Archive for November 22, 2023

Wednesday, November 22, 2023

Ducklet 1.0.1

ohoj Software:

Ducklet makes using SQLite databases easy for everyone, whether you’re a developer, data analyst, or just curious. We’ve designed a user-friendly interface for a smooth and intuitive experience, so you can focus on your data.

[…]

Experience unmatched performance and seamless integration with our native application written in SwiftUI and AppKit.

I discovered this new app while assembling the Black Friday deals. It brings some fresh ideas but isn’t mature enough for me to switch yet.

Likes:

Dislikes:

Overall, I like Base and Core Data Lab better, but Base has been giving me a lot of internal errors lately, and I’m unsure whether it’s still under development. However, Ducklet looks promising, so I purchased it on sale.

Previously:

Git Tower 10.2

Tower:

Sync Action: This action synchronizes your HEAD branch with a remote branch by pulling and then pushing commits (if pulling was successful). If you are not using the default toolbar item set, you can add the Sync action to your toolbar by running “Customize Toolbar” from the “View“ main menu.

Settings: You can now configure custom environment variables used when running Git commands by visiting the new “Environment” tab in Tower’s settings.

Settings: You can now choose 1Password as an SSH Agent for SSH Signing in the “Git Config” tab.

[…]

New License View: An improved license window will show more license information and allows you to deactivate devices.

[…]

Syntax Highlighting: Text is now highlighted correctly when selecting lines for staging.

I like the syntax highlighting introduced in version 10, but I’ve had intermittent problems where viewing even a small file makes it use 800% CPU doing JavaScript stuff, seemingly forever, even if I click to view another file.

Previously:

Update (2023-12-06): Bruno Brito:

We have added a new button: Sync! This action performs a combination of a “pull” operation followed by a “push” (if the “pull” is successful).

Kristian Lumme:

Just like in Git, you can filter the history by commit author, date range, files affected, commit message and more. Click the dropdown in the search box in the upper right corner to select your first criteria to filter by (1).

After entering a value and hitting Enter, the filter shows up above the commit list, where you can use the plus and minus buttons to add more criteria as needed (2)!

I had never noticed this. I wish the buttons for adding criteria were always visible. Same with the Blame, File History, and Diff Tool buttons, which only show up when you mouse over the right spot.

Rumor of Cellular MacBook

Arnold Kim (2011):

One of the most requested features for Apple’s MacBook Pro line has been for the integration of some sort of built-in 3G cellular data to allow for anywhere wireless connectivity. MacBook Pro users presently need to purchase a separate Mi-Fi or 3G USB Modem in order to keep their machines connected to the internet when not near a Wi-Fi hotspot.

Apple has developed prototypes of the MacBook Pro with integrated 3G data, as evidenced by this eBay sale showing a never-released MacBook Pro prototype.

This particular machine dates back to 2007 and is a 15" MacBook Pro Santa Rosa laptop with a 3G antenna, 3G hardware and SIM card slot built in.

Tim Hardwick (Hacker News):

Apple eventually plans to build its own custom modem into cellular MacBook models that could arrive in 2028 at the earliest, according to Bloomberg’s Mark Gurman.

Apple has reportedly been working on its own modem since 2018, as it seeks to move away from Qualcomm’s component currently used in iPhones. The timeframe for launching the modem has slipped several times and is now expected to be ready around 2026, and Gurman now hears that Apple has plans for the chip appearing in other Apple devices further down the line.

Even without their own modems, I’ve never quite understood why Apple didn’t make this available as an expensive option. Personal Hotspot is not a great substitute. If it makes sense for (and fits in) an iPad, it makes sense for a Mac.

Previously:

Apple Asked Amazon to Block Rival Ads

Eugene Kim (via Hacker News):

Apple’s latest products directly sold by Amazon have a much cleaner page layout on Amazon with no ads or recommendations until the very bottom of the page, an Insider review of the e-commerce site shows. Most other brands don’t get this special treatment, according to people familiar with the matter, who spoke on the condition of anonymity because they were not authorized to speak to the press.

[…]

Search results for “iPhone” and “iPad” on Amazon also offer a similarly clean experience. The top banner is always an Apple ad, and only one banner ad appears at the very bottom of the page, according to Insider’s recent review.

In contrast, Amazon search results for other brands, such as Samsung and Sony, show at least two or three sponsored ads from rivals. Amazon also shows a fewer number of search results for Apple’s products compared to its competitors.

[…]

The unusual arrangement follows the iPhone-maker’s private demands to Amazon to only show its products in results when an Apple term like “iPad” is searched, according to an internal email previously shared by the House Judiciary Committee. At the time, Apple also asked Amazon to make its product pages clean, without any non-Apple product recommendations.

Nicola Agius:

It’s not yet been confirmed whether Apple paid Amazon to block ads by rivals from appearing on its product pages. However, in emails shared by the House Judiciary Committee that date back to 2018, Amazon’s then-retail CEO Jeff Wilke suggested he had initially refused Apple’s request to block rival ads, writing:

  • “We cannot alter our organic search algorithm to return only Apple products in the search results when an Apple team is searched.”

He then appeared to offer an alternative solution for Apple:

  • “Apple would need to purchase these placements or compensate Amazon for the lost ad revenue.”

However, the advertising team told Insider that other companies offered to pay Amazon for this type of deal but were rebuffed.

Previously:

Spotify’s Google Play Store Deal

Adi Robertson and Sean Hollister (Hacker News):

Music streaming service Spotify struck a seemingly unique and highly generous deal with Google for Android-based payments, according to new testimony in the Epic v. Google trial. On the stand, Google head of global partnerships Don Harrison confirmed Spotify paid a 0 percent commission when users chose to buy subscriptions through Spotify’s own system. If the users picked Google as their payment processor, Spotify handed over 4 percent — dramatically less than Google’s more common 15 percent fee.

Google fought to keep the Spotify numbers private during its antitrust fight with Epic, saying they could damage negotiations with other app developers who might want more generous rates. Google’s User Choice Billing program, launched in 2022, is typically described as shaving about 4 percent off Google’s Play Store commission if developers use their own payment system, bringing down Google’s 15 percent subscription service fee to more like 11 percent. That often ends up saving developers little or no money since they must foot the cost of payment processing themselves.

[…]

Google would not name other developers that have gotten the company to agree to more generous rates. During the trial, we learned that Google offered Netflix a special discounted rate of just 10 percent, but Netflix refused. Netflix no longer offers an in-app purchase option on Android and no longer pays Google anything to distribute its app as a result.

Previously:

Update (2023-12-19): John Gruber:

Not only does Spotify on Android default to using its own in-app purchasing system — giving not a penny to Google in fees, apparently — but I couldn’t even find a way to choose to pay using the Play Store system. Google has granted Spotify a complete exemption to any sort of payment fee, and Spotify simply uses its own in-app payment processing.

On iOS, needless to say, Spotify has no such exemption. I just checked, and all Spotify does on iOS is list the features of each Premium account tier, with a message under each tier that reads “You can’t upgrade to Premium in the app. We know, it’s not ideal.” They don’t even list the prices or tell you where to go to sign up.

[…]

It beggars belief that Spotify would pull its app from the Play Store. What makes more sense is that Google wanted to get Spotify — an EU-based company — off their backs as vocal critics of their app store policies, so they offered them this sweetheart deal to shut them up.

Nothing’s iMessage App Was a Security Catastrophe

Ron Amadeo (via Hacker News, MacRumors):

Last Tuesday, Nothing Chats—a chat app from Android manufacturer “Nothing” and upstart app company Sunbird—brazenly claimed to be able to hack into Apple’s iMessage protocol and give Android users blue bubbles. We immediately flagged Sunbird as a company that had been making empty promises for almost a year and seemed negligent about security. The app launched Friday anyway and was immediately ripped to shreds by the Internet for many security issues. It didn’t last 24 hours; Nothing pulled the app from the Play Store Saturday morning. The Sunbird app, which Nothing Chat is just a reskin of, has also been put “on pause.”

[…]

How bad are the security issues? Both 9to5Google and Texts.com (which is owned by Automattic, the company behind WordPress) uncovered shockingly bad security practices. Not only was the app not end-to-end encrypted, as claimed numerous times by Nothing and Sunbird, but Sunbird actually logged and stored messages in plain text on both the error reporting software Sentry and in a Firebase store. Authentication tokens were sent over unencrypted HTTP so this token could be intercepted and used to read your messages.

Previously:

Privacy Is Priceless, But Signal Is Expensive

Meredith Whittaker and Joshua Lund (Hacker News):

Signal is also a nonprofit, unlike almost every other consumer tech company. This provides an essential structural safeguard ensuring that we stay true to our privacy-focused mission. To put it bluntly, as a nonprofit we don’t have investors or profit-minded board members knocking during hard times, urging us to “sacrifice a little privacy” in the name of hitting growth and monetary targets. This is important in an industry where “free” consumer tech is almost always underwritten by monetizing surveillance and invading privacy. Such practices are often accompanied by “growth hacking” and engagement maximization techniques that leverage dark patterns to keep people glued to feeds and notifications. While Signal is also free to use, we reject this kind of manipulation, focusing instead on creating a straightforward interpersonal communications app. We also reject business models that incentivize such practices.

Instead of monetizing surveillance, we’re supported by donations, including a generous initial loan from Brian Acton. Our goal is to move as close as possible to becoming fully supported by small donors, relying on a large number of modest contributions from people who care about Signal. We believe this is the safest form of funding in terms of sustainability: ensuring that we remain accountable to the people who use Signal, avoiding any single point of funding failure, and rejecting the widespread practice of monetizing surveillance.

[…]

We estimate that by 2025, Signal will require approximately $50 million dollars a year to operate—and this is very lean compared to other popular messaging apps that don’t respect your privacy.

Previously:

Safari Share Menu Now Violates Privacy

Jeff Johnson:

Looking at the packet trace, the share menu attempts to fetch the icon files favicon.ico, apple-touch-icon.png, and apple-touch-icon-precomposed.png from the site.

[…]

And of course your IP address is leaked.

My belief is that a website should not be notified and given your IP address and other information such as hardware device type and web browser version when you share the URL of the website.

[…]

The only purpose of the HTTP requests in Safari’s share menu appears to be to display the link’s icon and title in the share menu. Crucially, that information is not passed along to the other apps!

In most cases, I think people would be sharing the page that Safari is currently showing, so the data would have already been loaded. But it’s not expected that essentially copying a link within that page would send additional network requests.

Previously: