Archive for April 2024

Friday, April 19, 2024

Apple Removes Messaging Apps From Chinese App Store

MacRumors (CNN, Hacker News):

Apple on late Thursday into Friday removed the popular messaging and social media apps WhatsApp, Telegram, Signal, and Threads from its App Store in China at the request of the Chinese government, The Wall Street Journal reported.


In a statement shared with several media outlets, Apple said China’s national internet regulator ordered the removal of the apps from the App Store in the country due to unspecified “national security concerns.” Apple said it is “obligated to follow the laws in the countries where we operate, even when we disagree.”

However, it’s Apple’s choice to make distribution through the App Store a single point of failure.


VLC vs. the App Stores

VideoLAN (via Hacker News):

App Stores were a mistake.

Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users…

For now, iOS App Store still allows us to ship for iOS9, but until when?


If you do wonder why we don’t update VLC on the Windows Store or why VLC/iOS can’t connect properly to OneDrive shares, it’s because Microsoft Kafkaïesque bureaucracy refuses to help us.

We’re only trying to contact someone since 2years…

VideoLAN (Anisse, Hacker News):

If you wonder why we can’t update the VLC on Android version, it’s because Google refuses to let us update:

  • either we give them our private signing keys,
  • or we drop support for Android TV before API-30, and all our users on TV API<30 can’t get fixes.


VLC cannot even enter the Mac App Store, because of the restrictions…

Look at all those platforms competing to benefit users.

Florian Mueller:

This here is a European app store for Android and Google’s YouTube has just killed their channel. It’s obviously a problem if you depend on the incumbent’s platforms all the way.


Color Kobo E-readers

Sheena Vasani (Hacker News):

Rakuten Kobo is launching its first color e-readers, the Kobo Libra Colour and the Kobo Clara Colour. Both use E Ink’s latest Kaledio color screen technology, which has subtle, pastel-like hues and drops from a 300ppi grayscale resolution to 150ppi when you view content in color.


The seven-inch Kobo Libra 2 is my favorite e-reader outside of Amazon’s ecosystem, offering the Kindle Paperwhite’s IPX8 waterproof design but with extras like physical page-turning buttons, no lockscreen ads, and more storage.

The $219.99 Kobo Libra Colour retains all of those features but is also now compatible with the Kobo Stylus 2, just like the Kobo Elipsa 2E.


E Ink’s color “Kaleido” screen technology has been around for several years, but it’s gone through three generations now and devices that use the latest Kaleido 3 screens just started coming out last year.


Color E Ink supports 4096 colors, which might sound like a lot but it’s actually far lower than a typical LCD screen. Colors tend to look softer and more subdued with E Ink, and color accuracy isn’t great, especially with certain colors, and it has more of a printed newspaper look.


The main drawback with color E Ink screens is they look darker than regular B&W screens because of a color filter layer that is applied over the top of the screen, which makes the contrast appear lower. Kaleido color screens are really just regular black and white E Ink Carta screens with a fancy passive filter over the top (that’s why color resolution is lower than black and white resolution).


Afterimage effects are more noticeable on color E Ink screens, where you can see a faint impression of the previous page. Color content may require more full page refreshes and flashes to look clear.


Optimizing WebKit & Safari for Speedometer 3.0

Alan Baradlay et al.:

We made our fast JSON stringifier work for unicode characters. We also analyzed profile data carefully and made JSON.parse faster than ever.


We took the release of the new Speedometer 3.0 benchmark as an opportunity to adjust inlining heuristics based on data collected in modern Apple silicon Macs with the latest JavaScriptCore.


Prior to the opportunistic task scheduler, incremental sweeping in JavaScriptCore was automatically triggered by a periodically scheduled 100 ms timer. This had the effect of occasionally triggering incremental sweeping during asynchronous timing intervals, but also wasn’t aggressive enough to prevent on-demand sweeping in the middle of script execution. Now that JavaScriptCore is knowledgable about when to opportunistically schedule tasks, it can instead perform the majority of incremental sweeping in between rendering updates while there aren’t imminently scheduled timers. The process of sweeping is also granular to each marked block, which allows us to halt opportunistic sweeping early if we’re about to exceed the deadline for the next estimated rendering update.


Previously, we required a synchronous IPC call from the Web Process to the GPU process to determine which of the existing buffers had been released by CoreAnimation and was suitable to use for the next frame. We optimized this by having the GPUP just select (or allocate) an appropriate buffer, and direct all incoming drawing commands to the right destination without requiring any response. We also changed the delivery of any newly allocated IOSurface handles to go via a background helper thread, rather than blocking the Web Process’s main thread.


With all these optimizations and dozens more, we were able to improve the overall Speedometer 3.0 score by ~60% between Safari 17.0 and Safari 17.4.


Thursday, April 18, 2024

Daniel C. Lynch, RIP

Katie Hafner (via Hacker News):

In 1986, Mr. Lynch decided to hold a workshop to train vendors and developers to configure equipment for routing traffic through the internet. The point was to make different manufacturers’ equipment work together and demonstrate the uses the internet could have for businesses. The first event, attended by 300 vendors, was run largely by volunteers, who snaked cable through the room and programmed specialized computers called routers, which were just becoming commercially available, to communicate with one another.

“His brainstorm was that you couldn’t be there unless you were willing to interconnect with everyone else,” said Vinton G. Cerf, a vice president and chief internet evangelist at Google. Mr. Lynch required the attendees to adhere to TCP/IP, a language spoken by computers connected to the internet that was quickly becoming the industry standard.

Mr. Lynch started calling his event Interop in the late 1980s. Within a decade, it had become one of the world’s largest computer exhibitions, helping to create a global community of specialists capable of supporting a networking standard that made it possible for all the world’s computers to share data. One computer industry analyst called it “the plumbing exhibition for the information age.”

See also: Internet Hall of Fame and A Brief History of the Internet.

Legibility and San Francisco

Niko Kitsakis (tweet):

Why is San Francisco not the best typeface for a user interface? After all, Apple has gone through quite some trouble designing it in-house. Do a search on the matter and you will find articles and videos for deve lo pers, where the people from Apple explain their thinking. They talk about optical sizes, different use-cases, space efficiency, expressiveness and so forth. It all sounds very professional.


Apple’s San Francisco falls into the same category as the Japanese sword: It might, from a technical standpoint, be a very well designed typeface, but it’s the wrong kind of typeface to begin with. Apple’s typeface lacks two things that any typeface (to a different extend) needs: Personality and purpose.


If you compare San Francisco (or SF Pro as Apple also calls it) to FF Unit, you’ll see that the numeral “1” and the shapes of the first three letters of the word “Iliad” are much more distinct from one another in FF Unit than the same characters (or glyphs) are in in SF Pro. This was done on purpose, of course: Typefaces like FF Unit were de signed with legibility in mind, and one of the things a type designer does in that case, is ensuring that visually similar letters have shapes that make them more distinct from one another.


Why Has Figma Reinvented the Wheel with PostgreSQL?

Sammy Steele:

The data revealed that some of our tables, containing several terabytes and billions of rows, were becoming too large for a single database. At this size, we began to see reliability impact during Postgres vacuums, which are essential background operations that keep Postgres from running out of transaction IDs and breaking down. Our highest write tables were growing so quickly that we would soon exceed the maximum IO operations per second (IOPS) supported by Amazon’s Relational Database Service (RDS). Vertical partitioning couldn’t save us here because the smallest unit of partitioning is a single table. To keep our databases from toppling, we needed a bigger lever.


Horizontal sharding was an order of magnitude more complex than our previous scaling efforts. When a table is split across multiple physical databases, we lose many of the reliability and consistency properties that we take for granted in ACID SQL databases.


We built a DBProxy service that intercepts SQL queries generated by our application layer, and dynamically routes queries to various Postgres databases. DBProxy includes a query engine capable of parsing and executing complex horizontally sharded queries. DBProxy also allowed us to implement features like dynamic load-shedding and request hedging.


We avoided having to implement “filtered logical replication” (where only a subset of data is copied to each shard). Instead, we copied over the entire dataset and then only allowed reads/writes to the subset of data belonging to a given shard.

Denis Magda (via Hacker News):

Figma doesn’t use the open-source distribution of PostgreSQL. Instead, they utilize PostgreSQL as a service by subscribing to Amazon RDS. There’s an interesting, often overlooked fact about PostgreSQL managed services provided by large cloud providers and smaller vendors. While these services usually offer all the core PostgreSQL capabilities, the list of supported extensions is at the mercy of the service provider.

Now, we have CitusData, a mature PostgreSQL extension for sharding, and we know that Figma uses RDS, a fully-managed PostgreSQL service by Amazon. However, if you check the list of PostgreSQL extensions supported by RDS, CitusData isn’t included[…]

So, now, let me speculate. The real reason why Figma reinvented the wheel by creating their own custom solution for sharding might be as straightforward as this — Figma wanted to stay on RDS, and since Amazon had decided not to support the CitusData extension in the past, the Figma team had no choice but to develop their own sharding solution from scratch.

Cryptocurrency Apple Antitrust Lawsuit

Juli Clover:

A lawsuit targeting Apple’s refusal to allow apps to support cryptocurrency transactions was today tossed out by a San Francisco judge, reports Reuters. The lawsuit, which was filed by Venmo and Cash App customers, claimed that Apple drove up the fees charged by Venmo and Cash App by not letting payment apps facilitate cryptocurrency transactions.

The plaintiffs alleged that Apple curbed competition in the mobile peer-to-peer payment market with its App Store guidelines. No option for cryptocurrency has supposedly caused Venmo and Cash App to raise prices for transactions and services due to “no competitive check.” A payment app that is based on decentralized cryptocurrency technology would let iPhone users “send payments to each other without any intermediary at all.”


Wednesday, April 17, 2024

It’s Time for a New AirPort

Joe Rosensteel (Mastodon):

Jason didn’t get that speed boost from an Apple-made wireless router, because Apple got out of making those long ago. He didn’t get that speed from a wireless router currently for sale at the Apple Store because the only two options are the Linksys Velop AX4200 WiFi 6 Mesh System, and AmpliFi Alien Router (with optional mesh extenders). Linksys does make a version of their Velop mesh network with 6E, but it’s not for sale through Apple.

Jason used an Eero 6E router, and wasted half a day trying to change his network topology to allow for it so he could see that speed difference.


Designing networking solutions in every device to work around the one component Apple doesn’t want to make is a lot of effort. The R&D can’t cost more than a self-driving, bread-loaf saloon, and the benefits of an Apple wireless router will lift all of Apple’s products. It’s time to head back to the AirPort.

Matt Birchler:

Apple doesn’t need to be in every market, but I do agree with Joe’s point that basically everything Apple makes relies on good wireless networks to deliver the best experience, and it makes sense for Apple to get back in the game.


macOS 14 Sonoma vs. exFAT

Mike Wuerthele and Malcolm Owen (via Ric Ford):

An issue preventing some external drives from mounting onto a Mac running macOS Sonoma has plagued users for months, and it probably was caused by changes Apple made to drive handling.


