apple TV 4K for a powerful home theater experience, and eARC (Enhanced Audio Return Channel) support on Apple TV 4K enables customers to make HomePod the audio system for all devices connected to the TV. Plus, with Siri on HomePod, users can control what’s playing on their Apple TV hands-free.

Joe Rossignol:

The new HomePod is 6.6-inches tall and weighs 5.1 pounds, compared to 6.8-inches and 5.5 pounds for the first-generation model, while both models are 5.6 inches wide. The new HomePod also has two fewer tweeters and microphones compared to the original model. The original HomePod was equipped with the A8 chip from the iPhone 6, while the new model has the S7 chip from the Apple Watch Series 7.

A new sensor in the HomePod can measure temperature and humidity in indoor environments, and this feature is also being enabled on the existing HomePod mini.

I wonder whether this will be able to replace dedicated temperature monitoring solutions such as Wireless Sensor Tags (which have worked well for me but are clunky to set up) and Temp Stick (more expensive than HomePod mini, requires batteries).

The HomePod price is down from $349 to $299. The main issues with the original seem to have been reliability and Siri, and it’s not clear whether those have improved. There’s still no Home Sharing or direct input via Bluetooth audio or a cable.

Joe Rossignol:

The second-generation HomePod introduced today will offer a Sound Recognition feature that allows the speaker to detect smoke and carbon monoxide alarm sounds and send a notification to the user’s iPhone if either of those sounds are identified.

Previously:

Update (2023-01-18): Daniel Jalkut:

The Apple video for the new HomePod makes it appear as though Siri would respond to you in something less than a full second. Could we be so lucky, or is this just fanciful advertising?

Casey Liss:

How the hell does that work? The TV acts as an eARC receiver, and then rebroadcasts via… AirPlay?… to the HomePod(s)?

Colin Cornaby:

Still grumpy the new HomePod doesn’t have any sort of aux connector.

Peter Steinberger:

Same flakey AirPlay though?

Nick Heer:

Apple announced a new HomePod model today, which it insists on referring to as the “HomePod” instead of a “HomePod Mini Max”. You might think I am being stupid — and I am — but this thing is closer to the Mini on the inside despite looking like the original model on the outside.

IGmeanwell:

Ok now let me attach two more HomePods for a surround experience

Dave B:

The worst part about those watch CPUs is that they haven’t advanced in years.

Update (2023-01-19): Dave Mark:

New Apple video: “Introducing the all-new HomePod

Be aware that you CAN’T pair a new HomePod with an OG HomePod. 😐

Update (2023-01-25): Aaron Pearce:

Received my first support email about the HomePod temperature/humidity sensors not showing in my apps. Thanks Apple for blocking them from third parties.

Update (2023-01-27): John Gruber:

I first wish to note how deftly this announcement is written. Joz’s quote alludes, ever so slightly, to the fact that Apple is not merely updating the HomePod with a new model, but bringing it back after a long absence. But anyone who hasn’t been paying close attention would never notice that.

[…]

The conventional wisdom was strongly on the side that the problem with the original HomePod was its price — $350 originally, reduced to $300 in April 2019. Even I succumbed to that price-centric thinking in my brief item noting its discontinuation. I am now convinced that was wrong, though. I got it right back in 2018, when I wrote “HomePod’s Priorities”[…]

[…]

I suspect that reliability was the problem with the original models — some sort of design or engineering flaw that sent Apple back to the drawing board years before they expected to need a 2nd-generation model. HomePod Minis are great for what they are, but they’re no replacement for the full-size models in terms of room-filling sound quality.

M.G. Siegler:

Is it a significantly upgraded version at a better price? Nah, not really. It’s slightly smaller and slightly lighter. But that’s mainly because Apple has also reduced the number of tweeters and microphones in the device. Yes, it has an upgraded processor. But it’s a processor found in the Apple Watch (the S7) instead of the iPhone-focused chip found in the previous version (the A8). It has a slightly upgraded screen. But also a downgraded WiFi chip? It can tell the temperature, but the HomePod mini can also now do that. There’s a new ‘Midnight’ color, which as everyone knows, is just marketing for a very similar black/gray to the original model. It’s $299, which is the same price the original was discounted to after it failed to sell well at $349.

It’s just… weird.

iCloud Syncing Limitations & Solutions

NetNewsWire:

With Apple’s limits, sync times can take hours and hours as they force limits on data transfer. The exact amount of time is dependent on the amount of data you have in iCloud.

Larger numbers of unread articles can cause a lot of data to be stored in iCloud. This is because we have to sync the article content of unread items.

[…]

Dealing with long sync times can be a little tricky on iPhones and iPads. These devices work hard to preserve battery life and don’t work well with long running processes. If you switch away from NetNewsWire or let your devices display go to sleep, you won’t complete a long running sync.

Our advice is do the following procedure right before you go to bed[…]

I find that syncing between Macs just works, even with a ton of data. With my iPhone, the app would always get stuck. After I removed some large feeds and marked some old posts as read, syncing did eventually complete, and it’s been quick to update ever since.

Previously:

Reading Twitter and Mastodon in NetNewsWire

Dr. Drang:

Once upon a time, RSS feeds were part of Twitter, but those days have long since passed. Now you have to use either the Twitter features built into your RSS reader or use a specialized service like RSS.app.

As a NetNewsWire user, I set up its Twitter extension, which uses my Twitter account’s credentials, to access these accounts’ timelines and present them to me as if they were any other RSS subscription.

This is what I’m doing now, and it works quite well, even showing avatar images. Of course, there’s no telling whether the API will keep working. Feedbin can do this, too, though I find that it’s much slower to update with new tweets.

NetNewsWire:

Though the UI doesn’t expose it (we should fix that, yes), you can subscribe to a Twitter list in NetNewsWire.

I’m also using NetNewsWire for Mastodon. As with Twitter, what I like compared with a lot of the clients is that it works well for reading in batch mode. It doesn’t lose posts if I get behind or mess up the scroll position when loading more in the middle of the timeline. I also like having explicit read indicators.

NetNewsWire doesn’t have an extension for Mastodon, and Mastodon doesn’t offer an RSS feed of your timeline, so I subscribe to each user’s individual RSS feed. There’s also no Mastodon feed for mentions, but it has reliable e-mail notifications (unlike Twitter).

All in all, I’m pleased to be able to follow multiple accounts for multiple services all in the same window. It works well on my iPhone, too. I never really liked reading RSS feeds on iOS, but it’s great with these short posts. I can quickly star the ones I want to do something with on my Mac, avoiding the slow, multi-tap process I had been using to share tweets to OmniFocus.

Previously:

App Store Results in iOS Search

Colin Cornaby:

Starting to feel super weird about App Store listings in iOS search. It usually just means whenever I’m searching for something some low quality app with the right SEO is now staring me in the face.

What’s really weird is that I get these crummy results for apps in the store, but—for years—if I type “Note” or “Remind” the built-in Notes and Reminders apps don’t show up at all. Why does it offer the Wikipedia page for the Notes app but not the app itself that’s actually on my phone? Is this because I once removed these apps from my home screen a long time ago?

Update (2023-01-18): Plateau Astro:

OK, so I’m not nuts! Reminders, Notes, and Calendars also don’t show up in search on iPhone for me

I can’t recall ever removing the Notes or Calendar app from my home screen/phone before. But funny enough, my iPad doesn’t have the app installed, yet shows a reminder there!

Calendar is also missing on my iPhone, and I don’t think I ever deleted that one.

Update (2023-01-19): The problem was that iOS had unchecked the apps in Settings ‣ Siri & Search.

Tuesday, January 17, 2023

Apple M2 Pro and M2 Max

Apple (Hacker News, MacRumors, Reddit):

Apple today announced M2 Pro and M2 Max, two next-generation SoCs (systems on a chip) that take the breakthrough power-efficient performance of Apple silicon to new heights. M2 Pro scales up the architecture of M2 to deliver an up to 12-core CPU and up to 19-core GPU, together with up to 32GB of fast unified memory. M2 Max builds on the capabilities of M2 Pro, including an up to 38-core GPU, double the unified memory bandwidth, and up to 96GB of unified memory. Its industry-leading performance per watt makes it the world’s most powerful and power-efficient chip for a pro laptop. Both chips also feature enhanced custom technologies, including a faster 16-core Neural Engine and Apple’s powerful media engine.

[…]

Built using a second-generation 5-nanometer process technology, M2 Pro consists of 40 billion transistors — nearly 20 percent more than M1 Pro, and double the amount in M2.

[…]

With its powerful CPU, M2 Pro can compile code up to 25 percent faster than M1 Pro, and up to 2.5x faster than MacBook Pro with an Intel Core i9 processor.

Previously:

Update (2023-01-18): Geekerwan (via Hacker News):

We designed our own battery test model and run it against windows laptops. And we also benchmarked them using SPEC CPU, as well as real-life performance test, and more.

MacBook Pro 2023

Apple:

Introducing the new MacBook Pro and Mac mini supercharged by the next generation of Apple silicon.

Apple (Hacker News, MacRumors):

Apple today announced the new 14- and 16-inch MacBook Pro featuring M2 Pro and M2 Max, Apple’s next-generation pro silicon that brings even more power-efficient performance and battery life to pro users.

[…]

Building on the unprecedented power efficiency of Apple silicon, battery life on MacBook Pro is now up to 22 hours — the longest battery life ever in a Mac. For enhanced connectivity, the new MacBook Pro supports Wi-Fi 6E, which is up to twice as fast as the previous generation, as well as advanced HDMI, which supports 8K displays for the first time. With up to 96GB of unified memory in the M2 Max model, creators can work on scenes so large that PC laptops can’t even run them.

[…]

These new capabilities build on the versatile connectivity options already in MacBook Pro, including three Thunderbolt 4 ports for high-speed connection to peripherals, an SDXC card slot, and MagSafe 3 charging.

Still the huge trackpad and three Thunderbolt ports, unfortunately, despite four on the new Mac mini.

Tim Hardwick:

Previously on the 2021 MacBook Pro models, the HDMI 2.0 port only supports a single 4K display with a refresh rate of up to 60Hz.

But the more advanced HDMI port on the new MacBook Pro models with M2 Pro and M2 Max chips means they now provide support for 8K displays up to 60Hz and 4K displays up to 240Hz.

Previously:

Update (2023-01-25): Jason Snell:

If you’re someone with an M1 MacBook Pro, you shouldn’t feel particularly envious of these new models. Unless you’ve been feeling buyer’s remorse about not spending enough on that laptop to make it more powerful, I can’t see why you’d upgrade from an M1 MacBook Pro to an M2 model. On the outside, these computers are essentially identical.

[…]

If you’re upgrading from an Intel laptop, you’re going to love the new MacBook Pro. However, you may notice that upgrading from the base configurations is more expensive than you might have expected. Due to the integrated nature of Apple’s processors, memory is not upgradeable after the fact—so you’ll need to choose your memory up front, and choosing a larger configuration will cost. Likewise, storage is tightly integrated, and Apple’s storage options rapidly rise in price.

Derek Wise:

Like the base level M2 MacBook Air, the base level of the latest 14″ MacBook Pro seems to feature fewer NAND chips – at a higher capacity – than the last generation. This results in SSD read and write performance that’s dramatically lower than the previous generation.

See also: MacRumors.

Update (2023-01-27): Dominic Feira:

The really annoying thing is that none of these differences show up in the specs. If they were just up front about it, it would suck, but it would be at least somewhat defensible.

The fact that we have to wait for 3rd parties to determine the differences is just stupid.

Sam Rowlands:

The thing is, the two YouTube reviews of the M2 Pro (14" & 16") that I watched, ended with something along the lines of “Buy a refurb M1 Pro 14" or 16" as that’s better value for money”.

Apple really isn’t helping their reputation with stunts like these.

Update (2023-01-30): Om Malik:

I connected the new laptop to this network and saw my connected speeds go from 350 Mbps down and 400 Mbps up to over 800 Mbps down and 800 Mbps+ on the uplink. My network provider — Google’s Webpass can only provide 1 Gbps, so this is as fast as what I am getting on my Wired Ethernet connection.

Mac mini 2023

Apple (Hacker News, MacRumors):

Mac mini with M2 features an 8-core CPU with four high-performance and four high-efficiency cores, along with a 10-core GPU — perfect for users looking for superfast performance and incredible productivity at an even more affordable starting price of $599.

[…]

M2 Pro brings pro-level performance to Mac mini for the first time. Featuring up to a 12-core CPU with eight high-performance cores and four high-efficiency cores, along with up to a 19-core GPU, M2 Pro has 200GB/s of memory bandwidth — double the amount in M2 — and supports up to 32GB of memory.

[…]

Mac mini continues to deliver extensive connectivity with a wide range of ports. The M2 model features two Thunderbolt 4 ports and support for up to two displays. The M2 Pro model includes four Thunderbolt 4 ports and support for up to three displays. Additionally, the M2 Pro model can support one 8K display, a first for the Mac. Both models feature two USB-A ports, an HDMI port, a Gigabit Ethernet port with a 10GB option, and an upgraded headphone jack to support high-impedance headphones. For wireless connectivity, both new models also feature the latest standards with Wi-Fi 6E5 for up to 2x faster throughput than before, as well as Bluetooth 5.3.

Federico Viticci:

My favorite announcement: four Thunderbolt ports on the M2 Pro mini 😍

Tim Hardwick:

Apple has stopped offering Intel-powered Mac mini models following the launch of new Apple silicon models featuring its new M2 and M2 Pro chips.

[…]

The Mac Pro is now the only Intel-powered machine that Apple sells, as the company continues with its transition to Apple silicon.

Previously:

Update (2023-01-18): Wesley Hilliard:

The M2 Pro Mac mini bridges the gap between entry-level and high-end. Here’s how it compares to the baseline Mac Studio.

Meek Geek:

Agree that the Mac mini’s $100 price drop to $599 is nice. Alas, 8GB RAM is criminal on such a powerful desktop computer.

Kyle Howells:

The MacBook Pro AR files were compiled on October 11th 2022! Mac mini was October 18th 2022. @markgurman was right. November event was canceled.

Update (2023-01-25): Dan Moren:

However, upgrading the stock configuration of the M2 Pro Mac mini can close that price gap in a hurry. Move up to 32GB of RAM and a 1TB SSD, and you’re just $100 shy of the Studio’s introductory price—and that’s not even including that more powerful CPU and GPU option. All in all, a maxed-out M2 Pro mini will run you $4,499, surpassing the cost of the Studio’s standard M1 Ultra configuration—heck, now you’re in Mac Pro territory.

In short, the Mac mini is really two products. The base level $599 M2 mini is basically the equivalent of the MacBook Air: a pretty affordable machine that’s capable of handling almost any daily task thrown at it. The M2 Pro mini, on the other hand, is a mid-range Mac desktop that’s aimed at what you might have once called the prosumer market: a powerful Mac that can go the extra mile—for a price.

[…]

If there’s a disappointment with the design of this latest revision, it’s that Apple seems to believe ports on the front of its machines are a luxury to be reserved for those who want to spend two thousand dollars on a Mac.

Joe Rossignol:

A teardown of the new Mac mini shared by YouTube channel Brandon Geekabit reveals that the 256GB model is equipped with only a single 256GB storage chip, while the same configuration with the M1 chip has two 128GB chips. This difference explains why the new model has a slower SSD, as multiple NAND chips allow for faster speeds.

We have confirmed with the Blackmagic Disk Speed Test benchmarking app that SSD read and write speeds for the new 256GB Mac mini are each around 1,500 MB/s, which is anywhere from 30% to 50% slower than read and write speeds for the equivalent previous-generation model, although benchmark results and real-world performance can vary.

Twitter Claims Apps Blocked for Violating API Rules

Adam Demasi:

Here’s a spreadsheet I saw shared around that confirms this targeted a specific set of popular clients[…]

Erin Woo:

The mysterious outage of Tweetbot and other third-party Twitter clients that began Thursday night was an intentional suspension, according to internal messages viewed by The Information. The suspension cut off the ability of people to use Twitter on outside apps, forcing them to go to Twitter’s own app.

The reason for the suspension couldn’t be learned.

Abner Li:

Other internal (Slack) communications seen by the publication reveal that Twitter is working on “approved talking points” for partners, but it’s not clear when they would be ready.

[…]

Since then, Twitter, including the usually vocal Elon Musk, has not announced the removal of third-party apps.

[…]

The Information notes that “most of Twitter’s employees, including most people working on Twitter’s developer platforms” have been laid off.

John Gruber:

Twitter can of course do what it wants, and Musk owns Twitter so he can do what he wants. But pulling the plug on these clients and ghosting everyone on communications about it is so absurdly disrespectful. Zero respect for the users for those apps, zero respect for the developers behind them — many of whom had been building on the Twitter platform for 10-15 years. Just a clown show.

Paul Haddad:

Even without these leaks if you add up the lack of communication, only impacting the top 25-50 Twitter API clients and clients showing up as suspended in the dev. dashboard. The only conclusion at this point is that it was intentional and not any kind of bug.

For the record, still no official or even unofficial communication from anyone within Twitter.

[…]

And I really want an official public statement. We have a large number of sub. renewals for year 3 of Tweetbot coming up in a couple of weeks. If we’re permanently cut off I need to know so we can remove the app from sale and prevent those.

Craig Hockenberry (Hacker News):

Twitterrific is something that we’ve all poured our love into for the past 16 years. I’m not usually one to toot my own horn, but we literally crafted the early experience on the service. We often hear that folks joined up because of our app. Our work was definitive and groundbreaking.

[…]

Like my mom, the API has been declining for awhile. Endpoints were removed, new features were unavailable to third parties, and rate limiting restricted what we could do.

[…]

What bothers me about Twitterrific’s final day is that it was not dignified. There was no advance notice for its creators, customers just got a weird error, and no one is explaining what’s going on.

Ged Maheux:

I absolutely cannot wait to see the twisted justifications Musk and Twitter spit out for suspending SOME but not all 3rd party clients. John’s right, this whole affair is utterly disgraceful from top to bottom. I’m looking forward to putting it all behind us once and for all at this point.

Emma Roth (Hacker News):

Tweetbot is down again. The Twitter client briefly became available in the midst of an outage that locked users out of major third-party Twitter clients.

Paul Haddad:

And now dead again, along with some old unused API keys, which proves that this was intentional and we and others were specifically targeted.

Ross Woodruff:

Nope it’s not shutdown, they’ve specifically just revoked the API keys for the most popular apps.

Federico Viticci:

Let’s pour one out for third-party Twitter clients:

Apps that shaped UI conventions, pioneered a market, and in many ways reinvented how we communicate online[…] These apps didn’t deserve to end up like this.

John Voorhees:

Even after Twitter had its own suite of apps, the third-party app market flourished. Tweetbot by Tapbots came along in 2011 and quickly became a favorite of many users, distinguishing itself with its steady stream of new power-user features and thoughtful design. But it wasn’t long before Twitter’s relationships with third-party developers began to sour. It started with a vague set of rules introduced in 2012 that preferred CRM and analytics apps over clients like Twitterrific and Tweetbot. The ups and downs over the years that followed are too numerous to count, but the consequence was that for many years few new Twitter clients were developed.

However, relations began to thaw with the announcement of version 2.0 of the Twitter API, which went into effect in 2021. Not only did the API update make new features available, but Twitter promised to loosen restrictions on third-party developers. That led to renewed interest in third-party client development, resulting in innovative new features in apps like Spring, which was a runner-up in the Best App Update category of the 2022 MacStories Selects awards.

As it turns out, Twitter’s developer detente was short-lived.

Ken Kocienda:

I honestly feel sorry for the developers who invested their time and effort into making 3rd-party twitter clients. Thanks for all your work over the years.

Mark Jardine:

Before we were on the app store, we used Twitter to share the above YouTube video of our first app. The reception was amazing. My video showed up on a bunch of Mac/iOS blogs. It was so exciting. We ended up creating a Tapbots account on Twitter to post news about our apps and engage with customers.

The original Tweetbot logo was from a bird I drew specifically for our website to point to our twitter account. Since the character was already made, I wanted to use it for Tweetbot.

Jason Snell:

As Ben Thompson wrote on Monday, allowing third-party clients that don’t show ads is something that doesn’t make business sense, so it’s not surprising that Twitter’s new management decided to pull the plug. (The company could’ve decided to build on a concept involving third-party clients and an API, but it would require a level of technical commitment it has never really been able to spare—and there are few if any examples of peer social-media companies offering unfettered APIs to create alternate interfaces to their services.)

[…]

Numerous third-party client apps are still functional… just not the biggest names on the biggest platforms. A classless operation, an unnecessary PR own-goal, and a botched technical roll-out.

Twitter Dev:

Twitter is enforcing its long-standing API rules. That may result in some apps not working.

Filipe Espósito:

The statement doesn’t say what rules are being changed, and why the company didn’t inform Twitter’s third-party client developers in advance about this change.

Juli Clover:

There has been no word on which API rules the blocked Twitter clients have violated[…]

Tapbots:

Tweetbot has been around for over 10 years, we’ve always complied with the Twitter API rules.

If there’s some existing rule that we need to comply with, we’d be happy to do so, if possible. But we do need to know what it is…

@TwitterDev, you know how to reach us.

Shortly after this all started last week, I received an e-mail from Twitter about its API:

Are you ready to kickstart your build using the Twitter API?

Now is the perfect time to check back in with your developer account to start a project, monitor your usage, find technical support, and see what’s new.

Ged Maheux:

We have been respectful of their API rules, as published, for the past 16 years. We have no knowledge that these rules have changed recently or what those changes might be.

Manton Reece:

But one problem with pinning everything on Elon is that it leaves open the possibility that maybe Twitter would be fine if the company was led by a different CEO who continued the Twitter API status quo. I don’t think so. Twitter wasn’t going to last forever because massive ad-based silos will always be at odds with the open web. Twitter’s recent implosion greatly accelerated what would need to happen regardless.

[…]

Remember back in 2012 they announced that apps could not have more than 100k users, even if popular apps at the time were exempted. There were other restrictions too, largely ignored. Third-party Twitter apps were living on borrowed time, strung along with false hope every few years as Twitter’s leadership drifted back and forth on whether to encourage developers or cut them off.

Brent Simmons:

The internet’s town square should never have been one specific website with its own specific rules and incentives. It should have been, and should be, the web itself.

[…]

With the fall of the Twitter consensus I am energized. I remember what it was like in the 2000s; I remember the liveliness and sparkle of those days on the web.

See also: Techmeme, Zoe Schiffer et al., Dithering.

Previously:

Update (2023-01-18): John Gruber:

Give them a point for brevity, I suppose, but there’s literally no one on the planet who believes a word of this. Third-party clients weren’t violating any existing rules, and there’s no “may” about the fact that they stopped working because Twitter revoked their authorization credentials.

Ged Maheux:

I really do hate to pile on (no I don’t) but I spoke with a reporter at Reuters today about this whole situation and both she and I agreed that nothing about any of this episode has made any sense what-so-ever. It’s just baffling what’s going on and how they’ve handled it.

Sean Heber:

My charitable guess is that Twitter had an internal upper limit as to the number of user tokens they’d freely allow to be associated with a given app key before triggering a manual “make sure these are still legit apps” process. But then all those people who did the verifying got fired. And then someone looking for a promotion noticed and mentioned it to the boss. And then management said[…]

Chris Clark:

While we’re posting Twitterrific eulogies…

Update (2023-01-19): Mike Rockwell:

I feel like Elon might be completely unaware of the third-party app thing.

Given his willingness to address controversies, it seems odd that this is the one he would not address at all. He hasn’t even jokingly referenced it, that I’m aware of.

It seems more plausible to me that Elon wanted more cost-savings and some middle manager made the decision to pull the plug on the API for devs that were using it heavily but generating no or little revenue to the company.

Twitterrific:

As of this afternoon, Twitterrific for Mac has been suspended from Twitter without explanation.

Friday, January 13, 2023

Setting the Bozo Bit on Apple

Marcel Weiher (Hacker News):

What I wanted to do was simple: I have some practice recordings for my choir and voice lessons that I want on my iPhone and Apple Watch. How hard could it be?

[…]

iTunes used to be if not the, then certainly a flagship app for Apple.

[…]

With this, I noticed that I hadn’t actually expected better. I knew it should be better but I hadn’t expected Apple to actually make it work.

In other words, I had set the Bozo Bit on Apple. By default, when Apple does something new these days, I fully and quietly expect it to be broken. And I am surprised when they actually get something right, like Apple Silicon.

It’s so sad how iTunes used to be amazing, and then it got bloated and dated but we worried that the replacement would be worse, and indeed it was.

Previously:

20 Years of Safari

Joe Rossignol (Hacker News, Reddit):

Today marks the 20th anniversary of Apple’s co-founder Steve Jobs introducing Safari on the Mac at the 2003 Macworld Expo in San Francisco. Apple advertised Safari as the “fastest web browser ever created for the Mac” at the time.

[…]

A public beta of Safari was made available for OS X Jaguar in January 2003, with key features including the WebKit rendering engine for faster browsing speeds, Google search capabilities integrated directly into the toolbar, improved bookmark management, optional pop-up ad blocking, a simpler file download process, and more.

[…]

Safari was eventually overshadowed by Google’s Chrome, which was released in 2008 and is now the world’s most popular web browser across all PCs and Macs.

D. Griffin Jones:

Over the past 20 years, Apple’s Safari web browser grew from a speedy young upstart to a polished professional. […] Take a trip down memory lane as we look at how Safari has evolved over the years.

I’ve been a fan of Safari since the beginning. It’s still my default browser, it still feels like a Mac app, and I think Apple has done a better job of maintaining it than most of the other built-in apps. That said, I’ve been a bit less happy with it in recent years:

Andy Lee:

I don’t know if it’s an iOS 16 thing, but Safari has been flaky for me lately, especially with YouTube, to the point where I sometimes have to kill it and restart it to get it to work right. I mean flaky like becoming unresponsive, or not showing the keyboard when I enter a text field.

Magic Lasso (Hacker News):

In the Interop 2022 stable category Safari also made significant progress, increasing its score from 48.9% in January 2022 to 96% today. This puts Safari ahead of its competitors and demonstrates the Safari team’s commitment to addressing long-standing concerns about the browsers lack of standards conformance.

Previously:

Twitter Breach of 235M E-mail Addresses

Lawrence Abrams (via Hacker News):

A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak.

Since July 22nd, 2022, threat actors and data breach collectors have been selling and circulating large data sets of scraped Twitter user profiles containing both private (phone numbers and email addresses) and public data on various online hacker forums and cybercrime marketplaces.

These data sets were created in 2021 by exploiting a Twitter API vulnerability that allowed users to input email addresses and phone numbers to confirm whether they were associated with a Twitter ID.

Barbara Ortutay:

Gal, who is the co-founder and chief technology officer at cybersecurity firm Hudson Rock, wrote in a LinkedIn post this week that the leak “will unfortunately lead to a lot of hacking, targeted phishing, and doxxing.”

While account passwords were not leaked, malicious hackers could use the email addresses to try to reset people’s passwords, or guess them if they are commonly used or reused with other accounts.

Previously:

Twitter API Down

Ben Schoon (Hacker News, Tweetbot, Twitterrific, echofon):

Around 11 p.m. ET this evening, many Twitter users noticed that third-party clients were throwing back error messages related to the Twitter API. This widespread outage is occurring across all third-party apps including Twitterrific, Fenix, Talon, and many others on both Android and iOS, as well as macOS. Tweetbot is also affected by the API outage, but Tweetdeck, thankfully, appears unaffected.

Whether this is a temporary outage or an intentional decision by Twitter remains to be seen, as the company has issued no official explanation at this time.

It does stand to reason, though, that it is possible Twitter may be killing off third-party clients.

I’d had virtually no trouble with Twitter over the past few months, but about 12 hours later this is now the worst outage I’ve ever seen with the service. There doesn’t seem to be a status page or official blog that even mentions the issue.

Benedict Evans:

Has Twitter deliberately just blocked all third-party apps or is that another screw up? (The native Twitter UX is so bad, and getting worse, that I avoid if at all possible)

Alex Brooks:

Buffer and Hootsuite seem ok to me, and brands are happily tweeting away so suggests the big tools are not cut off. Different API I’m sure, but does suggest something more nefarious.

supermatt:

Unsurprisingly, the outage hasn’t affected twitters own client.

Twitter doesn’t allow users to install the iOS version on Apple Silicon Macs. You have to use the Catalyst version, which I guess uses a different API than the iOS version, so it doesn’t work. Thus, there is effectively no Mac client at the moment. The Web version is pretty grim, so currently I’m using the official app on my iPad. It’s also much worse than Tweetbot, though.

I had to uninstall the official Mac app because, thanks to Universal Links, any time I click a Twitter link in any app it will open in the Twitter app, which—due to the outage—can’t display it. It’s terrible how this macOS “feature” causes breakage across the system.

The other design thing I want to point out is that apps should not assume that an error is transitory. I have lots of old tweets already loaded that I could be reading in Tweetbot, but I don’t want to because it keeps throwing up modal dialogs for the same error.

Steve Streza:

You know how everyone is upset about Twitter apps getting suddenly taken offline without warning after months or years of hard work, whether by bug or by policy change?

That’s what Apple does to App Store apps, regularly.

Previously:

Update (2023-01-13): Jeff Johnson:

If you block the swcd process in Little Snitch, it blocks all Universal Links.

Mark Jardine:

I get that 3rd party clients were severely nerfed when they took away streaming around 5 years ago, and that that we didn’t get most of the new features that came after, but wow spending a few hours reading with the official Twitter products and wondering how people even manage. Trying to read new tweets and when I refresh, all I get is a bunch more old tweets. I absolutely loathe algorithmic timelines.

Eric Schwarz:

Tweetbot and Twitterrific are both broken so I checked out the official app for the first time in awhile and holy smokes it sucks—to the point where I don’t want to waste time and hang around. That seems counterintuitive for an engagement factory like a social network?

Rene Ritchie:

Main issue with 3rd-party Twitter apps not working is that Twitter web has become increasingly unusable. I get 4-5 tweets on Home or in threads, then nothing, unless/until I change font size, then the rest renders. Also, mentions are missing, don't update, or skip hours/days 🤷

The Icon Factory:

There’s been no official word from Twitter about what’s going on, but that’s unsurprising since the new owner eliminated the employees dedicated to keeping the API up and running smoothly, including the developer evangelists who previously provided communication with third-parties.

We wouldn’t know whom to reach out to at Twitter even if such people existed. We’re in the dark just as much as you are, sadly.

Rui Carmo:

But what Twitter is doing goes way beyond negligence and borders on abuse of dominant position (even though it is their network and they’re not a utility, etc). API downtime would prevent third-party clients from logging in, but deregistering them from user accounts cannot be an availability issue–they removed the application keys, period.

John Gruber:

Last night I’d have bet — a small amount — that it was an unintentional outage. Today I’d bet the other way, that this is the end. If so, this is probably the end of my regular usage of Twitter. Twitter’s official client has been terrible ever since it was anything other than a rebranded version of Tweetie.

[…]

Unlike Tweetbot, Twitterrific uses different app IDs for iOS and Mac, and whatever is going on, it seems to have affected only the most popular third-party apps.

Ben Sandofsky:

If you’re worried about losing revenue to third-party Twitter clients, the obvious solution would be to limit them to Twitter Blue subscribers.

Uli Kusterer:

They could have served ads all this time. Nothing in the Twitter API keeps them from just serving ads as yet another tweet. They could even have changed their API TOS to prevent clients from filtering out ads.

Mike Rockwell:

What’s interesting about this third-party client situation on Twitter is that the people using third-party apps are the ones that are most likely to try and most likely to enjoy the fediverse.

And I have a hunch those people are also pretty influential within their family and friend circles.

Benedict Evans:

I can understand why Twitter wouldn’t want third party apps, though (apparently) cutting them off with no communication is typically inept. But people used them because Twitter’s own app is just terrible, and Twitter is actively making it worse. Try fixing that, perhaps?

Paul Haddad:

Almost 24 hours later and still no official/unofficial info from inside Twitter. I’m going to continue as if this was all done on purpose.

What now? Ivory goes into hyper mode with just the absolute minimum 3-4 things that have to be done finished up and then off to Apple. Probably going to be a bunch of things I’m not super happy with but I guess we’ll fix it in post.

Hopefully everyone knows what we’re capable of and can live with some, hopefully not long lived, rough edges/missing features.

Thursday, January 12, 2023

Favoring Apple Maps Services

Joe Rossignol (Reddit):

A free Business Connect tool announced by Apple today allows businesses to customize their location card in the Maps app with a brand logo, images, and other key information, such as special promotions or seasonal menu items at a restaurant. Businesses can also highlight various actions, such as ordering groceries via Instacart, making a dinner reservation via OpenTable, booking a hotel at Booking.com, and more.

Adam Chandler:

This is a timely announcement because just yesterday, I recorded a video of what I consider a very crappy experience that’s new to this version of iOS available today. The experience of researching a place you’d like to go and then going back to do a different search takes multiple clicks. It’s also not human friendly how you clear the floating tile, nor is it clear what all of these guides are doing and why there are hundreds of them.

Some of my gripes with Maps on iOS 16:

Pushing the App Store on me both the jump to install Yelp or apps of the POI like CVS/WalMart/Shell/Subway, etc when I’m just trying to find a place to get fuel for my car

If I’m seeing the arrival time to a place (you have to route there to see this), I have to tap 6 times to get back to the search window.

[…]

The very slow animations of zooming and panning around the map.

[…]

Big City Things, algorithmically deciding what to show me. […] Google Maps shows you everything if you zoom in to maximum zoom but Apple doesn’t

This is a pet peeve of mine, too. He links to several TomTom apps that “have zero advertisements or any tomfoolery that makes getting from point A to B difficult.”

Previously:

Update (2023-01-13): Nick Heer:

It took me a while to find any Guides for Calgary — where I live — because there is no way I can see to search for them. In addition to the random assortment suggested on the search card, there is a massive list sorted by creator, and select cities can be found on an Explore card — but Calgary is not one of those cities. However you might see Guides listed on the results card if you search for a city. That is, if I want to find suggestions for great pasta spots in Calgary, I need to search for the city I live in and then scroll down the card to find relevant guides. I find that unintuitive, to say the least.

Right now, Guides in Maps feels like an unrealized marketing idea instead of a user-facing feature which means it is, as Chandler writes, more intrusive than helpful.

The Tyranny of the Churn Equation

David Smith (Mastodon):

As you can see there is an asymptotic point in this for many configurations where your revenue hits a ceiling that you can’t escape from. This level is the manifestation of the “weight” of your churning users growing over time.

[…]

I share this concept in the hopes that it will serve as an encouragement to other developers out there who are working on subscription apps and finding they are reaching a ceiling in revenue where they can’t seem to break free.

[…]

I will say that based on paying around with lots of configurations, improving your retention rate appears to be much more important to long term income than sign-up rate. Relatively small changes there can have huge cumulative impacts.

Microsoft Acquires Fungible

Kyle Wiggers:

In December, reports suggested that Microsoft had acquired Fungible, a startup fabricating a type of data center hardware known as a data processing unit (DPU), for around $190 million. Today, Microsoft confirmed the acquisition but not the purchase price, saying that it plans to use Fungible’s tech and team to deliver “multiple DPU solutions, network innovation and hardware systems advancements.”

“Fungible’s technologies help enable high-performance, scalable, disaggregated, scaled-out data center infrastructure with reliability and security,” Girish Bablani, the CVP of Microsoft’s Azure Core division, wrote in a blog post.

Via Nick Heer:

I think that means Bertrand Serlet is joining Microsoft. Yes, that Bertrand Serlet, in case you got your Bertrands Serlet mixed up and, for some reason, decided to call him “a former Apple software engineer” instead of “the Microsoft Aero fan”.

Apple Transparency Report to Include App Takedowns

Filipe Espósito:

The Financial Times reported on Wednesday that Apple assured activist investors earlier this month that it will discuss why it removes certain apps from the App Store for greater transparency. This follows the removal of many apps from the App Store in countries such as China and Russia.

[…]

Today’s report claims that Apple will now say how many apps each country has asked to be removed from the App Store, and whether these requests are based on legal violation and whether Apple has agreed to them. The company will also inform its investors how many apps have been removed for violating App Store guidelines in each country.

Previously:

Poor App Rejection Communication

Stammy (February 2022, via Matthew Bischoff):

Want to learn iOS dev & build your first, simple app? Don’t. Apple will just call it spam.

App Store called @StocketaApp spam (was going through testflight review)

Stammy:

The App Store called me on the phone 🤯🙏

They said the wording in this notice was unhelpful as the issue was not actually design related.

The real issue stemmed from how I was migrating to an Individual Dev account from a Business acct & there were temporarily 2 Stocketa apps

Ryan Jones:

Just imagine if you didn’t have 50k followers though.

