Archive for February 2024

Thursday, February 22, 2024

MacSymbolicator 2.6

Mahdi Bchatnia (via Daniel Jalkut):

A simple Mac app for symbolicating macOS/iOS crash reports.

Supports symbolicating:

  • .crash and .ips crash reports
  • sample and spindump reports

Muse Retrospective

Adam Wiggins (via Peter Steinberger):

You’ve probably seen the meme about product distribution, and I went into this venture knowing that productivity software is particularly difficult to market.


I’m deeply grateful to the folks inside the App Store editorial team who were rooting for us from the beginning. Getting featured here really is a game-changer. […] Also, leads that came via the App Store were very low quality. People would rarely see our website, or even read much on the App Store listing page. They would just think “oh cool a new whiteboard app, I’ll try it” and then immediately bounce out at the first moment of confusion or friction inside the app. Often coupled with a one-star review!


But we were often running up against a problem: many people followed our work via Twitter and the podcast but would say: “Love what you’re doing, but I don’t use an iPad.”


But a Mac app alone wouldn’t be enough. We needed your Muse boards to be available on both devices. After extensive experiments with iCloud (slow, unreliable, impossible to debug) and Firebase (better but not really suitable for the large data sizes our best customers had) we decided to import another piece of bleeding-edge research technology from Ink & Switch. Namely: local-first sync with CRDTs.


Apple platforms are great, but you have to be on the web. In terms of development speed, quality of the resulting product, hardware integration, and a million other things: native app development wins. But ultimately your product does have to have some web presence. My biggest regret is not building a simple share-to-web function early on, which could have created some virality and a great deal of utility for users as well.


2023 Six Colors Apple Report Card

Jason Snell (Hacker News):

John Gruber wrote: “By the end of the year, every single Mac in the lineup, save one [the Mac Pro], is arguably in the best shape that model has ever been.


Matt Deatherage wrote: “It’s difficult to ding Apple’s Mac performance. With Apple Silicon leading the way, the Mac hardware seems to be hitting all the sweet spots, and even the iMac finally got an M3 upgrade after 2 1/2 years. But they might as well have named the Mac Pro the ‘Mac Elite,’ priced way out of range for most professionals in most jobs. macOS security features that were individually good ideas have become a tangle of dozens of dialog boxes that simultaneously demand immediate attention and won’t respond because other dialogs are popping up.

“Apple pours its Mac resources into technologies we now know are critical to Apple Vision (VRKit, ARKit, Metal). Meanwhile, critical systems like Mail lose old plug-in functionality in favor of extensions that lack key features (and don’t implement their documented features thanks to bugs that go unfixed for years). Even using newer replacements for older kernel extensions (like Rogue Amoeba) still requires kernel access, a security setting that requires two reboots and disables Apple Pay. It’d be nice if 2024 Macs weren’t missing productivity features from 2008 Macs.”


[John Siracusa:] “Apple’s pricing for Mac storage and RAM upgrades has been absurd for decades, but the lack of most other forms of configurability in recent years has really highlighted this problem. Apple seems to be carrying all of its (considerable) Mac profit margins on the backs of these two options, leading to upgrade prices that are often four times higher than market prices for the same amounts of storage and memory.


David Sparks wrote: “The iPad, to me, remains a disappointment not because of what it is but because of what it could be. I use mine often, but also often set it down because the next thing I need to do is too difficult (or impossible) on iPad. When the iPad launched (in 2010), I expected it would be much more than it is now in 2024. It may be unfair to judge a product against expectations, yet I feel, at this point, it is justified.”


Alex Lindsay wrote: “I hate the silver controller and greatly dislike the evolution of the Apple TV interface. It really seems like Apple has given up the simplicity that made the Apple TV great and are slowly falling back to what everyone else does. As someone that has bought every Apple TV since v1 and uses it as my sole entertainment device, it find these developments frustrating.”


[Josh Centers:] “Apple’s developer relations have never been worse and it would take years to repair the damage, assuming Apple even cares.”

Note that the developer relations comments were made before the recent developments with external links, the DMA and marketplaces, and PWAs.

Nick Heer:

My expectations are not that high. I only wish MacOS, in particular, would not feel as though it was rusting beneath the surface.

I’m shocked that the software quality ratings are as high as they are (an all-time high of 3.6/5), with some people even writing 5/5. iOS certainly has fewer issues than macOS, but even there I’m constantly running into bugs as well as well as missing features like reordering Lock Screen widgets that feel like bugs.

Steve Troughton-Smith:

Pundit opinion of iPad is in a nosedive, in a year where even ports of Final Cut and Logic couldn’t save it.

iPad is scoring lower than the Mac did in 2016 with the butterfly keyboard debacle, and iPad doesn't even have a debacle to blame.

Here are my responses:

Mac: 3 Mac hardware is in a great place except for the lack of options for displays larger than the iMac. SSD pricing is looking even more unreasonable. It’s a shame that the Magic peripherals still use Lightning. The software side is still a mess, both in terms of reliability and design. I like Safari profiles.

iPhone: 4 The iPhone 15 Pro is great, though I’m not totally happy with the camera processing and depth of field. The iPhone 15 is way too slippery. I still wish for a smaller phone. iOS 17 is fine, though not very exciting.

iPad: 3 No new hardware except for the USB-C Pencil and minimal software improvements. The lineup remains confusing. I still haven’t really found what iPad is good for. It can do a lot, but any given task is almost always better on either my Mac, my iPhone, or my Kindle.

Apple Watch: 4, Wearables: 4 Apple Watch hardware continues to improve, though the software, particularly complications, continues to be a bit buggy. Why can’t on-device Siri do more? Not much happened with AirPods this year. Most models still use Lightning, but they work well.

Apple TV: 2 The hardware and remote haven’t improved. The software is poorly designed and increasingly unreliable.

Services: 1 I continue to have reliability problems with iMessage, and this year it lost several months of conversations. There was also a widespread bug where editing related names in Contacts would delete them from all devices. Siri is still slow and unreliable. The services apps are just not good.

HomeKit/Home Automation: 2 I got my first HomePod. The hardware is good, but I was shocked that there’s a bug where it can’t actually see many of the albums I’ve purchased from the iTunes Store. The automation features are more clunky and limited than I expected given how long the’ve been around.

Hardware Reliability: 5 All my hardware has been working well this year.

Software Quality: 1 Everything on macOS, and to a lesser extent iOS, still feels buggy: the same old bugs that never get fixed, plus some new ones. Bug reports are ignored. macOS Sonoma replaced Mail plug-ins with Mail extensions, but even after three major releases the API still doesn’t work properly. Sometimes Gatekeeper erroneously reports that apps downloaded from outside the Mac App Store are damaged and refuses to open them, with no way to override this except using Terminal—the worst possible first launch experience. Xcode 15 shipped with known bugs that prevented building apps for older versions of macOS, and it took three months for these to be fixed. It has now been almost ten years since Swift was released, and the compiler is still buggy and slow. SwiftData shipped this year in an immature state.

Developer Relations: 2 The same old issues with the App Store, documentation, and communication. Nothing seems to be getting better. Apple does not act as though it really cares about developers or their success, and developers see Apple as more an impediment than a help in building, maintaining, and distributing their products.

Social/Societal Impact: No vote [This is such a sprawling category that I never know how to boil it down to a number.]

See also:


2023 Apple Vision Accessibility Report Card

AppleVis (via Shelly Brisbin):

The 2023 Apple Vision Accessibility Report Card reveals slightly decreasing satisfaction with VoiceOver features and user experience across iOS, iPadOS and macOS compared to 2022, contrasted by mostly improved ratings for braille and low vision capabilities. While reactions to new 2023 vision accessibility features were moderately more positive with a 3.7 average rating compared to 3.5 in 2022, Apple’s performance in addressing critical bugs remains low at 3.0. Overall the latest report card points to regressions in the VoiceOver experience but progress expanding support for braille and low vision users, tempered by persistent dissatisfaction regarding bug fixes.


Jimmy wrote: It feels like Mac OS Voice Over has been left abandoned, and fallen behind its iOS version very far by now. There are so many helpful features offered on iOS that the Mac version does not. Examples include the ability to leave out unnecessary voice off of rotor selection, ability to customise Voice Over’s default keyboard commands or shortcuts, and the AI-powered screen recognition and image description features (not that although the option does exist on Mac, but its practical capacity is far inferior).


Bruce Harrell wrote: Apple takes entirely too long to fix serious bugs, such as safari not responding and voiceover focus. I no longer upgrade MacOS until the following August on the theory it will take Apple until August to correct MacOS accessibility bugs as much as they will, and I am very reluctant to upgrade IOS for the same reason.


In one question, we ask about the new accessibility features introduced in 2023. To help you answer this question, we recommend taking a look at the preview of these features and Scott Davert’s blog post discussing what’s new in iOS 17 accessibility for blind and deaf-blind users.


Wednesday, February 21, 2024

iMessage With PQ3

Apple (via Ivan Krstić, because there is no RSS feed, Hacker News, MacRumors):

Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.


To mitigate risks from future quantum computers, the cryptographic community has been working on post-quantum cryptography (PQC): new public key algorithms that provide the building blocks for quantum-secure protocols but don’t require a quantum computer to run — that is, protocols that can run on the classical, non-quantum computers we’re all using today, but that will remain secure from known threats posed by future quantum computers.


To best protect end-to-end encrypted messaging, the post-quantum keys need to change on an ongoing basis to place an upper bound on how much of a conversation can be exposed by any single, point-in-time key compromise — both now and with future quantum computers. Therefore, we believe messaging protocols should go even further and attain Level 3 security, where post-quantum cryptography is used to secure both the initial key establishment and the ongoing message exchange, with the ability to rapidly and automatically restore the cryptographic security of a conversation even if a given key becomes compromised.


Support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and is already in the corresponding developer preview and beta releases. iMessage conversations between devices that support PQ3 are automatically ramping up to the post-quantum encryption protocol.

The obvious question is, but what about iCloud backups? Advanced Data Protection is off by default, and most users leave it off, so most messages are not truly end-to-end encrypted, and this won’t change that. Jason Snell implies that iCloud backup with Advanced Data Protection does support PQ3, but Apple’s blog post doesn’t mention backups or ADP at all.

Steve Troughton-Smith:

Apple’s encryption may be quantum-computer-proof, but it’s not lawmaker-proof. And that’s a weak link that absolutely will be exploited, someday. E2EE is a luxury that can be snatched away in an instant, a false sense of security in an increasingly dangerous world.


Signal Usernames

Randall Sarafa (Mastodon, Hacker News):

If you use Signal, your phone number will no longer be visible to everyone you chat with by default.


If you don’t want to hand out your phone number to chat with someone on Signal, you can now create a unique username that you can use instead (you will still need a phone number to sign up for Signal). Note that a username is not the profile name that’s displayed in chats, it’s not a permanent handle, and not visible to the people you are chatting with in Signal. A username is simply a way to initiate contact on Signal without sharing your phone number.


If you don’t want people to be able to find you by searching for your phone number on Signal, you can now enable a new, optional privacy setting. This means that unless people have your exact unique username, they won’t be able to start a conversation, or even know that you have a Signal account – even if they have your phone number.

Tjaden Hess:

How does this work under the hood? Let’s take a look!


Kaleidoscope 4.3.1

Florian Albrecht:

Now I have several pieces of text in Kaleidoscope, each represented by an entry in the File Shelf. In this case, we can see that “files” in File Shelf can also be temporary clipboard content. Further on in this post, we will also see that they can be the results of Unix pipes or Git revisions of a file.

Most of the time, it’s much quicker to take parts from two different versions that I like. But even then, I tend to change a few bits.

To solve that puzzle, we need a slightly different approach. First, I make sure that the two best versions are selected as A and B. Then I select Merge > New Merge from Comparison from the menu. This opens a new merge document with the two previously selected results as A and B and a merged version in the middle. Now I can copy from A and B to the result as I like, and I can also freely edit the merged result.

Florian Albrecht:

It’s not uncommon that files will be moved or renamed over time in a Git repository. Kaleidoscope can now track those changes. It shows the entire history of a file, across name and path changes. The commit details popover informs about any change in files name or location for that commit. The filter at the bottom of the File History allows searching for all past names of a file.


Kaleidoscope 4.3 looks at the remote of a Git repository. When it detects a common one, such as a GitHub, GitLab or Bitbucket URL, it tries to be smart and automatically offers links to tickets, commits, and branches.


The beauty with Kaleidoscope 4.3 is that this Markdown content is now being rendered properly, making digging into past work on a file much easier and more fun.


VirnetX v. Apple Over Because VPN Patents Invalidated

Juli Clover (2023):

Apple has been embroiled in a patent dispute with VirnetX for well over a decade, and the company today won an appeals verdict that could ultimately save it from having to pay VirnetX $502.8 million in patent infringement fees.


Apple in 2020 was ordered to pay VirnetX $503 million for infringing on VPN patents owned by VirnetX with the iPhone’s VPN on demand feature. The two patents that have been invalidated were involved in that lawsuit, and now Apple might get the entire judgment vacated.


Regardless of how this case plays out, Apple was forced to pay VirnetX $440 million for violating VirnetX’s communications security patents with the FaceTime and iMessage features.

Juli Clover:

The United States Supreme Court today said that it will not hear the VirnetX vs. Apple patent case, putting an end to a 14-year-long legal battle and ultimately saving Apple $502.8 million.


After Apple appealed the initial 2020 ruling, it was able to point to the invalidation of the patents and get the initial award vacated by the federal appeals court. VirnetX attempted to escalate the patent invalidation case to the Supreme Court, but has been denied.


Tuesday, February 20, 2024

1Password Acquires Kolide

Jeff Shiner:

Why would 1Password acquire a device health and contextual access management solution? The reality is that access isn’t secure if the device doing the access isn’t secure. This is part of the complexity of the modern way we work. Every device, regardless of location, must be secure – just as every log-in, regardless of location, employee, or type of device used, must be secure.

This is where Kolide fits into the 1Password story. Kolide is a leader in device health and contextual access management, and companies need a way to ensure that both the device used and every access request are secure. What also makes Kolide particularly compelling is how the company has taken a similar approach to 1Password and works to enlist employees to deliver better security. This is only possible by providing employees with tools that make security easy to use and adopt, enable them to secure their own activities, and provide them with the context to make the right decisions at the right time.


Kolide is a powerful tool to help your company reach its compliance goals through the power of end-user self-remediation. We leverage the principles of Zero Trust to block a device from accessing your company’s SaaS apps and other resources if it isn’t running the Kolide agent or passing specific requirements.

Jason Meller:

Kolide’s product isn’t going anywhere. More importantly, we (the humans of Kolide) aren’t going anywhere. As part of 1Password, we expect our roadmap to both accelerate and become more ambitious. As a fully intact team, we are continuing to build, iterate, support, and sell Kolide within 1Password.


It’s been clear since the launch of Device Trust that we need to get these capabilities into everyone’s hands. 1Password shares the same spirit and heart that made it possible for us to create a product like Kolide in the first place. Together, we can get the best way to secure devices and apps into everyone’s hands, no matter who you are.


We will continue to support and sell the Okta integration to existing and new customers. We have no plans to stop offering Device Trust via Okta, only to grow and expand it, including adding support for Okta’s newly released features.

Epic Gets New Developer Account

Juli Clover:

Epic Games today announced plans to bring the Epic Games Store to iOS in the European Union, with Apple reinstating the company’s developer account.


The Epic Games Store will launch on iOS in the EU at some point in 2024, and it will provide a way for Epic Games to bring a Fortnite app to iOS once again.


While working to implement the Epic Games Store on iOS, Epic also plans to continue to “argue to the courts and regulators that Apple is breaking the law.”

Tim Sweeney:

I’ll be the first to acknowledge a good faith move by Apple amidst our cataclysmic antitrust battle, in granting Epic Games Sweden AB a developer account for operating Epic Games Store and Fortnite in Europe under the Digital Markets Act.

It sounds like their developer account was not reinstated, but rather they got a new account for a different legal entity that operates in Europe. It does not sound like they will be using this account to bring back Fortnite for Mac.

Tim Sweeney:

We never understood why Apple killed Fortnite for Mac. Fortnite was never on the Mac App Store and broke no Mac App Store rules. Perhaps someday Apple will explain why they killed Fortnite for iOS while not enforcing the same rules against Facebook, Roblox, and others.

Recall that the account used for the Mac version of Fortnite was associated with the separate Epic International entity that did not violate the App Store guidelines.

John Gruber:

Apple plays hardball, for sure. And Apple has a long institutional memory and knows how to hold a grudge. But Apple is not a spiteful company. Apple likes its corporate nose right where it is — on its face. They play hardball strategically — to their own advantage first, to their users’ advantage second. That’s something Apple’s most vehement critics just don’t get. Setting up Epic to be a winner under their DMA compliance also sets Apple up to be a winner.

It does seem spiteful that Apple didn’t restore Epic’s main developer account, or the Unreal Engine account, even after publicly stating that they would do so. Epic had wanted to bring back Fortnite in South Korea after the Telecommunications Business Act required Apple to allow external purchases there.

It would be quite the public relations coup for Apple to get Epic and Tim Sweeney on their side. And game stores in particular seem like a perfect fit for Apple’s marketplaces, because games primarily monetize by getting players to pay, not just be tracked to be shown ads. Strange times make for strange bedfellows.


Sonar 1.1.2

Made by Windmill (via John Gruber):

A native Mac app for GitHub and GitLab Issues.


Change task titles, assignees, and labels, all on one line. No need to leave your keyboard — just enter “@” for assignees and “#” for labels.


Intuitively change multiple tasks’ attributes at the same time. Just select multiple tasks in the list, and edit attributes in the Inspector.


Priorities are a first class citizen in Sonar. Priorities show up as labels to others, so your coworkers aren’t left in the dust.


Sonar constantly updates search results as you’re typing.


Switch between Smart Filters for custom views of your tasks. Change how tasks are grouped to get a better perspective.

I’m storing my code on my own server and using EagleFiler to manage my issues, but if I were using GitHub I’d give this a serious try. It seems to be well done.

It says “no subscriptions or purchases required,” but as far as I can tell that just means there’s a free trial. Beyond that, it costs $5/month or $39/year.


EU to Fine Apple Over Anti-Steering Rules

Tim Hardwick (Hacker News):

Apple is set to be hit with a €500 million ($538 million) fine for allegedly breaking EU law over access to music streaming services, according to a Financial Times report.

The focus of the European Commission’s investigation has been Apple’s policy of preventing streaming music apps from informing iPhone and iPad users within the app that lower subscription prices are available when signing up outside of the App Store.


According to the paywalled FT report, the Commission will say Apple’s actions are illegal and go against the bloc’s rules that enforce competition in the single market. Subsequently, it will ban Apple’s practice of blocking music services from letting users outside its App Store switch to cheaper alternatives, which has historically given Apple Music an unfair advantage.


Monday, February 19, 2024

Fraudulent Rabby Wallet App

Filipe Espósito:

As shared by Rabby Wallet on X (via CoinTelegraph), there’s an imposter app available on the App Store using the platform’s name and identity. Named “Rabby Wallet & Crypto Solution,” the app has been available on the App Store for at least four days. On Reddit, some users claim to have had their money stolen by the fake crypto app.


Affected users have been trying to contact Apple to warn the company about the scam, as well as the real developers behind Rabby Wallet. However, days later, the imposter crypto app remains available on the App Store. Furthermore, Rabby Wallet claims to have submitted its official app to the App Store, but Apple approved the fake app before the real one.

Unfortunately, this is not the first time that a fake Rabby Wallet app for iOS has been approved by Apple.

See also: Apple Support Community.


Update (2024-02-20): John-Anthony Disotto:

It appears that the fake Rabby Wallet application is no longer available as iMore wasn’t able to access the listing on the App Store, but the damage has, unfortunately, already been done.


While every app on the App Store goes through a strict approval process, some can fall through the cracks, like in 2021 when one iPhone user lost $600,000 in Bitcoin to a similar crypto app scam.

Hidden Messages Features in iOS 17

Tim Hardwick:

If you press and hold the + button, you will be dropped straight into your photo library, ready to select the pictures you want to send.


Thankfully, in iOS 17, Apple improved the search function so that you can combine search queries and narrow down results to quickly find the messages that you’re looking for. If you’re looking for an image or link from a certain person, for example, first type in the person’s name, then tap “Messages with: [person’s name]”.

Next, select the “Photo” or “Link” filter that appears, and Messages will narrow down the search results further. You can then enter an additional keyword and Messages will show you any links or pictures containing the word. Alternatively, you can start a search with a keyword and then filter the results by person, link, photo, or location.

The Messages feature I’d like to see is being able to Tapback or easily reply from within a notification on macOS.


iOS RCS Support Due to China

John Gruber (9to5Mac, Hacker News):

So even if iMessage had been deemed a “gatekeeper” messaging platform by the European Commission — which it was not — adding RCS support to the iPhone Messages app would not have mattered a whit when it came to DMA compliance.


But then why did Apple do a 180° turn on RCS? I can’t say for certain, alas, but after spending the last few months periodically poking around the trees inhabited by little birdies, I do have good news for fans of coercive government regulation. Apple’s hand was effectively forced. But by China, not the EU.

Chinese carriers have been proponents of RCS for years, and last year, the Chinese government began the process of codifying into law that to achieve certification, new 5G devices will be required to support RCS. (Here’s a good English translation on Reddit of the parts relevant to Apple.) Shockingly, the Chinese government seemingly isn’t concerned that the RCS standard has no provisions for encryption. The little birdies I’ve spoken to all said the same thing: iOS support for RCS is all about China.

Eric Schwarz:

Personally, the current state of iPhone-to-Android SMS/MMS is terrible, so I’m looking forward to RCS—it’s not something my Android-using pals need to adapt to message me with other services or half-baked iMessage implementations. Is RCS perfect? No, but it’s a drop-in-place improvement over what we currently have.


Update (2024-02-20): See also: MacRumors.

Reporting a Full Disk Access Bug to Apple

Beatrix Willius:

Update from Ventura to Sonoma.


It is still possible to access the Mail folder even though FDA has been revoked. This also happens for other apps like Find Any File. I revoked FDA for Find Any File and was still able to search for emails in the Mail folder.


On 21-Sep-2023, I reported the bug to Apple as a security issue. Apple requested videos demonstrating the problem, code snippets, and screenshots. This took place over several weeks in November. At some point between the end of November 2023 and February 2024 the case was closed. Apple stated that they were not able to identify a security issue[…]


Friday, February 16, 2024

The SwiftUI Field Guide

Chris Eidhof:

We built this website to visually explain how the SwiftUI layout system works, and we hope you find it useful.

To make the examples work, we ported large parts of SwiftUI’s layout system to TypeScript. While we’ve tested our implementation extensively, there might still be discrepancies between SwiftUI’s behavior and what you see here.

Christian Tietze:

As a resource to learn, the approximations are more than good enough. They are excellent and by virtue of being interactive, they are also much better to get a feeling for everything than the SwiftUI documentation’s images can ever be. There’s only so much an API documentation can teach you before you need to observe how it really behaves.

Since it’s in a browser, the preview is of course even faster than Xcode Previews would be, and without the crashes. (Oh, the crashes …)

Update (2024-02-20): Chris Eidhof:

There are so many little fun details in there: the site changes color when you’re in dark mode (and the “SwiftUI” colors change, too). The code is formatted using a pretty printer, making it responsive on mobile (this isn’t perfect, but in most examples it is better than doing nothing). The more complex animations are done in “SwiftUI”.

Meta to Pass Along Fee for Boosted Posts


To support the millions of small businesses that use boosted posts on Facebook and Instagram, advertisers can now go to and on mobile and desktop to boost their content and avoid a 30% Apple service charge.

The Apple service charge is a result of updates Apple made to the App Store Review Guidelines. Starting later this month, when an advertiser uses the Facebook or Instagram iOS app to Boost a post, they will be billed through Apple, which retains a 30% service charge on the total ad payment, before any applicable taxes. This service charge is retained by Apple, not Meta.

In other words, they are charging extra if the payment is processed by Apple, passing Apple’s fee along to the customer. You can avoid the fee by purchasing on the Web, but they probably aren’t allowed to tell you that in the app.

We are required to either comply with Apple’s guidelines, or remove boosted posts from our apps. We do not want to remove the ability to boost posts, as this would hurt small businesses by making the feature less discoverable and potentially deprive them of a valuable way to promote their business.


Another change happening as a result of Apple’s update is that advertisers will need to go through a different payment process when boosting posts through the Facebook and Instagram iOS apps. Unlike the previous experience, where advertisers were charged after their boosted posts ran, businesses on iOS will now be required to pay in advance, and add prepaid funds to their account to draw from to boost a post.

Joe Rossignol:

“We have always required that purchases of digital goods and services within apps must use In-App Purchase,” said Apple, in a statement shared with MacRumors today. “Boosting, which allows an individual or organization to pay to increase the reach of a post or profile, is a digital service — so of course In-App Purchase is required. This has always been the case and there are many examples of apps that do it successfully.”

As Rossignol points out, Apple loves to say stuff like this even when it clearly isn’t true so that they can pretend they’ve never raised any fees. Meta has been selling boosts for years without paying this fee, which is why Apple updated the rules in 2022 to say that the policy was changing. The statement above is the exact same one they offered to the press at that time. If boosting has always required a fee, why did Phil Schiller testify in the Epic trial that Apple had never taken a cut of ad revenue? The bottom line is that Apple changed the rules and gave Facebook a special temporary exception that was not available to other developers.


iOS 17: Assistive Access

Mike Rockwell:

Assistive Access gives you a simplified, focused interface with access to only the apps and features you choose to enable. It was designed for people with cognitive disabilities, but there are plenty of other uses.


Some applications are built with Assistive Access in mind. Those applications offer an entirely different user interface than what you get from the app in the traditional iOS Home Screen experience. I wish that there was an option to just use the non-Assistive Access version of each app.


Lastly, it doesn’t seem that there is a way to use Bluetooth or AirPlay speakers at all while in Assistive Access.

It’s kind of like At Ease for iOS.


U.S. Internet Leaked Years of E-mails

Brian Krebs:

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser.


Hold Security founder Alex Holden said his researchers had unearthed a public link to a U.S. Internet email server listing more than 6,500 domain names, each with its own clickable link.

Drilling down into those individual domain links revealed inboxes for each employee or user of these exposed host names. Some of the emails dated back to 2008; others were as recent as the present day.

I’ve never seen anything like this.


On the Insecurity of Software Bloat

Bert Hubert (via Hacker News):

The really short version: the way we build/ship software these days is mostly ridiculous, leading to 350MB packages that draw graphs, and simple products importing 1600 dependencies of unknown provenance. Software security is dire, which is a function both of the quality of the code and the sheer amount of it. Many of us know the current situation is untenable. Many programmers (and their management) sadly haven’t ever experienced anything else. And for the rest of us, we rarely get the time to do a better job.

In this post I briefly go over the terrible state of software security, and then spend some time on why it is so bad. I also mention some regulatory/legislative things going on that we might use to make software quality a priority again. Finally, I talk about an actual useful piece of software I wrote as a reality check of the idea that one can still make minimal and simple yet modern software.

I hope that this post provides some mental and moral support for suffering programmers and technologists who want to improve things. It is not just you, we are not merely suffering from nostalgia: software really is very weird today.

Niklaus Wirth:

Reducing complexity and size must be the goal in every step—in system specification, design, and in detailed programming. A programmer's competence should be judged by the ability to find simple solutions, certainly not by productivity measured in “number of lines ejected per day.” Prolific programmers contribute to certain disaster.


With Project Oberon we have demonstrated that flexible and powerful systems can be built with substantially fewer resources in less time than usual. The plague of software explosion is not a “law of nature.” It is avoidable, and it is the software engineer’s task to curtail it.

See also: Bert Hubert (via Bruce Schneier).


Update (2024-02-20): See also: Hacker News.

Thursday, February 15, 2024

Slack at 10

Elizabeth Lopatto:

That’s one reason why Slack, the workplace chat app that formally launched 10 years ago today, is so unusual. Slack was the rare piece of enterprise software that spread through word of mouth, because it was actually, you know, good.


Slack was not the only text-based communications software. Besides Skype chat and Gchat, there were also other startups: HipChat, Yammer, and Campfire. Slack tested out these products to see what didn’t work with them and discovered two things they could improve on: notifications and keeping a person’s place when they switched between mobile and desktop. That meant that even though Slack wasn’t doing head-to-head marketing — or indeed, any marketing at all — customers kept leaving other platforms and coming to Slack because it worked better.


Because so many people were using Slack in their work lives, some of its features started leaking out. For instance, Slack introduced emoji reactions — to reduce noise, people could just respond with a checkmark to show they’d read something. This spread from Slack back into consumer software. Tapbacks on iMessage feel like a response to Slack. Even Facebook, which had a like button, didn’t add other options until later. “I think we were the first to do it on a broad basis within the workplace,” Rodgers says. “We saw reactions show up everywhere within a couple years. I can remember one day opening GitHub of all things, and they had a reaction bar.”

Personally, I find Slack to be worse than forums and mailing lists.


Mac App Launches Slowed by Malware Scan

Jeff Johnson:

macOS is periodically scanning FileMerge for malware on launch, which causes very slow app launches. I don’t know what the exact period is between scans, but rebooting the Mac seems to reset the cache[…]. I’ve noticed the same syspolicyd malware scanning and consequent slow launches with some other apps such as Xcode itself, Google Chrome, and Wireshark. You can even see syspolicyd spinning up % CPU in Activity Monitor when the malware scan happens.


I also saw somewhat slow launching from another app bundled with Xcode, Accessibility Inspector. This app is larger than FileMerge, yet it launches much more quickly. I suspect the reason is that it links to fewer Xcode frameworks[…]


You may remember our friend syspolicyd as the process that phones home to Apple when running unsigned executables. It was also the culprit in making Xcode tools slow after reboot.


I’ve now confirmed that disabling SIP does indeed eliminate the syspolicyd malware scan. Xcode launches so fast, it’s beautiful.


Activation Behavior of a Global Command Palette

Art Lasovsky:

To improve this, we can add NSApplicationDelegate to our app and set the activation policy to .prohibited in the applicationWillFinishLaunching(_:) method. Then, in the applicationDidFinishLaunching(_:) method, we can set the activation policy to .accessory(or .regular if we want the dock icon to be visible).

This way, the app will launch without stealing focus.


We override the close() method and add NSApp.hide() to deactivate the app after closing the window.

By overriding the cancelOperation(_:) and resignKey() methods, we ensure that our launcher will be closed when the user presses the Esc key or selects another window.



Wade Tregaskis:

As you can see, Sonoma brought with it a penchant for tinting things a gross light pink colour, including the rectangular extents of images that are otherwise invisible because they’re transparent.


In theory you can also disable this from the Quartz Debug app itself, it’s just hidden – in the Tools menu, not the actual settings window, is an item labelled “Color 1x Artwork”. Note how the setting applies even when Quartz Debugging is disabled.


I know it’s not just me that’s been afflicted by this to date, as I found a sporadic few reports of this going back years, e.g. Highly abnormal graphic glitch on yosemite / retina: all white backgrounds appear pink. It pisses me off immensely that this page has exactly the keywords I was searching for right from the start – right in its title! – yet neither Bing nor Google can find it.

He also mentions the “encrypted external drives no longer mounted automatically” bug, but I don’t think it’s new in Sonoma. I’ve been seeing it since Big Sur or so.

Apple News You Can’t Use

Joe Rosensteel (Mastodon):

Apple News+’s problems start with Apple News as an app. The page layout is both cramped, and light on all the relevant details. Headlines get awkwardly cropped, and the first impression of the app is always the front page of a newspaper where an editorial team has selected relevant stories for a mass market from a range of national publications. Severing the pieces from any wider context from those publications, but placing them next to each other to show Apple News is impartial.


The LA Times in the LA Times app is better than the LA Times in Apple News, and anyone who thinks they’re getting the fullness of a publication from their single Apple News+ subscription is absolutely not. That includes things like layouts, special reporting, recipes, etc.

Additionally, ads are also part of the Apple News app layout, and the quality of the advertising is lowest common denominator bullshit that might as well be Taboola ads.


Assuming I survive running the gauntlet that is the Apple News app and I want to share an article quickly, and easily with other people, I can’t even do that. Apple wants to hijack that relationship and would prefer I send News/News+ links. For Apple, the important thing is to grow the number of people in the News app, and grow News+ subscribers, but for me the important thing is that someone can read what I sent them to read.

The bottom line for me is that it seems to offer less control over what I see than Safari RSS did, and the reading experience is far worse than in a Web browser.

Eric Schwarz:

Every time that I give the service a try, I always quickly lose interest and then let the trial lapse. […] I found it frustrating that blocked sources and topics would still surface: even though “Sports” is a prominent section, it will show you all popular sports, no matter how many times you tell it you’re not interested in a particular one. The general tone can be best described as “cheap”—it’s not a place I enjoyed browsing.


Wednesday, February 14, 2024

Swift Collections 1.1

Karoy Lorentey (Mastodon):

This feature release adds a number of new data structure implementations, along with minor changes to existing constructs.


  • Heap implements a min-max heap, backed by a native array.
  • BitSet and BitArray are two alternate representations of a bitmap type, backed by dynamically allocated storage.
  • TreeSet and TreeDictionary are hashed collections implementing Compressed Hash-Array Mapped Prefix Trees (CHAMP). They provide similar API as Set/Dictionary in the Standard Library, but as persistent data structures, supporting incremental mutations of shared instances and efficient structural diffing.

Michael Steindorfer has written a paper and thesis about CHAMP.


Update (2024-02-21): Majid Jabrayilov:

Dictionary and Set types that Swift language provides us store values in a single flat hash table that you copy on every write or mutation. The Swift Collection package introduces TreeDictionary and TreeSet types implementing Compressed Hash-Array Mapped Prefix Trees. In other words, TreeDictionary and TreeSet types hold values in the tree-based structure, allowing the efficient updating of only the needed branches.


The TreeDictionary is still a struct, but the implementation uses the UnsafeMutablePointer type to access memory and mutate it directly without copying on write. Another benefit of the TreeDictionary and TreeSet types is the optimized way to compare because of their tree-based nature. Usually, they handle this operation in a constant time.

Mail and Preview Working Together

Wade Tregaskis:

…after I’d filled out a form PDF that was emailed to me. It had exactly the option I wanted first and foremost, to send the completed PDF back to the sender.

Sure, manually digging up the completed PDF from disk and dragging it into a Mail Compose [Reply] window isn’t hard, but it just feels so thoughtful when the system saves me the effort. Knowing that someone, somewhere, actually thought through how Mail & Preview might be used, and thought enough of their users to go to the trouble of implementing this.

This does not happen when editing an image file. Is it only for PDF forms?

Unlike with kMDItemWhereFroms, there does not seem to be a public API, e.g. so that a third-party mail client could make the same information available to Preview or a third-party document editor could access the information from Mail.

The metadata seems to be stored in the extended attribute, which seems to be encrypted. I guess this is to prevent accidentally sharing it with other Macs because on the same Mac it’s accessible using mdls. Finder also displays an envelope badge on files with this attribute and displays some of the e-mail information.

The iMessage Halo Effect

John Siracusa:

The iMessage service is not so good that it makes the iPhone more attractive to customers. It’s the iPhone that makes iMessage attractive. The iPhone gives iMessage its cachet, not the other way around.


Today, it still feels like the iPhone is carrying iMessage. Anecdotally, both my teenage children have iPhones, but their group chats with their friends take place in WhatsApp.


Apple has little to lose by expanding iMessage to other platforms, and there still may be something to be gained (even if it’s just making mixed Android/iPhone conversations in Messages a bit more smooth).


Fraudulent Kimi App

Wes Davis:

There’s a vision testing app called Kimi sitting at number eight in the Apple iOS App Store’s trending list of free entertainment apps right now (and number 46 overall for free apps!). But it’s not an app for testing your eyesight, at least not unless you consider watching pirated movies on your smartphone a form of vision testing, which, I suppose you could?


You open it, and there are just movies and TV shows right there for you to watch. There’s no splash screen and no trick to unlock the real app. It wasn’t hidden at all under a thin veneer of legitimacy.

Juli Clover:

The App Store description mentioned comparing two pictures as an eyesight test, watching scenery, and playing games, but none of those features were present in the app.


Apple pulled the app this morning after The Verge wrote about it, and it is no longer available.

This is the second time in the last week that Apple’s App Store has made headlines for questionable app approval.

Even if Apple were doing a good job of reviewing, there’s little they can do about apps that change their functionality outside of the review environment. Apple knows this but is still pretending that it’s even possible to do what they claim to do. High-profile apps like this get caught eventually, but there’s probably a large number of them that are unpopular and so stay under the radar.


Update (2024-02-16): Jeff Johnson:

Incidentally, this problem applies to Mac app notarization too. A developer can easily notarize a harmless app that software updates itself into malware.

Tuesday, February 13, 2024

JuxtaCode 1.0.2

Yori Mihalakopoulos (Mastodon):

Easily trace your code’s history, so you can better shape its future. Browse commits, compare branches, see how a file has changed over time. Gain insights into tricky conflicts and resolve them with a powerful merge tool.


Access a file’s complete history by simply opening it. A dedicated tab will show all the relevant changes from the file’s inception to the latest commit (or your local changes if you’ve made a recent edit) even if the file has been renamed or moved along the way.

As with Kaleidoscope, this quick file history works with loose files. You don’t have to open the repository first. JuxtaCode is a file comparison tool, but it acts more like a Git client here in that as you move up and down the commit list it shows you the changes made in the selected commit, whereas Kaleidoscope is mored designed around your choosing two arbitrary versions to compare.

JuxtaCode detects conflicts and surfaces the information you need to track down the underlying causes. When it comes to making fine-grained edits, the powerful and adaptive 3-way merge tool helps you weave together code from each side of the conflict.

I haven’t had the need to use this yet. The app is $40 (no subscription) with a 14-day trial.


Split View Proactive Peek and Reveal on Edge Hover

Wade Tregaskis:

It’s easy to see how some UI designer thought this was a good idea. Surely if you move the mouse near the edge of the window (or the screen, in fullscreen mode) and rest it there, it’s because you’re looking forlornly for your lost sidebar? What could be more helpful and delightful than your missing sidebar popping into view?!

Unfortunately, they have ignored that fact that there is usually already other GUI controls at the edge of the window, not the least of which being the window edge itself (for drag-resizing of the window). Scrollbars are another common inhabitant of window edges.

“Proactive Peek” is the worst of these two because not only does it change what’s under the mouse cursor just as you’re likely to click, stealing the click away from its true target, but it actually shrinks the window’s visible contents. This leads to layout changes and motion noise, particularly in web pages where it can have knock-on effects like mucking with the scroll position or causing major changes by crossing some “responsive design” threshold.

Losing the sidebar is a real problem that people encounter and get stuck on. Maybe it wasn’t such a good idea to get rid of all the borders and chrome. Proactive Peek actually is kind of delightful, but there are some issues, as he mentions. For me, it changes the Safari toolbar layout. I also wonder whether it’s obvious enough or easy enough to trigger to really help people who are lost.

Bumping macOS’s Major Version Number

Jordan Rose:

There were four good moments for Apple to switch Mac OS version numbers from 10.X to 11 […] and they missed all of them, instead eventually tying it to the Apple Silicon switchover (what would have been 10.16).

I think about this a lot. They ended up doing it with macOS Big Sur, which had major interface changes in addition to Apple Silicon. The numbers are still out of sync with iOS, and macOS has a lower number even though it’s much older. I still see a lot of confusion from people, e.g. an app requires 10.13 or later and they have 12.0 and think it isn’t supported.


Dragging From a List With SwiftUI

Marco Arment:

I wish so badly that SwiftUI’s .onMove supported multiple-item selection in a List.

I should never need to tell my customers, “That was too difficult to achieve in SwiftUI, so that feature is gone.”

It’s scary reading stuff like this because, glancing at the API, the source is an IndexSet, so it seems like it was designed to handle multiple items. How are you supposed to know ahead of time that this doesn’t work? I was hoping to see someone reply, telling Arment what he was doing wrong, but instead there were two links to forum threads about list dragging being broken.

Tim Schmitz:

This category of problem still really concerns me about the future of Apple’s UI frameworks. There are some things that were possible in UIKit that just aren’t in SwiftUI, and Apple doesn’t seem too bothered by some of them.

This is basic stuff, not obscure features. The iOS and macOS interfaces make heavy use of lists and tables. And SwiftUI was introduced almost 5 years ago.


SwiftUI 5 feels mostly feature complete on the iOS side, but List keeps being hard for Apple to get right it seems. In terms of onDelete and onMove, they have improved a bit over the years but still problematic.

On the Mac side, I periodically take a look at Shortcuts to see how it’s doing. It still doesn’t support dragging and dropping shortcuts from the list into a folder in the sidebar (even if you only drag one). It does let me re-order a multiple selection, though it also lets me try when a sort is in effect, which of course doesn’t work. Whenever I click on something in the sidebar it loses the sort and goes back to the manual ordering. I don’t know what the thinking was here.


Update (2024-02-14): Rhett Rogers:

Every time I attempt to use a SwiftUI List, I think it is perfect.

Then I actually have to make something real and it almost always falls short whenever I have to do anything with custom colors or animations. And I fall back to a ScrollView { VStack {} }.

Helge Heß:

It would be ok if it would just affect customization, I just want the stuff that is builtin. But it’s flickering and has all sorts of other weird side effects (transitions etc).


I was converting a like 3y old SwiftUI app to List end of last year assuming that it should have gotten OK by now. Still the same mess (same for LazyVStack fwiw, so as you went back to ScrollView + non-lazy VStack).

Monday, February 12, 2024

OmniFocus 4

Ainsley Bourque Olson (podcast, video):

OmniFocus 4 introduces a modernized, unified interface across Mac, iPhone, iPad, and Apple Watch. Centered around your task outline, OmniFocus 4 brings a consistent experience, optimized for each device type, to all of your Apple devices.


By default, items display assigned project, tags, due date and flag status, and selecting a row provides immediate editing access to these fields as well as the item’s note. With OmniFocus Pro, customize displayed fields on an app-wide or per-perspective basis (including re-ordering visible fields, and selecting fields to display only when editing an item).


Custom Perspectives — New flexible organization options introduce support for manually re-ordered lists and hierarchy preservation in ungrouped custom perspectives.

Back & Forward Navigation — When switching perspectives, you now have the option to go back to the perspective you came from using the new “Back” button in the toolbar. If you change your mind, you can go “Forward” again.


Widgets — Configure your Lock Screen or iPhone Standby mode with an array of OmniFocus 4 widgets. Complete items directly from updated interactive widgets on macOS Sonoma, iOS 17 and iPadOS 17. On watchOS 10, view OmniFocus widgets in the brand new Smart Stack.

It’s now a universal purchase, either from their store or the App Store. The subscription is still $10/month or $100/year. You can also still purchase perpetual licenses for $75 or $150 (Pro), and there’s a 50% discount for upgrades. This is more expensive than before if you only want a single platform but less expensive if you want both Mac and iOS/watchOS. Given that it’s historically been about 5 years between major upgrades, this definitely seems like the way to go. There’s also a Web version, which you can only get via subscription.

OmniFocus 4 has a new bundle identifier and a new SKU in the App Store. Omni lost all of their ratings and reviews, but this brings some advantages for customers. You can upgrade on your own schedule and compare the old and new versions side-by-side. They’re also sync-compatible, so you can switch back and forth between versions using your real data or continue using OmniFocus 3 on an older Mac (since version 4 requires macOS 13 or later). The two versions are easy to tell apart because version 4’s icon has a black checkmark. A downside to the new bundle identifier is that the data that doesn’t sync—view state and keyboard shortcuts—is not automatically transferred, so it takes some tweaking before you feel at home again. I also had to update my Arq configuration to make sure that OmniFocus’s files were still included in my off-site backups.


I’ve been using OmniFocus since version 1.0 when it was Mac-only. While it’s always been great, I feel the app suffered a bit in versions 2 and 3 when iOS design elements were brought back to the Mac. Version 4 is a step in the right direction, with increased data density. They’ve brought back a proper toolbar that lets me choose whether I want to see icons and/or text. The interface is more customizable, with more options to control which columns and inspector sections to show and how they should be ordered. For example, I can now put the dates at the top of the inspector and hide the title and status.

I was skeptical about the SwiftUI rewrite, because SwiftUI seems to result in Mac apps that hang or don’t feel quite right, but Omni has done a good job here. It still has great support for multiple windows, and working within a single window is also improved, as it now supports back/forward navigation. The main outline view is better than ever, with some longstanding tab navigation bugs finally fixed. There are a few glitches, which I never saw in the old version, where it temporarily shows extra empty space or section markers for tags that have nothing to show. The inspector works pretty much the same way on both macOS and iOS, and this is a rare case where neither version seems to be the worse for it. I’m not sure how much of the rest of the app uses SwiftUI, as it still seems to include a large number of nibs. The main new areas I noticed were the onboarding sequence and the sync settings, which work fine but look and feel a little different.

The only problem I encountered with the Mac version is that I temporarily lost access to my archive. The archive file is not automatically transferred to the version 4 container, and choosing it manually did not work, seemingly due to a file permissions/sandbox error. I eventually got it working by moving the file manually and, on the advice of Omni, resetting a user default so that it would let me choose the file again. Aside from that, archiving seems to work the same way as before: useful but too slow to keep my whole history in the app, and the app still locks up for a few minutes when, in January, I bulk delete all the actions for the previous year.

OmniFocus now supports bare keyboard shortcuts, which seems like it was added to work around iPadOS limitations, but it works well on the Mac, too. You can now jump directly to the field you want to edit with a single keypress. Ironically, deleting is more difficult, as you now need to press Command-Delete rather than just Delete. Omni says this is to prevent accidental deletions, but that seems unnecessary to me as many apps like Mail and Safari—and of course OmniOutliner—support bare deletion. If you make a mistake, there’s always Undo, right? (And OmniOutliner doesn’t support Command-Delete, which confuses my muscle memory.)

Part of what sets OmniFocus apart from a basic to-do list is its support for defer and due dates. This is improved in version 4, as there are now one-click buttons in the inspector to postpone by a day, week, or month, or remove the date entirely. Oddly, however, there are no keyboard shortcuts or menu commands for this. The iOS version has a Schedule submenu in its contextual menu, but this is missing in the Mac version. So I’m still relying on my AppleScripts to adjust defer dates. I assign them keyboard shortcuts using FastScripts, though similar things can also be done using the built-in Omni Automation.


Version 4 brings major improvements to the main outline. The current action now expands its view so that you can edit many fields directly, without having to open the separate modal inspector. It’s also possible to select multiple actions at once and then edit them in bulk using the inspector. Everything is more customizable. There’s now a menu at the top of the screen.

I also really like the new handling of perspectives. Previously there was a home screen showing all the perspectives, which worked well enough but required lots of swiping back and forth. Now, you can show a toolbar of perspectives at the bottom of the screen. This makes it easy to switch back and forth with a single tap, and you can also see at a glance how many actions are unfiled or flagged. The perspectives bar is fully customizable and scrollable. There’s also a button to show the full list of perspectives, and it includes a Quick Open search field for jumping to a particular project or tag. Overall, it feels a lot more like the Mac version, where I can quickly get to where I want without having to navigate up and down the hierarchy. You can also see projects and tags in the sidebar, and the focus (hoist) feature has been brought to iOS.

I have mixed feelings about the new way of creating actions. Previously, there were separate buttons for creating a new action in the inbox or in the current view. Now, there’s a single, multipurpose + button that provides a lot of functionality in a small amount of screen space. Single tapping creates a new action in the current list. Double-tapping creates one in the inbox. You can also drag the button to create a new action at a specific location within the outline. This is all very clever, but it makes the common case for me less efficient. I nearly always want to create a new action at the bottom of my inbox, and this now requires a double-tap rather than a single tap. I’ve gotten used to the new button location but not to the tapping, perhaps because double-tap doesn’t work in the quick entry view. In other words, if I’m adding a sequence of actions at once, I have to start with a double-tap and then single-tap for each additional action. I wish I could just always use a single-tap regardless of the current context.

As with the Mac version, deferring actions is also more work on iOS than I’d like. The new buttons in the inspector are an improvement, but OmniFocus doesn’t take full advantage of the contextual menu. You have to dig into a submenu, and even then you can only defer an action that already has a defer date, and you can only defer by one day. There should be a bunch of customizable options here, and I should be able to quickly defer until tomorrow by swiping to the left. Instead, the left-swipe options are to select the action (which makes sense) and to delete it (which is much easier to do by accident than on macOS—why was that concern not applied here?).

It’s great having more features in common between iOS and macOS, and I guess this is possible because of SwiftUI. Surprisingly, given SwiftUI’s relative maturity on iOS, the rewrite seems to have created more glitches in the iPhone version than on the Mac. I encountered a variety of problems with the keyboard not popping up, the + button disappearing, and counts in the perspective bar being out-of-date. Scrolling feels a lot slower than before, probably because of all the customization options. Many times, creation an action or switching to a perspective (even one with only a few actions) would freeze the app, though I haven’t seen this in a while so it may have been fixed in one of the maintenance updates. There was also a really jittery animation when creating a new action, which was finally fixed in version 4.0.5.

Lastly, there are more options for widgets now. I now have my lock screen set to show the Flagged perspective. This works well with the Always-On Display so that I’m always aware of the top two things I need to do, and it also works as a quick launcher into the app without having to swipe to unlock the phone.

Apple Watch

The watchOS app has been completely redone. Instead of being a view into a very limited portion of the iPhone app, it’s now a fully independent peer with access to all of your perspectives. This makes it much more useful. For example, I can now go grocery shopping and check items off on my watch without having to repeatedly pull my phone out of my pocket and unlock it. The screen doesn’t show many actions at once, but I have them arranged into tags so they appear in the right order, so I don’t need to do much scrolling. When not running errands, I leave the app showing the Flagged perspective, so I can quickly see what I need to do right away.

You can now create new actions by tapping an omnipresent button rather than having to long-press. (Single-tapping the button always creates the new action in the inbox, i.e. inconsistent with the iPhone app, but better.) You can Complete, Drop, Unflag, and Delete actions; there is no way to Defer them or to edit the text.

Not only does the watch app store all your data now, but it also independently syncs with the cloud. (Fortunately, you don’t have to enter your login credentials into the watch—it seems to get them from the iPhone app.) The initial sync to the watch was quite slow, kind of like how the iPhone app was on the much slower hardware back in the day. Subsequent syncs are sometimes quick but sometimes take a long time or never complete, and the app is unusably slow while this is in progress. In a suite of apps that generally works very smoothly, this is the lone area that’s really frustrating. I do prefer the new watch app, overall, because it has so much more functionality, but I just can’t count on the syncing working automatically, and so I have to consciously manage it.

Ideally, the watch app would just run in the background and stay in sync automatically—like the iPhone app does. This rarely seems to happen, even with Sync Push enabled. I use a complication that shows the number of Flagged actions, and the count is usually wrong. Still, the complication is important for quickly launching the app in order to view a perspective and, more importantly, to give it a chance to sync. The more frequently it syncs, the more likely it is for a sync to succeed. If I let the watch get too far behind, even if I’m on Wi-Fi and leave the app open, syncing will often fail. Sometimes it shows a “network connection was lost” or “SSL error has occurred” error, but other times the log is uneventful. At this point, if I leave the house it will have almost no chance of catching up using my phone’s cellular connection, and if I let it get too far behind it will prevent all my other devices from baselining and slow their syncing down, too.

When it is caught up, sometimes it will stay in sync while I’m out, and sometimes it won’t, so I have to be careful about not checking off some actions on my watch and others on my phone because that can result in both devices having an incorrect view for a while. On the plus side, I’ve found that the watch seems to be able to sync using captive Wi-Fi in stores and restaurants, even if I haven’t gotten my phone out to click through and join the network. Omni’s support seems to think my syncing problems are a recurrence of a bug they saw before. I’m optimistic in that if it’s not due to watchOS they can probably fix it.

Overall, I’m quite happy with OmniFocus 4. I think of it as a model for how to build a multi-platform app, and it seems to be a success story for SwiftUI. The data model remains rock solid, while the interface has been expanded and largely harmonized across platforms, without any of them feeling shortchanged. Apple could learn a lot from Omni’s approach.


Update (2024-02-14): See also: Justin Pot.

Friday, February 9, 2024

Apple Lobbying Against Right to Repair

Jason Koebler (Hacker News):

An Apple executive lobbied against a strong right-to-repair bill in Oregon Thursday, which is the first time the company has had an employee actively outline its stance on right to repair at an open hearing. Apple’s position in Oregon shows that despite supporting a weaker right to repair law in California, it still intends to control its own repair ecosystem. It also sets up a highly interesting fight in the state because Google has come out in favor of the same legislation Apple is opposing.

“It is our belief that the bill’s current language around parts pairing will undermine the security, safety, and privacy of Oregonians by forcing device manufacturers to allow the use of parts of unknown origin in consumer devices,” John Perry, Apple’s principal secure repair architect, told the legislature.

Maybe stop making app launches phone home to Cupertino before telling us how much you care about privacy.


Fraudulent LassPass App

Mike Kosak:

LastPass would like to alert our customers to a fraudulent app attempting to impersonate our LastPass app on the Apple App Store. The app in question is called “LassPass Password Manager” and lists Parvati Patel as the developer. The app attempts to copy our branding and user interface, though close examination of the posted screenshots reveal misspellings and other indicators the app is fraudulent.

Juli Clover:

It doesn’t use exactly the same icon and the name is a letter off, but the similarities could confuse some LastPass users.

It is unclear if the fake LassPass app is attempting to steal login information from users, but it does have options for adding passwords, email accounts, addresses, bank accounts, credit cards, debit cards, and more. It doesn’t ask for a LastPass login of any kind, but it is possible that the developer can see information added to the app.


Clone apps often make their way into the App Store , but the app impersonating LastPass is particularly concerning because it could be accessing sensitive information. It is not clear how an app mimicking one of the most popular password management apps was approved by Apple, and its discovery comes at a critical time for the company.

John Gruber:

Branscombe is correct that even isolated incidents like this hurt Apple’s arguments in favor of App Store exclusivity. But what’s the counterargument? That anything short of 100 percent accuracy at flagging scams and rip-offs renders the entire App Store review process pointless? That if, say, 1 in every 1,000 scam attempts slips through, the entire process should be scrapped? That argument can’t be taken seriously.

A few points:


Update (2024-02-14): Francisco Tolmasky:

Imagine an FDA as half-assed as the App Store, accidentally only requiring cancer warnings on some cigarettes, leading people to buy the cigarettes that “don’t cause cancer.” That’s the App Store.


A curated hellhole full of gambling traps for children that somehow still manages to let scams run for a week is nothing to be proud of, even if it is better than a competitor that isn’t even trying. Once upon a time we expected more from Apple.

iOS 17.4 Changes PWAs to Shortcuts in EU

Thomas Claburn (Hacker News):

Apple has argued for years that developers who don’t want to abide by its rules for native iOS apps can always write web apps.

It has done so in its platform guidelines, in congressional testimony, and in court. Web developers, for their part, maintain that Safari and its underlying WebKit engine still lack the technical capabilities to allow web apps to compete with native apps on iOS hardware. To this day, it’s argued, the fruit cart’s laggardly implementation of Push Notifications remains subpar.

The enforcement of Europe’s Digital Markets Act was expected to change that – to promote competition held back by gatekeepers. But Apple, in a policy change critics have called “malicious compliance,” appears to be putting web apps at an even greater disadvantage under the guise of compliance with European law.

James Moore:

We have been alerted that Apple has broken Web App (PWA) support in the EU via iOS 17.4 Beta. Sites installed to the homescreen failed to launch in their own top-level activities, opening in Safari instead. This demotes Web Apps from first-class citizens in the OS to mere shortcuts. Developers confirmed the bug did not occur outside the EU.

Hartley Charlton:

Now, when a user in Europe taps a web app icon, they will see a system message asking if they wish to open it in Safari or cancel. The message adds that the web app “will open in your default browser from now on.” When opened in Safari, the web app opens like a bookmark, with no dedicated windowing, notifications, or long-term local storage. Users have seen issues with existing web apps such as data loss, since the Safari version can no longer access local data, as well as broken notifications.


Update (2024-02-14): Bruce Lawson (via Hacker News):

Presumably Apple doesn’t want PWAs to open in third-party browsers that have more powerful features than Safari, because those would directly compete with native apps in its own App Store. However, in the EU, it can’t privilege PWAs in Safari with its own private APIs any more. And so its solution, in its spirit of malicious compliance, seems to be “if we can’t have them, nobody can!”.

Update (2024-02-16): Apple (MacRumors, Hacker, News, 3, Slashdot):

Why don’t users in the EU have access to Home Screen web apps?


The iOS system has traditionally provided support for Home Screen web apps by building directly on WebKit and its security architecture. That integration means Home Screen web apps are managed to align with the security and privacy model for native apps on iOS, including isolation of storage and enforcement of system prompts to access privacy impacting capabilities on a per-site basis.

Without this type of isolation and enforcement, malicious web apps could read data from other web apps and recapture their permissions to gain access to a user’s camera, microphone or location without a user’s consent. Browsers also could install web apps on the system without a user’s awareness and consent. Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps. And so, to comply with the DMA’s requirements, we had to remove the Home Screen web apps feature in the EU.

Apple had two years or so to prepare for the DMA, but they “had to” to remove the feature entirely (and throw away user data) rather than give the third-party API parity with what Safari can do. I find the privacy argument totally unconvincing because the alternative they chose is to put all the sites in the same browser. If you’re concerned about buggy data isolation or permissions, isn’t this even worse?

Open Web Advocacy:

There is no way to have a reliable web app that is bound to the default browser. It would mean every time you changed default browser, you would lose all your data.

Kosta Eleftheriou:

Apple citing “low user adoption” of PWAs as a reason for the lack of support. [image]

Steve Troughton-Smith:

It’s a complete coincidence that iOS killing PWAs in Europe means that PWA developers should move to the App Store if they want to be on the platform.

John Voorhees:

For anyone who was there when Steve Jobs declared web apps a ‘Sweet Solution’ when developers clamored for Apple to open up the iPhone’s OS to native apps, taking them away in the face of regulations that force Apple to open up to alternative browser engines carries a heavy dose of irony.

Thomas Claburn:

Apple made this change without notice to developers, despite Cupertino’s repeated insistence that web apps represent an alternative to native iOS apps for those unable or unwilling to abide by its platform restrictions.


Maximiliano Firtman, a web developer who works on PWAs, added, “The technical reasons behind the decision published in the document are childish and it contains many lies.”

Heath Borders:

The EU isn’t forcing Apple to make awful policy choices.

Manton Reece:

Was this statement from Apple written by a hallucinating AI? All mainstream web browsers have a strict security model for JavaScript. Cookies and local storage cannot be accessed across web apps. It’s even difficult or impossible to make certain web requests from JavaScript because of cross-site scripting and CORS limitations. The only way this could be circumvented is with a rogue web browser engine that did away with these standard constraints, but Apple already has this scenario covered because they approve every browser engine[…]

Rui Carmo:

In fact, I actually have less and less interest in developing (or even supporting developing) for Apple platforms due to this kind of deliberate and maliciously arbitrary amputation of existing features.

Steve Troughton-Smith:

Apple thought its bullshit Core Technology Fee was worth investing effort in, but not homescreen web apps 😛

“If Apple ever asked its engineers to make iOS worse in favor of making the company money, they would quit”

Turns out that was a lie. Who knew

Ian Betteridge:

I kind of think assuming that the EU is just going to go “oh noes, Apple has beated us!” is maybe, just maybe, underestimating quite how pissed off they’re going to be about Apple’s arsing about.

See also: the WebKit bug.

Update (2024-02-20): Open Web Advocacy (Hacker News):

This is emphatically not required by the EU’s Digital Markets Act (DMA). It’s a circumvention of both the spirit and the letter of the Act, and if the EU allows it, then the DMA will have failed in its aim to allow fair and effective browser and web app competition.

It’s telling that this is the feature that Apple refused to share. And it makes sense: the idea that users could install safe and secure apps that Apple can’t tax, block or control is terrifying to them.

The legal obligation to allow third-party browsers onto iOS removes their ability to set a ceiling on web app functionality via their control of Safari and the WKWebView. Suddenly Web Apps would be a viable competitor. It is particularly galling for them to cite low adoption when they have had their thumb on the scale suppressing them for over a decade.


Apple also makes tenuous, bordering on laughable, claims regarding web app security. In addition to unwarranted and unjustifiable attempts to project their own model onto competing browsers, Apple makes claims that ignore the history of web applications and browsers in providing strong privacy and security separation. Apple offers no evidence to back these assertions, and ignores the long track record of superior security of PWAs on other OSes.

Ian Betteridge:

The company has had years to prepare for this. If it got blindsided, that’s a management failure. If it’s being petulant, that’s a management failure. If it can’t devote the resources to make this work, that’s a management failure. And if this is an attempt to enforce using native APIs and the App Store rather than PWAs… well, that too is a management failure.

Mike Rockwell:

I don’t understand what Apple’s end game is with this and the rest of their “compliance” with the DMA. It seems foolish to expect regulators in the EU to turn a blind eye to Apple’s changes, which are obviously outside of the spirit the DMA’s intentions.

Tim Sweeney (Sarah Perez, Hacker News):

I suspect Apple’s real reason for killing PWAs is the realization that competing web browsers could do a vastly better job of supporting PWAs - unlike Safari’s intentionally crippled web functionality - and turn PWAs into legit, untaxed competitors to native apps.

Nick Heer:

Apple has long promoted web apps as an open and free — as in speech — alternative to the more restrictive policies of the App Store. No matter why Apple made this decision, it is trading the inherently competitive web for third-party browser engines and app distribution for reasons that, as Reece explains, are difficult to believe.

Jeremy Keith (via Hacker News):

Now Apple need to provide parity on iOS, at least for users in the EU. Again, Apple are decribing this coming scenario as an absolute security nightmare. But again, the conditions they’re describing are what already exist on macOS.

All Apple is being asked to do is offer than the same level of choice on mobile that everyone already enjoys on their computers. Rather than comply reasonably, Apple have found a way to throw their toys out of the pram.


This is a huge regression that only serves to harm and confuse users.


Presumably Apple is hoping that users will direct their anger at the EU commission instead. They’re doing their best to claim that they’re being forced to make this change. That’s completely untrue.

macOS 14.3.1

Juli Clover (release notes, full installer, IPSW):

Today’s update addresses a frustrating macOS Sonoma bug that could cause text to get randomly replaced while typing. There have been multiple complaints about the issue, which affected web pages and apps like Mail and Messages.

The problem has persisted for several months, and has been an issue through multiple versions of Sonoma.

This was clearly caused by a WebKit bug, but I’ve been intermittently seeing a similar issue with NSTextView for several years. If I replace the text storage with a new string, parts of the previous contents will sometimes come back.

See also: Howard Oakley and Mr. Macintosh.


Update (2024-02-14): Pierre Igot:

You’ve got to be kidding me… Another very MINOR update (macOS 14.3 to macOS 14.3.1), yet another avalanche of dialogs asking me reauthorize all kinds of things? All kinds of things gone or disabled AGAIN under “Privacy and Security”?

watchOS 10.3.1

Juli Clover (release notes):

According to Apple’s release notes, the watchOS 10.3.1 update adds unspecified “improvements and bug fixes.”


iOS 17.3.1 and iPadOS 17.3.1

Juli Clover (release notes):

According to Apple’s release notes, the update includes a fix for a bug that could cause text to unexpectedly duplicate or overlap while typing.


MLLM-Guided Image Editing (MGIE)

Emilia David:

Apple researchers released a new model that lets users describe in plain language what they want to change in a photo without ever touching photo editing software.

The MGIE model, which Apple worked on with the University of California, Santa Barbara, can crop, resize, flip, and add filters to images all through text prompts.

MGIE, which stands for MLLM-Guided Image Editing, can be applied to simple and more complex image editing tasks like modifying specific objects in a photo to make them a different shape or come off brighter. The model blends two different uses of multimodal language models. First, it learns how to interpret user prompts. Then it “imagines” what the edit would look like (asking for a bluer sky in a photo becomes bumping up the brightness on the sky portion of an image, for example).

Amber Neely:

MGIE is open-source and available on GitHub for anyone to try. The GitHub page allows users to snag the code, data, and pre-trained models.


How to Stop macOS Upgrade Notifications

Jeff Johnson:

Instead, you get harassed by frequent notifications imploring you to “Upgrade to macOS Sonoma”, notifications that won’t take no for an answer. They don’t even have no for an answer! And if you click the wrong thing, you’ll accidentally, silently install Sonoma.


The solution in this case is actually quite simple, one little Terminal command:

defaults write MajorOSUserNotificationDate -date "2025-02-07 23:22:47 +0000"


Update (2024-02-14): Howard Oakley:

Although a detailed analysis by Adam Engst on TidBITS laid the blame on what could only have been a serious bug in the upgrade notification, I’ve had reports from users who insist that they never saw or dismissed that.


For Macs with more than one user, that key-value pair must be set in each user’s ~/Library/Preferences/ to ensure the notification doesn’t occur.


If those forced upgrades had been initiated independently of that notification, as some accounts imply, then blocking its appearance wouldn’t have prevented the upgrade from occurring.

See also: Ric Ford.

Wednesday, February 7, 2024


Howard Oakley:

CGPDFService turns out to be quite a small background XPC process inside the CoreGraphics framework, located on the System volume (SSV) in the path /System/Library/Frameworks/CoreGraphics.framework/Versions/A/XPCServices/CGPDFService.xpc. The executable is around 313 KB, and is currently in version and build number 1, as it shipped with the first release of Sonoma.


CGPDFService processes reset their user defaults, then await XPC connections from mdworker and mdworker_shared processes. Once those have extracted data to be added to that volume’s Spotlight indexes, mds_stores compresses data passed to it by those mdworker processes.


One solution for dealing with one or a few PDF documents that always choke CGPDFService processes is to isolate them in a folder that is excluded using the Spotlight Privacy list.

Inside Code Signing: Certificates

TN3161 (via Quinn):

To condense this into plain English, this certificate says that “Apple certifies that this developer is associated with this public key, and the matching private key can be used to sign Mac code.” This is clearly a simplification—it doesn’t touch on the valid date range, serial number, or even how Apple identified the developer in the first place—but it’s a reasonable model to start out with.

Apple issues a variety of different code-signing certificate types. For a complete list, see Certificate types.


Certificates often form a chain of trust: the verifier uses the issuer information in a certificate to find the issuer’s certificate, then uses its issuer information to find the next certificate in the chain, and so on, until it hits an anchor, that is, a certificate it trusts as a matter of policy.


To sign code you need a certificate and the private key that matches the public key in that certificate. This combination is called a digital identity or, if it’s for signing code, a code-signing identity.


It’s easy to miss that your most critical code-signing asset, your private key, is tucked away in your login keychain. And if you do miss that, you might lose your private key, for example, when you migrate to a new Mac.


Bluesky Opens to the Public

Bluesky (Hacker News):

Bluesky is building an open social network where anyone can contribute, while still providing an easy-to-use experience for users. For the past year, we used invite codes to help us manage growth while we built features like moderation tooling, custom feeds, and more. Now, we’re ready for anyone to join.


To learn more about Bluesky and how to get started, read our user FAQ here.

And if deep dives are more your style, we worked with Martin Kleppman, author of Designing Data-Intensive Applications and technical advisor to Bluesky, to write a paper that goes into more detail [Hacker News] about the technical underpinnings of Bluesky.

Tim Hardwick:

The difference with Bluesky is that its servers use a decentralized Authenticated Transport (AT) Protocol that will allow users to opt-in to a microblogging experience that isn't run by the company, allowing them to create an account under a given domain name and then use their profile in rival apps that use the same network.

Another advantage of the AT protocol is that it can operate based more on a user's preferences than algorithmically driven content, with user-curated feeds that people can use to find other users or topics, with customizable moderation tools also available to them.

Nick Heer:

Bluesky’s interpretation of a text-based social network is compelling. It is familiar, fast, and feature-rich, without being overwhelming. I just wish there was a good Mac app.


Flickr and Facebook at 20


To celebrate this huge milestone, we’re taking a trip down memory lane to explore all of the technological and structural moments that have shaped Flickr into what it is now.

Mark Zuckerberg:

20 years ago I launched a thing. Along the way, lots of amazing people joined and we built some more awesome things. We’re still at it and the best is yet to come.

Tuesday, February 6, 2024

Swift Tricks

André Jorgensen:

Generic typealias can be used to simplify param types etc

typealias Parser<A> = (String) -> [(A, String)]


func parse<A>(stringToParse: String, parser: Parser)


Finding Elements of Specific Type in Swift

extension Array {
    func whereType<T>() -> [T] {
        compactMap { $0 as? T } // The function "compactMap(" in Swift is incredibly useful. It maps each element of an array to another optional type and returns the value if it exists (is not null).

I’ve been using a version of this where the type is passed as a parameter. With this version it’s determined using type inference from the call site.

He currently has 202 other tricks listed.

Wade Tregaskis:

for case let rep as NSBitmapImageRep in image.representations {
    … // `rep` is an NSBitmapImageRep.  Non-bitmap reps are skipped.

I sometimes forget that this is possible (and even more often exactly what the damn syntax is – kudos to vacawama in today’s case of this for reminding me with their StackOverflow answer). There are numerous other ways to write the above, but I think it is the most elegant.

I’ve been writing Swift for almost 10 years and still have to think to remember this syntax, as well as if case let. I know that case is for pattern matching, but it still looks weird to see it there, and this is the same reason it’s written using as without the question mark that normally accompanies downcasts that might fail. You might expect to be able to write:

for rep as? NSBitmapImageRep in image.representations {

but instead Swift gives us case let and a more general pattern matching feature. If you write this or get it correct except for the ?, the compiler’s error messages are unhelpful:

for rep as? NSBitmapImageRep in image.representations {
// Expected 'in' after for-each pattern

for case let rep as? NSBitmapImageRep in image.representations {
// Pattern variable binding cannot appear in an expression


Pkl Programming Language

Apple (via Hacker News):

We are delighted to announce the open source first release of Pkl (pronounced Pickle), a programming language for producing configuration.


We created Pkl because we think that configuration is best expressed as a blend between a static language and a general-purpose programming language. We want to take the best of both worlds; to provide a language that is declarative and simple to read and write, but enhanced with capabilities borrowed from general-purpose languages. When writing Pkl, you are able to use the language features you’d expect, like classes, functions, conditionals, and loops. You can build abstraction layers, and share code by creating packages and publishing them. Most importantly, you can use Pkl to meet many different types of configuration needs. It can be used to produce static configuration files in any format, or be embedded as a library into another application runtime.


When binding to a language, Pkl schema can be generated as classes/structs in the target language. For example, the Application.pkl example from above can be generated into Swift, Go, Java, and Kotlin.

Daniel Jalkut:

Who had “Apple will release a new language, implemented in Kotlin, with IDE integration for everything but Xcode” on their bingo card?


Vision Pro is cool and all, but have you ever spent time searching for that format error in your YAML file?

Joe Heck:

The choice of package/module configuration IN swift was a decision I wish had been revisited back prior to Swift3 - so many ongoing and upgrading complications from that alone.

Teatotaller Cafe v. Instagram

Annie Ropeik (2020):

The owner of the Teatotaller café in Somersworth is taking on Facebook at the New Hampshire Supreme Court.


Owner Emmett Soldati markets them all on Instagram, which is owned by Facebook. He says it was a blow to his business when, in 2018, Teatotaller’s Instagram account – with more than 2,000 followers – was shut down without warning.

“We had spent money advertising on their platform to do many things, including building a following, and we lost that following,” Soldati said in an interview at Teatotaller Sunday.

Facebook’s terms and conditions for Instagram limit users’ legal recourse, but say they can pursue a case in small claims court. Soldati did that, in Dover, arguing the platform was negligent in deleting his account and asking for it to be restored.

Margie Cullen (via Hacker News):

When Emmett Soldati first noticed the Instagram account for his small cafe Teatotaller was deleted, he had no idea the battle to get accountability from Facebook would take six years.

But Soldati, who represented himself in court, has finally won his small claim against the social media giant now known as Meta.

Duncan Shaw:

The parent company of Instagram was ordered to pay a judgment of $100 plus court costs and interest to the owner of the Teatotaller Café after his account was deleted.

It’s still not clear why the account was deleted in the first place.

Dan Luu:

Are there fundamental reasons that a company the size of FB can’t provide much better support than they do?

The most common explanation I’ve heard is that support is impossible due to cost, but I don’t find this plausible based the profit FB-sized companies make per user. If you just naively look at how many support people they could pay, it’s quite a lot, not including things like diverting money from the ~$50B that’s allegedly been spent on the metaverse.


I know of kafkaesque horror stories of bank and brokerage account loss, so it’s not like brokerages are perfect, but it’s rare enough that I don’t personally know anyone who’s had their personal account or funds temporarily lost, let alone permanently, whereas with FB, a large fraction of my non-tech friends have lost accounts.


My wife and most of her friends have all lost their Facebook accounts at least once. They all gave up getting them back. Many tears as most of them use it as their only photo backup for kid pictures.

At this point it's just routine for them to have their account taken over and lost periodically.


As someone who’s both permanently lost a [iTunes] previous account, losing thousands of $$$ in purchases, and who’s recently yet again temporarily lost access to purchased content—both of which were due to an issue with Apple’s services—I will never, EVER buy music, movies, or TV shows from Apple ever again.

Chris Wanstrath, GitHub co-founder (via Hacker News):

Banned from GitHub without any explanation. Guess I’m moving all my code to BitBucket.


Ruling in Vizio Lawsuit May Strengthen the GPL

Luis Villa (via Hacker News):

In October of 2021 the Software Freedom Conservancy (SFC) decided to launch what is believed to be the first significant open source lawsuit based in contract rather than in copyright. Critically, the SFC’s case argued that anyone who benefits from the General Public License (GPL), not just the authors of the software, should be able to bring a lawsuit to enforce the terms of the GPL.

This case was brought in Orange County, California against Vizio, a large TV manufacturer. Like most TVs these days, Vizio TVs include Linux and a lot of other open source software that is under the GPL. The GPL says that buyers of those TVs should be able to get copies of that source code, so SFC walked into a store in Orange County, bought a TV, and requested copies of the source code. Vizio did not comply with the request, and so SFC brought suit.


The short version is that, by asking for specific performance (a contract remedy) rather than financial penalties (a copyright remedy), and by claiming violations of rights granted by the contract (the license) rather than rights granted by copyright, the federal court found that this was a contract case and not a copyright case.)


Monday, February 5, 2024

T? and Optional<T> Are Not the Same in Swift

Nick Lockwood:

I once again got bitten by the fact that T? properties in a Swift struct become optional parameters in the synthesized initializer, making it easy to accidentally omit a property that you meant to set.

The workaround is either to use let instead of var, or to use Optional<T> instead of T?

Swift has lots of syntactic sugar, which usually makes writing it simpler and easier, but sometimes multiple bits of sugar interact or obscure what’s going on.

Jonathan Joelson:

The fact that something is nullable does not remotely imply that null is a sensible default.

Tom Dowdy and SimpleText

Mike Piontek:

I was looking at this [SimpleText document] icon for inspiration and now I’m wondering what the name of the newspaper is meant to be. pnop? 🤔 I like that the front page photo is a screenshot of a desktop.

John Calhoun (via Cabel Sasser):

Tom Dowdy was a software engineer at Apple back in 1995 when I was still writing Macintosh games in Lawrence, Kansas. One of Tom’s programming responsibilities was to maintain Apple’s SimpleText (aka TeachText) application (see document icon above) — a basic text editor that shipped with the Macintosh. He was also the tech-lead (engineering technical leader) for the graphics component of Apple’s newest graphics framework called Quickdraw GX.


But for all the stress and feeling like I was a fake among all these super-star programmers, Tom Dowdy always put me at ease. I’m not sure why. Anyone that knew him though would agree with me when I say that he was laid back and had a friendly demeanor.


It was the supposed “dark times” to be at Apple: whole teams would be suddenly let go (the rest of us that lingered still might go through the abandoned offices of once co-workers looking to pull RAM out of their hardware for our own development machines). Some engineers like Tom, could see the writing on the wall early enough and knew when to switch teams. Tom ended up moving to the QuickTime team where he was able to continue to use his graphics talents. Later he worked on the iTunes visualizer if I recall correctly.


SimpleText had been one of Tom’s responsibilities even before Steve Jobs had returned [and frowned on Easter eggs].

It turns out that the top of the newspaper icon has “Dowdy” written upside down and backwards.


Update (2024-02-07): See also: Hacker News.

The Origin of Comic Sans

Thomas Steeles (via Jason Kottke):

[Most] people know of the font. By that notion, Vincent Connare, the creator of Comic Sans, has exclaimed that “I made the best font in the world.” Whether you believe that or not, it doesn’t exclude the fact it was, at one point, the second most complained about thing on Twitter and has a whole website dedicated to its banishment.


It’s understandable to see why Connare chose comics as his main source of inspiration; there’s a clear parallel to make between the speech bubbles used in comics and the speech bubbles that Rover uses. Additionally, the accessible, child-friendly atmosphere that Microsoft Bob wanted to achieve could be seen in the design of comic books – with the less-rigid hand drawn sans serif type, and bright colours.

Connare, in around three days, created Comic Sans; however, the curvy, soft-edged font that we all know wasn’t the intended final form of the font. Comic Sans was meant for screen-use only, and due to the technical limitations in the mid 90s, Windows didn’t have anti-aliasing technology, which meant fonts were pixelated – as a result most fonts looked jagged and sharp. Knowing this, Connare specifically designed Comic Sans with aliasing in mind, so actually Comic Sans was only intended to be seen like what is shown in Figure 1.


Joe Rogan No Longer Exclusive to Spotify

Ashley Carman (2021, Hacker News):

Spotify hoped he would bring much of that audience along with him when he signed exclusively to the platform in 2020 in a reported $100 million deal, giving it the reach and power needed to take over the podcasting industry. Although Spotify hasn’t given specific numbers detailing Rogan’s listenership since he came on board, it has repeatedly boasted about his success. The company confirmed that he quickly became the platform’s biggest podcaster after jumping to Spotify.


However, a new data investigation by The Verge finds that the powerful podcaster’s influence has waned since he went behind Spotify’s wall. His show has declined as a hype vehicle for guests, and Rogan’s presence as a mainstay in the news has plummeted.

Ashley Carman (2022):

Spotify reportedly paid Joe Rogan at least $200 million to commit to podcasting on the platform exclusively for three and a half years, according to a New York Times report.

Ariel Shapiro (Hacker News):

Joe Rogan, podcasting’s biggest star, has renewed his deal with Spotify. The new multiyear deal will allow his show, which is currently exclusive to the streamer, to be distributed to YouTube, Apple, and other podcasting platforms.

Financial terms of the deal were not disclosed by Spotify, but The Wall Street Journal reports that the deal is estimated to be worth $250 million, including revenue share.


Even while being exclusive to Spotify, Rogan managed to have the No. 1 podcast in the world. With the new arrangement, during an election year, no less, it seems likely his listenership will only grow. Once his show gets wide distribution, Spotify will no longer have any podcasts exclusive to the platform.

There are a bunch of unknowns with this. Spotify says the $250M figure is incorrect. And we don’t know the number of years. Is Spotify getting some of the YouTube revenue? Do they control the distribution on other platforms? Regardless, it makes sense that Rogan would want wider distribution—apparently a traditional podcast with RSS again. Spotify’s strategy is not totally clear but certainly seems to have shifted.

Podnews (via Hacker News):

Spotify tells Podnews that The Joe Rogan Experience podcast saw a 45% increase in revenue in 2023; and since the podcast went exclusive to Spotify, overall podcast consumption on the platform has increased by 232%.


Spotify does still have exclusives. The Riddler: Secrets in the Dark is described as a “Spotify Audio Series”, and is not available outside of the Spotify platform. It’s part of Spotify’s multi-year agreement with DC and Warner Bros. We did note at the time that the press release studiously avoided using the word “podcast”.


Update (2024-02-07): Dare Obasanjo:

Spotify: 602 million users of which 236 million are paying subscribers and it lost €75M last quarter.

Friday, February 2, 2024

Launch Day Apple Vision Pro Apps

Apple (Slashdot):

More than 600 apps and games designed to take advantage of the unique and powerful capabilities of Apple Vision Pro will be available this Friday, February 2.


Apps built specifically for visionOS, like Box, make it easy to collaborate and securely manage files and content, including 3D objects, while the MindNode app helps users brainstorm with thought bubbles that float around a user’s space. OmniFocus [4.1, still in development] and OmniPlan use beautiful data and project management visualization in large windows to view a complete project plan. Microsoft 365 productivity apps, Fantastical, and Numerics make full use of the infinite canvas and sharp text rendering of Apple Vision Pro to make daily tasks effortless. JigSpace combines 3D content, audio, video, and text in interactive, step-by-step spatial presentations, and Navi translates conversations in real time, creating live captions so users can see exactly what people around them are saying.

John Gruber:

For all the (justifiable!) attention paid to Netflix and YouTube’s decisions to completely eschew the platform at launch, the truth is there are a lot of native VisionOS apps at launch, and zillions of compatible iPad apps.


Apple has no built-in Calculator app in VisionOS, and the built-in Calendar app is the iPad app in compatibility mode, making PCalc and Fantastical the only native apps of their respective kinds in the App Store at launch.)

Gabriel Valdez Malpartida:

On February 2, Microsoft Teams, Word, Excel, PowerPoint, Outlook, OneNote, and Loop will be available on the App Store in Apple Vision Pro.

Ainsley Bourque Olson:

As previously shared, we’re pleased to have released OmniPlan for Apple Vision Pro!


OmniPlan 4 sports features to track and forecast costs, set up projects and manage complex scheduling, collaborate with a team, and view your project as an interactive Gantt chart or Network Diagram across an entire display – or in this case the infinite display of Apple Vision Pro.


Fantastical for Apple Vision Pro is a full-featured version of the app, just like on all your devices. Everything’s here, from calendar sets and conference calls, to Openings and Proposals, and fully enabled for the boundless canvas that is spatial computing. We also decided to take advantage of that canvas with a new feature: multiple windows.

Christian Selig (Hacker News, MacRumors):

Then I remembered for years my old app, Apollo, played back YouTube videos submitted to Reddit pretty well, and I developed a pretty good understanding of how YouTube worked. That sparked the idea to reuse some of Apollo’s code there and build a little YouTube client of my own for visionOS, and after a mad week of coding “Juno for YouTube” is born.


Lastly, they have an embed API that’s pretty powerful, and is what I used in Apollo and now Juno. There’s no API keys, or limits to how many times a day you can call it, as it literally just loads the video in a webview, and provides JavaScript methods to interact with the video, such as pause, play, speed up, etc. It’s really nice, you can play YouTube videos back, and YouTube still gets to show ads (if the user doesn’t have YouTube Premium) and whatnot so no one is grumpy.

Cultured Code (MacRumors):

We’ve adapted and refined every corner of Things to make full use of Vision Pro and to fit in beautifully with your environment. A sidebar made of glass, menus and popovers that float above your lists, resizable windows, controls that light up to acknowledge your gaze, refined interactions, and more. A native app for the new platform, through and through.


Google Removes Cache Link From Search Results

Barry Schwartz (via Hacker News):

Now when you click the three dots for more information for a search result snippet, the cache button is missing.


So how do you access the cache? Just Google

You can also set up a bookmarklet:


Jon Porter:

Danny Sullivan has confirmed. “It was meant for helping people access pages when way back, you often couldn’t depend on a page loading,” Sullivan wrote on X. “These days, things have greatly improved. So, it was decided to retire it.”

The cache feature historically let you view a webpage as Google sees it, which is useful for a variety of different reasons beyond just being able to see a page that’s struggling to load. SEO professionals could use it to debug their sites or even keep tabs on competitors, and it can also be an enormously helpful news gathering tool, giving reporters the ability to see exactly what information a company has added (or removed) from a website, and a way to see details that people or companies might be trying to scrub from the web. Or, if a site is blocked in your region, Google’s cache can work as a great alternative to a VPN.

Tapestry Kickstarter

The Iconfactory:

With Project Tapestry, we’ll create a universal, chronological timeline for iOS for any data that’s publicly available on the Internet. A service-independent overview of your social media and information landscape. Point the app toward your services and feeds, then scroll through everything all in one place to keep up-to-date and to see where you want to dive deeper. When you find something that you want to engage with or reply to, Tapestry will let you automatically open that post in the app of your choice and reply to it there. Tapestry isn’t meant to replace your favorite Mastodon app or RSS reader, but rather to complement them and help you figure out where you want to focus your attention.

Tapestry’s universal timeline will be built around data source plug-ins. These are small bits of JavaScript code that translate between the native iOS app and the rest of the web.

One of the things I’ve learned from the Twitter debacle is that I don’t like scrolling through timelines, especially on my iPhone. I prefer a multi-pane, keyboard-controllable interface like with NetNewsWire or Vienna. I wish I could get everything except e-mail in there. Previous versions of NetNewsWire actually had a feature kind of like this where you could create a feed from a script.

Tapestry isn’t meant to replace your favorite Mastodon app or RSS reader, but rather to complement them and help you figure out where you want to focus your attention.

I’m not sure I want to add another app, but I love that they’re working in this space of combining multiple services into a single app.


Update (2024-02-06): Niléane:

With The Iconfactory launching Project Tapestry this week, I was reminded of an indie app that I first started testing a few months ago. feeeed – that’s with four ‘e’s – by Nate Parrott is a feed reader app unlike any other I’ve seen on iOS.


You can of course subscribe to any RSS feeds — the app lets you import an OPML file from other RSS reader apps — but you can also subscribe to a wide variety of different sources, including but not limited to: newsletters via Gmail, subreddits, YouTube channels, Twitter and Mastodon profiles, Hacker News, Tumblr blogs, TikTok accounts, and more.

A special mention goes to my absolute favorite custom integration in feeeed, which is the ability to select a part of a website to show up in your feed. You can select any area on any webpage, and that area will regularly show up in the Home tab of the app.

Kind of like the old Dashboard feature.

Craig Hockenberry:

This post will explain the technology behind Project Tapestry and how we tested it as a prototype.


There is a GitHub repository with full documentation of the JavaScript API and sample plug-ins. We think you’ll find that it’s a robust and extensible system, just like the web itself.

Apple’s Q1 2024 Results

Apple (transcript, Hacker News, MacRumors):

The Company posted quarterly revenue of $119.6 billion, up 2 percent year over year, and quarterly earnings per diluted share of $2.18, up 16 percent year over year.

“Today Apple is reporting revenue growth for the December quarter fueled by iPhone sales, and an all-time revenue record in Services,” said Tim Cook, Apple’s CEO. “We are pleased to announce that our installed base of active devices has now surpassed 2.2 billion, reaching an all-time high across all products and geographic segments.

Jason Snell:

Overall, it was the company’s second best quarter ever in terms of revenue and profit, behind only the first quarter of fiscal 2022. Mac sales ended a string of down quarters to nudge up slightly; iPhone sales were also up. iPad sales were down double digits, as were wearables. Services growth slowed somewhat, but was still up double digits.

Jason Snell:

Not a product announcement, not even a feature announcement—but a tangible promise that Apple’s going to announce some big AI features later this year.


The iPhone, which accounted for nearly 60 percent of Apple’s overall revenue in the launch quarter of the iPhone 15, managed to show a little growth, improving 6% versus the year-ago quarter.


When you stare at the overall Mac revenue chart, though, things look pretty solid. Yes, the Mac went through a couple of years of huge growth, but it seems to be coming back to a new, higher floor of around $7 or $8 billion per quarter. Apple reported that the overall number of active Macs reached another all-time high.


The problem is that the iPad is usually a seasonal product that does well in the holiday quarter, and this year’s holiday quarter was 25 percent lower. Ouch. On the other hand, Apple sold $7 billion worth of iPads, none of which were released in 2023.


Thursday, February 1, 2024

Amazon Charging for IPv4 Addresses


As you may know, IPv4 addresses are an increasingly scarce resource and the cost to acquire a single public IPv4 address has risen more than 300% over the past 5 years. This change reflects our own costs and is also intended to encourage you to be a bit more frugal with your use of public IPv4 addresses and to think about accelerating your adoption of IPv6 as a modernization and conservation measure.

Andree Toonk (via Hacker News):

Effective February 1, 2024, there will be a charge of $0.005 per IP per hour for all public IPv4 addresses, whether attached to a service or not. That’s a total of $43.80 per year, a pretty hefty number!


Crunching all that data, we can determine that Amazon has at least 131,932,752 IPv4 addresses.


Given this data, I believe it’s fair to say that AWS will likely make anywhere between $400 Million and $1 Billion dollars a year with this new IPv4 charge!


What’s really offensive about this is that AWS does not have good enough IPv6 support for most customers to migrate off of IPv4, even if they want to.


The End of Adobe XD?

Brody Ford (via Hacker News):

Adobe Inc. will end its effort to create a web design product to rival Figma Inc. after the collapse of its proposed $20 billion acquisition of the startup.

When it agreed to buy Figma, which helps users design app and website interfaces, Adobe put its competing program XD in “maintenance mode,” ceasing to launch new features or sell it individually. The deal to purchase Figma fell apart under regulatory pressure in December and the creative software giant hadn’t announced whether it would resurrect XD or attempt to build another competitor.


How to Mount HFS Classic Drives

Matthew Hughes (via Colin Cornaby):

Drives using the antiquated vintage HFS file system appear in Disk Utility, but you cannot mount them. Attempting to do so will produce the following error code: “ error 49153“.

Fortunately, there’s a relatively straightforward workaround — provided you’re confident enough with the Terminal. This requires you to install the HomeBrew package manager. Instructions can be found here.

Once you’ve done that, you’ll need to download the hfsutils application.

The files cannot be directly accessed in Finder, but there are shell tools to list folders and copy files.

How to Choose and Customize a Mechanical Keyboard

Henri Robbins (Hacker News):

Linear switches have straight “legs” on the sliders that allow for a smooth and consistent key press. Because of this, they have no bump and will be faster to type on, but they won’t have a physical indicator to tell you when the key has been pressed.

Tactile switches have small bumps on their legs that create an increase in resistance right before the switch is actuated, resulting in a “tactile bump.” While this can make typing more precise, it also means your typing experience may be less smooth, and rapid inputs will have more delay between them, since you’ll have to completely remove your finger from the key.

Clicky switches are not as common as linear or tactile switches. They use a multipiece mechanism to create tactility instead of a bump, such as a click jacket, click bar, or click leaf; these switches are characterized by a strong bump and a distinct “click” sound when typing. Functionally, clickies have the same benefits and downsides of a tactile switch, to a slightly stronger degree.

MX-style switches, which have a cross-shaped stem and two metal pins on the bottom, were originally patented by Cherry, and the patent has since expired, leading to multiple different manufacturers making their variations of these switches.


Typically, wired keyboards will be compatible with both MacOS and Windows, and any programmable keyboards using QMK, VIA, or VIAL can be reprogrammed to work with either operating system.

I recently tried the NuPhy Air75 V2 (Amazon) with Gateron Cowberry switches. These are low-profile but still have a lot more travel, noise, clickiness than Apple’s current keyboards. (I can no longer read the official description of them because it appears they’re no longer available. Link fixed.) Though I like the feel of the keyboard, I unfortunately cannot recommend it because of a variety of problems. The F# keys only work as media keys, no matter how you configure System Settings. NuPhy support confirmed that macOS cannot use them for custom keyboard shortcuts. The fn key doesn’t work for standalone taps (e.g. to enable dictation) or combined with another key (e.g. the built-in fn-E shortcut for opening the emoji picker). There is no firmware updater for Mac. I also found that the keyboard made my Magic Mouse less smooth and sometimes disconnect from Bluetooth.