Unlike the Windows-preferred NTFS or Apple’s APFS, exFAT can be read from and written to by both Macs and Windows PCs without requiring any extra software assistance. In a multi-platform environment, it’s almost always the best formatting option for external drives.


Shortly after the introduction of macOS Sonoma, complaints started to surface on Apple’s Community Support forum. The complaints featured irate users discovering that their external disks were not reliably being mounted in macOS at all.

It seems like the last few releases of macOS have trouble with mounting external drives in general, even APFS ones. But there may also be an exFAT-specific issue here.

macOS Sonoma 14 Release Notes:

The implementations of the exfat and msdos file systems on macOS have changed; these file systems are now provided by services running in user-space instead of by kernel extensions.



Google (via Hacker News):

To improve on this, we are introducing Jpegli, an advanced JPEG coding library that maintains high backward compatibility while offering enhanced capabilities and a 35% compression ratio improvement at high quality compression settings.


When images are compressed or decompressed through Jpegli, more precise and psychovisually effective computations are performed and images will look clearer and have fewer observable artifacts.


While improving on image quality/compression density ratio, Jpegli’s coding speed is comparable to traditional approaches, such as libjpeg-turbo and MozJPEG.


Jpegli can be encoded with 10+ bits per component. Traditional JPEG coding solutions offer only 8 bit per component dynamics causing visible banding artifacts in slow gradients. Jpegli’s 10+ bits coding happens in the original 8-bit formalism and the resulting images are fully interoperable with 8-bit viewers. 10+ bit dynamics are available as an API extension and application code changes are needed to benefit from it.


Rediscovering CardDAV

Jan-Piet Men (2020, via Hacker News):

I can no longer sync iOS’ Contacts with my macOS Catalina’s Finder (the iOS sync portion of iTunes is now built into the Finder in macOS Catalina); the OS insists I’ve iCloud configured for Contacts which I do not.


I was spilling my sorrows on Christoph who simply said he avoids all those issues by using CardDAV. I slapped my forehead: I’ve been using CalDAV for years, for synchronizing two calendars across devices: my own calendar across two Macs, an iPad, and an iPhone, and the family calendar across the family’s devices. How could I have forgotten about CardDAV?


I then created a Baïkal address book for myself, set up macOS and an iPhone to use that, and created a pseudo person’s entry on the Mac and another on iOS, and experimented a bit with how long it takes either side to sync, etc. As soon as I was satisfied I copy/pasted all contacts from macOS’ internal address book to its CardDAV store.


CardDAVMATE is an Open Source CardDAV web client which is nice to use for editing some of the more esoteric (read: not available in the GUIs) vCard attributes, in particular those for spouse and the social profiles.


Tuesday, April 16, 2024

Twitter’s Pivot to Is a Gift to Phishers

Brian Krebs (Hacker News):

On April 9, Twitter/X began automatically modifying links that mention “” to read “” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as in tweets.


The apparent oversight by Twitter/X was cause for amusement and amazement from many former users who have migrated to other social media platforms since the new CEO took over. Matthew Garrett, a lecturer at U.C. Berkeley’s School of Information, summed up the Schadenfreude thusly:

“Twitter just doing a ‘redirect links in tweets that go to to instead but accidentally do so for all domains that end like eg going to’ is not absolutely the funniest thing I could imagine but it’s high up there.”

I still go to, which serves links to rather than And if I go to it redirects me to


The Apple curl Security Incident

Daniel Stenberg (Hacker News, Slashdot):

The friendly reporter showed how the curl version bundled with macOS behaves differently than curl binaries built entirely from open source. Even when running the same curl version on the same macOS machine.

The curl command line option --cacert provides a way for the user to say to curl that this is the exact set of CA certificates to trust when doing the following transfer. If the TLS server cannot provide a certificate that can be verified with that set of certificates, it should fail and return error.


When this command line option is used with curl on macOS, the version shipped by Apple, it seems to fall back and checks the system CA store in case the provided set of CA certs fail the verification. A secondary check that was not asked for, is not documented and plain frankly comes completely by surprise.


This is a security problem because now suddenly certificate checks pass that should not pass.

Yet another case where Apple’s security team doesn’t agree about what constitutes a security issue.


The Race to Replace Redis

Steven Vaughan-Nichols (via Hacker News):

For those of you who aren’t open-source licensing experts, this means developers can no longer use Redis’ code. Sure, they can look at it, but they can’t export, borrow from, or touch it.

Redis pulled this same kind of trick in 2018 with some of its subsidiary code. Now it’s done so with the company’s crown jewels.

Redis is far from the only company to make such a move. Last year, HashiCorp dumped its main program Terraform’s Mozilla Public License (MPL) for the Business Source License (BSL) 1.1. Here, the name of the new license game is to prevent anyone from competing with Terraform.

Joe Brockmeier (via Hacker News):

So it should be apparent that code contribution is beside the point. Redis is a venture-backed company that has taken more than $350 million in funding over many rounds since 2011. The company, and its investors, seem to have calculated that they can safely move away from open source to try to capture more revenue.

They have some reason to believe this is the case, if MongoDB’s results are any guide. The company went public in 2017 and moved to the SSPL a little more than a year later. Shortly afterward, major Linux distributions stopped packaging the database because it no longer met their licensing standards. But, by that time, the company had set its sights on a platform model that would encourage developers (and their employers) to use and pay for MongoDB and ancillary offerings with the as-a-service model. Distributing a source-available version of MongoDB could be seen as a loss-leader strategy to reach developers that the company wagered did not care about open-source.


Having to find a replacement to ship in place of Redis is not the only problem for community distributions. Jacob Michalskie called out several services in use by the openSUSE project that will need a Redis replacement, including the Pagure code-hosting software (created and used by Fedora as well) used for, and the Discourse forum software.


It is, of course, too soon to predict whether one or more of the forks will gain significant traction—but it seems likely that Valkey will be a credible alternative. The possibility of a swift fork with widespread community and industry backing should give pause to vendors who expect a smooth path after abandoning open source.


Mojo Is Open Source

Modular (Hacker News):

We firmly believe for Mojo to reach its full potential, it must be open source. We have been progressively open-sourcing more of Mojo and parts of the MAX platform, and today we’re thrilled to announce the release of the core modules from the Mojo standard library under the Apache 2 license!


Beyond just providing source code, we are also opening up revision history for the standard library, releasing nightly builds of the Mojo compiler, providing public CI, and allowing external contributions through GitHub pull requests. This is expensive and non-trivial to set up, but in our experience, it's critically important to allow the community to scale.


Monday, April 15, 2024

The Demise of Email Forwarding Is Getting Closer


A bunch of universities have just sent out notices that email forwarding is going to increasingly break in the very near future. The big email services, gmail, yahoo, outlook and apple, are going to start tightening the thumbscrews (strict SPF, DMARK and DKIM, but also other stuff) on April 1 (bad timing, that).

I’d vaguely seen that gmail was planning to block much more bulk mail to individuals, but hadn’t really thought about the consequences to normal email forwarding.


It’s a good time to audit your email situation, especially if you currently forward mail to large provider controlled domains, or if you have any chains of forwards set up that you’ve forgotten about.

This has been breaking for a long time. I get lots of bounces because people have set iCloud Mail to forward to an address that rejects the message based on the headers (which iCloud didn’t rewrite).


NSTableView With SwiftUI

Edvinas Byla (via Dave Verwer):

The [LazyVGrid] user experience isn’t great, but it’s still probably okayish for a version 1.0.0 release. The performance issues are less noticeable with fewer items unless you’re used to high-quality apps. But then there was this one thing that bugged me: the behavior of the context menu.

On macOS, right-clicking an item usually selects it and shows the context menu. SwiftUI’s .contextMenu shows the menu but doesn’t select or give you any callback for selecting the item. This can be confusing because you don’t know if you’re seeing the menu for the right item.

You’re supposed to be able to use the contextual menu to interact with a list item without changing the selection.

Damn, did [NSTableView] feel buttery.


But the main reason for this overhaul wasn’t just the scroll performance. It was also fixing that annoying context menu issue.


On top of all this, I managed to get rid of some extra code for keyboard navigation, clean up the layout mess, and now I can easily adjust and rearrange columns.


The remaining part of this post will go over some challenges and gotchas of replacing LazyVGrid with NSTableView while still reusing SwiftUI views.

Lots of good stuff there about using SwiftUI views inside the column headers and table cells.

I don’t want the takeaway to be that SwiftUI is slow and AppKit is fast, or that SwiftUI on macOS isn’t ready for serious apps. In reality, the very complex template editor for this app is almost entirely written in SwiftUI, which handles it impressively well.

Helge Heß:

SwiftUI is part of the future, it is not “the” future. It is still unclear how sth basic like a text editor can work with the scalability constraints of SwiftUI. Or a List w/ more than 1k items. Everything becomes easier if you start to acknowledge that SwiftUI is a convenience extension to Cocoa, not a replacement in any way. And miraculously SwiftUI also allows super easy integration w/ Cocoa, making sure it is no either or 🙂

Malcolm Hall:

having a constant number of Views per row (i.e. no ifs) is one of the performance secrets recently explained at 16:25 here.

Another is no sorting/filtering in body, e.g. it could be bounced through onChange and saved in another state


Keeping Your Data From Apple Is Harder Than Expected

Minna Tiainen (via Hacker News):

The researchers studied eight apps: Safari, Siri, Family Sharing, iMessage, FaceTime, Location Services, Find My and Touch ID. They collected all publicly available privacy-related information on these apps, from technical documentation to privacy policies and user manuals.

The fragility of the privacy protections surprised even the researchers.

‘Due to the way the user interface is designed, users don’t know what is going on. For example, the user is given the option to enable or not enable Siri, Apple's virtual assistant. But enabling only refers to whether you use Siri's voice control. Siri collects data in the background from other apps you use, regardless of your choice, unless you understand how to go into the settings and specifically change that,’ says Lindqvist.


‘It turned out that the participants weren’t able to prevent any of the apps from sharing their data with other applications or the service provider,’ Bourdoucen says.


Privacy Nutrition Labels are a great idea, but the lack of a mechanism to verify what’s on them makes them unreliable. They can be inaccurate or misleading. Here’s an example: Apple’s own Podcasts app states that search history isn’t linked to the user’s identity, but experiments show that every search performed in the app sends a request to Apple servers with the user’s iCloud ID associated with search keywords, as shown in the screenshot. Perhaps this data is discarded, but in theory the data is enough to build a search history that is linked to a particular user. And this’s not what the privacy label says.


GM Stops Sharing Driver Data With Brokers

Jonathan M. Gitlin (Hacker News):

After public outcry, General Motors has decided to stop sharing driving data from its connected cars with data brokers. Last week, news broke that customers enrolled in GM's OnStar Smart Driver app have had their data shared with LexisNexis and Verisk.

Those data brokers in turn shared the information with insurance companies, resulting in some drivers finding it much harder or more expensive to obtain insurance. To make matters much worse, customers allege they never signed up for OnStar Smart Driver in the first place, claiming the choice was made for them by salespeople during the car-buying process.

Karl Bode:

The absolute bare minimum you could could expect from the auto industry here is that they’re doing this in a way that’s clear to car owners. But of course they aren’t; they’re burying “consent” deep in the mire of some hundred-page end user agreement nobody reads, usually not related to the car purchase itself but the apps consumers now use to manage roadside assistance and other programs.

So not surprisingly, GM was subsequently sued. And now the company finds itself on an apology tour[…]


Friday, April 12, 2024

Swift for C++ Practitioners

Doug Gregor:

I’ve started a blog series aimed at C++ programmers who are interested in learning #SwiftLang. It teaches the breadth of the Swift language, but anchored in the features and idioms of C++. So if you know your Rule Of Fives and your SFINAEs and think you might be interested in Swift, I’d love to hear what you think.


Effects of the DMA’s Browser Choice Requirement

Ashley Belanger:

Smaller web browsers are gaining traction in the European Union after the Digital Markets Act (DMA) started requiring designated gatekeepers like Google and Apple to make it easier to switch default web browsers on devices.


Reuters collected data from six companies, confirming that, when presented with a choice screen, many EU users will swap out default browsers like Chrome or Safari for more privacy-focused options. And because iPhones have a larger market share than Google-branded phones in the EU, Apple is emerging as the biggest loser, Reuters reported, noting that under the DMA, “the growth for smaller browsers is currently coming at the cost of Safari.”

Dan Moren:

In some ways, this isn’t surprising: I’m guessing a lot of consumers in the EU weren’t even aware that they could change the default browser on iOS. But it’s also early days and it’s possible that some of this is experimentation for people to see what else is on there—it’s not entirely clear to me from the story (or the Reuters story where the numbers originate) over what time period they’ve logged this. People may try out another browser and then change back—especially if we’re talking about browsers with, say, free trials to a paid subscription.

Nick Heer:

I have seen others suggest people may be picking third-party browsers because they are unclear about what a web browser is, or are unsure which one they want to use. I can see legitimacy in both arguments — but that is just how choice works. A lot of people buy the same brand of a product even when they have other options because it is the one they recognize; others choose based on criteria unrelated to the product itself. This is not a new phenomenon. What is fascinating to me is seeing how its application to web browsers on a smartphone is being treated as exotic.


It has so far been a little bit like entering a store where they give you a basket of house brand products and you have to decide which third-party options you want to add or exchange to the basket. Someone needs to really care in order to make the effort. Now, because of this ballot screen, the market is a little more levelled, and it seems some users are responding.

Tim Hardwick:

Despite users increasingly choosing alternative options, browser companies have criticized Apple and Google for the slow rollout of the change, and believe it is hampering the migration away from Safari and Chrome. Mozilla, which owns Firefox, estimates that only around a fifth of iPhone users in the EU have received the iOS update, and claims that the rollout is much slower than Apple’s previous software updates.

Some alternative browser makers are also concerned that the design of choice screens is sub-optimal at best. For example, Vivaldi CEO Jon Stephenson von Tetzchner notes that Apple’s choice screen only appears when iPhone users open Safari, while the list of browsers provides no additional information.


Vivaldi is also unhappy with the design. “The list of browsers does not show additional information and that does not help users to make a meaningful choice,” a company spokesperson told TechCrunch. “If the user has already selected a browser of their own choice, the choice screen can actively try to push them away from it, and may not even include it in the list that it presents to the user.”


“Don’t Let Me Go” and iCloud Storage Tiers

John Gruber:

The gist of the commercial is that you shouldn’t worry about deleting photos to free up storage, because modern iPhones have plenty of space.


But this commercial made me want to yell at my TV each time it came on: “The problem is iCloud storage, not on-device storage!” The free tier of iCloud remains just 5 GB, and the $1/month paid tier offers just 50 GB, which may not be enough to back up even a 64 GB iPhone SE.


And no amount of cleverness in iOS can protect a user with un-backed-up photos and videos if they lose or break their iPhone.


It feels like this new commercial is just whistling past the single biggest shortcoming in the Apple ecosystem.

I bet Apple has data showing that millions of iPhone users have precious photos that aren’t backed up because they don’t have enough iCloud storage. iOS will nag about this, and people get used to ignoring it. There’s an aversion to subscriptions, even if it’s only 99 cents per month to back up important data. I don’t know what the answer is, but it seems odd that the free tier hasn’t changed and that purchasing a new $999 phone doesn’t get you more. I guess it’s like how the fancy hotels are the ones that charge for Wi-Fi…

Ryan Jones:

User must choose between (roughly speaking) 5-10GB on device or 100-200GB on device. That’s so binary. There’s no benefit to more device storage until and unless it can fit ALL your photos.

Carlos Ribas:

Plus it doesn’t do a great job. I have to turn it off or else I frequently find myself waiting to download offloaded videos I just took, while the phone sits 75% empty. Doing a good job would mean filling the phone but automatically purging oldest-first as-needed.

John Gruber:

The free tier for Google One offers 15 GB of storage.


Google used to offer “unlimited storage for photos and videos” to owners of Pixel phones, but they dropped this offer starting with the Pixel 6 in late 2021. That was such an appealing offer — especially considering that much of the appeal of Pixel phones comes from their renowned camera systems. I can only surmise that this proved more expensive to Google than they deemed worthwhile.

You don’t need to pay for iCloud to back up a large amount of iPhone storage — you can still back up to a Mac or PC manually. I don’t know any non-expert users who do this, though, and there are zillions of iPhone owners who don’t even own a Mac or PC. For the masses, iCloud backup is the only backup.


Grindr’s Plan to Squeeze Its Users

Zoë Schiffer:

Since its initial public offering in 2022, Grindr has been on a rocky road financially. Its stock has fallen 70 percent since its SPAC. After hitting an IPO-high of $71.51, it currently sits at $10.13. Last summer, employees announced plans to unionize, amid industry layoffs and worries that the company was losing its progressive culture. Two weeks later, CEO George Arrison abruptly ordered his mostly remote workforce of 180 people back to the office. About half the company left and Grindr paid out more than $9 million in severance.

Now, Grindr plans to boost revenue by monetizing the app more aggressively, putting previously free features behind a paywall, and rolling out new in-app purchases, employees say. The company is currently working on an AI chatbot that can engage in sexually explicit conversations with users, Platformer has learned. According to employees with knowledge of the project, the bot may train in part on private chats with other human users, pending their consent.


During the pandemic. Match Group was riding high, with a market cap well over $40 billion. But when growth started to slow across the tech industry, the company’s stock suffered accordingly. Tinder reported a year-over-year drop in the number of paying users in third-quarter earnings in 2023, sending Match Group’s stock plunging 15 percent – the lowest it had been since the company separated from IAC in 2020. Its market cap today has fallen below $10 billion, compared to $1.76 billion for Grindr.


But frustration with dating apps’ aggressive monetization efforts is on the rise. And as more of Grindr slips behind the paywall, users may face a disappointing future: one with fewer free users to chat with, and an app that regularly pushes them to romance a chatbot.


Thursday, April 11, 2024

Used Genuine Apple Parts and Parts Pairing

Apple (MacRumors):

Today Apple announced an upcoming enhancement to existing repair processes that will enable customers and independent repair providers to utilize used Apple parts in repairs.


And in order to simplify the repair process, customers and service providers will no longer need to provide a device’s serial number when ordering parts from the Self Service Repair Store for repairs not involving replacement of the logic board.


Apple will also extend its popular Activation Lock feature to iPhone parts in order to deter stolen iPhones from being disassembled for parts.

Brian Heater (MacRumors):

Components that don’t require configuration (such as volume buttons) were already capable of being harvested from used devices. Today’s news adds all components — including the battery, display and camera — which Apple requires to be configured for full functionality. Face ID will not be available when the feature first rolls out, but it is coming down the road.

At launch, the feature will be available solely for the iPhone 15 line on both the supply and receiving ends of the repair. That caveat is due, in part, to limited interoperability between the models. In many cases, parts from older phones simply won’t fit. The broader limitation that prohibited the use of components from used models comes down to a process commonly known as “parts paring.”


“‘Parts pairing’ is used a lot outside and has this negative connotation,” Apple senior vice president of hardware engineering, John Ternus, tells TechCrunch. “I think it’s led people to believe that we somehow block third-party parts from working, which we don’t. The way we look at it is, we need to know what part is in the device, for a few reasons. One, we need to authenticate that it’s a real Apple biometric device and that it hasn’t been spoofed or something like that. … Calibration is the other one.”

They don’t block third-party parts from working, but they do make sure they’re real Apple parts. I’m so glad to have that clarified.

“Parts pairing, regardless of what you call it, is not evil,” says Ternus. “We’re basically saying, if we know what module’s in there, we can make sure that when you put our module in a new phone, you’re gonna get the best quality you can. Why’s that a bad thing?”

Jason Koebler (tweet):

Seemingly magically and surely not coincidentally, Apple has announced that it will suddenly ease some of its “parts pairing” iPhone repair restrictions just weeks after Oregon passed a law banning this practice and on the same day that Colorado is considering a bill that would do the same.


What this means, practically, is that Apple will let you swap the screen of one iPhone with the screen of another iPhone, something that was impossible for a consumer or independent shop to do under the restrictions it has implemented on recent iPhone models. The current announcement will not allow for aftermarket parts to be used, which is a critical distinction. Aftermarket parts are widely used in other electronics, other companies’ smartphones, and they used to be widely used in iPhones prior to the parts pairing restrictions.

Nick Heer:

This all sounds pretty great and, it would seem, entirely triggered by regulatory changes. But it also seems to me that it is designed to challenge the parts pairing section of Oregon’s right-to-repair law (PDF).


Update (2024-04-12): Matt Birchler:

I find these to be very “the sky is falling” stories about the dangers of user choice, but what makes the part pairing issue interesting is that we have history here. I believe it wasn’t until the Face ID generation of iPhones that tons of iPhone components had the “part pairing” issue, so we have about a decade of iPhone history where third party parts were able to be used to repair broken iPhones.

John Bumstead:

Parts from needlessly Activation Locked devices are EXACTLY the parts that NEED to be allowed and EXACTLY the parts that exist in abundance. If Apple is banning their reuse, they are making the situation WORSE. This is newspeak at its finest.

Apple Alerts Users to Mercenary Spyware Attacks

Manish Singh (via Hacker News, MacRumors, Reddit):

Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that they may have been targeted by mercenary spyware attacks.


Apple previously described the attackers as “state-sponsored” but has replaced all such references with “mercenary spyware attacks.”


Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.

According to public reporting and research by civil society organizations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group. Though deployed against a very small number of individuals — often journalists, activists, politicians, and diplomats — mercenary spyware attacks are ongoing and global. Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total.


Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously. We are unable to provide information about what causes us to issue threat notifications, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future.


Update (2024-04-12): Howard Oakley:

The majority of emails and almost all messages purporting to be from Apple are scams.


With one notable exception, Apple doesn’t know whether your Mac or devices have any malware, and can’t tell you if they do. Any message that tries to tell you otherwise is phishing or scam.


Instead, if you think you have received a threat notification from Apple, sign in to, where you should see confirmation that those messages are genuine.

Humane Ai Pin Reviews

David Pierce (Hacker News):

The AI Pin is an interesting idea that is so thoroughly unfinished and so totally broken in so many unacceptable ways that I can’t think of anyone to whom I’d recommend spending the $699 for the device and the $24 monthly subscription.

AI Pin and its AI OS, Cosmos, are about beginning the story of ambient computing,” Humane’s co-founders, Imran Chaudhri and Bethany Bongiorno, told me in a statement after I described some of the issues I’ve had with the AI Pin. “Today marks not the first chapter, but the first page. We have an ambitious roadmap with software refinements, new features, additional partnerships, and our SDK. All of this will enable your AI Pin to become smarter and more powerful over time. Our vision is for Cosmos to eventually exist in many different devices and form factors, to unlock new ways to interact with all of your devices.”

As the overall state of AI improves, the AI Pin will probably get better, and I’m bullish on AI’s long-term ability to do a lot of fiddly things on our behalf. But there are too many basic things it can’t do, too many things it doesn’t do well enough, and too many things it does well but only sometimes that I’m hard-pressed to name a single thing it’s genuinely good at. None of this — not the hardware, not the software, not even GPT-4 — is ready yet.


Dunking on the Humane Ai Pin is too easy.

I’d sooner dunk on the Apple Watch because we should be able to point at that, and ask why you’d ever want a lapel pin to do its job.

We should be able to say it’s the perfect device for people who want to live a phone-free life.

Steve Troughton-Smith:

Neither Vision Pro nor Humane’s Ai Pin are ‘the future’, but they’re both showcasing aspects that will become the future. A pair of glasses, running an OS like visionOS, with advanced multimodal AI smarts. That’s the next product that can truly change the world, something anybody and everybody can wear all day every day, and give the smartphone a run for its money; what we have now are science projects — really cool science projects — but science projects nonetheless.

See also: Ken Kocienda, Imran Chaudhri, Bethany Bongiorno.


Update (2024-04-12): Julian Chokkattu:

Not being able to fully trust the results from the Ai Pin’s Ai Mic and Vision features (the latter is still in beta) is just one problem with this wearable computer. Unfortunately, there’s not much else to do with it as it’s missing a great many features. The Humane Ai Pin could be an interesting gadget a year from now after promised software updates, but at the moment it’s a party trick.

Cherlynn Low:

Not only is the Humane AI Pin slow, finicky and barely even smart, using it made me look pretty dumb. As it stands, the device doesn’t do enough to justify its $700 and $24-a-month price.


If only voice interactions were the worst thing about the Humane AI Pin, but the list of problems only starts there. I was most intrigued by the company’s “pioneering Laser Ink display” that projects green rays onto your palm, as well as the gestures that enabled interaction with “onscreen” elements. But my initial wonder quickly gave way to frustration and a dull ache in my shoulder. It might be tiring to hold up your phone to scroll through Instagram, but at least you can set that down on a table and continue browsing. With the AI Pin, if your arm is not up, you’re not seeing anything.


It’s not just those of us afflicted with tiny palms that will find the AI Pin tricky to see. Step outside and you’ll have a hard time reading the faint projection. Even on a cloudy, rainy day in New York City, I could barely make out the words on my hands.

Dare Obasanjo:

I continue to believe that the problems that products like the Humane AI Pin and Rabbit R1 are trying to solve are best solved using AirPods and an app on your phone.

The only issue is Apple’s closed ecosystem prevents companies from doing this so they’re inventing superfluous devices nobody asked for.

Louie Mantia:

A team with this collective pedigree is smart enough to thoroughly test their own product, so I can’t imagine a reality in which the people at Humane didn’t know about these issues before shipping it. However, if we assume they did know, the story becomes somehow more troubling.

Ben Sandofsky:

It fits my theory that the product was a late stage pivot…

Founders pitch investors on a hand laser thing when it’s a napkin sketch. They raise too much money, hire too many people.

They build a prototype, but too late. Turns out the laser UI sucks and eats too much battery.

“Hmm. Investors are shopping for AI companies now… voice uses less power… pivot to AI!”

Suddenly tech has a downturn. Can’t raise another round of funding. They launch an alpha.

Automattic Acquires Beeper

Eric Migicovsky (tweet, Hacker News, MacRumors):

I’m excited to announce that Beeper has been acquired by Automattic. This acquisition marks the beginning of an exciting new chapter as we continue our mission to create the best chat app on earth.


Given the state of the messaging landscape today, we believe there is a huge opportunity for us to push boundaries and create new experiences in chat. The majority of other chat apps have stagnated, entrenched in their positions, with no significant new players emerging since Discord’s launch in 2015. Given the state of the messaging world, we’ve long felt the need for a strong ally with the resources to support us on our quest. Automattic has a long history of putting user control and privacy first with open source, and great bilateral relationships with Meta, Apple, Microsoft, Google, Matrix and others that we hope can usher in a new era of collaboration.


Matt, Automattic’s CEO, and I have known each other for years. He was an early user, supporter and investor in Beeper. We’re very well aligned on our goal (build the best chat app on earth), approach (open source where possible), and independence (Beeper will operate independently as part of Automattic’s Other Bets division).

Matt Mullenweg:

We’re going to use the Beeper brand, because it’s fun. This is not unlike how browsers have evolved, where solid tech and encryption on top of an open ecosystem has created untold value for humanity.


A lot of people are asking about iMessage on Android… I have zero interest in fighting with Apple, I think instead it’s best to focus on messaging networks that want more engagement from power-user clients.

Sarah Perez:

The deal, which was for $125 million according to sources close to the matter, is Automattic’s second acquisition of a cross-platform messaging solution after buying last October.


Automattic had previously made a strategic investment of $4.6 million in Element (previously New Vector), another company building on Matrix, and it contributes annually to, as does Beeper.

Dare Obasanjo:

$125M for a 25 person team whose claim to fame is getting blocked by Apple for trying to interop with iMessage is a sweet exit.

Automattic’s bet on Tumblr didn’t work out and so it’s looking at messaging as its next growth vehicle. Telegram is valued at $30B and claims to make hundreds of millions in revenue so it makes sense for Automattic to try this. Either that or short form video 😁

Nick Heer:

Seems like a smart way for Beeper to become better resourced, and a bet by Automattic on more legislation like the Digital Markets Act enabling further interoperable messaging.


Update (2024-04-12): John Gruber:

While the Beeper Mini/iMessage thing is where Beeper garnered, by far, the most publicity, it was always a sideshow from their primary goal of building a universal messaging app for multiple (14!) platforms. Think of it like a modern-day Adium.


Now that I’ve tried Beeper for Mac (connecting Twitter/X, WhatsApp, Signal, Instagram, and Slack accounts) — it’s remarkable how similar it is to Texts. They’re both Electron/React apps, and both suffer from a lot of Electron-isms. (What in the world is going on with the keyboard shortcuts in the contextual menu for the text editing field?) Both are just big bloated Electron web apps pretending, by appearance, to be Mac apps.

Wednesday, April 10, 2024

Run-time Polymorphism in Swift

Jordan Rose (Mastodon):

There are only three ways to get run-time polymorphism in Swift. Well, three and a half.



Generics are a powerful and flexible tool, but in general they don’t result in any more run-time polymorphism than any types (formerly “protocol composition types”). This often throws people who are used to C++ templates, where overload resolution is done on the concrete type that satisfies the generic constraints rather than on the generic type. Swift didn’t choose that option for two main reasons: it makes it much harder to diagnose issues at compile time, and it means that the entire body of the generic has to be visible to callers (so they can substitute in the concrete type). This is good for optimization, but bad for library evolution. You can think of Swift’s model as “the decision of which overload to call is made based on the knowledge where the call is written, which in this case is inside a generic function with certain constraints”.


Universal macappstore: Links

Jeff Johnson:

The App Store app on macOS is the default handler of URLs with the macappstore: scheme. App Store preview web pages automatically open the App Store app by setting the location of an HTML <iframe> element to a macappstore: URL. My free open source app Stop The Mac App Store registers itself as the default macOS handler for the macappstore: scheme, thereby preventing Safari and Safari Technology Preview from automatically opening those URLs in App Store. If you click Cancel or press the escape key, the App Store app won’t open.


I’ve discovered that macOS Ventura and Sonoma changed how Safari handles App Store links, bypassing Stop The Mac App Store in some cases. Fortunately, I’ve also discovered a solution to the problem. In this blog post I’ll discuss both the problem and the solution. As a bit of a spoiler, let me first deflate the conspiracy theories: Apple wasn’t specifically targeting Stop The Mac App Store, which is too obscure to be noticed by the corporate giant. My app never lost the ability to become the default handler of the macappstore: URL scheme. Rather, it seems that macOS Ventura started treating App Store URLs as universal links[…]

It continues to be infuriating that macOS doesn’t offer a way to opt out of Universal Links. I’ve had to uninstall the Twitter and Mastodon apps because otherwise URLs for those services become unusable in my Web browser. I guess an alternative would be to switch from Safari to Chrome, which offers more control here.

As for macappstore: links, I generally prefer to view them on the Web because:

Unfortunately, you need to use the App Store app to access all of the reviews.


Facebook Blocking Links to Kansas Reflector

Nick Heer:

Earlier this week, Dave Kendall of documentary production company Prairie Hollow and formerly of a Topeka, Kansas PBS station, wrote in the Kansas Reflector an article criticizing Meta. Kendall says he tried to promote posts on Facebook for a screening of “Hot Times in the Heartland” but was prevented from doing so. A presumably automated message said it was not compliant with its political ads policy.


While this interpretation of a deliberate effort by Facebook to silence critical reporting is kind of understandable, given its poor communication and the lack of adequate followup, it hardly strikes me as realistic. In what world would Meta care so much about tepid criticism published by a small news operation that it would take deliberate manual actions to censor it?


If some system at Meta erroneously flagged as a threat Kendall’s original attempt to boost a post, it makes sense that related stories and domains would also be flagged.


Unfortunately, the coverage of this non-story has been wildly disproportionate and misses the actual problems. […] What is true and deeply frustrating is the weak approach of companies like Meta and Google toward customer service. Both have offloaded the administrative work of approving or rejecting ads to largely automated systems, with often vague and unhelpful responses, because they have prioritized scale above quality from their earliest days.


Google Search Changes Hurt Independent Sites

Brandon Saltalamacchia (Hacker News, Dennis):

The main source of our traffic was through Google Search. Whenever you searched for something retro gaming-related, our hope was that you would stumble across our website for advice, as we have invested hundreds of thousands of dollars into expert journalists to provide you with answers to your retro gaming queries. It worked incredibly well; Google’s search engine did what it entailed, showing users informative content created by human experts.


Since September 2023, Google has hidden our site from millions of retro gamers, reducing our organic traffic and revenue by 85% and causing our business to be on the edge of going under.


Google’s algorithms now favor a handful of results BEFORE “normal” websites, results that rarely show independent websites.


Reddit is the single biggest winner in recent algorithm changes, seeing millions of more clicks every single day thanks to recent updates.


My real issue is that Google isn’t telling us and other creators what we are doing wrong; they are replying with vague answers or sharing advice that goes completely against what’s showing up in the search results.


I left the article being like “oh it can’t be that bad” and left my little Kagi oasis to try out some Google searches similar to the article and I’ve completely changed my tune. What in the hell happened? There’s nary an organic result to be found, 80% of the page is shopping garbage and sponsored links, the few organic results are blogspam, and there’s banner ads in the middle of results now?

The folks here in the comments are missing the forest for the trees here, sure algo tweaks reshuffle winners and losers but there’s almost no results that aren’t Google’s own scraped content and ad spots. No amount of “make better content” can push you above the fold.

Barry Schwartz:

While we have still not seen any sites recover from the September 2023 helpful content update, we have seen sites recover from previous core updates. We were hoping by now to see sites recover from that September 2023 helpful content update with this March 2024 core update (since it incorporated the helpful content system in part), but no, not yet.


Tuesday, April 9, 2024

OmniFocus 4.2

Ainsley Bourque Olson:

For anyone running the Pro edition of OmniFocus, this release also introduces some very exciting new custom perspective rules that support filtering based on dates, repeats, and more:

  • New “Has date in range” rule type enables filtering a perspective by assigned date range.
  • New “Is repeating” rule enables filtering repeating tasks.
  • New “Is project, group, or neither” rule type enables filtering for projects or groups.
  • New “Is in single actions list” rule type enables filtering for items in single action lists.


Also for anyone running the Pro edition of OmniFocus, Omni Automation now supports “Install Links” for simplified Omni Automation plug-in installation.

Release notes:

In direct downloads of the app, the icon chosen in Appearance Settings will continue to be used in the dock when the app isn’t running.

Ken Case:

After some heroic spelunking, debugging, and tuning of our SwiftUI outline view, we’re now testing a performance improvement for OmniFocus 4.2 which makes adding an item to an inbox with 100+ items 20x faster.

The outline performance on iOS is indeed much better.

The watch experience continues to be frustrating, with slow syncing that doesn’t trigger automatically nor always complete. After the update, the complication was stuck showing a count of actions that didn’t match the app, and the digits were truncated. I eventually fixed it by removing and re-adding the complication. I assume there’s some sort of OS issue here because I see similar problems with Lock Screen widgets on iOS, e.g. Weathergraph stuck showing a temperature from a week ago.

I’m going to try removing OmniFocus from my iPad, because even leaving it as the frontmost app doesn’t seem to get it enough background time for it to stay in sync when I don’t touch the iPad for a few weeks. My hope is that, with the iPad out of the mix, syncing will be faster everywhere and therefore more reliable on the watch.


Copyright Takedown Against Hundreds of Wordle Clones

Jason Koebler:

The New York Times has filed a series of copyright takedown requests against Wordle clones and variations in which it asserts not just ownership over the Wordle name but over the broad concepts and mechanics of the word game, which includes its “5x6 grid” and “green tiles to indicate correct guesses.”

The Times filed at least three DMCA takedown requests with coders who have made clones of Wordle on GitHub. These include two in January and, crucially, a new DMCA filed this week against Chase Wackerfuss, the coder of a repository called “Reactle,” which cloned Wordle in React JS (JavaScript).

Craig Grannell:

I find it curious that this is even possible, given that Wordle itself was a straight rip of Lingo, which itself was in part based on existing mechanics. Games build on other games. The NYT denying that stops others from having the success Wordle itself enjoys.

Nick Heer:

The Times’ two most recent ideas for games were blatantly ripped from “Only Connect” but, sure, some random people on GitHub are irrevocably diluting Wordle’s reputation.

Timothy Geigner:

For this discussion, you really do need to recall that Wordle began as a free to play, simple daily game that became a quick craze nationally. It was created by one person, Josh Wardle, who made absolutely clear at the time that he had no interest in wrapping anything like intellectual property around the game. And when others did create spinoffs or clones of the game, he handled it in roughly as congenial a manner possible.

But then he sold the game to the New York Times. And the Times promptly began to strongarm these spinoffs and clones into shutting down, wielding IP threats to do so.

Nick Lockwood:

A lot of folks replying to this with “you can’t copyright gameplay” and of course that is correct, in legal terms. But with IP (as with so much in our society) it doesn’t actually matter what the law says, it only matters how much money you have.

A free software author cannot defend themselves against a billion dollar corporation in court unless they are willing to risk ending up homeless on the street.


AirTag Firmware Rollout Date

iSoftware Updates (via Sebastiaan de With):

Looks like Apple accidentally set the deployment dates for the 2.0.73 AirTag firmware to “m/d/24” instead of “m/d/2024” that has used in previous versions and which the AirTag update system uses as date format.

As a result, AirTags think the deployment dates are in the year 24 and they just skip to the 100% rollout batch 😅

Why is the goLiveDate even stored as a string when plists have a date type?


Daylight Saving Time UI Design Test

Nikita Prokopov (Hacker News):

I have five clocks in my house. All of them I have to change manually twice a year: one hour back in the Autumn and one hour forward in the Spring. Today was one of these days.

Each clock presents a unique puzzle. Three out of five have no direct controls for changing time, and manuals have long been lost, so I have to figure it out every time.


Monday, April 8, 2024

Coordinated Lunar Time (LTC)

Aimee Picchi:

The moon could soon get its own time zone.

The White House is directing NASA to work with other government agencies to develop a lunar-based time system called Coordinated Lunar Time, abbreviated as LTC. The Biden administration has given the space agency until the end of 2026 to hammer out the new system.

According to a Tuesday memo from the White House’s Office of Science and Technology Policy, the goal is to create a standard time measurement that will help coordinate efforts as humanity returns to the moon for exploration and economic development. The reality of such developments is not far off, with Intuitive Machines’ Odysseus lander touching down on the moon earlier this year and NASA planning a manned landing in 2026.

Debbie Goldsmith:

I keep seeing the news about lunar time presented as “the Moon is getting its own time zone.” What’s actually happening is the Moon is getting its own time standard. The problem being solved is that time passes slightly more quickly on the Moon compared to Earth (due to General Relativity) and so the Moon needs its own time standard for precise measurements and navigation. UTC is the time standard for measuring time on Earth, and LTC is being created for the Moon.

Voice Dream Reader Switches to Subscriptions

Jonathan Mosen:

Unfortunately, the relationship between Voice Dream Reader’s new owners and its engaged user base got off to a rocky start. Members of the online blind community did not find out about the sale of Voice Dream Reader last year from either the buyer or the seller. Instead, they found out because an indie developer who offers a product that competes in some ways with Voice Dream Reader discovered a new subscription option in a just-released build of Voice Dream Reader. He, not anyone associated with the app, broke the news to the blind community that subscriptions were on the way.

When a developer moves from a one-off purchase model to a subscription-based model, it is always controversial, even if said company makes great efforts to communicate it thoroughly. When you add an unpopular change, the departure of a popular indie developer, and nonexistent communication together, those ingredients add up to an inevitable firestorm. In the absence of information to the contrary, existing customers were concerned that they were about to be charged.


When a developer publishes an app in the App Store, they must comply with Apple’s App Review Guidelines. […] There is no wiggle room here. By taking away primary functionality users already paid for, such as adding new material to the Library, Voice Dream Reader does not comply with the Guidelines. […] Voice Dream Reader’s release notes make no mention of the subscription being forced on people who paid for the app already if they want to retain the functionality they paid for, and I suspect this has simply flown under Apple’s radar.

Via Shelly Brisbin:

The move comes from the app’s new owner, Applause Group, which bought the app in 2023 from original developer Winston Chen. Part of the backlash results from the planned $79 per year price tag (discounted to $59 until at least May 1, when the subscription becomes mandatory), but a bigger issue for longtime users is that Applause Group will effectively disable the older version of the app.

Applause Group:

Your feedback, along with the impactful stories shared about Voice Dream being a pivotal part of your daily lives, has led us to reverse this change.


We will continue to provide access to the app’s existing features at no additional cost.


Music App Links in EU

Apple (Hacker News):

3.1.1(a): Updated to include Music Streaming Services Entitlements.

The new guideline reads:

3.1.1(a) Link to Other Purchase Methods: Developers may apply for entitlements to provide a link in their app to a website the developer owns or maintains responsibility for in order to purchase digital content or services. Please see additional details below.


Music Streaming Services Entitlements: music streaming apps in specific regions can use Music Streaming Services Entitlements to include a link (which may take the form of a buy button) to the developer’s website that informs users of other ways to purchase digital music content or services. These entitlements also permit music streaming app developers to invite users to provide their email address for the express purpose of sending them a link to the developer’s website to purchase digital music content or services. Learn more about these entitlements.


Juli Clover:

The European Commission in March fined Apple $2 billion for anti-competitive conduct against rival music streaming services. The fine also came with a requirement that Apple “remove the anti-steering provisions” from its App Store rules, which Apple has now done. Apple is restricted from repeating the infringement or adopting similar practices in the future, though it is worth noting that Apple plans to appeal the decision.


Allowing iOS Game Emulators and Mini Apps

Apple (Hacker News):

4.7: Added games from retro game console emulator apps to the list of permitted software, and clarifies that mini apps and mini games must be HTML5.

Sweet! The new guideline reads:

4.7 Mini apps, mini games, streaming games, chatbots, plug-ins, and game emulators

Apps may offer certain software that is not embedded in the binary, specifically HTML5 mini apps and mini games, streaming games, chatbots, and plug-ins. Additionally, retro game console emulator apps can offer to download games. You are responsible for all such software offered in your app, including ensuring that such software complies with these Guidelines and all applicable laws. Software that does not comply with one or more guidelines will lead to the rejection of your app. You must also ensure that the software adheres to the additional rules that follow in 4.7.1 and 4.7.5. These additional rules are important to preserve the experience that App Store customers expect, and to help ensure user safety.


Your app may not extend or expose native platform APIs to the software without prior permission from Apple.

Juli Clover:

Game emulators have managed to sneak onto the App Store several times over the years by using hidden functionality, but Apple has not explicitly permitted them until now. The rule change that allows for game emulators is worldwide, as is support for apps that offer mini apps and mini games.

Ben Sandofsky:

From day one, Apple banned emulation from the App Store for no legal reason, just vibes, even though users want it.

After @altstore announces their own third-party App Store, which will be a haven for emulators, Apple changes their rules to allow it.

Riley Testut:

10 years too late Apple 🙃

Emma Roth (via Tom Warren):

Apple says those games must comply with “all applicable laws,” though — an indication it will ban apps that provide pirated titles.


The change seems to come in response to the antitrust lawsuit filed by the United States, which accuses Apple of attempting to stomp out both cloud game streaming apps and super apps. Apple recently started letting cloud streaming services, like Xbox Cloud Gaming and GeForce Now, onto the App Store.

Samuel Axon (Hacker News):

It’s a little fuzzy how this will play out, but it may not allow the kind of emulators you see on Android and desktop, which let you play retro games from any outside source.


The emulator change is a minor rule change about bundling and is not what many of the reactions to the change think.

What people seem to think this means: Open-ended retro game emulators like Snes9x and Dolphin are now allowed. (I don’t think this is correct.)

What the change is actually doing: If you are the licensed publisher of a retro game collection, you can now offer them in one app (including perhaps downloading additional games added to the collection later) instead of splitting them into individual apps. Each game must be individually vouched for.

What is not changing: “Emulators” have long been allowed if the emulated code is bundled with the app and it is officially licensed.

Mike Rockwell:

I suppose it’s still possible that emulators like RetroArch and PPSSPP would be allowed, but it seems like the rule could imply that this is just for retro game collections that allow for downloading of more games within the app. More like Sega releasing a Sonic the Hedgehog collection that utilizes emulation or a game developer that wants their homebrew NES game available on iOS.

I suspect someone will test the rule and see exactly where the line is drawn, but I get the feeling we’ll still need sideloading to have what we think of as “emulation” on iOS.

Colin Cornaby:

Actually - this reading makes it sound like my DOS emulator dream is still dead. You could actually ship emulators to the store before - but they had to include the ROMs in the bundle. This just makes it sound like games are allowed to download ROMs from an external server that is still under developer control.


Basically if Sega wanted to launch an “Every Genesis game ever” service it would have been difficult before because they would have been forced to include every game in the app bundle.

This just makes it so they can download those ROMs on the fly.


Notably, Apple still does not allow non web browsing apps to use JIT recompilers. This precludes emulators for 6th generation and newer consoles (GameCube, etc) from running on the platform even with this guideline change.

I submitted a DMA interoperability request for JIT recompilers, but Apple denied it on the grounds that it doesn’t fall under Article 6(7) for “multiple reasons”, including that JIT is only used by web browsers on iOS.

Steve Troughton-Smith:

An App Store with game streaming services and support for emulators is a better App Store.

Apple is using this opportunity to find out why people might ever want to sideload or jailbreak, and head them off at the pass.

Now do virtualization and JIT, since those are easy, low hanging fruit

Nick Lockwood:

also, with retro games the developers don’t keep remotely tweaking a game that you liked after you bought it and removing content you already paid for until it’s no longer a game you like

Craig Grannell:

“You can load your own ROMs? That’s piracy!” now appears to be the default take on emulators and the App Store.

And, yes, it may well be. But places do also sell ROMs for old systems, or provide them as a digital backup/alternative when you purchase a cartridge or disk. It’s not 100% yo-ho-ho.

Also, the other growing consensus – Apple will only allow emulators where you can add games via IAP – makes no sense to me because that’s existed for YEARS in the App Store anyway.

Another example of raising App Store fees without raising the percentage.


Friday, April 5, 2024

Embedding a Privacy Manifest Into an XCFramework

Joe Heck (Mastodon):

I expected documentation at least, and was hoping for an update in Xcode – specifically the xcodebuild command – to add an option that accepted a path to a manifest and included it appropriately. So far, nothing from Apple on that front. […] I hope that something is planned to make this easier, or at the minimum document a process, since it now appears to be an active requirement for new apps presented to the App Store.


In the meantime, if you’re Creating an XCFramework and trying to figure out how to comply with Apple’s requests for embedded privacy manifests, hopefully this article helps you get there. As I mentioned at the top of this post, this is based on my open source work in Automerge-swift. I’m including the library and XCFramework (and show it off) in a demo application. I just finished working through the process of getting the archives validated and pushed to App Store Connect (with macOS and iOS deliverables). To be very clear, the person I worked with at DTS was both critical and super-helpful. Without this information I would have been wandering blindly for months trying to get this sorted.


Macs Targeted by Infostealer Malware

Jamf Threat Labs:

While searching for “Arc Browser” on Google, it was brought to our attention that following the sponsored result for what seems to be the legitimate Arc web browser, actually brings you to a malicious site aricl[.]net that imitates the legitimate


The DMG is signed ad-hoc and provides directions to right-click the app and select open thus overriding any Gatekeeper warnings.


Dumping plain text passwords out of the keychain requires the user’s macOS password. Infostealer developers have long caught on to the fact that the easiest way to get this password is to simply ask the user for it. We see a prompt generated via a call to AppleScript.

Recalling Apple v. Qualcomm

Reed Albergotti (via Eric Migicovsky):

One of the first stories I covered then was Apple’s lawsuit against Qualcomm, which was accused of having a wireless modem monopoly and overcharging companies for the device. Apple paid Qualcomm about $7 per phone.

The opening arguments in that trial were riveting. Apple’s slide presentation included a photo of Radar O’Reilly, the comic relief radio operator from M.A.S.H. That was Qualcomm, Apple’s lawyers argued, the company that simply operated the radio on Apple’s otherwise sophisticated device.

Then it was Qualcomm’s lawyers’ turn. They revealed bombshell documents that had not been publicly seen before; Apple’s lawyers had accidentally sent them to Qualcomm.


Apple had tried to replace some of Qualcomm modems with a different model made by Intel. But Qualcomm chips were so much faster that Apple had to secretly throttle them so that all of its phones would operate at the same level.

Qualcomm only sought a percentage of the cost of the iPhone, not of all the software and services that used the modem.


Trying to Bring Apple Watch to Android

Chance Miller (Hacker News):

As part of its response to the United States DOJ lawsuit today, Apple confirmed that it at one point considered creating an Apple Watch for Android. The company tells me that it spent three years working on bringing Apple Watch to Android before ultimately scrapping the idea.

Mark Gurman:

This was Project Fennel, which I wrote about last year.

I’d love to know more about this because it doesn’t seem to make much sense given the way apps work. Would it have been just be the built-in apps and some health features? If there’s an antitrust issue here, I would think it’s with lack of support for third-party watches on iOS rather than not supporting Apple Watch on Android.


Thursday, April 4, 2024

Google Podcasts Is Gone

David Pierce:

Google Podcasts is dead. It has been dying for months, since Google announced last fall that it was killing its dedicated podcast app in order to focus all its podcasting efforts on YouTube Music. This is a bad idea and a big downgrade, and I’d be more mad if only I were more surprised.

The Podcasts app is just the latest product to go through a process I’ve come to call The Google Cycle. It always goes the same way: the company launches a new service with grandiose language about how this fits its mission of organizing and making accessible the world’s information, quickly updates it with a couple of neat features, immediately seems to forget it exists, eventually launches a competitor out of some other part of the company, obviously begins to deprecate it and shift focus to the new competitor, and then, years later, finally shuts it down for real. The Google Graveyard is full of apps like Reader, Duo, Inbox, Allo, Wallet, and countless others that have been through The Google Cycle, and it feels just as bad every time.

Via John Gruber:

I haven’t been bitten by Google killing an app or service since Google Reader, because I never again trusted them. I suppose this might be a lot more difficult for Android users, but I honestly don’t even remember the last time I added a new Google app or service to the set of tools I rely upon.

YouTube is irreplaceable. I wouldn’t want to be without Google Maps. Other than that, I use Google Search, Google News, Google Cloud Storage (with Arq), and Google Wi-Fi, all of which have decent alternatives. AdSense doesn’t, but it seems to have gotten a lot worse and isn’t doing much for me these days. I stopped using AdWords a while ago because it seemed untrustworthy. I also have a Nest Cam, which Google hasn’t supported very well.

See also: Sunset.

Update (2024-04-12): Tim Hardwick:

Google One VPN will be discontinued later this year, according to a customer email seen by Android Authority. The service was rolled out for Android in October 2020, before coming to iOS devices and Macs in 2022.

AV1 Integer Overflow

Paul Ducklin (tweet):

The security vulnerablities themselves turn out to be a single bug, or at least to be covered by a single bug identifier, CVE-2024-1580, which was found and reported by Nick Galloway, a researcher in Google’s Project Zero bug-hunting team[…]


We’re guessing, from Apple’s purposeful silence when the first fixes came out last week, that the CVE-2024-1580 bug was considered dangerous to document before the patches for other platforms, notably macOS, were published.

We’re further guessing that this implies that even with just basic information on what to look for and where to start, cybercriminals will be able to work backwards from the patches to construct a working exploit.

However, it seems that the details had already been made public in February.


An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder.


New FileVault Recovery Keys and GoFetch

Howard Oakley:

macOS Sonoma 14.4 and 14.4.1 updates have been prompting some users to create a new FileVault Recovery Key. If you see this as your Mac completes an update, here’s what you should next.


If your Mac has FileVault turned on, and you opt to use a Recovery Key, check using fdesetup validaterecovery that the Recovery Key is correct whenever it’s changed. Otherwise you could be in for a big disappointment if you ever need to use it.

It’s not clear why some users are being prompted.

Howard Oakley:

The internal SSD in T2 and Apple silicon Macs is connected directly to its Secure Enclave, which performs its encryption and decryption using keys generated and stored within the Secure Enclave.


All volumes on the internal SSD that are encrypted have a Volume Encryption Key (VEK), protected by two internal keys, one the unique hardware UID from the Secure Enclave, the other from xART and intended to protect from replay attacks. The VEK isn’t exposed outside the Secure Enclave, nor is it handled by CPU cores.


When a user enables FileVault, a third key becomes involved in protecting the VEK, the Key Encryption Key (KEK), protected by the User Password and the hardware UID. This explains how no decryption and re-encryption is required when changing the User Password, or when enabling or disabling FileVault. Changes to the KEK affect access to the VEK, but don’t change the VEK at all.


Software encryption, including FileVault, for external storage of Apple silicon Macs may be vulnerable to GoFetch, but there’s no evidence that could affect FileVault encryption performed in the Secure Enclave.



GoFetch (PDF, Hacker News):

GoFetch is a microarchitectural side-channel attack that can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).

We show that DMPs are present in many Apple CPUs and pose a real threat to multiple cryptographic implementations, allowing us to extract keys from OpenSSL Diffie-Hellman, Go RSA, as well as CRYSTALS Kyber and Dilithium.

Dan Goodin (via Kim Zetter, Hacker News, MacRumors):

The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because it stems from the microarchitectural design of the silicon itself. Instead, it can only be mitigated by building defenses into third-party cryptographic software that could drastically degrade M-series performance when executing cryptographic operations, particularly on the earlier M1 and M2 generations. The vulnerability can be exploited when the targeted cryptographic operation and the malicious application with normal user system privileges run on the same CPU cluster.


The threat resides in the chips’ data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. By loading the contents into the CPU cache before it’s actually needed, the DMP, as the feature is abbreviated, reduces latency between the main memory and the CPU, a common bottleneck in modern computing. DMPs are a relatively new phenomenon found only in M-series chips and Intel’s 13th-generation Raptor Lake microarchitecture, although older forms of prefetchers have been common for years.


The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data. As a result, the DMP often reads the data and attempts to treat it as an address to perform memory access. This “dereferencing” of “pointers”—meaning the reading of data and leaking it through a side channel—is a flagrant violation of the constant-time paradigm.

Bruce Schneier:

Note that exploiting the vulnerability requires running a malicious app on the target computer. So it could be worse. On the other hand, like many of these hardware side-channel attacks, it’s not possible to patch.

Casey Muratori (tweet):

I recorded this video where I walk through what a “DMP” is, what the researchers figured out about Apple M-Series DMP behavior via microbenchmarking, and how a “GoFetch” DMP-enabled attack works in practice.

If you are already familiar with microarchitecture analysis, and would like some deeper reading on the subject, I would suggest reading the original GoFetch paper and three of its references in particular[…]

Paul Ducklin:

Intel, perhaps confusingly, gives the setting that turns this feature off the name DOIT, short for data operand independent timing, which actually tells the CPU, “Don’t do data memory-dependent prefetching.”


Very simply put, the researchers figured out how to feed in decryption keys that they knew wouldn’t work, but that might trigger DMP if they had guessed one of the bits in the key correctly, because they would have tricked the CPU into thinking it was looking at a pointer of interest.

By testing how quickly they could access the ‘memory address of interest’ immediately afterwards, they could determine whether it had been prefetched by the CPU (fast access) or not (slightly slower access), and therefore decide whether they had guessed correctly at one of the bits in the key.

With enough trials, they could gradually recover more and more bits of the key, to the point that they could then use other, existing attacks, albeit involving additional work based on data collected during the GoFetch stage, to figure out the entire key.


Update (2024-04-08): Damien Petrilli:

Still not a word from Apple since this issue was disclosed publicly.

Wednesday, April 3, 2024

Seven Years of APFS

Howard Oakley:

Although APFS has certainly had its moments over the last seven years, Apple’s gambles have paid off, and proved key to the success of Apple silicon Macs. Had there been no APFS, many of the fundamental technologies like Secure Boot and the Signed System Volume (SSV) would have been far tougher if not impossible to implement.


What has attracted almost no attention, though, is how APFS is designed to prolong the working life of SSDs by minimising the number of write/erase cycles. Although the user may be unable to realise the space efficiency achieved with the use of sparse and clone files, for instance, by reducing the number of storage blocks actually written in order to store files, with APFS each write/erase cycle should store unique data rather than needless copies or null data.

This is of little or no comfort to those condemned to use hard disks for storage, even if only for Time Machine backups. Although the great majority of APFS users’ devices will never be connected to a hard disk, for the small minority running it in macOS, they remain the medium of choice for backups and other bulk storage, and vulnerable to performance degradation resulting from fragmentation by the file system.


Although Apple dropped early hints that APFS might be released as open source, after seven years information about its internals released by Apple still appears to be insufficient to allow third-party developers to create maintenance tools independent of those bundled in macOS. This isn’t just about the potential for someone outside Apple to improve on the performance of fsck or Disk Utility, but also concerns features that Apple shows no sign of supporting.

For me, the biggest issues are:


A Disk So Full, It Couldn’t Be Restored

Glenn Fleishman (Mastodon):

Turned out, my kid had managed a neat trick, though they were not alone: they had filled macOS’s startup volume storage so full that the operating system was incapable of deleting files in any fashion. Instead of halting the massive Steam download when the drive became disastrously full, macOS continued to write files until there was just 41K free on the drive.


Due to our gigabit Internet connection and the size of the Steam file, macOS outstripped its ability to throttle filling storage because it was also making a local Time Machine snapshot.


It was time to restart to see if it would clear caches. Unfortunately, restarting left the Mac unable to start up at all. No matter what I tried, it would reach about halfway through the progress bar before failing.


I shifted to recoveryOS, Apple’s somewhat new name for the special disk partition in macOS that lets you run operations on the main startup volume while it’s not mounted, including Disk Utility repairs and reinstallation. From there, I hit the wall as well, as Terminal commands continued to fail with the same error.

He had to erase the Mac and ran into a Sonoma bug trying to restore from a network Time Machine backup.


Checking Bootable Systems Using bputil

Howard Oakley:

Apple gives the user control over the level of security to be used, in Startup Security Utility, in Recovery. For this to work with boot volume groups (BVGs), each must have its own set of boot security policies, determined by its LocalPolicy.

Without a valid LocalPolicy, Apple silicon Macs will refuse to boot from what would otherwise be a bootable BVG. This article extends my previous account of what makes a disk bootable by explaining more about LocalPolicy, and how you can use the command tool bputil to check it.


LocalPolicy is created when installing macOS to an external disk, when the boot volume group on that disk is assigned its Owner. It can also be created when selecting the boot volume group on a bootable external disk to be the startup disk, if it doesn’t already have a valid LocalPolicy, for example when you want to boot from an external disk previously created using another Mac. This is commonly the point at which failure occurs.


Apple’s Problem With Lina Khan

Matt Stoller (ArsTechnica):

As part of the claim outside of the smartphone, the Antitrust Division asserted that “Apple’s conduct extends beyond just monopoly profits and even affects the flow of speech. For example, Apple is rapidly expanding its role as a TV and movie producer and has exercised that role to control content.” Some economists mocked the suit, suggesting, among other things, that political power should have no role in analysis of how monopolies function.

A recent incident should have disabused us all of that naive illusion. Last night, Jon Stewart interviewed Federal Trade Commission Chair Lina Khan on the Daily Show. Stewart, after a long hiatus, which included a stint doing a podcast for Apple TV+, resumed hosting the show he made famous, even if only one night a week. During the interview with Khan, he said that Apple had blocked him from interviewing her while he was at Apple. “They literally said, please don’t talk to her,” he offered. Stewart also noted that Apple had told him not to do segments on artificial intelligence, adding to his earlier complaints about Apple’s refusal to sanction discussions of China.

Note that Stewart was trying to interview Khan for his podcast, not for his actual Apple TV+ show.


Tuesday, April 2, 2024

Switching From Xcode to Neovim

Wojciech Kulik:

To give you an idea what it means, here is a simple example. Let’s say you want to delete the current line in Xcode. You would probably use the mouse to select the line, then press cmd + x to cut it or backspace to delete it. In Neovim, you can do the same thing with just one command: dd.

Another example is let’s say deleting everything within the nearest brackets. In Xcode, you would have to manually select the text, while in Neovim you can do it with dib or cib if you want to start typing right away.

These are both pretty easy to do in Xcode. You can use Control-A, Control-K to delete the current line. And I assign Command-Shift-B to Xcode’s Balance command to select everything within the nearest brackets. It does not have editor macros, though.

You could have thought: “ok, but what’s the difference between Neovim and VSCode? It also offers thousands of plugins.”

The difference is that Neovim allows you to extend the environment without creating the whole plugin and the knowledge on how to do that. You just need to know the basics of Lua language (which is very easy to learn) and you can right away customize whatever you want directly in your config.


Update (2024-04-03): Timothy Perfitt:

i just discovered recently that xcode has a VIM mode as well. so you literally can do dd in xcode as well.

Where iPad Fits In

Matt Birchler:

Well, nearly 2 months later and it turns out the Vision Pro replaced precisely zero of my iPad use cases, and every day I find myself thinking, “sure would be nice if I had an iPad right now.”


The iPad is not a good replacement for a Mac or an iPhone for me, but damn it all if I didn’t enjoy having it around for some situations where neither of those devices were perfect. It’s cliche, but the iPad was the G.O.A.T. for doing stuff on the couch.


A Mac that could run on iPad hardware would be a dream for me, but that product doesn’t exist today.

Rowan Johnson:

It’s on these occasions that — like Matt — I miss my iPad. In fact, I would be incredibly reluctant to live without one in my life. Yet, the iPad still feels like it’s finding a place as far as work and productivity goes. So which is it? Is it an indispensable tool or is it a toy?


In theory, everything I’ve described above is possible to accomplish on an iPad. But MacOS is simply more reliable and capable. From obvious things, like the variety of software available on the Mac, to less visible things like the way MacOS handles app multitasking, I know that if I take my Mac on a job it will handle whatever gets thrown at it. I simply can’t say that same about my iPad.

iPadOS has a “death by a thousand cuts” issue, where all of the little things it can’t do results in the iPad being unreliable for anything particularly mission critical. On my iPad, if I start uploading a big video file to WeTransfer or in Safari, the system will almost certainly boot it from memory before it’s finished the upload unless I keep that Safari tab open in front of me the whole time.


But my iPad can be used as a teleprompter with the right accessory for my camera. It can be used for drawing sketches of my tech plans for live streams with an Apple Pencil. It can act as a monitor to allow a presenter to get Q&A questions from Slido, Zoom or Teams during a live stream; far more discretely than a laptop or computer monitor could.


In short, my iPad is a big iPhone, but with more room to breathe.

Via Eric Schwarz:

Despite my M2 MacBook Air being an excellent piece of hardware, I don’t love macOS in its current state as much as the earlier OS X days. It feels colder, unfriendlier, and in some ways like a bad iOS skin on top of older versions of Mac OS X—it does get used for all the heavy-lifting that is just too cumbersome on iPadOS.


Oregon Passes Right-to-Repair Law

Karl Bode (Hacker News, MacRumors):

Oregon has officially become the seventh state (behind New York, California, Massachusetts, Colorado, Maine, and Minnesota) to pass “right to repair” legislation, making it easier and more affordable for consumers to independently repair their own electronics.


But it also takes aim at “parts pairing,” or the practice of preventing you from replacing device parts without the approval of a company or its restrictive software. Apple, which routinely uses this practice to try and monopolize repair, lobbied extensively against the Oregon bill. As usual, under the (false) claim that eliminating parts pairing would put public safety and security at risk[…]

Nick Heer:

Quick note: the bill (PDF) specifically exempts restrictions on parts pairing related to battery safety in paragraph 3(f). Of course, Apple has made the same dire warnings for years in protest of right-to-repair legislation, and it is hard to know how seriously to take these claims. Oregon’s law does impose some new rules about the ways parts pairing can be used which appear to address some gaps in Apple’s repair policies.


AI and the Web Developer Job Market

Baldur Bjarnason:

We have the worst job environment for tech in over two decades and that’s with the “AI” bubble in full force. If that bubble pops hard before the job market recovers, the repercussions to the tech industry will likely eclipse the dot-com crash.


Not every CEO is predicting the end of programming as a profession. GitHub’s CEO instead thinks that programmers will be the primary beneficiaries of the introduction and improvement of LLM tools for coding.


This world-view assumes that the purpose of software development is the productive creation of successful, defect-free, software projects. LLMs would increase productivity.

The alternate world-view, one that I think is much more common among modern management, is that the purpose of software development is churn.

Via Kyle Hughes:

The overwhelming thing I agree with is: the observable disconnect between software quality and business outcomes is what is ripe for exploitation in the short-to-mid-term with LLMs. We don’t need to agree on the efficacy of LLMs to agree on this. If management could reduce quality and cost by an order of magnitude while maintaining or slightly sinking outcomes, wouldn’t they?

I think Apple platform developers are more likely to be caught off-guard by the viability of business success on top of bad software. I think we assume the success of iOS in particular is due to software quality but I have always suspected it was a secondary factor, if relevant at all. We could all collectively uphold that illusion because we were the self-selected people that cared and did the work. It’s hard to tell if it’s just our pet concern.


Monday, April 1, 2024

XPC Resources


XPC is the preferred inter-process communication (IPC) mechanism on Apple platforms. XPC has three APIs:

  • The high-level NSXPCConnection API, for Objective-C and Swift

  • The low-level Swift API, introduced with macOS 14

  • The low-level C API, which, while callable from all languages, works best with C-based languages

A great collection of links.

App Store Subscriptions and Family Sharing

Craig Hockenberry:

Your code and the App Store don’t agree about when a subscription expired. The cause of this is Apple’s StoreKit sample code. It’s likely that you have some code similar to line 246 of Store.swift:

subscriptionGroupStatus = try? await subscriptions.first?.subscription?.status.first?.state

That code will work fine until you encounter a customer that has Family Sharing enabled, as most do. The issue is that the Product.SubscriptionInfo can contain multiple items, and the code above only checks the first one.

How can that happen? With Family Sharing, the people who are using the subscription act independently: one may subscribe for a year and then cancel. Then another could subscribe at a later date for only a month. You have to check all of the subscriptions, not just the first one.

As he notes, it’s not documented that the sample code doesn’t support Family Sharing. And, even if you’re aware of this issue, there’s no reasonable way to test your code in Xcode, TestFlight, or even production.


Apple’s Immersive Video Problem

Jason Snell:

On Thursday Apple debuted its first immersive video since the Vision Pro launched, a five-minute-long compilation of highlights from the MLS Cup playoffs late last year.

Without even seeing the video, I had many questions. Why did it take more than three months to produce a highlight package? And why, when it finally arrived, was it only five minutes long? And what do those two facts suggest about how difficult it is for Apple to produce immersive video content on an ongoing basis?


Most of Apple’s initial immersive videos, launched with the Vision Pro, linger with long shots. Cuts happen, but only occasionally. The pace is such that when a cut occurs, there’s time to re-orient. You need time to immerse. Quick cuts in a regular video help speed up the action; in immersive video, they’re like hitting a speed bump.


xz Backdoor

Thomas Claburn:

Red Hat on Friday warned that a malicious backdoor found in the widely used data compression software library xz may be present in instances of Fedora Linux 40 and in the Fedora Rawhide developer distribution.

The IT giant said the malicious code, which appears to provide remote backdoor access via OpenSSH and systemd at least, is present in xz 5.6.0 and 5.6.1. The vulnerability has been designated CVE-2024-3094. It is rated 10 out of 10 in CVSS severity.

Dan Goodin (Hacker News):

xz Utils is nearly ubiquitous in Linux. It provides lossless data compression on virtually all Unix-like operating systems, including Linux. xz Utils provides critical functions for compressing and decompressing data during all kinds of operations. xz Utils also supports the legacy .lzma format, making this component even more crucial.

Andres Freund, a developer and engineer working on Microsoft’s PostgreSQL offerings, was recently troubleshooting performance problems a Debian system was experiencing with SSH, the most widely used protocol for remotely logging in to devices over the Internet. Specifically, SSH logins were consuming too many CPU cycles and were generating errors with valgrind, a utility for monitoring computer memory.

Through sheer luck and Freund’s careful eye, he eventually discovered the problems were the result of updates that had been made to xz Utils. On Friday, Freund took to the Open Source Security List to disclose the updates were the result of someone intentionally planting a backdoor in the compression software.


This code allowed someone in possession of a predetermined encryption key to log in to the backdoored system over SSH. From then on, that person would have the same level of control as any authorized administrator.

See also:


Plans to literally “hack the planet” foiled due to 500ms of latency that Andres instinctually investigated.

The latency was due how the malicious code parsed symbol tables in memory.

Amjad Masad:

You know that annoying person on your team who insists every bit of perf regression needs to be investigated. One day they will save the world.

Perry E. Metzger:

I’ve always thought that your CI and monitoring systems absolutely have to flag performance regressions and that you have to investigate them quickly, but I never thought of it as a security issue until now.

Rob Mensching:

Lots of analysis of the xz/liblzma vulnerability. Most skip over the first step of the attack:

0. The original maintainer burns out, and only the attacker offers to help (so the attacker inherits the trust of the project built by the maintainer).

Gynvael Coldwind (Hacker News):

Someone put a lot of effort for this to be pretty innocent looking and decently hidden. From binary test files used to store payload, to file carving, substitution ciphers, and an RC4 variant implemented in AWK all done with just standard command line tools. And all this in 3 stages of execution, and with an “extension” system to future-proof things and not have to change the binary test files again. I can’t help but wonder (as I’m sure is the rest of our security community) – if this was found by accident, how many things still remain undiscovered.

Rob Mensching (Hacker News):

This thread is a microcosm of the interactions in Open Source projects. Consumers make demands (some polite, some not-so-polite) of one maintainer (rarely two) that does everything.

Make no mistake. This is the way it works.

Glyph Lefkowitz:

For most maintainers, Tidelift pays a sub-hobbyist amount of money, and even setting it up (and GitHub Sponsors, etc) is a huge hassle. So even making the transition from “no income” to “a little bit of side-hustle income” may be prohibitively bureaucratic.


Specifically, every employer of software engineers should immediately institute the following benefits program: each software engineer should have a monthly discretionary budget of $50 to distribute to whatever open source dependency developers they want, in whatever way they see fit.


This sub-1% overhead to your staffing costs will massively de-risk the open source projects you use. By leaving the discretion up to your engineers, you will end up supporting those projects which are really struggling and which your executives won’t even hear about until they end up on the news.


The xz backdoor was the final part of a campaign that spanned two years of operations. These operations were predominantly HUMINT style agent operations. There was an approach that lasted months before the Jia Tan persona was well positioned to be given a trusted role.


Every intelligence agency in the world could run this campaign, design and execute these operations. There is a serious level of technical acumen on display as well, the Jia Tan persona has to be able to do the work and talk the talk, but the core of this campaign is HUMINT.


It is important to remember that Lasse is blameless in this. There is no individual, and very very few organisations, able to detect, let alone resist!, the directed interest of an intelligence agency.

Lukasz Olejnik:

We should… maybe… resist the temptation of portraying XZ as alleged evidence of underfunded OS. Could it rather be THE evidence that resisting orchestrated and well-organised and funded campaign is hard?

Saagar Jha:

The problem is that nobody can read all this code. That’s it. You can make the code 50% clearer or reduce the number of libraries loaded or increase auditing but there is so many orders of magnitude more code being written than is properly reviewed that this can’t be fixed

It makes me so sad because I want this to be fixed and I want to go “oh if we paid maintainers some money the problem would go away” but, like, it just doesn’t seem to work. There is just so much code. We are drowning in it. The complexity of our stacks is insane

Juliano Rizzo:

Jia Tan’s git commit to turn off Landlock sandboxing one week after Lasse Collin improved it.

Note the extra period.

Simple Nomad (Hacker News):

This xz backdoor thing reminds me of a story I heard from friends that worked at a tech company that made cell phones. They had a great coder that worked on the project, he had put in work as a contractor for a few months, and due to the quality of his work he was hired in full time. After two months he simply stopped showing up to the office.

An investigation turned up the following interesting items. His account had accessed all files including source code to all cellular projects - in that he had apparently downloaded a copy of everything. He had committed a large amount of contributions to the project he was assigned to. None of his paychecks were ever cashed. A wellness check to the house he had rented was performed and the house was completely empty.

Isaiah Carew:

xz is an inflection point. people are going to lose their collective shit.

the idea that instead of breaking 4096-bit keys with gigawats of compute, or infiltrating hardened machines with 1337 haxors…

just shotgun backdoors into 1000 libraries that everyone uses.

Feross Aboukhadijeh:

The xz package backdoor is just the tip of the iceberg.

There’s a CONSTANT low-level stream of malware and spyware being uploaded to npm, PyPI, and Go registries.

I want to share a few examples from the 20,000+ malicious packages we detected so far[…]


Update (2024-04-02): Russ Cox (via Hacker News):

This post is a detailed timeline that I have constructed of the social engineering aspect of the attack, which appears to date back to late 2021.

Mark Atwood:

The xz attack was not because it was open source. The attack failed because it was open source. The way this attack works for non-open source is the attacker spends 2 years getting an agent hired by contract software development vendor, they sneak it in, nobody finds out.


The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion dollar corporations expect free and urgent support from volunteers.

@Microsoft @MicrosoftTeams posted on a bug tracker full of volunteers that their issue is “high priority”

Update (2024-04-03): Russ Cox (Hacker News):

At a high level, the attack is split in two pieces: a shell script and an object file. There is an injection of shell code during configure, which injects the shell code into make. The shell code during make adds the object file to the build. This post examines the shell script.

See also:

Update (2024-04-08): blasty (via Hacker News):

the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.

John Gruber:

Another is that it was very subtle: the ultimate goal was a back door in OpenSSH but the attacker(s) put their code in a compression library that was sometimes a dependency for another library that was itself only sometimes a dependency of OpenSSH.

See also: Jordan Rose.

Update (2024-04-11): Oxide Computer Company (via Adam Leventhal):

Andres Freund joined Bryan and Adam to talk about his discovery of the xz backdoor. It’s an incredible story… so great to get into the details with Andres. We started by ranting about the coverage in the New York Times… coverage that explicitly refused to dig into the details! It’s all the more shocking because the big story here is how Andres’ penchant for digging into the details is what saved us all from what would have been a pervasive and damaging attack!

Bruce Schneier:

It’s impossible to count how many of these single points of failure are in our computer systems. And there’s no way to know how many of the unpaid and unappreciated maintainers of critical software libraries are vulnerable to pressure. (Again, don’t blame them. Blame the industry that is happy to exploit their unpaid labor.) Or how many more have accidentally created exploitable vulnerabilities. How many other coercion attempts are ongoing? A dozen? A hundred? It seems impossible that the XZ Utils operation was a unique instance.

Solutions are hard. Banning open source won’t work; it’s precisely because XZ Utils is open source that an engineer discovered the problem in time. Banning software libraries won’t work, either; modern software can’t function without them.