Sam Rowlands:

Been writing Mac apps since ’94.

In 2019, Apple called me a spammer, while trying to launch a v2 product.

They pushed me to adopt IAP & combine several apps into one, replacing an existing app with this new bundled version.

Never again, two years of life wasted.

Joe Cieplinski:

Nothing bugs me more about app review than the language they use during rejections. Almost never clear. 9 times out of 10, it’s just a cut and paste from the guidelines with no further explanation.

Zach Waugh:

The 30% gets so much focus, but this is the real problem with the App Store. Until Apple allows alternate means of distribution, they shouldn’t reject any apps except for malware/scams. Who cares if only 10 people find it useful, or it’s the 100th entry in a crowded category?

Previously:

Wednesday, January 11, 2023

Mastodon Client Rejections

Simon B. Støvring:

As I’m preparing version 1.0.2 of Re: Toot it feels even more bitter that version 1.0.1 for macOS has been rejected.

The reviewer said that my metadata cannot refer to Mastodon because doing so can be harmful and misleading to users. Oh, and also I’m apparently a copycat.

Meanwhile any third-party Mastodon client on the App Store refers to Mastodon. Same for bird site apps.

And the same version of the iOS version with the same metadata was approved.

Anders Borum:

One thing is the unfairness about Mastodon.

What really gets me riled up is that app review has a standard reply threatening to terminate the developer account. What are their assumptions about 3rd party developers when this is their process?

The sketchy ChatGPT app could have used this sort of scrutiny—and the developer was a repeat offender.

Nikhil Nigade:

Remember when they said they won’t reject patch version updates and instead issue a notice for us to fix in the next update? Total BS

Ben Sandofsky:

A Halide bug-fix was just rejected because the App Store reviewer didn’t understand that you’re supposed to swipe or tap on the first screen to continue.

The app has behaved this way in every single version, going back to its launch in 2017.

Thomas Ricouard:

Hey Apple, I’m so tired of this fucking bullshit submitting a damn app to the App Store where I put a ton of efforts into it. Could you put a little effort into understanding what the app is about? I can’t believe this.

They said that his Mastodon client “only includes links, images, or content aggregated from the Internet with limited or no native iOS functionality. Although this content may be curated from the web specifically for your users, since it does not sufficiently differ from a mobile web browsing experience, it is not appropriate forthe App Store.”

Via Peter Steinberger:

Next thing I make, if I ever code again, has to be runnable without a gatekeeper. If it has to be web tech, so be it.

Previously:

Update (2023-01-12): Rui Carmo (Mastodon):

I follow quite a few Apple developers, and can reach back as far as 2010 for similar idiocy (some of it with apps from places I worked in), so it saddens me that in 2023 Apple still has uneven, arbitrary process to approve iOS apps[…]

Update (2023-01-13): Thomas Ricouard (via Matt Thomas):

And if you’re wondering why @icecubesapp is still not on the App Store, it’s because according to Apple it’s useless. I’m on strike 🇫🇷, I’ve stopped working on it until Apple say it’s useful.

Update (2023-01-19): John Gruber (Mastodon):

Today, Mastodon’s explosive growth in the face of Twitter’s collapse has made it a new UI playground, especially so on iOS. […] There are no limits to what developers can choose to do with the Mastodon APIs. There are, however, limits to what iOS developers can deliver to users: App Store review.

[…]

But in what can only be described as both Kafkaesque and, alas, all-too-familiar — the Ice Cubes 1.0 submission to the App Store has been held up in limbo for an entire week. The hamfisted faceless reviewer(s) looking at Ice Cubes are repeatedly rejecting it for utterly nonsensical reasons, primarily violating guideline 4.2.2, “Minimum Functionality”[…]

[…]

It is now six days — a week! — after that initial rejection and Ricouard is still banging his head against Apple’s orifice. Seven rejections in six days. It’s enough to make one start pricing Pixel phones.

iCloud Drive Contingency

Mere Civilian:

iCloud Drive has been my files sync solution for over 3 years now. Before that, I was using Dropbox and never had any issues with sync. Dropbox “just works”. Unfortunately, iCloud Drive does not. Randomly, files will not sync or take too long to sync. At least on two occasions, entire folders disappeared as well. It works most of the time though and since I am all in the Apple ecosystem, it is the most simple and straightforward.

In addition to sync issues (which admittedly are few and far between), there is no way to ensure files remain offline in any particular device. This is largely an issue on iOS devices because, on the Mac, files appear to be available offline whenever I have needed them.

[…]

I am going to use Microsoft’s One Drive as a backup solution, thanks to the simple but effective SyncTime Mac app.

I’m using iCloud Drive these days for files that I want available on my iOS devices, but it’s really annoying that I can’t mark them as always available offline. Even after manually downloading files in the Files app, iOS will decide to evict them within a matter of days, despite 100 GB of free space on my phone. Just when I’m away from cell service and want to access a PDF map that I had downloaded, it’s gone.

Fingers crossed, but syncing has been reliable lately in my limited use.

Previously:

Tuesday, January 10, 2023

Sketchy ChatGPT App Soars Up App Store Charts

Sami Fathi:

A sketchy app claiming to be the bot ChatGPT has soared up App Store charts, charging users a $7.99 weekly subscription to use a service that is entirely free to use on the web and seemingly has no affiliation to the actual bot.

[…]

The app is currently the second most popular productivity app on the App Store in the United States, indicating it is rather popular. The app has nearly 12,000 ratings, with a number of positive and negative reviews. “This is a fake app,” one review said. “This is just faking openai endorsement and more bad stuff,” another user said. Despite its suspicious activity, presence, and soaring popularity, the app has passed Apple’s App Store review process multiple times since its initial launch three weeks ago.

The developers behind the app, named “Social Media Apps & Game Sports health Run Hiking Runing fitness tracking,” have other sketchy apps on the platform, including an “Activity Lock Screen Widget 16" app and “BetterTrack Ride Hike Run Swim” app.

Sebastiaan de With:

If Apple wants to show regulators that the App Store is a safe and trusted environment to warrant its monopoly on software on iPhone, this kind of stuff shouldn’t exist — let alone be topping the App Store charts.

As a developer this makes me both mad and really sad.

I heard about this a while ago and was surprised to see this morning that it still hadn’t been removed, but it looks like Apple got to it later in the day.

Eddy Cue:

This year, more people than ever visited the App Store to discover and download the world’s most creative and cutting-edge apps and games in a safe and trusted environment.

[…]

Developers selling digital goods and services on the App Store have earned more than $320 billion since the platform’s 2008 launch, marking another year of record earnings.

Previously:

Update (2023-01-12): John Gruber:

I don’t think it’s feasible to expect App Store reviewers to catch every potential scam app. But as I’ve long argued, I do think it’s reasonable to expect Apple to catch every scam app that makes its way onto the list of most popular apps.

Florian Mueller:

As Mysk noted on Twitter, the App Store was even showing ads promoting that app while there were media reports out there flagging the issue[…]

TechCrunch updated its article to mention the belated removal of that app, but mentioned that plenty of other apps referencing ChatGPT still remained on the App Store.

iPhone Camera Over Processing

Federico Viticci:

In his latest video, MKBHD eloquently summarized and explained something that I’ve personally felt for the past few years: pictures taken on modern iPhones often look sort-of washed out and samey, like much of the contrast and highlights from real life were lost somewhere along the way during HDR processing, Deep Fusion, or whatever Apple is calling their photography engine these days. From the video (which I’m embedding below), in the part where Marques notes how the iPhone completely ignored a light source that was pointing at one side of his face[…]

I, too, have been disappointed with a lot of the photos since upgrading to an iPhone 12 mini. Overall, they look better than with previous iPhones, and overall they look better with Smart HDR enabled. But sometimes Smart HDR does a bad job, making things look artificial and over processed, and there’s no way to “undo” that and get an unprocessed photo.

I wish Apple would offer a way to adjust how aggressive the processing is and/or bring back the Keep Normal Photo option.

Maybe I should be using a third-party camera app, but I haven’t seen this particular option in Halide—I don’t want to save huge RAW files—and there’s still no true way to change the default camera app.

Filipe Espósito:

Before the results of the 2022 Smartphone Awards, MKBHD also shared the results of its blind camera test. In this one, Google’s Pixel 6A took first place, while the Pixel 7 Pro came in second. This led the YouTuber and many people to wonder what’s going on with the photos taken with the iPhone.

[…]

In the iPhone 14 Pro camera review by Sebastiaan de With, developer of the popular camera app Halide, he also pointed out multiple flaws in Smart HDR. For example, every time there’s a very bright background, the iPhone also tries to boost the brightness of the people in the photo, making them look very white. “I have honestly never seen it make for a better photo. The result is simply jarring,” he said.

[…]

In another example, the iPhone camera applies a lot of “bizarre artifacts” to selfies taken in really low-light environments to try to save the image, but this ends up resulting in an “absurd watercolor-like mess” instead of a regular dark photo with a lot of noise.

Previously:

Update (2023-01-13): Nick Heer:

I tested the effects of this setting by taking two photos on my iPhone 12 Pro in Halide: one with the “Smartest Processing” toggle on, and another of the same scene with it switched off. I found turning it off creates a situation that is the worst of both worlds: the dynamic range and detail of photos is noticeably compromised, but photos are still passed through the same overly aggressive noise reduction system as any other image.

[…]

The problems do not appear to be a form of overprocessing as much as they are unnatural or unexpected results of processing. Deep Fusion is great; Portrait Mode, as an option, is often excellent as well. But some of the selective enhancements made by the iPhone — the way it slices a scene into individual components for separate adjustments — sometimes fail to resolve in a satisfying final photo.

[…]

There is a vast middle ground between the completely unprocessed RAW images nerds like me enjoy working with and the photos produced by the default Camera app. There is room to create images with more character that are better representations of the scene. Sometimes, the imperfections in a photo — the grain, some slightly blown-out highlights, white balance that is way too warm — are what gives it an emotional quality, and trying to smooth those things out can make it feel sterile and inhuman.

Update (2023-01-18): Charlie Sorrel:

Things have gotten so bad that I only use my iPhone camera for quick memo-type shots or for snapping stuff to sell on eBay. If I want photos to keep, I take them with a regular digital or even film camera.

[…]

“Bottom line: While HDR can make your photos look garish and even cartoonish, you can still use it to your advantage. Avoid HDR when you’re taking pictures of colorful things on the move, but use it to your advantage when your subjects are in harsh sunlight or in low-light conditions,” says Davis.

How Popular Is Each Mac Model?

Michael Potuck:

CIRP highlights that Apple’s MacBooks are the primary driver of its computer business. MacBook Air and MacBook Pro make up roughly three-quarters of the company’s PC sales while the desktop models only account for 26%.

[…]

For desktop Macs, iMac makes up 50% of sales while somewhat surprisingly, Mac Pro isn’t far behind at 43%.

These numbers seem very fishy. I doubt that the Mac Pro sells more units than the Mac mini or that the MacBook Pro sells more than the MacBook Air. My own usage statistics have consistently shown the Mac Pro near the bottom of the list. It’s currently above only iMac Pro, Xserve, and MacBook (12-inch), with less than half as many users as the Mac mini, and fewer than the Mac Studio that was new last year.

Previously:

Visual Feedback for Running Shortcuts

Jason Snell:

I’m frustrated because I do have some Shortcuts that take time to run, yet unless I have them beep or display a notification when they reach a certain point in the process, I have no idea what they’re doing or if they’re even working.

Based on a recommendation from Matt, I managed to come up with my own little notification system. It uses SwiftBar, my favorite utility for ambient data in my Mac’s menu bar, but you could also adapt it to work with BitBar or One Thing or any other utility you’re comfortable with.

Previously:

Update (2023-01-12): Matthew Cassinelli:

My personal solution for my logging shortcuts that uploads hundreds of posts to Airtable/my website has a method where it uses Show Notification at certain points in the chain so I know when one of multiple files is uploaded or the item is finished publishing and is moving onto the next one.

I like this because I only need intermittent reminders for this particular task, plus the list of notifications in Notification Center lets me see a sort of visual progression over time.

[…]

My alternate suggestion was One Thing, a Mac app by prolific developer Sindre Sorhus that lets you update a simple text widget in the Menu Bar using Shortcuts.

Friday, January 6, 2023

ViewFinity S9

Michael Potuck:

Samsung announced its new lineup of monitors at CES this morning. Two of the most exciting models for Mac users include the company’s first 5K monitor, the ViewFinity S9 with a slick design not unlike Apple’s Studio Display but with even more features and a new 27-inch version of the popular Smart Monitor M8.

[…]

Pricing and launch details haven’t been shared yet.

It’s 27 inches, like the Studio Display.

Eric Slivka:

The ViewFinity S9 features a matte finish to minimize glare, is equipped with USB-C/Thunderbolt 4 connectivity, and includes a 4K SlimFit camera.

Previously:

Update (2023-01-12): Dan Seifert:

A weird thing has happened at CES this year: display manufacturers not named Apple have announced true 5K and 6K monitors designed for creative work and productivity. […] It’s hard to overstate how rare this actually is.

Carl Hewitt, RIP

Stanford (via Hacker News):

We were saddened to learn of the death of Carl Hewitt, eminent AI researcher and visionary computer scientist.

Wikipedia:

Hewitt was best known for his work on the actor model of computation. For the last decade, his work had been in “inconsistency robustness”, which aims to provide practical rigorous foundations for systems dealing with pervasively inconsistent information. This work grew out of his doctoral dissertation focused on the procedural (as opposed to logical) embedding of knowledge, which was embodied in the Planner programming language.

See also: his blog.

Previously:

Update (2023-01-12): Christine Lemmer-Webber:

RIP Carl Hewitt, founder of the actor model of computation. He could be a difficult person, but he listened to and was happy to talk to me and many others, and there are few people whose vision impacted so many areas of CS. He also was excited about Spritely (even though I would troll him by calling it “Lambda: the Ultimate Actor Model”). RIP.

Chris Lattner:

I’m v sad that Carl Hewitt passed recently. I was fortunate that Carl visited Apple many years ago and shared his ideas on actor models. It took many years, but his thinking had a big impact on the Swift concurrency manifesto.

Joe Duffy:

Carl was hugely influential on our work on safe concurrency at Microsoft. When he learned about us, he was flattered and wanted to help, like your experience. For such a titan, moved me.

Off to reread A Universal Modular ACTOR Formalism and celebrate an industry giant.

User Stylesheets

Nick Heer:

As Kyrnin writes, web designers usually do a better job these days, and most browsers no longer support user stylesheets by default. Google removed them from Chrome nine years ago and they were made optional in Firefox in 2019. But Safari, my browser of choice, still makes user stylesheets easily visible and, if you have the inclination, I recommend its use for a low-effort way of blocking irritations and overriding bad design choices.

[…]

But user stylesheets have drawbacks and are evidently from an earlier era of the web. The ways you might employ user styles today are often similar to browser extensions like StopTheMadness or any number of ad blockers. Modern extensions are far more powerful, too, as rules can be tailored to individual websites or run globally. The biggest advantage to the user stylesheet is also its Achilles’ heel: it only works globally, meaning the same rules are applied to all websites. That means your CSS selectors need to be highly specific.

[…]

Unlike browser extensions, there are no security or privacy questions to worry about, and it is entirely controlled by the user. I saved my stylesheet in my iCloud Drive so it syncs between my Macs; Safari for iOS does not support user styles.

Memory Safe Languages in Android 13

Jeffrey Vander Stoep:

For more than a decade, memory safety vulnerabilities have consistently represented more than 65% of vulnerabilities across products, and across the industry. On Android, we’re now seeing something different - a significant drop in memory safety vulnerabilities and an associated drop in the severity of our vulnerabilities.

[…]

This drop coincides with a shift in programming language usage away from memory unsafe languages. Android 13 is the first Android release where a majority of new code added to the release is in a memory safe language.

[…]

While correlation doesn’t necessarily mean causation, it’s interesting to note that the percent of vulnerabilities caused by memory safety issues seems to correlate rather closely with the development language that’s used for new code.

[…]

In Android 13, about 21% of all new native code (C/C++/Rust) is in Rust. There are approximately 1.5 million total lines of Rust code in AOSP across new functionality and components such as Keystore2, the new Ultra-wideband (UWB) stack, DNS-over-HTTP3, Android’s Virtualization framework (AVF), and various other components and their open source dependencies. […] To date, there have been zero memory safety vulnerabilities discovered in Android’s Rust code.

Previously:

Thursday, January 5, 2023

Dell UltraSharp 32 6K

Scharon Harding (via Hacker News):

Dell announced a beefed-up monitor to expand the limited options available to creative professionals who want more pixels. With 6144×3456 resolution, the Dell UltraSharp 32 6K Monitor (U3224KB) places itself firmly in the professional category, right alongside the likes of Apple’s 6K Pro Display XDR.

[…]

The U3224KB has a pixel density of 223.79 ppi, to be precise, making it noticeably more pixel-dense than a 31.5-inch, 4K (3840×2160) monitor like the Dell UltraSharp U3223QZ (139.87 ppi). The Dell monitor also gets you more pixels per inch than a 27-inch, 5K (5120×2880) monitor like Apple’s Studio Display (217.57 ppi), and even the Pro Display XDR monitor. Apple’s display is a hair bigger, at 32 inches, with a slightly lower resolution of 6016×3384, giving you 215.7 ppi.

[…]

IPS Black differs from standard IPS LCDs by claiming 35 percent deeper black levels. As such, the U3224KB is supposed to have twice the contrast of an average IPS monitor, at 2,000:1. It also claims a typical max brightness of 450 nits with SDR content.

[…]

Running at up to 4K at 30 frames per second, the integrated webcam on the U3223QZ made the image, particularly the background, look distinctly sharp, giving us hope for the U3224KB camera’s image quality.

Dell has not announced the price, but it sounds like the display will include a stand and even a power button.

Previously:

Shopify Migrating to React Native

Farhan Thawar (in January 2020):

After years of native mobile development, we’ve decided to go full steam ahead building all of our new mobile apps using React Native.

[…]

At Shopify, the idea had its skeptics at the time (and still does), but many saw its promise. At the company’s next Hackdays the entire company spent time on React Native. While the early team saw many benefits, they decided that we couldn’t ship an app we’d be proud of using React Native in 2015. For the most part, this had to do with performance and the absence of first-class Android support. What we did learn was that we liked the Reactive programming model and GraphQL. Also, we built and open-sourced a functional renderer for iOS after working with React Native. We adopted these technologies in 2015 for our native mobile stack, but not React Native for mobile development en masse. The Globe and Mail documented our aspirations in a comprehensive story about the first version of our mobile apps.

[…]

we learned from our acquisition of Tictail (a mobile first company that focused 100% on React Native) in 2018 how far React Native has come and made 3 deep product investments in 2019

[…]

in rewriting the Arrive app in React Native, the team felt that they were twice as productive than using native development—even just on one mobile platform

[…]

As an aside, even though we’re making the decision to build all new apps using React Native, that doesn’t mean we’ll automatically start rewriting our old apps in React Native.

Mauricio de Meirelles (via Ben Sandofsky):

After a thorough evaluation, it became clear that we couldn’t fix these issues [with Shopify Point of Sale] with incremental changes. Hence, we decided to do a full rewrite, which has been a big hit with our merchants.

[…]

Having all mobile teams use a single tech stack and tooling across the company gives you an incredible amount of leverage. We didn’t want Shopify Mobile to miss out on all the shared libraries, components, and tooling that other apps were benefiting from. So, we decided to gradually start adopting React Native in the app instead of doing a full rewrite.

[…]

After evaluating several options, we decided to go with an approach we like to call “Iterative Porting”. In this approach we started building all new features in React Native and migrating existing features in parallel.

[…]

Now that our root screens are ported and most of the necessary infrastructure is in place, I’m noticing that the ports are picking up speed! Most of our developers didn’t know React Native before this project, so each day they learn more, which further contributes to the fast pace.

Geoff Foster:

I’m one of the original iOS developers on that app. Left about 6 months after the move to RN announcement having fought against that for years and no longer able to stop it from happening.

We started with about 8 people doing the GraphQL backend, design, native iOS and Android and shipped good stuff fast. Scaled everything well over the years with a solid tech stack.

I open the app now and again and can instantly tell where the RN screens are because of the weird glitches and bugs

Miguel de Icaza:

Rewrites never go as planned.

Xamarin.Forms turning into Maui was supposed to be a quick change, fueled by hopium so strong it defied gravity.

Instead, at best, it set it back 2-3 years.

Previously:

Limiting Swift Concurrency’s Cooperative Pool

Alejandro Martinez:

In Swift Concurrency all your async code runs in a cooperative thread pool, unless you are using Actors (or in the future custom Executors, but that’s a topic for another day). The beauty of the cooperative pool abstraction is that it allows us to not care about thread exhaustion, or even about our code running “on the background”, something I still see many developers get wrong.

[…]

In fact this cooperative pool is such a specific implementation detail that it could work totally different in other operative systems or more constrained enviornments.

[…]

And you can test how your code would behave in such a constrained system thanks to an environment variable that limits the cooperative pool.

Set LIBDISPATCH_COOPERATIVE_POOL_STRICT=1 and see how the runtime will only create 1 thread on the pool.

Mastodon and Federation

Ben Klemens:

Lemmer-Webber drew a direct line from problems on other social networks to the development of a network where local controls are built in. “Queer people built the Fediverse,” she said, adding that four of the five authors of the ActivityPub standard identify as queer. As a result, protections against undesired interaction are built into ActivityPub and the various front ends. Systems for blocking entire instances with a culture of trolling can save users the exhausting process of blocking one troll at a time. If a post includes a “summary” field, Mastodon uses that summary as a content warning.

Other governance questions are more subtle, because features for greater privacy, almost by definition, limit the discovery and exploration we also look for in a social network. For example, the question of whether Mastodon should allow instance-only posts that do not go out to the Fediverse at large has been especially contentious. The final decision leaned toward discoverability, so Kazemi forked Mastodon to create Hometown, which includes this more-limited sharing option and various improvements.

[…]

Fediverse.party lists around a hundred ActivityPub-based systems, many going well beyond the traditional social network. There’s Pixelfed, which provides a Fediverse instance with an images-forward front end (“It’s like Instagram, but…”). You can share video with PeerTube or federate your music via a Funkwhale instance, write collaboratively on Write freely or dokieli, review books and form your book club on BookWyrm, or plan events using Kazemi’s gath.io.

Kazemi is optimistic about coming full circle and using ActivityPub as the next RSS.

Mastodon (via Bud Gibson):

If you hide boosts from someone, you won’t see their boosts in your home feed.

I’m probably going to start doing this because boosts seem a lot more intrusive and repetitive than retweets on Twitter.

Previously:

Update (2023-01-06): Adam Chandler:

I’m going to put my money where my mouth is and run my own Mastodon instance. I like that people can follow me (like they do the RSS feed I publish here) but owning your IP also means owning your box on the internet.

The realization that my Mastodon posts can’t move with me between servers is even more scary. Why would I devote years of my life posting to someone’s instance and lose all of my posts when that instance closes down since I can’t migrate posts out? That’s a serious flaw and flies in the face of data portability efforts many advocates have been working for.

Wednesday, January 4, 2023

EarSpy: Eavesdropping Using Motion Sensors

Ahmed Tanvir Mahdad et al. (PDF via Bruce Schneier):

We explore recent trends in smartphone manufacturers that include extra/powerful speakers in place of small ear speakers, and demonstrate the feasibility of using motion sensors to capture such tiny speech vibrations. We investigate the impacts of these new ear speakers on built-in motion sensors and examine the potential to elicit private speech information from the minute vibrations. Our designed system EarSpy can successfully detect word regions, time, and frequency domain features and generate a spectrogram for each word region. We train and test the extracted data using classical machine learning algorithms and convolutional neural networks. We found up to 98.66% accuracy in gender detection, 92.6% detection in speaker detection, and 56.42% detection in digit detection (which is 5X more significant than the random selection (10%)).

Previously:

Southwest Airlines and Technical Debt

John Gruber:

From what I’ve gathered, Southwest’s problem this week is a combination of an outdated scheduling system and their generally high efficiency. They keep roughly 90 percent of their planes in service all day every day, but that means when something unexpected happens — like this past week’s weather across the country — the entire system is susceptible to falling apart. They now effectively need to “reboot”, and that might take an entire week. In normal times, Southwest is better than its competitors because they operate differently; now those differences have grounded most of their fleet. They cancelled a staggering 2,600 flights yesterday, 2,400 today, and 2,300 (and counting) for tomorrow. And keep in mind that part of Southwest’s efficiency is that their flights generally fly full — that adds up to over 300,000 stranded passengers per day this week.

Zeynep Tufekci (via Tina Fetner):

It’s been an open secret within Southwest for some time, and a shameful one, that the company desperately needed to modernize its scheduling systems. Software shortcomings contributed to previous, smaller-scale meltdowns, and Southwest unions had repeatedly warned about the software. Without more government regulation and oversight and greater accountability, we may see more fiascos like this one, which most likely stranded hundreds of thousands of Southwest passengers — perhaps more than a million — over Christmas week. And not just for a single company, as the problem is widespread across many industries.

[…]

Throughout the past year, the flight attendants’ union picketed in front of various airports as part of their contract negotiations. One protest sign the demonstrators carried? A placard declaring, “Another victim of SWA’s outdated technology,” with a graphic showing a stuck software progress bar. In September, they put the same sign lamenting the company’s outdated technology on the side of a truck and drove it in circles around Love Field (Southwest’s core airport) in Dallas, as well as the nearby Southwest headquarters. In March in an open letter to the company, the union even placed updating the creaking scheduling technology above its demands for increased pay.

Others have blamed Southwest’s point-to-point route system as being inherently fragile, although this is disputed.

When I talk about technical debt, many people point to the Y2K scare, which seems to offer a perfect example. […] Obviously, that wasn’t going to work in the new millennium, when confusions between 1905 and 2005 could have caused programs to glitch or crash on an epic scale.

But that didn’t happen, and some people may believe that the implication is that technical debt is not a big deal. But the reason we made it through Y2K intact is that we didn’t ignore the problem. The U.S. government and businesses spent a staggering $100 billion to fix the underlying problem in a massive, multiyear effort.

[…]

For example, after the 2017 Equifax breach, which exposed sensitive information from 143 million Americans because the company failed to institute a routine security update to its software, it agreed to pay a penalty of at least $575 million to the Federal Trade Commission. That may sound like a lot, but it was just a few dollars per affected customer and a mere 15 percent of the company’s revenue in 2018, the year after the hack.

Indeed, I ended up with about $5 from Equifax, which is typical, instead of the predicted $125.

Previously:

Advanced Phishing Attack

George Burke (via John Scott-Railton):

Got a pop up on both my iPhone & Apple Watch about password reset. I didn’t take action. Then received call from 1-800-MY-APPLE.

[…]

“There has been strange Apple ID login attempt activity from a MacBook device located in Sacramento. Can you verify that this login attempt was you?”

“No, that wasn’t me.”

“OK. There may be someone trying to access your account. I’ll place a temp hold while I investigate.”

“…Sir, let me send you a code to your number on file ending in xxxx”

“OK”

“When you receive it, let me know. This will allow me to block further unauthorized access…. Did you receive it?

David Kopec:

I posted my car for sale on @facebook this morning, and within 10 minutes I had two scammers. First they ask for your phone number to call you. You give it to them and they say they’re sending a code to confirm you’re real. It’s a Google verification code. Report it, obviously.

Previously:

Update (2023-01-05): Mike Rundle:

Just received multiple “A password reset request was sent from a device at the location shown below.” Mac notifications, but the map was blank. Then received it on my iPhone. THEN got a very convincing phone call from this contact pretending it was Apple.

Tuesday, January 3, 2023

Inline AppleScript Documentation

Daniel Jalkut:

I used a relatively little-known trick for examining the raw source code of a scripting dictionary. Simply click and drag from Script Editor’s document proxy icon, into a text editor such as TextEdit, Xcode, or BBEdit[…] It’s a quick-and-dirty way to learn how specific outcomes are achieved, and how you might incorporate similar features in your own app’s scripting definition file.

Another tip along these lines is that you can open the AppleScript dictionary of the current app from Script Debugger’s Dock menu.

In this case, I discovered a new (to me) “documentation” element in the file[…] “A documentation element may contain any number of html elements, which contain text that will be displayed at that point in the dictionary.”

Layers of UI Inconsistencies in Windows 11

NTDEV (via Hacker News):

Windows 11 brought in a new design language, putting an emphasis on rounded corners and gradients and a new transparent background called Mica, which aims to replace the old Acrylic design.

[…]

Unfortunately, we still have plenty of Windows 8 elements throughout the OS, like the Autorun prompt or the error that appears when one runs an incompatible program.

[…]

The Remote Desktop Connection program is still exactly the same as it was 14 years ago, complete with Aero icons and skeuomorphic common controls.

[…]

Just like with Windows 10, the driver copy screen hasn’t been updated, so it still has the Windows XP icons.

[…]

And last, but certainly not least, in the ODBC Data Sources utility there is a Windows 3.1-styled folder selection window!

Is there a similar article for macOS or iOS?

Previously:

jq and XmlStarlet

jq:

jq is like sed for JSON data - you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text.

[…]

jq can mangle the data format that you have into the one that you want with very little effort, and the program to do so is often shorter and simpler than you’d expect.

XmlStarlet:

XMLStarlet is a set of command line utilities (tools) which can be used to transform, query, validate, and edit XML documents and files using simple set of shell commands in similar way it is done for plain text files using UNIX grep, sed, awk, diff, patch, join, etc commands.

Via Helge Heß:

Handy if you have to read and modify XML files from within shell scripts in a reliable way (i.e. w/o a regex mess 🙃).

Update (2023-01-05): doekman:

Did you know there is also an xq? Not as feature rich as XmlStarlet, but I find it much more approachable (assuming you know xpath)

Privacy Is OK

Reid Blackman (Hacker News):

Like Messages on your iPhone, Facebook Messenger and WhatsApp, Signal uses end-to-end encryption, making it impossible for the company to read the contents of user messages. But unlike those other companies, Signal also refrains from collecting metadata about its users. The company doesn’t know the identity of users, which users are talking to one another or who is in a group message. It also allows users to set timers that automatically delete messages from the sender’s and receiver’s accounts.

[…]

This level of privacy can be beneficial on a number of fronts. For instance, Signal is used by journalists to communicate with confidential sources. But it is no coincidence that criminals have also used this government-evading technology.

[…]

What’s more, the company’s proposition that if anyone has access to data, then many unauthorized people probably will have access to that data is false. This response reflects a lack of faith in good governance, which is essential to any well-functioning organization or community seeking to keep its members and society at large safe from bad actors.

Meredith Whittaker (via Hacker News):

OK! let’s talk about That Op-ed. The one that insisted not only that privacy is dangerous, but that not affirmatively building surveillance into communication tools is a radical ideological position.

[…]

The op-ed works to create the appearance of a “debate” on more or less settled issues. This is a powerful function, bolstered by the NYT imprimatur, which allows it serve as a “Potemkin citation” -- a seemingly credible reference in support of bad privacy laws and platforms.

Tim Bray:

I’m sorry to be the bearer of of bad news, but it’s simply not possible to address the downside without completely shattering the upside. Here are three reasons why[…]

[…]

Privacy is a good thing, one of the benefits of being a member of a civilization. People want it and are justified in wanting it. Now they can have it. There have been no credible proposals for taking privacy away just from the bad people, and I’ll be astonished if there ever are.

Nick Heer:

Blackman does not present any evidence for how Signal — or any comparable application — would be able to turn the binary question of whether something is end-to-end encrypted into a gradient of access levels. In fact, this whole piece feels very much like a slippery slope argument itself: if you use Signal, you are a “witting or unwitting” proponent for adding barriers to prosecuting criminals.

This all feels very familiar. One would think prestige newspapers would stop publishing such well-worn ideas without further development of their arguments but, well, here we are.

Previously:

Monday, January 2, 2023

Help Compiler

Aaron Trickey:

I just open-sourced my Help Compiler, a self-contained command-line tool to build HTML help from simple plain-text source.

[…]

A Mac app’s user guide will frequently reference its main menu. HC has built-in syntax to look up a menu item by its action selector from a NIB file, validating it and extracting the correct menu path. This makes sure the HTML stays updated as when the menu tree changes.

[…]

Cross-linking is very simple. Every section gets an ID, which HC ensures is unique, and links reference those IDs, which HC validates and for which it generates the correct relative URL.

[…]

Despite all that, most of your text looks like Markdown. Check out the README for full documentation on syntax.

Previously:

Your Memories, Their Cloud

Kashmir Hill:

If I were suddenly cut off from any of these services, the data loss would be professionally and personally devastating.

[…]

Some of my data landlords were more accommodating than others. Twitter, Facebook and Instagram offered Takeout-like tools, while Apple had a more complicated data transfer process that involved voluminous instructions and a USB cable.

The amount of data I eventually pulled down was staggering, including more than 30,000 photos, 2,000 videos, 22,000 tweets, 57,000 emails, 15,000 pages of old Google chats and 16,000 pages of Google searches going back to 2011.

[…]

The granularity of what was in my digital archive accentuated the parts of my life that were missing entirely: emails from college in a university-provided account that I hadn’t thought to migrate; photos and videos I took on an Android phone that I backed up to an external hard drive that has since disappeared; and stories I’d written in journalism school for publications that no longer exist.

Via Nick Heer:

Given enough time, I think all of us want to believe we could pare down our own digital stockpiles to just the files and photos that matter. But as I have thought about it more often, I have come to accept I will never be able to anticipate within my lifetime what is truly important in my data trove. Due to a botched iPhone backup from years ago, I am missing hundreds of photos I only later discovered were important and irreplaceable. As I tried to find those images on long-disused hard drives last year, I found images from family gatherings in decade-old Aperture libraries which took on an entirely new meaning when I rediscovered them.

[…]

My long overdue project for 2023 is to ensure I have local versions of everything in iCloud. After all, I cannot know what may be relevant years from now, but I can have control over my ability to access it.

I keep local copies of my photos, videos, e-mail, and of course documents in EagleFiler. (The photos are managed by Lightroom, which is configured to store its master images and metadata within an EagleFiler folder.) The larger folders are stored on external hard drives, which are backed up using Carbon Copy Cloner and SuperDuper. To protect against bit rot, I have a repeating OmniFocus reminder for asking EagleFiler to verify the checksums.

The main hole in my system is that it only includes my older iMessages, from before the Catalyst version of Messages. My newer text messages are locked up without a good way to access them. Yes, there are apps that can export them, but they only work with messages that are locally cached. Neither my phone nor my Mac has anywhere close to a complete set of my messages stored locally, despite having tens of GB of free space.

Previously:

Google Changes Appeals Process for Suspected Child Abuse Images

Kashmir Hill (Mastodon, Hacker News):

Google refused to reconsider the decision in August, saying her YouTube account contained harmful content that might be illegal. It took her weeks to discover what had happened: Her 9-year-old eventually confessed that he had used an old smartphone of hers to upload a YouTube Short of himself dancing around naked.

[…]

Google has billions of users. Last year, it disabled more than 270,000 accounts for violating its rules against child sexual abuse material. In the first half of this year, it disabled more than it did in all of 2021.

[…]

It took four months for the mother in Colorado, who asked that her name not be used to protect her son’s privacy, to get her account back. Google reinstated it after The Times brought the case to the company’s attention. […] Google did not tell the woman that the account was active again.

[…]

Jason Scott, a digital archivist who wrote a memorably profane blog post in 2009 warning people not to trust the cloud, said companies should be legally obligated to give users their data, even when an account was closed for rule violations.

It remains to be seen how well the new process works.

Previously:

Overcast Keeping Its Servers

Under the Radar:

Abandoning the CloudKit plan for Overcast in light of new information.

He’s still finding the CloudKit Web API to be unreliable. Also, a surprising 10% or so of the app’s users can’t use CloudKit, either because the phone isn’t signed into iCloud or because iCloud Drive is disabled.

The Web interface will stick around.

slaven:

Our one big headache with CloudKit is that some users get into a weird ghost state, where iCloud is logged in but our app fails to connect - as if they aren’t logged in (while other stock apps like Notes keep on syncing). The only fix we can think of is to log out of iCloud and back in, but if the user accumulated any content since last sync it all goes poof.

Craig Hockenberry:

My advice to anyone who uses iCloud is to have a backup strategy in place before you deploy any features that depend on it.

It’s not a matter of if it will fail, but a matter of when. You will need those backups.

Tot, which uses NSUbiquitousKeyValueStore and an all-Apple iCloud stack, gets stuck in this state - our #1 support issue for customers.

Previously: