Archive for February 7, 2024

Wednesday, February 7, 2024


Howard Oakley:

CGPDFService turns out to be quite a small background XPC process inside the CoreGraphics framework, located on the System volume (SSV) in the path /System/Library/Frameworks/CoreGraphics.framework/Versions/A/XPCServices/CGPDFService.xpc. The executable is around 313 KB, and is currently in version and build number 1, as it shipped with the first release of Sonoma.


CGPDFService processes reset their user defaults, then await XPC connections from mdworker and mdworker_shared processes. Once those have extracted data to be added to that volume’s Spotlight indexes, mds_stores compresses data passed to it by those mdworker processes.


One solution for dealing with one or a few PDF documents that always choke CGPDFService processes is to isolate them in a folder that is excluded using the Spotlight Privacy list.

Inside Code Signing: Certificates

TN3161 (via Quinn):

To condense this into plain English, this certificate says that “Apple certifies that this developer is associated with this public key, and the matching private key can be used to sign Mac code.” This is clearly a simplification—it doesn’t touch on the valid date range, serial number, or even how Apple identified the developer in the first place—but it’s a reasonable model to start out with.

Apple issues a variety of different code-signing certificate types. For a complete list, see Certificate types.


Certificates often form a chain of trust: the verifier uses the issuer information in a certificate to find the issuer’s certificate, then uses its issuer information to find the next certificate in the chain, and so on, until it hits an anchor, that is, a certificate it trusts as a matter of policy.


To sign code you need a certificate and the private key that matches the public key in that certificate. This combination is called a digital identity or, if it’s for signing code, a code-signing identity.


It’s easy to miss that your most critical code-signing asset, your private key, is tucked away in your login keychain. And if you do miss that, you might lose your private key, for example, when you migrate to a new Mac.


Bluesky Opens to the Public

Bluesky (Hacker News):

Bluesky is building an open social network where anyone can contribute, while still providing an easy-to-use experience for users. For the past year, we used invite codes to help us manage growth while we built features like moderation tooling, custom feeds, and more. Now, we’re ready for anyone to join.


To learn more about Bluesky and how to get started, read our user FAQ here.

And if deep dives are more your style, we worked with Martin Kleppman, author of Designing Data-Intensive Applications and technical advisor to Bluesky, to write a paper that goes into more detail [Hacker News] about the technical underpinnings of Bluesky.

Tim Hardwick:

The difference with Bluesky is that its servers use a decentralized Authenticated Transport (AT) Protocol that will allow users to opt-in to a microblogging experience that isn't run by the company, allowing them to create an account under a given domain name and then use their profile in rival apps that use the same network.

Another advantage of the AT protocol is that it can operate based more on a user's preferences than algorithmically driven content, with user-curated feeds that people can use to find other users or topics, with customizable moderation tools also available to them.

Nick Heer:

Bluesky’s interpretation of a text-based social network is compelling. It is familiar, fast, and feature-rich, without being overwhelming. I just wish there was a good Mac app.


Flickr and Facebook at 20


To celebrate this huge milestone, we’re taking a trip down memory lane to explore all of the technological and structural moments that have shaped Flickr into what it is now.

Mark Zuckerberg:

20 years ago I launched a thing. Along the way, lots of amazing people joined and we built some more awesome things. We’re still at it and the best is yet to come.