Archive for January 11, 2024

Thursday, January 11, 2024

BBEdit 15

Bare Bones Software (Mastodon):

A new Minimap palette shows a high-level overview of the active text document. This facilitates visualization of the document’s overall structure, as well as navigation within larger documents.

I love the minimap in recent versions of Xcode, but I’ve not found myself using the BBEdit version much. It’s in a floating palette, which gives you more flexibility with the size and shape, but it requires more window management. It lacks the section labels, Git status, and hover functionality of the Xcode implementation.

Building on the concept of the Grep Cheat Sheet used in its Find windows, BBEdit 15 introduces the ability to create and use your own Cheat Sheets, which are functional references for text markup and editing.

This is great, and I like how they support syntax highlighting. The file format is documented here.

BBEdit 15’s joins BBEdit’s unique “worksheet” interface to ChatGPT, so that you can have conversations with ChatGPT right in BBEdit itself — no application switching or awkward copy/paste from a web browser. Each chat worksheet that you create maintains its own history, so that you can easily refer back to past conversations, or keep a conversation going across an extended period of time.

Integrating this as worksheets feels very natural, and it seems to work well. I will admit that haven’t found ChatGPT to be very useful in my development. I mostly ask it questions that I don’t know the answers to, and it either doesn’t know either or gives absurdly incorrect results. I need to figure out how to use it as an assistant to do what I could already do myself—but faster.

BBEdit project documents gain an awareness of the “workspace root”, which for a given project is the “most important directory” in the project.


BBEdit’s unique “Text Factory” feature has been reimagined for version 15. All available transformations are listed for easy access, and assembling a factory requires fewer steps. A new “Run Unix Command” operation improves factory portability by storing the Unix command in the factory itself.

From the more detailed release notes:

The “Text Merge” command on the Text menu provides a new way to transform text in files, by employing a file containing a Grep search and replace pattern along with a table of substitution values.


The Git menu gets commands to push and pull the current branch to/from its remote.


When choosing the “Open Recent” item on the File menu (directly), rather than anything off the submenu, BBEdit will open a panel listing all recent items and currently open documents. You can use the search field at the top to filter the results and find the desired item. (You can also select and open multiple items in the list, if desired.)

In my view, the new Open Recent window is the standout feature of BBEdit 15. It basically works like Open File By Name except that it’s for recent documents. This lets me browse a shorter list of recent files, whose names I either might not remember or might not be able to easily find via a global search. I can search to narrow the list and navigate the results list with the keyboard to open one or more documents. I’ve used LaunchBar for this in the past, but the BBEdit-specific window is faster and more convenient. I recommend assigning the Command-Control-O keyboard shortcut and going to the BBEdit settings to increase the number of recent documents remembered.

When “Grep” is turned on in the Find and Multi-File Search windows, BBEdit will validate the pattern as you edit it. An indicator button will display the validation status of the pattern; you can click on it for information about the specific error.


The navigation bar for text documents includes an item which lists recent SCM revisions (git and/or Subversion) as well as recent file system recorded versions of the file. This can be used as a shortcut to compare a file against a recent revision.


The Sidebar preferences have a setting: “Allow keyboard focus in sidebar lists”.


Differences windows gain keyboard navigation in the sidebar, which was not previously possible.

These are all great.

The “Expert Preferences” section of the Preferences window lists available expert preferences (which can be manipulated from the command line), their current values, and their default values. Preferences which have been changed appear in boldface in the list.


The bbedit command-line tool gets a new argument: --preview. You can use this to open a preview on an existing file, remote URL, or pipe data without opening a document.


Added “Cut Line”, “Cut Line & Append”, “Copy Line”, and “Copy Line & Append” to the Edit menu, as modifiers of Cut/Copy. (The factory defaults are Control for the non-append versions, and Control-Shift for the append versions.) These can be used to perform the respective operations on a line without needing to select it.

I like these additions, too.

The price has increased from $50 to $60 (or $4/month or $40/year in the Mac App Store), with upgrades still at $30.

See also: Jason Snell.


Update (2024-01-23): See also: Adam Engst and Hacker News.

AirDrop Log Dehashing

Lawrence Abrams (MacRumors):

A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple’s AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content.


To get around censorship in the country, people turned to Apple’s AirDrop feature, which doesn’t require cellular service and uses Bluetooth and a private Wi-Fi network to send images and photos between devices.


The research institute says the sender’s device name, email address, and mobile phone number are hashed in the iOS device logs.

Using rainbow tables, the researchers claim to have been able to dehash these fields to gain access to the sender’s information.

It’s not clear to me why this information needs to be logged at all, nor why the government would want to alert Apple to fix this.

Matthew Green:

To make a long story short: a Private Set Intersection protocol takes a set of strings from the Sender and a set from the Receiver. It gives one (or both parties) the intersection of both sets: that is, the set of entries that appear on both lists. Most critically, a good PSI protocol doesn’t reveal any other information about either of the sets.


For a variety of mildly defensible reasons — which I will come back to in a moment — Apple does not use a secure PSI protocol to solve their AirDrop problem. Instead they did the thing that every software developer does when faced with the choice of doing complicated cryptography or “hacking something together in time for the next ship date”: they threw together their own solution using hash functions.


A second important issue here is that the hash identifiers are apparently stored in logs within the recipient’s phone, which means that to obtain them you don’t have to be physically present when the transfer happens. You can potentially scoop them out of someone else’s phone after the fact.


Hence there is a legitimate question about whether it’s politically wise for Apple to make a big technical improvement to their AirDrop privacy, right at the moment that the lack of privacy is being viewed as an asset by authorities in China. Even if this attack isn’t really that critical to law enforcement within China, the decision to “fix” it could very well be seen as a slap in the face.


Update (2024-01-30): Jason Snell:

To a certain degree, Apple relies on stories like this staying under the radar. Inaction can be presented as either ignorance or tacit compliance, whereas taking steps to improve the privacy of AirDrop might be construed by Beijing as a challenge to its authority—a stick situation for Apple, given how much it relies upon its relationship with the country for the production of its devices. But Apple also makes privacy a huge selling point of its devices—a subject of ad campaigns, a highlighted section in virtually every keynote—and the company surely doesn’t want to have to append an asterisk to all of those claims with the footnote “Except in China.”

Sean Lyngaas and Brian Fung (via Hacker News):

Security researchers warned Apple as early as 2019 about vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they recently used to track down users of the feature, the researchers told CNN, in a case that experts say has sweeping implications for global privacy.

Displaying Progress Is Hard

Howard Oakley:

When I copied some files from iCloud Drive, instead of seeing a progress indicator reporting that they were being downloaded from iCloud, the dialog claimed that it was “preparing to move” the document in question. These preparations took some considerable time, during which the Finder’s status bar revealed what was actually taking the time: it was “downloading 1 item”, and reported its progress in doing so. For much of that time, the progress bar in the dialog showed that its ‘preparations’ were actually complete.


What happens when the sparse file can preserve the special format during copying, is that the determinate progress bar assumes the worst, and the full size of the file is used to calculate progress. When the amount of data transferred reaches the sparse file size on the destination, long before the bar has even got to 50%, the copy suddenly completes, apparently after only a small part of the task has been completed, leaving the user as surprised as the Finder must have been.

Unfortunately, there appears to be no way to discover in advance how much data will need to be transferred.


Easier Mac Audio App Installs

Paul Kafasis:

As a result of changes Apple made back in MacOS 11, our apps have been stuck with a setup process that’s much more complicated than we’d like. Currently, an annoying restart is required to get going on Intel-based Macs. Setup is even more burdensome on Apple’s newest M Chip-based Macs, with multiple restarts required, as well a change to the Mac’s “Security Policy”. This has been a notable pain point, which comes before a user even has a chance to try the app. It’s been very frustrating for us to not be able to do better for our customers, and there’s no doubt that this has deterred people from using our products.

We’re now very close to removing those obstacles completely. We’ll soon be shipping updates that simplify things immensely. In fact, Airfoil, Audio Hijack and Piezo will feature an installer-free setup that won’t even need your administrator password. Meanwhile, Loopback and SoundSource will use a new audio capture plugin called ARK that won’t require a single system restart. It’s going to be an incredible improvement to our user experience.

Hopefully the new interfaces they’re using are more reliable than MailKit.


Update (2024-03-14): Chris Barajas:

Under the hood, however, there are massive changes. Now, anyone getting started with Piezo can do so without needing to install additional components, nor even enter an admin password.

Update (2024-04-08): Paul Kafasis:

Audio Hijack has now been updated to provide our new installer-free setup on MacOS 14.4 and up.