Archive for November 2023

Thursday, November 30, 2023

Vivlio

Romain Dillet (via Jason Snell):

While Amazon’s Kindle is the clear leader and Rakuten’s Kobo the obvious challenger, Vivlio has been building an open European alternative to these two tech giants. And it proves that you can compete with tech giants with a team of 35 as long as you have a distinct strategy with different goals.

[…]

From the very beginning, Vivlio bet that the book industry would remain fragmented — building yet-another-Amazon wouldn’t be a winning move. Vivlio signed a handful of partnerships with small and big chain bookstores so that it could run their e-book stores for them.

[…]

Vivlio contributed to Readium LCP, an open-source DRM solution that doesn’t require an Adobe account (or any third-party account). Many companies and public institutions have embraced LCP in recent years. Adobe’s DRM is still the leading protection system, but this technical move contributes to the open ecosystem philosophy behind Vivlio.

[…]

Vivlio partners with PocketBook for its e-book readers. But these devices aren’t just rebranded PocketBook devices, as the company adds a software layer so that they work with the entire Vivlio ecosystem. For instance, you can log in to your bookstore account directly on your Vivlio e-reader. All your purchases are automatically synchronized with your device and Vivlio’s cloud storage.

MarsEdit 5.1

Daniel Jalkut:

The addition of Mastodon support is a natural extension of the new Micropost Panel which was introduced in MarsEdit 5. I’ve prioritized the feedback of many users and added the ability to resize, add images, view character count, and more.

This is a welcome addition, although I haven’t settled on exactly how I want to use it yet. I like the support for multiple Mastodon accounts, the editor, and the way it can maintain a local archive. However, I still use Mona for most of my product-related posting because it can handle boosts, which MarsEdit neither posts nor archives.

HTML Entities are now ignored by syntax-highlighting and live spell checking

This doesn’t yet work for entities inside of HTML tags. I look forward to that being handled in a future version.

Fix a bug that sometimes caused spell checking to fail in Plain Text editing mode

[…]

Fix a crash that could occur when undoing text changes in the Plain Text editor

These two were affecting me a lot, and it’s great to have them fixed.

Previously:

Update (2023-12-12): MarsEdit 5.1.1:

Fix syntax highlighting of [and spell checking with] entity references within HTML blocks

Fix a bug in which published posts sometimes remained in Local Drafts folder

Disk Images in Sonoma

Howard Oakley:

Band size is the maximum size of each band file, and determines two things: the number of band files, and how efficiently the whole sparse bundle can change in size. In most cases, the default is 8.4 MB, which generally works well for all but the largest of sparse bundles. There’s one important limit to bear in mind when setting band size: all the bands of a sparse bundle are stored inside a single folder. If the number of bands reaches the maximum for a single folder for the host file system, then it will start to fail, and you could lose part or all of its contents. Currently, in macOS with HFS+ or APFS, that critical number is believed to be 100,000 (an empirical guesstimate). So whatever you do, ensure that your sparse bundle will never need 100,000 or more band files, as that could spell disaster.

[…]

Note, though, that setting too small a band size may limit the maximum size for the whole sparse bundle. When creating very large sparse bundles, macOS may restrict their size if the chosen band size is too small.

[…]

This stopped working by macOS Ventura 13.3.1, since when hdiutil still goes through the same sequence but the password remains unchanged. As of Sonoma 14.1.1 this remains broken, as Apple has still not fixed this bug.

Previously:

macOS 14.1.2

Juli Clover (release notes, security, developer, enterprise, full installer, M3, IPSW, M3):

According to Apple’s security support page, the update fixes two vulnerabilities that Apple says were exploited on versions of iOS earlier than iOS 16.7.1.

See also: Mr. Macintosh and Howard Oakley.

Previously:

Update (2023-12-08): Nick Heer:

According to Project Zero’s spreadsheet, Apple patched ten zero-days in 2022, thirteen in 2021, three in 2020, two in 2019, three in 2016, and none in 2018, 2017, 2015, and 2014. It seems like a similar story across the board: the 2014 spreadsheet contains just eleven entries total, while the 2023 sheet contains fifty-six so far.

Howard Oakley:

It has been more than four months since Apple last released a Rapid Security Response (RSR), but last week’s Sonoma update to version 14.1.2 looked like it should have come as one. It fixed two vulnerabilities, both in WebKit, that were already being exploited in older versions of iOS. Does the fact that it didn’t come as an RSR indicate that Apple has given up with them already?

[…]

If that was the complete account of what Apple yet again glosses over as “important bug fixes and security updates”, maybe. But there was slightly more to the 14.1.2 update than just those two patches to WebKit. Also updated, albeit with small changes in build number, are /System/Library/CoreServices/UAUPlugins/SafariUserAccountUpdater.bundle and /System/Library/PrivateFrameworks/SafariSafeBrowsing.framework. Whether Apple was alluding to those as “important bug fixes” or they were consequences of the fixes to WebKit we’ll never know, but it’s clear that the 14.1.2 update again required more than an RSR.

Howard Oakley:

We’re currently in another phase when that’s the case: while those Macs released before September should now be running macOS 14.1.2 build 23B92, M3 models from November have their own build number of 23B2091.

This means that if you have an M3 and an older model, they’re running incompatible releases of macOS.

[…]

There are other differences that are harder to explain, like an apparently much newer build of the News app, which has reached 3529.0.3 on all other Macs, but the M3’s build number is given as 5323, as do all the private frameworks that support it, despite having the same version number of 9.1.

Howard Oakley:

The red menu bar usually appears when switching between Stage contents, shown here when bringing the X (formerly Twitter) app and Safari onto the Stage. While the new windows appear correctly, instead of switching to the correct menu for either of them, the menu bar turns red and loses the menus that should appear at the left, for the front app.

iOS 17.1.2 and iPadOS 17.1.2

Juli Clover (release notes, security, developer):

iOS 17.1.2 includes important security fixes. Specifically, the update addresses vulnerabilities that may have been exploited in earlier versions of iOS.

Processing web content may disclose sensitive information.

[…]

Processing web content may lead to arbitrary code execution.

Previously:

Wednesday, November 29, 2023

GitHub Code Search Now Requires Logging In

koepnick (via Hacker News):

This is revolting and an anathema to the open source movement. A movement, I might add, Microsoft is abusing here.

We’re told that this is for security… But what possible point is there when I can simply clone the repository and use more dedicated tools for proper searching and analysis?

So what possible reason is there?! Do you NOT have enough of our data? Is it not enough to monetize every bowel movement, you now feel the need to track which individual lines of code I’m browsing?

I was on an older machine and needed to search for something in OUR OWN REPOSITORY and couldn’t. I actually want people to be able to search our codebase.

martinwoodward:

While searching across all repos has required being logged in for a long time, when we enhanced the search capabilities earlier in the 2023 we had to extend this to repos as well [Hacker News].

This is primarily to ensure we can support the load for developers on GitHub and help protect the servers from being overwhelmed by anonymous requests from bots etc.

See also: The technology behind GitHub’s new code search.

Previously:

AirJet

Roman Loyola (via Hacker News):

Since the MacBook Air doesn’t have a fan for the SoC, its performance will throttle down during processor-intensive work to maintain a proper operating temperature. The M2 13-inch MacBook Pro, on the other hand, has a fan that expels excessive heat so the chip can keep chugging along.

The AirJet is what Frore calls a “solid-state active cooling chip” that measures 27.5 by 41.5 by 2.8 mm, a lot smaller and thinner than a typical computer fan. It’s so thin that Frore was able to take an M2 15-inch MacBook Air and fit a set of AirJet chips inside the laptop. AirJet can keep the MacBook Air temperature at a proper level so the chip doesn’t have to throttle down. Using the Cinebench R23 benchmark, an off-the-shelf M2 MacBook Air was 7 percent slower than the M2 MacBook Pro. But the modified M2 MacBook Air with an AirJet setup matched the Cinebench score of the MacBook Pro.

It’s a proof of concept, not a product.

Most Compatible With Google Chrome

Catalin Cimpanu (2019, via Hacker News):

A former high-ranking Mozilla executive has accused Google of intentionally and systematically sabotaging Firefox over the past decade in order to boost Chrome’s adoption.

He is not the first Firefox team member to come forward and make such accusations in the past eight months; however, his allegations span far beyond current events and accuse Google of carrying out a coordinated plan that involved introducing small bugs on its sites that would only manifest for Firefox users.

[…]

“Google Chrome ads started appearing next to Firefox search terms. Gmail & [Google] Docs started to experience selective performance issues and bugs on Firefox. Demo sites would falsely block Firefox as ‘incompatible’,” he said.

[…]

“Over and over. Oops. Another accident. We’ll fix it soon. We want the same things. We’re on the same team. There were dozens of oopses. Hundreds maybe?”

It could be nefarious or could simply be that they all use Chrome internally and don’t do very much testing.

mtVessel:

There was a period of time when sites pretty much worked everywhere. In the last five years or so, the number of sites that only work in Chrome was risen precipitously. It’s either malice or incompetence, and I have no trouble believing either.

I continue to find less of the Web working with Safari, but so far I’ve always been able to fall back on Firefox.

Previously:

Tuesday, November 28, 2023

Composable Architecture and Swift Observation

Brandon Williams and Stephen Celis (Mastodon):

But now with the Observation framework you get to forget about almost all of that complexity, and just build your features in the most naive way, with basically zero adornments, and it just works. And it works in the most efficient way possible, where only the data accessed in the view is observed by the view.

That was pretty revolutionary for SwiftUI, but we think it can be just as revolutionary for the Composable Architecture. The Observation framework allows us to get rid of many concepts that were needed prior to the framework, most importantly the ViewStore concept, but also even things like IfLetStore, ForEachStore, SwitchStore, and a whole plethora of view modifiers for showing sheets, fullscreen covers, popovers, and more.

JP Simard:

What the @pointfreeco folks have managed to pull off here is pretty amazing.

They’ve re-implemented the Swift 5.9 Observable machinery, backported it all the way to iOS 13, and are leveraging that to supercharge the composable architecture.

Previously:

Swift Proposal: Typed Throws

SE-0413:

Swift is known for being explicit about semantics and using types to communicate constraints that apply to specific APIs. From that perspective, the fact that all thrown errors are of type any Error feels like an outlier. However, it reflects the view laid out in the original error handling rationale that errors are generally propagated and rendered, but rarely handled exhaustively, and are prone to changing over time in a way that types are not.

[…]

The loss of information between types like Result and Task and the language’s error-handling system provides partial motivation for the introduction of typed throws, and is discussed further below.

Typed throws also provides benefits in places where clients need to exhaustively handle errors. For this to make sense, the set of potential failure conditions must be relatively fixed, either because they come from the same module or package as the clients, or because they come from a library that is effectively standalone and unlikely to evolve to (e.g.) pass through an error from another lower-level library. Typed throws also provides benefits in generic code that will propagate errors from its arguments, but never generate errors itself, as a more flexible alternative to the existing rethrows. Finally, typed throws also open up the potential for more efficient code, because they avoid the overhead associated with existential types (any Error).

Even with the introduction of typed throws into Swift, the existing (untyped) throws remains the better default error-handling mechanism for most Swift code.

Rob Napier (2016):

I was an early proponent of typed errors in Swift. This is how the Swift team convinced me I was wrong.

Strongly typed errors are fragile in ways that can lead to poor API evolution. If the API promises to throw only one of precisely 3 errors, then when a fourth error condition arises in a later release, I have a choice: I bury it somehow in the existing 3, or I force every caller to rewrite their error handling code to deal with it. Since it wasn’t in the original 3, it probably isn’t a very common condition, and this puts strong pressure on APIs not to expand their list of errors, particularly once a framework has extensive use over a long time (think: Foundation).

Of course with open enums, we can avoid that, but an open enum achieves none of the goals of a strongly typed error. It is basically an untyped error again because you still need a “default.”

[…]

Last of all, for strongly typed errors to be of much use, Foundation would need to throw them since it is the largest producer of errors in the system.

Previously:

Update (2024-02-23): Donny Wals:

At the time of writing this post SE-0413 has been accepted but not yet implemented.

[…]

Personally, I think typed throws are a nice feature but that we won’t see them used that much.

The fact that we can only throw a single type combined with having to try calls in a do block erasing our error back to any Error means that we’ll still be doing a bunch of switching and inspecting to see which error was thrown exactly, and how we should handle that thrown error.

Apple Cash Escheat Heads-up

Dana E. Stevens:

I had a small balance in Apple Cash and had not made any transactions in a bit over 3 years. I received a text message notice of a “Balance Adjustment” resulting in a $0 balance in Apple Cash. Called Apple Support. They said the balance had been escheated to the state I live in. Approximately 6 weeks later the balance showed up on the state website for unclaimed property. […] I see I’m not the only one to have this experience.

I didn’t realize that financial-but-non-bank accounts like Apple Cash could be counted as abandoned/unclaimed simply because you haven’t used them in a while. You’d think Apple could send a notification before removing the funds.

See also: More than you want to know about gift cards.

Previously:

Google Drive Loses Months of Customer Data

Yeonjoong (via Hacker News):

My Google Drive files suddenly disappeared. The Drive literally went back to condition in May 2023. data from May until today disappeared, and the folder structure went back to status in May.

Google Drive activity doesn’t show any changes (only show activity that was in May) No files was deleted manually, so no files in Trash.

[…]

I followed recovery process that Google support team ask me to (South Korea team). They put a recovery program and failed.

Richard Speed (via Hacker News):

Google Drive users are reporting files mysteriously disappearing from the service, with some netizens on the goliath's support forums claiming six or more months of work have unceremoniously vanished.

There is little information regarding what has happened; some users reported that synchronization had simply stopped working, so the cloud storage was out of date. Others could get some of their information back by fiddling with cached files, although the limited advice on offer for the affected was to leave things well alone until engineers come up with a solution.

A message purporting to be from Google support also advised not to make changes to the root/data folder while engineers investigate the issue. Some users speculated that it might be related to accounts being spontaneously dropped.

Google is not officially communicating about this.

Previously:

Update (2023-12-06): Bill Toulas:

A notable aspect of the situation is that Google’s support forums are backed by volunteers with limited insight or understanding of the cloud service, so the lack of effective assistance in critical problems like this makes it all the worse.

BleepingComputer has contacted Google for an update on the status of the internal investigation and whether the lost files are recoverable or irreversibly lost, but we have not received a response by publication time.

Update (2023-12-08): Ron Amadeo (Hacker News):

Google acknowledged the issue on November 27, and a week later, it posted what it called a fix.

It doesn’t feel like Google is describing this issue correctly; the company still calls it a “syncing issue” with the Drive desktop app versions 84.0.0.0 through 84.0.4.0. Syncing problems would only mean files don’t make it to or from the cloud, and that doesn’t explain why people are completely losing files. In the most popular issue thread on the Google Drive Community forums, several users describe spreadsheets and documents going missing, which all would have been created and saved in the web interface, not the desktop app, and it’s hard to see how the desktop app could affect that. Many users peg “May 2023" as the time documents stopped saving. Some say they’ve never used the desktop app.

[…]

Google locked the issue thread on the Drive Community Forums at 170 replies before it was clear the problem was solved. It’s also marking any additional threads as “duplicates” and locking them. Taking away the space to diagnose the issue and communicate fixes adds to the sense that Google is more interested in PR damage control than helping users. It also doesn’t allow people to reply to the “solution” post, so it’s hard to evaluate the fix’s efficacy since Google shut down the easiest avenues for user feedback and support.

Of the few replies before Google locked the thread, most suggested that Google’s fix did not work.

Nick Heer:

I think Google’s dependence on support forums is a huge part of this problem. The company has notoriously poor service. Only people who pay for a support plan are able to get help from a real person, and not by phone or even live chat. For most people, Google’s primary suggestion is to post on its forum. Google even frames it as an instruction to “contact us via our forum” — but you are not really contacting Google, are you? You are contacting some person named Alex who lives in Springfield and has no idea what is going on, either, but says you should try restarting your computer.

Sorry, but that will not do — not for precious files, and especially not for one of the richest corporations anywhere. Google is supposed to be good at internet services — and, historically, it has been — but it is not good at customer service. Google’s abdication in this case should be a reminder that even near-perfect reliability is irrelevant the moment there is a problem as serious as this, and when that happens, a real person being helpful will matter more than anything else. We need to have higher standards. Think about it this way: if the first couple of people to see this problem could have talked to a real person at Google, that person could have escalated this and flagged it as the big problem it is. Instead, a forum thread lingered for a week until someone at Google bothered to check on it.

Previously:

YouTube’s Ad Blocker Crackdown

Paresh Dave (Hacker News, Reddit):

In early October, the people who make ad blocking tools convened in Amsterdam for their industry’s annual conference. One session was a welcome pitch from Google product leaders about tweaks made to address fears that a security update to the company’s Chrome browser could hamper ad zapping. Google, which draws nearly 80 percent of its revenue from ads, even cosponsored the event, at an airy venue along the water.

Emma Roth:

YouTube is broadening its efforts to crack down on ad blockers. The platform has “launched a global effort” to encourage users to allow ads or try YouTube Premium, YouTube communications manager Christopher Lawton says in a statement provided to The Verge.

If you run into YouTube’s block, you may see a notice that says “video playback is blocked unless YouTube is allowlisted or the ad blocker is disabled.” It also includes a prompt to allow ads or try YouTube Premium. You may get prompts about YouTube’s stance on ad blockers but still be able to watch a video, though, for one Verge staffer, YouTube now fully blocks them nearly every time.

Ryan McNeal (via Hacker News):

YouTube recently expanded its ad-blocking efforts, transitioning from just a small experiment to a global launch. The move appears to have had some success, as users are uninstalling the software in record numbers. But you can also argue it has had the opposite effect, as even higher numbers of users are turning to better ad blockers.

[…]

Some people are even turning to solutions like Newpipe, a YouTube-like website that’s capable of running videos from the platform without ads.

[…]

If you’re looking alternatives, extensions like uBlock Origin still work when used on Firefox. Adblock Plus has also offered some suggestions on how to get past the anti-ad block wall. There’s also the option of biting the bullet and paying for YouTube Premium.

uBlock Origin (2019):

It will not possible for uBlock Origin to work with the upcoming Safari 13 / macOS Catalina release.

Nick Heer:

I am not signed into YouTube and I, too, have seen the anti-adblock campaign.

YouTube is in a unique position — one I imagine is enviable for pretty much any other ad-supported product. It is the web’s video host — well, the web’s general purpose video host, I suppose — and has no equal, so it can do basically anything it wants. It has spent years ratcheting up the ad load. It is now typical that any video you watch will be preceded by two unskippable ads, with more ads often appearing every few minutes.

Alec Watson:

Seemingly few people know (or understand completely) that YT Premium is a good deal for all parties involved - it kills ads, creators get a cut of the membership, and (in my experience anyway) it neutralizes many of the platform’s weird tendencies because serving relevant ads to the viewer is no longer a concern.

I would advocate for it much more strongly (and I say 100% truthfully that Premium views pay me more than ad-supported views do) except YT continues to lump YT music into it.

Jay Bonggolto (via Hacker News):

Several Reddit posts have highlighted a five-second delay when loading YouTube videos on Firefox, which disappeared when the user agent was switched to Chrome, revealing a potential browser-specific issue.

Investigation by users suggests that the delay isn’t a Firefox bug but an intentional addition in the JavaScript code of YouTube’s desktop client.

Discussions speculate that the added delay might be linked to ad display, possibly as a workaround for users employing ad blockers.

Aamir Siddiqui (via Hacker News):

Here is the complete statement sent to us by a YouTube spokesperson:

To support a diverse ecosystem of creators globally and allow billions to access their favorite content on YouTube, we’ve launched an effort to urge viewers with ad blockers enabled to allow ads on YouTube or try YouTube Premium for an ad free experience. Users who have ad blockers installed may experience suboptimal viewing, regardless of the browser they are using.

Google’s statement squarely marks the delay as an intentional change targeted toward users who continue to use ad blockers.

hackhive-io (Hacker News):

YouTube is now blocking Ad Blockers - So I just make ads run 16x faster

See also: Hacker News, Reddit.

Pieter Arntz (Hacker News):

Google has announced it will shut down Manifest V2 in June 2024 and move on to Manifest V3, the latest version of its Chrome extension specification that has faced criticism for putting limits on ad blockers. Roughly said, Manifest V2 and V3 are the rules that browser extension developers have to follow if they want their extensions to get accepted into the Google Play Store.

Previously:

Update (2023-12-06): Thomas Claburn:

Today those Chrome extensions by and large adhere to an API specification known as Manifest V2: that’s what they use to, for example, inspect pages for stuff to filter out. Googlers feel that API puts too much power in the hands of extension developers: someone could make an add-on that offers to do things like block annoying ads on a page, and then later use those powers to steal or manipulate sensitive data on your internet profiles.

The Chocolate Factory’s answer to this was to develop Manifest V3, which has been supported by Chrome for a while now: it’s an alterative way for extensions to drill into pages and filter out bad content, for instance. Google says V3 is safer - giving users more protection from wayward extensions - but some developers argue the switch from V2 to V3 cripples their extensions and makes them less effective. That would mean less effective ad blocking.

See also: Slashdot and Does uBlock Origin (uBO) bypass the latest YouTube anti-adblock script? (via Hacker News).

Update (2023-12-08): Nick Heer:

If you watch a lot of YouTube, Premium looks like a great choice, though I find it requires a reorientation of your headspace: think of YouTube Premium as “YouTube”, and YouTube sans Premium as the “free trial” or “lite” version. That framing also puts Google’s strategy for YouTube into a more understandable context, I think. Google has increased the per-video ad load and it delivers fewer skippable ads, and it is becoming more strict about ad blocking in the same way many software companies limit free trials.

But I can understand why people block ads, too, because the quality of ads I get on YouTube sucks. Part of this is my fault because I am a more privacy-conscious user and, so, take steps to prevent specific targeting. That means I get an awful lot of ads with deep-faked celebrities hawking sketchy investments, garbage supplements, gambling, diet scammers, and other bottom-of-the-barrel crap. I understand my restrictions reduce my likelihood of seeing things which interest me. On the other hand, why is Google accepting ads like these in the first place?

Colin Devroe:

I do not intentionally block ads. I do, however, intentionally block ad tracking. And I think this distinction is important.

Monday, November 27, 2023

A Short History of Recovery in macOS

Howard Oakley:

For the first ten years of Mac OS X, its closest substitute was Single User Mode, or SUM, entered by starting the Mac up with the Command and S keys held down. OS X then booted into the command line, where you could for example repair your startup volume[…]

[…]

With Mac OS X Lion, and the delivery of OS X from the App Store, this all changed, when starting a Mac up with the Command and R keys held entered its new Recovery mode, stored in what was termed the Recovery partition. In those days of HFS+, that was just another volume on the boot disk, and could be supplemented with a prepared USB stick containing third-party recovery tools, such as Drive Genius or Disk Warrior.

[…]

Prior to macOS Sierra, entering Recovery usually worked with a wireless keyboard; when running Sierra and later, many users found that they had to connect Bluetooth keyboards to a USB port to ensure the startup key combination worked reliably.

[…]

Apple silicon Macs, though, had a brand new Recovery system, dubbed 1 True Recovery (1TR), run from a hidden container on their internal SSD, and engaged by pressing and holding the Power button.

[…]

From Monterey onwards, starting up in primary Recovery using the Power button boots that Mac into the Recovery volume paired with the current boot volume group. Starting up in fallback Recovery using the doubly-pressed Power Button boots that Mac into the fallback Recovery (frOS) installed in the hidden Apple_APFS_Recovery container on the internal SSD.

See also:

Previously:

Time to Back Up Bandcamp

David Rutland (via Hacker News):

If you’ve spent your hard earned cash supporting independent artists through Bandcamp, a series of ownership changes and layoffs suggest that now might be the best time for audiophiles to download their audio files to secure offline storage.

[…]

According to Aftermath, Bandcamp is a mess right now, with most of the support team gone. This leaves artists under the care of people who are either incredibly overworked, barely trained, or both. Engineers are doing work normally allotted to the support staff - normally a highly trained, competent, and enthusiastic crew.

[…]

The Bandcamp UI isn’t really designed with massive downloads in mind, and there are a lot of boxes to tick.

Fortunately, it’s pretty easy to download all of your Bandcamp music using the excellent Batchcamp extension which is available as both a FireFox addon, or as a Google Chrome extension.

Previously:

Moving on From Xojo

Sam Rowlands:

Since 1998, I’ve built every single Mac app with the Xojo development tool (Aka Real Studio and REALbasic).

Over the last ¾ of a decade, Xojo started ignoring bugs, feature requests and industry trends. New features felt rushed, incomplete and sometimes unusable. Dark mode support and concurrency are two prime examples. Something is clearly wrong.

Xojo had embarked on a multi-year project of “2.0 All The Things™”. All Xojo customers must now experience learning a new programming language.

[…]

In a few short years, Xojo turned their most evangelical, enthusiastic, knowledgable, experienced and loyal customers, into enemies.

Bob Keeney:

One of the topics that I brought up was that these issues (the new Event names and marking anything from API 1.0 Deprecated – even though they’ll be around for a many years to come) were brought up early and often in the beta program. I said that honestly, it made us feel that our input is not valued.

[…]

I’ve been around a long time and have remained friends with some of those former Xojo developers. Some leave because of long-term bugs. It is disheartening to report a bug that affects your app that gets ignored for years on end.

[…]

Some leave because there is a lack of capabilities in the product. iOS (but also true for all targets) is painfully lacking in capabilities that force you into learning complex declares. There are no built-in controls for Date, Time, Timestamp, or numbers only Text Fields, exporting to PDF, no ability for applications to have a report editor, a good grid, etc. Some of this is because Xojo is the lowest common denominator between Mac, Windows, and Linux (for desktop) and doing these things cross-platform is really hard.

Alain Bailleul:

When I first started this blog, I was a huge fan of RB. The familiar VB6 syntax was what me attracted to it in the first place. I had a VB6 background, and with Microsoft abandoning it, RB was a nice alternative.

[…]

But because of Xojos decision a couple of years ago to start using a new syntax framework, most of these projects won’t work anymore without a major overhaul. So I feel it is time to let them go.

Previously:

Update (2023-11-28): Patrice Calligaris:

Good points, I think their mistake is to support all platforms. Too big for a small team. They should just focus on macOS and Windows, desktop apps where there is a market. Now for Windows apps, you need a specific project to support new UI items, ridiculous!

Jeannot Muller:

I initially didn’t want to write anything more about Xojo. However, this thread reaffirms my decision to learn new tools nearly two years ago and ultimately part ways with Xojo.

[…]

In my opinion, Realbasic’s former strength of having a visual designer is increasingly overshadowed by various functional shortcomings and the prevalence of a 4-digit number of bugs.

Most notably, you purchase the “Layout Manager” at a steep cost. Naturally, it only functions within the Xojo IDE, which is significantly outdated. Not only is the autocomplete feature slow and prone to errors, but we don’t even want to discuss the absence of GIT integration. The Xojo IDE simply lacks everything that modern (and mostly free) IDEs provide in 2023.

Of course, the days when you could easily develop for multiple platforms from Realbasic / Xojo are long gone. The mobile modules require (no fault of Xojo) that you deal with XCode, Android Studio, certificates, CSS, JavaScript injections. If you don’t use the overpriced but secure Xojo cloud, you will also have to deal with server configuration for the web or you will have to use a third-party software solution like “LifeBoat” (in addition to the plugins that you need to be able to work properly with Xojo). The same applies if you want to get mobile solutions into the stores. Then there is hardly any way for the hobbyist to avoid third-party software like “App Wrapper”.

Bob Keeney:

A decade ago, people would explore Xojo, but they soon realized that building a robust application required more effort than they could invest. Consequently, they often sought professional developers, like myself, to create or fix their applications. However, the demand for consulting work gradually declined, leaving fewer opportunities for developers. The viability of the Xojo ecosystem is intricately linked with the consultants who support it.

[…]

While Xojo introduced its Rapid Release Model years ago, the results have been less than stellar. Instead of large, more stable releases with occasional bug fixes, we received frequent but less substantial updates. These updates often fixed some bugs but introduced new ones, creating frustration.

The parallels to macOS are obvious.

See also: If Not Nil, Could it be Saved?.

Google Pays to Be Default on Samsung Phones

Adamya Sharma:

The ongoing Google vs. Epic trial has brought out another interesting piece of information. As per testimony presented by Epic Games (via Bloomberg), Google paid Samsung $8 billion over a period of four years to keep Search, Assistant, and Play Store as default services on Samsung phones.

[…]

One internal document also shows how Google saved $1 billion over four years by backtracking on its request to make Play Store the only app store shown on the home screen of Samsung devices.

[…]

Meanwhile, Google’s lawyers presented an internal 2019 email from Jamie Rosenberg, the former lead for Google Play and Android operations, saying his team was “halting” Project Banyan as “it created an incentive dynamic where store teams would be competing with each other.”

The stores would probably work better for customers and developers if there were competition.

Lauren Irwin (via Hacker News):

James Kolotouros, vice president for partnerships at Google, testified Monday in a San Francisco trial, saying that the company and Samsung were to share app store revenue to ensure Android mobile devices came with Google Play preinstalled.

[…]

In his testimony, Kolotouros said if the Google-affiliated app store wasn’t pre-downloaded on the phones, people would likely make the switch to Apple and its iPhone.

Paul Wiseman and Michael Liedtke (via Hacker News):

Appearing in the biggest antitrust trial in a quarter century, DuckDuckGo founder Gabriel Weinberg testified Thursday that it was hard for his small search engine company to compete with Google because the powerhouse has deals with phone companies and equipment manufacturers to make its product the default search option on so many devices.

[…]

Weinberg testified that getting users to switch from Google was complicated, requiring as many as 30 to 50 steps to change defaults on all their devices, whereas the process could be shortened to just one click on each device.

[…]

In earlier testimony, Eric Lehman, a former Google software engineer, seemed to question one of the Justice Department’s key arguments: that Google’s dominance is entrenched because of the massive amount of data it collects from user clicks, which the company in turn leverages to improve future searches faster than competitors can.

But Lehman said machine learning has improved rapidly in recent years, to the point that computers can evaluate text on their own without needing to analyze data from user clicks.

Previously:

Tata Code Theft

Richard Speed (via Hacker News):

A jury has sided with Computer Sciences Corporation (CSC) against Tata Consultancy Services (TCS) over the theft of source code and documentation. A total of $210 million was this week awarded.

According to the verdict [PDF], a Texas jury agreed that TCS had “willfully and maliciously” misappropriated both source and confidential documentation by “improper means,” awarding CSC $140 million in damages, with another $70 million tacked on for TCS’s “unjust enrichment.”

The complaint [PDF] was filed in April 2019 regarding CSC’s VANTAGE-ONE and CyberLife software platforms. CSC had licensed these software platforms to Transamerica Corporation, a life insurance holding company, to whom Tata – used here to collectively refer to Tata Consultancy Services Limited and Tata America International Corporation – began providing maintenance services.

[…]

The circumstances got sticky at this point, not least because Tata hired more than 2,000 Transamerica employees. CSC alleged that these former employees had access to its code and documents, and forwarded them on to the Tata BaNCS development team.

Previously:

Sunday, November 26, 2023

Receipt Validation With All the Ethernet Interfaces

Jeff Johnson:

I’ve recently run into a case that seems to call into question all extant sample code for Mac App Store receipt validation. […] I learned that the ethernet port of the customer’s Mac was fried as a result of electrical damage from a lightning strike. The Mac’s motherboard was replaced, but afterward the customer still couldn’t launch Magnet, and now they couldn’t launch Link Unshortener either. It turns out that the Mac’s ethernet port is now en11 rather than en0. Apple’s old sample code checked only en0, and Apple’s new sample code checks only en0 and en1, so that technique won’t work. And the technique suggested by Chris Liscio won’t work, because querying for kIOPrimaryInterface returned no results! The customer’s Mac reported having no primary ethernet interface.

My solution was to query all built-in ethernet interfaces—in technical terms, kIOBuiltin devices of kIOEthernetInterfaceClass—and attempt to validate each interface’s MAC address with the App Store receipt until a match was found. This might be the same technique suggested by Paulo Andrade, but that blog post contains no sample code.

Previously:

NVIDIA Sued for Stealing Trade Secrets

Mariella Moon (via Hacker News):

NVIDIA is facing a lawsuit filed by French automotive company Valeo after a screensharing blunder by one of its employees. According to Valeo’s complaint, Mohammad Moniruzzaman, an engineer for NVIDIA who used to work for its company, had mistakenly showed its source code files on his computer as he was sharing his screen during a meeting with both firms in 2022. Valeo’s employees quickly recognized the code and took screenshots before Moniruzzaman was notified of his mistake.

[…]

Moniruzzaman allegedly gave his personal email unauthorized access to Valeo’s systems to steal “tens of thousands of files” and 6GB of source code shortly after that development. He then left Valeo a few months later and took the stolen information with him when he was given a senior position at NVIDIA, the complaint reads. He also worked on the very same project he was involved in for Valeo, which is why he was present at that video conference.

We don’t hear about this sort of thing happening very often.

Cavium Networking Hardware May Contain Backdoor

Bruce Schneier:

Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden.

Stefania Maurizi:

Communication in a world of pervasive surveillance is a public document and has been downloaded over 18,000 times since March 2022 when it was first published.

[…]

In 2013, Jacob Appelbaum published a remarkable scoop for Der Spiegel, revealing the NSA had spied on Angela Merkel’s mobile phone. This scoop won him the highest journalistic award in Germany, the Nannen Prize (later known as the Stern Award).

Nevertheless, his work on the NSA revelations, and his advocacy for Julian Assange and WikiLeaks, as well as other high-profile whistleblowers, has put him in a precarious condition. As a result of this, he has resettled in Berlin, where he has spent the past decade.

Thomas Claburn:

Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell denies it or Cavium placed backdoors in products at the behest of the US government.

[…]

In a phone conversation, Appelbaum told The Register, “Marvell is answering a question that no one asked.” He explained further in an email, essentially arguing that Marvell may have inadvertently backdoored its equipment by implementing weak and exploitable algorithms, such as the infamous Dual EC DRBG, that were championed by the US government so that they would be adopted by suppliers and deployed in the wild possibly for snoops to abuse.

[…]

“As far as I know, Marvell has not reported performing an internal audit on the intellectual property that they acquired from Cavium to search for any NSA sabotage, nor have they reported performing a similar audit on Marvell related technologies,” he said.

Matthew Green (Hacker News):

To give some context, here are the contents of an initial Snowden leak from September 2013. Cavium was a leading manufacturer of cryptographic co-processors for VPN devices at that time.

[…]

The formal name for this stuff is “algorithm substitution attacks.” Basically, you replace a cryptographic algorithm with a different one that “looks the same” from the outside, but contains a trapdoor for the NSA to exploit.

Appelbaum’s thesis is available here and contains this passage:

In a related document the NSA describes a normal situation where the NSA intercepts VPN traffic to decrypt the contents, modify the traffic if desired, and then re-inject and re-encrypt the traffic to send on to the original destination. The NSA estimated in 2011 that they performed around one thousand attacks against VPN sessions per hour and NSA projected it would soon be performing one hundred thousand such attacks in parallel per hour. It is reasonable to assume that this number is significantly higher after more than a decade.

Previously:

Data Analytical Services (DAS)

Dell Cameron and Dhruv Mehrotra (Hacker News):

A little-known surveillance program tracks more than a trillion domestic phone records within the United States each year, according to a letter Wired obtained that was sent by US senator Ron Wyden to the Department of Justice (DOJ) on Sunday, challenging the program’s legality.

According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims. Using a technique known as chain analysis, the program targets not only those in direct phone contact with a criminal suspect but anyone with whom those individuals have been in contact as well.

The DAS program, formerly known as Hemisphere, is run in coordination with the telecom giant AT&T, which captures and conducts analysis of US call records for law enforcement agencies, from local police and sheriffs’ departments to US customs offices and postal inspectors across the country, according to a White House memo reviewed by Wired.

Via John Gruber:

The information collected by DAS includes location data.

[…]

This is related to the entire U.S. phone system infrastructure — the old Ma Bell. Landline calls and calls from Verizon and T-Mobile cellular customers get routed through this AT&T system, and are thus surveilled by this same system.

[…]

It is completely unclear to me whether DAS/Hemisphere collects text messages — SMS, MMS, RCS — in addition to voice calls.

EFF:

Publicly disclosed for the first time in September 2013 by the New York Times, the Hemisphere program provides police access to a database containing call records going back decades, combined with a sophisticated analytical system.

[…]

“Hemisphere” came to light amidst the public uproar over revelations that the NSA had been collecting phone records on millions of innocent people. However, Hemisphere wasn’t a program revealed by Edward Snowden’s leaks, but rather its exposure was pure serendipity: a citizen activist in Seattle discovered the program when shocking presentations outlining the program were provided to him in response to regular old public records requests.

But these documents only painted a partial portrait of the program, and since the New York Times’ initial reporting in 2013, EFF has filed its own Freedom of Information Act and state-level public records requests to learn more. The results have been frustrating, with various agencies providing highly and inconsistently redacted documents in what seems to be an attempt to further hide information from the public.

Via John Gruber:

This slide deck hosted by the EFF is one of those presentations, and worth your attention. The system’s capabilities are terrifying. From page 9 of that deck, highlighting Hemisphere’s “Special Features”:

  • Dropped Phones — Hemisphere uses special software that analyzes the calling pattern of a previous target phone to find the new number. Hemisphere has been averaging above a 90% success rate when searching for dropped phones.

  • Additional Phones — Hemisphere utilizes a similar process to determine additional cell phones the target is using that are unknown to law enforcement.

[…]

So the system analyzes not just the phone records of the target, but the records of every single number the target calls.

Jessica Lyons Hardcastle (Hacker News):

According to Senator Ron Wyden (D-OR), these searches “usually” happen without warrants. And after more than a decade of keeping people — lawmakers included — in the dark about Hemisphere, Wyden wants the Justice Department to reveal information about what he called a “long-running dragnet surveillance program.”

[…]

Privacy advocates including the Electronic Frontier Foundations have filed Freedom of Information Act and state-level public records lawsuits to learn more about the secret snooping program.

[…]

Although the program and its documents are not classified, the Justice Department has marked them as “Law Enforcement Sensitive,” meaning their disclosure could hurt ongoing investigations. This designation also prevents the documents from being publicly released.

[…]

Additionally, Hemisphere is not subject to a federal Privacy Impact Assessment due to its funding structure, it’s claimed. The White House doesn’t directly pay AT&T - instead the ONDCP provides a grant to the Houston High Intensity Drug Trafficking Area, which is a partnership between federal, state, and local law enforcement agencies. And this partnership, in turn, pays AT&T to operate this surveillance scheme.

See also: Using Metadata to find Paul Revere.

Previously:

Section 24220: Advanced Impaired Driving Technology

Jon Miltimore (Hacker News):

“Marketed to Congress as a benign tool to help prevent drunk driving, the measure will mandate that automobile manufacturers build into every car what amounts to a ‘vehicle kill switch,’” wrote Barr, who was the Libertarian Party’s nominee for president in 2008.

[…]

To my relief, I saw several fact-checkers at legacy institutions had determined the “kill switch” mandate was not true.

[…]

Unfortunately, my relief evaporated once I looked at the bill itself.

Sec. 24220 of the law explicitly states: “[T]o ensure the prevention of alcohol-impaired driving fatalities, advanced drunk and impaired driving prevention technology must be standard equipment in all new passenger motor vehicles.”

The legislation then goes on to define the technology as a computer system that can “passively monitor the performance of a driver of a motor vehicle” and can “prevent or limit motor vehicle operation if an impairment is detected”.

Matt Posky:

There are now fact-checking websites that are designed to counter other fact-checking websites who likewise want to pretend to have the market cornered on factual information. In the end, the vast majority boils down to contradictory talking points and trying to shape a desired narrative. Nobody really knows what the legislation will bring into effect because the relevant decisions haven't been made yet by the National Highway Traffic Safety Administration (NHTSA).

But what is certain is that the provisions included within the trillion-dollar Infrastructure Investment and Jobs Act will eventually result in some form of driver monitoring. That’s likely to come by either an ignition interlocking device that would require drivers to utilize a breathalyzer before setting off, or some kind of comprehensive driver monitoring system that uses audio-visual cues to determine the driver’s present status.

The latter seems the more likely option. Modern automobiles are already loaded up with microphones and are capable of transmitting control inputs, positional data, and plenty more back to the manufacturer. The automotive industry has also begun installing in-cabin camera systems to help track what occupants are doing. Originally, the concept was floated as a way to safeguard from distracted driving. But it’s also more lucrative info for an industry that now seems completely obsessed with data mining its own customers.

There are privacy implications if the data is shared and the possibility of abuse if the system can be remotely controlled. But, even ignoring those issues, there will be false positives. I turned off my 2023 vehicle’s lane keeping assist feature, which seems comparatively simple, because it often nudges in the wrong direction. The system will in some cases incorrectly identify erratic driving or not realize that there may be a valid reason for it. And, though the goal is to prevent deaths by disabling cars, immobilizing a vehicle could also be fatal for its occupants or for those of other vehicles that it’s blocking. You can mandate a secure golden key, but what you end up with may be something else entirely.

See also: Lauren Fix.

Previously:

Wednesday, November 22, 2023

Ducklet 1.0.1

ohoj Software:

Ducklet makes using SQLite databases easy for everyone, whether you’re a developer, data analyst, or just curious. We’ve designed a user-friendly interface for a smooth and intuitive experience, so you can focus on your data.

[…]

Experience unmatched performance and seamless integration with our native application written in SwiftUI and AppKit.

I discovered this new app while assembling the Black Friday deals. It brings some fresh ideas but isn’t mature enough for me to switch yet.

Likes:

Dislikes:

Overall, I like Base and Core Data Lab better, but Base has been giving me a lot of internal errors lately, and I’m unsure whether it’s still under development. However, Ducklet looks promising, so I purchased it on sale.

Previously:

Git Tower 10.2

Tower:

Sync Action: This action synchronizes your HEAD branch with a remote branch by pulling and then pushing commits (if pulling was successful). If you are not using the default toolbar item set, you can add the Sync action to your toolbar by running “Customize Toolbar” from the “View“ main menu.

Settings: You can now configure custom environment variables used when running Git commands by visiting the new “Environment” tab in Tower’s settings.

Settings: You can now choose 1Password as an SSH Agent for SSH Signing in the “Git Config” tab.

[…]

New License View: An improved license window will show more license information and allows you to deactivate devices.

[…]

Syntax Highlighting: Text is now highlighted correctly when selecting lines for staging.

I like the syntax highlighting introduced in version 10, but I’ve had intermittent problems where viewing even a small file makes it use 800% CPU doing JavaScript stuff, seemingly forever, even if I click to view another file.

Previously:

Update (2023-12-06): Bruno Brito:

We have added a new button: Sync! This action performs a combination of a “pull” operation followed by a “push” (if the “pull” is successful).

Kristian Lumme:

Just like in Git, you can filter the history by commit author, date range, files affected, commit message and more. Click the dropdown in the search box in the upper right corner to select your first criteria to filter by (1).

After entering a value and hitting Enter, the filter shows up above the commit list, where you can use the plus and minus buttons to add more criteria as needed (2)!

I had never noticed this. I wish the buttons for adding criteria were always visible. Same with the Blame, File History, and Diff Tool buttons, which only show up when you mouse over the right spot.

Rumor of Cellular MacBook

Arnold Kim (2011):

One of the most requested features for Apple’s MacBook Pro line has been for the integration of some sort of built-in 3G cellular data to allow for anywhere wireless connectivity. MacBook Pro users presently need to purchase a separate Mi-Fi or 3G USB Modem in order to keep their machines connected to the internet when not near a Wi-Fi hotspot.

Apple has developed prototypes of the MacBook Pro with integrated 3G data, as evidenced by this eBay sale showing a never-released MacBook Pro prototype.

This particular machine dates back to 2007 and is a 15" MacBook Pro Santa Rosa laptop with a 3G antenna, 3G hardware and SIM card slot built in.

Tim Hardwick (Hacker News):

Apple eventually plans to build its own custom modem into cellular MacBook models that could arrive in 2028 at the earliest, according to Bloomberg’s Mark Gurman.

Apple has reportedly been working on its own modem since 2018, as it seeks to move away from Qualcomm’s component currently used in iPhones. The timeframe for launching the modem has slipped several times and is now expected to be ready around 2026, and Gurman now hears that Apple has plans for the chip appearing in other Apple devices further down the line.

Even without their own modems, I’ve never quite understood why Apple didn’t make this available as an expensive option. Personal Hotspot is not a great substitute. If it makes sense for (and fits in) an iPad, it makes sense for a Mac.

Previously:

Apple Asked Amazon to Block Rival Ads

Eugene Kim (via Hacker News):

Apple’s latest products directly sold by Amazon have a much cleaner page layout on Amazon with no ads or recommendations until the very bottom of the page, an Insider review of the e-commerce site shows. Most other brands don’t get this special treatment, according to people familiar with the matter, who spoke on the condition of anonymity because they were not authorized to speak to the press.

[…]

Search results for “iPhone” and “iPad” on Amazon also offer a similarly clean experience. The top banner is always an Apple ad, and only one banner ad appears at the very bottom of the page, according to Insider’s recent review.

In contrast, Amazon search results for other brands, such as Samsung and Sony, show at least two or three sponsored ads from rivals. Amazon also shows a fewer number of search results for Apple’s products compared to its competitors.

[…]

The unusual arrangement follows the iPhone-maker’s private demands to Amazon to only show its products in results when an Apple term like “iPad” is searched, according to an internal email previously shared by the House Judiciary Committee. At the time, Apple also asked Amazon to make its product pages clean, without any non-Apple product recommendations.

Nicola Agius:

It’s not yet been confirmed whether Apple paid Amazon to block ads by rivals from appearing on its product pages. However, in emails shared by the House Judiciary Committee that date back to 2018, Amazon’s then-retail CEO Jeff Wilke suggested he had initially refused Apple’s request to block rival ads, writing:

  • “We cannot alter our organic search algorithm to return only Apple products in the search results when an Apple team is searched.”

He then appeared to offer an alternative solution for Apple:

  • “Apple would need to purchase these placements or compensate Amazon for the lost ad revenue.”

However, the advertising team told Insider that other companies offered to pay Amazon for this type of deal but were rebuffed.

Previously:

Spotify’s Google Play Store Deal

Adi Robertson and Sean Hollister (Hacker News):

Music streaming service Spotify struck a seemingly unique and highly generous deal with Google for Android-based payments, according to new testimony in the Epic v. Google trial. On the stand, Google head of global partnerships Don Harrison confirmed Spotify paid a 0 percent commission when users chose to buy subscriptions through Spotify’s own system. If the users picked Google as their payment processor, Spotify handed over 4 percent — dramatically less than Google’s more common 15 percent fee.

Google fought to keep the Spotify numbers private during its antitrust fight with Epic, saying they could damage negotiations with other app developers who might want more generous rates. Google’s User Choice Billing program, launched in 2022, is typically described as shaving about 4 percent off Google’s Play Store commission if developers use their own payment system, bringing down Google’s 15 percent subscription service fee to more like 11 percent. That often ends up saving developers little or no money since they must foot the cost of payment processing themselves.

[…]

Google would not name other developers that have gotten the company to agree to more generous rates. During the trial, we learned that Google offered Netflix a special discounted rate of just 10 percent, but Netflix refused. Netflix no longer offers an in-app purchase option on Android and no longer pays Google anything to distribute its app as a result.

Previously:

Update (2023-12-19): John Gruber:

Not only does Spotify on Android default to using its own in-app purchasing system — giving not a penny to Google in fees, apparently — but I couldn’t even find a way to choose to pay using the Play Store system. Google has granted Spotify a complete exemption to any sort of payment fee, and Spotify simply uses its own in-app payment processing.

On iOS, needless to say, Spotify has no such exemption. I just checked, and all Spotify does on iOS is list the features of each Premium account tier, with a message under each tier that reads “You can’t upgrade to Premium in the app. We know, it’s not ideal.” They don’t even list the prices or tell you where to go to sign up.

[…]

It beggars belief that Spotify would pull its app from the Play Store. What makes more sense is that Google wanted to get Spotify — an EU-based company — off their backs as vocal critics of their app store policies, so they offered them this sweetheart deal to shut them up.

Nothing’s iMessage App Was a Security Catastrophe

Ron Amadeo (via Hacker News, MacRumors):

Last Tuesday, Nothing Chats—a chat app from Android manufacturer “Nothing” and upstart app company Sunbird—brazenly claimed to be able to hack into Apple’s iMessage protocol and give Android users blue bubbles. We immediately flagged Sunbird as a company that had been making empty promises for almost a year and seemed negligent about security. The app launched Friday anyway and was immediately ripped to shreds by the Internet for many security issues. It didn’t last 24 hours; Nothing pulled the app from the Play Store Saturday morning. The Sunbird app, which Nothing Chat is just a reskin of, has also been put “on pause.”

[…]

How bad are the security issues? Both 9to5Google and Texts.com (which is owned by Automattic, the company behind WordPress) uncovered shockingly bad security practices. Not only was the app not end-to-end encrypted, as claimed numerous times by Nothing and Sunbird, but Sunbird actually logged and stored messages in plain text on both the error reporting software Sentry and in a Firebase store. Authentication tokens were sent over unencrypted HTTP so this token could be intercepted and used to read your messages.

Previously:

Privacy Is Priceless, But Signal Is Expensive

Meredith Whittaker and Joshua Lund (Hacker News):

Signal is also a nonprofit, unlike almost every other consumer tech company. This provides an essential structural safeguard ensuring that we stay true to our privacy-focused mission. To put it bluntly, as a nonprofit we don’t have investors or profit-minded board members knocking during hard times, urging us to “sacrifice a little privacy” in the name of hitting growth and monetary targets. This is important in an industry where “free” consumer tech is almost always underwritten by monetizing surveillance and invading privacy. Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.

Instead of monetizing surveillance, we’re supported by donations, including a generous initial loan from Brian Acton. Our goal is to move as close as possible to becoming fully supported by small donors, relying on a large number of modest contributions from people who care about Signal. We believe this is the safest form of funding in terms of sustainability: ensuring that we remain accountable to the people who use Signal, avoiding any single point of funding failure, and rejecting the widespread practice of monetizing surveillance.

[…]

We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.

Previously:

Safari Share Menu Now Violates Privacy

Jeff Johnson:

Looking at the packet trace, the share menu attempts to fetch the icon files favicon.ico, apple-touch-icon.png, and apple-touch-icon-precomposed.png from the site.

[…]

And of course your IP address is leaked.

My belief is that a website should not be notified and given your IP address and other information such as hardware device type and web browser version when you share the URL of the website.

[…]

The only purpose of the HTTP requests in Safari’s share menu appears to be to display the link’s icon and title in the share menu. Crucially, that information is not passed along to the other apps!

In most cases, I think people would be sharing the page that Safari is currently showing, so the data would have already been loaded. But it’s not expected that essentially copying a link within that page would send additional network requests.

Previously:

Tuesday, November 21, 2023

Black Friday 2023

My apps (DropDMG, EagleFiler, SpamSieve) are on sale for Black Friday and Cyber Monday, and here are some other good deals that I found:

Apps:

Accessories:

Books:

Photos and Video:

Stores:

Lists of Deals:

Previously:

Please feel free to post any other deals that you find in the comments below, and I’ll incorporate them above.

Monday, November 20, 2023

The Hidden Secrets of the Fn Key

Adam Engst:

Apple began adding a globe icon to the Fn keycap a few years ago and, starting in macOS 14 Sonoma, began to call it the Globe key. This is likely for consistency with iPad keyboards, which dropped the lowercase “fn” letters entirely in favor of a globe icon.

[…]

Because Apple doesn’t include the Fn key in the public Hot Key API, macro utilities like Keyboard Maestro can’t access it for the most part, as Peter Lewis explains. However, the Fn key can now be treated more like a modifier key with the free Karabiner-Elements or the $10 BetterTouchTool, both of which can access the keyboard at a lower level than the public APIs.

[…]

With Monterey, Apple also started letting us remap one modifier key (other than Shift) to another, so the Fn key could mimic Control for those who reach for the lower-left corner without looking.

[…]

In recent macOS releases, Apple has continued to hard-code additional capabilities into the Fn key.

I have yet to find a third-party keyboard where the Fn key works like on an Apple keyboard.

Previously:

Update (2023-12-11): See also: Hacker News.

HandBrake 1.7

HandBrake (Hacker News):

Improved performance on arm64 / aarch64 / Apple Silicon architectures

[…]

Added support for drag and drop of multiple files at once

[…]

Added support for VideoToolbox H.265/HEVC, H.264/AVC, ProRes, and VP9 hardware decoders on macOS 13 and later

[…]

Added GPU accelerated Crop & Scale, Rotate, Pad, Yadif, Bwdif, Chroma Smooth, Unsharp, Lasharp, Grayscale filters

[…]

Improved SVT-AV1 encoding performance by up to 4x on Apple Silicon Macs

It’s a cross-platform app, but with a real Mac user interface and whimsical icon, and it works back to macOS 10.13.

The Lack of Compensation in Open Source Software Is Unsustainable

Thomas Stringer (via Hacker News):

But… in the back of my mind I know that I have open source projects that need some attention. One happens to be heavily used. I’m nearly 3/4 million downloads, and it’s something that people seem to think has some level of usefullness. Those are the good parts. The bad parts are that there’s a dozen issues that I haven’t even reviewed much less triaged, investigated, and fixed. There are a few PRs from the community that I need to look through. There are dependencies that need to be updated. The list goes on and on. This project has hit a not-so-uncommon OSS milestone: Maintainer burnout.

[…]

What once resembled passion project is now unrecognizable from a motivation perspective. But the demand is high. There are lots of users, many in a corporate sense using my software to further progress their organization. And the bad news is, I get no money at all from it. So motivation is essentially nonexistent at this point.

[…]

This is Volunteering as a Service (VaaS). It is quite literally a free lunch at the expense of hard-working individuals.

Dave Dunfield (via Hacker News):

As I retire, my goal now is to release 40+ years of source code to “stuff I’ve written” in the hopes that others may find it useful or maybe learn a few things.

Previously:

Lessons From a Bad Apple Repair Experience

Ric Ford:

It’s now clear that a new Mac, purchased directly from Apple, can fail completely and suddenly without any warning after running fine for a few weeks. Apple’s proprietary storage design means that a Mac failure is now also a storage failure that will prevent you from accessing any of your files in any way.

[…]

I don’t know what Apple’s policies are regarding access by Apple and any repair/recycling partners to your files, but an Apple Store will ask you to enter your Apple ID password (used for FileVault recovery keys, activation/erase unlock, and Find My) into another computer.

[…]

It’s now also clear from painful experience that Apple may hold a failed Mac and its storage hostage in an obtuse repair process for more than three weeks, even if it’s under warranty and less than 30 days old.

[…]

I discovered when Apple finally returned the failed Mac after repair that its replacement motherboard was used, not new, showing unexpected and heavy SSD wear, even though all the files were gone and the drive was initialized with a newer macOS than it had been running, an unwanted and problematic update that is almost impossible to revert.

Alan Forkosh:

In passing, Ric noted issues with the scheme of getting a loaner (I.e., purchasing a replacement and then returning it for a full refund when your repair/replacement is done). He notes that Apple Stores stock base configurations but often do not stock units in a custom configuration to duplicate the damaged unit. Another issue is that the return deadline (usually 14 days) may be shorter than the time it takes to process the damaged unit.

trilo:

For decades our company has relied on clones for (what is essentially) instant recovery from catastrophic failure of disks. We’d simply boot from the clone and be working again in moments. We could move to a new machine, boot from the clone then clone back to the internal drive without the unreliable and agricultural Migration Assistant.

I’m starting to believe Ric has a very valid point. Don’t buy anything non-standard from Apple and keep data storage on the internal drive to a minimum so it can’t be ‘locked away’ by Apple.

To think you can be without a new machine for several weeks - with a real chance of complete data loss - is totally unacceptable.

Neil Laubenthal:

The issue is that you must have the internal drive recognizable and bootable and that the machine won’t boot with a corrupted/failed internal drive. I don’t know if that is an Apple decision or a physical/logical part of the security model. Making a bootable clone is as you say possible…and I personally wouldn’t mind if it was sealed and signed and only updatable if it was the current boot volume…Ric’s problem was that he may have had an up to date external boot volume with an associated data volume that had a current clone…but the machine itself is DOA with a bad internal drive. If that was a deliberate choice by Apple…bad idea IMO unless there’s something I don’t know/understand about the security model.

Previously:

Friday, November 17, 2023

Altman and Brockman Out at OpenAI

OpenAI (Hacker News):

Sam Altman will depart as CEO and leave the board of directors. […] Mr. Altman’s departure follows a deliberative review process by the board, which concluded that he was not consistently candid in his communications with the board, hindering its ability to exercise its responsibilities. The board no longer has confidence in his ability to continue leading OpenAI.

[…]

As a part of this transition, [co-founder] Greg Brockman will be stepping down as chairman of the board and will remain in his role at the company, reporting to the CEO.

This is quite a surprise. It sounds like there’s something really bad. It’s unclear whether Brockman was also involved or just disagreed with the other four board members. Either way, it seems unlikely that he’ll stick around for the long term.

Previously:

Update (2023-11-17): Amir Efrati and Jon Victor:

The blog post said Brockman would step down from his role as chairman of the OpenAI board but that he would stay on in an operating role. But by Friday afternoon, he decided to resign.

Jon Victor, Stephanie Palazzolo, and Anissa Gardizy:

OpenAI’s ouster of CEO Sam Altman on Friday followed internal arguments among employees about whether the company was developing artificial intelligence safely enough, according to people with knowledge of the situation.

[…]

At least two employees asked Sutskever—who has been responsible for OpenAI’s biggest research breakthroughs—whether the firing amounted to a “coup” or “hostile takeover,” according to a transcript of the meeting. [He said it did not.] To some employees, the question implied that Sutskever may have felt Altman was moving too quickly to commercialize the software[…]

Update (2023-11-20): soneca:

I understand it’s a big deal, as AI is the current big thing and OpenAI is the center of it. And it’s good gossip. But the firing post is now the third most upvoted post on HN ever!

Ina Fried and Scott Rosenberg (via Hacker News):

Sam Altman’s firing as OpenAI CEO was not the result of “malfeasance or anything related to our financial, business, safety, or security/privacy practices” but rather a “breakdown in communications between Sam Altman and the board,” per an internal memo from chief operating officer Brad Lightcap seen by Axios.

Kara Swisher (via Hacker News):

[Sources] tell me chief scientist Ilya Sutskever was at the center of this. Increasing tensions with Sam Altman and Greg Brockman over role and influence and he got the board on his side.

The developer day and how the store was introduced was in inflection moment of Altman pushing too far, too fast.

unusual_whales (via Hacker News):

Sam Altman was been looking to raise tens of billions of dollars from Middle Eastern sovereign wealth funds to create an AI chip startup to compete with processors made by Nvidia, $NVDA, before being fired, per Bloomberg.

John Loeber (via Hacker News):

Yesterday, Sam Altman and Greg Brockman were fired from the Board of Directors of OpenAI. Following, all of Tech Twitter was abuzz with one question: wait a moment, who was on the Board? And after they found out, they asked: who on earth are Tasha McCauley and Helen Toner? It turns out that OpenAI’s Board had undergone numerous changes over the years, especially recently. And that just wasn’t ever the biggest news about OpenAI, so those changes didn’t spark the concerns that maybe they should have.

I combed through the Internet Archive and OpenAI’s non-profit filings to try to make sense of OpenAI’s governance. Below, I have attempted to chronicle the composition of OpenAI’s Board over time, point out the conflicts, and you can see how we got to the earthquake yesterday.

[…]

The first thing that sticks out to me is that there have been, for several quarters, two significant conflicts of interest on the Board[…]

Kevin Roose:

Ilya Sutskever, the company’s chief scientist and a member of its board, defended the ouster, according to a person briefed on his remarks. He dismissed employees’ suggestions that pushing Mr. Altman out amounted to a “hostile takeover” and claimed it was necessary to protect OpenAI’s mission of making artificial intelligence beneficial to humanity, the person said.

Via John Gruber (Hacker News):

According to Brockman — who until he quit in protest of Altman’s firing was chairman of the OpenAI board — he didn’t find out until just 5 minutes before Altman was sacked. I’ve never once heard of a corporate board firing the company’s CEO behind the back of the chairman of the board.

Benj Edwards (via Hacker News):

As Friday night wore on, reports emerged that the ousting was likely orchestrated by Chief Scientist Ilya Sutskever over concerns about the safety and speed of OpenAI’s tech deployment.

“This was the board doing its duty to the mission of the nonprofit, which is to make sure that OpenAI builds AGI that benefits all of humanity,” Sutskever told employees at an emergency all-hands meeting on Friday afternoon, as reported by The Information.

Wes Davis (via Hacker News):

Meta has reportedly broken up its Responsible AI (RAI) team as it puts more of its resources into generative artificial intelligence.

Ilya Sutskever (via Hacker News):

I deeply regret my participation in the board’s actions. I never intended to harm OpenAI. I love everything we’ve built together and I will do everything I can to reunite the company.

Alex Heath and Nilay Patel (via Hacker News):

A source close to Altman says the board had agreed in principle to resign and to allow Altman and Greg Brockman to return but has since waffled — missing a key 5PM PT deadline by which many OpenAI staffers were set to resign. If Altman decides to leave and start a new company, those staffers would assuredly go with him.

[…]

Last night, after we learned OpenAI was trying to get Altman back and that the board was waffling, chief strategy officer Jason Kwon told employees that the company is “optimistic” about Altman returning and would share more Sunday morning. Meanwhile, a bunch of OpenAI employees took to X (formerly Twitter) to voice their support of Altman with heart emoji.

Eric Newcomer:

Sam Altman is rallying the troops. OpenAI employees are tweeting heart emojis in his defense. Dozens of people, including some OpenAI employees, visited Altman in his Russian Hill home in what seems to be a sort of resistant camp. Airbnb CEO Brian Chesky and Coinbase CEO Brian Armstrong — both among the most valuable Y Combinator portfolio companies — have offered words of support for Altman. Investor godfather Ron Conway compared Altman’s ouster by the OpenAI nonprofit board to a “coup that we have not seen the likes of since 1985 when the then-Apple board pushed out Steve Jobs.” Microsoft is reportedly working with Tiger Global and Thrive Capital to reinstate Altman. From reading the news or drinking from the Twitter firehose, you would think Altman’s return is a fait accompli. One tech Twitter account quipped yesterday when it seemed that Altman’s reinstatement could happen any minute, “wow it even took jesus three days.”

[…]

My understanding is that some members of the board genuinely felt Altman was dishonest and unreliable in his communications with them, sources tell me. Some members of the board believe that they couldn’t oversee the company because they couldn’t believe what Altman was saying.

[…]

There are three key historical case studies here: First, Dario Amodei, Jack Clark and the team at Anthropic felt troubled enough by OpenAI’s approach that they needed to spin off and create their own more safety and alignment-oriented foundation model company. What (or who) exactly got that team so worried that it needed to jump ship? Altman was certainly at the center of that decision.

Emily Chang, Edward Ludlow, Rachel Metz, and Dina Bass (via Hacker News):

Efforts by a group of OpenAI executives and investors to reinstate Sam Altman to his role as chief executive officer reached an impasse over the makeup and role of the board, according to people familiar with the negotiations.

Will Knight and Steven Levy (via Hacker News):

More than 600 employees of OpenAI have signed a letter saying they may quit and join Sam Altman at Microsoft unless the startup’s board resigns and reappoints the ousted CEO.

Jon Victor and Amir Efrati (via Hacker News):

Jakub Pachocki, the company’s director of research; Aleksander Madry, head of a team evaluating potential risks from AI, and Szymon Sidor, a seven-year researcher at the startup, told associates they had resigned, these people said.

Nilay Patel and Alex Heath (via Hacker News):

After a weekend of negotiations to potentially bring back Sam Altman as OpenAI CEO following his shock firing, the company’s nonprofit board has gone another way entirely and named former Twitch CEO and co-founder Emmett Shear as interim CEO, according to a person familiar with the matter. He will take over as CEO for Mira Murati, who was publicly aligned with Altman.

Matas (via Hacker News):

A list of things that a coherent story does not make[…]

Satya Nadella:

We remain committed to our partnership with OpenAI and have confidence in our product roadmap, our ability to continue to innovate with everything we announced at Microsoft Ignite, and in continuing to support our customers and partners. We look forward to getting to know Emmett Shear and OAI’s new leadership team and working with them. And we’re extremely excited to share the news that Sam Altman and Greg Brockman, together with colleagues, will be joining Microsoft to lead a new advanced AI research team. We look forward to moving quickly to provide them with the resources needed for their success.

Dylan Patel and Daniel Nishball (via Hacker News):

Sam and Greg were considering creating a brand-new startup, but that would have likely caused a >1 year speed bump. Instead, now there is a new subsidiary within Microsoft.

[…]

There is a mass exodus of the core OpenAI team leaving and joining Microsoft. This new organization within Microsoft will get hundreds of technical staff from OpenAI.

[…]

The OpenAI for-profit subsidiary was about to conduct a secondary at a $80 billion+ valuation. These “Profit Participation Units” (PPUs) were going to be worth $10 million+ for key employees. Suffice it to say that this is not going to happen now, and the OpenAI board has foolishly destroyed the chance of generational wealth for many of the team. Despite this literal fumbling of the bag, key OpenAI employees who leave will be treated extremely well.

Part of Satya’s incredible deal with Sam and Greg is likely that these key OpenAI employees that join Microsoft will have their now worthless PPUs pseudo-refreshed for equity in Microsoft which vest over multiple years.

Ben Thompson (via Hacker News):

This is, quite obviously, a phenomenal outcome for Microsoft. The company already has a perpetual license to all OpenAI IP (short of artificial general intelligence), including source code and model weights; the question was whether it would have the talent to exploit that IP if OpenAI suffered the sort of talent drain that was threatened upon Altman and Brockman’s removal. Indeed they will, as a good portion of that talent seems likely to flow to Microsoft; you can make the case that Microsoft just acquired OpenAI for $0 and zero risk of an antitrust lawsuit.

[…]

Here’s the reality of the matter, though: whether or not you agree with the Sutskever/Shear tribe, the board’s charter and responsibility is not to make money. This is not a for-profit corporation with a fiduciary duty to its shareholders; indeed, as I laid out above, OpenAI’s charter specifically states that it is “unconstrained by a need to generate financial return”. From that perspective the board is in fact doing its job, as counterintuitive as that may seem: to the extent the board believes that Altman and his tribe were not “build[ing] general-purpose artificial intelligence that benefits humanity” it is empowered to fire him; they do, and so they did.

This gets at the irony in my concern about the company’s non-profit status: I was worried about Altman being unconstrained by the need to make money or the danger of having someone in charge without a financial stake in the outcome, when in fact it was those same factors that cost him his job.

[…]

That leaves Anthropic, which looked like a big winner 12 hours ago, and now feels increasingly tenuous as a standalone entity. The company has struck partnership deals with both Google and Amazon, but it is now facing a competitor in Microsoft with effectively unlimited funds and GPU access; it’s hard not to escape the sense that it makes sense as a part of AWS (and yes, B corps can be acquired, with considerably more ease than a non-profit).

Michael Spencer (via Hacker News):

While some are calming it’s a great victory of Satya Nadella, I’m not so sure. Cannibalizing your biggest investment doesn’t usually turn out very well. Just one year after ChatGPT launches and Generative A.I. consolidation is already occurring? Given the moves of Inflection, Anthropic and Character.AI, BigTech was already at the doorstep of these startups.

But with OpenAI being torn in half, it seems like independent startups in Generative A.I. really cannot survive or keep up on their own, which means real innovation may be stunted.

Update (2023-11-22): Kali Hays (via Hacker News):

Sustkever is said to have offered two explanations he purportedly received from the board, according to one of the people familiar. One explanation was that Altman was said to have given two people at OpenAI the same project.

The other was that Altman allegedly gave two board members different opinions about a member of personnel. An OpenAI spokesperson did not respond to requests for comment.

These explanations didn’t make sense to employees and were not received well, one of the people familiar said. Internally, the going theory is that this was a straightforward “coup” by the board, as it’s been called inside the company and out. Any reason being given by the board now holds little to no sway with staff, the person said.

Geoffrey Irving:

Third, my prior is strongly against Sam after working for him for two years at OpenAI:

1. He was always nice to me.

2. He lied to me on various occasions

3. He was deceptive, manipulative, and worse to others, including my close friends (again, only nice to me, for reasons)

David Goldman:

OpenAI’s overseers worried that the company was making the technological equivalent of a nuclear bomb, and its caretaker, Sam Altman, was moving so fast that he risked a global catastrophe.

So the board fired him. That may ultimately have been the logical solution.

But the manner in which Altman was fired – abruptly, opaquely and without warning to some of OpenAI’s largest stakeholders and partners – defied logic. And it risked inflicting more damage than if the board took no such action at all.

Deepa Seetharaman et al. (via Hacker News):

Top investors and senior OpenAI leaders were still pushing to reinstate Sam Altman to his CEO role at OpenAI as the future of the artificial-intelligence company remained in jeopardy.

The talks continued as much of OpenAI’s staff threatened Monday to quit if the board didn’t restore Altman to power, according to people familiar with the matter. Meanwhile, OpenAI’s rivals were making public overtures to any disgruntled employees at the startup company behind the viral chatbot ChatGPT.

Salesforce Chief Executive Marc Benioff offered to hire any OpenAI researcher to work on his company’s own AI program, proposing similar compensation and asking candidates to send him their résumés directly. Microsoft also offered to hire OpenAI employees at their same compensation, according to an X post Tuesday by Chief Technology Officer Kevin Scott.

Kevin Scott (via Hacker News):

To my partners at OpenAI: We have seen your petition and appreciate your desire potentially to join Sam Altman at Microsoft’s new AI Research Lab. Know that if needed, you have a role at Microsoft that matches your compensation and advances our collective mission.

Matthew Prince:

Contrary to what @kevinroose and others have written, Microsoft was not a winner of the events of the last few days around #OpenAI. They were in a much better place on Friday morning last week than they are today. Friday morning they had invested ~$11B in OpenAI and captured most of its upside while still having enough insulated distance to allow @BradSmi to claim things to regulators like “ChatGPT is more open than Meta’s Llama” and to allow any embarrassing LLM hallucinations or other ugliness to be OpenAI’s problem, not Microsoft’s.

[…]

I think the chances of the senior OpenAI folks still being at Microsoft in 3 years is asymptotically approaching zero. Where the independence and clear mission of OpenAI was exactly what could have kept that group of incredible talent motivated and aligned over the long term, making Office365 spreadsheets a bit more clever isn’t something that rallies a team like their’s. Sure they’ll try and have some level of independence, but the machinery of a trillion dollar+ business software behemoth is hard to not get caught up in and ground out by.

Alex Ivanovs (via Hacker News):

The letter that the OpenAI employees prepared initially had 500 signatures (out of 700~ employees), and recent reports say that that number is almost 100% now.

[…]

This is also about the people and, more importantly, the 2 million developers who use the OpenAI API. Whether for personal purposes or business. There has been an enormous amount of self-made people on Twitter, Discord, and other social media platforms worrying that the world is about to come crashing down on the dreams that OpenAI has enabled them to accomplish.

[…]

Nadella emphasized Microsoft’s deep involvement in AI development alongside OpenAI. Despite the upheaval, he reassured that Microsoft retains “all the rights and all the capability” necessary for AI innovation. This statement suggests a robust backup plan, ensuring the continuity of services and technologies developed in partnership with OpenAI.

Dave Lee (via Hacker News):

Whether board members were justified in seeking to remove Altman isn’t the real issue. What’s truly important is that the board made a decision that was almost instantaneously overturned by the sheer power and popularity of a trailblazing cofounder. In that sense, OpenAI was no different to the tech giants that came before it: Mark Zuckerberg’s dictatorial hold on Meta Inc., or Larry Page’s and Sergey Brin’s unparalleled voting power at Google-parent Alphabet Inc. Over the past year, many felt reassured (if perplexed) by the fact that Altman, unlike those founders before him, did not hold any stock in OpenAI. The stated reason was to remove any sense that greed was the motivating factor behind the pursuit of profits, while subjecting Altman to what had beenconsidered a higher-than-normal level of accountability. Turns out that none of it mattered: Despite warning after warning after warning, this weekend’s events prove the cult of the founder is alive and well in Silicon Valley.

Anna Tong et al. (via Hacker News):

Some investors in OpenAI, makers of ChatGPT, are exploring legal recourse against the company’s board, sources familiar with the matter told Reuters on Monday, after the directors ousted CEO Sam Altman and sparked a potential mass exodus of employees.

[…]

Investors worry that they could lose hundreds of millions of dollars they invested in OpenAI, a crown jewel in some of their portfolios, with the potential collapse of the hottest startup in the rapidly growing generative AI sector.

John Gruber:

OpenAI named a new interim CEO, Twitch co-founder Emmett Shear. (Shear is an AI worrier, who has advocated drastically “slowing down”, writing “If we’re at a speed of 10 right now, a pause is reducing to 0. I think we should aim for a 1-2 instead.”) OpenAI CTO Mira Murati was CEO for about two days.

[…]

Nadella appeared on CNBC and admitted that Altman and Brockman were not officially signed as Microsoft employees yet, and when asked who would be OpenAI’s CEO tomorrow, laughed, because he didn’t know.

OpenAI (via Hacker News):

We have reached an agreement in principle for Sam Altman to return to OpenAI as CEO with a new initial board of Bret Taylor (Chair), Larry Summers, and Adam D’Angelo.

Update (2023-11-27): Keach Hagey et al.:

One solution that Altman devised was a curious corporate structure that led to his ouster. A nonprofit board governs OpenAI’s for-profit business arm with the sole purpose of ensuring the company develops AI for humanity’s benefit—even if that means wiping out its investors.

[…]

Over the weekend, Altman’s old executive team pushed the board to reinstate him—telling directors that their actions could trigger the company’s collapse.

“That would actually be consistent with the mission,” replied board member Helen Toner, a director at a Washington policy research organization who joined the board two years ago.

Cade Metz, Tripp Mickle, and Mike Isaac (via Hacker News):

At one point, Mr. Altman, the chief executive, made a move to push out one of the board’s members because he thought a research paper she had co-written was critical of the company.

Austen Allred:

OpenAI board member Helen Toner published an article Altman took issue with.

She described it as “an academic paper that analyzed the challenges that the public faces when trying to understand the intentions of the countries and companies developing A.I.”

[…]

The article is literally an analysis of different ways you can force AI companies (and governments using AI) to slow development, and recommendations on how they can be used and which are best.

Anna Tong et al. (via Hacker News):

Ahead of OpenAI CEO Sam Altman’s four days in exile, several staff researchers wrote a letter to the board of directors warning of a powerful artificial intelligence discovery that they said could threaten humanity, two people familiar with the matter told Reuters.

The previously unreported letter and AI algorithm were key developments before the board's ouster of Altman, the poster child of generative AI, the two sources said.

Alex Heath:

Separately, a person familiar with the matter told The Verge that the board never received a letter about such a breakthrough and that the company’s research progress didn’t play a role in Altman’s sudden firing.

Via Nick Heer:

Heath’s counterclaim relies on a single source compared to Reuters’ two — I am not sure how many the Information has — but note that none of them require that you believe OpenAI has actually made a breakthrough in artificial general intelligence. This is entirely about whether the board received a letter making that as-yet unproven claim and, if that letter was recieved, whether it played a role in this week of drama.

Deepa Seetharaman:

OpenAI said Sam Altman will return as chief executive of the artificial-intelligence startup that he co-founded, ending a dramatic five-day standoff between him and the board that fired him.

[…]

The new board will include Bret Taylor, the former co-CEO of Salesforce; Larry Summers, the former Treasury secretary; and Adam D’Angelo, the only member of OpenAI’s previous board to remain. Taylor will be the chairman, the company said. Altman won’t be on the initial board.

Elizabeth Dwoskin and Nitasha Tiku (via Hacker News):

Four years ago, one of Altman’s mentors, Y Combinator founder Paul Graham, flew from the United Kingdom to San Francisco to give his protégé the boot, according to three people familiar with the incident, which has not been previously reported.

Graham had surprised the tech world in 2014 by tapping Altman, then in his 20s, to lead the vaunted Silicon Valley incubator. Five years later, he flew across the Atlantic with concerns that the company’s president put his own interests ahead of the organization — worries that would be echoed by OpenAI’s board.

Matt Levine:

The question is: Is control of OpenAI indicated by the word “controls,” or by the word “MONEY”?

Lucas Ropek (via Hacker News):

As far as the tech industry goes, it’s hard to say whether there’s ever been a more shocking series of events than the ones that took place over the last several days. The palace intrigue and boardroom drama of Sam Altman’s ousting by the OpenAI board (and his victorious reinstatement earlier today) will doubtlessly go down in history as one of the most explosive episodes to ever befall Silicon Valley. That said, the long-term fallout from this gripping incident is bound to be a lot less enjoyable than the initial spectacle of it.

[…]

So much of the drama of the episode seems to revolve around this argument between Altman and the board over “AI safety.” Indeed, this fraught chapter in the company’s history seems like a flare up of OpenAI’s two opposing personalities—one based around research and responsible technological development, and the other based around making shitloads of money. One side decidedly overpowered the other (hint: it was the money side).

Update (2023-12-06): Sam Altman (via Hacker News):

I am returning to OpenAI as CEO. Mira will return to her role as CTO. The new initial board will consist of Bret Taylor (Chair), Larry Summers, and Adam D’Angelo.

[…]

While Ilya will no longer serve on the board, we hope to continue our working relationship and are discussing how he can continue his work at OpenAI.

[…]

We clearly made the right choice to partner with Microsoft and I’m excited that our new board will include them as a non-voting observer.

[…]

Bret, Larry, and Adam will be working very hard on the extremely important task of building out a board of diverse perspectives, improving our governance structure and overseeing an independent review of recent events.

Charles Duhigg (via Hacker News):

Altman began approaching other board members, individually, about replacing [Toner]. When these members compared notes about the conversations, some felt that Altman had misrepresented them as supporting Toner’s removal. “He’d play them off against each other by lying about what other people thought,” the person familiar with the board’s discussions told me. “Things like that had been happening for years.”

Paresh Dave (via Hacker News):

During Altman’s tenure as CEO, OpenAI had signed a letter of intent to spend $51 million on AI chips from a startup called Rain AI, a company in which he has also invested personally.

Rain is based less than a mile from OpenAI’s headquarters in San Francisco and is working on a chip it calls a neuromorphic processing unit, or NPU, designed to replicate features of the human brain. OpenAI in 2019 signed a nonbinding agreement to spend $51 million on the chips when they became available, according to a copy of the deal and Rain disclosures to investors this year, seen by WIRED. Rain told investors that Altman had personally invested more than $1 million in the company. The letter of intent has not been previously reported.

Update (2023-12-08): Meghan Bobrowsky (via Hacker News):

Toner maintains that safety wasn’t the reason the board wanted to fire Altman. Rather, it was a lack of trust. On that basis, she said, dismissing him was consistent with the OpenAI board’s duty to ensure AI systems are built responsibly.

[…]

In the interview, Toner declined to provide specific details on why she and the three others voted to fire Altman from OpenAI.

[…]

The group concluded that in one discussion with a board member, Altman left a misleading perception that another member thought Toner should leave, the people said.

By this point, several of OpenAI’s then-directors already had concerns about Altman’s honesty, people familiar with their thinking said.

Kali Hays at al. (via Hacker News):

After Sam Altman was fired from OpenAI late last month, the startup’s employees threatened to leave and accept a blanket offer from Microsoft to hire them all.

This was an audacious bluff and most staffers had no real interest in working for Microsoft, several current and former employees told Business Insider.

[…]

One current OpenAI employee admitted that, despite nearly everyone on staff signing up to follow Altman out the door, “No one wanted to go to Microsoft.” This person called the company “the biggest and slowest” of all the major tech companies — the exact opposite of how OpenAI employees see their startup.

[…]

Some Microsoft employees, meanwhile, were furious that the company promised to match salaries for hundreds of OpenAI employees. The offer came after Microsoft had laid off more than 10,000 employees, frozen salaries, and cut bonuses and stock awards this year.

Previously:

SpamSieve 3.0.2

SpamSieve 3.0.2 greatly improves the workaround for the macOS bug where sometimes Mail extensions don’t work at all. By reading Mail’s database directly, instead of using AppleScript, SpamSieve is able to work much faster, with no overhead in Mail itself. It’s also no longer limited by mailboxes that have so many messages that Mail would hang when asked to list them. Most customers didn’t have such large mailboxes, but I heard from a surprising number that had 50–100K messages in their inbox, and some with 500K.

Other interesting bugs were:

Previously:

Mail Extension Postmortem

Tucky Wong:

While Daylite, including the Daylite Mail Assistant, is compatible with macOS Sonoma, we strongly recommend that you hold off on upgrading to Sonoma at this time.

Our recommendation is based on feedback from early adopters, which has highlighted a potential significant interruption in your current email workflows. Additionally, we are actively addressing certain issues in the extension API to ensure a smoother transition.

Apple Mail is crashing when using various Mail extensions. Now that no third-party code can run within the Mail process, it’s straightforward to attribute this to a Mail bug. However, unlike with plug-ins, it’s no longer possible to patch Mail to work around such a bug or to try to catch an error or use a different API to avoid triggering it. All we can do is report the bugs to Apple (or not) and wait.

Fortunately, I have not seen any Mail crashes related to the SpamSieve extension. Perhaps this is because it’s using a different extension point. However, it’s now clear that, despite MailKit being an officially supported API, Mail extensions are far less reliable than Mail plug-ins were. Bug reports seem to receive no more attention than before.

SpamSieve continues to offer a Mail extension, since it’s helpful when it works, but my focus since WWDC has been on reimplementing SpamSieve’s Apple Mail support—again—so that it doesn’t have to rely on the Mail extension at all. With SpamSieve 3.0, you had to manually enable a workaround if Mail stopped communicating with the extension. With 3.0.1, SpamSieve could enable the workaround automatically, but (due to problems with Mail’s AppleScript support) it could be slow or not work at all for mailboxes containing many thousands of messages. With 3.0.2, it’s where I want: fully automatic and fast, even when Mail malfunctions.

Tobias Knobl:

Apple’s recent updates no longer allow us to use the embedded sidebar in Apple Mail. But fear not, because we’ve come up with a solution – the Floating Sidebar.

[…]

With the changes to macOS Sonoma, we can no longer display tracking check marks in the message list. The email tracking information is now accessible in the Mailbutler Sidebar, right next to your email.

[…]

You may have noticed something different in your Apple Mail: a seemingly strange and technical string of characters appearing in each email. This is known as the “Message-ID,” a unique identifier generated for every email message.

I guess they have to read this from another process to know which message Mail is displaying.

Fabian Jäger:

As we are not able to adjust the behavior of Mail itself, we needed to find new ways of still being able to adjust the emails our users send out to include the functionality that they expect when using Mailbutler.

[…]

Mailbutler’s Mail Bridge acts like an additional, local SMTP service that takes care of enriching outgoing messages with features, such as email tracking, and afterwards handing it over to the actual SMTP server for final delivery. Thus, all outgoing emails take another step between Mail as the sending email application and the regular SMTP delivery service.

Previously:

Thursday, November 16, 2023

Apple to Add RCS Messaging in iOS 17 Update

Lance Ulanoff (Hacker News, MacRumors):

Apple will finally add RCS messaging standard support to the iPhone through a software release early next year, the company told TechRadar.

[…]

“Later next year, we will be adding support for RCS Universal Profile, the standard as currently published by the GSM Association. We believe the RCS Universal Profile will offer a better interoperability experience when compared to SMS or MMS. This will work alongside iMessage, which will continue to be the best and most secure messaging experience for Apple users,” said an Apple spokesperson.

Apple now acknowledges that RCS is an improvement over MMS and SMS but made it clear that RCS is not replacing iMessage and its host of features like memojies, stickers, and the ability to edit and unsend messages. Instead, the RCS standard support will arrive in an unspecified software update and then it will be up to carriers to add it.

[…]

Apple says it won’t be supporting any proprietary extensions that seek to add encryption on top of RCS and hopes, instead, to work with the GSM Association to add encryption to the standard.

Chance Miller (Hacker News):

Apple’s decision comes amid pressure from regulators and competitors like Google and Samsung. It also comes as RCS has continued to develop and become a more mature platform than it once was.

[…]

RCS brings many iMessage-style features to cross-platform messaging between iPhone and Android devices. This includes things like read receipts, typing indicators, high-quality images and videos, and more.

Apple’s implementation of RCS will also give users the ability to share their location with other people inside text threads, the company says. Unlike regular SMS, RCS can work over mobile data or Wi-Fi as well.

[…]

The elephant in the room is impending legislation in the European Union that could’ve ultimately required Apple to open up iMessage.

John Gruber:

Also color me utterly unsurprised that Apple has no intention to support Google’s proprietary extensions to RCS that allow for E2EE. It’s a disgrace, in my opinion, that E2EE wasn’t a foundational part of the RCS spec from the start, but if Apple is going to support RCS, they should support RCS by-the-spec, not Google’s proprietary version.

I suppose that’s fair if Apple is genuinely working to add E2EE to the standard and thinks Google would support that. But Apple supports all kinds of things that aren’t part of an open spec. And most of the potential recipients already have access to Google’s implementation. It seems like Apple wants to be able to brag that iMessage is more secure, even though they’re the ones putting their customers at risk by choosing not to support encryption. Still, I’m happy to see RCS added because this should at least make it possible to share high-quality photos in conversations that include Android users and to communicate with them when there’s no cellular service.

It remains to be seen what the user experience will be like. I can’t imagine there being blue bubbles. How will it sync and work with Macs? Right now, the hybrid SMS-iMessage experience is so bad, even aside from the photo quality. I regularly see problems with some people not receiving some of the messages and with conversations splitting. Maybe it would be more reliable if the user could designate a conversation as RCS-only. The hybrid stuff is either too hard to get right or Apple doesn’t care enough to make it great. And with even pure iMessage being unreliable, in my experience, I would love to try out messaging all my iPhone-using friends/family with pure RCS.

Nick Heer:

For what it is worth, I am expecting an updated SMS-like experience, but I will be pleasantly surprised if it is more full featured. As Ulanoff notes, RCS does not itself support end-to-end encryption. The latest spec, released in 2019, does not even mention end-to-end encryption, nor does it prohibit text message bubbles from having a green background.

bilal4hmed:

Interestingly enough the person who wrote the white paper for the signal protocol implementation in Googles RCS, Emad Omara, now works for Apple.

Previously:

Update (2023-12-11): Jason Snell:

iPhone communications with Android devices via Messages will improve. Currently Messages uses the old SMS and MMS standards for sending texts and media to Android phones. RCS supports better image transfers, pass-along of location data (used in several Messages features), and more.

Chance Miller:

Apple has confirmed to me that blue bubbles will still be used to represent iMessages, while green bubbles will represent RCS messages. The company uses blue bubbles to denote what it believes is the best and most secure way for iPhone users to communicate, which is iMessage.

Jason Snell:

When Apple announced its RCS gambit—really an IOU payable later next year—I saw a lot of people who were disappointed because they enjoyed the fact that Android users would no longer be as severely punished for their heresy. It’s a bad look, but I was also surprised that there was so little regard for the ramifications of that decision for the customers who use Apple’s products.

For any iPhone user in the U.S. who texts with Android users, Apple’s stubborn refusal to support something better than old-school SMS and MMS formats has been miserable to deal with. It degrades the iPhone user experience by making text threads weird and unreliable and by lowering the quality of media.

Shouldn’t the user experience be the most important part of the story here?

See also: Slashdot.

Previously:

Update (2024-03-29): Joe Rossignol:

Google said that Apple would be adopting RCS on the iPhone in the “fall of 2024.” This timeframe suggests that RCS support will be added to the iPhone with iOS 18, which should be available in beta in June and released in September. At the latest, support should be added in iOS 18.1, which is likely to be released in October.

Why Do People Still Use VBA?

Sancarn (via Hacker News):

From these data, we can clearly see that the majority of people who use VBA do so mainly because they have no other choice. Many organisations run their entire business processes with Excel, and when a little bit of automation is required VBA is usually #1 on the list.

[…]

Looks like the only automation platforms which can connect to all the data sources we need is VBA and Powershell. Power BI Desktop has been introduced in our business but doesn’t hit all the platforms which VBA does, and even if it did Power BI cannot be used for process automation where-as VBA can, so what’s the point making the switch? Users who do use Power BI to target these other datasets usually generate CSVs of this other data and store these in cloud sharepoint system, but what generates those CSVs? VBA.

[…]

Now, we’d love to use a higher level language in our organisation to handle this business automation. However, every request for a high level language to be installed across the team/business e.g. Python / Ruby / Node / Rust etc. has been rejected by CyberSecurity in favour of technologies like PowerAutomate, PowerApps which as you can see above barely touch any of the data we need. It is supposedly “Against the technology strategic vision of the company” to allow “end-users” access to high level programming languages.

clausok:

I’ve been surprised to see many pro devs using Excel/VBA as a secondary tool.

One example: a couple years ago I was working with a big hedge fund and one of their data analysts sent me an Excel model he had built and I was tickled to see the .xlsm extension (i.e., VBA code on board).

[…]

He said something that stuck with me, “Excel makes it easy to understand the dependency structure that is implied by computations. If I had done this in Python, I’d be answering questions about it all day long.”

Update (2023-11-20): randmbits:

I used to be a VBA wizard and it was because it was the only thing the org didn’t regulate away. It took forever to get approval to use it too. We had a party when they eventually allowed us to use SQL.

Lightroom Classic 13.0.1

Adobe:

Blur any image to make it seem like it’s been taken with a wide aperture lens. Lens Blur easily alters the background or foreground of your images by making a depth map using Adobe Sensei.

[…]

Edit, display, and save images in High Dynamic Range (HDR) to experience increased depth with brighter highlights, deeper shadows, and vivid colors. You can now view and edit HDR images with compatible HDR displays.

[…]

Adjust individual colors with professional-grade precision, including the ability to control the range across Hue, Saturation, and Luminance.

[…]

  • Improved performance of metadata operations like reading, writing, and metadata status.
  • Faster response in XMP writing and reading.
  • Improved stability and performance of folder move operations and folder delete operations.

It actually does seem a lot faster at moving photos between folders. It’s still unresponsive during large imports, though, and I’m now seeing incorrect counts in the Library Filter column view.

Previously:

The Myth and Reality of Mac OS X Snow Leopard

Jeff Johnson (Mastodon):

This famous keynote slide was, to put it euphemistically, a bit of product marketing. Non-euphemistically, it was a big lie. Snow Leopard had quite a few new features, including significant changes “under the hood”, so to speak. In fairness, though, 10.6 was a smaller update than 10.5, 10.4, 10.3, or 10.2, and its price reflected its modest ambition: $29, compared to $129 for its predecessors. (Remember when major Mac updates cost money?)

Since 2009, the myth of Snow Leopard has only grown. As memories (and accuracy) fade, Snow Leopard has come to be known as a “bug fix update”.

[…]

Snow Leopard was not a bug fix release. In fact, Snow Leopard was quite buggy, and Mac OS X 10.6.0 was certainly much buggier than Mac OS X 10.5.8, released a few weeks prior. So why do countless people still look back fondly at Snow Leopard as a high point in Apple software quality?

[…]

When you look back fondly at Snow Leopard, I suspect that you’re not remembering version 10.6.0 but rather version 10.6.8 v1.1, which was released almost two years after 10.6.0.

And the fact that you could actually use that stable version for a long time. There was much less pressure to update, e.g. for Xcode support, in those days. The annual release schedule has not been good for the Mac.

Previously:

Update (2023-11-20): Jerry Nilson:

It worked better and perceivably faster than Leopard. You could run all OSX ported software still. It came with faster and better hardware. The Mac really came back then at last.

During Snow Leopard it was the easiest time during all time to convince people to move to the Mac (much easier than today). From a developer point of view it might not seem like a big moment, but for users it was.

Jeff Geerling:

Dear Apple: macOS sorely needs a bugfix release.

10.1 and 10.6 (Snow Leopard) were the two best releases of OS X.

We need another no-features release, not just one week of bugfixing.

Michael Steeber (2018):

Was Mac OS X Snow Leopard really the gold standard of software releases, an undefeated champion in the halls of computing history? Believe it or not, the meme is almost as old as the software itself.

[…]

Early updates to Snow Leopard were packed with fixes to a long list of bugs. A 2009 article from iLounge on Snow Leopard’s reliability is filled with comments from frustrated users, some considering moving back to Leopard.

Time heals all wounds, right? It didn’t take long for Mac users to begin to wax poetic about Snow Leopard. In February 2012, this tweet made an astute prediction[…]

Apple INA Hiring Discrimination Settlement

Jon Brodkin (Hacker News, 9to5Mac, ):

Apple illegally discriminated against US citizens and other US residents in its hiring and recruitment practices for certain types of positions that went to foreign workers, the US Department of Justice said yesterday. Apple agreed to pay up to $25 million in back pay and civil penalties to settle the DOJ allegations.

[…]

The $25 million payment was called the largest ever collected by the Justice Department under the anti-discrimination provision of the Immigration and Nationality Act (INA).

[…]

Apple did not advertise PERM positions on its external job website like it does with other positions, the DOJ said. “It also required all PERM position applicants to mail paper applications, even though the company permitted electronic applications for other positions,” the DOJ said.

Emma Roth:

Apple denies engaging in illegal hiring practices in the terms of the settlement. “When we realized we had unintentionally not been following the DOJ standard, we agreed to a settlement addressing their concerns,” Apple spokesperson Fred Sainz said in an emailed statement to The Verge. “We have implemented a robust remediation plan to comply with the requirements of various government agencies as we continue to hire American workers and grow in the U.S.”

[…]

Aside from Apple, the DOJ also hit SpaceX with a hiring discrimination lawsuit, alleging the Elon Musk-owned company refused to hire asylum seekers and refugees. However, SpaceX managed to block the case by arguing the administrative judges overseeing the case were “unconstitutionally appointed.”

pavlov:

If the PERM process at Apple is anything like what I saw at Facebook a couple of years ago, then all these “applicants” are actually people already working at the company on non-immigrant visas whom the company wants to retain.

Previously:

Wednesday, November 15, 2023

Search Suggestion Menus in AppKit

John Brayton:

Even though Safari, Mail, and Finder implement search suggestion menus, there is no standard AppKit mechanism for providing them in AppKit. Popping up an NSMenu does not work because the search field cannot receive keystrokes while the menu is displayed.

Interestingly there is a good mechanism for providing search suggestion menus in SwiftUI, but incorporating that mechanism into an AppKit-based application looks much more difficult than just using an NSHostingView.

I ended up starting with a CustomMenus sample project. This 2018 project by Doug Stein is a Swift port of Apple Objective-C sample code from 2012.

Xcode 15 Logs nil As an Empty String

Jeff Johnson:

[The] functions os_log and NSLog now log nil as an empty string. The previous behavior, going back forever as far as I remember, was to log nil as (null).

[…]

I don’t know whether this is a bug or intended behavior, but it makes debugging our apps markedly worse, because now there’s no easy way to identify nil objects or to distinguish between nil and @"" in the log output.

This only affects logging within Xcode itself. Still not good, though.

Jeff Johnson:

I’ve now found three different bugs in the new Xcode 15 console.

[…]

Fortunately, I’ve found a way to restore the previous console behavior from Xcode 14 and earlier. This is actually noted in the Xcode 15 release notes, but I wanted to highlight the solution here in case, like me, you hadn’t read the release notes recently[…]

[…]

You need to set the environment variable IDELogRedirectionPolicy to the value oslogToStdio in the Run section of your app’s Xcode scheme. I wish there were a way to make this behavior the default in Xcode Settings!

Jeff Johnson:

Since then I’ve had some back and forth with Apple on that bug in Feedback Assistant. I’m going to screenshot the entire exchange below. For context, if you’re not familiar with Apple’s bug reporting system, they constantly ask developers to “Please verify this issue” with the latest betas, despite having done nothing to fix the issue in the latest betas, in the hope that the issue (or maybe the developer) will magically go away.

[…]

The ultimate outcome of this case was that Apple blatantly lied to me—“As you’ve indicated, this issue is resolved”—and then Apple refused to hear any contradiction to their lie—”this Feedback will no longer be monitored, and incoming messages will not be reviewed.” This kind of response reinforces what I said earlier in the exchange: “It makes me not want to file feedbacks at all. It feels like you don’t care.” The coup de grâce was “We appreciate your feedback.” No, Apple absolutely does not appreciate our feedback.

In this case, Apple considers it resolved because the problem doesn’t occur on Sonoma. But Xcode 15 is supposed to work on Ventura, and it should be fully functional there considering that Apple doesn’t support Xcode 14 on Sonoma.

Previously:

Kindle for Mac 7.0

Filipe Espósito:

Amazon launched an official Kindle app for macOS more than eight years ago, allowing Mac users to download and read their ebooks from Amazon’s platform on their computer.

[…]

On Tuesday, the official Kindle app available on the Mac App Store was updated to version 1.40.2. But while the release notes mention that the new version brings “stability improvements and bug fixes,” we also noticed that the app has been renamed “Kindle Classic.”

Michael Kozlowski:

Amazon has just announced that they are discontinuing the current Kindle for Mac software, and it will be shuttered entirely sometime this October. It will be removed from the Mac Store completely. Amazon is replacing the current Kindle for Mac with an improved app, including an enhanced book reading and library management experience.

[…]

A new Mac app will be a welcome change; the current app looks dated and is very similar to Kindle for PC. The last Mac update was five months ago.

Michael Kozlowski:

The new app has a modern design that is similar to the Kindle app for iOS. You get new features such as infinity scroll, reading ruler, additional fonts, full screen view, new themes, page-turn animations, X-Ray and a ton of new changes. I find that the new Mac app finally brings the overall Kindle experience into 2023.

Kindle for Mac has the same design as the popular Kindle app for iOS. The default view is your library, with bright and bubbly cover art of all the ebooks that you own or samples that have been downloaded. You can sort by grid, lists or collections, and filter by read/unread, documents and Newsstand. There is no audiobook functionality in the Kindle app right now and no audiobook player. At the bottom of the screen are shortcuts to your library, cover art of the book you are reading and a more button. In the more section you can view notes that you have created with a Kindle Scribe, which is really useful. Here is where you can sync the Mac app, so you can fetch new purchases you have made on a Kindle e-reader, but you cannot buy books on Kindle for Mac.

brookter1:

It looks like an improvement, because cosmetically it looks more ‘modern’, but in reality it’s less functional and more frustrating to use than the old program. That’s mainly because it’s just a straight port from the iPad, so of course it’s less functional on MacOS. The main problem is the lack of keyboard features — there’s no way of getting at some features with the keyboard, and there’s no way of discovering the few shortcuts which have survived from the previous version. E.g. The old shortcut to get the notes panel services, but you can’t get to the contents panel with the keyboard; you can bring up the search panel with a shortcut, but once you’re there, you have to use the mouse to scroll through the list and so on.

Worse, some of the shortcuts that do survive (e.g. Left and right arrows) randomly stop working when you’re in one of the panels. It’s a complete mess and it’s clear that little if any thought has been put into fitting the app to the OS. (Actually, you get the same frustrating friction using the iPad app with an external keyboard, but at least there it’s a bit more understandable.)

Finally, it seems that the program has stopped catering for Mac URL links (kindle://) so programs like Hookmark can no longer link to locations.

Contrary to other comments in that thread, I found that the new Kindle app does run natively on Apple Silicon Macs. Kindle Classic required Rosetta.

While the old app was never a good Mac app, it was at least a desktop app. The new Kindle app uses Catalyst and looks and feels like a mobile app. You can only open one book at a time, and there are fewer zoom options. There’s no information-dense list view. You can’t filter the list of books. There’s no Settings menu command or window, only a screen in the main window hidden beyond the hamburger button. You can’t export annotations as a file, only share them via e-mail. Typing Command-F to start a search doesn’t put the insertion point in the (square) search field, so you have to click before you can type your query. It crashed first time I tried to search.

Sharp_Voice_9473:

I was really hoping for a more sophisticated platform for library management beyond the archaic sorting of Categories only. […] I have over 8000 titles and to have only one option for classifying myriad genres is next to useless.

Amazon has no interest in helping you manage your library of e-books. It doesn’t even support the rudimentary Lists feature that the iOS and old Mac apps had, but which never worked reliably. They just do the bare minimum so that you can view the content that you purchase from them. Apple is pretty much the same these days. Yes, there’s legacy code from iTunes for managing a local music or video library, but the focus is on pushing content into a services window, not on giving you control over your media.

Previously:

Update (2024-01-05): In my experience, sharing annotations via e-mail from the new Mac app doesn’t work. It says it sent the message (whose subject says it came from my iPad), but the recipient doesn’t receive it, and it doesn’t appear in my Sent mailbox. The Web version used to have good ways to export annotations but now can’t even display them—it only shows the first line of each highlight. The iPhone app is able to export an HTML file via e-mail. The Kindle itself can export CSV and PDF via e-mail. If you’ve highlighted more than the limit in the book, the best way is probably to use the new Mac app, open a large window, and take screenshots to OCR.

Previously:

Tuesday, November 14, 2023

Cursorless Is Alien Magic From the Future

Xe Iaso (via Hacker News):

Cursorless is a plugin that integrates with voice control software to let you do AST level code editing with your voice. This is crazy alien magic from the future.

[…]

The most magic parts about this are the ideas of destinations and targets when it comes to cursorless inputs. Targets are individual anchors in a document and destinations are places relative to individual targets. Every single token in a document is given a hat over a letter with a color. These hats act as anchors that let you give commands based off of locations, destinations, and paths between them.

[…]

The real power of cursorless comes in from not only the idea of paths (such as green urge past green bat to select the function fetchBlog in that screenshot), but the fact that cursorless knows what the AST of the language is doing. This means that you can do things across the entire function, like deleting it or moving it somewhere else.

Previously:

On-Crash Backtraces in Swift

Alastair Houghton:

Prior to Swift 5.9, all you would get when your program fails is a message from the parent process (often the shell) telling you that the child process crashed[…]

[…]

Now, instead of the opaque message above, the result looks something like this[…]

[…]

This new feature greatly improves the on-crash debugging experience on Linux, where it is on by default. It is useful on macOS as well, but must be manually enabled.

There are also interactive backtraces:

The idea behind this feature is that it leaves the program suspended (by default for 30 seconds, but this is configurable) and provides you with the opportunity to either attach a debugger, or perform some additional inspection of the crashed process.

If you tap the spacebar when this prompt appears, you will be presented with a simple command prompt that allows you to change the backtracer settings, generate a new backtrace, list loaded images, display register and memory contents, and get a listing of all of the threads in the process.

Previously:

Computers Are Magical; Computers Are Awful

Nick Heer:

I was reminded of Nikita Prokopov’s classic post today — “People Expect Technology to Suck Because It Actually Sucks” — in much the same way I think of it many days but, and especially, today. These are all things which happened today from when I woke up[…]

[…]

None of the problems above are life-changing, but this list is representative of the kinds of hiccups I experience more-or-less daily. It could be a different mix of things with less or more impact than those above, but these problems often require I spend time trying to diagnose and fix them. Sometimes I can; sometimes, as with the Adobe Audition problem, the tools just suck and I have no recourse.

[…]

It is amazing what I do every day with the computer on my desk, the one on my lap, and the one in my pocket. But I wish they did everything more reliably, predictably, and consistently. I am prepared to fix things sometimes. I do not understand why I am tending to these things daily like they are made in a shed instead of by some of the world’s most valuable corporations. We, the users, deserve better than this.

I used to run into no recurring daily issues with my Macs, but the last several releases it’s been the same bugs almost every day, with Finder and external storage particularly bad.

On the day I read this post, I temporarily missed an iMessage that my mother sent from the hospital. For some reason, it was only received by my iPhone, which was in a dock with the screen off. Days later, it never arrived on any of my Macs or my iPad, even though I have Messages in iCloud enabled, and even though I toggled that as well as iMessage on my various devices to try to force a sync.

Later that day, I tried to update one of my Macs to macOS 14.1.1. The partition had 80 GB reported as free before the update, but the update failed due to lack of free space. I thought that meant that it just failed to prepare (as it often does) but hadn’t actually made any changes. Instead, when I restarted the Mac, it looked as though it was starting to apply the update, then failed and left the Mac in an unbootable state. I rebooted in Recovery but then remembered that Apple had removed the feature to roll back to a snapshot from before a system update. I ended up booting from another partition, making a Super Duper clone, erasing the container, reinstalling macOS, migrating from the clone, reauthorizing everything, and then installing the update again (which again failed several times to prepare).

Juli Clover:

Apple briefly paused work on upcoming iOS 18, macOS 15, watchOS 11, and tvOS 18 updates last week in order to make a serious effort to address bugs in the future iPhone, iPad, Apple Watch, Apple TV and Mac releases, according to Bloomberg’s Mark Gurman.

[…]

Apple’s software chief Craig Federighi has been making an effort in recent years to ensure that software bugs are addressed, sometimes resulting in features that need to be delayed. Sources that spoke to Gurman said that with the upcoming software updates, the software engineering management team working under Federighi found too many bugs that were missed in internal testing, leading to a week-long sprint to address the issues.

I can’t say that I’ve noticed this effort, except perhaps that there are fewer new bugs. The overall count of issues that I run into seems to be increasing, not decreasing. I think they need a couple of years, not a week.

Previously:

Google AdSense Changes From CPC to CPM

Dan Taylor (via Hacker News):

Today, website owners use a combination of direct sales, ad networks and sell-side platforms to sell their ad space, often using multiple technologies simultaneously.

This is why we are making two changes: updating AdSense’s revenue-share structure and moving to paying publishers by impression. These changes will provide a consistent way for publishers to compare the differing fees across the various technologies they use to monetize and will provide even greater transparency into the media-buying process.

Based on our tests, we don’t expect publishers to see a change in their earnings as a result of these updates.

Monday, November 13, 2023

A Picture Is Worth a Thousand Permissions Requests

Jason Snell (Reddit, Hacker News):

Due to an extremely weird series of troubleshooting maneuvers, I recently found myself having to set my Mac up from scratch without migrating any of my preferences for the first time in longer than I’d like to admit.

[…]

More than anything else, though, the experience reminded me that Apple has a lot of work to do when it comes to making the experience of upgrading or migrating to a new Mac more pleasant—and that its Security and Privacy team clearly has too much say in the overall macOS experience.

[…]

Pick your poison: You can die quickly thanks to a barrage of privacy warnings, or you can die slowly by having to deal with privacy warnings every time you run a new app. Either way will kill you.

[…]

macOS needs to find a better way to let users broadly approve permissions for specific apps. Why am I asked to approve three or four items in sequence instead of being given some sort of simple window indicating all the permissions that are being requested, allowing me to approve or disapprove individually or all at once?

Joe Rosensteel:

I paused, and I read that a few times to make sure I was comprehending the warning. I was warned that the application was downloaded from the internet (I downloaded) and asked “Are you sure you want to open it?” because I had double-clicked on it to open it. Both of those things were definitely true, so what does the little gray text mean? Oh, it wants to tell me the time it was downloaded by Safari, which I guess I could put in my personal journal, but most importantly that Apple checked it for malicious software and none was detected.

Are you sure you wanted to do the thing that you told the computer to do even though it’s safe?!

Mike Rockwell:

macOS feels more restrictive and more annoying to use with each release. Despite having the best hardware in the industry, the operating system is starting to push me toward alternatives.

Jason Snell (Hacker News):

My point wasn’t to ask Apple to make the Mac less secure. It was for Apple to find some ways to improve the user experience while keeping Mac users safe by default. It feels like there’s an imbalance where security is being prioritized but the user experience is allowed to lag, and it’s a problem.

[…]

Here’s a screenshot I took right after my new Mac booted for the first time after migration[…]

What’s happening here is that Migration Assistant has migrated all my apps, and has automatically launched any of them that are listed in Login Items or are set to automatically launch in the background. They all launch, all at once, and every single one of them then prompts me for permission to do all the things they already had permission to do on my previous Mac.

[…]

Setting up a new M3 iMac should be a pleasure. When I was done, I felt like a swarm of bees was buzzing in my head.

Previously:

Update (2023-11-20): freediverx:

Mac Vs PC commercials - Cancel or Allow?

Update (2023-12-06): John Gruber:

I went through the exact same thing. Except if I had taken a screenshot of all the security-permission alerts I had to go though, there would have been more of them — and Snell’s screenshot looks like a parody. Back in the heyday of the “Get a Mac” TV ad campaign, Apple justifiably lambasted Windows Vista for its security prompts, but that’s exactly the experience you get after running Migration Assistant on a Mac today. It’s terrible.

[…]

MacOS itself stores too many security/privacy settings in a way that are tied to the device, not your user account. There ought to be some way to OK all these things in one fell swoop.

Update (2023-12-12): Paulo Andrade:

“The Security and Privacy team clearly has too much say in the overall macOS experience”.

They not also have too much say but their solution is always to alert the user. It’s the easy way out… once the user has alerted the it’s now the user’s fault.

Final Cut Pro 10.7 and Final Cut Pro for iPad 1.3

Apple:

Final Cut Pro now includes improvements in timeline navigation and organization, as well as new ways to simplify complex edits. The apps leverage the power-efficient performance of Apple silicon along with an all-new machine learning model for Object Tracker, and export speeds are turbocharged on Mac models powered by multiple media engines. Final Cut Pro for iPad brings new features to further enhance the portable Multi-Touch editing experience, including support for voiceover recording, expanded in-app content options, added color-grading presets, and workflow improvements.

Juli Clover:

Editing is being sped up through new keyboard shortcuts for voiceover and grouping clips, plus there are new color-grading presets and titles.

The new versions of Final Cut Pro will be coming to the App Store later this month and they will be free to existing users. Final Cut Pro for Mac is priced at $300, and Final Cut Pro for iPad is priced at $4.99 per month or $49 per year.

John Gruber:

I mentioned last week that video editors took notice that Apple’s behind-the-scenes look at their “Scary Fast” keynote showed the film being editing in Premiere Pro, not Final Cut Pro, and that it wasn’t helping allay the fears of Final Cut Pro devotees that Apple was losing interest in it, a la the still-lamented Aperture.

It’s good to see another significant update after only six months. It sounds like there’s still no common file format.

Previously:

iPhone Parts Pairing

Tripp Mickle, Ella Koeze, and Brian X. Chen (via Hacker News):

Unlike cars, which can be repaired with generic parts by auto shops and do-it-yourself mechanics, new iPhones are coded to recognize the serial numbers for original components and may malfunction if the parts are changed.

This year, seven iPhone parts can trigger issues during repairs, up from three in 2017, when the company introduced a facial recognition system to unlock the device, according to iFixit, a company that analyzes iPhone components and sells parts for do-it-yourself repairs. The rate at which parts can cause breakdowns has been rising about 20 percent a year since 2016, when only one repair caused a problem.

The software phenomenon, which is known as parts pairing, has encouraged Apple customers to turn to its stores or authorized repair centers, which charge higher prices for parts and labor. In recent years, only approved parts and sanctioned repairs have avoided the problems. Replacing a shattered screen typically costs nearly $300, about $100 more than work done by an independent shop using a third-party screen.

Previously:

Update (2023-11-20): Nick Heer:

So long as everything we use moves closer to becoming a computer, this problem will grow because some legislation does not explicitly prohibit it while other laws have loopholes. Right to repair advocates and the Times have framed this as a financial issue. But I am not sure that is the case; as I have written before, it is much more likely that these companies simply do not prioritize repairability. To be clear, that is not an excuse. If anything, I think that is even worse; it implies a lack of caring in how something is built if it is not made with repair in mind. Remember Apple’s butterfly keyboard? Shipping a faulty family of keyboards for years was bad enough, but it was made a fiasco because of how it was assembled — it was often easier to replace the entire top case of an affected laptop, at a cost of hundreds of dollars, instead of changing individual keys.

Fitbit Charge 6 and Google Pixel Watch 2

Victoria Song:

Fitbit is back with the Charge 6 — and on paper, this one feels like the most Fitbit-y Fitbit since Google actively began folding the company into its ecosystem. Not only has the price been lowered from $179.95 to $159.95 but the device also adds an improved heart rate tracking algorithm, compatibility with certain gym machines, and better integration with Google services. Oh, and the side button is back, baby.

[…]

That said, this functions more like a remote control than onboard music because it doesn’t support offline playlists. Plus, you’ll need a YouTube Music Premium subscription. This fills part of the gap left by Fitbit’s decision last year to remove access to Spotify, Pandora, and Deezer, as well as the ability to transfer music from your computer, but it doesn’t exactly make up for the fact that there used to be multiple music options and now there’s just YouTube Music.

If that seems a bit like shepherding people into the Google-verse… it is. Buying a Charge 6 also means you’ll have to migrate your Fitbit data over to a Google account to use the device.

Victoria Song:

Google’s got a more powerful and more power-efficient processor under the hood, and Wear OS 4’s whole schtick is better battery life. It shows here. This watch is zippier than the original, and for the past week, I’ve had it on maximum brightness, along with the tilt-to-wake gesture and the always-on display enabled. I’ve actively used many of its features and logged 30 to 45 minutes of GPS workouts per day. I am consistently getting 24 hours on a single charge, give or take an hour, with no battery-saving features. And I didn’t even have to wait a day or two for the watch to calibrate to my usage.

[…]

Last year, I had a long list of things Google and Fitbit needed to work on. (Battery life was written in all caps, underlined several times.) This year, that list is much smaller. What the next Pixel Watch needs to deliver is repairability, durability, and a larger size option. Everything else — including wonky GPS — I expect is due to pre-release software or will improve via updates, just as it did last year.

[…]

With the Pixel Watch 2, Google is almost there. More so than with its Pixel phones, Android smartwatches are where Google has a shot of being really good at something.

Jonathan Lamont (Hacker News):

Google has pulled Fitbit from nearly 30 countries, leaving the fitness trackers available in just 23 countries, including Canada.

Reporting by Android Authority and 9to5Google detailed the Fitbit exodus, with the combined efforts uncovering a total of 29 countries that would lose Fitbit. The move comes after Google acquired Fitbit in 2021 — at the time, the search giant said it wanted to make health features “more accessible to more people.”

Previously:

Friday, November 10, 2023

8 GB of Unified Memory

Tim Hardwick:

Starting at $1,599, the 14-inch M3 MacBook Pro comes with 8GB of unified memory. That makes it $300 more expensive than the $1,299 starting price of the now-discontinued M2 13-inch MacBook Pro with 8GB. Users can opt for 16GB or 24GB at checkout, but these configuration options cost an extra $200 and $400 at purchase, respectively, and cannot be upgraded at a later date because of Apple’s unified memory architecture.

[…]

In a recent interview with Chinese ML engineer and content creator Lin YilYi, Apple’s VP of worldwide product marketing Bob Borchers has directly responded to this criticism.

Bob Borchers:

Comparing our memory to other system’s memory actually isn’t equivalent, because of the fact that we have such an efficient use of memory, and we use memory compression, and we have a unified memory architecture.

Actually, 8GB on an M3 MacBook Pro is probably analogous to 16GB on other systems. We just happen to be able to use it much more efficiently. And so what I would say is I would have people come in and try what they want to do on their systems, and they will I think see incredible performance.

You could make the case that the performance of certain tasks with 8 GB of RAM is good, but his statement goes way beyond that, and I don’t think the reasoning is sound.

It’s not clear to me what “efficient” is meant to refer to here. One could argue that macOS is less efficient with memory since it no longer runs in 32-bit mode. Maybe it’s a reference to Dynamic Caching, but that doesn’t seem like it would have much effect on memory use for common apps.

Memory compression has been available in macOS for a long time. I’ve used 8 GB and 16 GB systems with and without it and have no doubt that real RAM is better. Citing memory compression also doesn’t make sense because it’s a constant. The old M2 MacBook Pro also had memory compression. So does Windows.

The unified memory architecture does not seem like a technology to help stretch RAM. Rather, it means that some of that 8 GB will be used like VRAM and not available to apps or to the system.

William Gallagher (Hacker News):

A core claim of Apple’s is that this improved design means Mac need less RAM than they did.

The 8 GB M3 MacBook Pro is more expensive than the 16 GB M2 MacBook Pro was, and I’m not aware of any change in the M3 that would make up for that.

Apreche:

The thing we should be mad about are the prices. They’re charging $200 or more for each step-up in RAM. I understand that their RAM is integrated and special, but an 8GB stick of SD RAM for a PC is like $30. $100 might be understandable, but $200 is obscene.

The storage is even worse. Even the M3 MAX defaults to 1TB of storage. To upgrade to 4TB is $1000. A Samsung 990 Pro M2 SSD with 4TB of storage is under $300. I understand the apple storage is different, and that justifies some markup, but over a 300% markup is absurd.

Jason Cross (Hacker News):

It should probably not be a controversial opinion that, in late 2023 (and surely through most of 2024), one should not sell a pricey “Pro” computer with only 8GB of RAM. And yet here we are.

[…]

Apple has a long history of providing less RAM than it should for the price of its laptops and overcharging to get more, but it’s reached ridiculous proportions. The cheapest standard configuration with more than 8GB of RAM is 2 grand! The cheapest MacBook Pro you can configure with more than 8GB is $1,800!

[…]

Not that Windows laptops and Macs are directly comparable, but comparably-priced Microsoft Surface, HP Envy, Alienware, Dell XP, and Lenovo Thinkpad laptops all have 16GB of RAM or more, standard. You can spend all day mired in laptop configurations (and I have) but the bottom line is this: 16GB is standard at prices over $1,000 even in laptops with premium displays and other high-end features.

Tim Hardwick (Hacker News):

Perhaps unsurprisingly, Yuryev saw significant performance improvements across the board using the 16GB machine under both middling and heavier workloads. The 8GB model suffered double-digit losses in Cinebench benchmarks, and took several minutes longer to complete photo-merging jobs in Photoshop as well as media exports in Final Cut and Adobe Lightroom Classic.

These tests were conducted as single operations with nothing else running, but also repeated with browser tabs, YouTube videos, spreadsheets, emails, and the like, open in the background to simulate typical real-world multi-tasking scenarios. As expected, the performance gap between the two machines widened further as the 8GB increasingly relied on its SSD swap file, while all-round responsiveness took a hit. Yuryev even reported crashes on the 8GB model during Blender rendering and a Final Cut export.

How about comparing the 8 GB M3 to the 16 GB M2?

Previously:

Apple Music Voice Plan Discontinued

Joe Rossignol:

Apple said existing subscribers can continue to use the Voice Plan for the duration of their final billing cycle, but they will lose access after that period. It’s unclear why the plan was discontinued, but Apple says other Apple Music plans “already work seamlessly with Siri, and we will continue to optimize this experience.”

However, the regular plan is $10.99/month rather than $4.99.

Previously:

Weathergraph 1.0.210

Tomas Kafka:

Weekly chart: You can now see a week at a glance below the main chart, both in the app and in the large widget.

Scroll the weekly chart to peek into the future even more (as long as the forecast provides more than a week of data). Long press the weekly chart to zoom to that time in the main chart.

Sun glow: As the murky autumn arrives, know when to look forward to a healthy dose of sun rays. The warm glow above the cloud layer highlights particularly sunny times.

With Apple’s Weather app relying on the their own weather service, which I find to be a regression over the previous weather data, third-party apps with their own data are essential. I like Weathergraph’s new weekly chart, both as a way to see the whole week at a glance without scrolling and to quickly jump to a specific day. Alas, Weathergraph is still limited to a single location.

Previously:

Humane Ai Pin

Juli Clover (Hacker News):

Humane, a tech startup run by former Apple designer Imran Chaudhri, today officially unveiled its first product, the Ai Pin. Priced at $700, the Ai Pin is a standalone device that Humane says was built from the ground up for artificial intelligence.

The Ai Pin attaches to a clothing item using a magnetic system that involves a detachable battery, which is also how the device is powered. The idea is to swap the battery out for a new battery when necessary, resulting in what Humane calls a “perpetual power system.” It is not clear how long each battery lasts.

Design wise, the Ai Pin looks something like an Apple Watch with a rounded rectangular shape, It is made from aluminum, comes in three colors, and has a Gorilla Glass touchpad. There’s also an “optical sensing capsule,” a 3D depth sensor, and a Qualcomm Snapdragon chip to power it.

Here’s the launch video. Lots of people are remarking that the AI’s answers about the eclipse and the almonds are both wrong.

John Gruber:

They really do mean for this to replace, not supplement, your phone.

They want to replace apps with AI, too. All the software is written by them, with its data stored in their cloud. On the contrary, it seems like this product should be a phone app, with some optional supplemental hardware, but that’s not possible because Apple would never allow a third-party product that level of access.

There are lots of cool ideas here, but I don’t see how it can replace a phone when there are so many areas that it will always be worse at. On the other hand, you could see how it would be a non-starter to tell someone who already has a phone and a watch that they should carry a third device. The form factor of a pin, so that it must be moved whenever you add or remove a layer of clothing, seems like a disaster.

Nick Heer:

You can think of it as the answer to the question what if you could wear a smart kitchen speaker? and it sounds kind of compelling or, at least, not stupid. If a smartphone is a perfect convergence device, you can think of this as an attempt to move in the other direction.

Some people say they want to use their phone less, but a $700 device with a $24-per-month cell plan seems like an ambitious product for that niche. There are also plausible accessibility benefits to a mostly voice-controlled device for anyone who is able to clearly speak but maybe lacks fine motor control.

bosch:

I just don’t get this, or any other “VUI”/voice-centric platform for that matter. The killer feature of the smartphone or watch isn’t that it’s the most convenient (which it is), it’s that whatever you want to do on it is at least somewhat private. I don’t want the guy next to me on the train to know I’m messaging Andrew, and he doesn’t want to hear me message Andrew either. Asking me to speak out loud these commands removes that privacy. I think this type of “out loud interface” is the wrong direction for personal devices… forcing us to expose our “private selves” or conflate that with our “public selves” is really an area where humans need to draw the line, IMO.

Previously:

Update (2024-02-06): Om Malik:

I recently sat down with Imran — Bethany was busy — to explore everything from privacy and partnerships with “frenemies,” to the end of what we know as App Stores. Here are Imran’s thoughts on this game-changing device and his vision for the next evolution of personal computing.

Mark Wilson:

With $240 million in funding from luminaries including Salesforce CEO Marc Benioff and OpenAI CEO Sam Altman, the device attaches to your lapel with magnets, listens to your requests like Siri, and will search the internet, translate your speech, or project an interface right onto your hand.

[…]

But just because you are the first out of the gate or the best-funded company doesn’t guarantee success. An explosion of smartphones with all sorts of unique UX paradigms—keyboards, sliders, trackballs—existed for years before the iPhone’s touchscreen made them go extinct. Like any paradigm shift in computing, the revolution will be driven not by the fastest tech, but the most usable and essential design.

Stephen Hackett:

It blows my mind that these errors were left in the video. Clearly the thing was edited; why would you leave such an incorrect statement in the video courting early adopters? We all know AI systems get things wrong, but it’s another to leave those errors in your marketing materials. Did anyone at Humane fact-check these things? Or did they automatically trust that the answers were correct? Both possibilities are troubling. The lesson here is not to leave your launch video in the hands of ChatGPT, I suppose.

Jason Snell:

I don’t think the AI Pin will succeed for numerous reasons, foremost among them being the fact that it seems to be a product designed to make your smartphone unnecessary or ancillary. It feels to me like this is the product’s point of view not because of a deep philosophical reason but because Humane is a company with investors that needs to ship and sell a hardware product and trying to attach to the side of Apple’s or Google’s smartphone operating systems makes this thing an expensive accessory instead of a revolutionary device.

It’s not a point of view that makes sense otherwise, because it seems to posit a world where people just hate their smartphones and can’t wait to be rid of them. This is the world as seen through a funhouse mirror.

Allison Johnson (Hacker News):

It’s a beautiful vision that I’d love to buy into. But here’s the thing: screens are great, and I don’t think we can, or even should, ditch them quite yet.

Jesper:

The product site features food delivery and messaging between friends, two things that are well handled by apps today and that look dreadful to handle via voice entry or the projected palm interface, more fit for haikus than menus.

[…]

I am not the first to react strongly to this, but I am probably uncommon in my intense dislike for personal assistant AIs, a dislike that obviously flares to new heights in a product so heavily focused on them. The Humane site harps on privacy and trust, but what is private about being forced to live your life out loud; to not be able to jot a thought down silently?

[…]

If walking around in the world but looking at a screen because you're reading something is being absorbed by something else and not being present, then tapping a pocket square and talking to a virtual assistant about the same thing you would accomplish if you had a screen is also not being present.

Nicolas Magand:

Imagine that the main feature of this device is something that will likely become a standard function on smartphones, smartwatches, and even earbuds: interacting with a smart, new generation AI assistant using only your voice.

[…]

I’m trying to picture someone wearing an AI Pin in the middle of winter: do you wear it under your coat? over your coat? What happens when you go inside? Do you attach it to your sweater? What if you want to remove your sweater? What if you need to go back outside? It sounds like a disaster indeed, not to mention how the pin can potentially damage clothes.

[…]

Only the camera part would really be trickier on a wrist-worn device. I’m sure the camera can live on another, separate device, or can work its way on the device itself.

Thursday, November 9, 2023

Retrobatch 2

Flying Meat:

Retrobatch 2.0 includes a new dark UI, a bunch of new nodes, new features, refinements in existing nodes and UI, plus much more.

[…]

New “Super Resolution” node, which uses machine learning to scale up your image 4x its size.

[…]

New “Photos Export” node which replaces the “Photos Library” node (which Apple has deprecated libraries it uses). This new node will download from iCloud as well as export the unmodified originals from Photos, including RAW photos.

[…]

New “Recognized text” option for the Rules node which you can use to filter out images based on character recognition in the image.

[…]

The Screenshot node now has text field you can use to filter which screenshots are used in a workflow. For instance, if you only want to capture windows from Safari, you would enter “Safari”.

Gus Mueller:

It comes in 2.5 flavors:

  • Retrobatch (regular): currently $19.99 one time fee. Comes with all 2.x upgrades.
  • Retrobatch Pro: currently a $39.99 one time fee (or $24.99 if you’re upgrading from 1.x). Also comes with all 2.x upgrades. It has more “Pro” features (aka, wacky things with color profiles, JavaScript, and more).
  • Retrobatch Pro (App Store): $24.99 a year with a free 7 day trial. It also has some features missing because of App Store restrictions - but that may not matter to you.

The Mac App Store version is missing droplets and the nodes for AppleScript, shell scripts, and Finder integration; and the command-line tool is severely limited by sandboxing.

Previously:

iOS 17.1.1 and iPadOS 17.1.1

Juli Clover (release notes, security, developer):

The iOS 17.1.1 update addresses a BMW wireless charging problem and a bug with the Weather Lock Screen widget. There have also been issues with Wi-Fi connectivity and device shutdowns, but it’s unclear if anything in iOS 17.1.1 is intended to address those.

Previously:

macOS 14.1.1

Juli Clover (release notes, security, developer, enterprise, full installer, IPSW, M3):

Today’s update includes bug fixes and security updates according to Apple.

Joe Rossignol:

While the release notes did not specify which bugs were fixed, we have confirmed that the update resolves a software update issue with M3 Macs and an Adobe Photoshop bug.

See also: Howard Oakley, Mr. Macintosh.

Previously:

macOS 13.6.2

Apple (release notes, full installer for M1 and M2, M3):

This update has no published CVE entries. Available for MacBook Pro (2021 and later) and iMac (2023)

Enterprise release notes:

MacBook Pro 14-inch and 16-inch computers with Apple silicon no longer start up to a black screen or circled exclamation point after the built-in display’s default refresh rate is changed.

See also: Michael Simon.

Previously:

watchOS 10.1.1

Juli Clover (release notes, security, developer):

Today’s update addresses an issue that is causing some Apple Watch models to drain battery more quickly than expected. Complaints about Apple Watch battery started after the launch of watchOS 10.1, and Apple confirmed in a memo over the weekend that the battery problems would be fixed in a software release.

Previously:

Update (2023-11-22): I can confirm seeing really bad battery drain with watchOS 10.1 and that 10.1.1 seems to fix it.

Wednesday, November 8, 2023

Bike Outline Paths

Jesse Grosjean:

Use outline paths to query your Bike outlines. Today they are used through AppleScript and Shortcuts actions. In the future they will be used to build new features such as stylesheets and outline filtering.

There’s a video demonstrating them and documentation for the syntax.

Previously:

iOS 17.1 Lock Screen Photo Album Shuffle

Zachary McAuliffe:

Apple introduced Photo Shuffle for lock screen in iOS 16. However, you could only choose categories of photos in your library and camera roll, like People and Pets, or you could use the Select Photos Manually option and go through your library to find the right photos.

You were limited to 50 manually chosen photos, and the interface was awkward and slow.

Benjamin Mayo:

The problem was these automatic collections were often incomplete, and could not be edited – you couldn’t add or remove photos other than filtering out particular detected faces altogether in the People collection. This made the lock screen often useless as it would surface images that weren’t necessarily relevant or interesting, and no real way to fine tune it.

As of iOS 17.1, there’s a new option when you create a Photo Shuffle lock screen: the ability to choose a specific album. This gives you the control to choose what images you want to see on your lock screen, by curating a specific album or simply using the Favorites album.

This is probably my favorite new feature in iOS 17. I can now have more photos in the rotation, and I can tap the Lock Screen to switch to a new one. Because it’s based on an album, I can add new photos from the Photos app on my Mac, which is so much easier than the iOS interface.

Tim Hardwick:

The following steps show you how it’s done on iPhones running iOS 17.1.

There remain two bits of jankiness:

Previously:

Update (2023-11-22): CTD:

This is a wonderful improvement. It’s a bit confusing understanding how it chooses to frame pictures though. I initially cropped some images to exact screen dimensions but it randomly zooms in on some. Then tried 9:16 ratio and it seemed better then reverted to zooming in. I think it’s trying to be smart based on content of the image but for some I want them displayed just so! Still lovely to see one of your chosen images each time you unlock.

John Gordon:

I remember the original iOS Lock Screen photo shuffle. That feature was huge for my father as his memory failed. Few seemed to miss it though.

I would prefer something simpler like that.

Mint.com Replaced by Credit Karma

Emma Roth (via Hacker News, Reddit):

Intuit first acquired Mint in 2009, an app that has offered a free way for users to track their budgets, manage expenses, negotiate bills, and keep tabs on subscriptions. Now, Intuit is inviting users to Credit Karma, a service that the company acquired in 2020.

While Credit Karma offers similar features, like the ability to view transactions, track spending, aggregate financial accounts, and credit monitoring, it still doesn’t come with the same budget tracking tool that many people specifically use Mint for, and it’s not clear whether Credit Karma will ever adopt it.

ds:

This is a fumble not seen since skype fell asleep and did nothing during 2021 while google and zoom came and took their entire market.

It seems like it from a product perspective, but presumably Mint was not great as a business, even as a funnel for TurboTax.

Val Agostino:

As the first product manager on the original team that built Mint, as well as the Co-founder and CEO of Monarch (a subscription-based personal finance app) I have now been in the personal finance space for over 15 years and have seen first-hand the benefits (and challenges) that these apps can provide across millions of users. I wanted to share my (admittedly biased) perspective on what Mint users should consider going forward.

[…]

I’ve always been proud that we created a product that has helped so many people better manage their financial lives, and the prospect of Mint getting shut down is a little sad.

At the same time, it’s not a surprise. A free personal finance app is simply not a viable business.

Most free apps in the app store have minimal direct costs associated with delivering their service. This is not the case with personal finance apps, which typically rely on data aggregators (Plaid, Finicity, etc) to connect to tens of thousands of financial institutions to aggregate the necessary financial data. These data fees are quite expensive, which means a personal finance app is losing money on each free user and must make it up in some other manner.

Mint’s business model was to present users with offers for various financial products (banks, credit cards, etc) and to earn a referral fee if a user applied for one of those products. Unfortunately, this model was never able to cover our data costs of delivering the service. Worse still, this ad-based business model created misaligned incentives between the company and its users, because the financial products that offered the highest referral fees were typically not the objectively “best” products for our customers. There was always an internal tension between doing what was in our users’ best interests and trying to drive revenue to keep the business alive.

Intuit:

Credit Karma is thrilled to invite all Minters to continue their financial journey on Credit Karma, where they will have access to Credit Karma’s suite of features, products, tools and services, including some of Mint’s most popular features. We know the most active Minters use Mint to monitor their cash flow and track their spending, and not only does Credit Karma offer these capabilities, but we’re able to take things even further for our members.

Let us explain: at Credit Karma, we leverage our members’ data to provide them with a view of their finances so they know where they stand and can confidently take action to improve their financial situation. This view means members can track their net worth and monitor their spending habits, transactions and cash flow. Once they know where their money stands, Credit Karma will leverage this data to empower members to take action, whether that be suggesting they use a different credit card in their wallet to maximize their rewards opportunities according to their spending habits, or proactively flagging when they’re about to be in a cash crunch, with actionable recommendations to help them smooth out their cash flow and avoid a similar situation in the future.

[…]

Credit Karma is on its way to becoming a full-service financial platform where we take stock of members’ financial profiles, connect the dots for members and identify saving opportunities to act on, at the right time.

The core Credit Karma product is useful, and the interface is fast and well designed compared with other financial sites. It gets really annoying, though. Before turning off notifications, I would get constant e-mails that provided no value and seemed like they were just trying to drive engagement. Every week there would be a supposed major change to my credit score, so I’d log in to check it and find that it was exactly the same as before or up or down 1–2 points. Then I would see that it had recommended a credit card that it knew I already had.

Previously:

Apple’s Trademark Exploit

GiovanH (via Hacker News):

Apple puts its logo on the devices it sells: not just the outer casing, but also each internal component. The vast majority of these logos are totally enclosed and invisible to the naked eye. This seems like a strange practice — especially since Apple doesn’t sell these parts separately — except it turns out to be part of a truly convoluted rules-lawyering exploit only a company like Apple could pull off and get away with.

[…]

Apple participates in CBP’s e-Recordation Program, a “service for trademark owners” where American rightsholders proactively re-register their US registered trademarks with CBP and pay regular fees to ensure special, stricter enforcement on the particular trademarks they request. In exchange, Apple gets to train law enforcement themselves; owners of registered marks can record webinars, and companies like Apple literally get to send their own staff to give Border Patrol in-person seminars on how to identify their products and what all they want counted as infringing.

[…]

Repair shop owner Jessa Jones purchased third-party iPhone screens for use in repair, but the shipment from China was seized by CBP.

The screens that were seized are “hybrid” parts: the screens are third-party, but use a few original Apple parts like a flex cable that connects the screen to the phone. That invisible, internal part is marked with an Apple logo, which is enough to let the CBP seize the entire shipment.

The parts aren’t being seized because they’re counterfeit. In fact, they’re demonstrably not counterfeit: the only reason an Apple logo is on a piece of a “third-party” component is because that piece is original OEM Apple hardware being legally re-sold[…]

Previously:

Tuesday, November 7, 2023

The Negative Impact of Mobile-First Web Design on Desktop

Kim Salazar, Tim Neusesser, and Nishi Chitale (via Hacker News):

Many modern websites are designed with a mobile-first approach. When these pages render on desktop devices, the content can appear overly large and stretched out. Screen-covering images, large bloated text, and excessive negative space result in long pages requiring more scrolling to consume all content. We call this design trend content dispersion.

[…]

Long pages also make it harder for users to find specific information on the page because the content is spread out over many viewports. Indeed, our study participants had more difficulty finding information on the dispersed product page than on its condensed version.

[…]

Because many websites with dispersed content are the result of a mobile-first design approach, they often use mobile design patterns that frustrate desktop users. For example, accordions work very well on mobile devices because they collapse a large amount of information into a smaller space, shortening the mobile page and making the information more accessible. They also provide a high-level overview of the content available, allowing users to access the area they are interested in directly. However, on large screens, long pages are less of a problem. Accordions can contribute to content fragmentation and significantly increase the interaction cost of finding crucial information, without the benefit they bring on mobile.

Unfortunately, mobile-first design affects apps, too.

Previously:

Update (2023-11-20): Jerry Nilson:

Was really irritated over this the other day – Google want to dictate how web sites are designed and will give it higher rating even if it looks like shit if you adhere to their nonsense. I decided to revert and make sure my website looks good on mobile despite Google.

Update (2023-11-22): Sam Rowlands:

Fundamentally I agree with this statement, but I have a ton of mixed feelings.

As an engineer, I understand it.
As a pragmatist, I believe it is inevitable.
As an optimist, I believe it will get better.
As a Mac only developer, I hate it.

Learning SwiftUI, I think I've accepted a unified future.

iLeakage: Browser-Based Timerless Speculative Execution Attacks on Apple Devices

Jason Kim et al. (Hacker News):

We present iLeakage, a transient execution side channel targeting the Safari web browser present on Macs, iPads and iPhones. iLeakage shows that the Spectre attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery. We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution. In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.

[…]

Code running in one web browser tab should be isolated and not be able to infer anything about other tabs that a user has open. However, with iLeakage, malicious JavaScript and WebAssembly can read the content of a target webpage when a target visits and clicks on an attacker's webpage. This content includes personal information, passwords, or credit card information.

[…]

At the time of public release, Apple has implemented a mitigation for iLeakage in Safari. However, this mitigation is not enabled by default, and enabling it is possible only on macOS [in Safari’s Debug menu]. Furthermore, it is marked as unstable.

[…]

We disclosed our results to Apple on September 12, 2022 (408 days before public release).

It’s still possible in Lockdown Mode, but slower.

Dan Goodin:

iLeakage represents several breakthroughs. First is its ability to defeat these defenses with Safari running on A- and M-series chips by exploiting a type confusion vulnerability. Secondly, it's a variant that doesn’t rely on timing but rather on what’s known as a race condition. A third key ingredient is the unique ability of WebKit to consolidate websites from different domains into the same renderer process using the common JavaScript method window.open.

So Chrome and Firefox are not vulnerable, but of course Apple doesn’t allow their browser engines on iOS.

Previously:

Microsoft Finalizes Activision Blizzard Acquisition

Dan Milmo (Hacker News, MacRumors):

Microsoft has completed its $69bn (£57bn) deal to buy Activision Blizzard, the maker of games including Call of Duty and World of Warcraft, after the UK’s competition watchdog cleared the acquisition.

The Competition and Markets Authority (CMA) had moved to block the deal in April, citing concerns that Microsoft – the maker of the Xbox gaming console – would dominate the nascent cloud gaming market.

Last month, however, the watchdog said a revised deal that included selling cloud gaming rights outside Europe to Activision’s French rival Ubisoft had substantially addressed its concerns, indicating the tie-up would be approved.

Andrew Plotkin (Hacker News):

The peculiar side effect in my corner of the world is that Microsoft now owns the dusty remains of Infocom. Microsoft owns all the classic Infocom games (except maybe Hitchhiker and Shogun). They own the rights to sell the games. They own the rights to make more Zork spinoffs.

Of course, from a corporate point of view, this means exactly nothing. Activision has kept a few Infocom games up on GOG (EDIT: and Steam). For a while they sold them for iOS, but that was too much work so they stopped. In 2009 they flirted with a casual Zork tie-in that went nowhere. None of this rates even a footnote in the Microsoft acquisition prospectus, which I imagine is six hundred pages of Candy Crush stats with an appendix mentioning WoW and CoD as “also nice to have”.

[…]

For twenty years, Infocom properties have existed in a foggy hinterland of “Well, Activision owns it, but… you know. You can find the stuff online.” I don’t just mean the games! It’s also the manuals, the advertisements, the packaging, all the ephemera. It’s all available, but… you know. Illegally. […] Anyhow. I say it is time to end this liminality and bring all this work into the legal daylight.

Previously:

Update (2024-01-30): Tom Warren (via Hacker News):

Microsoft is laying off 1,900 employees at Activision Blizzard and Xbox this week. While Microsoft is primarily laying off roles at Activision Blizzard, some Xbox and ZeniMax employees will also be impacted by the cuts.

The cuts work out to roughly 8 percent of the overall Microsoft Gaming division that stands at around 22,000 employees in total.

Previously:

Swift Proposal: Pack Iteration

SE-0408:

Currently, it is possible to express list operations on value packs using pack expansion expressions. This approach requires putting code involving statements into a function or closure. For example, limiting repetition patterns to expressions does not allow for short-circuiting with break or continue statements, so the pattern expression will always be evaluated once for every element in the pack. The only way to stop evaluation would be to mark the function/closure containing the pattern expression throwing, and catch the error in a do/catch block to return, which is unnatural for Swift users.

[…]

We propose allowing iteration over value packs using for-in loops. With the adoption of pack iteration, the implementation of the standard library methods like == operator for tuples of any number of elements will become straightforward.

It’s accepted.

Previously:

Monday, November 6, 2023

Mastering DOM Manipulation With Vanilla JavaScript

Phuoc Nguyen (via Hacker News):

Web development moves at lightning speed. I still remember when I first started using libraries like jQuery, Prototype, script.aculo.us, Zepto, and many more. Even with modern tools like Angular, VueJS, React, Solid and Svelte, we still have to deal with the Document Object Model (DOM). While these frameworks encapsulate and hide direct DOM management, they still give us access to work with the DOM via refs and event handlers.

Whether you’re developing or using a web component in any framework, you need to work with the DOM at a certain level. […]

That’s why I’ve put together this collection of resources:

  • No external libraries, just native browser APIs
  • Small, easy-to-understand examples
  • Live demos
  • Tips and best practices included
  • Real-life use cases
  • Works with modern browsers and even supports Internet Explorer

Update (2023-11-22): See also: Cheat sheet for moving from jQuery to vanilla JavaScript (via Daniel).

Google Vertex AI Search

Brett Terpstra:

So it turns out Google now offers an API (once again). It’s limited to 100 searches per day for the free version, so I don’t want to put my API key into the public distribution of SearchLink, but if you want to tap into Google’s power for your searches, you can now add your own API key to the config and get 100 searches per day for free.

This is the JSON API for the Custom Search feature that I was not a fan of. But, using the API, you can format the results however you want.

There’s also a Custom Search Site Restricted JSON API, which could be used to build a site-specific search page, but it’s being phased out.

Google:

Vertex AI Search allows you to set up and deploy a Google-grade site search engine in minutes at a competitive price.

[…]

Because we believe Vertex AI Search best serves the needs of site restricted search use cases, we are no longer receiving new customers for the Custom Search Site Restricted JSON API. This has no effect on existing customers.

Google:

With the advent of generative AI your consumers and employees expect a better search experience than keyword-based tools that only match specific terms for information and do not understand user intent, content or the context of the search. We're building Vertex AI Search based on decades of Google's investments in search technologies and integrating new generative AI features so your customers and employees can enjoy a modern, personalized search experience.

It looks like the pricing is $4 per 1,000 queries vs $5 for the old API.

Previously:

Friday, November 3, 2023

Google Abandons Web Environment Integrity API

Thomas Claburn (via Hacker News):

Amid rising community concern, Google says it will no longer develop controversial technology that was said to fight fraud online though to critics looked more like DRM for websites.

[…]

Apple incidentally has already shipped its own attestation scheme called Private Access Tokens, which while it presents some of the same concerns is arguably less worrisome than Google’s proposal because Safari’s overall share of the web browser market across all devices is far lower than Chrome’s.

Google also offers two more limited attestation services, the Play Integrity API and Firebase App Check. And its YouTube subsidiary’s scanning of client browsers for ad blocking extensions also represents a form of attestation or integrity check, albeit where what’s evaluated is installed software rather than a cryptographic token.

[…]

Instead, the Android team aims to focus on the Android WebView Media Integrity API, which provides a similar form of attestation but only for WebViews embedded in Android apps.

Previously:

Apple’s Three Safaris

Thomas Claburn (via Hacker News):

Apple tried to avoid regulation in the European Union by making a surprising claim – that it offers not one but three distinct web browsers, all coincidentally named Safari.

Never mind that Apple itself advertises the sameness of its Safari browsers when pitching its Continuity feature: “Same Safari. Different device.”

Cupertino also claimed it maintains five app stores and five operating systems, and that these core platform services, apart from iOS, fell below the usage threshold European rules set for regulating large platform services and ensuring competition.

[…]

This strategy appears not to have been very effective.

Open Web Advocacy:

Apple made this attempt despite the Digital Markets Act containing specific clauses to address this exact behaviour.

Previously:

Update (2023-11-20): See also: MacRumors.

FTX Trial

Molly White (via Nick Heer):

We got our first glance at the FTX codebase on Friday. The prosecution brought out Github screenshots as they questioned cooperating witness Gary Wang, the former CTO of FTX who at various times was responsible for the codebases powering both FTX and Alameda Research. Wang has pleaded guilty to four charges.

[…]

Much of the conversation revolved around the allow_negative flag that was introduced to the FTX codebase on August 1, 2019. Wang testified that Sam Bankman-Fried had asked him and Nishad Singh (former FTX engineering director, who has also pleaded guilty) to add the flag. Github screenshots show Singh making a code change to add the column in the database, and adding logic to exempt accounts with the flag from checks that would otherwise determine if they had sufficient funds to withdraw.

[…]

Code snippets shown to the jury demonstrated how Nishad Singh wrote some code that would update the insurance fund amount by adding to it the daily trading volume, multiplied by a randomish number around 7,500, and dividing it by a billion, thus making it appear as though the website was referencing a real account balance that was fluctuating as the exchange added funds or withdrew from it to cover losses. In reality, it was all made up.

Elizabeth Lopatto (Hacker News):

Bankman-Fried claimed to have been “not involved as a general principle in day to day trading,” but this turned out to depend highly on how one defines trading. Sassoon quickly introduced the “Vertex” Signal groupchat for discussing Alameda’s trading. In it, we saw messages where Bankman-Fried asked the group how much of two tokens, OXY and MAPS, the group had bought. He then suggested Alameda should buy $1 million to $2 million of each over the next few days. (Bankman-Fried denied that this was him giving instructions, which depends highly on how one defines giving instructions.)

David Yaffe-Bellany, Matthew Goldstein, and J. Edward Moreno (Hacker News):

Sam Bankman-Fried, the tousle-haired mogul who founded the FTX cryptocurrency exchange, was convicted on Thursday of all seven charges of fraud and conspiracy after a monthlong trial that laid bare the hubris and risk-taking across the crypto industry. These charges carry a maximum sentence of 110 years.

MacKenzie Sigalos (via John Gruber):

Most of the defense’s case was built on the testimony of Bankman-Fried himself, who told the court that he didn’t commit fraud or steal customer money, but just made some business mistakes.

Previously:

Apple’s Q4 2023 Results

Apple (transcript, Hacker News, MacRumors:

The Company posted quarterly revenue of $89.5 billion, down 1 percent year over year, and quarterly earnings per diluted share of $1.46, up 13 percent year over year.

“Today Apple is pleased to report a September quarter revenue record for iPhone and an all-time revenue record in Services,” said Tim Cook, Apple’s CEO.

Jason Snell:

Mac revenue was $7.6 billion, down 34%. iPad revenue was $6.4 billion, down 10%. iPhone revenue was $43.8 billion, up 3%.

John Gruber:

Mac sales are down quite a bit year over year, both on a quarterly basis and trailing 12-month period, but I don’t think that’s a reflection on the Mac platform. Rather, it’s the whole PC market, which is now in a downswing after a huge surge during the early COVID years.

Previously:

Update (2023-11-22): See also: MacRumors.

Update (2023-12-06): Jason Snell:

But by using this excuse, Cook and Maestri are deflecting attention from the real, incontrovertible numbers: Mac revenue for fiscal 2023 was $29.4 billion, down 27 percent from the previous year’s record $40.2 billion. That’s a “tough compare” that includes both the quarter where the Mac was affected by factory shutdowns and the quarter where Apple sold a whole bunch of Macs in order to fulfill demand. Put them together, and it’s still a stupendous drop in sales. This year’s Mac revenue number was also down 20% from fiscal 2021 when Apple sold $35.2 billion in Macs. So it’s a dramatic drop from the last two years of Mac sales, no matter how you slice it.

But here’s the thing: look back to Mac revenue in 2019 and 2020, before the Mac sales surge driven by the COVID pandemic and the switch to Apple silicon. In those years, Mac revenue was $25.7 billion and $28.6 billion, respectively. If you think of the last couple of years as an aberration, the Mac is back where it was—in fact, it’s up 2.6% from fiscal 2020.

[…]

As Stratechery’s Ben Thompson quipped: “So just to recap, Apple’s Services revenue saw a step-change increase in revenue with increased margin, and Apple executives don’t want to talk about it.” Like Ben, I wonder if maybe the dynamic includes changes to the money Apple makes on Google search referrals, which are a large part of the Services line that Apple never, ever, ever talks about in these calls. And of course, right now Google is on trial and that search deal is one of the big topics of conversation.

Wednesday, November 1, 2023

macOS 14: Separate iCloud Drive and CloudKit Switches

Howard Oakley:

One important change in Sonoma is the distinction between apps accessing iCloud Drive (shown here) and those using CloudKit to share their databases (described below).

[…]

To control the apps allowed to store their databases in iCloud using CloudKit, you need to go back to iCloud settings.

In the Apps Using iCloud section there, click on the Show More Apps… button to reveal the full list.

In earlier versions of macOS, apps using CloudKit and those accessing iCloud Drive weren’t clearly distinguished, but Sonoma separates those controls at last.

Previously:

Apple’s Blue Ocean

John Siracusa (Hacker News):

I just can’t shake the idea that a return to removable, user-accessible batteries has now become a blue-ocean opportunity just waiting for Apple to seize it.

[…]

There’s more headroom than there has ever been to accommodate a tiny bit more size and weight in Apple’s portable products.

[…]

Second, people still crave the advantages of removable batteries that were left behind: increasing battery life by swapping batteries instead of using a cumbersome external battery pack, inexpensively and conveniently extending the life of a product by replacing a worn-out battery with a new one—without paying for someone else to perform delicate surgery on the device.

Finally, related to that last point, worn-out batteries are an extremely common reason that old tech products are traded in, recycled, or replaced. Removable batteries are an easy way to extend the useful life of a product. This leads to less e-waste, which is perfectly aligned with Apple’s environmental goals as 2030 approaches.

Aside from the cost in time and money, needing Apple or a repair shop to replace a battery is bad for privacy. Most people will just give the technician their passcode. If you want to be more careful, you can wipe the phone beforehand, but restoring from backup has problems. It’s slow, it’s lossy, and it requires a surprising number of manual steps, which don’t always succeed (e.g. credit cards and Apple Pay). Also, unless you back up to both iCloud and a Mac, you for a time only have one copy of your data.

Previously:

Ceasing Print Publication of ACM Journals and Transactions

Association for Computing Machinery (via Hacker News):

ACM has made the decision to cease print publication for ACM’s journals and transactions as of January 2024. The magazines Communications of the ACM, ACM InRoads, interactions, and XRDS: Crossroads will continue in print.

There were several motivations for this change: ACM wants to be as environmentally friendly as possible; print journals lack the new features and functionality of the electronic versions in the ACM Digital Library; and print subscriptions, which have been declining for years, have now reached a level where the decision to sunset print made perfect sense. Ultimately, this will prove to be beneficial to the community, enabling ACM to focus efforts on enhancing the electronic versions of the publications where they can have the greatest impact.

This is kind of a shame because I used to like browsing these journals in the library, and it’s not really the same online. I love reading books and articles on my Kindle, but neither it nor the iPad is very good for this sort of technical content. If I’m reading an academic paper I tend to print it myself.

Previously:

Swift TO Is Closing Down

Kyle Newsome:

A lot of forces seemed to work against us this year. This made organizing quite a difficult and emotional challenge at times. Unfortunately this included some mistreatment from Apple’s Developer Relations team. Apple dangled the idea of supporting this conference. They asked for us to send our plans/financials, then ghosted without any explanation. Despite many attempted follow ups I never heard from them again or got any closure.

Via Dave DeLong:

Is iOS development the only major industry where conferences are NOT sponsored by the industry leader?

Previously: