Archive for May 2023

Wednesday, May 31, 2023

WordPress at 20

Matt Mullenweg:

Today is the 20th anniversary of the first release of WordPress. None of us knew what we were getting into when it started, but we had a shared conviction that the four freedoms of the GPL combined with a mission to democratize publishing was something worth spending our time on.

Om Malik:

The software’s first official release (WordPress 1.0) was made available on May 27, 2003. I had been using the software for a little longer when it was still in alpha. In 2004, I switched my old website to WordPress, becoming the first major blog to embrace the platform. Considering obsolescence is a given, nothing lasts that long in the technology industry. It might not be as nimble or as basic as it started out, but it can still do one thing — help me maintain a homestead on the Internet, not controlled or defined by a platform.

John Gruber:

I, for one, never would have predicted that WordPress would grow to become, by far, the most popular CMS in the world, and the foundation of a thriving company whose primary goal is making the web a better platform.

Previously:

Update (2023-06-02): Hide Shidara (via Hacker News):

Out of a sample set of 600+ pre-seed to seed stage startups we’ve found that 29 startups still use WordPress and various plugins. At this point marketing site architecture is outsourced to no-code tools like WP and Webflow, so I expect that 100% of these startups are just using WP as a blog, hiring board, or a landing page builder.

Tuesday, May 30, 2023

Rewriting Remotion in SwiftUI

Dan Wood:

It took a while — August 2022 — before we felt that we were targeting a new enough version of macOS that we could feasibly start using SwiftUI in our code base. Since then we haven’t looked back: Development is faster, the app is more stable, and new teammates are ramping up faster thanks to the simpler code base.

We now think: If you are a macOS or iOS developer who hasn’t yet taken the plunge yet, now is a great time to start writing a new app using almost exclusively SwiftUI, and use its friends Combine and concurrency for the data flow.

[…]

While SwiftUI is all you’ll need for a basic Mac or iOS application, there are still quite a few gaps that will require you to partially make use of classic Cocoa views. In our code base, for example, we need some access to NSEvents, text input, and tweaking the first responder that just aren’t possible with pure SwiftUI. Fortunately Apple has provided bridges — the NSHostingView and NSHostingController for embedding SwiftUI in a Cocoa view, and NSViewRepresentable and NSViewControllerRepresentable for embedding a Cocoa view in a SwiftUI view. A really powerful technique we can’t neglect to mention is combining these two together, as described in this SwiftUI Lab article.

Previously:

Rewriting SoundCloud in SwiftUI

Matias Villaverde and Rens Breur:

We will share all the mistakes we made in the past two years while rewriting the whole SoundCloud iOS application in SwiftUI. The talk emphasizes problems that can happen when writing SwiftUI applications at scale. Hopefully, many engineers find our mistakes and learnings useful for adopting and migrating UIKit to SwiftUI.

Previously:

SwiftUI Notes Before WWDC 2023

Here are some posts I’ve been collecting since iOS 16 and macOS 13. Hopefully they will soon be outdated.

Phillip Caudell:

Has anyone got NavigationSplitView working reliably on macOS yet? Even the NavigationCookbook demo from Apple has broken things like double clicking to open new window?

Peter Steinberger:

“It is really cool, wild even, but also, if you use this, it crashes. Really unfortunate. Made it into iOS 16 GM as well.” -@mbrandonw on NavigationPath in SwiftUI

[Update (2023-06-02): Brandon Williams: “[This] bug was fixed in Xcode 14.1 beta 3. There are still plenty of bugs in SwiftUI navigation APIs though.”]

Phillip Caudell:

The new SwiftUI navigation API straight up doesn’t work if you have a List that supports selection.

Worse, the same code works on macOS but silently fails on iOS.

This is what drives me nuts about SwiftUI: how can something so simple be so broken?

Gwendal Roué:

Both List and LazyVStack are not as lazy as expected: they both access all elements in the collection, even if they are not rendered (it’s still iterating the million items as I’m writing, poor boy).

Damien Petrilli:

So it seems Apple changed the way the TabView with paging is rendered causing the bug when you resize the content of a page within it.

The lesson I am learning doing SwiftUI is to never trust Apple provided views and always make your own… unlike it used to be in Cocoa

Phillip Caudell:

Another day, another serious SwiftUI bug: List on macOS won’t select its initial value if the binding has an optional value type. Works on iOS, fails on macOS.

Worse, changing to non-optional then works, but then doesn’t compile on iOS (FB10013937)

Phillip Caudell:

Add a .onDrag() handler to an item in a List. Now try select the item. You can’t.

Adding a drag handler literally breaks the entire List. People have been complaining since last year[…]

Christophe Sauveur (via Hacker News, tweet):

I somewhat regret not being able to use SwiftUI in this project. I have the feeling that it is a great technology, but I reckon now that it is probably not suited for my specific use case. However, I still don’t know if I was doing things the wrong way or not. I still plan to use SwiftUI for the updated version of Nihongo no Kana, but as an iOS/iPadOS app with much less frequent redraws, I suppose it won’t be an issue.

Maybe SwiftUI over AppKit is not ready yet. The authoring tools for The Untitled Project are not build as a Catalyst app and do not rely on UIKit. One of the benefits of this refactor however is that there is absolutely no delay whatsoever and everything works perfectly. Sure, it is way more verbose and Auto Layout is not the most pleasing tool to use. But you also get much more control over the behaviour of the app and everything can be meticulously tweaked to your desire.

Daniel Jilg (via Peter Steinberger):

The app is also hard to develop because we seem to be fighting against a host of bugs and unclear behaviours in SwiftUI on macOS, even in the newest versions.

[…]

The iOS app will lose its editor and become a viewer app.[…] Going forward, Dashboard [for the Web] will be our primary and canonical app. It will receive updates first, and any support requests regarding the Dashboard will float to the top. Once a feature is more stable, we’ll try and port it to the macOS and iOS apps.

Andreas Monitzer:

The weird thing is that SwiftUI has all the disadvantages of being non-native while not being cross platform (except iOS/macOS, but there’s Catalyst for that). Also, the documentation is bad.

Christian Selig:

I’m legit looooving how easy SwiftUI is making it to add some new cool views to Apollo, but it takes the wind out of your sail a little when alongside the smooth UIKit ones the SwiftUI animations look so choppy[…]

Bruno Rocha:

I can’t stress hard enough how awesome SwiftUI’s previews are. […] To be fair, the previews aren’t perfect. I had a frequent bug where the preview refused to show up and was unable to do any form of debugging on the preview itself, and a lot of people reached out to say that the previews are painfully slow on their older Macbook models, but it generally works well and I’m very happy we finally have official hot-reloading support in iOS.

[…]

While Burnout Buddy took me a couple of weeks to build, the majority of that time was spent on the logic and architecture. The UI itself for the entire app was built in just a couple of minutes.

It’s important to mention that this is not always true. As we’ll see down below there’s an entire category of “more complicated” products where SwiftUI is actually extremely detrimental to development speed, but we should still appreciate that SwiftUI works amazingly well for the more straight-forward category of projects that the majority of developers deal with. It’s also not too surprising that this is the case considering that they have been Apple’s primary target audience for Xcode features since the dawn of iOS.

[…]

SwiftUI forces you to shape your model in a way so that the complete structure and state of all views are static and known well in advance, which while not an impossible task, can be insanely difficult for views that have lots of moving parts and conditions.

Steve Troughton-Smith:

Another day, another fatal SwiftUI problem I have to now drop everything to work around.

Related to the last one, but Picker popups now auto-size to the longest menu item, ignoring all other layout cues.

[…]

I did everything right; this is a 5-line SwiftUI view wrapped in manual UIKit layout, treated with oven mitts to minimize potential damage. And it still went wrong.

[…]

Do note, as you flip through these three screenshots, that the same SwiftUI code has different layout on each. You simply can’t set it and forget it. You gotta re-test every OS you support with every SDK update and OS point release.

This kind of software decay is completely opaque to the developer; because Apple provides no kind of macOS Simulator to run older OSes, and TestFlight does not support macOS 11, devs relying on SwiftUI will be shipping bugs like this without knowing, without having a way to test.

Damien Petrilli:

Code works perfectly when compiled directly on the device but crashes when deployed through TestFlight and only for some devices…

And no way to debug as it’s internal. So you have to isolation the views and try alternatives to not trigger the bug.

Brian Webster:

So, the thing I couldn’t get SwiftUI to do is this layout, with the following conditions:

  1. Both vertical stacks should size to the width of the stack’s widest control (e.g. the “Import whatever version is available” button).
  2. The vertical stacks should be just as tall as needed to fit the controls and wrapped texts.
  3. The window should autosize to fit the stacks on both axes.
  4. The General tab is much smaller, but the window should *not* change size when switching tabs.

[…]

That’s the thing though, it’s absolutely trivial in AppKit (and I’d guess UIKit too). Just shove everything in an NSStackView and you’re done. I was genuinely surprised I couldn’t get it to work in SwiftUI without crazy shenanigans.

Helge Heß:

I’m slowly becoming a SwiftUI Table view expert. It can be a weird thing, especially cross platforms (iPadOS vs macOS have a set of different behaviours). E.g. on macOS “sections” do not become proper (sticky) group rows, which is quite weird given that this is an intrinsic NSTableView feature, they just scroll like regular contents.

On iOS there is “some” stickyness, but in a somewhat crazy way: a section title propagates to the content of the first column. Which breaks if it is short (overlaps w/ the second column). Also sections contents on macOS clip and don’t on iOS. And section contents on macOS respond to clicks, but not on iOS.

Clarko:

Anybody dealt with this macOS table-selection weirdness before?

It’s only happening for a small number of testers, and I can’t repro, so it’s a pretty frustrating bug!

Steve Troughton-Smith:

Every WWDC from here on in I’ll be looking at from the perspective of ‘can you make better apps with SwiftUI vs not-SwiftUI?’. The answer right now is ‘no’, not for the apps I want to build and the platforms I want to build them for, but boy would it sure be nice to say yes and start using more of AppKit in my cross-platform apps.

Previously:

Building Large-Scale Apps With SwiftUI

Mohammad Azam (via Christian Tietze):

I have been experimenting with MV pattern to build client/server apps and wrote about it in my original article SwiftUI Architecture - A Complete Guide to MV Pattern Approach. In this article, I will discuss how MV pattern can be applied to build large scale client/server applications. […] The main idea behind the MV Pattern is to allow views directly talk to the model.

[…]

Based on Apple’s recommendation in their WWDC videos and code samples and my own personal experience, I have been implementing a single aggregate model, which holds the entire state of the application. […] Once, you have identified different bounded contexts associated with your application you can represent them in the form of aggregate models.

[…]

To prove that a View Model unit test does not verify user interface elements, simply remove the Button view or even the Text view from the ContentView. The unit test will still pass. This can give you false confidence that your interface is working.

Pet peeve: the parameters to XCTAssertEqual() should always have the actual value first and the expected value second.

I do not recommend testing Core Data with NSInMemoryStoreType because a lot of features don’t work with it, the performance characteristics are skewed, and having an actual file helps track down memory management bugs. I find that, with modern SSDs, using NSSQLiteStoreType with a temporary folder is fine, and there are various pragmas to make it go faster. If you really need in-memory, use /dev/null/DatabaseName as the file path.

Previously:

Monday, May 29, 2023

Receipt Validation With SHA-256

TN3138:

Apple is updating the App Store receipt signing intermediate certificate with one that uses the SHA-256 algorithm in the sandbox, TestFlight, and App Store environments, on the dates shown below[…]

[…]

If your app verifies App Store receipts on the device, follow the instructions outlined in this document to ensure that your receipt validation code is compatible with this change.

[…]

If your app follows the instructions in Validating receipts on the device, the new certificate affects step 2, which involves verifying the certificate chain. Be sure your app uses the latest certificates from Apple PKI.

Previously:

Update (2023-06-26): Anders Borum:

Any developers that have successfully validated receipts in the sandbox using StoreKit1 methods after June 20?

The docs do not mention where to get the SHA256 value and ASN.1 Field Type 5 is 20 bytes and not the 32 bytes expected for SHA256.

Photo Stream Shutting Down

Juli Clover:

Apple’s “My Photo Stream” service is set to shut down on July 26, 2023, which means customers who are still using that feature will need to transition to using iCloud Photos prior to that date.

You can see why they are consolidating on iCloud Photos, but Photo Stream had some appealing features that will be lost. First, you could backup/sync an unlimited amount of data (for a limited time). There was no need to worry about upgrading your account temporarily or having photo storage crowd out storage for other apps. Second, you could access recent photos and videos on all devices without having to store everything in the cloud.

Stephen Hackett:

Photo Stream is one of the original components of iCloud, and was kept around even after iCloud Photo Library launched in 2014. Here’s how Apple pitched the feature when iCloud was new[…]

Update (2023-06-01): Michael Steeber:

I don’t know if my memory is toast or what, but until the news last week of Photo Stream shutting down, I cannot recall one single time before that it was ever called “My Photo Stream.” I’ve known it as just “Photo Stream” since day one.

I was thinking the same thing.

Update (2023-06-28): See also: Hacker News.

Apple Intelligence

Daniel Jalkut:

People are justifiably less confident about Apple’s prospective plans in the area of artificial intelligence (AI), and particularly in the realm of large language models: the technology behind such imagination-captivating products as OpenAI’s ChatGPT, and GitHub Copilot (which itself uses another OpenAI language model).

I zeroed in on ChatGPT and Copilot because it’s easy to imagine the functionality of these services shining in the context of two important Apple products: Siri, and its Xcode developer tools. In fact, technology is advancing so quickly that the absence of something like ChatGPT and something like Copilot in these products seems likely to be viewed as major shortcoming in the near future, if it isn’t seen that way already.

[…]

Apple Intelligence won’t be as good as ChatGPT or GitHub Copilot, at least not to start with. But it will be Apple’s. They can frame the pros and cons however they see fit, working their typical marketing magic to make its shortcomings seem less important, if not downright advantageous.

It would seem that Apple is way behind, not only in terms of announced products, but also because, as large language models become commoditized, access to proprietary training data and integrations will become key. Apple does have some unique data such as iTunes and App Store reviews, but these seem less useful than what its competitors have. Xcode Cloud could potentially be a great data source, but it, rightly, is designed for privacy:

Source code is only accessed for builds and the ephemeral build environments are destroyed when your build completes.

On the other hand, perhaps we are not that far from fitting really useful, if not market-leading, models on device. Apple has great hardware to run them, which is already deployed. It could work offline and preserve your privacy. This could be easier and cheaper to scale up to large numbers of users than models running in data centers.

Previously:

Update (2023-12-21): Tim Bradshaw:

Apple’s latest research about running large language models on smartphones offers the clearest signal yet that the iPhone maker plans to catch up with its Silicon Valley rivals in generative artificial intelligence.

The paper, entitled “LLM in a Flash,” offers a “solution to a current computational bottleneck,” its researchers write.

Its approach “paves the way for effective inference of LLMs on devices with limited memory,” they said. Inference refers to how large language models, the large data repositories that power apps like ChatGPT, respond to users’ queries. Chatbots and LLMs normally run in vast data centers with much greater computing power than an iPhone.

Friday, May 26, 2023

Disabling Quick Look In-Icon Previews

Craig Hockenberry:

This is ridiculous.

If you don’t have enough space to show paging arrows, you certainly don’t have enough space to view the content.

[…]

Where there’s a will, there’s a way. To disable movie, PDF, and other useless previews, but still maintain the image on the icon, use this from Terminal:

$ defaults write com.apple.finder QLInlinePreviewMinimumSupportedSize -int 512

Then relaunch the Finder.

Stop Smooth Scrolling in Safari 16.4

Jeff Johnson:

Smooth scrolling means that when you press the arrow keys to scroll down or up on a web page, the scrolling is animated rather than immediate.

[…]

My blog post macOS Containers and defaults explained why Terminal needs Full Disk Access. Next, you need to quit Safari and enter the following command in Terminal:

defaults write com.apple.Safari IncludeInternalDebugMenu -bool true

Then launch Safari, open the Debug menu at the end of the main menu, select WebKit Internal Features, and uncheck “EventHandler driven smooth keyboard scrolling”.

I see smooth scrolling as an accessibility issue and wish I could turn it off in all apps.

I’d been meaning to post about this and was reminded about it after installing Ivory, which doesn’t follow the NSScrollAnimationEnabled system setting.

See also: Glenn Fleishman.

Wallaroo and SwiftUI on macOS

Craig Hockenberry:

We have a View in the app that uses SceneKit to display a 3D scene with a confetti flourish after a customer starts a subscription. I was expecting stuff like that to take a lot of effort to get working on the Mac. Instead, it ran 100% out of the box with no modifications at all.

And the stuff that I was expecting to be easy, like a settings view, buttons, and menu commands, turned out to be hard. To put that “hard” in context, it took me about a month to go from an app that we were proud of on iOS to one that we were equally proud of on macOS[…]

[…]

We also found that many of the issues encountered on macOS were things we had done wrong on iOS. Porting the app to the Mac made both platforms better. We’re also rethinking our View architecture so things that are currently Mac-only can be used to improve the iPad experience.

[…]

You’re going to have platform-specific code. More than you realize: certainly more than I expected!

[…]

It took me three days to hook up a Save menu item and have it work reliably.

I don’t understand why they had to use a custom button style and a hard-coded radius to get buttons that looked good on both platforms. I thought the point of SwiftUI was that you’re supposed ot just specify that you want a button and it does the right thing on each platform.

Craig Hockenberry:

SwiftUI’s default mechanism for handling URLs on macOS isn’t great. If you’ve used .onOpenURL on a View to handle external events, you’ll be disappointed to learn that a URL scheme on macOS opens a new window (Scene) before it hands the URL to the view modifier. And if you’re using a single Window instead of a WindowGroup, nothing happens at all.

[…]

One thing we wanted to do was use the Escape key to pop the NavigationStack. On the Mac, it’s a key that has always represented “go back” and many apps (like Photos) take advantage of that. Unfortunately, to accomplish that in Wallaroo, we had to use an invisible ToolbarItem with a .keyboardShortcut(.escape, modifiers: []).

[…]

While you’re struggling with window and sidebar size constraints, you end up with UserDefaults for frames that have “fun” keys like "NSWindow Frame SwiftUI.(unknown context at $1acd3d768).SceneBridgeReader, SwiftUI.ModifiedContent>, SwiftUI._PreferenceWritingModifierSwiftUI.PreferredColorSchemeKey>, SwiftUI._EnvironmentKeyWritingModifier>>>>-1-AppWindow-1".

Craig Hockenberry (Mastodon):

You won’t realize how much you depend on SwiftUI previews until you start working on macOS.

Sometimes they kinda work, but more often than not you’ll get an endless spinner. When they do work, they’re not interactive (you have to use the selectable mode with the arrow icon).

[…]

The similarity of the key names makes this a hard lesson to learn. I looked at “aps-environment” and “com.apple.developer.aps-environment” for hours before I realized they were different. After you add the one for macOS manually, everything is golden.

[…]

We weren’t able to get FileRepresentation working in a Transferable. Other applications can’t access a temporary file that’s created for the export. This feels like a sandbox problem that we couldn’t work around.

Previously:

Thursday, May 25, 2023

Kaleidoscope 4

Leitmotif:

  • Syntax coloring, with multiple built-in themes.
  • Transform any comparison into a merge document that can be edited inline.
  • Text filters to clean up diffs by removing irrelevant data, such as time stamps, object addresses and unique identifiers.
  • Kaleidoscope Prism, a new helper app in the menu bar to quickly launch comparisons even if Kaleidoscope is not running.
  • Debugger integration for Python developers.
  • File properties show metadata, including size, file type, dates, and encoding.
  • A welcome window that speeds up the processes of creating new comparisons or finding recent ones.

The syntax coloring is nice. The most interesting feature for me is the text filters, which have a nifty interface that reminds me of BBEdit pattern playgrounds. I expect that they will prove useful when comparing Xcode debug or test output.

It’s not available from the Mac App Store.

Previously:

Update (2023-05-30): Florian Albrecht:

While the new version is very much a continuation of what we started 2.5 years ago with Kaleidoscope 3, we modernized many aspects of the app. This screenshot of a simple text comparison shows off some of the changes[…]

Update (2023-06-01): Florian Albrecht:

Kaleidoscope 4.0 comes with 7 predefined [text] filters. Most of them are designed for immediate real-world use. To illustrate how to use them, I am just going to run a simple and unfinished SwiftUI app to create license files from Xcode, twice, and copy the log output into Kaleidoscope.

[…]

While this result is not hard to understand, it contains a lot of “noise”, i.e. data that is not relevant to finding important differences. Let’s go ahead and clean this up a little.

Update (2023-07-25): Florian Albrecht:

The small square window in Kaleidoscope Prism is a great new target for dropping files and content. In addition to being a convenient visible drop area, the window has a button in the top right that provides another way to access the Kaleidoscope Prism menu. This has the benefit of making the menu available even when the menubar item is set to toggle the window (more about that below).

[…]

In order to be useful as a drop target, the window needs to be visible at the right moment. So let’s talk about how to configure this to fit your needs.

[…]

While it’s a rather tiny drop target, you can also drop content onto the Kaleidoscope Prism menu bar icon itself. Initially, it may feel a little odd to drop stuff onto the menu bar, but it is extremely convenient and space-saving.

Viewing Large Text Files

I recently needed to view and search a 20 GB log file and realized that I don’t know of any Mac text editors that are disk-based, i.e. that don’t load the entire file into RAM. Wikipedia has a list of editors with Large File Support, but it seems to be more about not having artificial RAM limits rather than supporting files that don’t fit in memory.

What I ended up doing in the moment, because I knew it would work, was to use split to break the file into smaller chunks. I then did a multi-file search with BBEdit.

I considered Hex Fiend, which is disk-based. It’s fast and has a find feature, but it’s less than ideal for this use case because it doesn’t support UTF-8 or show line breaks.

For short tasks in the future, I will probably use less, because it can directly open and search large UTF-8 files. But for longer tasks I don’t want to be working in Terminal.

Disk Utility in macOS 13.4

Howard Oakley:

Yet for those few years, Disk Utility’s First Aid feature has frequently failed to perform checks on APFS volumes, reporting various errors that are the result not of file system problems but bugs in Disk Utility. These boil down to the fact that fsck_apfs requires the volume to be unmounted, and Disk Utility has been unable to do that reliably. This has left users having to manually unmount volumes before using the First Aid tool.

[…]

Apple has at long last responded, and Disk Utility in Ventura 13.4 reaches new heights in version 22.6. I’m delighted to report that you can now check and repair almost every APFS volume you might wish. I’ve tried it on a wide range, including Time Machine backups, and on both internal and external disks.

[…]

What then appears to happen is that, because that Data volume is joined to the System volume using firmlinks, and mounted at a different path, Disk Utility can’t unmount the Data volume alone, so fails with the original error. The workaround is to select the Data volume, click the Unmount tool, which will then unmount both System and Data volumes, and you can then run First Aid without error.

Previously:

Wednesday, May 24, 2023

Ivory for Mac

Tapbots:

Ivory is free to download, but requires a subscription to use. You may subscribe and immediately cancel to activate a 7-day free trial and evaluate its features in full. Outside of the trial and subscription, the app is limited to one account and limited to read-only mode. The iOS+iPadOS app is a separate subscription, but there is a bundled discount if you want use Ivory across iOS, iPadOS, and macOS.

Joe Rossignol:

A new “Universal” subscription tier allows users to access Ivory across the Mac, iPhone, and iPad for $24.99 per year, or users can subscribe to the Mac app on its own for $14.99 per year.

John Voorhees:

What Ivory brings to the growing field of native apps is what we saw with iOS and iPadOS: impeccable taste and snappy performance that few other apps can match.

[…]

Ivory’s multi-column design is the most readable of any Mastodon app I’ve used. It’s easy with multiple columns of text and media for a multi-column window to look cluttered, so it’s a testament to Ivory’s design that it’s as readable as it is. One of the touches that helps a lot is that instead of including a tab bar for each column, Ivory uses drop-down menus at the top of each column to allow users to pick what the column shows. That eliminates a lot of duplicative interface elements you find in other apps like Mona.

I really appreciate the additional columns I can open on the Mac. When I use Ivory on my iPhone, it’s usually to read my own timeline. However, when I’m at my Mac, I’m usually working and want to keep tabs on the mentions coming into our MacStories accounts.

I discovered in the interregnum that the traditional Twitter client paradigm is not ideal for me. After using NetNewsWire to read Mastodon, I find that I prefer reading posts by account rather than mixed together in a timeline. I like having unread indicators and being able to bulk-mark certain ranges, accounts, or folders as read. I like not worrying about losing my scroll position or losing access to older posts if I take too long to read them. I like single-press archiving to EagleFiler.

That said, the combination of RSS and a Web browser is awkward and slow for basically any interaction other than skimming/reading, though Homecoming for Mastodon helps. I’d like to be able to use Ivory for these other tasks and to handle multiple accounts. I’m a bit put off, though, that it feels so much like an iOS app, in ways that Tweetbot didn’t. The Settings window seems even more constricted and rigid than System Settings, and I can’t close it with Command-W when it’s showing a subscreen. On the other hand, without Catalyst there wouldn’t be a Mac version today.

More importantly, I can’t stand being forced to use Universal Links. Universal Links that I could opt into would be great, but it seems like you can still only manually opt-out on a per-click basis. If every Mastodon link is going to switch to Ivory instead of staying in my browser—or, worse, open in Safari with a “Do you want to allow this page to open ‘Ivory’?” alert—I’m afraid I’ll probably have to uninstall it.

Previously:

Update (2023-05-29): John Gruber:

Ivory for Mac is a Mac app. But, numerous Catalyst-isms show through. System-wide Services menu items don’t work. Smart punctuation (automatic curly quotes and proper em-dashes when you type two hyphens) only work when you type slowly. Some views scroll via standard keyboard shortcuts (space/shift-space, Page Up/Page Down), but some don’t. A lot of these are things that I consider shortcomings in Apple’s Catalyst framework — the whole point of Cocoa from 20+ years ago is that standard controls get standard behavior out of the box, relieving developers from the drudgery of making simple expected platform-standard features work. Catalyst isn’t like that — or at least isn’t like that yet.

Old Macs and Activation Lock

Brendan Nystedt:

Within the secondhand community, even Macs with soldered-down components are looked at as having value, and ingenious tinkerers are repairing, upgrading, and adding software support to old machines long after Apple moved on to something new.

YouTuber Collin Mistr, known as dosdude1, demonstrates his skilled approach to upgrading and modifying older Macs on his channel. The videos are far from polished but show off how modifications and soldered-on upgrades can give old Macs new life.

[…]

As old Macs are dropped from Apple’s supported list, the Open Core Legacy Patcher project swoops in, using tricks learned when running macOS on non-Apple hardware and gives its utilities away for free.

[…]

A hard reality may be coming up for these savvy hardware and software hackers. With the advent of tighter security, things like Apple’s T1 and T2 chips, along with device management software, can turn older Macs into trash, with little hope of resuscitation or repair. “I know Apple claims [Activation Lock] is mostly for anti-theft, which it does prevent, but they try to hide from you that most locked devices you find out there, on eBay or in surplus sales, are locked not because they were stolen, but because the organization that had the devices didn’t know the lock exists in the first place,” opines Colin Mistr. “[Apple] doesn’t care…they’d rather the device be destroyed than reused.”

Tom Shouler (via Hacker News):

Jordan works at a small business. On her first day, Jordan purchased a brand new MacBook at the Apple Store and signed into her personal iCloud account. A year later, Jordan enrolled the device in the company’s MDM solution, but shortly after that, she left the company and moved across the country for a new job. Jordan’s device was wiped two days after her last day, consistent with the company’s usual off-boarding procedures. A new hire replaced Jordan and was given that same MacBook a few weeks later, but the MacBook was Activation Locked behind Jordan’s iCloud account. The company reached out to Jordan for help, but she couldn’t remember the device password and felt uncomfortable sharing her personal iCloud credentials. The device was unable to be used, so it had to be eWasted.

[…]

This is an unfortunate story, especially since MacBooks are not a trivial investment for most businesses. We’ve heard from many administrators who have been caught by surprise with Activation Lock and now own a $2,000 paperweight. It’s critical for any company that owns macOS devices to understand this risk.

[…]

To best insulate your business from this pain, we recommend two things[…]

Activation Lock is tied to Find My, which I have always disabled because I’m more worried about remote wiping than losing my Mac. I kind of wish these settings weren’t all bundled together.

Mr. Macintosh:

You can remove the firmware password + erase all data on a 2018-2020 T2 Mac with Apple Configurator 2 (Does not remove Activation Lock)

Previously:

Update (2023-07-11): See also: Hacker News.

The AARD Code and DR DOS

Geoff Chappell:

Some programs and drivers in some pre-release builds of Windows 3.1 include code that tests for execution on MS-DOS and displays a disingenuous error message if Windows is run on some other type of DOS. The message tells of a “Non-fatal error” and advises the user to “contact Windows 3.1 beta support”. Some programs in the released build include the code and the error message, and even execute the code, performing the same tests, but without acting on the result to display the error message.

Geoff Chappell (via Hacker News):

For roughly a year after I noticed on 17th April 1992 that the HIMEM.SYS driver from a Microsoft Windows 3.1 beta contained what eventually became known as the AARD Code, I had no idea which non-standard DOS had been affected.

[…]

By the late 1990s, the AARD code had no small role in a court case, Caldera, Inc. v. Microsoft Corp., 72 F. Supp.2d.1295 (D. Utah 1999), which Caldera, who was by then the owner of DR DOS after Digital Research and Novell, brought against Microsoft “for damages and injunctive relief under the antitrust laws of the United States, and for damages in tort”. The AARD code has ever since been for many some sort of pin-up for anti-competitive practices by Microsoft.

[…]

I, for the record, have tended to side with Microsoft on this: not on the general question of anti-competitive practices, for which Microsoft deserves far greater condemnation than the computer industry and various governments have allowed it to escape with, but on the AARD code specifically; and not then for the disingenuous error message and the code’s obfuscation, which I always thought childish and quickly also regarded as despicable, but for Microsoft’s general disposition to DR DOS.

Previously:

Tuesday, May 23, 2023

Microsoft Still Anti-Competitive

Thomas Germain (via Hacker News):

An April Windows update borked a new button in Chrome—the most popular browser in the world—that let you change your default browser with a single click, but the worst was reserved for users on the enterprise version of Windows. For weeks, every time an enterprise user opened Chrome, the Windows default settings page would pop up. There was no way to make it stop unless you uninstalled the operating system update.

[…]

This petty chapter of the browser wars started in July 2022 when Google quietly rolled out a new button in Chrome for Windows. It would show up near the top of the screen and let you change your default browser in one click without pulling up your system settings.

[…]

Mozilla’s Firefox has its own one-click default button, which worked just fine throughout the ordeal.

[…]

In response, Google had to disable its one-click default button; the issue stopped after it did.

Tom Warren (via Hacker News):

Microsoft has now started notifying IT admins that it will force Outlook and Teams to ignore the default web browser on Windows and open links in Microsoft Edge instead.

[…]

While this won’t affect the default browser setting in Windows, it’s yet another part of Microsoft 365 and Windows that totally ignores your default browser choice for links. Microsoft already does this with the Widgets system in Windows 11 and even the search experience, where you’ll be forced into Edge if you click a link even if you have another browser set as default.

[…]

“This change is designed to create an easier way for Outlook and Microsoft Teams users to reduce task switching across windows and tabs to help stay focused,” says Katy Asher, senior director of communications at Microsoft[…]

[…]

Microsoft tested a similar change to the default Windows 10 Mail app in 2018, in an attempt to force people into Edge for email links. That never came to pass, thanks to a backlash from Windows 10 testers. A similar change in 2020 saw Microsoft try and force Chrome’s default search engine to Bing using the Office 365 installer, and IT admins weren’t happy then either.

Previously:

Update (2023-06-27): Microsoft (Hacker News):

If you have a Microsoft 365 Personal or Family subscription, browser links from the Outlook app will open in Microsoft Edge by default, right alongside the email they’re from in the Microsoft Edge sidebar pane.

[…]

Ultimately though, if this experience isn’t right for you, you can turn off this feature the first time it launches in Microsoft Edge, and then in Outlook settings at any time after that.

Update (2023-08-31): Microsoft (via Hacker News):

In the European Economic Area (EEA), Windows system components use the default browser to open links.

helsinkiandrew:

That shows such complete and utter contempt for the wishes of their users. The user has actively selected a browser as the one they want to use by default, but windows only uses it in the EEA because they were forced to.

Tom Warren (via Hacker News):

I thought I had malware on my main Windows 11 machine this weekend. There I was minding my own business in Chrome before tabbing back to a game and wham a pop-up appeared asking me to switch my default search engine to Microsoft Bing in Chrome. Stunningly, Microsoft now thinks it’s ok to shove a pop-up in my face above my apps and games just because I dare to use Chrome instead of Microsoft Edge.

This isn’t a normal notification, either. It didn’t appear in the notification center in Windows 11, nor is it connected to the part of Windows 11 that suggests new features to you. It’s quite literally a rogue executable file that has somehow appeared in c:\windows\temp\mubstemp and is digitally signed by Microsoft.

Tom Warren (via Hacker News):

Microsoft will start unbundling Teams from its Microsoft 365 and Office 365 productivity suites in EU markets in October. The move is designed to avoid further antitrust scrutiny, after the European Commission opened a formal antitrust investigation into Microsoft’s bundling of its Teams software with the Office productivity suite last month.

Update (2023-09-11): Daniel Aleksandersen (via Hacker News):

Microsoft published a blog post on the Windows Insider Blog in late August with a vague statement saying that “Windows system components” were to begin respecting the default web browser setting. Windows 10 and 11 regularly bypass this setting and force-open links in Microsoft Edge instead. In my extensive testing, I haven’t found any changes in the new Windows Insider version.

2022 App Store Transparency Report

Apple (MacRumors):

Today, Apple announced that in 2022, the App Store prevented over $2 billion in potentially fraudulent transactions, and rejected nearly 1.7 million app submissions for failing to meet the App Store’s high standards for privacy, security, and content.

[…]

In 2021, Apple terminated over 802,000 developer accounts for potentially fraudulent activity. In 2022, that number declined to 428,000 thanks in part to new methods and protocols that allow the App Store to prevent the creation of potentially fraudulent accounts. Additionally, nearly 105,000 Apple Developer Program enrollments were rejected for suspected fraudulent activities, preventing these bad actors from submitting apps to the App Store.

[…]

In the last 30 days alone, Apple blocked close to 3.9 million attempts to install or launch apps distributed illicitly through the Developer Enterprise Program, which allows large organizations to deploy internal apps for use by employees.

Nick Heer:

Apple also says it stopped “more than one” app that “the potential” for credential theft. But how many is that? Is it two? Is it fifty? A bigger number would be more fitting for the apparent objective of this kind of report — to explain why iOS software distribution ought to be permitted only through the Apple-administered App Store instead of third-party stores — so the use of “more than one” is conspicuous.

[…]

Again, the unspoken rationale for these news releases — which Apple started publishing around the time European regulators began looking into its App Store-only iOS software distribution policy — is that Apple is uniquely suited to protecting its users from fraud and abuse. But it has also repeatedly struggled with preventing pretty obvious scams. I do not think its failure to achieve a perfect success rate is an indication that App Store protections are ineffective, but the company’s own statistics are also not necessarily painting a complete picture.

The more interesting numbers would be the false positives—how many apps were incorrectly rejected and how many developers gave up because of such rejections—and the false negatives—how many bad apps were not caught until after they were in the store or are still in the store.

Rob Jonson:

Chatter was rejected about 8 times for spam before finally being accepted with this REDACTION

Mysk:

Apple says it prevented over $2 billion in potentially fraudulent transactions. And this is only the transactions that got caught. How about the transactions that didn’t get caught? How much did they cost victims, who trusted the App Store? At Apple’s scale, even with 99% accuracy there would be a lot of mistakes.

James Thomson:

I think it says something about the scale of the App Store that Apple terminates more than a thousand developer accounts for fraud, per day.

Jeff Johnson:

It says the App Store is very profitable for scammers, otherwise they wouldn’t try so hard and so much.

Juli Clover (PDF, data, Hacker News, Slashdot):

Apple today published an inaugural App Store Transparency Report, something that the company agreed to provide to developers as part of a 2021 lawsuit settlement.

[…]

Developers appealed 18,412 app removals in total, and Apple restored just 616 apps. Apple says that apps that are appealed were typically pulled from the App Store for fraud or illegality, which is why the rejected appeal number is so high.

[…]

There are 36,974,015 registered developers, and in 2022, Apple terminated 428,487 developer accounts. According to Apple, developers are removed from the Apple Developer Program “for a number of reasons,” but most commonly because of accounts that are connected with other terminated developer accounts. 3,338 developers appealed their App Store bans, and Apple reinstated just 159 accounts.

Ryan Jones:

26% of app submissions are rejected (1.6 of 6.1M)

They say how many submissions were approved after rejection, but because there are multiple submissions per app we don’t know how many apps were eventually approved.

Basically, people go to the App Store wanting to download 1 specific app = No more browsing

And they redownload 2x as often as download = must be the major apps mostly, like Fb, Ig, banks, etc

Previously:

Monday, May 22, 2023

SwiftUICoreImage

Dan Wood:

Core Image is a wonderful image-processsing toolkit in macOS and iOS, but it’s a bit clunky to use. Even after Apple added Swift APIs to many of the filters (CoreImage.CIFilterBuiltins), it’s still pretty tedious to chain filters to images.

The purpose of this package is to provide an easier way to chain multiple filters to CIImage instances and then render them into SwiftUI (or any other context — SwiftUI is not needed).

[…]

Similarly to how SwiftUI view modifiers each return a modified View instance, these modifiers on CIImage take care of the core image chaining by creating a corresponding CIFilter, hooking up the inputImage for you, and returning the resulting outputImage.

[…]

The contents of CIImage-Filters.swift are generated source code, using code that I’ve included in this repository (CIImage-Generation.swift, not included in the package import). This loops through the core image metadata that Apple provides (CIFilter.filterNames(inCategories: nil)). Unfortunately this list is somewhat out of date and contains a number of inconsistencies that I’ve done my best to overcome.

Monduo 16-Inch Pro Duo

Eric Slivka:

The $800 Monduo Pro Duo isn’t the only dual portable external display accessory on the market, but of the major ones I’ve seen it comes the closest to approaching the high-end specs of the built-in displays on Apple’s notebooks. Optimized for 16-inch laptops like Apple’s larger MacBook Pro, the Pro Duo’s displays each measure in at a very similar 16 inches, with 100% DCI-P3 color support, 2560 ✕ 1600 resolution on each display, 500 nits of brightness, and variable refresh up to 144Hz.

[…]

That gives it a bit larger footprint than my 16-inch MacBook Pro while being slightly lighter, but it’s nearly twice as thick. Still, if you have a spacious computer bag with a couple of compartments as I do, there’s a chance the Pro Duo could slide right in there.

[…]

Once everything is physically connected, you’ll need to download the Monduo app, which manages the display drivers to support high-resolution options and synchronization with the built-in display.

I don’t understand why, even with USB-C, all these portable displays seem to need drivers. I ended up giving up on the AOC display because the drivers didn’t always work and seemed to cause crashes.

Previously:

Setting Up Sparkle

Sarah Reichelt:

Sparkle is an open-source update framework for macOS. It’s very popular and I’m sure you will have seen it used, even if you didn’t recognise it. But setting it up isn’t totally straight-forward, at least I didn’t find it so, which I why I’m using this post to document the process.

[…]

The Sparkle documentation is excellent and contains everything you need to know, but they allow for a wide range of use cases and configurations, which makes it difficult to follow at times.

[…]

Adding Sparkle to a sandboxed app requires some more steps[…]

[…]

Drag the image file into your disk image. Don’t worry about positioning it - you’re about to make the file invisible.

DropDMG is an easier way to create a disk image with a background picture, and it will code sign the .dmg file, too.

Previously:

Friday, May 19, 2023

2023 Automation April Shortcuts Winners

John Voorhees:

What Biatek did to solve this daily annoyance was to create Yes More Events, a shortcut that looks at your overdue tasks in Reminders and adds an event to the end of your day that starts at 11:45 pm and ends just before midnight. The event lists how many overdue events you have and includes the task titles in the event’s notes field. That way, if you finish your events for the day and find yourself with a little extra time, you can jump right into the shortcut-created event to pick a task or two to complete.

[…]

When you run the shortcut, you’re given four initial choices. You can start a workout, which opens up your list of activities. Once one is chosen, the Apple Watch’s Workouts app starts the corresponding workout. The other options available are logging your weight, water intake, or caffeine consumption.

[…]

The beauty of this shortcut is that, on macOS, the ‘Take Screenshot’ action can display the native screenshot tool’s crosshair anywhere on the system, allowing you to capture any region of the screen in seconds. Once this shortcut has been assigned a keyboard shortcut, you’ll be able to quickly take a screenshot of the QR code – it doesn’t have to be precise – and, a few seconds later, its link will open in a new Safari tab.

[…]

The only problem: inline conversion wasn’t brought over to macOS. […] Meme Maker, saw an opportunity for a macOS shortcut designed to replicate the inline unit conversion feature of iOS, and he got to work. The result is Inline Converter, a shortcut that is best experienced on the Mac – but which I also love to use on my iPad – that lets you select any text anywhere on the system and instantly converts recognized values for distance, volume, temperature, weight, and angles.

[…]

Feedback to Markdown can convert the RTF files generated by the Feedback app for Mac when pressing ⌘E (this is something I learned from this shortcut) into readable Markdown files.

Unfortunately, Feedback Assistant only lets you export one at a time.

Google Updates Inactive Account Policy

Juli Clover (via Hacker News):

Going forward, if a Google Account has not been used or signed into for at least two years, Google may delete the account and its contents. This includes content from Gmail, Google Docs, Google Drive, Google Meet, Calendar, YouTube, and Google Photos.

The policy is applicable to personal Google Accounts rather than those created for businesses and schools. Users with an inactive account will see those accounts being deleted starting in December 2023, but Google plans to provide plenty of notice before it starts to cull accounts.

Michael Simon:

Nor is it out of step with what Apple does. In fact, Apple will delete an inactive account a lot quicker than Google will and seemingly with less warning. Here’s what Apple says in its iCloud terms:

In addition, Apple may terminate your Account upon 30 days’ prior notice via email to the address associated with your Account if (a) your Account has been inactive for one (1) year; or (b) there is a general discontinuance of the Service or any part thereof.

Previously:

Update (2023-05-22): Ron Amadeo (via Bruce Schneier):

Google’s new inactive account policy already has people up in arms. The company announced on Tuesday that accounts that have gone unused for two years will be deleted, and a lot of people are asking what exactly this means for YouTube content. There are probably millions of videos out there from dead and inactive YouTube creators—would Google’s new data policy mean deleting nearly two decades of online history?

[…]

YouTube’s creator liaison, Rene Ritchie, clarified on Twitter that Google has “no plans to delete accounts with YT videos.” 9to5Google heard the same statement from a Google spokesperson. That is great news, but that’s also very vague and runs contrary to what all of Google’s current documentation says, including the blog post. Can people keep a Google account alive forever with a single video? We’ve had an email out to Google since Tuesday night asking for some kind of formal policy regarding YouTube videos, but we haven’t heard anything yet.

Thursday, May 18, 2023

macOS 13.4

Juli Clover (release notes, security, enterprise, developer, full installer, IPSW):

There are several bug fixes in the update, with Apple addressing problems with Auto Unlock with Apple Watch, Bluetooth keyboards, Screen Time, and VoiceOver. The update also adds a Sports feed in the sidebar of the Apple News app, and it introduces the simplified beta installation method that was first introduced in iOS 16.4.

See also: Howard Oakley and Mr. Macintosh.

Nathaniel Strauss:

Starting in macOS 13.4, there is no longer a way for Mac admins to programmatically manage beta program enrollments. During the 13.4 beta cycle it was announced seedutil is deprecated, to be removed entirely in a future release, and the only path forward to enroll in beta programs being Apple IDs. Apple has taken away a long used utility relied upon by Mac admins and not given much back in return.

Jeff Johnson:

So, uh, Apple credited me (and others) with a security bug, but… they didn’t actually fix the bug.

The description of the bug seems wrongish too.

Previously:

Update (2023-05-23): Howard Oakley:

Significant version changes seen among bundled apps include[…]

Howard Oakley:

There are several factors that could be responsible for Ventura’s updates being so relatively small.

[…]

Apple has also been steadily improving the engineering of macOS updates since the heady days of Big Sur. The minimum size of a Big Sur update was 2.3 GB for Intel and 3.3 GB for Apple silicon, which has reduced in Ventura to 0.5 GB and 1.9 GB respectively. On some older Intel Macs, these new more compact updates do take longer to prepare, but are normally far more rapid on Apple silicon Macs.

Big Sur seems to have marked the high tide for macOS update size. With improved engineering, falling overhead from firmware updates, and RSRs, macOS updates should be even lighter in their burden.

Howard Oakley:

The best solution is to enable network diagnostic logging, but as of macOS Ventura 13.4 that has changed and become more inaccessible, as it requires that SIP is disabled.

Previously:

Update (2023-05-30): Jeff Geerling:

Something’s seriously broken with monitor support in macOS Ventura 13.4

Now both computers I updated go into this endless monitor sleep/wake loop if I have the display off without sleep. […]

Happening on two different model LG 4K displays, one on MacBook Air M2, one on Mac Studio M1 Max.

If I put the Mac to sleep, the monitor powers off and stays off.

In both cases, this has never been an issue until updating to 13.4.

See also: Reddit and the Apple Developer Forums.

Update (2023-06-01): Dave Wood:

Holy. I updated to macOS 13.4 today, figuring it couldn’t get any worse than 13.2 that I was on. Boy was I wrong.

I use hot corners to put my displays to sleep. I just triggered the corner, and the machine rebooted.

This just happened to me this morning when I accidentally moved the mouse into the corner.

Update (2023-06-13): Dave Wood:

The machine has still spontaneously rebooted about 10 times since updating (a day ago), but, the displays have come back in the same, correct arrangement each time. Could that finally be fixed?

[…]

They’ve obviously done something on displays, because sometimes the screensaver only shows up on 2 of the 3 (no idea how that becomes a new bug, but whatever, I’ll take it).

iOS 16.5 and iPadOS 16.5

Juli Clover (release notes, security):

In iOS 16.5, Apple is adding a new Pride wallpaper, a Sports tab in Apple News, and fixes for issues with Spotlight and Screen Time.

Previously:

Update (2023-05-23): Juli Clover:

This guide highlights all of the new features in the iOS 16.5 update.

Joe Rossignol:

Apple’s Lightning to USB 3 Camera Adapter does not work with iPhones and iPads that have been updated to iOS 16.5 and iPadOS 16.5, according to several users across the MacRumors Forums, Apple Support Community, and Reddit.

Update (2023-05-26): Contacts syncing is broken in macOS 13.4/iOS 16.5 (FB12205324). Editing a related name deletes all related names from the card on other devices. And then if you try to edit them there it deletes them from the original device. They also don’t export to .vcf.

Update (2023-07-27): Jonathan Wight:

Contacts apps on latest beta seems to have lost all relationship info. So I can no longer use Siri text “my wife”.

[…]

Also all contact relationship fields are just gone. poof.

I can no longer set any relationships at all in Contacts across any OS.

Update (2023-07-31): Cédric Luthi:

iOS 16.5 also broke CarPlay for many people!

Update (2024-01-09): Editing related names with iOS 17.2.1 no longer deletes them, but changes to them on my Mac no longer sync to my phone.

macOS 12.6.6 and macOS 11.7.7

Apple (full installer):

This document describes the security content of macOS Monterey 12.6.6.

Apple (full installer):

This document describes the security content of macOS Big Sur 11.7.7.

See also: Howard Oakley.

Previously:

Photomator for Mac

Tim Hardwick:

Photomator 3.0 today got its official release on macOS, bringing Pixelmator’s iPhone and iPad photo-editing app to MacBooks and Mac desktops for the first time.

With an interface that will be familiar to users of Photomator on iOS and iPadOS, the Mac app includes a fully fledged photo browser with native Photos app integration, allowing users to organize, duplicate, share, and favorite images, as well as sync edits between Photomator and the Photos Library.

I guess this is the new name for Pixelmator Photo. It’s $29.99/year or $99.99 lifetime, up from $23.99 and $54.99 when it was iOS-only.

It’s really cool how multiple apps can plug into the system photo library, but it has practical as well as hard limits, and it’s just not what I want to use to consolidate all of my photos and videos or use for long-term storage.

Previously:

Update (2023-05-24): Nick Heer:

But, as these are merely suggestions, it makes for an effectively no-lose situation: if the automatic repair or cropping works perfectly, it means less work; if neither are effective, you have wasted only a few seconds before proceeding manually.

The Photos integration is fantastic. If you have ever used a mixed Lightroom and iCloud Photos environment, the simplified workflow is a dream come true. Photomator is also a damn good RAW photo editor. While Photos has some editing tools built in, they are cumbersome for experienced users — there are three modes for white balance editing in Photos, but you cannot select Temperature/Tint as the default, for example. Photomator feels like it has been designed by people who edit photos for people who edit photos.

FTC Says Facebook Violated 2020 Consent Decree

FTC:

The Federal Trade Commission proposed changes to the agency’s 2020 privacy order with Facebook after alleging that the company has failed to fully comply with the order, misled parents about their ability to control with whom their children communicated through its Messenger Kids app, and misrepresented the access it provided some app developers to private user data.

[…]

This is the third time the FTC has taken action against Facebook for allegedly failing to protect users’ privacy.

Via Matt Stoller:

So the FTC will ban targeted ads to children, to stop the incentive to engage in surveillance.

[…]

Facebook is extremely mad and calls it a ‘political stunt,’ saying the FTC should focus on TikTok.

[…]

The order has some other requirements, like forcing a privacy assessment before launching new products.

[…]

What happens now? There will be a hearing where Facebook will make its case that they didn’t in fact violate the consent decree or laws against deception and tracking children online.

Nick Heer:

Strange how Meta, previously Facebook, keeps having problems with its video and advertising products in ways which benefit the company. It should really look into why that is so often the case.

Previously:

Facebook owner Meta has been fined a record 1.2 billion euros ($1.3 billion) for transferring EU user data to the United States in breach of a previous court ruling, Ireland’s regulator announced on Monday.

Meta seems to be right in pleading scapegoat for a technique used by plenty of other businesses. However, few can claim the scope and scale of Meta’s violations, and especially its frequency. Companies owned by Meta represent seven of the ten greatest penalties issued under GDPR rules.

Wednesday, May 17, 2023

Apple’s 2023 Accessibility Feature Preview

Apple (Hacker News):

Coming later this year, users with cognitive disabilities can use iPhone and iPad with greater ease and independence with Assistive Access; nonspeaking individuals can type to speak during calls and conversations with Live Speech; and those at risk of losing their ability to speak can use Personal Voice to create a synthesized voice that sounds like them for connecting with family and friends. For users who are blind or have low vision, Detection Mode in Magnifier offers Point and Speak, which identifies text users point toward and reads it out loud to help them interact with physical objects such as household appliances.

[…]

With Live Speech on iPhone, iPad, and Mac, users can type what they want to say to have it be spoken out loud during phone and FaceTime calls as well as in-person conversations. Users can also save commonly used phrases to chime in quickly during lively conversation with family, friends, and colleagues. Live Speech has been designed to support millions of people globally who are unable to speak or who have lost their speech over time.

For users at risk of losing their ability to speak — such as those with a recent diagnosis of ALS (amyotrophic lateral sclerosis) or other conditions that can progressively impact speaking ability — Personal Voice is a simple and secure way to create a voice that sounds like them.

Will there be a way to export your Personal Voice so that you aren’t totally reliant on iCloud to preserve it? Many of these users will not be able to just re-record new prompts if something goes wrong or if they need to switch to a different Apple ID.

Emma Roth (via Hacker News):

Additionally, Apple is introducing streamlined versions of its core apps as part of a feature called Assistive Access meant to support users with cognitive disabilities. The feature is designed to “distill apps and experiences to their essential features in order to lighten cognitive load.” That includes a combined version of Phone and FaceTime as well as modified versions of the Messages, Camera, Photos, and Music apps that feature high contrast buttons, large text labels, and additional accessibility tools.

[…]

As an example, Apple says a user can aim their device’s camera at a label, such as a microwave keypad, which the iPhone or iPad will then read aloud as the user moves their finger across each number or setting on the appliance.

Shelly Brisbin:

Photos and Music each display their contents in a grid that’s “flatter” in structure than the hierarchical interfaces the standard versions of those apps offer.

Assistive Access is the closest Apple has come to an interface designed specifically for people with disabilities or elders—an option that Android has offered via its support for alternative launchers. It will be interesting to see if it’s full-featured enough to not only support users with cognitive disabilities, but also offer a “grandparent-friendly” experience for those trying to choose between and iPhone and an Android phone.

[…]

Last year’s accessibility preview featured a handful of enhancements for hearing aid owners who use an iPhone. This year, Apple says support for Made for iPhone Hearing Aids is coming to the Mac. That’s been a long time coming. You’ll need an M1 or better Mac to make the connection, though.

Previously:

Update (2023-05-19): Mr. Macintosh:

In a few of the images, System Settings has a forward button ?

Joe Rossignol:

Those with an iPhone, iPad, or newer Mac will be able to create a Personal Voice by reading a randomized set of text prompts aloud until 15 minutes of audio has been recorded on the device. Apple said the feature will be available in English only at launch, and uses on-device machine learning to ensure privacy and security.

Harry McCracken:

People who create Personal Voices will get to judge for themselves how well the company met this goal. With audio samples I heard, reproducing a variety of distinct voices, the intonation and pacing could be a bit flat, as computerized speech tends to be. Overall, though, they were impressive, entirely distinct from each other, and certainly worlds apart from the one-voice-fits-all feel of most of the synthesized speech in our lives.

[…]

Those creating voices for later use will presumably want to sync them to their iCloud account for eventual access on devices they may not yet own. But that process only happens at their express instruction, and the data is encrypted on Apple’s servers.

So backup is opt-in, and there’s no mention of exporting.

John Voorhees:

To get a better sense of what some of this week’s announcements mean, I spoke to David Niemeijer, the founder and CEO of AssistiveWare, an Amsterdam-based company that makes augmentative and alternative communication (AAC) apps for the iPhone and iPad, including Proloquo, Proloquo2Go, and Proloquo4Text. Each app addresses different needs, but what they all have in common is helping people who have difficulty expressing themselves verbally.

.zip TLD

Christina Yeh (tweet, via Hacker News):

Google Registry has launched some of the most popular (and secure) top-level domains, such as .app and .dev. Today, we’re adding eight new extensions to the internet: .dad, .phd, .prof, .esq, .foo, .zip, .mov and .nexus.

Terence Eden (via Hacker News):

Many years ago, Google applied for the .zip Top Level Domain. ICANN, in its infinite wisdom, granted it. And now, I think, bad things are going to happen.

[…]

So what happens when things which are not domain names look like they are domain names? I’ve been worrying about this for a few years[…] Anyway, have fun determining if the link you see was ever intended to link to a website!

He’s referring to confusion over the .zip filename extension for compressed archives. Amazingly, the original idea for the TLD was in reference to the Iomega Zip drive.

Karen West (via Hacker News):

You can now purchase .zip and .mov domain names, like the one this page resides on! Isn’t that just fun for the entire family?

[…]

For decades engineers have been working hard to try and make the internet less susceptible to phishing attacks, look-alike domains, etc., and now money men have decided to unravel that work so somebody can purchase anyword.zip as a domain name.

Previously:

Update (2023-05-18): Ezekiel Elin:

I’ve seen points claiming that apps will auto link something like document.zip and then a scammer could pre-emptively have created a scam website - but I feel like most systems don’t auto link without http(s):// and when they do it’s usually just .com/.org

Martin Brinkmann (via Sören):

The .zip extension allows cyber criminals to run phishing campaigns that abuse the fact that .zip is a popular file extension and also a top level domain.

Domains such as officeupdate.zip or microsoft-office.zip have already been used in phishing campaigns. The latter is still online but safe browsing should warn users prior to accessing the site in question. Several of the registered domains could be used in phishing campaigns, while others may be used for legitimate purposes.

[…]

Some applications may attach hyperlinks to ZIP file names now, which may lead to the firing of DNS queries and the leaking of information to the .zip domain.

The ICSS recommends to disable access to .zip domains entirely until the dust settles and risks can be accessed.

Bobbyr (via Sören):

Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe?

[…]

As you can see in the breakdown of a URL below, everything between the scheme https:// and the @ operator is treated as user info, and everything after the @ operator is immediately treated as a hostname. However modern browsers such as Chrome, Safari, and Edge don’t want users authenticating to websites accidentally with a single click, so they will ignore all the data in the user info section, and simply direct the user to the hostname portion of the URL.

Volume Names, Mount Points, and Normalisation

Howard Oakley:

[The] current Data volume, by default named either Macintosh HD - Data (Intel) or simply Data (Apple silicon), isn’t mounted in /Volumes at all, but at /System/Volumes/Data. This article looks at another situation where APFS volumes will appear at mount points that differ from their volume name, when there’s the potential for a name collision, such as one resulting from Unicode normalisation.

[…]

The last time that I looked at the state of normalisation in APFS, almost two years ago, I found there were still issues and bugs, most weirdly with the fact that a volume whose name contains composed forms (Form C) was inaccessible to Spotlight indexing. That wasn’t helped by the fact that, unlike the Finder, Disk Utility doesn’t normalise the names of APFS volumes, and lets you create two volumes in the same container that differ only in their normalisation, and appear identical to the user.

[…]

APFS and Disk Utility are very flexible when it comes to naming volumes. If you want, you can mix cases across volumes that aren’t case-sensitive, and even use exactly the same name for as many volumes as you want, because the file system doesn’t identify volumes by name. What’s most important to APFS is the UUID of the volume: try mounting two volumes with identical UUIDs and you’ll see what I mean.

[…]

What happens is that the volume name is normalised to Unicode Form D, or decomposed, and compared without case-sensitivity to existing mount paths. If there’s any clash, then a number is appended after the normalised name to form the additional mount path.

Previously:

Morris Tanenbaum, RIP

James R. Hagerty:

Dr. Tanenbaum, a chemist who worked for Bell Telephone Laboratories, the research arm of American Telephone & Telegraph Co., saw a chance to dash back to work to test his latest ideas about how to make better semiconductor devices out of silicon.

He tried a new way of connecting an aluminum wire to a silicon chip. He was thrilled when it worked, providing a way to make highly efficient transistors and other electronic devices, an essential technology for the Information Age.

[…]

Dr. Tanenbaum’s pioneering work in the mid-1950s demonstrated that silicon was a better semiconductor material for transistors than germanium, the early favorite.

[…]

“Bell Laboratories, the world’s premier industrial laboratory, was destroyed [following the 1982 antitrust settlement], a major national and global tragedy,” he wrote later in an unpublished memoir written for his family.

Amanda Davis (Hacker News):

Tanenbaum later developed the first gas-diffused silicon transistor, which could amplify and switch signals above 100 megahertz at a switching speed 10 times that of previous silicon transistors.

Despite Tanenbaum’s early work on silicon transistors, AT&T did not support further research or advancement of the technology.

[…]

Tanenbaum instead worked on other new technologies in the decades that followed. In 1962 he was named assistant director of Bell Labs’ metallurgical department. He led the team there that created the first high-field superconducting magnets, which are now used in MRI machines and other medical imaging technologies. Later he helped develop optical fiber and digital telephone switching.

Tuesday, May 16, 2023

Git Tower 9.3

Tower:

The Merge Wizard now shows all commits that actually changed the file on each side, instead of just showing the - often unrelated - commit at the tip of the branch or revision for a conflict side. This provides helpful context information about the conflict and shows who modified the file on each side and when.

[…]

The last modified timestamp is now displayed for each side, making it easy to determine which version is newer.

[…]

Each conflict side is now labeled with the branch name or revision that the version originated from, making it easier to understand which side belongs to which branch or revision.

Previously:

The Legacy of BlackBerry and BBM

Christina Warren (Mastodon):

BlackBerry Messenger, better known as BBM to its millions of once-devoted fans, was arguably the original “killer app” of the smartphone age and it set the standard for the way we have communicated via text on our phones for nearly 20 years and defined the blueprint for mobile messaging services as we know them.

[…]

The brilliance of BBM was that it combined two existing quick messaging paradigms, instant messengers a la AIM and Yahoo Messenger and SMS. But unlike SMS, which U.S. wireless carriers were charging between five and ten cents a message for, BBM was free, included within the data plan that every BlackBerry user paid for either through their carrier or through an enterprise server agreement with their employer. Whereas a normal wireless user might send a few hundred SMS messages in a month, depending on their wireless plans allowance, BlackBerry users would frequently send and receive hundreds of messages a day.

[…]

Beyond just “D” and “R” designations, every BlackBerry had a blinking red light that indicated a new BBM message (or email) had arrived to your phone, putting the “crack” in “Crackberry.” Before BBM, the idea of being “always on” was a concept that was reserved for only the most hardcore of computer users; those constantly tethered to a desktop or laptop. After BBM, it was a way of life.

[…]

Instead of using a phone number or username/email as your unique identifier, BlackBerry users were issued a unique eight-digit alphanumeric PIN instead. Each PIN was unique to its physical device, which made the process of switching devices sometimes fraught and necessitated the need for PIN exchanges, and for some users of a certain age, your PIN was your identity.

Detecting Unwanted Location Trackers

Apple:

Apple and Google jointly submitted a proposed industry specification to help combat the misuse of Bluetooth location-tracking devices for unwanted tracking. The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across iOS and Android platforms. Samsung, Tile, Chipolo, eufy Security, and Pebblebee have expressed support for the draft specification, which offers best practices and instructions for manufacturers, should they choose to build these capabilities into their products.

[…]

The specification has been submitted as an Internet-Draft via the Internet Engineering Task Force (IETF), a leading standards development organization. Interested parties are invited and encouraged to review and comment over the next three months. Following the comment period, Apple and Google will partner to address feedback, and will release a production implementation of the specification for unwanted tracking alerts by the end of 2023 that will then be supported in future versions of iOS and Android.

Nick Heer:

In other words, this spec should prevent people from needing to install a bunch of proprietary detection apps. How a device differentiates between legitimate and creepy uses of trackers is something left to a platform’s “unwanted tracking algorithms”.

Juli Clover (Hacker News):

The New York Police Department (NYPD) is encouraging New York car owners to install Apple AirTags in cars in order to cut down on car theft in the city.

[…]

In an accompanying press conference on Sunday, New York City mayor Eric Adams said that the city will provide 500 free AirTags to car owners. According to CBS News, the AirTags are available to residents in Castle Hill, Soundview, and Parkchester, as these areas have seen a 548 percent increase in stolen Hyundai and Kia vehicles.

John Gruber:

This is a case where, ideally, you’d want FindMy (or Apple’s Tracker Detect app for Android) not to notify a potential thief that they’re being tracked by an unknown-to-them AirTag. But we can’t have it both ways. There’s no magic way to mark your AirTag as not being used for stalking.

Previously:

Go Compiler Telemetry

Thomas Claburn (Hacker News):

Russ Cox, a Google software engineer steering the development of the open source Go programming language, has presented a possible plan to implement telemetry in the Go toolchain.

However many in the Go community object because the plan calls for telemetry by default.

[…]

Cox’s proposal summarized lengthier documentation in three blog posts.

Russ Cox:

This post is about why I believe telemetry is important for open-source projects, and what it might look like to approach telemetry in an open-source-friendly way. That leads to a new design I call transparent telemetry.

[…]

Statistics gathered by transparent telemetry make it possible for developers to notice that something is going wrong even when users do not.

For example, during the Go 1.14 release process in early 2020 we made a change to the way macOS Go distributions are built, as part of keeping them acceptable to Apple’s signing tools. Unfortunately, the way we made the change also made all the pre-compiled .a files shipped in the distribution appear stale to builds. […] No one reported the bug over three years of Go releases. We didn’t notice and fix the problem until late 2022 while investigating something else.

[…]

Some open-source projects have adopted traditional telemetry, with mixed success and varying levels of user pushback. For example: Audacity, GitLab, and Homebrew. Homebrew’s telemetry seems to be generally accepted by users, and VS Code’s detailed telemetry has not stopped it from being used by 74% of developers, as reported by the 2022 StackOverflow survey.

Russ Cox (Hacker News):

  • Counting: Go toolchain programs store counter values in per-week files maintained locally.
  • Configuration: There is a reviewed public process for defining a new graph or metric to track and publish on the Go web site. The exact counters that need to be collected, along with the sampling rate needed for high accuracy results, are derived from this configuration.
  • Reporting: Once a week, an automated reporting program randomly decides whether to fetch the current configuration and then whether to be one of the sampled systems that week. If so, it reports the counters listed in the configuration to a server run by the Go team at Google. In typical usage, we expect a particular Go installation to report each week with under 2% probability, meaning less than once per year on average.
  • Publishing: The server publishes each day’s reports in full (in a compressed form) as well as publishing the tabular and graphical summaries defined in the configuration.

Russ Cox:

Understanding how often GOPATH mode (non-module mode) is used is important for understanding how important it is to keep running, and for which use cases.

[…]

David Gerard (via Hacker News):

the Go maintainers are now claiming that objectors to Google’s opt-out telemetry proposal on the Go compiler - yes, really - are arguing in bad faith and violating the Code of Conduct, and their comments are getting hidden.

Russ Cox:

The current plan is to use some form of opt-in to collect telemetry.

[…]

As mentioned in the introductory post, -buildmode=shared has never worked particularly well, and its current design is essentially incompatible with Go modules. We have a rough design for how we might make it work, but that’s a lot of work, and it’s unclear whether it should be a high priority. Our guess is that there are essentially no users of this flag, and that therefore it shouldn’t be prioritized. But that’s just a guess; data would be better.

[…]

The Go build cache is a critical part of the user experience, but we don’t know how well it works in practice. The original build cache heuristics were decided in 2017 based on a tracing facility that we asked users to run for a few weeks and submit traces. Since then, many things about Go builds have changed, and we have no idea how well things are working.

See also: Dropbox (via Hacker News).

Previously:

Update (2023-05-17): Russ Cox (via Hacker News):

No change in consensus, so accepted. 🎉

Monday, May 15, 2023

Context SDK

Felix Krause:

Today, whether your app is opened when your user is taking the bus to work, in bed about to go to sleep, or when out for drinks with friends, your product experience is the same. However, apps of the future will perfectly fit into the context of their users’ environment.

[…]

Context SDK leverages machine learning to make optimized suggestions when to upsell an in-app purchase, what type of ad and dynamic copy to display, or predict what a user is about to do in your app, and dynamically change the product flows to best fit their current situation.

[…]

Meta has published data on how “less is more” when it comes to notifications and user prompts[…] With Context SDK, you can significantly reduce the number of prompts you show to your users, and a result increase your conversion rates.

Via Dave Verwer:

This would instantly be deep into “creepy” territory if that data was being sent back to some company’s server to be stored and cross-referenced against loads of other data, but the SDK doesn’t request any additional app permissions and never sends a network request. It all happens on-device.

There is something that keeps my “this doesn’t feel quite right” sense tingling. I think it comes down to many years of hearing story after story of unscrupulous companies doing dubious (or awful) things with large amounts of behaviour data, though, rather than being related to anything this SDK is doing.

[…]

This idea feels like a win for everyone involved. Users get fewer calls to action at inconvenient times, and developers get happier users who are slightly more likely to respond to a CTA.

It’s not clear to me what the pricing is or whether you get access to the library’s source.

How Apple Help Works and How It Doesn’t

Howard Oakley:

Before High Sierra, Help Manager was troubled by several bugs, and had become unreliable prior to its major revision in 10.13.4. Since then further bugs have come and gone; among the more troublesome are those in Big Sur and Monterey, which can prevent a Help book from opening, or, if it does eventually open, the book displays completely blank pages.

Although those appear to have resolved in Ventura, three issues remain[…]

[…]

Because HelpViewer is a separate app, sometimes Stage Manager considers the Help window is another window owned by the parent app, and sometimes it’s treated as belonging to a different app. These inconsistencies are gradually being ironed out as Stage Manager matures.

Previously:

Update (2023-05-22): Mario Guzman:

Just finished what is probably the biggest update to my blog post “Authoring macOS Help Books in 2020 (and beyond)”

I haven’t added a full Localization process just yet but will soon.

Eighty Shades of Option Key

Guillaume Gète (via Glenn Fleishman):

The little guide lists seventy various tips, from the particularly useful to the very futile... Obviously, it is not a question here of being exhaustive, but rather to give ways to encourage you remember to press the Option key during all your manipulations with the mouse and the keyboard... in order to save you time and make you more productive, even... have fun!

See also: TidBITS-Talk.

Update (2023-05-16): gsymon:

There’s also Apple Help/Support, which is fairly comprehensive. I think I may even have printed it out many years back.

Update (2023-05-17): Sarah Reichelt:

And if you’re just starting to use keyboard shortcuts, or find this list overwhelming, check out an article I wrote for the people at Timing app (my favourite time tracker) about using keyboard shortcuts on your Mac.

Post-Twitter Diaspora Options

Mike Masnick:

Over the last six months I’ve spent more time on Mastodon than anywhere else, and the community there is fantastic. I understand why some people complain about the onboarding process, or the lack of some features (text search and quote tweets being the two biggest). But, honestly, if you spend 15 minutes playing around with stuff, and follow a reasonable number of active accounts and (most importantly) start interacting and actually talking to people, it quickly becomes a very fun place.

Obviously, that only works if the communities you want to interact with are there, and for me, there’s definitely a critical mass of the kinds of accounts I find most interesting.

[…]

There are also a ton of misconceptions about Bluesky, which can be a little bit frustrating, but that is part of today’s ecosystem. Contrary to what many people seem to believe, it’s not a blockchain and is not built on a blockchain. Also, while Jack Dorsey provided the seed funding for it, Bluesky is not run by Dorsey, and both Dorsey and Bluesky CEO, Jay Graber, have been somewhat public about where they disagree on where they expected Bluesky to go, with Graber sticking to her vision and Jack focusing more on a different protocol (that one’s up next).

[…]

If people thought Mastodon was too confusing, they’re not going to like nostr, as it seems to confuse people a lot more. In some ways, this feels ironic, because the amazingly cool part about nostr is just how freaking simple it is. From a technical standpoint, nostr is kind of beautiful in its simplicity. […] This is the protocol that Jack Dorsey seems most interested in these days, and he spends a lot of time there (and, also just convinced his parents to join nostr as well), so even as he helped kick off Bluesky (and Twitter!) if you’re following where his interest lies, it’s clearly on nostr right now.

Do Bluesky and nostr support RSS?

Dave Winer:

I definitely want Bluesky to just go away. I don’t like it because if it gains traction it has potential of replacing Twitter as the festering turd in the middle of what should have been a vibrant growing market that keeps anything else from rising in competition with it.

John Gruber:

Bluesky is going to skyrocket to mainstream popularity and actually replace Twitter, and Mastodon cannot, because Bluesky is being designed to be simple, fun, and — most importantly — easy to understand.

I’m not trying to provoke. I like Mastodon, especially using @ivory, and I love the community I’m in here. And maybe our community will stay here. What makes Mastodon good for us nerds is that all the non-nerds aren’t here.

But it’s obvious already: regular people instantly grok Bluesky. They’ve had months to sign up for Mastodon and haven’t — because they don’t understand it, and what they see of it doesn’t look like fun.

MacKenzie Sigalos and Jonathan Vanian:

Bluesky has exploded in popularity over the past few months, according to data provided to CNBC by market intelligence firm Sensor Tower, although it still lags far behind Twitter in total download volume.

[…]

Bluesky appears to be gaining more attention than decentralized messaging app Mastodon, which attracted a lot of interest in November as a possible alternative to Twitter. In April, for instance, Mastodon only had 90,000 downloads, the Sensor Tower data showed.

Via Nick Heer:

Measuring the popularity of decentralized services based on the number of app downloads seems like, at best, a flawed metric. Because Bluesky is available only by invitation, it has only about 65,000 users. And, while Sigalos and Vanian have effectively written off Mastodon based on the number of downloads of its official app, an independent bot reported over 210,000 new users in the last week of April. If the numbers from Mastodon User Tracker’s bot are to be believed, the network had 10,526,195 users at the end of March and 11,509,031 at the end of April, a difference of nearly a million users.

Previously:

Friday, May 12, 2023

Apple Service Outages

Ben Lovejoy:

The number of Apple service outages lately seems to have risen to the point where they’ve become almost routine.

[…]

Let’s look just at Apple service outages and issues in the four-and-a-bit months of the year to date – and these are just the examples found by a quick search of our own site, which only reports the more widespread problems[…]

[…]

I can’t count the number of times I see tweets about Apple service outages, confirm them on DownDetector, and then check Apple’s system status page to see nothing but green lights.

I regularly encounter outages with App Store Connect, notarization, and Siri. I wouldn’t say that things have been getting worse, though.

Previously:

Update (2023-05-19): Steve Troughton-Smith:

There seems to have been a huge uptick in Apple services outages over the past six months. Is AWS/Akamai no longer able to handle their scale? Has Apple tried to move things in-house and is finding out the hard way why that's so hard? Or has internet infrastructure in general just been under a huge amount of DDOS attacks lately?

All the above?

Previously:

Update (2023-05-24): Filipe Espósito:

If you’re having issues with Apple’s iMessage on Tuesday, it’s not just you. The platform is currently down or partially not working for some users. While in some cases users can send text messages but not media, others have been complaining that iMessage is not working at all.

Update (2023-06-23): Adam Overholtzer:

I’m continuing to get several emails a day about #Cloudkit sync failing in my app, and now the 1-star reviews are starting to appear. No errors in logs or CloudKit console.

Is anyone else seeing a rise in CloudKit failures?

Jaanus Kase:

I have very few users, but I do hear that occasionally there are “iCloud outages.” Maybe all of us using CloudKit should do some kind of community effort to set up some monitoring to understand the problem better, since Apple’s own seems to be insufficient?

NSPredicate, Core Data, and NULL

Douglas Hill (via Peter Steinberger):

I’ve been implementing support for Apple Shortcuts in my reading app so users can create automated workflows. I noticed certain property-based article queries using EntityPropertyQuery weren’t returning the expected number of articles. I had fourteen articles saved on the iPad simulator. Four of these articles were written by me. However when I searched for articles where the author was not “Douglas Hill”, there were only two results instead of the expected ten.

[…]

I did some research online and second-hand sources supported my hypothesis. NULL is not considered equal or unequal to anything in SQL, or in other words, comparisons with null are neither true nor false.

It’s confusing because—unless you explicitly check for NULL—rows where NULL values would be used in a comparison don’t participate in matching. This break all sorts of intuition. For example, combining the matches for P and !P does not give you everything.

From a programmer’s point of view, I wouldn’t say either way to handle null is unequivocally better. However I’d expect consistency from NSPredicate. The surprising thing to me is that Core Data doesn’t smooth over this behaviour of SQL in order to match how comparisons usually work on Apple’s software stacks.

That might be confusing, too, though, and I’m not sure whether it would be possible in the general case, with more complex expressions. NULL also affects areas beyond comparisons. It’s just an unavoidable part of working with a database, which Core Data essentially is, despite Apple’s protestations.

What’s also weird, but not surprising when you think about it, is that NSPredicate is not only inconsistent when you use it directly vs. with Core Data but also within Core Data itself. One of the cool things about Core Data is that you can query all the objects in a context, including pending changes. But what this means is that the same Core Data fetch request can return different objects before and after saving, even if you didn’t change the context in between. It’s just that unsaved objects use the in-memory NSPredicate comparisons, whereas saved ones use SQL and its different handling of NULL.

LLM Coding Tools in Xcode

Kade Killary (via Hacker News):

Therefore, in this article I’ll cover how to catapult your productivity to the heavens via a series of command line wrapper functions around the OpenAI API.

[…]

I think the real differentiator in the coming months/years will be developer productivity. Good, bad or indifferent there seems to a be an unavoidable advantage to those who aggressively adopt workflows that lean into AI versus fighting, or ignoring, it. I think there is an oncoming paradigm of rapid prototyping combined with simulation that will help to isolate and test various components of a project. Additionally, the ability for translating languages and developer productivity in new languages.

Rob Jonson:

[Google Codey is available] through extensions in all major IDEs. Except of course xcode. Because Apple protected us from a rogue plugin by killing plugins.

(yes - technically extensions are still a thing, but they’re so limited they might as well not be)

Xcode source editor extensions are not at the same level, but there is one for Copilot. Christian Tietze:

Just yesterday, I used the Copilot Xcode plugin to write a lot of boilerplate for me. I can confirm it does its job.

I used it to help me write a unit test spy for an umbrella repository, or façade, that conforms to 5 protocols. In my human mind, there was rhythm and similarity, but code completion can’t help there.

And there are a variety of tools that give you a text box outside of Xcode:

Federico Viticci:

At a high level, S-GPT is a shortcut that lets you ask ChatGPT questions from an input box on your iPhone, iPad, or Mac; answers are returned by ChatGPT and displayed in an alert on your devices. You can ask whatever you want, wait a couple of seconds, and get a response back from the assistant. S-GPT only supports text, and there are no limits in terms of question length.

QuickGPT (Mastodon):

Easily access ChatGPT from the menu bar, Dock, or using a keyboard shortcut.

Joe Fabisevich (via John Gruber):

Short Circuit works on on your iPhone, iPad, and Mac. Now you can have a premium ChatGPT experience no matter where you are or what you’re doing.

Previously:

Update (2023-05-29): Adam Wulf:

There are many tasks during my development day that take up significant time, not because they’re complicated, but because they’re tedious. With Developer Duck, these tasks are significantly faster. I use it for adding DocC comments, writing simple extensions, writing tests for those extensions, and even researching unfamiliar APIs.

More App Store Studies

Juli Clover:

Apple’s App Store policies may be violating Japanese antitrust law, according to a new report from the Japan Fair Trade Commission (FTC) that was shared by Nikkei. Japanese regulators do not believe there is enough “competitive pressure” on Apple and Google as the two companies have a duopoly in mobile operating systems and dominate the app market.

[…]

Japanese regulators want Apple and Google to allow users to choose third-party payment methods for apps and services, rather than forcing them to use the built-in purchase options in the App Store and Play Store.

[…]

The FTC suggested that app store commission rates between 15 and 30 percent could be an abuse of a dominant bargaining position.

Florian Mueller:

The JFTC makes a clear distinction between conduct that raises concerns under Japan’s Antimonopoly Act (AMA) and further observations and recommendations that may require new legislation in order to restore competition.

Potential violations of the AMA relate to “exclusion of competition through self-preferencing”, the unilateral imposition of “high commission rates” (app tax), and a concept that is increasingly relevant in Japan as well as South Korea, and possibly also in other East Asian jurisdictions: “abuse of a superior bargaining position”.

[…]

In its market study, the regulator correctly identified the problem that switching rates between mobile operating systems are low, and that Android apps don’t compete with iOS apps (and vice versa). Also, 97.4% of all Android app downloads in Japan are made from the Google Play Store, which shows that Google faces “[l]imited competitive pressure from other app stores.” Sideloading on iOS (which again is entirely impossible on iOS) also exerts “[l]imited competitive pressure” because users commonly download apps from app stores. Web apps are also dismissed as a competitive force as they just can’t compete with native apps[…]

Apple (MacRumors):

An independent study conducted by economists at Analysis Group found that small developers on the App Store grew their businesses and reached more customers around the world, even outpacing larger developers. With the support of a wide range of App Store tools and initiatives, small developers globally — defined as those earning up to $1 million a year and with fewer than 1 million annual downloads — grew revenue 71 percent between 2020 and 2022. In the U.S., those developers saw an above-average increase of 83 percent in earnings during the same period.

This is the same group that did the study last year, and again it’s “independent” but funded by Apple. The PDF is very short, only including summary statistics.

It sounds like they are saying that small developers in the US have increased their sales 83% in just two years, which is incredible but does not match what I am personally seeing or the general sentiment that I hear from other developers. So I tried to figure out what exactly the study is saying and what it really means:

I also thought this part was interesting:

In addition, while over half of all developers’ earnings in 2022 originated from games, small developers’ earnings came from apps across more diverse categories, such as entertainment, social networks and health and fitness apps, with games accounting only for about a quarter of small developers’ earnings.

Note that they switched to talking about developers who were small in 2022. It sounds like they’re trying to spin a success for small developers—look how many different ways there are for you to succeed. But this is exactly what you would expect to see given that there is a high level of inequality and that most revenue comes from games. You could also look at this as saying that it’s harder for small developers to be successful with games or that it’s hard to have a big hit that’s not a game.

Previously:

Thursday, May 11, 2023

Getting Ready for Dataless Files

TN3150:

In a modern file system, a file’s content may not be available locally on the device. A file that contains only metadata is known as a dataless file. The file’s content typically resides on a remote server and is available to people or apps, transparently, when they access the file.

[…]

The system, or a person using the device, can make dataless files whenever they determine it’s appropriate, and your app needs to be ready to handle them. Specifically, avoid unnecessarily materializing dataless files and, when your app requires access to a file’s contents, perform that work asynchronously off the main thread.

[…]

UIDocument and NSDocument automatically access the file system in a coordinated and asynchronous manner.

[…]

If your app or framework uses low-level POSIX APIs to access the file system and you’re unable to migrate to the preferred methods, consider the following two options[…] Be aware that stat and getattrlist both trigger the materialization of any intermediate folders in the file’s path, if they themselves are dataless.

I find this rather confusing. On macOS, it seems like nearly any file could potentially be dataless. It’s less likely for files in Library but probably possible via symlinking. Even an action as simple as checking whether a file exists can now take an unexpectedly long amount of time. This breaks many longstanding assumptions.

If your app deals with user-created files, I guess the best practice is to do everything asynchronously and using file coordination. Without coordination—at least on older systems—you can run into the opposite problem: instead of accessing an evicted file being slow, it might stay unmaterialized. So you need to use the special APIs even if you already have your file code on a background thread.

But the NSFileCoordinator APIs are awkward, error-prone, and slow, and they infect your entire codebase. Hopefully you aren’t relying on any cross-platform code that’s not aware of them. And even with Apple-specific code, they make it hard to reuse the same code for working with folders that may or may not contain dataless files.

It all feels shoehorned in, like with the security scope URL APIs. Most APIs don’t do the right thing automatically, so you have to wrap uses of them. (But then some other APIs may secretly use coordination so you have to not use it yourself in order to avoid deadlocks.) Any file-related code could potentially need special handling, but there’s no way to make sure that you didn’t miss a spot somewhere. But then, once you’ve done this, your code is much harder to read and much slower for the common case of regular locally stored files.

Previously:

Update (2023-05-12): Thomas Clement:

Out of curiosity I tried to stat() a non-local file as described in the tech note, but I get a “no such file” error. Same when trying to access it from Terminal. Not sure how we are supposed to test whether a file is dataless then.

Another thing that is not explained is what is the right way to monitor download progress in case the file is dataless.

Update (2023-08-10): Howard Oakley:

Over the last couple of weeks I have been exploring how macOS and its features handle dataless files. While apps that take advantage of AppKit’s NSDocument to read and write files should handle these problems seamlessly, there are some definite seams when it comes to macOS services. These result from three constraints:

  • features reliant on the contents of file data can’t be used with dataless files;
  • features reliant on file data stored outside the file aren’t available to other systems accessing that file from iCloud;
  • limitations on the total size of extended attributes in iCloud storage may require some to be removed.

Discord’s Username Change

Umar Shakir (via Hacker News):

Starting in the next couple of weeks, millions of Discord users will be forced to say goodbye to their old four-digit-appended names. Discord is requiring everyone to take up a new common platform-wide handle. For Discord, it’s a move toward mainstream social network conventions. For some users, though, it’s a change to the basics of what Discord is — a shift that’s as much about culture as technology.

Discord has historically handled usernames with a numeric suffix system. Instead of requiring a completely unique handle, it allowed duplicate names by adding a four-digit code known as a “discriminator” — think TheVerge#1234. But earlier this week, it announced it was changing course and moving toward unique identifiers that resemble Twitter-style “@” handles.

[…]

Over on Reddit, Vishnevskiy argued that the new handles wouldn’t even show up in the interface that often since Discord will allow users to set a separate display name that’s not unique.

[…]

During the change, Discord users will have to navigate a process that’s fraught with uncertainty and cutthroat competition.

Google Codey

Frederic Lardinois:

At its annual I/O developer conference, Google today announced the launch of a number of AI-centric coding tools, including its competitor to GitHub’s Copilot, a chat tool for asking questions about coding and Google Cloud services, as well as AI-assisted coding in Google’s no-code AppSheet product.

At the core of virtually all of these new code completion and code generation tools is Codey. Based on Google’s PaLM 2 large language model, the company specifically trained Codey to handle coding-related prompts, but it also trained the model to handle queries related to Google Cloud in general (all of this, by the way, falls under Google’s Duet AI branding).

[…]

Developers will get access to these new tools through an extension for Visual Studio Code, JetBrains IDEs, the Google Shell Editor, as well as in Google’s cloud-hosted Workstations service.

June Yang:

This code generation model supports 20+ coding languages, including Go, Google Standard SQL, Java, Javascript, Python, and Typescript. It enables a wide variety of coding tasks, helping developers to work faster and close skills gaps[…]

Previously:

Corellium Wins iOS Simulator Copyright Case

Isaiah Poritz (via Corellium, Hacker News):

Apple Inc. failed to fully revive a long-running copyright lawsuit against cybersecurity firm Corellium Inc. over its software that simulates the iPhone’s iOS operating systems, letting security researchers identify flaws in the software.

The US Court of Appeals for the Eleventh Circuit on Monday ruled that Corellium’s CORSEC simulator is protected by copyright law’s fair use doctrine, which allows the duplication of copyrighted work under certain circumstances.

[…]

Apple argued that Corellium’s software was “wholesale copying and reproduction” of iOS and served as a market substitute for its own security research products.

Corellium countered that its copying of Apple’s computer code and app icons was only for the purposes of security research and was sufficiently “transformative” under the fair use standard.

Previously:

Wednesday, May 10, 2023

Deleting Inactive Twitter Accounts

Elon Musk (via John Scott-Railton):

We’re purging accounts that have had no activity at all for several years, so you will probably see follower count drop.

John Carmack:

I may be reading this incorrectly, but if you are actually deleting inactive accounts and all their historic tweets, I would STRONGLY urge you to reconsider.

Letting people know how many “active” followers they have is good information, but deleting the output of inactive accounts would be terrible. I still see people liking ten year old tweets I made, but the threads are already often fragmented with deleted or unavailable tweets. Don’t make it worse!

Some may scoff at any allusion between Twitter and ancient libraries, but while the burning of the library of Alexandria was a tragedy, scrolls and books that were tossed in the trash just because nobody wanted to keep them are kind of worse.

Save it all!

I did not appreciate how excited many people are about freeing up old usernames. That doesn’t change the point about preserving the old tweets — maybe rename the old account to include the year of creation.

However, tossing old names back into the free pool just starts another land grab. People camping on hundreds of freely claimed usernames has always been one of the scummier aspects of the internet.

Matty:

There’s also the issue of people who have died and their accounts have been turned into a kind of memorial, not only would deleting them be devastating to their loved ones it would also allow people to impersonate the dead person…

There was also a story about this in 2019, the Internet Archive offered to step in, and then Twitter backtracked.

Previously:

Update (2023-05-24): James Vincent (via John Gruber):

Earlier this year on the 8th of May I deleted all my tweets, just under 5,000 of them. I know the exact day because I tweeted about it.

This morning, though, I discovered that Twitter has restored a handful of my old re-tweets; interactions I know I scrubbed from my profile. Those re-tweets were gone. I remember surveying my bare timeline with satisfaction before thinking, “great, time to draw attention to myself.” But now they’re back.

App Translocation in Ventura

Howard Oakley:

Most recently, Quinn “The Eskimo!” of Apple’s Developer Technical Support has explained: “The exact circumstances where the system translocates an app is not documented and has changed over time.”

[…]

Surprisingly, the third condition, of not moving the app or the folder it’s enclosed in, is no longer required for App Translocation to occur. In testing both within a VM and a regular Ventura system, translocation frequently occurs on quarantined apps even after they have been moved to the main Applications folder. It’s not entirely consistent, though: one app downloaded from the internet didn’t undergo translocation, while two others did, so there appears to be a random element involved.

The first condition also failed: apps that had successfully cleared quarantine underwent translocation repeatedly, even though they were being run from the Applications folder and the quarantine flag had been cleared.

You want to avoid translocation because, even if all your app’s resources are within its bundle, it will interfere with automatic updates. The app is mounted on a read-only volume, and “there is no supported way to determine the original (untranslocated) path.” You can avoid these problems by distributing your app in a disk image instead of in a ZIP archive. Apple says:

To provide secure execution, code sign your disk image itself using the codesign tool, or distribute your app through the Mac App Store.

DropDMG can also help with this.

Previously:

Update (2024-05-16): Howard Oakley:

One shortcoming is that Apple’s user documentation doesn’t seem to mention this anywhere, such as in its latest account of Gatekeeper. Even its Platform Security Guide only mentions it in passing: “When necessary, Gatekeeper opens apps from randomized, read-only locations. This is designed to prevent the automatic loading of plug-ins distributed alongside the app.” The only explanation provided for developers is in these notes in Apple’s Developer Forums, where we’re told that “the exact circumstances where the system translocates an app is not documented and has changed over time.”

This article attempts to explain how App Translocation or GRP work as of macOS 14.4.1 Sonoma.

Update (2024-05-17): Howard Oakley:

Although macOS has been happily translocating apps since Sierra, nearly eight years ago, the process can still bring problems, particularly when an app appears to have cleared quarantine, and is run not infrequently. Any problems that can cause might appear odd: it may be slow to launch, never update, not work properly with software firewalls, and can even be unstable and crash. So how can you tell whether an app is running in translocation?

Code Signing Translocation Vulnerability

OccamSec (in 2021):

It is far easier, however, to break the codesigning system and sign your binary as an Apple binary. But let’s get this straight: even though the machine will be aware that the LC_CODE_SIGNATURE LoadCommand is tainted, it will still execute.

[…]

The result is that we can perform arbitrary memory read and write using the Mach virtual memory APIs and inject code into system processes.

[…]

As of Friday, July 16th (perhaps earlier, with the release of Big Sur 11.4), it seems Apple issued a stealth patch against this exploit, without notifying us. Code signatures no longer show up via codesign or other tools, though the kernel is still able to recognize the “detached code signature”, as seen above. It seems that the code signature format may have changed; given tools such as “Apparency” say the code signature is in an invalid format; alongside my script + classic dd + otool -l refuse to spit out a valid code signature. As for why Apple has been so silent on the communications side of things, we don’t know.

[…]

This band-aid patch essentially makes it possible for malware to hide a phony code signature, and does nothing on the kernel side to mitigate the vulnerability.

Note that the post refers to this as “codesigning translocation,” but this is completely separate from App Translocation, though that is also related to code signing.

Previously:

Dolby v. Adobe

Karl Bode (in 2019, via Daniel J. Wilson, Hacker News):

Adobe this week began sending some users of its Lightroom Classic, Photoshop, Premiere, Animate, and Media Director programs a letter warning them that they were no longer legally authorized to use the software they may have thought they owned.

[…]

“We have recently discontinued certain older versions of Creative Cloud applications and and a result, under the terms of our agreement, you are no longer licensed to use them,” Adobe said in the email. “Please be aware that should you continue to use the discontinued version(s), you may be at risk of potential claims of infringement by third parties.”

William Gallagher:

While Adobe has not said who the dispute is with, the company is presently being sued by Dolby. Through a legal complaint filed in March 2019 with the US District Court and the Northern District of California, Dolby is seeking a jury trial over issues of “copyright infringement and breach of contract” against Adobe.

Prior to the creation of the Creative Cloud subscription service, Adobe licensed certain technologies from Dolby with an agreement based on how many discs of certain apps were sold. Now that the software is distributed online, the companies reportedly renegotiated their agreement to be based on how many users are actually running the software.

Jonathan Bailey:

In 2012 Adobe decided to largely ditch the model of selling units of software for a subscription model it dubbed the Creative Cloud.

[…]

However, it also produced a problem for one of Adobe’s partners, Dolby. Starting in 2002, Dolby provided audio technology to Adobe to be used in its software for both encoding and decoding audio. However, the licensing fee was based on sales figures, something that became much more difficult to calculate with the move to a subscription model.

[…]

According to Dolby’s lawsuit, in September 2017, the company announced it was exercising its audit rights for the 2015-2017 period. However, they claim that Adobe failed to provide the needed information, just as they had done for the 2012-2014 period.

Dolby also claims that Adobe improperly consolidated multiple software products when paying royalties. For example, offering a bundle that had four apps with Dolby software, but only paying for one use. Other issues included problems with site licenses, multiple sales to a single customer and so forth.

Karl Bode:

Gilbert noted that consumers now live in a world in which consumers almost never actually own anything that contains software. In this new reality, end users are forced to agree to “take it or leave it” end user license agreements (EULAs), in which the licensor can change its terms of service without notice. “Even if Adobe is fully in the right here with regard to the Dolby dispute, it has the power to force its customers to upgrade to newer more expensive versions at its whim, which illustrates the undue power and influence of EULAs over the lives of consumers,” Gilbert said.

Here’s some more information about the lawsuit, which I guess is still ongoing.

Previously:

Update (2023-05-11): The case was dismissed in 2020 (via Nick Heer).

Update (2023-05-19): See also: Hacker News.

Tuesday, May 9, 2023

Final Cut Pro and Logic Pro for iPad

Apple (MacRumors, Hacker News, MacStories, 9to5Mac):

Apple today unveiled Final Cut Pro and Logic Pro for iPad. Video and music creators can now unleash their creativity in new ways that are only possible on iPad. Final Cut Pro and Logic Pro for iPad bring all-new touch interfaces that allow users to enhance their workflows with the immediacy and intuitiveness of Multi-Touch. Final Cut Pro for iPad introduces a powerful set of tools for video creators to record, edit, finish, and share, all from one portable device. Logic Pro for iPad puts the power of professional music creation in the hands of the creator — no matter where they are — with a complete collection of sophisticated tools for songwriting, beat making, recording, editing, and mixing.

[…]

On iPad Pro with M2, Apple Pencil hover unlocks the ability for users to quickly skim and preview footage without ever touching the screen. They can also speed up their workflows by adding a Magic Keyboard or Smart Keyboard Folio to utilize key commands.

[…]

Editors can import supported media from Files or Photos, and save it directly inside a Final Cut Pro project. Final Cut Pro for iPad also supports the ability to import projects created in iMovie for iOS, and iPad users can export their Final Cut Pro projects to Mac.

[…]

Final Cut Pro and Logic Pro for iPad will each be available on the App Store for $4.99 (US) per month or $49 (US) per year with a one-month free trial. Final Cut Pro is compatible with M1 chip iPad models or later, and Logic Pro will be available on A12 Bionic chip iPad models or later.

This implies that the file formats are different and that you cannot just work from a shared project stored in iCloud Drive.

Dan Moren:

It’s not clear whether these apps provide full feature parity with their Mac counterparts, though Logic Pro supports full roundtrip compatibility for projects; Apple says Final Cut Pro, on the other hand, can export its projects to the Mac, though it’s less clear whether that runs in the other direction.

Matt Birchler:

I was really hoping this would involve some sort of cloud storage for projects so you could more easily work on a Mac, switch to the iPad, and then back to the Mac with all your changes synced across both versions.

Maybe down the road.

Christina Warren:

I understand what @matt is saying here but I would not trust Apple to handle the data store/sync for my production files in any capacity. It isn’t just sync, it’s making sure that the storage would be adequately managed too. Never. Absolutely never. I trust Adobe to do this (and they bought Frame.io), not Apple.

Federico Viticci:

I am not going to use Logic and Final Cut for iPad myself, but Apple finally making these apps sends an important signal of commitment to the platform.

Last year’s message with Stage Manager felt confused and erratic; these highly-designed, touch-first, professional apps send a completely different message.

The optimistic take: I’m suddenly excited about iPadOS 17 again.

Matthew Cassinelli:

Final Cut and Logic on iPad isn’t just a win for iPad, it’s a win for the entire Apple app ecosystem.

Developers have proper incentive to make insanely great cross-platform apps now, and the future where you can pick up any device to solve the next step of your workflow is continuing to be built in front of us.

The message is that Apple cares about iPad software, but what does this change for developers? Are we to assume that this will be accompanied by API enhancements? Is it about the precedent of subscriptions for pro apps?

Stephen Hackett:

If these were slated for WWDC, but were kicked out of the keynote for more exciting things, June 5 may be a pretty wild day.

[…]

I think it’s best to reserve judgment until we see how these apps work in the real world, but I can’t help but worry that iPadOS will hold them back. Using professional tools like these apps require file transfers, media management, advanced audio routing and more. Those aren’t iPadOS’ strong suits, at least of today. Given that these apps are coming out in just a few weeks, before WWDC, I wonder how many of these things will be addressed in iPadOS 17 at all.

Steve Troughton-Smith:

As two huge investments in the iOS ecosystem, at the cusp of Apple’s next hardware form factor, it will be fascinating to dig into Final Cut Pro and Logic to determine the UI framework balance within — SwiftUI? UIKit? ‘ProKit’? One would expect this to be heavily based on the existing UIKit work in iMovie and Garageband, but let’s see!

Steve Troughton-Smith:

Back to the topic of M1 requirement again; three of the iPad product lines Apple currently sells on their webstore are unable to run Final Cut Pro. That’s not a great way to do software. You can spend $1100 on a brand new iPad+Pencil+Keyboard combo today that will [presumably] not let you even install the FCP app. The iMovie codebase you can be sure this was forked from supports every iPad on iPadOS 16. Not the choices I would make 🤷‍♂️

It’s odd because of the long history of current Macs being able to run just about everything. And, of course, Final Cut Pro runs on less capable Intel Macs. Maybe it’s about virtual memory, though as we discovered last year with Stage Manager, not every M1 iPad supports that.

Kevin Teljeur:

Knowing which processor sits in your iPad is very counter to the whole iPhone/iPad user experience, I would have thought, after years of training owners to not know or care.

Marcin Krzyzanowski:

Apple keep saying things like “compstible with M1 chip iPad model” but when I want to check what processor do I have, it doesn’t say a thing about it. The whole product naming around iPads is inconsistent.

Basic Apple Guy:

Aperture for iPad?

Previously:

Update (2023-05-10): Yannik Bloscheck:

The subscription is also an interesting choice given that Apple Business Essentials, which is necessary to use subscriptions with managed Apple IDs for business, isn’t even available yet anywhere outside the US. So as an business outside the US I can’t even use these new professional apps trough their own business offerings.

It’s also interesting that the Mac apps aren’t included in the subscriptions.

Jason Snell:

Apple has put an enormous amount of effort into both of these apps. I really wonder what finally made Apple decide to build and ship iPad versions of these apps. (Surely it’s not a project seven years in the making!)

[…]

The moment I configured Ferrite to toggle playback on and off by using a two-finger tap gesture, my productivity soared. At an initial glance at video demonstrating these apps, I didn’t see any hint of such gestures. But if users have to reach up to the top left corner of one of these apps every time they want to pause or play a video, it will get old really fast. I hope Apple has embraced multi-touch gestures—and if they haven’t, I hope they get with the program soon.

[…]

Logic Pro appears to be more or less directly compatible. According to Apple’s press release, you can roundtrip projects back and forth between Logic on Mac and Logic on iPad without trouble. […] The only catch is that the maker of the plug-ins you rely on must make iPad versions available, or your “roundtrip” Logic project really won’t be.

[…]

Final Cut Pro for iPad seems to be a subset of the Mac version. You can start on iPad and move to Mac, but the migration won’t work the other way, and a bunch of features from the Mac just aren’t there on the iPad. […] But as someone who rarely uses those pro-level features, it’s also frustrating to realize that even my simple projects won’t be portable in case I need to leave home and run off somewhere with an iPad.

Steve Troughton-Smith:

One of the things that excites me so much about Apple’s Pro Apps on iPad is seeing the screen packed with UI — I am so tired of being given dumbed-down ‘baby’ versions of apps (see also: Photoshop for iPad). I know neither app will be at feature parity with the desktop, but it feels like they’re trying, not just ‘humoring’ iPad users they don’t really understand. iPad users don’t need to be humored, they need to be included. The form factor is scalable, up and down — your software should be too.

Unfortunately, the early years of iPad were geared towards simplistic lite software, and many of the great Mac developers of the era couldn’t find a place for their apps on the platform at that time, and have never come back.

[…]

I would love for the iWork suite on iPad to be given a UI do-over to move it back to having more elements and common controls onscreen 👀 It’s just not very fun to use anymore.

Christina Warren:

Interesting that most of the product images of FCP/Logic on iPad are on the 11” version. As an 11” iPad Pro stalwart, this pleases me.

Joe Rosensteel:

I’m a little unclear on how many of the people excited by Logic and Final Cut coming to the iPad are excited because they use those products on the Mac and are excited to use them on the iPad, and how many won’t really use them and are just excited a checkbox was checked.

Previously:

Update (2023-05-12): Benjamin Mayo:

It’s been a while since Apple has released software with such craft and care, as is on display here. Without even using the apps, the screenshots stand on their own as an impressive feat. I love how these apps are sophisticated in scope whilst still highly accommodating to touch input.

Matt Birchler:

By setting the entry point to $5/month or $50/year, it lets people ease into the video and audio editing world better. After all, it’s easier to justify spending $5/month start a YouTube channel and see if you can make it, vs committing to $300 and praying you do so that you make your money back.

Update (2023-05-24): Apple:

Final Cut Pro and Logic Pro for iPad are now available on the App Store, putting the power of Apple’s pro video editing and music creation software in the palms of creators’ hands.

See also: Joe Rossignol, Juli Clover, John Voorhees, Jason Snell.

Benjamin Mayo:

“Keep Final Cut Pro open until the export is complete” This point alone would put me off using it seriously, who wants to sit there with a foregrounded progress bar for minutes at a time … and feels like a dated restriction that iPadOS n+1 could remove, in light of vram/etc

Steve Troughton-Smith:

Logic Pro for iPad packs an awful lot of UI modular, resizable UI onscreen, perfect for forthcoming larger iPads. Love to see it! Ironic, then, that it doesn’t support Stage Manager or window resizing 😅 You can put it on an external display, but you’re not going to get any more usable screen space. In fact, neither Final Cut Pro nor Logic Pro support Stage Manager 👀 I guess they couldn’t find the APIs to make it a great experience either — not just me then…

Steve Troughton-Smith:

Final Cut Pro has a fair amount of SwiftUI in the overall app, the onboarding experience, inspectors, browser etc. Much of the core editor app looks to be UIKit+ObjC/ObjC++.

Joe Rossignol:

The first reviews of Final Cut Pro for iPad were published today, providing a closer look at the touch-optimized video creation app in action.

Previously:

Going Independent

Jesse Squires (Mastodon):

I am writing this for anyone who is interested in trying to go independent — either with your own app development business, solo contracting and freelancing, or both.

[…]

For me, the first year was full of learning — how to keep my books, how to deal with taxes, how to continue saving for retirement, how to structure my days, how to manage my time, how to get shit done, how to take time off, and the list goes on. Be prepared for this in your first year and do not give up. My second year was all about making refinements and optimizations to all the things I learned in year one. Finally, in my third year I started to feel like I had everything figured out — I was on autopilot and coasting through all those tasks that were previously bumps in the road. Currently, administrative tasks are a breeze, I have consistent work with long-term clients, and I am able to make time to work on my indie apps.

[…]

Unfortunately, splitting time between client work and indie projects is much easier said than done. You must prioritize what actually earns you money, which is contracting/freelancing. It is very difficult to balance both types of work when you are first getting started. […] What I have found is that it is best to allocate full days to one or the other. Each week I try to do only client work Monday through Thursday, and do indie work on Friday.

Jesse Squires (Mastodon):

When I look around the indie dev community within the broader Apple developer community, there is one characteristic that most indie devs share — they do more than just write code. There are too many indie devs that I admire to attempt to list them all here, but they are all involved in more than only writing apps. They write blogs, they speak at conferences, they produce podcasts, they are involved in open source, they publish newsletters.

[…]

In many ways, I really lucked out on the timing of my involvement in iOS development — iOS was still somewhat nascent (I started around iOS 5) and there were more opportunities back then for open source to fill-in gaps in the SDKs and improve the APIs.

[…]

When you put all of these things together, you end up with multiple positive feedback loops. Open source gives you valuable experience in programming and project management, it gives you topics to blog about, and it helps build your portfolio. Those experiences and portfolio pieces help you land competitive jobs. Blogging gives you exposure and recognition, which can help you speak at conferences. […] Speaking at conferences helps promote your open source work, blog, or podcast. Each of these contribute to building your résumé, leading to even better job prospects. Everything provides more experience to learn from and write about on your blog or present at a conference.

[…]

So far, for the past 3 years, all of my clients have come to me through friends and acquaintances — former coworkers, fellow conference speakers, folks in open source, and other people that I have met during my time in the tech industry.

Nick Heer:

These are just a few of the numerous pleasant experiences I have had with independent software developers. I cannot say the same is true of big corporate developers — not even close.

[…]

When I buy and use software from an independent developer, it feels like I am establishing a relationship with the person or small team that built it; it feels like we both have a stake in the success of the product. But when I use software made by a massive company, I can feel the power imbalance in the pit of my stomach.

Previously:

Update (2023-08-17): Jesse Squires:

What you may not realize is that going indie means starting your own business. Congratulations, you are now a small business owner as far as the IRS is concerned. Don’t worry, that does not mean some sort of formal business entity is necessary (as you will see below). It only means you need to shift your thinking a bit. My goal with this post is to give you a head start on learning how to structure your business, and what to expect regarding taxes. My hope is that you can begin your journey with more information than I had — which was literally zero.

Update (2023-08-28): See also: Accidental Tech Podcast.

Pogue’s Photos Unification

David Pogue (via CYME):

After 30 years of shutterbugging, my photos were all over the place. 150,000 of them were on Flickr, which was once free but has crept up to $80 a year—and is ancient and pretty terrible for photo management (can’t search by face, object, or place, for example). Another 200,000 were lodged in various bloated, slow Photos libraries. I could never find pictures or videos!

So I devised a master plan to consolidate everything. Buy a RAID hard drive (a double drive, so that if one drive fails, there’s a duplicate). Download everything from Flickr. And then somehow merge those, PLUS all of those Photos libraries, into a single Lightroom Classic catalog. That program is much better for huge libraries. (Eventually, I’ll upload everything to Amazon Photos—unlimited and free for Prime members—as another backup.)

But how could I move my stuff from Photos to Lightroom without losing my albums, keywords, cropping, face-recognition data, and so on?

He used Avalanche. I don’t hear much about Amazon Photos, but it sounds like a potentially good way to keep an offsite backup and also to access your complete collection from any device.

I still pay for and use Flickr, but it’s frustrating. For example, I recently couldn’t figure out how to resume a slideshow in the middle of an album on Apple TV. Bulk uploads from Lightroom usually take several tries before they complete without error (with videos always failing) and sometimes leave partially uploaded photos stranded with no album. And copying large numbers of photos between albums doesn’t work in the Web interface. The iOS app still can’t do most of what the Web site can—it doesn’t even support collections—though it does continue to get updates.

Previously:

App Store Rules Regarding Trials

Anders Borum:

Making decisions for my coming S3 app.

Does Apple app review allow free to download apps to put everything behind a paywall, such that users can download and use the app during a free trial but when the trial expires nothing is available for free?

App Review guidelines doesn’t mention this particular case as either acceptable or unacceptable.

I thought there was a rule where you had to provide some minimum functionality for free. Sometimes this is straightforward, like allowing reading but not writing of documents. Some apps had to get more creative. But I can no longer find this rule in the guidelines.

Apple:

Non-subscription apps may offer a free time-based trial period before presenting a full unlock option by setting up a Non-Consumable IAP item at Price Tier 0 that follows the naming convention: “XX-day Trial.” Prior to the start of the trial, your app must clearly identify its duration, the content or services that will no longer be accessible when the trial ends, and any downstream charges the user would need to pay for full functionality.

[…]

Auto-renewing subscription apps may offer a free trial period to customers by providing the relevant information set forth in App Store Connect. Learn more about providing subscription offers.

Anders Borum:

This is about using free non-consumable in-app purchases for trials which wasn’t allowed before 2014 and I was hurt badly by this in 2012.

It is related to my question but doesn’t make it super clear what is allowed when trial expires.

Of course, you can try to look at what other apps are doing, but that’s no guarantee that your app will be allowed to do the same thing. It’s a shame that the rules are still so unclear. A free trial should be a common pattern that is not only blessed in the rules but implemented once by Apple so that developers and users get a consistent experience, and the store can show what the business model is.

Previously:

Update (2023-05-10): Rob Jonson:

Don’t ever do the ‘Non-Consumable IAP Trial’ dance. I did that years ago on Multi Monitor Wallpaper before subscription + trial was a thing. It’s a horrible customer experience. Subscription + trial is clearer for the customer and earns a lot more!

My experience has been that Apple is fine with apps that offer zero functionality after trial expires. I agree that this should be supported explicitly and directly. ’Free Download <tiny letters> In App Purchase’ Is not the same as Free Trial - Subscription required.

I think there are some app types where neither customers nor most developers think subscriptions are a good fit.

Update (2023-05-11): I heard from a developer whose app was just rejected for offering the choice between an IAP and a subscription with a free trial. They were told that they had to add some free functionality, with the reviewer citing a section of the guidelines that does not mention anything about this. The app had been in the store for years and was not even allowed to do a maintenance update before changing its business model.

Helge Heß:

I think apart from a SwiftUI w/o any changes but just fixes, my main WWDC wish would be AppStore support for flows I’d personally want (e.g. direct support for upgrades, non-subscription trials). And an actual iAP store that I don’t have to implement myself from scratch (it wouldn’t even have to be in-app, just let users purchase iAP’s in the store app and deep link there).

Previously:

Monday, May 8, 2023

Passkeys: A Loss of User Control?

Jeff Johnson (Mastodon, Hacker News):

One thing is painfully clear to me already: the BigCos are coming for our passwords, so passkeys can’t be ignored. Google recently wrote about the beginning of the end of the password. Apple has also indicated that it wants passkeys to replace and eliminate passwords. For example, the manager of the Authentication Experience team at Apple has said I’m really looking forward to working with all y’all to eliminate passwords and the harm they cause. Even 1Password, with “Password” literally in its name, has written about the passwordless experience you deserve[…]

[…]

With passwords and ssh keys, I can look at them. I can copy and paste them. I can write them down on a piece of paper. I can import and export them. I can back them up to external hard storage. Whereas in my testing with macOS Ventura and Safari, none of this is possible with passkeys. In fact, Apple requires you to enable iCloud and iCloud Keychain in order to save a passkey on a macOS or iOS device.

[…]

It’s opaque. You can’t see the specific details of iCloud’s sync operation, or manage it yourself. This is true of passkeys as well. I looked at the iCloud keychain in macOS Keychain Access, and all I saw for passkeys was a bunch of SOSDataSource-ak files with data that I couldn’t access.

[…]

I get the feeling, from how I’ve seen Apple behave and how Apple employees talk, that Apple has no intention to ever loosen their requirements for passkeys. And to be clear, these requirements are inessential, arbitrary, paternalistic. […] Apple’s attitude seems to be that users can’t be trusted with their own passkeys. My fundamental problem is, I don’t trust Apple to manage my passkeys, especially not via iCloud, nor do I consent to subject myself to the requirement of using their cloud services.

This echoes the concerns I had when Apple announced passkeys last year. I do not want everything to sync, and I do not want to be required to use iCloud Keychain, my access to which could be revoked at any time.

Ricky Mondello (Hacker News):

Passkeys will be importable and exportable, cross-device, and across passkey managers. They aren’t at this time, but they will be. It’s something that’s being defined and designed.

This sounds good, but I find it worrisome that Apple shipped the feature without providing users a way to access their data. Not only did it not announce that this was the plan, but it (in my view) strongly implied that this was, by design, not part of the plan. Hopefully there will at least be an official statement at WWDC.

I don’t want to count any chickens before they’re hatched. When I first switched to 1Password, it was with the understanding that it had CSV export. Only when I actually tried to export real data did I discover that it omitted lots of fields and that the only way to get my data out was to write code to parse an undocumented, not-quite-JSON format that did not fully preserve the dates.

With passkeys, it’s not just a question of getting at the data but also being able to do something with it. With passwords, you can always type or copy/paste. But will browsers let you do stuff with passkeys if you aren’t using the BigCo’s storage system? Will there be an API? There’s still no way to get Security Code AutoFill in third-party browsers. Maybe Apple sees this as temporary because “a passkey alone protects against so much more that it doesn’t need additional factors,” but so far I do not find that reasoning convincing, especially if they do add exporting.

matdevdug:

Core to the early passkey design docs was the idea that the user can never ever export the private key.

Previously:

Update (2023-05-16): Apple:

To help explain how to implement passkeys, the Apple privacy and security team hosted a Q&A to answer common questions about device support, use cases, account recovery, and more. Here are some highlights from that conversation.

There’s no mention of exporting.

Steve Troughton-Smith:

No amount of marketing is going to make me trust Apple as the single source for my passwords when my devices keep demonstrating how bad they are at remembering them 😅

Update (2023-05-17): John Gordon:

Surrogate use is a really big deal. Children yes, but also adult dependents (special needs), disabled family members, and especially elders (including bank accounts, medical records).

Even my wife often has me solve IT issues using her credentials (she has mine as well).

2FA made surrogate use much harder but SMS systems often allow multiple phone numbers. Passkeys though -- out of luck. Apple would need to add formal delegation.

[…]

I forgot about estate planning. How do I transfer passkeys when I pass?

Previously:

Update (2023-05-18): See also: Hacker News.

Update (2023-09-14): Thomas Cannon (Mastodon):

“Okay, but what about THIS failure scenario with passkeys?”

Update (2024-05-03): Ricky Mondello:

The FIDO Alliance’s members are working on a solution for portability that maintains phishing-resistance. It’s going well. It’s important to me that portability is part of passkeys as soon as it’s safely possible.

Rapid Security Response Version Numbers

Howard Oakley:

Because these are ‘hot’ fixes to address vulnerabilities that are either being exploited already or are considered urgent, I can see a case for temporary secrecy. As they’re easy to uninstall, unlike regular macOS updates, any resulting problems should be easy to address.

What I hadn’t expected was the mess this has brought to macOS version numbering.

[…]

This new version numbering system introduced with Big Sur doesn’t provide for RSRs. One logical solution might have been to extend it to a fourth digit, making last week’s RSR 13.3.1.1. Perhaps the least appropriate would have been to introduce letters and punctuation marks other than the stop/period already used, and that’s exactly what Apple has chosen by making this first RSR 13.3.1 (a).

[…]

Interpretation of build numbers is more controversial, and has now reached a new height of opacity: apply this RSR to build number 22E261 and it becomes 22E772610a. Quite where the three additional digits come in remains a mystery that we can rely on Apple never to explain.

Howard Oakley:

How can you tell which upgrades and updates your Mac has downloaded and installed? If you wish, you can rummage through those listed in System Information’s Installations. I’d prefer to browse something a bit more selective and ordered: SystHist.

This new version now handles RSRs in its three panels.

Howard Oakley:

I’m delighted to announce what I think is a unique resource: a detailed listing of all updates to macOS over the last four years and more, with links to full information about each. These include regular updates, security updates, and Supplemental Updates.

You can access this list at this page.

Previously:

Update (2023-05-09): Howard Oakley:

The most significant risk with any RSR is relative lack of testing before release. This is countered by its ease of removal, and its relative isolation from the sealed system. Unlike a full macOS update, it makes no changes to the sealed system, and once removed shouldn’t leave any trace.

Previously:

Limiting iPhone USB-C Speeds

Joe Rossignol (Hacker News):

It was rumored in February that Apple may be planning to limit charging speeds and other functionality of USB-C cables that are not certified under its “Made for iPhone” program. Like the Lightning port on existing iPhones, a small chip inside the USB-C port on iPhone 15 models would confirm the authenticity of the USB-C cable connected.

“I believe Apple will optimize the fast charging performance of MFi-certified chargers for the iPhone 15,” Apple analyst Ming-Chi Kuo said in March.

[…]

In response to this rumor, European Commissioner Thierry Breton has sent Apple a letter warning the company that limiting the functionality of USB-C cables would not be permitted and would prevent iPhones from being sold in the EU when the law goes into effect, according to German newspaper Die Zeit.

Previously:

The Downfall of Brydge

Chance Miller:

Brydge, a once thriving startup making popular keyboard accessories for iPad, Mac, and Microsoft Surface products, is ceasing operations. According to nearly a dozen former Brydge employees who spoke to 9to5Mac, Brydge has gone through multiple rounds of layoffs within the past year after at least two failed acquisitions.

[…]

Those former Brydge employees largely attribute the company’s failure to mismanagement during growth, misleading statements from its two co-CEOs, and an overall hostile working environment that led to a high turnover rate.

[…]

The response to the first iteration of the Brydge Pro+ was mixed at best. At that point, iPadOS 13 didn’t offer native trackpad support, so Brydge was forced to rely on a workaround using Apple’s Assistive Touch accessibility feature. It was far from an ideal solution, and the early reviews made that clear.

[…]

Just three months later, Brydge was hit with a major surprise when Apple unveiled the Magic Keyboard for iPad Pro, its first iPad keyboard accessory with a built-in trackpad. Alongside that, Apple released iPadOS 13.4 with native trackpad support without using the Assistive Touch accessibility feature.

iPadOS 13.4 did not make the full suite of trackpad capabilities offered by the Magic Keyboard available to third parties like Brydge, however. […] The sentiment among Brydge executives and employees was that Apple left them out to dry while giving Logitech special access to its software.

Previously:

Friday, May 5, 2023

Apple’s Q2 2023 Results

Apple (transcript, Hacker News, MacRumors):

The Company posted quarterly revenue of $94.8 billion, down 3 percent year over year, and quarterly earnings per diluted share of $1.52, unchanged year over year.

“We are pleased to report an all-time record in Services and a March quarter record for iPhone despite the challenging macroeconomic environment, and to have our installed base of active devices reach an all-time high,” said Tim Cook, Apple’s CEO.

Jason Snell:

Mac revenue was, as expected, down 31 percent to $7.2 billion—the lowest quarter of Mac revenue since 2020. iPad was down 13 percent to $6.7 billion, the lowest iPad revenue quarter since 2020. iPhone was up 2 percent to $51.3 billion, which given the downward trend elsewhere was pretty impressive—it was a Q2 record for iPhone revenue.

Services revenue soared to an all-time record of $20.9 billion, up 5 percent. Wearables was down by one percent, to $8.8 billion.

John Gruber:

Two weeks ago IDC projected Mac sales as being down 40 percent year-over-year, which shows how large IDC’s margin of error is.

No Mac Pro, no larger screen or M2 iMac, and lots of people bought M1 Macs that are still running great.

John Voorhees:

The lack of new hardware announcements has undoubtedly been another drag on Apple’s earnings. For several years, Apple held a spring press event to debut device updates but not in 2023.

Michael E. Cohen and Adam Engst:

In their conference call with financial analysts, Apple CEO Tim Cook and CFO Luca Maestri said the results were in line with expectations, laying the blame for the slight year-over-year revenue decline on “headwinds” created by foreign exchange and “macroeconomic conditions,” a vague term that covers productivity, interest rates, inflation, employment, and global events.

[…]

Even still, Mac sales were well above any year prior to 2021, which was boosted by the introduction of the M1 chip and people working and learning from home during the pandemic

Previously:

Scaling Up the Prime Video Audio/Video Monitoring

Marcin Kolny (via Hacker News):

We designed our initial solution as a distributed system using serverless components (for example, AWS Step Functions or AWS Lambda), which was a good choice for building the service quickly. In theory, this would allow us to scale each service component independently. However, the way we used some components caused us to hit a hard scaling limit at around 5% of the expected load. Also, the overall cost of all the building blocks was too high to accept the solution at a large scale.

[…]

To address the bottlenecks, we initially considered fixing problems separately to reduce cost and increase scaling capabilities. We experimented and took a bold decision: we decided to rearchitect our infrastructure.

We realized that distributed approach wasn’t bringing a lot of benefits in our specific use case, so we packed all of the components into a single process. This eliminated the need for the S3 bucket as the intermediate storage for video frames because our data transfer now happened in the memory.

[…]

Moving our service to a monolith reduced our infrastructure cost by over 90%. It also increased our scaling capabilities.

David Heinemeier Hansson:

That really sums up so much of the microservices craze that was tearing through the tech industry for a while: IN THEORY. Now the real-world results of all this theory are finally in, and it’s clear that in practice, microservices pose perhaps the biggest siren song for needlessly complicating your system. And serverless only makes it worse.

David Heinemeier Hansson:

I won’t deny there may well be cases where a microservices-first architecture makes sense, but I think they’re few and far in between. The vast majority of systems are much better served by starting and staying with a majestic monolith.

Update (2023-05-08): Adrian Cockcroft (via Hacker News):

They state in the blog that this was quick to build, which is the point. When you are exploring how to construct something, building a prototype in a few days or weeks is a good approach. Then they tried to scale it to cope with high traffic and discovered that some of the state transitions in their step functions were too frequent, and they had some overly chatty calls between AWS lambda functions and S3. They were able to re-use most of their working code by combining it into a single long running microservice that is horizontally scaled using ECS, and which is invoked via a lambda function. This is only one of many microservices that make up the Prime Video application. The problem is that they called this refactoring a microservice to monolith transition, when it’s clearly a microservice refactoring step, and is exactly what I recommend people do in my talks about Serverless First.

[…]

In contrast to commentary along the lines that Amazon got it wrong, the team followed what I consider to be the best practice. The result isn’t a monolith, but there seems to be a popular trigger meme nowadays about microservices being over-sold, and a return to monoliths. There is some truth to that, as I do think microservices were over sold as the answer to everything, and I think this may have arisen from vendors who wanted to sell Kubernetes with a simple marketing message that enterprises needed to modernize by using Kubernetes to do cloud native microservices for everything. What we are seeing is a backlash to that messaging, and a realization that the complexity of Kubernetes has a cost, which you don’t need unless you are running at scale with a large team.

Instapaper 8.3

Instapaper:

This release features a new CarPlay app for playing articles, a number of text-to-speech improvements including access to more voices, the ability to edit article metadata, and other improvements.

Listening to articles is a cool idea, but I found that even the high-quality Alex voice just isn’t that pleasant. The post says to download additional voices using Settings ‣ Accessibility ‣ Speech ‣ Voices, but, oddly, that screen no longer seems to exist. Instead, the list of voices is duplicated within Settings ‣ Accessibility ‣ VoiceOver ‣ Speech ‣ Voice, Settings ‣ Accessibility ‣ Switch Control ‣ Speech ‣ Voices, etc. Instapaper does not provide access to the newer, numbered Siri voices.

Speech aside, I have been enjoying using Instapaper more lately. The loss of Twitter clients forced me to change my workflow, and I found that I don’t need Twitter or Mastodon on my iOS home screen. Now I reach for Instapaper or Flickr when I have a couple free minutes.

Previously:

Browser and OS Marketshare in 2023

John Gruber (Mastodon):

Looking at the global chart, Chrome seems to be holding steady in the desktop market over the last year, but Safari does show an uptick from about 9.5 to just under 11 percent. As Benton points out, the most striking thing in Statcounter’s report is the decline in Windows’s desktop OS share over the last year, both globally and in the U.S. I suspect Windows is losing share to mobile browsing just as much or more so than it is to MacOS and ChromeOS.

[…]

Globally, Windows was surpassed by Android back in 2017. The decline in Windows’s dominance has been precipitous: in 2009 Statcounter pegged its share at 95 percent; today it’s 28 percent. In the U.S., Windows is effectively neck-and-neck with iOS, each hovering around 30 percent for the last few years. It doesn’t seem outlandish to project that Mac and iOS, combined, might soon surpass Windows and Android combined in Statcounter’s share numbers for the U.S.

According to these numbers, Safari is the #2 desktop browser with 11.9% usage share globally (20% in the US), even though Safari no longer runs on Windows, Macs are regularly reported as less than 10% of desktop sales, and many Mac users prefer Chrome. I guess this is consistent with their stat that Macs have 30% usage share, with about 2/3 of all users preferring Chrome.

Firefox is apparently down to 5.7% on the desktop, with far less on mobile, but my experience is that it works with more of the Web than Safari.

Previously:

Update (2023-05-23): See also: MacRumors.

Thursday, May 4, 2023

Mojo Programming Language

Jeremy Howard (via Hacker News):

But this “two-language” approach has serious downsides. For instance, AI models often have to be converted from Python into a faster implementation, such as ONNX or torchscript. But these deployment approaches can’t support all of Python’s features, so Python programmers have to learn to use a subset of the language that matches their deployment target. It’s very hard to profile or debug the deployment version of the code, and there’s no guarantee it will even run identically to the python version.

[…]

Unfortunately, Apple’s control of Swift has meant it hasn’t really had its time to shine outside of the cloistered Apple world. Chris led a time for a while at Google to try to move Swift out of its Apple comfort zone, to become a replacement for Python in AI model development. I was very excited about this project, but sadly it did not receive the support it needed from either Apple or from Google, and it was not ultimately successful.

[…]

So, if Swift was “syntax sugar for LLVM”, what’s “syntax sugar for MLIR”? The answer is: Mojo! Mojo is a brand new language that’s designed to take full advantage of MLIR. And also Mojo is Python.

[…]

A key trick in Mojo is that you can opt in at any time to a faster “mode” as a developer, by using “fn” instead of “def” to create your function. In this mode, you have to declare exactly what the type of every variable is, and as a result Mojo can create optimised machine code to implement your function. Furthermore, if you use “struct” instead of “class”, your attributes will be tightly packed into memory, such that they can even be used in data structures without chasing pointers around. These are the kinds of features that allow languages like C to be so fast, and now they’re accessible to Python programmers too – just by learning a tiny bit of new syntax.

[…]

As a compiled language, Mojo’s deployment story is basically the same as C. For instance, a program that includes a version of matmul written from scratch is around 100k.

There’s lots more information in the documentation.

Chris Lattner:

That’s the trick with Mojo, our goal is not to make dynamic python magically fast. Yes, we are quite a bit faster at dynamic code (because we have compiler instead of an interpreter) but that isn’t by relying on a ‘sufficiently smart’ compiler to remove the dynamism, it is just because “compilers” instead of “interpreters”.

The reason Mojo is way way faster than Python is because it give programmers control over static behavior and makes it super easy to adopt incrementally where it makes sense. The key payoff of this is that the compilation process is quite simple, there are no JITs required, you get predictable and controllable performance, and you still get dynamism where you ask for it.

Chris Lattner:

Mojo has a full ownership system that learned a lot from Rust and Swift and took the next step.

There’s also some discussion of what he thinks were mistakes made in Swift. It’s not clear to me whether the high level of sugar leading to performance problems was a case of not realizing the consequences until it was too late or of unsuccessfully gambling that they would find solutions—or whether they just thought the ergonomics were worth it. Regardless, Swift remains slow to compile and debug, despite the massive processor improvements since its introduction.

I enjoy writing code in Swift, but the tooling is disappointing. I’m growing weary of continuing problems with crashes and reliability (reporting incorrect errors and generating incorrect code). There are an ever increasing number of language enhancement proposals, most of which seem like good ideas in isolation, but the combination has made the language massive and complicated, with no end in sight. Even positing that this is the right path, I think it needs a few years with no changes other than bug fixes and perhaps optimizations.

Previously:

Update (2023-05-08): Damien Petrilli:

What it feels to me so far:

Swift: over engineered language which still fail to deliver its promises almost 10y later (broken toolchain / debugging, complex generics which doesn’t match the productivity of dynamic language, no bare metal perf)

Mojo: pragmatism end-to-end

[…]

My only beef with Mojo so far is that the syntax is not as clean as Swift.

Update (2023-05-15): See also: Hacker News.

Update (2023-05-30): See also: Hacker News (iainmerrick, brundolf).

Update (2023-06-07): Marcel Weiher (Hacker News):

Objective-C solved the two language problem by just jamming the two languages into one: Smalltalk for the scripting/integration and C for the component language. Interoperability is smooth and at the statement level, thougha there is some friction due to overlaps caused by integrating two existing languages that were not designed to be integrated.

Mojo essentially uses the Objective-C approach of jamming the two languages into one. Except it doesn’t repeat Objective-C’s mistake of using the component language as the base (which, inexplicably, Swift didn’t just repeat, but actually doubled down on by largely deprecating objects). The reason this is a mistake is that it turns out that the connection language is actually the more general one, the component language is a specialisation of the component language.

With this realisation, Mojo’s approach of making the connection language the base language make sense. In addition, the fact that the component language is a specialisation also means that you don’t actually need to jam a full second language into your base, a few syntactic markers to to indicate the specialisations are sufficient.

Update (2023-06-09): Lex Fridman:

Here’s my conversation with Chris Lattner (@clattner_llvm), a legendary engineer, his 3rd time on the podcast. We talk about Modular AI and Mojo, a new programming language that is a superset of Python and can achieve 35,000x+ speed ups over Python.

Damien Petrilli:

It makes your wonder if it the same guy who created Swift in the first place. I guess Chris learnt a lot from doing Swift.

Compiler Humor

Tony Cunningham (via Hacker News):

These are some of the error messages produced by Apple’s MPW C compiler. These are all real. (If you must know I was bored one afternoon and decompiled the String resources for the compiler.)

[…]

“You can’t modify a constant, float upstream, win an argument with the IRS, or satisfy this compiler”

[…]

“type in (cast) must be scalar; ANSI 3.3.4; page 39, lines 10-11 (I know you don’t care, I’m just trying to annoy you)”

[…]

“This label is the target of a goto from outside of the block containing this label AND this block has an automatic variable with an initializer AND your window wasn’t wide enough to read this whole error message”

Jim Rea:

This parody of Jefferson Airplane’s classic song “White Rabbit” is about programming psychedelia—undefined behavior in C.

One flag makes it faster
and one flag makes it small
and the deprecated -Wchkp
doesn’t do anything at all. […]

Previously:

Update (2023-09-04): Irreal:

There’s a long tradition of this sort humor, especially in the Unix world. There’s the famous “bug” listed at the end of the tunefs man page: You can tune a file system, but you can’t tunafish. That joke was in the BSD Unix distribution until the suits discovered it and had it removed. Then there was the in-joke values of β will give rise to dom! error diagnostic from the Version 6 mv utility. Dennis Ritchie explains the joke at the link.

The Endless Uses for an Always-on Mac

Jason Snell:

I’ve had a Mac running as a server in my house for more than 20 years now, and I have zero regrets. As I detailed five years ago, the specific uses for my always-on Mac have changed numerous times over the decades, but the various Macs that have served the purpose have always made themselves useful.

[…]

Here’s what that Mac mini currently does: […]

I’m currently running two such Macs. The first is a 2012 MacBook Pro running Mojave, which provides access to my ScanSnap and label printer. I sometimes reboot it in High Sierra or Catalina to test with those versions of the operating system. I also use it when I have lots of stuff to download, e.g. a set of new WWDC videos.

The other is an M1 Mac mini, which runs servers for Git and Time Machine, downloads iCloud photos and Apple passwords from multiple accounts, runs Xcode tests (on macOS n-1), filters some mail accounts with SpamSieve, and does long-running copies and verifications of archives and backup drives. It’s connected to an extra HDMI port on our TV to save space, but I mostly access it via Screen Sharing.

Previously:

Wednesday, May 3, 2023

CarPlay in the Age of Large Screens

Stephen Hackett:

Yesterday, I picked up my new truck, a 2023 Toyota Tundra. Coming from an older Tacoma, this truck is amazing, and that includes the large 14-inch screen. The truck has wireless CarPlay, and I noticed something right away: CarPlay’s UI doesn’t stretch very gracefully for these larger displays.

[…]

The phone app is okay but the full-width cells in that table view are a bit odd. I also have no idea why the dialer looks the way it does.

[…]

Full-screen media playback is perhaps the worst of the screens, with both Overcast and Apple Music showing how much work Apple needs to do here[…]

My car has a 9-inch screen, and it’s frustrating how CarPlay doesn’t seem to use the space very well:

Previously:

Arc Browser

Matt Birchler:

While Vivaldi targets people who want absolute control over everything and who always want more functionality, while Arc is more focused on appealing to Mac enthusiasts who want a reliable browser that looks great and sports all the keyboard shortcuts and advanced features if they want them. Oh, and a couple surprises you probably didn’t see coming on top of that.

[…]

Browser apps have used top navigation and tab organization since the invention of the Internet, so there are more than a few years of muscle memory to overcome. But with Arc’s vast keyboard shortcut support and the power of the left sidebar, a little practice inside Arc will pay dividends in short order.

I was immediately turned off because when you launch the app you have to log in, and the “Why do I need an account?” help page talks about how they care about privacy but does not actually give any reasons why you need an account.

Though still in limited beta—Mac-only—it already has support in 1Password, unlike Orion, which has been available to the public since 2021.

David Pierce:

Arc, the new browser from a startup called The Browser Company, is such a divergent idea about how browsers should work that it takes some time, and some real effort, to get used to.

[…]

Arc wants to be the web’s operating system. So it built a bunch of tools that make it easier to control apps and content, turned tabs and bookmarks into something more like an app launcher, and built a few platform-wide apps of its own. The app is much more opinionated and much more complicated than your average browser with its row of same-y tabs at the top of the screen.

Another way to think about it is that Arc treats the web the way TikTok treats video: not as a fixed thing for you to consume but as a set of endlessly remixable components for you to pull apart, play with, and use to create something of your own.

Adam Engst (Mastodon, Hacker News):

I realize calling Arc “the most transformative app I’ve used in decades” is a bold statement that requires a lot of support. I won’t skimp on words in this article telling you why—it’s that important and requires new ways of thinking about how you work on the Web.

[…]

Space is a collection of tabs in the sidebar. The icons Arc uses to represent SpacesIt’s easy to switch between them using keyboard shortcuts (Control-1, Control-2, etc., or Command-Option-Left/Right Arrow) or by clicking little icons at the bottom of the sidebar.

You can assign each Space a color, providing an instant visual clue for what Space you’re in.

[…]

Arc lets you set up each Space with its own Profile. In Arc’s world, each Profile maintains its own logins, history, saved passwords, extensions, and more.

[…]

Arc’s designers have thought deeply about how to help users create appropriate levels of persistence. In the process, they eliminated bookmarks entirely, replacing them with pinned tabs. (For performance reasons, Arc keeps only recently used pinned tabs active, so unused ones don’t consume more resources than a bookmark would have.) Both are just URLs under the hood, of course, so what makes eliminating bookmarks possible is Arc’s focus on its sidebar. The sidebar has sections for three levels of persistence: Favorites, Pinned Tabs, and Today.

John Gruber:

[Hursh Agrawal’s] tweet has a two-minute video that outlines a tremendously ambitious plan:

  • Swift on Windows (compiler, debugger)
  • VSCode integration, Swift bindings for WinAppSDK
  • Porting Arc to Windows

Previously:

Update (2023-06-13): David Pierce:

Boosts has two features. You can use it to change the colors and fonts on a page, or you can use it to hide any given part of the page.

Previously:

Update (2023-07-25): Arc has now reached 1.0 (via Hacker News). It still requires an account.

enumjorge:

Yeah their messaging is a bit strange. Perhaps someone with more info on Arc can clarify, but their landing page makes a strong point about them being privacy-conscious, and their summary of their own terms of service is “TLDR: we won’t spy on you”, but at the same time you must log in to use the browser. What is their monetization strategy? If something is VC-backed and free, it’s hard to believe that they aren’t ad supported in some way, which almost always relies on some amount of tracking.

Nick Heer:

Trying Arc and having a pretty rough time. You cannot use it — a web browser! — without creating an account. It nags you more than once to set it as the default browser. It looks like it uses Google’s password manager, which I do not want to use. (Trying different browsers would be a lot easier if they used the system Keychain.)

The problem, for me, is that I think it may be conceptually better for me than Safari. I just wish it felt better.

Vivaldi 6

Jon von Tetzchner (via Bob Burrough):

At Opera, we were the first to add their search into the browser interface, enabling it directly from the search box and the address field. At that time, Google was an up-and-coming geeky company.

[…]

Now, we are making the Vivaldi browser. It is based on Chromium, an open-source project, led by Google and built on WebKit and KHTML.

[…]

A monopoly both in search and advertising, Google, unfortunately, shows that they are not able to resist the misuse of power. I am saddened by this makeover of a geeky, positive company into the bully they are in 2017. I feel blocking competitors on thin reasoning lends credence to claims of their anti-competitive practices.

Tim Hardwick:

Vivaldi web browser this week pushed out its sixth major release, bringing a new Workspaces feature and custom icons and themes to the highly configurable Mac app.

Similar in functionality to virtual desktops, the new Workspaces feature is designed to further enhance the browser’s powerful tab management by letting users organize tabs by category into separate workspaces and switch easily between them.

[…]

Elsewhere in Vivaldi 6.0, the browser’s built-in theming tools have been upgraded to include new Custom Icons, which can be found in the Themes Gallery.

Previously:

Multiple Apple ID Accounts

John Gruber:

The problem I was running into [here] was a bug that resulted from the fact I have split Apple ID accounts: one account for iTunes and App Store purchases, and a separate account for my Apple ID.

[…]

Everything is simpler if you only have one Apple ID that you use for both iCloud and iTunes/App Store purchases. The reason I never switched to using my mac.com iCloud account for everything, including purchases, is that there’s never been a way to migrate old purchases from a different account. And I’ve bought a lot of music, movies, and apps over the years using my other account.

[…]

This situation I ran into — seeing a promotion for a three-month Apple Arcade trial despite the fact that I pay for Apple One (which includes Arcade) — is just one of those glitches. Most Apple One subscribers don’t have split accounts, so they never saw the unnecessary promotion.

I have multiple accounts, too. One started with iTunes purchases. Another was created for .Mac/iTools. Another is for the developer program and was initially based around a person number and a name, but it eventually became a true Apple ID tied to an e-mail address. I don’t want to merge them, but I worry about Apple increasingly assuming that everything on the device is signed into the same account.

Glenn Fleishman:

In hindsight, Apple should have, somewhere in the last 10 years, offered a consolidation option. I and so many people I know have split accounts for historical reasons…and the fragile rigidity of the Apple ID and purchasing system and records.

And it’s not just purchases, since iCloud data is also locked to an account. A lot of people also use a separate account to share data and purchases in a family, due to longstanding limitations of Family Sharing.

Adam Chandler:

Many millions of us have two accounts who had iTools back in the day. Amazing that apple has offered no way to merge them yet.

John Gordon:

I’ve had LOTS of issues over years from having split accounts.

Kirk McElhearn:

For me, it’s even more complicated. Not only do I have two Apple IDs, but they are in two different countries. It is impossible for me to move my main Apple ID to the country in which I live. Because reasons.

Alex Brooks:

I agree that having split Apple accounts can sometimes be a pain, my path for having this is the same as [Gruber’s]. But I enjoy the security via obscurity aspect of it, my iCloud email is unknown (I never use it for email), and my iTunes email is at my main domain but obscure. Makes phishing almost impossible—and after all my iCloud account is probably the most precious of them all.

Previously:

Update (2023-05-03): John Gordon:

How we did our family transition

Update (2023-05-05): Noah Liebman:

I really like having two Apple IDs. I can sign into the App Store and Apple Music on my work computer, but not have my messages, calendar, and contacts show up on a machine where I don’t want them.

Tuesday, May 2, 2023

Google Cloud Services Outages

Thomas Claburn (Hacker News):

Google Cloud stopped operating in Paris early on Wednesday morning local time due to “water intrusion,” said the off-prem biz, which a day earlier reported profitability for the first time.

[…]

“Water intrusion in europe-west9-a led to an emergency shutdown of some hardware in that zone,” the company’s status page explains. “There is no current ETA for recovery of operations in europe-west9-a, but it is expected to be an extended outage. Customers are advised to fail over to other zones in europe-west9 if they are impacted.”

A short while later, the incident description changed to “a multi-cluster failure and has led to an emergency shutdown of multiple zones.”

[…]

Though more brief, the load balancing problems were far broader, affecting not just the europe-west9 zone but multiple zones in Asia, Australia, Europe, North America, and South America.

Gergely Orosz (via Drew Thaler):

I have questions. How does water intrusion into one data center take a whole zone (which should be multiple, physically separate and redundant DCs) offline?

The point of availability zones is to avoid issues in one DC taking down the whole zone.

Oh, I just see: an issue in one DC took down a whole region! So all AZs within that region are down.

Wow, this is very bad: the point of AZs is exactly for this to not happen.

Joshua Burgin:

Both Google and Microsoft don’t guarantee that all zones are physically separate buildings or separated by at least <x> km/miles. Many of their “zones” in smaller regions are just separate buildings by the same DC facility

Dylan Tack:

“[AWS] AZs are physically separated by a meaningful distance, many kilometers, from any other AZ, although all are within 100 km (60 miles) of each other.”

Update (2023-09-04): Ry Crozier (via Hacker News):

Microsoft had “insufficient” staff levels at its data centre campus last week when a power sag knocked its chiller plant for two data halls offline, cooking portions of its storage hardware.

[…]

“We have temporarily increased the team size from three to seven, until the underlying issues are better understood and appropriate mitigations can be put in place.”

Reducing Gaia GPS Battery Drain

Gaia GPS has worked well for me for years, but recently iOS has been reporting it as the reason my phone’s battery has been draining quickly. Of course, this is somewhat expected when I’m actively using the app, but the high battery use continues for days after I’ve stopped recording a track. The first set of battery tips that I found was not relevant. I need to have the iOS location permissions set for it to always be able to access my location because, when recording, I want it to keep updating even when I switch to another app such as Camera or Messages. Eventually, I found that the solution is to hide the compass.

With the compass enabled, I guess Gaia GPS is constantly asking iOS for location information so that it can update the live display on the map, even though I haven’t actually looked at the app in days. I wonder whether something has changed in iOS or in Gaia GPS because this never seemed to be an issue before. But, with iOS 16.4, it’s essential if I want to get through even half a day with my aging iPhone 12 mini.

Previously:

fn Key Reserved for System Applications

Timothy Perfitt:

I saw on Monty that fn-q brings up a new note. So what other shortcuts use the fn key?

  • fn-a: activates item in dock so you can arrow around and space to launch app
  • fn-n: open sidebar
  • fn-c: open control center
  • fn-h: show desktop
  • fn-q: new note

Bearzooka:

  • fn-e: emoji board
  • fn-d: dictation

Peter Maurer:

Today in Apple continuing to lock things down:

macOS uses fn for menu item key equivalents now (e.g., fn-F for full screen), but fn is private. You can’t assign it as a user via System Preferences, and developers can’t assign it to menu items in their apps either. All you get is a T-shirt that says: “NSEventModifierFlagFunction […] is only supported for system-provided menu items; will not be used”

I get Apple’s desire for consistency, but it’s a pain when you’re trying to mimic a system-provided menu item. Cue the silly workaround[…]

Marcin Krzyzanowski notes that the EventModifiers.function symbol is deprecated:

This key modifier is reserved for system applications.

Previously:

Update (2023-05-03): Brian Webster:

I love how fn-c brings up Control Center after which you can do absolutely nothing because Control Center has no keyboard navigation support itself. 🤦‍♂️

Even the associated standalone menus lost keyboard support when they were rewritten using SwiftUI in Big Sur.

Wallaroo and SwiftUI on iOS

Sean Heber:

Wallaroo is the first app we’ve built entirely with SwiftUI, so in this series of more technical posts, I want to talk about some specific issues we ran into along with how we solved them. In a separate post, Craig discusses development of the whole app so if you prefer to get a bird’s eye view of Wallaroo’s creation, be sure to check his article out.

[…]

I suspected this was going to be tricky because the framework didn’t (and still doesn’t) have even a simple flow layout, let alone something complicated like a flowing irregular grid! Luckily WWDC22 had just announced the new Layout protocol for SwiftUI, so I hoped I’d be able to use it to make this work.

See also: The SwiftUI Layout Protocol – Part 1 and Part 2.

We were a few days into this, and I was feeling pretty good about it when the first real-world complication reared its ugly head: Custom SwiftUI layouts aren’t lazy!

[…]

What I needed to solve this was some way to discern if the view was actually on screen or not and then emit the appropriate view.

Sean Heber:

I decided that knowing where the containing gallery’s frame was would likely make sense as an environment value, and so I added the visibleGalleryFrame that was computed in the code snippet in part 1 as an environment value for all of the child tile views to use. To get the parallax to work, the tile views measure the frame of whatever area they want to apply the parallax effect to and compare it with the environment’s gallery frame and offset things accordingly.

[…]

It feels like the only thing preventing people from using the environment more often (and perhaps “incorrectly”) is the fact that defining a new environment value involves a bunch of boilerplate in an EnvironmentValues extension! It doesn’t seem ideal to only depend on that friction to guide behavior, though, especially since I’d love to see some kind of new Swift syntax or feature that could eventually make the boilerplate go away!

See also: You can create your own SwiftUI Environment.

Sean Heber:

I spent a ridiculous amount of time off and on over weeks trying various caching schemes for my custom AsyncImage that prepared the image in different ways, kept the prepared image around keyed by URL, used NSCache or a simple Dictionary, used a Swift actor, etc. Happily I was able to get rid of all of that complication once the required pieces finally fell into place. This sort of thing happens a lot and I often spend a bunch of time on things that turn out to be dead ends.

[…]

Another of the limitations of AsyncImage that I was able to work around in our custom implementation is that AsyncImage only delivers the final Image after the load finishes and not the original data.

[…]

I guess the lesson here is: Don’t use view masking if you can help it!

This highlights one of the weakness of SwiftUI. It is very hard to debug this sort of thing or to get a sense of where time is being spent by the engine because so much of it is inaccessible and outside of our control.

Sean Heber (Craig Hockenberry):

The biggest surprise for me was how much trouble I had implementing the paging view to swipe left and right between wallpaper variants. […] I ran across a bunch of tutorials that were manually implementing panning gestures and paging and I was flabbergasted. Did I really need to do all of this myself from scratch?

[…]

Eventually I decided that maybe I should just wrap a UIScrollView to accomplish what we needed and started to dive into that.

I was pretty far into this when I accidentally stumbled across a Stack Overflow comment noting that SwiftUI actually does have a native paging view – it’s just cleverly hidden as a TabView style! […] Unfortunately it is extremely buggy.

[…]

There’s also something off about how SwiftUI documentation is written and organized. It frequently feels next to impossible to find the name of whatever view modifier you might be needing unless you more or less already know what you’re looking for. To make matters worse, the fact that SwiftUI’s view modifiers almost all exist as function extensions on View means just pressing the period key and browsing autocompletion suggestions tells you nothing about what might or might not make sense to use in your current context.

Sean Heber:

Instead of passing an object around that was nothing more than a thin wrapper of the navigation path, I created an action struct that implemented callAsFunction() just as Apple does with DismissAction, OpenURLAction, RefreshAction and others. The root view then added the action to the environment so all child views could use it.

With this approach, the NavigationPath is private to the root view which remains in control of adding things to the path. The root view also already implemented .navigationDestination for the views in the navigation stack, so it made sense to me that it should own how pages get pushed, too.

When the detail view needs to open a new gallery page, it uses my new OpenPageAction from the environment to request the new page much like this: openPage(.gallery(.tag("abstract"))).

[…]

In my opinion, a lot of the app’s ancillary views would have required far more code and time to build with UIKit and that’s an important point in favor of SwiftUI despite the occasional trouble in some corners.

Craig Hockenberry:

SwiftUI is new with some rough edges. Part of the @wallaroo_app project was to explore what those edges looked like – and this series of blog posts may leave you with the notion that you shouldn’t go near this stuff.

But the reality is that both Sean and I loved working with it.

Steve Troughton-Smith:

We’re enough years in to it now for me to be pretty sure SwiftUI is not the way forward for my apps, on Apple’s existing platforms. It’s just not how I want to write code. I remain open to it being potentially great for building new kinds of apps on Apple’s headset, but I’m not holding my breath (nor perhaps do I need to write new kinds of apps if the old kinds are best). I hope there always remains a bigger, more-powerful alternative under the hood that I can drop down to to build better apps.

Previously:

Monday, May 1, 2023

Brave Search No Longer Using Bing

Brave (via Hacker News):

When Brave Search launched in June 2021, about 13% of the queries required the help of third parties to achieve the desired level of quality across various types of queries.

[…]

By default, Brave Search users will now receive 100% of results from the Brave Index, giving users fully independent results. As always, our results will preserve user privacy. And this independence does not come at the expense of quality: Over the past several months, the Search team has drastically improved Brave Search’s ability to answer nuanced, long-tail queries.

For users who want it, Google Fallback mixing will continue to be an option. Users can continue to support the growth of the index and results quality by opting into the Web Discovery Project, and submitting feedback in cases where we should improve. And users can use Goggles to re-rank and filter results from the Brave Search index.

Their own index, based on Tailcat, is working better than DuckDuckGo/Bing for me now. Hopefully, Apple will add built-in support to Safari.

Previously:

Working Around Big Sur’s Missing TestFlight

Thomas Tempelmann:

I recently had brought up the question how a developer could test a program built for the Mac App Store before releasing it publicly on pre-Monterey (where there’s not TestFlight).

The solution (explained to me by DTS) is to submit it for review, with “pending developer release”, then use a promo code to install it on pre-macOS 12 via the App Store app.

Previously:

Turmoil Behind Siri

Wayne Ma (Hacker News):

Late last year, a trio of engineers who had just helped Apple modernize its search technology began working on the type of technology underlying ChatGPT, the chatbot from OpenAI that has captivated the public since it launched last November. For Apple, there was only one problem: The engineers no longer worked there. They had left the company to work on the technology, known as large-language models, at Google.

Chance Miller:

A new report from The Information today goes in-depth on the apparent chaos inside teams at Apple working on Siri and artificial intelligence. According to the story, “organizational dysfunction and a lack of ambition” have plagued Apple’s efforts to improve Siri and the backend technology that powers it.

This dysfunction has led to Apple falling further and further behind competitors like OpenAI, Microsoft, and Google, leading some Apple employees to question the future.

Today’s report is based on “interviews with more than three dozen former Apple employees who worked in its AI and machine learning groups.” The report follows a similar story from The New York Times earlier this month, which explained how Siri is built on a “clunky” database that ultimately leads to it taking “weeks” for Siri to be updated with “basic features.”

Hartley Charlton:

Apple’s virtual assistant is apparently “widely derided” inside the company for its lack of functionality and minimal improvement over time.

[…]

Apple executives are said to have dismissed proposals to give Siri the ability to conduct extended back-and-forth conversations, claiming that the feature would be difficult to control and gimmicky. Apple’s uncompromising stance on privacy has also created challenges for enhancing Siri, with the company pushing for more of the virtual assistant’s functions to be performed on-device.

This is weird because I think the main problem with Siri is not the missing sophisticated stuff like conversations but that the basics remain unreliable. And for all the talk of on-device Siri, basic tasks like creating reminders still need network access, and tasks like controlling the audio, which should definitely run on device without any sophisticated AI, are still incredibly slow and buggy.

Apple’s design team repeatedly rejected the feature that enabled users to report a concern or issue with the content of a Siri answer, preventing machine-learning engineers from understanding mistakes, because it wanted Siri to appear “all-knowing.”

[…]

Most recently, the group working on Apple’s mixed reality headset were reportedly disappointed by the demonstrations provided by the Siri team on how the virtual assistant could control the headset. At one point in the device’s development, the headset team considered building an alternative method for controlling the device using voice commands because Siri was deemed to be unsatisfactory.

Nick Heer:

Maybe all that is true. But what I cannot understand is why anyone would think users would want to have a conversation with Siri, when many would probably settle for a version of that basic database association schema working correctly.

[…]

It is not the case that Siri is failing to understand what I am asking it to do. Rather, it is faltering at simple hurdles and functioning as an ad for other Apple services. I would be fine with Siri if it were a database that performed reliably and expectedly, and excited for the possibilities of one fronted by more capable artificial intelligence. What I am, though, is doubtful — doubtful that basic tasks like these will become meaningfully better, instead of a different set of bugs and obstacles I will need to learn.

Previously:

Update (2023-05-03): John Gordon:

Why can’t Siri give me the Apple Music playlist I created? […] I just want Siri to do the simple things it weirdly can’t do. I don’t need Siri to be ChatGPT.

Secret Mac Security

Howard Oakley:

Apple is sadly no stranger to pulling updates. Ever since the days of classic Mac OS, there have been updates that have been rescinded faster than they appeared, sometimes leaving plenty of sick Macs in their wake. This week it seems to have been the turn of its latest anti-malware service XProtect Remediator to suffer this ignominy.

Not that this service officially exists. Since its tentative release in macOS Monterey 12.3 on 14 March 2022 and its rapid maturing during last summer, it has been given no more than an ambiguous byline in Apple’s Platform Security Guide, which doesn’t clearly differentiate the new malware scanner from the old XProtect.

[…]

At a little after 1700 GMT last Thursday, 27 April, Apple’s software update servers started offering an update labelled XProtectPayloads_10_15-96 which installed XProtect Remediator version 96 complete with its two new scanning modules for RankStank and RoachFlight. Within 12 hours, that was no longer available, and that new version has vanished without trace, notice or explanation.

I don’t understand why Apple is so secretive about its anti-malware efforts, especially in comparison with general security issues, which it documents very specifically.

See also: Accidental Tech Podcast.

Previously:

Update (2023-05-02): John Gruber:

Seems a little weird that today’s RSR updates aren’t listed yet on Apple’s security updates page. In recent years Apple has been very diligent about updating this page upon the release of security updates. These new RSR updates seem to exist outside this documentation system for now.

See also: Howard Oakley.

Update (2023-05-03): Mr. Macintosh:

🚨 Apple has not shared the security content of the latest iOS & macOS Rapid Security Response Updates.

IMO update details should be shared for any Mac or iOS update that requires a restart.🖥

If you agree, please file feedback with Apple.📝

See also: Adam Engst.

Update (2023-05-19): Sören:

still no description of the security content of the RSR a few weeks ago. Was that the same patch? A different issue? Was it just a drill?

Previously:

Update (2023-05-22): Gmarnin:

With the release of macOS 13.4, Apple has documented the what was in the RSR (Rapid Security Response macOS 13.3.1 (a)).