Archive for May 2024

Wednesday, May 29, 2024

App Store Apps Can Be Translocated

Howard Oakley:

This article demonstrates that the last of those isn’t necessarily true, and what happens when an App Store app ends up being translocated.

The combination of an App Store app with a quarantine xattr is a particular problem for users, as those apps are installed direct to their intended final destination, and their permissions discourage the user from trying to move them from there. That combination therefore defaults to satisfying all three requirements for app translocation to occur, which it will every time that app is run.

Without using Terminal’s command tools or third-party utilities like xattred and Mints, there’s no way for the user to discover whether an App Store app has a quarantine xattr, nor to check whether the app is being translocated. As (almost?) all other App Store apps don’t have a quarantine xattr and aren’t translocated, the user is unlikely to suspect those might be occurring, and could account for problems with that App Store app. In this case, purchasing and using the App Store version of UTM puts the app and its user at significant disadvantage compared to obtaining the app direct.

It’s not clear to me how the App Store download got the quarantine attribute. My guess was that this could happen if you do a direct download, don’t move it to /Applications, and then the App Store updates it to a newer version. In other words, the quarantined app becomes the App Store version. But that doesn’t seem to be what happened here.

Howard Oakley:

When you run an iOS/iPadOS app on an M1 Mac, if it has been downloaded from the App Store (currently the only supported method, as sideloading is forbidden), it doesn’t have a quarantine flag. Not only that, but app translocation has only occurred with apps undergoing their first run: once that flag has been unset, further translocations don’t occur. Thus, under the original rules for app translocation, there’s no way that it should occur in this case.

I’m going to look in more detail at how macOS launches and runs iOS/iPadOS apps in future articles, but here I’ll show some relevant log entries which demonstrate what happens, including the translocation.

John Smith:

iOS apps are translocated on macOS because of the possibility of spaces in app names (and in “Group Containers”). Some iOS apps expect GUID-based names and may not properly escape spaces, hence the translocation, whose name has no spaces.

Pico:

[Another]/related factor is that the user could rename the apps, which is something that isn’t allowed or accounted for when run on iOS.

Previously:

CloudKit Throttles and Debugging

TN3162:

The CloudKit infrastructure is shared by all apps and services. The resources are finite, and so high utilization from one app can negatively affect others. To avoid this kind of impact and optimize the overall experience, CloudKit implements a number of limits and controls on incoming traffic, which are known as throttles.

CloudKit can enforce throttles when it deems necessary on any app or service that uses the CloudKit framework, CloudKit Web Services, CloudKit JS, NSPersistentCloudKitContainer, and NSUbiquitousKeyValueStore. This technote discusses how to identify CloudKit throttles with representative error messages and how to handle them.

It does not actually say what the limits are.

Howard Oakley:

I came to suspect that iCloud imposed quotas on its use nearly six years ago, when I was exploring the only command tool that provides any useful information about iCloud, brctl. When examining one of its dumps, I came across an entry for syncUpBudget referring to BRCSyncBudgetThrottle, and another item global sync up budget giving the budget available. As with almost everything in brctl and iCloud generally, there appeared to be no documentation of these.

[…]

Devices can also apply their own local system throttles in some circumstances; for example, when the device’s battery runs low, its system may well throttle CloudKit requests until the device has been recharged to a specific battery level. Those shouldn’t affect the syncing of other devices, though.

[…]

Perhaps the worst approach the user could then try is one of the solutions most commonly recommended: turning iCloud off and back on again, as it has no effect on the retry interval, and could trigger further throttling.

Howard Oakley:

Apple has recently confirmed that CloudKit databases can be throttled, which effectively blocks all access to them for requests for a set period of time. This isn’t a limitation in transfer rate in the way that iCloud Drive might experience, but an intentional denial of service until the retry interval has elapsed.

[…]

Apple currently imposes limits on the number of items that can be stored in shared databases and elsewhere in iCloud. These are given here for Contacts, Calendars, Reminders, Bookmarks and Maps, here for mailboxes and message size, and here for Shared Albums.

Throttling, as described by Apple, doesn’t make any sense in the context of iCloud Drive, as CloudKit doesn’t manage that, and no app is making requests of CloudKit in the process.

But iCloud Drive is built on CloudKit, which as Apple says is shared infrastructure. It’s not clear to me whether CloudKit will throttle one app due to high utilization from another app or system service (iCloud Drive, iCloud Photos).

Howard Oakley:

Stages in transfers with iCloud Drive are subject to throttling, although throttles appear to occur infrequently and only last a few hundred milliseconds.

[…]

For transfer and storage in iCloud, files are divided into chunks of just over 15,350 bytes in size, although the maximum chunk size imposed by the system is either 28,455,742 bytes (28 MB), or a fixed maximum of 33,554,432 bytes (33 MB).

Some iCloud servers may impose a connection.max.requests of 100, although others are unlimited.

TN3163:

Under the hood, NSPersistentCloudKitContainer separates the synchronization process into many tasks, and encapsulates all the implementation details. When performing a task, it generates logs, which are persisted as a part of a sysdiagnose. To understand what really happens in the process, which is sometimes necessary when diagnosing a synchronization issue, you need to look into a sysdiagnose.

This technote unveils some details inside the synchronization by analyzing a sysdiagnose, and provides some representative logs that can be used to identify some important tasks and their state.

TN3164:

A synchronization failure can happen because of a code-level issue in your data presentation layer, a configuration issue related to CloudKit, or a limit on the system side. To debug a synchronization issue, look into the system logs in Xcode console or a sysdiagnose, then identify the relevant errors. This technote describes how to identify and resolve common errors seen in the logs when working with NSPersistentCloudKitContainer.

Nikhil Nigade:

Yay! New weird CloudKit situation: The background notifications get delivered to the device, but not to the app unless it’s restarted

John Gordon:

5 hours later and Photos.app is still stuck on “Syncing with iCloud”. I’ll let it run overnight but it’s not looking good.

Previously:

Can Anyone But a Tech Giant Build the Next Big Thing?

Jason Snell (Mastodon):

I’m sad about the Ai Pin because it—and a similar AI hardware product, the Rabbit R1—shows just how much potential innovation is strangled by the presence of enormously powerful tech companies, most notably the Android-iPhone duopoly.

[…]

The problem is that I’m dismissing the Ai Pin and looking forward to the Apple Watch specifically because of the control Apple has over its platforms. Yes, the company’s entire business model is based on tightly integrating its hardware and software, and it allows devices like the Apple Watch to exist. But that focus on tight integration comes at a cost (to everyone but Apple, anyway): Nobody else can have the access Apple has.

[…]

It seems like we’re at the point where even the most groundbreaking hardware device simply can’t succeed in a world where it’s unable to deeply integrate with either the iPhone or Android. (And really, in the U.S. especially, it would need to integrate with both.) This is why the Ai Pin and the Rabbit and similar products are not going to succeed. Instead, Apple and Google will integrate everything that the Ai Pin does into iOS and Android, and those will be the best-in-class implementations, and that’ll be it for Humane and anyone else who wants to create an AI-powered hardware dingus.

[…]

I’m not making a legal argument here. (Which is good, because I am not a lawyer.) I’m just observing that the smartphone has become so central to life that if your product can’t offer deep connections to the smartphone, you’re stuck.

This is what I said at the Ai Pin’s unveiling. It should have been an app, but what it wants to do is not allowed for third-party apps. Apple and Google will integrate best-in-class implementations, but they’ll be best in the sense that no one can do better, not that no one could do better.

Jeff Johnson:

Three companies control all of the consumer OS market share on both mobile and desktop. Microsoft was founded in 1975, Apple in 1976, Google in 1998. We’re in a period of terrible tech stagnation.

Also, Apple acquired NeXT and Google acquired Android. Those weren’t home-grown technologies.

Steve Troughton-Smith:

Some simple categories of apps that can’t realistically exist on the iOS/iPadOS/visionOS App Store off the top of my head[…]

[…]

Many of Apple’s apps, like Playgrounds, simply could not be built by any third party developer.

John Gruber:

I would argue, strenuously, that the phone is the natural AI device. It already has: always-on networking, cameras, a screen, microphones, and speakers. Everyone owns one and almost everyone takes theirs with them almost everywhere they go.

Sören:

I’ve been saying for a while that instead of “all phones should use USB-C” and “users should pick a web browser when setting up their phones”, “the Apple-Google duopoly must provide APIs that allow third parties to thrive” is the real thing the EU should’ve focused on.

For example, third-party headphones can’t integrate as well as AirPods, no matter how hard the vendor tries.

[…]

I’m still unconvinced it would be a good product. But I think Snell is right: Apple makes it so that Humane cannot make a good product.

Previously:

Tuesday, May 28, 2024

iPhones Pause Charging During Continuity Camera

Adam Engst:

Apple seems allergic to saying that an iPhone won’t charge with MagSafe during Continuity Camera. However, it may not charge over USB either. Several users in a Reddit conversation reported that their iPhones lost charge during Continuity Camera sessions, even while plugged in.

I suspect that Continuity Camera taxes the processor sufficiently that the iPhone heats up. (It’s always warm when I take it off the mount after a meeting.) Since MagSafe charging also causes the iPhone to get warm—warmer than USB-based charging—Apple’s battery optimization system may be putting charging on hold to protect the battery from thermal overload. Which is good, if unexpected in the moment.

The practical upshot is that if you use Continuity Camera, you should expect your iPhone’s battery to drop, potentially significantly.

Dynamic Swift Predicates in macOS 14 and iOS 17

Helge Heß:

The new Foundation/#Swiftlang Predicates (and its expressions) seem a little weird because they can’t be constructed dynamically?

Fly0strich:

However, when I try to use that method inside of a #Predicate closure, it gives an error saying that the method is not supported by this predicate.

Debbie Goldsmith:

If you want to construct a Predicate dynamically, you need to build it up from PredicateExpression pieces rather than use the #Predicate macro (similar to building an NSPredicate from NSExpression). Expand the macro in Xcode and you can see how the pieces are put together.

It’s a lot more complicated than NSPredicate due to the static typing, and there’s no way to convert between the two types if you’re using both Core Data and SwiftData.

Fatbobman:

NSCompoundPredicate allows developers to combine multiple NSPredicate objects into a single compound predicate. This mechanism is particularly suited for scenarios that require data filtering based on multiple criteria. However, in the new Foundation framework restructured with Swift, the direct functionality corresponding to NSCompoundPredicate is missing. This change poses a significant challenge for developers who wish to build applications using SwiftData. This article aims to explore how to dynamically construct complex predicates that meet the requirements of SwiftData, utilizing PredicateExpression, under the current technical conditions.

[…]

The issue lies in the expression property being of the type any StandardPredicateExpression<Bool>, which doesn’t contain sufficient information to identify the specific PredicateExpression implementation type. Since Conjunction requires the exact types of the left and right sub-expressions for initialization, we are unable to use the expression property directly to dynamically construct new combined expressions.

[…]

Although we cannot directly utilize the expression attribute of Swift Predicate, there are still alternative ways to achieve the goal of dynamically constructing predicates. The key lies in understanding how to extract or independently create expressions from existing predicates and utilize expression builders such as build_Conjunction or build_Disjunction to generate new predicate expressions.

Jeremy Schonfeld:

If you need to dynamically create a predicate while analyzing what should go into the predicate, you can do so by manually constructing the expression tree. Unfortunately, since this is a more advanced use case you wouldn't be able to use the macro to help here, but you could write something along the lines of the following[…]

[…]

In short, we create a list of the conditions that need to be met and build up the list based on which parameters are specified to the makePredicate function. We can then reduce this array into a single tree of conjunctions to ensure that all of the conditions are met. There are a few small hoops to jump through here in order to satisfy the type-checker with the use of generics such as the closure and separate buildConjunction function, but this allows you to just append to conditions for each new property rather than needing to work with a combinatorial explosion of conditions using the macro.

Noah Kamara:

CompoundPredicate aims to improve the Predicate system to enable combining multiple predicates after constructing them[…]

This looks like a huge improvement. It’s not clear to me whether there are still limitations compared with NSPredicate.

Fatbobman:

This new strategy abandons the previous reliance on a custom StandardPredicateExpression implementation, opting instead for a type-casting strategy that effectively concretizes the information of expression. This improvement means developers can avoid the cumbersome process of manually extracting and combining expressions.

[…]

This method enables the automatic acquisition of the exact type of expressions inside the Predicate during the predicate combination process, facilitating an automated and efficient combination of predicates.

Helge Heß:

You know how Foundation (in part to support SwiftData) now has the Predicate macro? Well, RealityKit has its own generic QueryPredicate And guess what, they don’t need a macro to build them, looks like overloading the operators || and && is fine there.

Debbie Goldsmith:

Operator overloads not only cause longer build times for Predicate, but for other uses of that operator.

But even with macros:

In this example, even minor code changes can cause the compilation time for this file to exceed 10 seconds. This delay can also occur when generating expressions using closures.

Andy Finnell:

Using generics to create SwiftData Predicates leads to crashy times.

[…]

FYI, I solved this by writing another macro.

This is my new mantra: code not working? You don't have enough macros.

Jeremy Schonfeld:

Since Predicate is both Codable and Sendable, it requires that everything the predicate captures (i.e. all instances captured by the closure) are also Codable and Sendable.

Previously:

Friday, May 24, 2024

Google’s AI Search and “Web” View

Ernie Smith (Hacker News):

Simply put, Google has started adding “AI overviews” to many of its search results, which essentially throw pre-processed answers that often do not match the original intent of the search. If you’re using Google to actually find websites rather than get answers, it $!@(&!@ sucks. Admittedly though, it’s not the first time Google has adulterated its results like a food manufacturer in the 19th century—knowledge panels have been around for years.

But in the midst of all this, Google quietly added something else to its results—a “Web” filter that presents what Google used to look like a decade ago, no extra junk. While Google made its AI-focused changes known on its biggest stage—during its Google I/O event—the Web filter was curiously announced on Twitter by Search Liaison Danny Sullivan.

[…]

Google does not make it easy, because its URLs seem extra-loaded with cruft these days, but by adding a URL parameter to your search—in this case, “udm=14”—you can get directly to the Web results in a search.

John Gruber:

Safari, uniquely amongst popular web browsers, doesn’t allow users to configure custom search engines. There are ways to get custom search engines in Safari using extensions — Kagi, my default search engine of choice since late 2022, does just this — but it’s kludgy. Why doesn’t Safari support adding custom search engines like every other browser does?

On the Mac, I initiate most web searches from LaunchBar, not Safari’s location field, and LaunchBar makes it trivial to add a custom search using this &udm=14 URL trick. Similar utilities like Alfred and Raycast do too. The downside compared to LaunchBar’s built-in Google search action (and Safari’s location field) is that a simple custom query URL doesn’t provide as-you-type suggested results.

Jeff Johnson:

Can you perform the trick with StopTheMadness Pro? Yes! Use the redirects feature.

John Gruber:

Expert users won’t need this site, but typical users might love it as their home page.

Kylie Robison:

Imagine this: you’ve carved out an evening to unwind and decide to make a homemade pizza. You assemble your pie, throw it in the oven, and are excited to start eating. But once you get ready to take a bite of your oily creation, you run into a problem — the cheese falls right off. Frustrated, you turn to Google for a solution.

“Add some glue,” Google answers. “Mix about 1/8 cup of Elmer’s glue in with the sauce. Non-toxic glue will work.”

So, yeah, don’t do that. As of writing this, though, that’s what Google’s new AI Overviews feature will tell you to do. The feature, while not triggered for every query, scans the web and drums up an AI-generated response. The answer received for the pizza glue query appears to be based on a comment from a user named “fucksmith” in a more than decade-old Reddit thread, and they’re clearly joking.

John Gruber:

We’re all rightly dunking on the Elmer’s Glue suggestion, but it’s just as wrong to suggest mixing cheese into the sauce. No one does that.

crumbler:

I thought AI Overviews would be disastrous but I never imagined they would be this funny

This answer apparently came from The Onion.

Matt Birchler:

What the AI responses have done for me is add more bullshit above the actual search results I want. Now I’m scrolling past the AI vomit at the top of the page, then past the ads, and then to the links that get me what I want. They’re pushing the valuable content lower and lower down the page, which is driving me nuts.

To their credit, sometimes the AI answers are useful, and they do a decent job of linking to the source that gave them the info that appeared in the AI vomit, but the hit rate is too low in my experience. Not to mention those answers take a few seconds to load, so I’m often scrolling down to the web results since they’re available instantly and I don’t have to wait to maybe get the right answer.

Previously:

Update (2024-05-28): Kylie Robison (Hacker News):

The messy rollout means Google is racing to manually disable AI Overviews for specific searches as various memes get posted, which is why users are seeing so many of them disappear shortly after being posted to social networks.

It’s an odd situation, since Google has been testing AI Overviews for a year now — the feature launched in beta in May 2023 as the Search Generative Experience — and CEO Sundar Pichai has said the company served over a billion queries in that time.

Maxwell Zeff (Hacker News):

In my experience, AI overviews are more often right than wrong. However, every wrong answer I get makes me question my entire experience on Google Search even more – I have to asses each answer carefully. Google notes that AI is “experimental” but they’ve opted everyone into this experiment by default.

[…]

What is clear is that Google felt pressured to put its money where its mouth is, and that means putting AI into Search. People are increasingly choosing ChatGPT, Perplexity, or other AI offerings as their main way to find information on the internet. Google views this race existentially, but it may have just jeopardized the Search experience by trying to catch up.

Update (2024-05-29): John Gruber:

LLM-powered search results are a bauble. The trust Google has built with users over the last 25 years is the most valuable asset the company owns. Google most certainly does have a choice, and they’ve chosen to erode that trust just so they can avoid accusations that they’re “behind”.

Redesigned Apple Developer Forums

Apple:

The Apple Developer Forums have been redesigned for WWDC24 to help developers connect with Apple experts, engineers, and each other to find answers and get advice.

Apple Developer Relations and Apple engineering are joining forces to field your questions and work to solve your technical issues. You’ll have access to an expanded knowledge base and enjoy quick response times — so you can get back to creating and enhancing your app or game. Plus, Apple Developer Program members now have priority access to expert advice on the forums.

I don’t understand what “priority access” means. Is this another way of saying that some sections (e.g. related to new stuff announced at WWDC) will be hidden if you aren’t logged in?

It seems like Apple keeps reskinning the forums, but the core problems remain. They’re really slow, the interface doesn’t work as well as Stack Overflow or Discourse, and most questions never get good answers, if any at all. With a few notable exceptions, Apple doesn’t seem to pay its engineers to hang out there and answer questions. Sometimes that happens for a little while during WWDC but then stops.

Craig Hockenberry:

So where is the switch to disable the help in the new Apple Developer Forums?

It’s a nice idea, but in a world where I use multiple browsers on multiple devices, it’s repetitive and intrusive.

It never remembers that I’m logged in, so I keep seeing the annoying, Apple ID–specific login sheet. It always suggests entering the password for my non-developer Apple ID and has no keyboard control to select the Use a different Apple ID button that doesn’t look like a button.

Previously:

Author:

Dave Verwer:

But what about my only request? Four years seems like a good amount of time to see if Apple employees are being encouraged and given time to participate. The good news is that plenty of Apple folks are active, made obvious by the little Apple badge added to any thread where they are talking. Taking a couple of popular categories, I found that ~30% of recent threads had Apple involvement. That’s much better than I expected, and those categories all had threads spanning more than two weeks, so it’s not just a flurry of activity related to the launch of this refresh.

Looking at reply and view counts on threads in those same categories, it appears they are not particularly well visited, and most threads only had two-digit view counts.

Fatbobman:

Historically, as an official platform of Apple, this forum has not achieved the desired levels of activity. Despite recent efforts by Apple to boost engagement through the introduction of a points system, the impact has been limited. For many developers, this forum is not the preferred choice for technical exchanges. Insufficient popularity, overly detailed categorization, a lack of a unique community atmosphere, and unappealing incentive mechanisms have all hindered the development of the forum. More importantly, the expected advantage of active participation by Apple engineers, a hallmark of an official forum, has not been fully realized.

In the new version of the forum, Apple engineers are now identified by a uniform symbol (an Apple logo on their avatar), replacing the previous method of signing their posts. However, this approach of answering under departmental identities has inadvertently increased the distance between engineers and developers, making the interactions less personal and lacking in emotional engagement, which is not conducive to fostering a welcoming forum atmosphere.

See also: Antonio Strijdom.

Update (2024-05-29): Craig Hockenberry:

I saw this half a dozen times yesterday and a few times today.

If you work on Developer Forums, or know someone who does, please make it stop.

(Also of note: developers have a pretty good understanding of how forum software works - we’ve used everything from phpBB to Stack Overflow. A single page summary of what’s different would be much more effective.)

Thursday, May 23, 2024

The Dark Age of Authentication

Sriram Karra and Christiaan Brand (via Hacker News):

We’ve received really positive feedback from our users, so today we’re making passkeys even more accessible by offering them as the default option across personal Google Accounts.

This means the next time you sign in to your account, you’ll start seeing prompts to create and use passkeys, simplifying your future sign-ins. It also means you’ll see the “Skip password when possible” option toggled on in your Google Account settings.

A lot of sites are doing this now, and they keep prompting me even after I opt out. Passkey pop-ups are the new GDPR cookie pop-ups.

In the meantime, we’ll continue encouraging the industry to make the pivot to passkeys — making passwords a rarity, and eventually obsolete.

dilippkumar:

The biggest mistake that the passkeys movement did is try to make it sound more marketable at the cost of oversimplification.

First up, these aren’t really “no password” mechanisms. They’re closer to ssh certificates. You need to authenticate through some other mechanism and then agree to do the equivalent of creating and installing ssh certificates on your device.

The ssh certificates get synchronized across your devices securely by your cloud provider. But they can never serve as the primary authentication mechanism - that will still have to be a traditional authentication mechanism.

J. Carlos Roldán (via Hacker News):

It’s no secret that authenticating into services is an unresolved topic. With time, we have managed to make them more secure, but that was at the expense of user experience. The new generation of mail codes and authenticator apps has moved us from the ease of one-click browser autocomplete to complex ordeals involving multiple steps and sometimes multiple devices.

Last month, I was logging into Notion after it automatically logged me out, and I couldn’t help but think “It feels like I’m logging in here every second week; maybe I’m doing something wrong.”

[…]

Notion is not alone in this; many other services enforce similarly short sessions and uncomfortable methods. This has me pondering the evolution of our authentication methods, from their ancient beginnings to modern complexities.

William Brown (via Hacker News):

At around 11pm last night my partner went to change our lounge room lights with our home light control system. When she tried to login, her account couldn’t be accessed. Her Apple Keychain had deleted the Passkey she was using on that site.

This is just the icing on a long trail of enshittification that has undermined Webauthn. I’m over it at this point, and I think it’s time to pour one out for Passkeys.

[…]

The more egregious offender is Android, which won’t even activate your security key if the website sends the set of options that are needed for Passkeys. This means the IDP gets to choose what device you enroll without your input. […] A sobering pair of reads are the Github Passkey Beta and Github Passkey threads. There are instances of users whose security keys are not able to be enrolled as the resident key slots are filled. Multiple users describe that Android can not create Passkeys due to platform bugs. Some devices need firmware resets to create Passkeys. Keys can be saved on the client but not the server leading to duplicate account presence and credentials that don’t work, or worse lead users to delete the real credentials.

The helplessness of users on these threads is obvious - and these are technical early adopters.

[…]

Apple Keychain has personally wiped out all my Passkeys on three separate occasions. There are external reports we have recieved of other users who’s Keychain Passkeys have been wiped just like mine.

Saagar Jha:

The biggest issue with passkeys is that I just can’t trust the companies offering them. They are locked into the platform for reasons that are ostensibly security but often indistinguishable from platform lock-in. If you make a passkey on an Apple device as far as I can tell it will never leave [your Apple devices and iCloud] and there is no way to change this. Of course this means you can never be phished for your credentials but if Apple decides to delete your key or you want to leave your iPhone behind, what are you supposed to do?

We’re coming up on two years since Apple introduced passkeys. This should have been addressed on day one. 1Password can’t import/export, either.

Matt Birchler:

Taking Apple’s passkey implementation as an example, it usually works well if you’re using 100% Safari and Apple devices signed into your iCloud account, but as soon as you step a single toe out of the perfect use case, it turns into a nightmare of authentication. As soon as a website throws up the QR code that I need to scan with my phone I want to scream.

[…]

At this point, sometimes it works, sometimes it doesn’t and you need to try again. I’m not saying where the blame lies in these situations where it fails, just that it does way more often than I’ve ever experienced with usernames and passwords.

[…]

I use 1Password and I have about 20 passkeys saved there. I’ve considered switching to Proton Pass, but there is no way to migrate passkeys from one service to another, so I’d lose my authentication to 20 sites if I did that. And this isn’t a 1Password thing, there’s no service that allows for importing or exporting passkeys as far as I know.

Miguel Arroz:

I think passkeys are a good idea, but I see two major problems with the implementations:

  1. Lack of control. I can’t export them, I can’t even find them anywhere on the OS. Supposedly they show up on the Passwords pane of System Settings (ironic since they’re supposed to replace passwords), but I can’t find some of the passkeys there I know I have.

    This needs to support exporting and a much better UI to help people inspect, organize and delete their passkeys.

    Overall, this feels like the modern trend of “simplifying” things by hiding them. This really makes everything more complicated. A good UI simplifies how people do things, they don’t hide and prevent people from doing those things.

  2. All sites I’ve seen so far that work with passkeys also require a password. This means I still have to keep a password manager, the passwords and I’m still exposed to every security concern regarding passwords.

    […]

    Something is not right when I only feel safe using a thing if I keep around something else said thing is supposed to replace.

    Someone on a thread said passkey marketing material only presents the optimistic case. What happens when everything goes right. The pessimist case (you lost all the devices, you got locked out of iCloud, etc) is never addressed. I do feel that. Many of the “what ifs” I think about aren’t addressed anywhere.

Previously:

Update (2024-05-24): Paulo Andrade:

Secrets does allow importing/exporting of passkeys. But no other app is able to import them 🤷‍♂️. I’m not entirely sure why other apps/keychain are skipping this feature. Seems too important not to have.

I get that they’re working on a more secure way to do this for passkeys, but Safari already lets you export unencrypted passwords and authenticator info, and I think that’s better than having no export at all.

Radu Ursache:

i really like passkeys. sure, i use 1password but i have no plans to leave them so the “platform lock-in” is not an issue. however considering most websites now have the username, password and 2fa fields on different pages, simply tapping 1 button to login again it’s amazing. it’s also as easy on mobile apps where password managers can’t fill every time.

sure, for the simple people it might be annoying but all tech is annoying at first for them so 🤷🏻‍♂️

If anything, I think passkeys make more sense for the “simple people.” The happy path where everything works is nice. And if you were already using Safari and putting all your password eggs in the iCloud Keychain basket, anyway, it should be no less reliable with passkeys. The main passkeys issues seem to be around less simple workflows and failure modes. So, contra William Brown, I’m not writing passkeys off for the mainstream.

Andrew Escobar:

I’m a passkey optimist, but appreciate the passkey skepticism @mjtsai has curated.

ednl:

It just never worked for me with Github despite an all-Apple setup. “You have a passkey for this website. Do you want to login using your passkey?” Yes, please. Always failed.

Melvin Gundlach:

GitHub has been extremely stable in that regard for me. I don’t even need to enter my username or email. Love it!

[…]

Funnily enough, today the PassKey login on GitHub stopped working in Desktop Safari (mobile still works) 🙈

See also: Jesse Squires.

Update (2024-05-28): See also: Mac Power Users Talk.

Update (2024-05-29): Jeff Johnson:

Ugh, how do I stop Safari from offering a passkey option?!?

I don’t have a passkey saved, and I don’t even have iCloud Keychain enabled, which is required for passkeys.

This is adding extra fucking steps to my login process. And of course App Store Connect demands that you login all the fucking time!

Wednesday, May 22, 2024

tvOS 17.5.1

Juli Clover:

According to Apple’s release notes, the update addresses a bug with the Photos app that could cause deleted images to reappear.

It’s really interesting that this bug also applies to tvOS, considering that, as far as I know, tvOS doesn’t let you directly add or delete photos. I guess the bug must be related to syncing with the cloud.

Previously:

Mac App Rejected for Web Site Link

Jonathan Deutsch:

My 1 bugfix update got rejected because I link to my website.

How are my fellow Mac app developers dealing with Apple’s last gasp crackdown at their anti-steering provisions?

Are you making entirely separate versions of your website? Are you using query args to change behavior?

I should mention that this rejection is disingenuous; “purchases(s) are immediately presented” isn’t quite accurate - there’s a link to our store page yes, but even that has a link to the Mac App Store. Apple sent over screen shot “evidence” but conveniently cropped this out.

Of course it was a bug fix update, and the link has probably been there forever.

There’s been a lot of news about iOS apps being rejected for links, and legal efforts challenging that, but I rarely hear about it happening for Mac apps.

Unlike, say, Spotify, this developer is not trying to get around Apple’s fees. Apple is going out of its way to be offended. It’s not clear what the solution is if you want to comply with this ridiculous rule.

Previously:

Is this about a general link out to your site? If so, fight that.

Jonathan Deutsch:

In my case, this is just opening a link to Hype’s main product page in the browser.

[…]

Even if I removed just this menu item, there’s other links in the purchase flow (like learning about pro vs standard, going to the professional product page, etc.) that I suspect they’d reject me for if they were upholding the same user-hostile logic.

Jonathan Deutsch:

I just submitted a solution where I add query args to the URL and if those exist my ‘buy now’ button will use an app url scheme to open the in-app’s payment page. We’ll see what they say (I don’t persist this across reloads and there’s plenty of other ways to get to our store).

The Man Who Killed Google Search

Edward Zitron (Hacker News):

In emails released as part of the Department of Justice’s antitrust case against Google, Dischler laid out several contributing factors — search query growth was “significantly behind forecast,” the “timing” of revenue launches was significantly behind, and a vague worry that “several advertiser-specific and sector weaknesses” existed in search.

[…]

The thread is a dark window into the world of growth-focused tech, where Thakur listed the multiple points of disconnection between the ads and search teams, discussing how the search team wasn’t able to finely optimize engagement on Google without “hacking engagement,” a term that means effectively tricking users into spending more time on a site, and that doing so would lead them to “abandon work on efficient journeys.” In one email, Fox adds that there was a “pretty big disconnect between what finance and ads want” and what search was doing.

When Gomes pushed back on the multiple requests for growth, Fox added that all three of them were responsible for search, that search was “the revenue engine of the company,” and that bartering with the ads and finance teams was potentially “the new reality of their jobs.”

[…]

A day later, Gomes emailed Fox and Thakur an email he intended to send to Raghavan. He led by saying he was “annoyed both personally and on behalf of the search team.” in a long email, he explained how one might increase engagement with Google Search, but specifically added that they could “increase queries quite easily in the short term in user negative ways,” like turning off spell correction, turning off ranking improvements, or placing refinements — effectively labels — all over the page, adding that it was “possible that there are trade offs here between different kinds of user negativity caused by engagement hacking,” and that he was “deeply deeply uncomfortable with this.” He also added that this was the reason he didn’t believe that queries were a good metric to measure search and that the best defense about the weakness of queries was to create “compelling user experiences that make users want to come back.”

John Gruber (Mastodon):

Long story short, Ben Gomes was a search guy who’d been at Google since 1999, before they even had any ads in search results. He was replaced by Prabhakar Raghavan, who previously was Head of Ads at the company. So instead of there being any sort of firewall between search and ads, search became a subsidiary of ads.

Irreal:

The story is an old and sad one. The founders have quit active involvement with the company and the first thing the “professional managers” did was to sideline anyone still carrying the torch of the founding principles. As one of the commenters put it, Google moved from being a search company to being an ad company.

Nick Heer:

This is not the same thing as what Gray claimed, even though it is along similar lines. Google allegedly sacrificed an update to its search engine which improved the quality of results for users because it was less profitable. This was done, according to these emails and documents, with cooperation between search and ads.

regw134:

I know a lot of the veteran engineers were upset when Ben Gomes got shunted off. Probably the bigger change, from what I’ve heard, was losing Amit Singhal who led Search until 2016. Amit fought against creeping complexity. There is a semi-famous internal document he wrote where he argued against the other search leads that Google should use less machine-learning, or at least contain it as much as possible, so that ranking stays debuggable and understandable by human search engineers. My impression is that since he left complexity exploded, with every team launching as many deep learning projects as they can (just like every other large tech company has).

The problem though, is the older systems had obvious problems, while the newer systems have hidden bugs and conceptual issues which often don’t show up in the metrics, and which compound over time as more complexity is layered on. For example: I found an off by 1 error deep in a formula from an old launch that has been reordering top results for 15% of queries since 2015.

Barry Schwartz:

Google sent me the following statements in response to this:

(1) On the March 2019 core update claim in the piece: This is baseless speculation. The March 2019 core update was designed to improve the quality of our search results, as all core updates are designed to do. It is incorrect to say it rolled back our quality or our anti-spam protections, which we’ve developed over many years and continue to improve upon.

(2) As we have stated definitively: the organic results you see in Search are not affected by our ads systems.

Edward Zitron:

Google can play semantics all it wants, but if changes were made to an algorithm that increased traffic to previously-suppressed sites, how does one interpret these changes as anything other than a rollback, especially when these sites were suppressed in previous updates?

The one party that could actually clear this up with meaningful data and thorough explanations is Google, and it has instead chosen to vaguely and unilaterally state that I was incorrect.

[…]

Furthermore, in another email revealed as part of the Department of Justice’s antitrust trial, where Jerry Dischler on 5/3/2019, Jerry Dischler asks Anil Sabharwal, then the Vice President and General Manager of Chrome on an email including Prabhakar Raghavan, Nick Fox, Ben Gomes, and several other Googlers, whether it was “worth reconsidering a rollback,” and that he didn’t want the message to be “we’re doing this thing because the Ads team needs revenue” in a sentence referring to the ads team asking the Search and Chrome teams to do stuff to increase revenue.

[…]

I found it peculiar that Google responded with unlinked and uncited testimonies “from the DOJ trial that puts these misleading claims in context.” I will now go through each quote.

Carl Hendy:

Remember why Google banned all those AdSense publishers for blurring the lines between ads and links?

The Luddite (via Hacker News):

This is not actually where the Apportionment Calculator lives, but instead, a link to what the site looked like last week, before Google made me make it worse on purpose to make money. It is common knowledge that Google is cluttering the internet with SEO blogspam ad-driven garbage; less known is how direct, and even banal, this causal relationship really is.

[…]

The unanimous conclusion was that Google wants you to have a lot of content before they will approve you [for AdSense], and more importantly, the quality of the content doesn’t really matter.

[…]

ChatGPT made us several blogposts, each more deranged than the last.

Nick Heer:

Both of those are claimed by Google as things I said were qualities of the 2017 base model iPad, but that is not the case for either. (The third phrase, “pretty great value”, is cited correctly in context.) I did not make a list of “pros and cons” anywhere in my review; neither word appears anywhere in its text. But most upsetting is that Google does not make it apparent anywhere on this results page that it is responsible for this description, not me.

Previously:

Tuesday, May 21, 2024

Windows Copilot+ AI Features

Microsoft (Hacker News, MacRumors, Ryan Jones):

Now with Recall, you can access virtually what you have seen or done on your PC in a way that feels like having photographic memory. Copilot+ PCs organize information like we do – based on relationships and associations unique to each of our individual experiences. This helps you remember things you may have forgotten so you can find what you’re looking for quickly and intuitively by simply using the cues you remember.

[…]

Combine your ink strokes with text prompts to generate new images in nearly real time with Cocreator. As you iterate, so does the artwork, helping you more easily refine, edit and evolve your ideas. Powerful diffusion-based algorithms optimize for the highest quality output over minimum steps to make it feel like you are creating alongside AI. Use the creativity slider to choose from a range of artwork from more literal to more expressive.

[…]

Live Captions now has live translations and will turn any audio that passes through your PC into a single, English-language caption experience, in real time on your screen across all your apps consistently. You can translate any live or pre-recorded audio in any app or video platform from over 40 languages into English subtitles instantly, automatically and even while you’re offline.

[…]

Eye contact teleprompter helps you maintain eye contact while reading your screen. New improvements to voice focus and portrait blur help ensure you’re always in focus.

[…]

Every Copilot+ PC comes with your personal powerful AI agent that is just a single tap away on keyboards with the new Copilot key. Copilot will now have the full application experience customers have been asking for in a streamlined, simple yet powerful and personal design. Copilot puts the most advanced AI models at your fingertips. In the coming weeks, get access to the latest models including GPT-4o from our partners at OpenAI, so you can have voice conversations that feel more natural.

Dare Obasanjo:

Recall reminds me of Stuff I’ve Seen, a 2003 Microsoft Research project to help solve the problem of finding content you’d previously seen. The big problem then was most stuff you saw was on websites not local files.

Recall uses screenshots to solve this.

Matt Birchler:

If you saw this feature and thought, “huh, that sure looks like Limitless,” you would be absolutely right. Just a few weeks ago I suggested Apple should buy Limitless and build it into macOS natively, but Microsoft beat them to the punch by just building it themselves.

It’s an absolute classic Sherlocking, but it totally makes sense. The second I saw Rewind 2 years ago I knew it was something cool, but that was exactly the sort of feature that only works for more people if it’s built by the OS provider. Microsoft is already dealing with privacy concerns with it, so you can only imagine how people feel about letting a VC-funded company they’ve never heard of record everything they do, even if it’s all local, all encrypted, and theoretically actually private in the way people want.

John Gruber:

Recall can “view” and remember everything that appears on screen because it’s integrated with the Windows 11 graphics system. That’s the sort of “AI feature” that truly benefits from being a first-party solution that can integrate at lower levels of the OS than third-party apps can.

Rui Carmo:

I’m a bit skeptical on the concept (even though I did use Windows 10 timeline a fair bit), but I find it rather telling that a key future Windows feature is tied to ARM processors (plus their NPUs, sure, but it’s a key sign that Intel lost the plot here).

Ben Thompson:

That celebration, though, is not because Windows is differentiating the rest of Microsoft, but because the rest of Microsoft is now differentiating Windows. Nadella’s focus on AI and the company’s massive investments in compute are the real drivers of the business, and, going forward, are real potential drivers of Windows.

[…]

Nadella, similarly, needed to break up Windows and end Ballmer’s dreams of vertical domination so that the company could build a horizontal services business that, a few years later, could actually make Windows into a differentiated operating system that might, for the first time in years, actually drive new customer acquisition.

Previously:

Update (2024-05-29): Nick Heer:

Recall is the kind of feature I have always wanted but I am not sure I would ever enable. Setting aside Microsoft’s recent high-profile security problems, it seems like there is a new risk in keeping track of everything you see on your computer — bank accounts, a list of passwords, messages, work documents and other things sent by a third-party which they expect to be confidential, credit card information — for a rolling three month window.

See also: Bruce Schneier and Ben Thompson.

Microsoft’s Copilot+ PCs

Tom Warren (MacRumors, Hacker News):

Over the past two years, Microsoft has worked in secret with all of its top laptop partners to ready a selection of Arm-powered Windows machines that will hit the market this summer. Known as Copilot Plus PCs, they’re meant to kick-start a generation of powerful, battery-efficient Windows laptops and lay the groundwork for an AI-powered future.

“You’re going to have the most powerful PC ever,” says Yusuf Mehdi, executive vice president and consumer chief marketing officer at Microsoft, during the briefing. “In fact, it’s going to outperform any device out there, including a MacBook Air with an M3 processor, by over 50 percent on sustained performance.”

[…]

One of the big advancements is an improved emulator called Prism, which Microsoft claims is as efficient as Apple’s Rosetta 2 translation layer and can emulate apps twice as fast as the previous generation of Windows on Arm devices.

[…]

Overall, Microsoft believes 87 percent of total app minutes spent on these Copilot Plus PCs will be inside native apps.

They also claim to have significantly better battery life.

Martin Pilkington:

The Snapdragon X Elite benchmarks are impressive, but when you realise it’s using 80W to slightly beat the M3 Pro which is using under 50W for the same benchmark (and both are matched by the M4 which is probably using much less than the Pro) I don’t think Apple it too worried.

Andrew Cunningham:

The Surface Laptop—referred to as the “7th edition” in its Microsoft Store URL but simply called the “Surface Laptop” most other places—is Microsoft’s first traditional laptop with an Arm chip. The laptop comes in both 13.8-inch and 15-inch sizes and starts at $1,000 for a 13.8-inch config with a Snapdragon X Plus chip, 16GB of RAM, and 256GB of storage. The cheapest 15-inch version is $1,300, but it includes a Snapdragon X Elite chip instead.

[…]

As for the Surface Pro tablet, this update to Microsoft’s flagship convertible is a lot closer to what Microsoft shipped a year and a half ago in the Surface Pro 9 and Surface Pro 9 with 5G. The new Surface Pro, called “11th edition” in its Microsoft Store URL but not in most other places, still weighs just a hair under 2 lbs, still has the same dimensions (and maintains compatibility with the same Slim Pen and keyboard covers), and still has a 13-inch screen. It starts at $1,000 for a version with a Snapdragon X Plus chip, 16GB of RAM, 256GB of storage, and an IPS LCD display; keyboards and pens are still add-on accessories.

Martin Pilkington:

Looking at the new Copilot + PC specs I hope they push Apple to move to a minimum of 16GB of RAM on M4 Macs (especially given how much more powerful the GPU and NPU are)

John Gruber:

Are any of today’s first batch of “Copilot+ PCs” fanless? If not, can any of them truly be said to have “taken aim” at the MacBook Air?

John Gruber:

I’ll go out on a limb and say that today marks the beginning of the end for x86. Either the x86 architecture has reached an inevitable endpoint, or Intel and AMD are just unable to compete talent-wise. (Or both.) But as of today the performance-per-watt gulf between ARM and Intel/x86 is no longer just an Apple silicon thing — it’s now a PC thing too.

[…]

The saddest part of the event were the cursory appearances — both by pre-recorded videos, despite it being an in-person event in Redmond — of Intel CEO Pat Gelsinger and AMD CEO Lisa Su. Their token appearances felt like Microsoft pretending they haven’t moved on from x86, during an event whose entire theme was, effectively, “moving on from x86”.

Previously:

Apple Updates Silently Enable iCloud Keychain

Jeff Johnson:

I’ve discovered today that unfortunately this issue—this bug, I would call it, though who knows whether Apple considers it a bug or “expected behavior”—still exists with the latest versions of macOS Ventura and Sonoma, 13.6.7 and 14.5 respectively.

[…]

The external drive had a macOS Ventura 13.6.7 boot volume with iCloud enabled but iCloud Keychain disabled. After updating the volume to macOS Sonoma 14.5, iCloud Keychain was enabled. (I then disabled iCloud Keychain, which actually caused System Settings to hang and eventually crash, but afterward iCloud Keychain did seem to be disabled.)

[…]

What I’d like to do is update from Ventura to Sonoma without an internet connection, giving Sonoma no chance to upload my passwords or other data to iCloud before I can disable iCloud Keychain.

[…]

You might wonder why I don’t sign out of iCloud before I update from Ventura to Sonoma. It turns out that there’s no point in that, due to another bug, “Signing out of iCloud and signing back in again forgets all of your previous iCloud settings” (FB12168173), which I also discovered last year.

Because installing macOS also re-enables Wi-Fi, his workaround was to turn off Wi-Fi after downloading the installer, delete his Wi-Fi password, and then install the update.

Mysk:

If you’ve never enabled iCloud Keychain and recently upgraded to iOS 17, chances are good that your passwords are now stored on Apple servers. As confirmed by many users, iOS 17 secretly turns iCloud Keychain on. This video shows the entire process step by step[…]

Previously:

Update (2024-05-28): See also: Hacker News.

Update (2024-05-29): Marcin Krzyzanowski:

I noticed my disk storage went drastically low and I started to check system, then I realized something ( #macos update???) enabled iCloud Photos synchronization to my Mac (that can take all the storage it get, and for that very reason I didn’t enable it on my mac)

Slack AI Privacy

Ashley Belanger (Hacker News):

After launching Slack AI in February, Slack appears to be digging its heels in, defending its vague policy that by default sucks up customers’ data—including messages, content, and files—to train Slack’s global AI models.

According to Slack engineer Aaron Maurer, Slack has explained in a blog that the Salesforce-owned chat service does not train its large language models (LLMs) on customer data. But Slack’s policy may need updating “to explain more carefully how these privacy principles play with Slack AI,” Maurer wrote on Threads, partly because the policy “was originally written about the search/recommendation work we’ve been doing for years prior to Slack AI.”

Maurer was responding to a Threads post from engineer and writer Gergely Orosz, who called for companies to opt out of data sharing until the policy is clarified, not by a blog, but in the actual policy language.

Gergely Orosz:

An ML engineer at Slack says they don’t use messages to train LLM models. My response is that the current terms allow them to do so. I’ll believe this is the policy when it’s in the policy.

Richard Speed:

Salesforce division Slack has responded to criticism by users outraged that its privacy principles allowed the messaging service to slurp customer data for AI training unless specifically told not to, claiming the data never leaves the platform and isn’t used to train “third party” models.

The app maker said its ML models were “platform level” for things like channel and emoji recommendations and search results, and it has now updated the principles “to better explain the relationship between customer data and generative AI in Slack.”

[…]

The privacy principles were overhauled in 2023 and contained the text: “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content and files) submitted to Slack.”

[…]

The principles have since been tweaked slightly, and now read: “To develop non-generative AI/ML models for features such as emoji and channel recommendations, our systems analyze Customer Data.”

Adam Engst:

If people actually read Slack’s privacy principles document instead of just reacting to an incorrectly titled link or an out-of-context screenshot on X/Twitter, they would see that Slack isn’t doing any of those things.

However, the “unambiguous sentences” that he quotes seem to be from the current privacy principles, not the May 17 version that sparked the outrage.

More seriously, there’s an important point to make here. Even as we rely ever more on gadgets and services, society has lost a great deal of trust in the tech industry. This controversy arose because the suggestion that Slack was doing something underhanded fit a lot of preconceived notions.

People didn’t want to give them the benefit of the doubt because their behavior played into preconceived notions and seemed sketchy. Their privacy document was antiquated (written to cover a previous AI feature) and not very clearly written. It gave examples of how the customer data might be used but didn’t specify limits. The document has no modification date or change history, with the overall privacy policy still showing a date of July 5, 2023. You had to opt out, and not via a visible setting—but by sending them an e-mail with a special subject. It’s all basically the opposite of what Steve Jobs recommended.

Update (2024-05-22): Adam Engst:

All that said, I still feel like Slack’s mistake in failing to update the document to be more clear wasn’t that bad. The subsequent changes Slack made show that even if the document wasn’t as clear as would be ideal, Slack wasn’t trying to put one over on us. Even in the problematic May 17 version, Slack said:

For any model that will be used broadly across all of our customers, we do not build or train these models in such a way that they could learn, memorise, or be able to reproduce some part of Customer Data.

Of course, because of the lack of trust many people have in the tech industry, even relatively clear statements like that don’t necessarily have the desired effect. “Sure,” one may think, “that’s what you say, but how do we know that’s true?”

And we don’t. There are many lapses, security breaches, and broken promises. But simultaneously, we have to trust the technology we use to a large extent because the only other option is to stop using it.

Monday, May 20, 2024

iOS 17.5.1 and iPadOS 17.5.1

Juli Clover (release notes, no security, no developer):

According to Apple’s release notes, the updates include a fix for an issue that could cause images to reappear in the Photos library even after being deleted.

Mysk:

MarketplaceKit updated in iOS 17.5.1. Now it returns a consistent client ID per device, but the ID is different from the one that was generated in iOS 17.4. So this will only impact customers who installed @altstore before iOS 17.5.1. But will it be reliable this time? 🤷‍♂️

Previously:

Safari Hover Link Preview Keyboard Shortcut

Jeff Johnson (Mastodon):

Pressing control-command-d (⌃⌘D) while hovering over a link in Safari opens a popup window containing a preview of the linked web page, just like pressing and holding down a link in Safari on iOS.

Apple does say that you can preview a link in a webpage in Safari on Mac with a Force Touch trackpad, but Apple’s support document doesn’t mention the keyboard shortcut. Typically, the control-command-d shortcut is used to show or hide the definition of the selected word, and indeed this works in Safari to show the Dictionary definition when hovering over non-link text. So the link preview behavior of the keyboard shortcut was a surprise, at least to me.

This was new to me, too. It doesn’t work on my main Mac, even with a safe boot, so I guess it’s controlled by an unknown setting that I somehow turned off. It does work on a Mac with a clean install of macOS.

Previously:

Swift FormatStyle Issues

Wade Tregaskis:

They’re terser than using their otherwise more powerful cousins the Formatters, as they support a “fluent” style of property-based access, which tends to read more naturally and usually avoids having to define variables to hold the formatter.

[…]

They almost always break Xcode’s auto-complete, which is a problem since their syntax is non-trivial and unintuitive.

They’re hard to understand – and to even find in Apple’s official documentation – because there’s so many protocols and indirection involved.

It’s particularly hard to tell where the inexplicable gaps are. e.g. Double doesn’t support ByteCountFormatStyle, even though logically it should and Xcode will sometimes auto-complete as if it does.

I haven’t used the new formatter API much because it isn’t available in the SDK that I’m targeting. I like that it’s terser and doesn’t require tracking a formatter instance. But it’s probably not terse enough that I would use it directly vs. via a more semantically named helper method. And I agree that it’s not actually that easy to use if you don’t already know what you’re doing.

Wade Tregaskis:

Alas, they don’t always work correctly; some of these formatters contain egregious bugs.

In particular, ByteCountFormatStyle pretends to support multiple numeric bases – decimal and binary – but it doesn’t[…] Note how it still uses decimal units, “kB”. Decimal is not binary. I mean, duh, right? But apparently Apple don’t know this.

NSByteCountFormatter behaves the same way. I don’t think it’s a bug so much as Apple deciding to never display binary prefixes even though it is intentional about calculating memory sizes as binary and file sizes as decimal.

Previously:

Sutskever and Leike Out at OpenAI

Sigal Samuel (tweet):

For months, OpenAI has been losing employees who care deeply about making sure AI is safe. Now, the company is positively hemorrhaging them.

Ilya Sutskever and Jan Leike announced their departures from OpenAI, the maker of ChatGPT, on Tuesday. They were the leaders of the company’s superalignment team — the team tasked with ensuring that AI stays aligned with the goals of its makers, rather than acting unpredictably and harming humanity.

[…]

Altman was fundraising with autocratic regimes like Saudi Arabia so he could spin up a new AI chip-making company, which would give him a huge supply of the coveted resources needed to build cutting-edge AI. That was alarming to safety-minded employees. If Altman truly cared about building and deploying AI in the safest way possible, why did he seem to be in a mad dash to accumulate as many chips as possible, which would only accelerate the technology?

[…]

For employees, all this led to a gradual “loss of belief that when OpenAI says it’s going to do something or says that it values something, that that is actually true,” a source with inside knowledge of the company told me.

I don’t think wanting access to chips is a bad sign, but it seems clear that the safety folks lost the power struggle within the company.

Greg Brockman and Sam Altman:

We’re really grateful to Jan for everything he’s done for OpenAI, and we know he’ll continue to contribute to the mission from outside. In light of the questions his departure has raised, we wanted to explain a bit about how we think about our overall strategy.

As many of the replies note, the words seem rather hollow and don’t really correspond with their actions.

Kelsey Piper:

But there was no stronger sign of OpenAI’s commitment to its mission than the prominent roles of people like Sutskever and Leike, technologists with a long history of commitment to safety and an apparently genuine willingness to ask OpenAI to change course if needed.

[…]

And it makes it clear that OpenAI’s concern with external oversight and transparency couldn’t have run all that deep. If you want external oversight and opportunities for the rest of the world to play a role in what you’re doing, making former employees sign extremely restrictive NDAs doesn’t exactly follow.

Altman claims that they didn’t actually mean to cancel the equity for employees who didn’t sign the exit NDA. It was just a mistake in the paperwork (via Ryan Jones, Hacker News).

Previously:

Update (2024-05-21): See also: Edward Zitron and Scott Aaronson.

Update (2024-05-24): See also: Nick Heer, Hacker News, John Gruber.

iOS 17.5 Resurfacing Deleted Photos

Juli Clover:

A Reddit user wiped an iPad following Apple’s guidelines in September of 2023 before selling it off to a friend. That friend updated the iPad to iPadOS 17.5 this week, and began seeing the Reddit user’s old photos reappearing in the Photos app.

That would be very concerning because it would imply that Apple is retaining deleted photos in the cloud. However, this particular Reddit post has since been deleted, and I haven’t seen any others making this claim.

I do continue to see reports that deleted, non-cloud photos are resurrected after installing iOS 17.5. That is also a serious bug, which I hope Apple will communicate about. It’s apparently fixed today in iOS 17.5.1, but Apple has not posted release notes of that yet.

Previously:

Update (2024-05-20): Juli Clover:

Images deleted as far back as 2010 were surfacing again, leading to confusion and worry over what was going on. Apple’s information today indicates that it was a database corruption issue, and iOS 17.5.1 should solve the problem.

Some details are still missing here. Presumably, the database was corrupted at the time of deletion, which is why the photos were left on disk. iOS 17.5 wasn’t the cause of the problem; it just revealed the failure that happened long ago. This implies that people who don’t (or can’t) update to iOS 17.5/17.5.1 may still be subject to the problem. It’s also not clear what the fix is. How does 17.5.1 detect which photos were meant to be deleted? If the database is corrupted, how does it do that without potentially losing photos that are meant to be there?

Is it confirmed that there is no cloud angle to this bug and that it doesn’t affect wiped devices?

Update (2024-05-21): _tysen:

I may or may not know somebody who is a Private Contractor @ Apple, and they may have or may not have given me an explanation on the current situation.

[…]

Now how are the deleted photos “reappearing” after being deleted? This is because almost every case of this incident happening which Apple has investigated has been caused by the photo(s) being deleted from the “Photos” app but NOT the “Files” app. They are two separate apps with two copies of the photos.

[…]

But due to a rare bug within iOS 17.5 the system attempts to re-save all photos/media/files from the “Files” app into the “Photos” app, this happens during the re-indexing process which happens when you update your iPhone. Since the “Photos” app can’t display files but it can display media/photos, it appears as your “deleted” photos have reappeared ALTHOUGH they have been on your iPhone the whole time in the “Files” app.

This doesn’t seem to be the full explanation because some people have reported the problem in relation to photos that are not in the Files app and indeed which predate the app’s existence.

Nick Heer:

I suppose even a “rare” bug would, at Apple’s scale, impact lots of people. I heard from multiple readers who said they, too, saw presumed deleted photos reappear.

The thing about these bare release notes — which are not yet on Apple’s support site — is how they do not really answer reasonable questions about what happened.

Apple did eventually publish the release notes, but they don’t answer the questions people have.

Adam Engst:

I don’t know if there’s an easy way to tell if you’re affected—I certainly couldn’t tell you if a few deleted photos reappeared in my library.

[…]

While the exact cause remains unknown, reports suggest Apple may have been attempting to fix a problem that caused photos to be lost if the iPhone crashed during upload and corrupted the database underneath the Photos library.

[…]

Is there any connection to iCloud Photos here? Some people who have experienced the bug do not use iCloud Photos, so it’s not required. However, it would be more troubling if deleted images were retained online instead of just locally.

What happens to the corrupted images after updating to iOS 17.5.1 and iPadOS 17.5.1? Are they kept or deleted?

Victoria Song:

It raises valid questions as to how Apple stores photo data and whether iPhone owners can truly trust that their deleted data is actually deleted. The Verge has reached out to Apple multiple times to comment publicly on the matter but has yet to receive a response. Doing so would at least shed light on why this bug happened, what’s been done to fix it, and what it’s doing to ensure that this won’t happen again.

[…]

If anything, Apple ought to comment simply because it markets itself as a company that cares about your privacy. It’s spent countless WWDC keynotes talking about software updates to keep your data encrypted so that not even Apple knows what’s going on on your phone. That you can trust its services because privacy is a fundamental, core tenet of its philosophy. Responsible disclosure and transparency are the hallmarks of a company that truly believes in protecting your privacy. Brushing things under the rug? Not so much.

See also: Lauren Goode (Hacker News).

Update (2024-05-22): The bug also affected tvOS. Since it’s now “fixed” everywhere, I suppose this is all we’re going to hear from Apple, but something about this story still doesn’t sit right with me.

Update (2024-05-24): Bill Toulas:

Analysts at Synactiv reverse-engineered the iOS 17.5.1 update that addressed the problem, examining the IPSW files and comparing the DYLD shared caches of the two versions to find changes.

[…]

Apple removed a routine in the function responsible for scanning and re-importing photos from the filesystem, which caused it to reindex old files on the local file system and add them back to people’s galleries.

[…]

“The reason why those files were there in the first place is unknown.”

Quentin Salingue (Saagar Jha):

The 17.5.1 update removed the scanning of the filesystem that was added in 17.5 to prevent deleted photos stored outside of the photo library to re-appear. According to our analysis, no code was added to purge the imported photos from the library as well as the “deleted” pictures lying on the filesystem.

John Gordon:

Am I wrong that Apple had a recovery fix for Photos.app images lost due to sync bugs but then rolled it back so now there is no fix?

Yes, either way it sounds like there will be orphaned photos left on the disk. Either they are images that should have been recovered or ones that should have been deleted, in some cases more than a decade go. The 17.5.1 update doesn’t fix this; it just returns us to the status quo ante.

Chance Miller (MacRumors):

One question many people had is how images from dates as far back as 2010 resurfaced because of this problem. After all, most people aren’t still using the same devices now as they were in 2010. Apple confirmed to me that iCloud Photos is not to be blamed for this. Instead, it all boils to the corrupt database entry that existed on the device’s file system itself.

According to Apple, the photos that did not fully delete from a user’s device were not synced to iCloud Photos. Those files were only on the device itself. However, the files could have persisted from one device to another when restoring from a backup, performing a device-to-device transfer, or when restoring from an iCloud Backup but not using iCloud Photos.

[…]

The company says that after a device has been completely erased using the steps below, all files and content are permanently deleted.

[…]

iOS 17.5.1 doesn’t automatically re-delete photos that reappeared after updating to iOS 17.5. If you were affected by this problem, you’ll need to go to the Photos app and manually delete those images.

I still think it’s unclear how tvOS was affected. How did the photos get on the Apple TV if not via iCloud Photos?

Dan Moren:

While it’s good that Apple has now (after several days of requests) clarified the issue, this does speak to a larger point: why is the company not more proactive in talking about these issues when they come up?

Stephen Hackett:

Now the company should address the recent issue with folks having their Apple IDs locked.

Previously:

Update (2024-05-28): Ezekiel Elin:

It’s possible that the database repair process was also present on tvOS and they removed it out of caution.

This whole thing seems relatively simple and I haven’t seen any concrete evidence it’s more complex than:

  • Database/file management bug in the past (maybe ongoing)
  • Repair process (probably implemented alongside fix to original bug) bringing back undeleted photos

Friday, May 17, 2024

SpamSieve 3.0.4

SpamSieve 3.0.4 is a maintenance release for my Mac e-mail spam filter.

In sending out the update notice to the SpamSieve mailing list, Amazon SES reported a huge number of bounces (almost 10x the normal percentage), primarily from EarthLink/MindSpring addresses. It’s not clear what’s going on here, but I suspect that the addresses are not all suddenly bad. Unfortunately, Sendy seems to want to permanently disable them.

Some interesting bugs were:

Previously:

Update (2024-05-22): I found that the bounced addresses were mostly ones that were added a long time ago, and after sending test messages to a sample of them I got no replies and lots of bounces. So I think they really are invalid, though it remains a mystery why they were all reported as such now, rather than with previous messages. Thanks to Ben at Sendy for for explaining that it’s possible to remove the bounce status in Sendy by deleting the addresses and reimporting them. It’s also possible to use Amazon SES’s suppression list to tell it to try certain addresses again, though this can be risky for your account if they really are bad. SES’s SMTP server is, of course, no good for manual testing because it will silently skip sending the message to addresses that are already on its global suppression list.

BBEdit 15.1

Bare Bones Software:

“ChatGPT Worksheets” are branching out; the renamed “AI Chat Worksheet” preferences provide settings to select alternative services. Included with the application are service models for ChatGPT, Claude, and Ollama.

[…]

Added a “Decompose Unicode” transformation.

Added a setting to the “Expert” settings panel list so that it only shows values that have been changed from their factory defaults.

[…]

BBEdit will now try to automatically guess JSON, so that if you paste some into an untitled document, you won’t have to remember to manually set the language if you want to use “Reformat Document” to pretty-print it.

I guess it’s time to retire my script for that.

Previously:

Git Tower 11.0 and 11.1

Bruno Brito:

In Tower, you can create a Commit Template from scratch easily by clicking the “+” button and filling out the “Template name”, “Commit Subject”, and “Detailed Description” fields. If you already have a preferred Commit Template file that you would like to use, you can also easily import the file by clicking the designated “Import” button.

[…]

When writing a commit message, click the “Commit template” button located next to the character counter. This button enables you to select the commit template you’d like to use.

You can also perform this action without switching away from the keyboard. Simply type t: or / in the “Commit Subject” field to open the list of available templates.

Jonas Treub:

Love the new @gittower icon. Brings some much needed character to the toolbar. And there is a fun dark mode version.

Version 11.1:

Commit Templates: A new preference setting allows you to hide the templates button in the commit subject field.

Previously:

Carbon Copy Cloner 7

Bombich Software:

CCC 7 focuses on helping you build a better backup strategy. Up to now we’ve given you the tools for creating backups, and of course CCC offered some coaching suggestions in the past, but largely has left the user to deal with some logistics that could be difficult for some people. CCC 7 introduces functionality that will not only tell you how to set up your backup correctly, but will do the more complicated parts for you.

As with many other apps recently, the price has increased: from $40 to $50. The flat $25 upgrade fee remains a bargain compared with the typical subscription I see.

Mike Bombich:

With just a couple clicks, you can get your new backup disk reformatted using the best filesystem for backups. The Setup Assistant works with existing backups too.

Disk Utility is a pain these days, so the less I need to rely on it the better. The CCC assistant also identified a few older backups that I had forgotten to update to APFS. It’s described more in the release notes.

CCC 7 introduces permanent snapshots, which not only allow you to add that context to a snapshot, but also allow you to flag it for permanent retention. We also added controls that allow you to limit total snapshot disk usage and maximum age so that multiple volumes on a given disk can share space more democratically.

There’s an interesting feature called the Snapshot Thinning Simulator, which lets you see which future snapshots will be retained.

The Snapshot Browser will compare the content of each snapshot against the current state of the backup. Enter a search term in the sidebar to find specific files in any of the snapshots, then see how the file differs in each snapshot.

[…]

Want to bring backups of files and photos from your iOS devices into your CCC backup ecosystem? Now you can! The CCC Dashboard includes a new CCC Diplomat tab where you can designate a volume for your mobile device backups. The Diplomat advertises a service on your local network to iOS devices that are running the CCC Mobile companion application.

I’m pleased to see this, since I think iOS needs more backup options, but I probably won’t use it at this time. The initial release is limited in that you can only do one backup (photos or a single folder) at a time, and there are no filtering options like with the Mac app. iOS doesn’t have a root folder, so each provider or app’s data would need to be done separately, selecting a different destination folder each time (which means enabling the menu bar icon). It backs up the data that’s on the phone without downloading cloud photos or files that are not resident. (The press release notes that the Mac version can do this, though it was added in a previous version.)

But the main problems are due to iOS limitations. Backups can take a long time, but you can’t schedule them to run unattended, and you have to keep the iOS app frontmost for the duration. What I really want is to be able to back up and restore data from individual apps, but most of my iOS apps store their files outside of the shared area that CCC and other apps can access. The bulk of the files that are accessible are in iCloud Photo Library or iCloud Drive, which I can already access and back up from my Mac. Still, I could see this being useful for people with more iOS-centric workflows who can’t keep everything in the cloud. The destination can also be an external drive or server if you don’t have your Mac with you. The iOS app costs $2.99 per destination type.

CCC’s next-generation file copier retains folder inode information, so now we can detect renamed folders and simply rename those folders on your APFS-formatted destination.

[…]

If snapshot support is enabled on your source volume, CCC will now create a snapshot on the source at the scheduled run time even if the destination is absent. CCC gives you complete control over these “local backups” – you can determine if snapshots should be kept on the source, and you can fine tune exactly how long they’re kept and how much space they’re allowed to consume.

This is great since local Time Machine is not really predictable enough to depend on.

Previously:

Thursday, May 16, 2024

Problems With App Store Bundles

Jeff Johnson:

The first thing I tried was to create yet another new Mac App Store bundle that included Link Unshortener, StopTheMadness, and StopTheMadness Pro. It took a number of days for Apple to review and approve the bundle, just like with the upgrade bundles, as I complained about in the previous blog post. At the end of the wait, there was no joy, because the customers did not see a discounted Complete My Bundle price with the new bundle either.

[…]

After weeks of back and forth — mostly waiting for responses from Apple — I think I’ve finally received confirmation of my greatest fear: Complete My Bundle prices are available only for previous purchasers of standalone apps, not for previous purchases of app bundles. I say “I think” because I haven’t been allowed to speak directly with Apple engineering. I had to go back and forth with an intermediary, an Apple Developer Support representative, who hasn’t personally demonstrated much of a grasp of the situation. The responses from Apple engineering have been terse, and it’s not entirely clear that they have a full grasp of the situation either, so I’ve been forced to play interpreter and guess at their meaning.

[…]

The conclusion, if my interpretation is correct, is that previously selling an app bundle for StopTheMadness and Link Unshortener ended up backfiring on me when I needed to sell an app bundle for StopTheMadness and StopTheMadness Pro. There’s no upgrade path for those customers.

[…]

I still believe that the upgrade app bundles were the least worst of my available options for StopTheMadness Pro. Adding an In-App Purchase to the old StopTheMadness app would not have been technically feasible, because there were massive architectural changes in StopTheMadness Pro, making it nearly impossible to release the functionality of those two apps in a single app. StopTheMadness Pro needed to be a brand new app. Moreover, it would be weird to have an IAP in an app that’s already paid upfront. This would make potential customers wary.

It’s really swimming against the App Store tide to eschew subscriptions.

Boris Yurkevich:

It’s 2024 and I think there are three massive things the App Store can still give us, these three signs will make a business of indie developers healthier and stronger. It will save us stress, and development time. It will make us more money we so desperately need.

So it’s 2024 and I want these three things.

  1. Free trials for paid upfront apps.
  2. Upgrade pricing for new major releases.
  3. Version management which would allow customers to install previously purchased releases of major versions.

Jeff Johnson (Mastodon):

I’ve discovered that starting in February, Apple mistakenly subtracts the price of the previously purchased app twice from the proceeds of a “Complete My Bundle” purchase, thereby causing me to take a loss on each such bundle purchase. This accounting change has cost me thousands of dollars over the past few months.

[…]

My trust in Apple is shaken. In the App Store, Apple has all the cards, handling all of the financial transactions with customers. App Store developers have no direct relationship with their customers. I’ve had little choice but to trust that Apple is paying me the amounts that I’m due. Yesterday I looked back at all of my proceeds since 2017 when I started doing business in the App Store, and it does appear that the amounts of Apple’s payments to me have pretty closely corresponded to the estimated proceeds in App Store Connect Trends (if you can trust those numbers) up until February 2024. Only the past few months have been problematic. Still, a corporation with the financial resources and financial responsibilities of Apple should not make such a fundamental accounting error. It’s inexcusable. And if “Complete My Bundle” purchases were not such a big portion of my current proceeds, I might have never discovered the error.

John Gruber:

Surely this is a bug, not an attempt by Apple to swindle developers. But, how surprised are you that this bug, left unfixed, works in Apple’s favor, not the other way around? If Apple were erroneously paying developers too much, rather than too little, I’m guessing it would be fixed already.

After Gruber and others helped publicize this issue, Johnson got a call from Apple stating that the bug was already fixed.

Previously:

Update (2024-05-29): Jeff Johnson:

Bad news, everyone!

Apple has ghosted me since that 2 minutes phone call, I’ve received 0 emails about the issue, and the Apple representative hasn’t responded to my follow-up phone inquiry, which went straight to voicemail.

Jeff Johnson:

Since last time I checked, my App Store proceeds payable June 6 have risen by thousands of dollars!

However, I still haven’t received any further communication from Apple since the 2 minute phone call 2 weeks ago.

Web-Only Apple Music Features

Apple:

Apple Music today announced the release of its 100 Best Albums of all time, a celebratory list of the greatest records ever made, crafted by Apple Music’s team of experts alongside a select group of artists, including Maren Morris, Pharrell Williams, J Balvin, Charli XCX, Mark Hoppus, Honey Dijon, and Nia Archives, as well as songwriters, producers, and industry professionals. The list is an editorial statement, fully independent of any streaming numbers on Apple Music — a love letter to the records that have shaped the world music lovers live and listen in.

Nick Heer:

Yet there is no exciting presentation of this list in Apple Music. There is a live radio broadcast — which cannot be found by searching, say, “100 best” or “top 100” — and the albums are shown in the featured boxes on the Browse tab, but there little else that I can find. To explore the list, you need to visit 100best.music.apple.com in a web browser, where each record gets a lovely write-up and explanation of why it is on the list. The same explanation appears in album descriptions. But, like the Replay feature, why is this not all within the app and on the web?

Previously:

Emoji History: The Missing Years

Matt Sephton (tweet):

During my research into vintage Japanese drawing software, I came across some devices that had built in sketch or handwritten memo functions. I bought a couple of them to see if they did anything cool or interesting. These sorts of devices are pre-internet, so there’s not much about them online, and they can’t be emulated, so the only way to find out what they do is to get first hand experience by reading the manual or, better, using one yourself. It’s difficult to find these devices in working condition, as most of them have screen polarisers that have gone bad over time, but if you’re lucky you can find one.

[…]

At this point, I couldn’t quite believe what I was seeing because I was under the impression that the first emoji were created by an anonymous designer at SoftBank in 1997, and the most famous emoji were created by Shigetaka Kurita at NTT DoCoMo in 1999. But the Sharp PI-4000 in my hands was released in 1994, and it was chock full of recognisable emoji. Then down the rabbit hole I fell. 🕳️🐇

Keith Broni (Hacker News):

In 2019 Emojipedia detailed a historic revelation: Docomo’s i-mode emojis from 20 years prior were not the first to exist. Now, in 2024, further digital excavations have led to the recreation of emoji designs that predate both Softbank’s 1997 emoji set and the ❤-enabled Pocket Bell pagers of 1995.

Delta’s 10-Year Journey to the Top of the App Store

David Pierce:

On this episode of The Vergecast, Testut joins the show to tell us the full Delta story. He describes his early attempts at building emulators, the first time he almost made it onto the App Store, the process of building the alternative app store AltStore, what it was like to watch regulators around the world take aim at Apple, and much more.

Amazingly, his GBA4iOS app got 10 million downloads outside the App Store more than a decade ago.

He then went to a WWDC lab and talked with Apple directly about how to get Delta into the App Store. He did exactly what they told him would be allowed, but after a year of work they changed their mind and rejected the app, anyway.

This year, he tried to get the AltStore PAL marketplace ready for day one with iOS 17.4, but Apple wasn’t prepared and held up the launch for over a month. They surely knew that Delta and emulators would be popular and so changed the guidelines to avoid the bad look of these apps being exclusive to the EU. They then approved a knock-off app based on Testut’s old open-source code before allowing Delta itself to be available.

Paulo Andrade:

It feels like App Review just likes to pick on me. I’ve been on the receiving end of silly rejections for way too many years. Be it for my own apps or for my employers. And the feeling like your powerless never goes away.

I’ve submitted a new app today, it got rejected 3 times for 3 completely different reasons. It was just approved. All the while I never uploaded a new binary. I just argued my way to approval and changed some metadata.

I’ve lost count how many times I’ve said to myself to switch to web apps. Just to avoid all the gate keeping.

With all the recent changes in the EU regarding alternative App Stores, I’m surprised many people focus on the money when I feel the most pressing issue with the App Store is their relation with devs.

Previously:

Wednesday, May 15, 2024

Shutting Down Facebook Workplace

Ingrid Lunden:

Facebook once had big ambitions to be a major player in enterprise communication and productivity, but today the social network’s parent company Meta will be closing a very significant chapter in that story. TechCrunch has learned that Meta is shuttering Workplace, a version of Facebook that had been built to enable communication among business teams and wider organizations.

[…]

According to a memo to Workplace customers, the company is is recommending Zoom-owned Workvivo as a migration-ready alternative.

Quentyn Kennemer:

TechCrunch reports that development slowed considerably after people returned to offices that had been empty due to the covid pandemic and after a number of key employees left. The shift popped the bubble for an increasingly crowded space for remote work tools. Stronger competition from Microsoft Teams, Google Workplace, and even new entrants like Zoom Workplace caused Meta to slow down after a decade of development.

Tanay Jaipuria:

Meta is discontinuing their enterprise offering Workplace, which per my estimates was a >$150M ARR business.

Just a reminder the scale big tech is at for business lines to be meaningful to them

John Carmack:

Well this sucks. I liked Workplace, both at Meta and currently at Keen.

I assume Meta will continue maintaining their internal version, rather than adopting the suggested commercial option, which may have similar downsides to their continued use of Mercurial vs Git.

Previously:

Update (2024-05-17): David Heinemeier Hansson:

The traditional wisdom goes that if you buy from a big company, you’re going to be safe. It may be more expensive, but big companies project an image of stability and reliability, so buying their wares is seen as the prudent choice. Except, it isn’t.

iOS 17.5 “Fixes” client_id But Breaks App Marketplaces

Mysk:

iPhone users in the EU: DO NOT delete your alternative marketplace apps

iOS 17.5 breaks alternative marketplace app re-installation. MarketplaceKit now generates a different client_id every time it is called. Now there’s no way for alternative marketplace developers to identify users who have already purchased the marketplace app.

Apple addressed a security issue we reported about the way MarketplaceKit handles client_id. The issue is fixed. But now developers are left with no option to identify installs and roughly estimate the Core Technology Fee (CTF) they owe Apple.

Tim Sweeney:

A couple months in, Apple has already broken a basic feature required by competing app stores. 😕

It’s probably only needed because of the Core Technology Fee, which Apple decided to impose.

Scott Miller:

It really seems like Apple is never gonna play nice and will always do whatever they can to sully the user experience with third-party stores. Competing stores will forever have to keep dealing with Apple making third-party stores a less-than-Apple-store experience.

Mysk:

Just installed @Setapp, a very promising alternative marketplace in the EU. BUT it’s unclear if such stores are going to survive a surge of undetected installs due to the lack of device identifiers.

Marketplaces might end up owing Apple loads of unexpected Core Technology Fee.

Previously:

Google Cloud Accidentally Deletes Customer’s Account

Richard Speed (via Hacker News):

Google’s Cloud CEO Thomas Kurian has weighed in on the UniSuper fiasco and confirmed that UniSuper’s Private Cloud subscription was accidentally deleted.

In a joint statement with UniSuper CEO Peter Chun, Kurian admitted that an “inadvertent misconfiguration” during the provisioning of UniSuper’s Private Cloud services resulted in the deletion of the subscription.

In a cascade of catastrophe familiar to anyone using duplication, the deletion of the account resulted in deletion across other regions.

Two weeks later, they are finally fully restored:

Restoring UniSuper’s Private Cloud instance has called for an incredible amount of focus, effort, and partnership between our teams to enable an extensive recovery of all the core systems. The dedication and collaboration between UniSuper and Google Cloud has led to an extensive recovery of our Private Cloud which includes hundreds of virtual machines, databases and applications.

UniSuper had backups in place with an additional service provider. These backups have minimised data loss, and significantly improved the ability of UniSuper and Google Cloud to complete the restoration.

auspiv:

The customer isn’t exactly small either - “UniSuper is an Australian superannuation fund that provides superannuation services to employees of Australia’s higher education and research sector. The fund has over 620,000 members and $120 billion in assets (funds under management and total member accounts at 7 July 2021).”

Previously:

VMware Fusion Pro 13 Free for Personal Use

Michael Potuck:

Following the acquisition, Broadcom’s VMware has announced today that Fusion Pro 13 and Workstation Pro 17 have been made free for personal use.

[…]

For commercial use, Broadcom has simplified the VMware options to a single product, which can be purchased through any “Broadcom Advantage” partner.

Michael Roy:

This means that everyday users who want a virtual lab on their Mac, Windows or Linux computer can do so for free simply by registering and downloading the latest build from the new download portal located at support.broadcom.com.

[…]

This simplification eliminates 40+ other SKUs and makes quoting and purchasing VMware Desktop Hypervisor apps, Fusion Pro and Workstation Pro, easier than ever.

Previously:

Tuesday, May 14, 2024

The State of iPadOS in 2024

Matthew Snyder (via Steve Troughton-Smith):

The iPad feels like it’s caught between being the best hardware Apple makes, alongside the most ignored software.

Steve Troughton-Smith:

Some of the iPad angst isn’t that we have to wait ‘till WWDC to see if the software is improved.

It’s that little birdies have strongly hinted to us not to expect iPad to really go anywhere from here, that Vision Pro has sucked up all the oxygen inside Apple.

That iPad never really had the resources to fulfill its promises, and much of what was there has now been diverted.

Federico Viticci (Mastodon, Hacker News):

My goal with this story was threefold. First, as I’ve said multiple times, I love my iPad and want the platform to get better. If you care about something or someone, sometimes you have to tell them what’s wrong in order to improve and find a new path forward. I hope this story can serve as a reference for those with the power to steer iPadOS in a different direction in the future.

Second, lately I’ve seen some people argue on Mastodon and Threads that folks who criticize iPadOS do so because their ultimate goal is to have macOS on iPads, and I wanted to clarify this misunderstanding. While I’m on the record as thinking that a hybrid macOS/iPadOS environment would be terrific (I know, because I use it), that is not the point. The reality is that, regardless of whether macOS runs on iPads or not, iPadOS is the ideal OS for touch interactions. But it still gets many basic computing features wrong, and there is plenty of low-hanging fruit for Apple to pick. We don’t need to talk about macOS to cover these issues.

[…]

Despite Apple’s promise of desktop-class apps a couple of years ago, the company’s actual implementation has been erratic at best, with an inconsistent delivery of Mac-like features that haven’t done much to raise the status of iPad apps.

[…]

Out of all the apps I’ve mentioned so far, I want to shine a spotlight on Files. It’s a bad product that needs a fundamental rethink from a design and performance perspective.

[…]

iPadOS needs to gain support for executing long-running, complex tasks in the background. […] As a result, not only have these limitations fostered an environment in which third-party developers are actively discouraged from bringing true desktop-class experiences to iPad, but existing iPad apps still largely feel like blown-up versions of their iPhone counterparts.

Steve Troughton-Smith (Mastodon, Federico Viticci):

Apps should be able to create long-running tasks, or persistent tasks, that can use meaningful resources in the background as sub-processes.

[…]

Virtualization isn’t the answer to all of iPad’s problems, but it provides a runway to let Apple take as long as it wants to evolve iPad’s software while ending the ‘can this replace my computer?’ angst. It also immediately justifies the iPad Pro pricing and strips away the pointless ‘them vs us’ divide between iPad users and Mac users. If a $3,000 Mac can run iPad apps, why can’t a $3,000 iPad do the inverse of this?

[…]

Stage Manager was such a missed opportunity: it tried to bolt-on a windowing model onto iPadOS without providing developers any way to optimize for it, and has had virtually no meaningful improvements in two years. What I really want to see are APIs.

[…]

Massively improve the reliability of the Files app infrastructure, including for third-party file services. I should never have to reboot my iPad because an SMB share isn’t connecting properly, or a file service is showing stale, cached data. I should be able to reliably copy large files off USB mass storage without random disconnects or corruption.

[…]

So much high-end iPad software ends up hiding its advanced functionality behind mystery-meat multi-finger gestures, when really what would be helpful is a persistent menu bar at the top of the screen.

Jason Snell:

I’ve been stunned to see some reactions to our criticism of iPadOS this past week suggest that, somehow, people like Federico and myself just don’t “get” the iPad. We’ve spent years using the iPad and pushing what it can do. We get it all too well.

Matt Birchler:

The more I think about it, the more I’m squarely in the camp of people who want iPad-like hardware that runs macOS, and I’m not sorry for saying it.

Ged Maheux:

I really must be an outlier. I use my iPad Pro for real work all the time. I don’t feel particularly hampered by iPadOS. There are times when I’d like to easily do some things my Mac can do but in general I’ve been super happy with the iPad and its software.

Previously:

Update (2024-05-16): Adam Tow:

As you can see, I’m still getting good use out of nearly all the iPads in the house, despite being reminded that buying tech is participating in planned obsolescence.

[…]

I would welcome the ability to have a windowing system that works with me rather than against me, along with system-level and app-level plug-ins to increase my productivity.

[…]

At the same time, I think of family members for whom a more complicated operating system on the iPad would leave them bewildered and confused. Multiple windows, background tasks, and file management are things they don’t want or at least want abstracted away from them. I’ve seen first-hand how they are tripped up by features like Split View, Slide Over, Stage Manager, Control Center, Home Screen widgets, Safari tabs, and various swiping gestures. For them, iPadOS needs to be even simpler and easier to use.

In order to be the most versatile device Apple has ever made, iPads need to cater to a broader category of people. It’s clear over the years that toeing this line between simplicity and power has been challenging for Apple. The company has to focus on multiple operating systems every year, and it can’t give its best to all of them. iPadOS has gotten the short end of the stick far more often than not.

See also: Mac Power Users.

Steve Troughton-Smith:

Having read and watched through all the iPad coverage, it really seems like a lot of people are aligned on the top items where iPad falls down

  • The Files app infrastructure
  • The too-restrictive audio system
  • Background processing
  • Multiple user support

“Just put macOS on it” is the fallback for most criticism, because it’s hard to articulate just why iPadOS doesn’t cut it. And the “Where’s the Calculator?” discourse isn’t about a calculator app, it’s about the missing apps of the core OS

Steve Troughton-Smith:

I know people like to think iPadOS ‘forked’ from iOS when it was renamed a few years back, but it really didn’t. If you install Xcode, both iPhone and iPad simulators run out of the exact same OS root. It’s the same set of apps, the same SpringBoard — it just decides which features you get at runtime based on screen size and a feature map. That’s not a fork; the name essentially means nothing.

Jeff Johnson:

All I want is for my Macs not to be iPadified.

Update (2024-05-17): Joe Rosensteel:

The iPad Pro doesn’t need to run macOS, but the answer to why an iPad Pro can’t do something a Mac can do, shouldn’t be to carry two kinds of computers with the same M-series chips, with the same RAM, with the same storage, and do different things on each.

Francisco Tolmasky:

The iPad would be 1000% better if I could just buy comics on the Kindle directly instead of having to go to the website. Too bad insisting on 30% is clearly more important than that. But, yes, let's pretend that all the iPad's issues are around whether or not it would be confusing to users if Final Cut Pro used the GPU in the background. Because not having any clue how to buy a comic book in the Kindle app isn't confusing at all. iPadOS: THE KING of usability.

Update (2024-05-21): Jack Wellborn:

I am not opposed to the idea and agree that virtualized macOS would serve as an “escape hatch” of sorts. Instead of physically fleeing to Mac hardware at the first sight of a complicated task, users could merely flee to macOS while using the same iPad hardware. I also think virtualized macOS is a way better idea than using macOS as a tablet OS because it would be a distinct mode where touchability isn’t expected.

That being said, I think supporting of virtualized macOS on iPads would only serve power users who are not necessarily pro users. While the two aren’t mutually exclusive — there are undoubtedly countless pro users on the Mac using things like Homebrew, Applescript, and all sorts of other utilities — I would wager most pro users aren’t power users. To them, the computer is merely a conduit to the apps required to do their job. To non-power users, pro or otherwise, virtualized macOS on iPad would be messy.

[…]

macOS can be information rich on 11 and 13-inch screens specifically because it doesn’t support touch. In theory, iPadOS could also become information rich at the expense of touch friendliness whenever a trackpad and keyboard are connected. Modern iPads already offer display scaling and it’s easy to imagine a future where this sort of scaling could change based on peripherals, orientation, and/or whether Stage Manager is enabled. While I don’t like the idea of diminishing touch in iPadOS, it would still be way better than running an entirely separate OS. Merely toggling scale modes when disconnecting an iPad would be way more elegant than suspending macOS running in a virtual machine.

Quinn Nelson:

The simplest tasks on iPadOS are either incredibly difficult and time-consuming, or they’re so unintuitive that even a 25-year Apple veteran can't figure them out. Frankly, neither reflects well on iPadOS.

Update (2024-05-29): Steve Troughton-Smith:

I could make this a long thread already just from using Files for 20 mins this morning 😛 File transfers failed for no reason, copying a group of files has a ‘calculating’ step that takes several minutes but copying them individually does not, folder contents disappeared periodically, the ‘This Folder is Empty’ placeholder UI doesn’t support dropping files into it, and more. It really is a miserable experience, and it makes it hard to trust that any file actually made it safely to the iPad at all

No Bounty for Kernel Vulnerability

Meysam Firouzi:

I reported CVE-2024-27804, an iOS/macOS kernel vulnerability that leads to the execution of arbitrary code with kernel privileges.

It’s fixed in iOS 17.5 and macOS 14.5, but Apple says it’s not eligible for the security bounty.

Via Hacker News and Jeff Johnson.

Previously:

Update (2024-05-15): See also: Reddit.

Update (2024-05-16): Meysam Firouzi:

seem Apple have concluded that the reported CVE is not exploitable and they are planning to update the description to accurately describe the issue as an unexpected system termination rather than arbitrary code execution, but for good faith they will reward me 1000$.thanks @Apple

Apple really did update the security notes to say “Impact: An app may be able to cause unexpected system termination.” Originally, the description was “Impact: An app may be able to execute arbitrary code with kernel privileges.”

Via John Gruber (Mastodon):

I would think Apple would want to err on the side of being liberal with bug bounty payouts, to encourage researchers to report as many as they can find.

Craig Hockenberry:

A not fun fact: I didn’t get a security bounty for a macOS release that was done specifically to address an issue I found.

The rational was that I disclosed the issue publicly. Which I did after reporting it in the beta releases, and after they said “we’re unable to identify an issue in your report”, AND AFTER THEY RELEASED THE FUCKING VULNERABILITY.

mmzeeman:

Sounds familiar. When I reported a small issue with the Sign in with Apple api they denied there was a problem when they reported back (took months). The thing was that they fixed the problem just before reporting back. 😮. But the introduced another bug. Now one of the boolean values was put in the signed response as the string “true” or “false”. Which potentially leaves implementation vulnerable. So I filed another report. At which their documentation was silently altered at some point. 🙀I never heard back from them.

Ezekiel Elin:

Apple claims the ability to start a remote screen share session by speaking over FaceTime when the receiver has voice control on is not a security risk so…

Criticism of Signal

Justin Ling:

Zimmermann was a hacker in the oldest sense of the word. In the preceding years, he had grown freaked out by a proposal, put forward by a still-not-young Joe Biden, to force internet companies to give the U.S. government access to their users’ communications.

Zimmermann knew it was do-or-die time. Either the internet would be a free and open thing, or it would be subject to American meddling and surveillance.

[…]

When I first emailed Zimmermann, using an encrypted email client that traces its lineage to PGP, he called me back within an hour: “Do you have Signal?” We moved our conversation to the encrypted app, also a direct descendant of PGP, quickly thereafter.

[…]

So imagine my surprise when, this week, I came across a thinly-written essay arguing that Signal had “a problem.” It had, the essay argued, been compromised by the American intelligence state. Not from the outside, but from the inside.

I’ve always assumed that it is, because it’s such an important target and the agencies are good at what they do. I haven’t seen any solid evidence (which is what you’d expect if the compromising were done well), but there have been scattered reports suggesting that conversations have been intercepted (though perhaps this was through the phone or the recipients). That said, it’s probably better than the alternatives, and most of us are not government-level targets. As far as I know, Edward Snowden still recommends it.

Matthew Connatser:

Telegram CEO Pavel Durov issued a scathing criticism of Signal, alleging the messaging service is not secure and has ties to US intelligence agencies.

There is no evidence Signal is hooked into the US government as described by Durov.

[…]

“The US government spent $3 million to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype,” the Telegram leader said. “It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference.”

The CEO also claims that users’ Signal messages have popped up in court cases or in the media, and implies that this has happened because the app’s encryption isn’t completely secure. However, Durov cites “important people I’ve spoken to” and doesn’t mention any specific instance of this happening.

Matthew Green (Hacker News):

First things first, Signal Protocol, the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.

[…]

One concern with open source code is that even if you review the open code, you don’t know that this code was used to build the app you download from the App Store. “Reproducible builds” let you build the code on your own computer and compare it to the downloaded code.

Signal has these for Android, and it’s a relatively simple process. Because Android is friendly to this. For various Apple-specific reasons this is shockingly hard to do on iOS. Mostly because apps are encrypted. (Apple should fix this.)

I want to give Telegram credit because they’ve tried to “hack” a solution for repro builds on iOS. But reading it shows how bad it is: you need a jailbroken (old) iPhone. And at the end you still can’t verify the whole app. Some files stay encrypted.

josephg (2021):

I spent a few hours trying to get a local build of signal-ios working a few weeks ago, in order to write a PR fix a bug with lost voice messages. The xcode project uses a plethora of device entitlements I’m not allowed to have (since I don’t have the proper signal signing key). Even after a couple hours of tweaking to get it building and deployed to my device, its currently crashing on startup because it can’t access some special signal local device store.

You can certainly get your own build working (without notifications and other features). But personally I found it prohibitively difficult to do so.

Previously:

Update (2024-05-15): Nadim Kobeissi:

Ways through which a complacent Board of Directors can harm Signal:

  • Approve the roll-out of usernames while still keeping phone numbers mandatory, thereby avoiding the elimination of a core metadata element,
  • Roadblock the integration of anonymity tech, such as @nymproject

It is possible to have trust issues towards Signal based on who @mer__edith appointed towards its board of directors (eg. Katherine Maher), while also agreeing that there is no evidence of “undisclosed vulnerabilities” in its source code. Lots of effort to shift the discourse.

When Katherine Maher’s appointment to the Signal board gained attention, Signal began pushing a narrative that Elon Musk is conspiring to push people from Signal to Telegram. But Elon hasn’t mentioned Telegram once, and this seems like an attempt to divert the narrative.

I was surprised to see this, but I did some searches and it really doesn’t seem like Musk has pushed Telegram at all, or even mentioned Twitter DMs much.

Update (2024-05-29): Mike Butcher (Hacker News):

I sat down with the president of Signal at VivaTech in Paris to go over the wide range of serious, grown-up issues society is facing, from disinformation, to who controls AI, to the encroaching surveillance state. In the course of our conversation, we delved into Signal’s interactions with Elon Musk and Telegram’s Pavel Durov[…] Among other things, Whittaker is concerned about the concentration of power in the five main social media platforms, especially in a year when the world faces a large number of general elections, not least in the U.S., and Europe’s reliance on U.S.-based, external tech giants.

Revamping Siri With iOS 18

Tripp Mickle, Brian X. Chen, and Cade Metz (MacRumors, Slashdot):

Apple’s top software executives decided early last year that Siri, the company’s virtual assistant, needed a brain transplant.

The decision came after the executives Craig Federighi and John Giannandrea spent weeks testing OpenAI’s new chatbot, ChatGPT. The product’s use of generative artificial intelligence, which can write poetry, create computer code and answer complex questions, made Siri look antiquated, said two people familiar with the company’s work, who didn’t have permission to speak publicly.

[…]

Apple is expected to show off its A.I. work at its annual developers conference on June 10 when it releases an improved Siri that is more conversational and versatile, according to three people familiar with the company’s work, who didn’t have permission to speak publicly. Siri’s underlying technology will include a new generative A.I. system that will allow it to chat rather than respond to questions one at a time.

The update to Siri is at the forefront of a broader effort to embrace generative A.I. across Apple’s business. The company is also increasing the memory in this year’s iPhones to support its new Siri capabilities.

John Gruber:

I don’t think there’s a single sentence of news in the entire thing.

I think the timeline for recognizing and incorporating generative AI is new.

Dave Mark:

Amazing to me that it took 3 wks of ChatGPT to convince Apple that Siri was “antiquated”.

Whole bunch of folks have been screaming this from the rooftops for years. 😐

SiriVid (2010):

Siri is a virtual personal assistant on your phone. You ask Siri in your own voice, and it helps you get things done when you're on the go. This video shows a demo of Siri helping plan a romantic evening, get tickets to a great movie, discover cool things to do on the weekend, and getting back home.

Via Adam Overholtzer:

Apple never delivered on the promise of Siri.

To be clear: the stuff in this Siri demo, which is from before they were acquired by Apple, never really worked. But Apple chose to abandon this vision and here we are 14 years later, with a Siri that still lacks many of the features shown in the video.

I maintain that the real problem with Siri is that the basics don’t work well. The purported the focus on conversation and generative AI gives the impression that they still don’t get this.

Previously:

Monday, May 13, 2024

watchOS 10.5

Juli Clover (release notes, security):

While watchOS 10.5 is primarily a bug fix update, it does introduce a new Pride watch face to go along with the Pride band that Apple introduced earlier in May.

Previously:

Xcode 15.4

Apple (direct download):

Xcode 15.4 supports simulating web distribution while running or testing your app.

[…]

Some Macs recently received a macOS system update which disabled the simulator runtimes used by Xcode, including the simulators for iOS, tvOS, watchOS, and visionOS. […] To resume using the simulator, please reboot your Mac. After rebooting, check Xcode Settings → Platforms to ensure that the simulator runtime you would like to use is still installed.

The download link was showing a 403 Forbidden error for much of the day but now seems to work.

I’m not seeing fixes mentioned for the issues reported with Xcode 15.3.

Previously:

Update (2024-05-15): Dave DeLong:

I pretty firmly believe that Swift’s tooling is an existential threat to the entire language. It’s so tightly coupled to Xcode, and what you get there is a mixed bag. Stale warnings persist for ages, which means newcomers can’t even trust that what they’re seeing is accurate. How is anyone supposed to learn?

The stale warnings still aren’t fixed in Xcode 15.4.

See also: 10 years on, what would you change about Swift?.

Steve Troughton-Smith:

The answer, which I’m sure you’re dying to know, is that the current version of Xcode and Swift 5.9 can compile an app for iOS 7.

The major caveat being no armv7 support — which means you can only build for 64-bit, so the only possible device this could ever run on is a non-upgraded iPhone 5s.

You also have to substitute in a bunch of arclite libraries into the SDK, which are trivial to find if you go looking

Drew McCormack:

Why is working with crashes in Xcode still so torturous? I am using vanilla everything from Xcode Cloud down. Completely standard. And yet crashes simply don’t show up, or show up in AppStoreConnect but not in Xcode, and when they do, they are not symbolicated. It’s pretty fundamental stuff.

Update (2024-05-17): Jesse Squires:

I guess no one who works at Apple has ever used git branches with Xcode and SwiftPM.

This 4 year old bug is still not fixed.

Matthias Gansrigler:

Interface Builder got very buggy in Xcode 15.4…

Update (2024-05-20): Rob Jonson:

Sometimes XCode likes to bring back old errors - little happy memories.
Sometimes the build fails - and you just need to build again.
Sometimes, you need to clean the Build Folder and build again.

Sometimes - Issues are real.

Annoying that you can’t easily tell the difference.

Special bonus - those fake errors also show up in the build log 🤪

Update (2024-05-29): Dave DeLong:

Today is one of those days where the state of Swift tooling is REALLY getting to me. Command-click is totally broken. There are no docs. The Swift forum threads I find are years out of date.

All I want is to wrap a C library in a swift package and include “./configure” as part of its build process. Apparently this is impossible, even though this is rudimentary stuff.

The Javascript ecosystem is looking MIGHTY APPEALING right now. I can’t believe we put up with this.

Update (2024-05-30): Adam Tow:

Apps built with Xcode 15.4 may have broken AppIntents (i.e. Shortcuts actions) when run on iOS 16 and iPadOS 16.

[…]

Found a workaround from Xcode 15.3 release notes[…]

macOS 14.5

Juli Clover (release notes, security, developer, enterprise, full installer, IPSW):

macOS Sonoma 14.5 adds a new word game for Apple News+ subscribers and allows for tracking stats and streaks of News+ games.

It’s not clear why this update also causes new FileVault recover keys to be generated.

See also: Mr. Macintosh and Howard Oakley.

Previously:

Update (2024-05-15): Francisco Tolmasky:

macOS is straight up rotting. It is absolutely nuts that this FileVault key re-generation thing has just gone unaddressed for a year. This isn’t about Apple News being a joke or drag and drop not working anywhere anymore. This is a potentially catastrophic data-loss bug that Apple has just decided is the new normal and just does not give one single shit about.

Update (2024-05-16): Norbert Noerner:

After downloading many gigabytes, macOS got stuck for more than HALF AN HOUR, doing some undisclosed “Preparing”.

This is just BS, I checked what happened, and a secret Apple tool named “UpdateBrainService” was slowly crunching away with a lousy 99% CPU. And that on one of the fastest Macs ever been built.

Really, #Apple, that is the best you can do?

And now, the Mac is crippled by dozens of “mdworker_shared” processes, because for EVERY SINGLE macOS update, as small as it is, Spotlight needs to reindex ALL DATA, slowing down macOS for many more hours.

[…]

And yes, the ugly and buggy “System Settings” in #macOS 14.5 still crash and hang all the time.

Update (2024-05-17): Juri Pakaste:

I’m having a really bad time with macOS 14.5. Apps (both Safari and third-party) and the screenshot tool routinely go into a state where they just beachball and/or refuse to start up. I’ve had to shut it down twice now the power button.

Nothing like this before the OS upgrade.

Simone Manganelli:

The FileVault key regeneration is that thing where it generates a new key but actually still keeps using the old one if you try to verify the new one in the Terminal? I experienced that with the macOS 14.4.1 update.

Howard Oakley:

It can do either, I’m afraid, hence the importance of checking the key.

Update (2024-05-20): Howard Oakley:

If you’ve been delaying updating Sonoma, or upgrading from any earlier version of macOS, version 14.5 looks the most stable and free from bugs.

One broad indicator of its quality is its rate of writing to the log, which determines how long entries in the log can be retained, as macOS thins log entries largely to maintain the size of its log files, rather than thinning purely by age. When running 14.4 and 14.4.1 on this ageing Intel iMac Pro, after a restart the log only retained entries for 8-12 hours, and that steadily fell over time, so that after a few days of constant running only 4-6 hours of entries were kept. This same iMac Pro has been running macOS 14.5 continuously for 6 days now, and still has log entries from nearly 2 days ago, a huge improvement implying a fall in the rate of writing entries to 25% or less.

[…]

One problem that has continued to occur in the Sonoma 14.5 update, just as it did in 14.4 and 14.4.1, is the provision of new FileVault Recovery Keys. This appears to be random, but only seems to affect those who have already opted to create a recovery key and not to use iCloud recovery.

Update (2024-05-23): Vítor:

I previously reported that 14.4 broke searching manual pages.

Happy to report this has been fixed in 14.5 (23F79).

macOS 13.6.7 and macOS 12.7.5

Apple (full installer):

This document describes the security content of macOS Ventura 13.6.7.

Apple (full installer):

This document describes the security content of macOS Monterey 12.7.5.

Previously:

iOS 17.5 and iPadOS 17.5

Juli Clover (release notes, security, developer):

There are new features for Apple News+, such as an offline mode, and tracking notifications are now available cross-platform for alerts about Bluetooth trackers regardless of platform.

Previously:

Update (2024-05-16): Juli Clover:

In this article, we’ve rounded up everything new in iOS 17.5.

Wes Davis:

Apple appears to have a bug that’s dredging up data that iPhone owners thought was gone. Some iPhone owners are reporting that, after updating their phones to iOS 17.5, their deleted photos — some quite old — are popping up again, according to a Reddit thread that MacRumors spotted. iOS beta testers had the same complaints about the bug last week.

[…]

The person who started the thread claimed that NSFW photos they had deleted “years ago” were back on their phone.

[…]

There’s a chance it’s not specific to photos, either, as one person posted on X that they saw old voicemails come back after the update. Several beta testers said the same thing about earlier iOS 17 betas. Whether the issue implies Apple is secretly holding onto old deleted data or it’s just a quirk of how iOS 17.5 handles that data, it’s not an ideal situation.

Marcin Krzyzanowski:

Google accidentally deletes. Apple accidentally restores old data. they should team to maintain the equilibrium

Previously:

Update (2024-05-17): Tim Hardwick:

More reports have been trickling in overnight. One said: “I had a random photo from a concert taken on my Canon camera reappear in my phone library, and it showed up as if it was added today.”

It’s not clear what’s happening, but given that some of the photos were apparently taken years ago, this cannot be an issue with recently deleted photos being undeleted. In Apple’s Photos app, deleted photos and videos are kept in the Recently Deleted album for 30 days, so that users can recover or permanently remove them from all devices.

The reports could be down to an indexing bug, photo library corruption, or a syncing issue between local devices and iCloud Photos.

Joe Rossignol:

Over the past few days, some iPhone users have said the “Allow Apps to Request to Track” toggle in the Settings app is suddenly grayed out on their devices.

tvOS 17.5

Juli Clover (release notes, security):

We did not find new features during the tvOS 17.5 beta testing process.

Previously:

audioOS 17.5

Juli Clover (release notes):

Apple does not specify what’s included in the HomePod 17.5 software, and the generic release notes only say that it brings stability and performance improvements.

Previously:

Friday, May 10, 2024

Black Camera.app Screen and Broken Shutter Button

YoungCraxy:

This is about to drive me crazy, whenever I capture a snapshot, when I press the camera, sometimes a black screen pops up and this doesn’t go away, I can’t shoot anything, I have to go in and out of the camera again.

There are two really annoying iOS camera bugs, which I’ve been meaning to write about for years:

Update (2024-05-20): Mike Rockwell:

Imagine this happening when you’re trying to capture a moment that is absolutely impossible to recreate. Like the birth of your child.

This did indeed happen yesterday with my son—not his birth, but a really cute moment that I missed capturing. And this was far from the first time.

Update (2024-05-28): I’m not sure what’s changed, but I had a lot more problems with the shutter button this last weekend, with it failing to respond around half the time. The buttons to change lenses often didn’t respond, either. The problem recurred soon after restarting the phone.

Swift Proposal: Objective-C Implementations in Swift

SE-0436 (via Becca Royal-Gordon):

Swift has always had a mechanism that allows Objective-C code to use Swift types: the @objc attribute. When a class is marked with @objc (or, more typically, inherits from an @objc or imported Objective-C class), Swift generates sufficient Objective-C metadata to allow it to be used through the Objective-C runtime, and prints a translated Objective-C declaration into a generated header file that can be imported into Objective-C code. The same goes for members of the class.

This feature works really well for mixed-language apps and project-internal frameworks, but it’s poorly suited to exposing private and especially public APIs to Objective-C.

[…]

We propose adding a new attribute, @implementation, which, when paired with an interop attribute like @objc, tells Swift that it is to implement a declaration it has imported from another language, rather than creating a new declaration and exporting it to that language.

Specifically, in this proposal, @objc @implementation allows a Swift extension to replace an Objective-C @implementation block. You write headers as normal for an Objective-C class, but instead of writing an @implementation in an Objective-C file, you write an @objc @implementation extension in a Swift file. You can even port an existing class’s implementation to Swift one category at a time without breaking backwards compatibility.

This has been a long time coming, and it seems like a great idea. This also makes it possible to implement a base class in Swift and then subclass it in Objective-C.

Steve Troughton-Smith:

No joke, @_objcImplementation has immediately become my favorite way to port ObjC classes to Swift bit by bit. I’m now using it in Pastel to push the last remaining bits of ObjC out of the codebase. It’s basically header-driven-Swift, which is kinda neat.

Previously:

Update (2024-05-30): Paul Samuels:

I had a case recently where I wanted to migrate an Objective-C class to Swift but as it was a large class. I wanted to go one method at a time to allow easier reviewing and to keep my sanity, whilst having each step still pass all unit tests. I quickly hit issues where it seemed like I would have to bite the bullet and just do it as a single large commit. Helpfully I saw a proposal to allow you to provide Objective-C implementations in Swift, which lead me to finding the _ version of the feature spelt @_objcImplementation that is perfect for my quick migration until the full implementation lands.

FDA Recalls Defective Insulin Pump App

Jess Weatherbed (Hacker News):

At least 224 people with diabetes have reported injuries linked to a defective iOS app that caused their insulin pumps to shut down prematurely, according to the US Food and Drug Administration (FDA).

On Wednesday, the agency announced that California-based medical device manufacturer Tandem Diabetes Care has issued a recall for version 2.7 of the iOS t:connect mobile app, which is used in conjunction with the company’s t:slim X2 insulin pump. Specifically, the recall relates to a software issue that can cause the app to repeatedly crash and relaunch, resulting in the pump’s battery being drained by excessive Bluetooth communication.

This is an interesting failure mode that was probably not contemplated when designing and testing the app. I also wonder to what extent quality control decreases as more and more products become subsumed by smartphones. When everything is an app that’s in theory easy to update, how carefully does anyone check that a given version is solid?

I’m also fascinated by the idea of FDA recalling an app. What does that even mean when the bug was already fixed back in March? They can’t remove the bad version of the app from the store shelves. Yet it took until May to essentially issue a government press release telling customers to update the app?

I wonder what effect that will have given that most iOS users probably already had automatic updates enabled or heard from the company itself more than a month ago.

Lastly, if ever there were a time that the release notes should accurately describe the benefits of an update, this was it. Yet all the App Store says for version 2.7.1 of the t:connect app is “Overall app performance updates.”

Mariella Moon:

If a pump shuts down without warning and before the user expects it to, it could lead to the under-delivery of insulin. As the FDA explained in its recall, that could result in hyperglycemia and even diabetic ketoacidosis, a life-threatening complication caused by the inability of the body to turn sugar into energy due to the lack of insulin. Tandem Diabetes Care, the company behind the app and the pump, sent all affected customers an emergency notice back in March. It advised them to update their app, to monitor their pump battery level closely and to carry backup insulin supplies.

Via Corentin Cras-Méneur:

We’ve been hit by the issue. The pump was draining really fast. It’s supposed to have been addressed in an update since but lately, the battery drain has been a bit faster than I would have expected…

Previously:

Apple Apologizes for iPad “Crush” Ad

Emma Roth (Hacker News):

Apple has apologized after a commercial meant to showcase its brand-new iPad Pro drew widespread criticism among the creative community. In a statement provided to Ad Age, Tor Myhren, Apple’s vice president of marketing, said the company “missed the mark.”

“Creativity is in our DNA at Apple, and it’s incredibly important to us to design products that empower creatives all over the world,” Myhren told Ad Age. “Our goal is to always celebrate the myriad of ways users express themselves and bring their ideas to life through iPad. We missed the mark with this video, and we’re sorry.”

[…]

The ad rubbed some creatives the wrong way. Hugh Grant called it a “destruction of human experience,” while Handmaid’s Tale director Reed Morano told Apple CEO Tim Cook to “read the room” in a post on X.

As I said, I didn’t care for the ad, and the replies to Tim Cook on Twitter were almost entirely negative, but I’m still surprised that Apple thought it necessary to apologize. I would have preferred an acknowledgment of the widespread Apple ID issue.

John Gruber (Mastodon):

Would this exact same commercial have evoked the same collective response in 2010? I’m going to say no, it would not have. What about in 2018? I’m going to say ... probably not? Something has changed. Part of it is that our culture has changed. I don’t think many people 10 or 15 years ago would have seen dissonance between Apple’s oft-professed sustainability ideals and a commercial celebrating the destruction of artistic tools and objects. And the bigger change is the recognition that computers are eating the world. In 2010 it was seen only as cool that computers were doing more and more stuff. Today there’s widespread uncomfortableness, perhaps outright concern, that the digital world is consuming the analog one. It plays differently today than a decade ago to emphasize that an iPad can replace a veritable truck-full of artistic tools and toys.

But part too is that Apple’s position in our culture has changed. They’re no longer, and never again will be, the upstart. They’re The Man now. They’re part of the firmament of our entire society, not just the tech world.

Andy Allen:

LG phone ad from 2008 (BBH London)

Uli Kusterer:

You’re telling me that not only did Apple decided to run this stupid “crushing it” commercial, they ripped off an old LG ad ???

See also:

Previously:

Update (2024-05-16): Ken Segall:

Apple has a long and illustrious history of great advertising. Only twice in the past forty years has it received a public shaming for an ad or campaign.

In the 1985 Super Bowl, the Lemmings ad insulted the very audience it was trying to win. During the 2012 Summer Olympics, the Genius campaign was savaged for being embarrassingly unfunny. (Even I couldn’t resist joining the attack on that one.)

[…]

When the 2012 Genius campaign was maligned far and wide, it was yanked off the air in a matter of days and simultaneously deleted from Apple’s website and YouTube Channel. Instead of an apology, there was a whitewash. Apple PR said that the campaign was scheduled to run for only a few days all along. Uh, right.

Crush is getting a different treatment. It was the beneficiary of a quick apology (good) and Apple has removed it from broadcast TV (good). However, the ad remains visible in all other media (not so good).

Elizabeth Lopatto:

The message many of us received was this: Apple, a trillion-dollar behemoth, will crush everything beautiful and human, everything that’s a pleasure to look at and touch, and all that will be left is a skinny glass and metal slab.

[…]

Apple has a habit of suggesting its older devices are obsolete by releasing new versions that change their shells and styling without altering what they do in any meaningful way. The point of this ad is not about the iPad’s creative uses — it’s that it’s skinny. That’s the big selling point: the skinniest ever. Apple was so focused on its exciting new marketing feature that it lost sight of what’s really important: the tools that make the things we love. 

Glenn Fleishman:

It just struck me what Apple got wrong with its “crushing ad.”

They thought we would identify with the iPad, not the creative instruments and materials.

Ben Thompson:

This is what I mean when I say that Apple’s iPad ad hit the mark: the reason why I think the ad resonated so deeply is that it captured something deep in the gestalt that actually has very little to do with trumpets or guitars or bottles of paint; rather, thanks to the Internet — particularly the smartphone-denominated Internet — everything is an app.

[…]

One thing I do credit Apple for is not trying to erase the ad from the Internet — it’s still posted on CEO Tim Cook’s X account — because I think it’s important not just as a marker of what has happened over the last several years, but also the choices facing us in the years ahead.

[…]

What is increasingly clear, though, is that Jobs’ prediction that future changes would be even more profound raise questions about the “bicycle for the mind” analogy itself: specifically, will AI be a bicycle that we control, or an unstoppable train to destinations unknown? To put it in the same terms as the ad, will human will and initiative be flattened, or expanded?

See also:

Samsung:

We would never crush creativity. #UnCrush

Thursday, May 9, 2024

Apple Platform Security Guide (May 2024)

Apple (PDF, via Ivan Krstić):

Unless otherwise noted, this documentation covers the following operating system versions: iOS 17.3, iPadOS 17.3, macOS 14.3, tvOS 17.3, and watchOS 10.3.

Apple:

Topics added:

I thought I must have missed last year’s update, but it looks like the previous revision was in December 2022.

Apple:

Certain instructions on ARM64, including but not limited to those described in Arm Architecture Registers for Future Architecture Technologies, may take a different amount of time to run depending on the data values on which they operate. Malicious code running on the device might use this property to infer information about the data the CPU processes, such as cryptographic keys, or other sensitive data.

Apple silicon provides data-independent timing (DIT), in which the processor completes certain instructions in a constant amount of time. With DIT enabled, the processor uses the longer, worst-case amount of time to complete the instruction, regardless of the input data. When you write software specifically to avoid leaking internal information and to run code in constant time, enabling DIT — and restricting your code to instructions that support DIT — before loading cryptographic key material, performing cryptographic operations, or processing sensitive data ensures the timing of specific instructions doesn’t reveal information about the data being processed.

Apple:

Should malware make its way onto a Mac, XProtect also includes technology to remediate infections. For example, it includes an engine that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates). This system removes malware upon receiving updated information, and it continues to periodically check for infections; however, XProtect doesn’t automatically restart the Mac. In addition, XProtect contains an advanced engine to detect unknown malware based on behavioral analysis. Information about malware detected by this engine, including what software was ultimately responsible for downloading it, is used to improve XProtect signatures and macOS security.

Via tsunekoh:

The latest Apple Platform Security documentation includes a description of XProtectBehaviorService.

Phil Stokes:

So Apple…what they don’t say there is that this behavior “service” just logs “information” back to Apple, doesn’t report what it finds to the user (so no investigation, triage or root cause analysis) nor does it actually block or remediate anything.

Previously:

Update (2024-05-10): Howard Oakley:

On the other hand, XProtectRemediator “continues to periodically check for infections” in background scans run every 24 hours or so. When it detects what it considers to be malicious software, it automatically tries to remove or ‘remediate’ it without informing the user, and “doesnʼt automatically reboot the Mac.”

This was made clearer with the recent release of XProtect Remediator version 132, which took a dislike to some of the optional components in Xcode. A recent amendment to Apple’s release notes for Xcode 15.3 makes it clear that XProtect Remediator’s false positive did change Xcode without informing the user in any way. The only indication that a remediation was taking place was an authentication dialog for the change to be made to the Xcode app, and there was no indication given to the user that this was part of any malware remediation.

Update (2024-05-15): Gui Rambo:

It looks like iPadOS running on M4 has a “Secure Exclave” running an “ExclaveOS” 👀 Where’s the updated Apple platform security PDF? 😅

Cuckoo Malware

Adam Kohler and Christopher Lopez:

The downloaded DMG contains an application bundle. Normally, macOS applications instruct the user to drag such apps into the /Applications folder. But in this case, it tells the user to right-click on it and click Open.

[…]

Looking into the upd file in the original bundle, we found that it is signed adhoc with no developer ID. This means that Gatekeeper will initially stop the app from running and require the user to manually allow it.

[…]

The application then creates a new copy of upd, renames it DumpMediaSpotifyMusicConverter, and places it in a hidden folder in the /Users directory. This is why it sometimes appears as upd and other times as DumpMediaSpotifyMusicConverter. The original upd will then use xattr -d com.apple.quarantine to remove the quarantine flag from itself and from the copy of DumpMediaSpotifyMusicConverter.

[…]

From here, upd uses osascript to ask the user for their password using the prompt “macOS needs to access System Settings.”

It sends data and even screen captures back to a server, muting the volume so the user doesn’t know a screenshot was being taken.

Root Privilege Escalation via diskutil

Eswar:

A new local privilege escalation vulnerability has been discovered in macOS which could allow any user to escalate their privileges to root by mounting filesystems using “diskutil” command line utility. This new vulnerability has been assigned with CVE-2023-42931 and the severity is yet to be categorized.

[…]

If a user has mount privileges on the macOS, then the user needs to find a file which has the following conditions.

  • Owned by root when mounted in “owners” mode;
  • Considered owned by myself when mounted in “noowners” mode;
  • Not protected by SIP.

[…]

After creating this suidshell binary, the next step would be to mount the targeted filesystem with the “noowners“ flag. Then the researcher proceeded to make the “.file” writable and copy the suidshell binary into the “.file”.

Apple fixed this late last year.

Previously:

Why In-App Purchases Don’t Work for the Enterprise

Caleb Basinger:

We don’t buy apps through the App Store. Rather, we purchase licenses in bulk—one for every employee or device—through Apple’s Apps and Books program, part of Apple Business Manager and Apple School Manager.

[…]

The only problem is that Apps and Books doesn’t support in-app purchases or in-app subscriptions. That means we can’t access the features we need with the licenses we buy that way.

[…]

Without altering your existing app on the App Store, you could use the same code-base to create a second, fully paid premium version of it that includes all the features we need. You could add this premium version to the App Store alongside the one you sell now that has in-app purchases. This would make your app available to us to purchase in the Apps and Books store in large quantities.

[…]

If you’re concerned about potentially confusing buyers by having two similar apps on the App Store with different purchase models, there is another way: Using the same development and App Store process, you could make a custom app available only to specific organizations within the Apps and Books program.

Via Luc Vandal:

It’s kinda odd that on one end Apple is pushing devs to move to a subscription model but on the other end, that model is incompatible with Apple Business Management so schools or businesses cannot purchase your app unless you create a “pro” or custom version, which is just another thing to worry about.

It’s like one hand doesn’t talk to the other at Apple.

At the same time, it’s not that surprising when you see how much the MAS lacks compared to its iOS counterpart.

I sometimes get requests from businesses or schools but I already have 3 binaries to worry about (Mac, iOS, visionOS). Having 6 would be a lot of additional work and I just can’t imagine getting rejected and having to deal with all this.

Craig Hockenberry:

Volume licenses are one of the main reasons we have a download of xScope on our website in addition to the Mac App Store.

But, of course, that’s not possible with iOS apps.

Yannik Bloscheck:

Without Apple Business Essentials, which even now after many years after its original release is still only available in the US, companies still can't even increase the default 5 GB iCloud storage for their managed Apple IDs. So Apple is even really hurting their own direct services revenue with all of this, but despite that they still haven't come around to improving it.

Previously:

Wednesday, May 8, 2024

Turning Off iOS 17 Contact Posters

Federico Viticci:

In iOS 17, you can create a contact poster, which is essentially a combination of a profile picture and artwork that will represent you when calling other people on the phone, FaceTime, and other apps compatible with the CallKit framework.

[…]

When a call comes in from one of my friends who’s created a contact poster on iOS 17, I like that I can see a little bit of their personality and taste in the poster they’ve chosen for themselves. Just like profile pictures before, you can choose to automatically share your poster with your contacts; you can either accept someone else’s poster or override it with your own poster for them.

A. Lee Bennett Jr.:

Getting REALLY pissed at this new Apple behavior of names and photos for a contact on MY phone getting changed to something set by the other person. I know I can revert it to what I had, but WHY THE #^€% do I have to revert it? I was fine with it asking me if I wanted the suggested new info, but leave my existing info alone!!! Besides, the contact photo I set for people is often far better than the low resolution crap or their kid, or stupid Memoji they send me.

I don’t like the way this feature was implemented:

See also:

Previously:

Update (2024-05-09): Kyle Howells:

The “iOS 17 Contact Posters” feature being on by default, and overriding what I have already set for my contact, on my phone, is an abomination that should never have been approved.

That feature makes me angry with how disrespectful and user hostile it is.

Update (2024-05-10): Tanner Bennett:

I have to pull out my iOS 14 iPhone 12 to change a contact photo without going through the poster nonsense.

I don’t even know if you CAN use the cool emoji contact picture creator anymore on iOS 17!

The other problem I have is that sometimes reverting the photo in Contacts does not fix it in Messages. One of my Messages conversations, which previously had a custom photo I took, now only shows the initials on a black background.

The Alternative Implementation Problem

Maxime Chevalier:

What I’ve concluded, based on experience, is that positioning your project as an alternative implementation of something is a losing proposition. It doesn’t matter how smart you are. It doesn’t matter how hard you work. The problem is, when you build an alternative implementation, you’ve made yourself subject to the whims of the canonical implementation. They have control over the direction of the project, and all you can do is try to keep up. In the case of JITted implementations of traditionally interpreted languages, there’s a bit of a weird dynamic, because it’s much faster to implement new features in an interpreter. The implementers of the canonical implementation may see you as competition they are trying to outrun. You may be stuck trying to ice skate uphill.

Almost 4 years ago, with support from Shopify, two dedicated colleagues and I started a project to build YJIT, yet another Ruby JIT. The difference is that we made the key choice to build YJIT not as an alternative implementation, but directly inside CRuby itself. This came with a number of design tradeoffs, but critically, YJIT could be 100% compatible with every CRuby feature from the start. YJIT is now the “official” Ruby JIT, and is deployed at Shopify, Discourse and GitHub among others. If you’ve visited github.com today, or any Shopify store, you’ve interacted with YJIT. We’ve had more success than any other Ruby JIT compiler so far, and compatibility has been key in achieving this.

See also: The Ruby on Rails Podcast.

Previously:

Shiny MacBook Keys

OSXDaily (tweet):

One of the worst things about the MacBook Air and MacBook Pro is the shiny key issue. If you’re unfamiliar, the image above demonstrates the beginning stages of the shiny key development on my otherwise beautiful six month old MacBook Air, visible mostly on the shift key, but “A” and “S” are also beginning to display the hallmark worn key shine.

The shiny keys are unmistakable, and the wear occurs after routine use of MacBook keyboards. For some users they develop within weeks(!) and for others it can take a year or more to appear, but it seems that virtually every MacBook user who types on their built-in keyboard will eventually experience the shiny keys issue.

[…]

There are also tons of forum posts and pictures about shiny keys, worn keys, polished keys, stained keys, people refer to them differently, but they’re appearingon Apple‘s own supportdiscussionforums, MacRumors Forums, myriadredditthreads, and elsewhere. And yes, it does happen with some third party keyboards and PC keyboards too, but we’re focusing on the world of Apple laptop keyboards here.

Jeff Gamet:

Know why you can’t clean the greasy spots off your compute keyboard? Because that isn’t grease. Lots of computer keys are made from ABS plastic, which is soft and cheaper than PBT plastic. Those shiny spots are where you polished the keys by typing.

Via John Gruber (Mastodon):

Those old keycaps clearly weren’t made from cheap ABS plastic. But in recent decades, Apple’s keyboard keycaps have been made from ABS plastic (or, at least, some sort of plastic that develops a greasy-looking shine through use). I’d love to see Apple fix this problem. Apple’s just not known for cheaping out on materials.

John Gruber:

Also, there was a discussion on ATP episode 562 back in November about keycap wear, and one of their listeners pointed out that ABS can be made transparent to let backlighting shine through, but PBT cannot. You can make PBT keycaps with clear (ABS-filled) cut-outs for the letters, but that would undoubtedly add cost and complexity. My beloved Apple Extended Keyboard II has no backlighting at all. It’s quite possible that this entirely explains why Apple sticks with ABS despite the shiny-when-worn factor.

There are two issues here. First, the polish, which is a shame if it’s due to the backlighting, since I never use it. Second, MacBook Pro and MacBook Air keys are more susceptible to showing actual grease (from natural skin oil, sunscreen, etc.) than desktop keyboards or even some of Apple’s older laptops, which had more matte keys. Either way, it looks gross, and I’d like Apple to improve this. My top priorities for the MacBook Pro, though, would be: smaller trackpad and/or better palm rejection, matte display, more USB ports, less sharp edge for the palm rest.

Previously:

Update (2024-05-20): Craig Grannell:

Apple’s desktop ones are no better. This is just from normal use. Left Option and Command keys are a state also. Just over two years old. (The right arrow key also pinged off one day and has never quite sat right since. Quality…)

Online Messaging Systems of Yesteryear

Jeremy Reimer (via Adam Engst):

PLATO was an educational system that began in 1960 and was nearing its fourth iteration. It was responsible for many computer firsts, such as the first flat-screen plasma display, which launched in 1972 with PLATO IV. These touch-enabled, 512×512 graphical displays looked like they came from the future. And while it couldn’t talk to ARPANET, every PLATO user at every terminal could communicate with each other all over the world.

[…]

CBBS was instantly popular and spawned dozens of imitators. Since long-distance charges applied for calls outside one’s hometown, local BBS sites bloomed in cities all over North America, Europe, and Japan. BBS systems at first delivered only text, which was fine since that’s all personal computers could offer. In later years, support for the ANSI standard added color and special characters like those found on the IBM PC and clones. But when you called a BBS, it didn’t matter what computer you had or what computer the BBS was running on. An IBM PC user could call up an Amiga-based BBS with no problems.

[…]

Meanwhile, ARPANET had merged with PRNET and SATNET in 1977 to form what was increasingly being called the “Internet.” Other networks joined in the fun, like the Unix to Unix Copy Protocol (UUCP) network, which was eventually renamed the Users’ Network, or simply Usenet.

[…]

The “Eternal September” arrived in 1993, when American On-Line (AOL), the most popular online service in the world at the time, with 1.25 million subscribers, added Usenet access. Along with an estimated 60,000 BBSes in the US alone, with an estimated 17 million users worldwide, a lot more people were getting online. But it was a mere foreshock of what was about to come.

AOL, CompuServe, Prodigy, and others also had their own communities, distinct from Usenet and the Web. It’s hard to believe given Ping and Apple’s other recent efforts, but eWorld was actually really good.

Previously:

Update (2024-05-22): Ron Amadeo (via Nick Heer):

Google Talk, Google’s first-ever instant messaging platform, launched on August 24, 2005. This company has been in the messaging business for 16 years, meaning Google has been making messaging clients for longer than some of its rivals have existed. But thanks to a decade and a half of nearly constant strategy changes, competing product launches, and internal sabotage, you can’t say Google has a dominant or even stable instant messaging platform today.

Tuesday, May 7, 2024

Apple M4

Apple (Hacker News, Slashdot):

Built using second-generation 3-nanometer technology, M4 is a system on a chip (SoC) that advances the industry-leading power efficiency of Apple silicon and enables the incredibly thin design of iPad Pro. It also features an entirely new display engine to drive the stunning precision, color, and brightness of the breakthrough Ultra Retina XDR display on iPad Pro. A new CPU has up to 10 cores, while the new 10-core GPU builds on the next-generation GPU architecture introduced in M3, and brings Dynamic Caching, hardware-accelerated ray tracing, and hardware-accelerated mesh shading to iPad for the first time. M4 has Apple’s fastest Neural Engine ever, capable of up to 38 trillion operations per second, which is faster than the neural processing unit of any AI PC today.

[…]

M4 has a new up-to-10-core CPU consisting of up to four performance cores and now six efficiency cores. The next-generation cores feature improved branch prediction, with wider decode and execution engines for the performance cores, and a deeper execution engine for the efficiency cores. And both types of cores also feature enhanced, next-generation ML accelerators.

M4 delivers up to 1.5x faster CPU performance over the powerful M2 in the previous iPad Pro.

[…]

M4 can deliver the same performance as M2 using just half the power. And compared with the latest PC chip in a thin and light laptop, M4 can deliver the same performance using just a fourth of the power.

Previously:

Update (2024-05-08): Jason Snell:

Why the M4 now? It mostly has to do with Apple shifting chip production at TSMC (the company that fabs Apple’s chips) from the first-generation 3nm process to a new, more efficient second-generation 3nm process. There’s a whole backstory about TSMC’s change in 3nm processes that’s not worth getting into here, but suffice it to say that the first-generation process is largely a dead end, and the company is moving to a new set of 3nm processes.

Scott:

As expected, the performance “gains” of the new M4 chip Apple is using in the new iPad Pros are mostly due to the N3e process. Apple advertises a “1.5x” speed gain: but they slyly compare the prior 8-core Pro M2 to the new 10-core Pro M4 (25% more performance cores, right off).

Update (2024-05-10): Omar Sohail (via Hacker News):

An early look at the M4’s performance did not deliver the best positive first impression because we believed that Apple lowered the clock speeds to achieve better efficiency. However, we are pleasantly surprised by the latest results, as Apple’s new SoC powering the 11-inch and 13-inch iPad Pro models runs circles around the M2, handily beats M3, and zips past the M3 Pro and Qualcomm’s Snapdragon X Elite, which are two chipsets occupying a higher performance bracket.

Mark Tyson (Hacker News):

Apple's M4 processors have become convincing leaders in the Geekbench single-core leaderboard. Several scores of roughly 3,800 points have appeared in the Geekbench online database over recent hours. This is significant as single-core benchmark scores of this magnitude put clear blue water between the M4 and Intel’s flagship Core i9-14900KS. A little Geekbench database checking shows that, in single-threaded tests, Apple's M4 outpaces Intel's power-hungry desktop champ by about 16%.

Juli Clover:

Apple said that the M4 delivers up to 1.5x faster CPU performance than the M2 in the prior-generation iPad Pro, which is accurate based on the benchmarks we’ve seen so far.

Update (2024-05-16): See also: Hacker News and MacRumors.

Update (2024-05-28): Omar Sohail (via Hacker News):

While some might attribute these performance gains to Apple switching to TSMC’s second-generation 3nm process for the M4, various findings reveal that the company has switched to the ARMv9 architecture with this release.

ribit:

They have not adopted ARMv9. This is still ARMv8, but with SME.

Final Cut Pro 2 and Logic Pro 2 for iPad

Apple (MacRumors, Hacker News):

Final Cut Pro for iPad 2 transforms iPad into a multicam production studio with Live Multicam, giving users the power to speed up their shoot by allowing them to connect and preview up to four cameras all at once, all in one place. To support Live Multicam, Final Cut Camera — an all-new video capture app — comes to iPhone and iPad, letting creators wirelessly connect and remotely direct each video angle with powerful pro controls. Final Cut Camera also works as a standalone professional video capture app on iPhone and iPad. External project support gives users the flexibility to edit projects directly from an external drive, leveraging the fast Thunderbolt connection of iPad Pro. Editing and finishing a project with Final Cut Pro on the new iPad Pro with the M4 chip is incredible, enabling users to color grade, apply multiple effects, and render graphically intense timelines even faster. Final Cut Pro for iPad 2 has even more customizable content for editing and creating unique projects, and leverages the advanced features of the all-new Apple Pencil Pro such as barrel roll and squeeze for Live Drawing.

[…]

On Mac, editors can take their professional workflow to the next level. Leveraging the Neural Engine in Apple silicon, new AI features and organizational tools come to Final Cut Pro 10.8. Available as a free update to existing users, Final Cut Pro 10.8 introduces Enhance Light and Color, offering the ability to improve color, color balance, contrast, and brightness in one simple step, and is optimized for SDR, HDR, RAW, and Log-encoded media. With Smooth Slo-Mo, frames of video are intelligently generated and blended together, providing the highest-quality movement and more drama to a project.

Apple (MacRumors):

Apple today unveiled the all-new Logic Pro for iPad 2 and Logic Pro for Mac 11, delivering breakthrough professional experiences for songwriting, beat-making, producing, and mixing. Powered by artificial intelligence, the new Logic Pro introduces incredible studio assistant features that augment the music-making process and provide artists help right when they need it — all while ensuring they maintain full creative control. These features include Session Players, which expand the popular Drummer capabilities in Logic Pro to include a new Bass Player and Keyboard Player; Stem Splitter, to extract and work with individual parts of a single audio recording; and ChromaGlow, to instantly add warmth to tracks.

Previously:

Update (2024-05-10): Joe Rosensteel:

I’ll be interested to see if they release a BTS video in a few days that shows us how much of this was Final Cut Pro for iPad. At what point did they export the project files on that one-way trip to the Mac? How much did they render on the iPad?

Functionally, they still don’t match the desktop counterparts feature for feature.

[…]

The Final Cut Pro for iPad project file format continues to be incapable of round-tripping between a Mac and back to an iPad.

Update (2024-05-16): Juli Clover:

Apple today released an updated version of Logic Pro, introducing all of the new features that were previewed last week.

Update (2024-05-29): Steve Troughton-Smith:

Final Cut Pro for iPad has a dozen export options that range from ‘awful’, to ‘awful, and low-resolution’. It’s surprising just how bad the 4K HEVC footage it creates is; there’s no control over bitrate or number of passes or anything. And there’s no Compressor app on iPad to queue up multiple exports. Big thumbs down — if you want good quality video, you basically have to send it to a Mac first

Apple Pencil Pro

Apple (MacRumors):

A new sensor in the barrel can sense a user’s squeeze, bringing up a tool palette to quickly switch tools, line weights, and colors, all without interrupting the creative process. A custom haptic engine delivers a light tap that provides confirmation when users squeeze, use double-tap, or snap to a Smart Shape for a remarkably intuitive experience. A gyroscope allows users to roll Apple Pencil Pro for precise control of the tool they’re using. Rotating the barrel changes the orientation of shaped pen and brush tools, just like pen and paper. And with Apple Pencil hover, users can visualize the exact orientation of a tool before making a mark.

With these advanced features, Apple Pencil Pro allows users to bring their ideas to life in entirely new ways, and developers can also create their own custom interactions. Apple Pencil Pro brings support for Find My for the first time to Apple Pencil, helping users locate Apple Pencil Pro if misplaced. It pairs, charges, and is stored on the side of iPad Pro through a new magnetic interface.

This is really cool. I kind of wish Apple were doing more with Mac input devices. Magic Mouse could use more buttons and smarter gestures. I really liked using a stylus with a Wacom tablet back in the day.

Previously:

Update (2024-05-08): Joe Rossignol:

Priced at $129, the Apple Pencil Pro is only compatible with the new iPad Pro and iPad Air models announced this week. The first-generation Apple Pencil, second-generation Apple Pencil, and lower-cost Apple Pencil with a USB-C port all remain available, making the Apple Pencil lineup more complex than ever for the time being.

Update (2024-05-10): Juli Clover:

There are some major changes that were introduced with the new accessory, including new gestures and capabilities.

Kirk McElhearn:

Apple now sells four different Apple Pencil models. It can be confusing to figure out which one works with your iPad. In this article, we will help you choose the right Apple Pencil for your iPad.

Steve Troughton-Smith:

There are some new docs from Apple to go with the new features enabled by Apple Pencil Pro — they’re well-written, and they have workable sample snippets with a SwiftUI/UIKit toggle.

Update (2024-05-17): Nick Heer:

In a video on Threads, Quinn Nelson shows how the Apple Pencil casts a tool-specific faux shadow on the surface of the page. I love this sort of thing — a detail like this that, once you notice it, brings a little joy to whatever you are doing, whether that is creating art or just taking notes.

iPad Pro (M4, 7th Generation)

Apple (MacRumors, keyboard, Hacker News, Slashdot):

Available in silver and space black finishes, the new iPad Pro comes in two sizes: an expansive 13-inch model and a super-portable 11-inch model. Both sizes feature the world’s most advanced display — a new breakthrough Ultra Retina XDR display with state-of-the-art tandem OLED technology — providing a remarkable visual experience. The new iPad Pro is made possible with the new M4 chip, the next generation of Apple silicon, which delivers a huge leap in performance and capabilities. M4 features an entirely new display engine to enable the precision, color, and brightness of the Ultra Retina XDR display.

[…]

The new iPad Pro — the thinnest Apple product ever — features a stunningly thin and light design, taking portability to a whole new level. The 11-inch model is just 5.3 mm thin, and the 13-inch model is even thinner at a striking 5.1 mm, while both models are just as strong as the previous design. The 11-inch model weighs less than a pound, and the 13-inch model is nearly a quarter pound lighter than its predecessor — allowing pro users to extend their workflows in new ways and in more places.

[…]

For pro users working in high-end, color-managed workflows or challenging lighting conditions, a new nano-texture glass option comes to iPad Pro for the first time.

[…]

The new Magic Keyboard opens to the magical floating design that customers love, and now includes a function row for access to features like screen brightness and volume controls. It also has a gorgeous aluminum palm rest and larger trackpad that’s even more responsive with haptic feedback, so the entire experience feels just like using a MacBook.

The 1 TB and 2 TB models have 4 performance cores vs. 3, 16 GB of RAM vs. 8 GB, and the nano-texture glass option.

Jason Snell:

But over this same span, it’s become clear to me that Apple no longer views the iPad as the future of personal computing.

[…]

iPad Pro buyers already value the product for its flexibility. Imagine how much more flexible it would be if it could run macOS, virtualized, when connected to an external keyboard and trackpad. Apple’s first convertible device would be able to becomes a Mac when it needed to—and exit that mode when it doesn’t. Travelers could invest in the iPad Pro and all its accessories—at a price comparable to a MacBook Air, by the way—and know that they’re getting the best of Apple’s tablet experience and its traditional computer experience.

Not today.

Previously:

Update (2024-05-08): Jason Snell:

As someone who uses a keyboard (and a USB microphone, I suppose) to make a living, I’m looking at $2177 for a mid-range 13-inch model with cellular, an Apple Pencil Pro, and a Magic Keyboard. That’s substantially more than I’d pay for a new MacBook Air, and while I know that I can’t use the MacBook Air as a thin and light touch tablet, I also can’t use my iPad Pro as a travel podcasting unit.

Dan Moren:

Still, purely from a price perspective, things do get more confusing now. Consider the comparison between the iPad Pro and the MacBook Air.

Tony Arnold:

Unless Apple is about to announce that you can choose to install macOS on iPads at WWDC (or a huge overhaul of iPadOS), the pricing of the new iPads is pretty wild.

Federico Viticci:

I had high expectations for the new generation of iPad Pros that Apple unveiled today – some of which were exceeded by reality (hardware), and others that were, regrettably but unsurprisingly, faced with the reality of the iPad platform (software).

[…]

The thinness and reduced weight of the big iPad Pro are making me question which model I want to use going forward. I went into this event knowing I’d get an 11” iPad Pro again, but after trying the new 13” in person, I’m not so sure anymore. It’s still a large tablet that’s not as portable as the small one, but the thinness and lightness of it are making reconsider my decision. I can’t get over how wildly thin and light the new 13” iPad Pro feels.

[…]

I don’t need to rehash why I think Apple is missing a huge opportunity by not embracing the iPad Pro as a machine that could do both iPadOS and macOS equally well in the same package.

[…]

I noticed another journalist struggling with opening the Magic Keyboard, and when I tried it, I experienced it myself. Since the edge of the keyboard is now flush aluminum without an inset “lip” like on MacBooks, it’s hard to know at first where you’re supposed to grab it.

Steve Troughton-Smith:

All of the counter-arguments for some form of macOS on iPad have fallen away over the past 14 years. The hardware is the same exact hardware that runs the Mac lineup. iPadOS is now a platform with keyboard, mouse and external display support. It already has a mode to shrink UI elements down dramatically beyond what would traditionally make for safe touch targets. Mac and iPad apps today share an awful lot of code, if not entire codebases, and it all transparently/freely syncs between devices.

Nick Lockwood:

for me the worst thing about trying to use an iOS device for any real work is the sense of my content feeling “trapped” in an app.

Craig Hockenberry:

Apple has had well over a decade to make a machine for pros.

Bolting a file system and windows onto iOS just isn’t cutting it both for users and developers. So yeah it’s time to admit to failure.

And lean into a device/software that can be flexible and get a multitude of jobs done. Time to abandon idealism and be pragmatic.

Eric Schwarz:

While I’m not opposed to new features in iPadOS, I think there are a lot of lot of tech pundits that need to retire the rhetoric that the iPad can’t replace their Mac and iPadOS is lacking.

Jeff Carlson:

Interesting that the iPad Pro lost a camera—now there’s just a single Wide rear-facing camera and no Ultra Wide camera. Maybe Apple internalized that iPad has never been a good camera device (even though I see people take photos with them often)? More likely just to cut costs, and because for video the better solution is to shoot with iPhone anyway (esp with the new Final Cut Camera app).

Tom Goodwin (via Niko Kitsakis, Scott):

If Samsung ever did this, people would destroy them.

Crushing things we love, things we played with, to produce an identical black box.

I think I get what they were going for, but I had a strong negative reaction to this ad.

Update (2024-05-10): John Gruber:

The thinness is noticeable in hand, but the reduction in weight is even more noticeable. Per Apple’s specs, the new 13-inch iPad Pro weighs 579g, down from 682g in the 2022 models. That’s a sounds-too-good-to-be-true 15 percent reduction. The weight reduction for the 11-inch iPad Pros is less dramatic: 444g, down from 466g in the previous generation.

[…]

In briefings yesterday, Apple reps emphasized, repeatedly, that these new iPad Pros could not have been built without the M4. The efficiency gains allowed Apple to make them remarkably thin and light, and more essentially, only the M4 has a display engine that can drive the new tandem OLED displays.

[…]

The only sore thumb in the entire iPad lineup is the iPad Mini, which, since it first appeared, has always been the least-frequently updated iPad.

Juli Clover:

We’ve rounded up some of the most notable changes worth considering when deciding rather to upgrade.

Quinn Nelson:

New iPads are more powerful than ever: with M4 and the first-to-market tandem OLED display technology. But what does that mean? And why does it matter?

Joe Rosensteel:

To go through all that effort and the appeal of the new iPad Air is that it’s like an older iPad Pro, and that the iPad Pro is a thinner iPad Pro, is … well … underwhelming if the hardware wasn’t a primary concern for you before yesterday.

[…]

The consistent refrain before, and after the event is that Apple isn’t addressing the iPad software platform.

Christina Warren:

The problem with the iPad as as many have pointed out is that the software hampers what it can do unless you’re willing to contort yourself into a very specific workflow. For most casual users those limitations aren’t an issue and the advantages of the form factor outweigh the deficits. But when you charge MBPro money for a device the trade-offs sting. As @jsnell says, the best solution would be to just let us virtualize macOS on an iPad Pro when using it in certain modes.

Chris Welch (via John Gruber):

Sure enough, the Smart Keyboard Folio isn’t compatible with the OLED iPad Pros. The 11-inch version can still be used with the sixth-generation iPad Air, but that’s all. So if you’re set on Apple’s very best tablet, it’s not an option anymore. And with no alternative quite like it anywhere in sight, I’m bummed.

Previously:

Update (2024-05-15): Jason Snell:

The design and power make me love the iPad Pro more than perhaps any other Apple product I own. This one’s even better. This is all good stuff. Unfortunately, I have to end this review the same way I’ve ended almost every iPad Pro review I’ve written: I wish iPadOS loved the iPad Pro as much as I do. We continue to live in a world where Apple’s most flexible, powerful, groundbreaking piece of hardware is let down by an inflexible, weak, and slow-to-be-upgraded operating system.

Samuel Axon:

Still, it remains unclear why most people would spend one, two, or even three thousand dollars on a tablet that, despite its amazing hardware, does less than a comparably priced laptop—or at least does it a little more awkwardly, even if it's impressively quick and has a gorgeous screen.

[…]

The iPad Pro is so much faster than most people need it to be—so loaded with expensive, cutting-edge technology—that it seems like it exists more for Apple to show off what it’s truly capable of than it does for most actual user needs.

[…]

The iPad Pro is an amazing device, and it’s a delight to use for some kinds of tasks. But despite continual refinement, the limitations of iPadOS compared to the flexibility (and better pro software support) of macOS mean I’m more excited about what these new developments might mean for future Macs than anything else.

Nick Heer:

The way I see it is simple: Apple does not appear to treat the iPad seriously. It has not been a priority for the company. Five years ago, it forked the operating system to create iPadOS, which seemed like it would be a meaningful change. And you can certainly point to plenty of things the iPad has gained which are distinct from its iPhone sibling. But we are fourteen years into this platform, and there are still so many obvious gaping holes.

See also: MacRumors.

Mark Gurman:

Fun fact: Every iPad Pro reviewer just copy pastes their 2015 model review and changes the date. It’s true. Nothing has changed.

See also: Sam Rowlands.

Previously:

Update (2024-05-16): John Gruber (Mastodon):

That in broad strokes there exist two types of iPad user: (a) those for whom iPadOS, as it is, suits them well as their primary “big screen” personal computer; (b) those for whom an iPad, due to its very deliberate computing-as-an-appliance-style constraints, can only ever be a supplemental device to a Mac, Windows, or Linux “real” computer. Neither group needs a more powerful iPad, and so because of this, everyone — power-user nerds and typical users alike — tends to use iPads until they break, wear out, or age out of software support.

[…]

From this viewpoint, going from better (iPad Air) to best (iPad Pro) shouldn’t be about power and performance and the ability to use the device for any and all complex computing tasks, but instead about being just plain nicer. Like going from a Toyota to a Lexus.

[…]

These results don’t make much sense to me. The M2 iPad Pro and M2 MacBook Air perform nearly identically, but the M3 MacBook Air is quite a bit faster than the M4 iPad Pro, despite the above Geekbench results suggesting that the M4 ought to be 1.2× faster than the M3.

[…]

iPadOS is what it is. Whatever you (or I) think of it as a productivity platform, you’re a fool if you think it isn’t beloved by many. It’s popular, even for some “professional” use cases, not despite iPadOS’s guardrails but often because of them. Those guardrails feel limiting to me, often very much so, but those same guardrails are liberating to others. There is tremendous power in having a computer that is simple not merely by suggestion but by hard and fast technical constraints.

There’s something to this idea, but I think a good portion of the problems and limitations with iPadOS are not actually features in disguise. The background processing guardrail is anti-simplicity because you have to understand the model rather than having things just work. You can see what they were trying to do with simplifying the file system, but it’s really hard to argue that they’ve cracked the problem. Who really benefits from the impossibility of clipboard management and the unavailability of certain categories of apps and features? Apple itself doesn’t really embrace the powerful-because-it’s-simple narrative, instead treating simplicity as a feature rather than a tradeoff. I think Gruber is essentially right that Apple built a luxury car, but Apple is trying to sell it as a truck with added simplicity and touch.

dmitriid:

Their marketing betrays what they actually make out of this device.

Update (2024-05-17): Benjamin Mayo (via John Gruber):

The new iPad Pro is here and the inevitable YouTube stress tests are already online. JerryRigEverything and AppleTrack posted their bend test videos, and both seemingly came to the same conclusion: the new iPad Pro holds up well to extreme force and seems pretty resistant to bending during normal use.

AppleTrack repeated the same bends with the M2 iPad Pro and the new M4 iPad Pro to compare, and whereas the M4 iPad Pro came away almost unscathed, the M2 iPad Pro had a definitive curl in the corner near the cameras. JerryRigEverything praised the device for its “black magic levels of structural integrity”, at least when bent horizontally.

Update (2024-05-20): MereCivilian:

Throughout my ownership of the 2018 iPad Pro, I never wished for it to be thinner. Instead, I would have preferred improvements in battery life. As the iPad ages, the degraded battery life becomes more frustrating. Apple only replaces the battery if its health is below 80%. Even then, they don’t replace the battery but provide a refurbished iPad Pro.

Helge Heß:

Why the new iPad Pro has an M4, IMO.

Update (2024-05-21): Shahram Mokhtari:

We’ve spent the past few days examining the new iPad Pro 13 and boy is it an impressive bit of technology. I don’t want to wax poetic about the user experience though, I’ll leave that to the tech reviewers. What I want to talk about is the hardware and the one major improvement in the iPad Pro’s repairability: The battery replacement experience.

Update (2024-05-28): Nicolas Magand:

The iPad can allow itself to be this powerful because some apps, some use cases require a lot of power. Apps like Procreate thrive on a touch interface, and they can utilise all the power of an iPad Pro with an M4 chip. Should these professionals be satisfied with a regular, slower iPad? They should not, so the iPad Pro makes a lot of sense for them, for Apple, and for the market.

For the rest of the regular experience — outside of pro apps, the iPad relies on simplicity, on a “straight-forwardness” that people appreciate about the iPad, especially if they believe that using a computer isn’t that different from using a phone. And just because the iPad Pro runs a desktop-class chip, doesn’t mean it has to do desktop-class things. Fast cars don’t have to all look like supercars.

M.G. Siegler:

What if the big debate about the iPad Pro running macOS really just boils down to being able to run the macOS version of Safari? Not for everyone of course. But many people, myself included, do about 90% of my work in a web browser. And the Safari browser on iPad has always behaved more like the Safari browser on iOS versus the version built for Macs. This is hardly a surprise – iPadOS itself came directly from iOS. But count me in the boat that Apple has this backwards.

iPad Air (6th Generation)

Apple (MacRumors, Hacker News):

Apple today announced the redesigned 11-inch and all-new 13-inch iPad Air, supercharged by the M2 chip. Now available in two sizes for the first time, the 11-inch iPad Air is super-portable, and the 13-inch model provides an even larger display for more room to work, learn, and play. […] The front-facing Ultra Wide 12MP camera with Center Stage is now located along the landscape edge of iPad Air, which is perfect for video calls. It also includes faster Wi-Fi, and cellular models include super-fast 5G, so users can stay connected on the go. […] The new iPad Air is available in new blue and purple finishes, along with starlight and space gray. The 11-inch iPad Air still starts at just $599, and the 13-inch iPad Air is a fantastic value at just $799.

The base storage has increased to 128 GB. Why is this still called Air when it’s thicker and heavier than the Pro?

Previously:

Update (2024-05-08): Jason Snell:

This time around, that’s been taken to an extreme: the 11- and new 13-inch iPad Air are identical in size to the old (2018-2022) iPad Pro models. Apple’s literally re-using those old models, with only some minor feature variations. There’s no Mini-LED HDR display on the 13-inch model as there was on the M1 and M2 versions, nor is there a Face ID sensor; if you want a keyboard, the 2020-era Magic Keyboard will suffice.

[…]

One disappointing note: Apple continues its trend of removing color from its products as they escalate in price. The iPad Air’s colors were subtle before, but they’re vanishingly distinguishable now. On Tuesday, I sat not two feet away from two iPad Airs in blue and purple, and, reader, I could not tell that they were not silver.

Hartley Charlton:

This breakdown also serves as a way to clearly see all the differences that the new iPad Air brings to the table.

Dan Moren:

Where Apple has de-muddied the lineup, though, is in the mid-range. Previously, once you went higher than the paltry base of 64GB storage on the iPad Air, you quickly got into entry-level iPad Pro territory, then forcing you to make a more complex decision between more capacity and more capability at around the same price point. Rather than the simplicity of a decision based around more storage for more money, customers instead had to weight the ability to store more photos vs. Face ID which…how do you even?

In the new lineup, that’s not really a problem. The base-level iPad Airs now boast an acceptable 128GB of storage and are still priced well below an iPad Pro. You’ve go to go up to the top-tier iPad Airs before you really start competing with base level iPad Pros—which is as it should be.

Update (2024-05-16): Juli Clover:

The new iPad Air is set to come out on Wednesday, May 15, and prior to launch, members of the media have shared their first iPad Air impressions.

Monday, May 6, 2024

SteerMouse 5.7

Plentycom Systems:

SteerMouse is a utility that lets you freely customize buttons, wheels and cursor speed. Both USB and Bluetooth mice are supported.

[…]

You can assign a function to combinations of a button and modifier keys ( command shift option control ). In addition to it, you can assign a function to combinations of buttons. Your mouse will have unlimited potential.

[…]

System Settings only allows adjustment for the Tracking Speed. SteerMouse allows adjustment of the Sensitivity on top of that. By adjusting both values, you can move the cursor just like you move your hand.

Via John Gruber:

I’ve been using and wholeheartedly recommending SteerMouse for nearly 20 years.

It’s also the case that even with a third-party mouse, you might not want any third-party driver software at all. MacOS’s built-in mouse software recognizes most mice. I rely on SteerMouse not because my mouse has lots of buttons (it doesn’t), but to get fine-grained control over the speed and acceleration of the pointer. SteerMouse lets me set my mouse to go way, way faster than the built-in Mouse panel in Settings does — something I’ve done for decades to reduce wrist fatigue and pain. I can move my pointer from corner to corner across my Studio Display by moving my mouse just a few centimeters.

iOS 17 Calendar Search Failures

keldwink (via Ric Ford):

Updated my 15pro to 17.0.2 and I can no longer search in the calendar app. No matter what I search for, it comes up with “no results”

The replies list various potential fixes. It’s not clear to me whether something is specifically broken with iOS 17 or this is just typical Spotlight behavior. My advice is to use Fantastical, even if you don’t need the fancy features, because the basics work so much more reliably.

Previously:

Apple’s Third-Party SDK List for Privacy Manifests

Apple:

Starting May 1, 2024, new or updated apps that have a newly added third-party SDK that‘s on the list of commonly used third-party SDKs will need all of the following to be submitted in App Store Connect:

  1. Required reasons for each listed API
  2. Privacy manifests
  3. Valid signatures when the SDK is added as a binary dependency

Antoine van der Lee:

While Apple provides rich documentation, it’s hard to understand what you must do. Therefore, I decided to simplify the process and added a frequently asked questions section to help you.

Donny Wals:

In this post, I’d like to show you how you can add a privacy manifest file to your app so that you can resolve rejections related to ITMS-91053.

[…]

Adding a privacy manifest file is a new requirement from Apple that, in my opinion, could have been handled better. Manually working on plist files is a tedious job and the keys and values aren’t that easy to manage.

Privacy Manifest Generator:

Since editing the file by hand is somewhat tedious, this site will help you generate the file instead so you just select which items you need to include and we do the rest!

Jesse Squires (Mastodon):

But then… you see that the list contains UI libraries that haven’t seen significant updates or any activity for multiple years, like SVProgressHUD. Why does a library that provides a single UI component need a privacy manifest? Is it as concerning and as potentially privacy invasive as the Facebook SDK? Some of the UI-only SDKs on the list haven’t seen significant updates (or any updates at all) within the last 4-5 years. Furthermore, even AFNetworking hasn’t had an update in 4 years because it was deprecated long ago after being supplanted by Alamofire. The AFNetworking repo on GitHub has been archived and read-only for over a year! Who’s going to bother adding a privacy manifest to that?

[…]

And then… you know what’s even more bizarre about this list? There are no links! There are no links to the SDK project homepages or GitHub repos. It is a plain text list of names, and in some cases, seemingly random names like “file_picker”. Ok LOL. SDK and library names are not necessarily unique. How are you supposed to know exactly which SDKs they are referencing with so little information? Searching for “file_picker” or “image_picker_ios” or any of the other obscure names on both CocoaPods and the Swift Package Index returns no results!

[…]

As many readers have pointed out, there are also a number of popular SDKs that really should be on this list if Apple is concerned about privacy. For example, the TikTok SDK, GoogleAds, and the Unity Ads SDK are all missing from the list, just to name a few. How strange!

[…]

When Apple imposes new privacy regulations in such a slipshod manner, how are we, as developers and as users, supposed to take this seriously? This feels like more bureaucratic security and privacy theater.

Nick Heer:

I assumed this list would be dominated by SDKs for analytics, authentication, logging, advertising, and other potentially sensitive use cases. […] This list of SDKs contains seemingly few such packages. As of writing, there are 87 SDKs on Apple’s list and fully one-quarter of them — by my count — are Flutter packages intended to simplify cross-platform development.

[…]

As Squires writes, any documentation about why these SDKs are on Apple’s list would be helpful.

Talal Haj Bakry and Tommy Mysk:

In practice, we analyzed the network traffic of several popular apps that were updated after May 1, when this new requirement took effect. We focused on the API that retrieves a device’s boot time, or system uptime. It is the elapsed time in seconds since a device was restarted. Combined with a few other signals, the system uptime leads to generating a very accurate fingerprint of a device.

[…]

All the approved reasons emphasize that information retrieved by the APIs may not be sent off-device.

[…]

Our testing shows that Facebook still sends the system uptime off-device.

So do Google Chrome, Instagram, Spotify, and Threads. Like privacy nutrition labels, privacy manifests seem to be privacy theater.

Previously:

Update (2024-05-07): Thomas Claburn (Hacker News):

The Register asked Google, Meta, and Spotify whether they are in fact using these “required reason APIs” for iOS device fingerprinting and beaming that data off to backend servers, and we’ve not heard back from the last two. A Google spokesperson confirmed it is looking into the report, but didn’t immediately have a response.

[…]

Although Apple’s rule plainly states that uptime data cannot be sent off-device, Google Chrome appears to be doing just that, based on network data analysis from Bakry and Mysk. The rule does allow for an exception, but one that doesn’t apply to Chrome.

[…]

Cupertino did not respond to a request for comment.

Swift’s Native Clocks Are Very Inefficient

Wade Tregaskis (Hacker News):

In a nutshell, the problem is that Swift’s Clock protocol has significant overheads by design. If you look at a time profile of code like this, you’ll see things like[…]

That’s a lot of time wasted in function calls and struct initialisation and type conversion and protocol witnesses and all that guff. The only part that’s actually retrieving the time is the swift_get_time call (which is just a wrapper over clock_gettime, which is just a wrapper over clock_gettime_nsec_np(CLOCK_UPTIME_RAW), which is just a wrapper over mach_absolute_time).

[…]

The downside to calling mach_absolute_timedirectly, though, is that it’s on Apple’s “naughty” list – apparently it’s been abused for device fingerprinting, so Apple require you to beg for special permission if you want to use it (even though it’s used by all these other APIs anyway, as the basis for their implementations, and there’s nothing you can get from mach_absolute_time that you can’t get from them too 🤨).

This matches my experience that intuition is often wrong regarding Swift performance. Sometimes what seems like it would be a simple virtual call has more overhead than an Objective-C message send. Various dynamic stuff involving checking types/protocols can also be much slower than with Objective-C. The good news is that Date is fast, not even calling down to NSDate, and that there’s a pull request to inline some of this.

Previously:

Friday, May 3, 2024

Error -609 Launching App From the Mac App Store

Matthias Gansrigler:

Does anybody here know what macOS’ error -609 is when launching an app from the App Store?

“The application “XYZ” can’t be opened. -609”

And, maybe more importantly, how to fix it? Relaunches, re-installs and restarts have not helped.

Mark Cornelisse:

Are you behind a firewall? This usually occurs when MacOS can't communicate with the App Store to get the decryption certificates for the binary.

[…]

I’ve done so research on the subject. It could be the following things:

  • Corrupted Application File or incomplete installation. Unintall the application and download it again from the App Store.
  • Disk Permissions. Use Disk Utility to repair disk to all disk permissions.
  • Outdated MacOS or too new version of it. Download the latest MacOS for the device.
  • Account Authorization. Solution: Logout of the App Store account and log back.
  • Damaged System Files. Reinstall MacOS through the EFI.
  • Conflicting Software like security software. Disable the security software. See if the issue persists. If doesn’mt contact support of the security software or the administrator of the Mac.
  • Network issues in contact the App Store server. Remove any obstacle like firewall and system rights that might prevent the Mac from communicating with the App Store to get the needed certificate.
  • Disk Storage. Free up disk space.

I’m seeing a recurrence of the old problem where launching test versions of Mac App Store apps doesn’t work.

Previously:

Apple’s Q2 2024

Apple (transcript, Hacker News, MacRumors):

The Company posted quarterly revenue of $90.8 billion, down 4 percent year over year, and quarterly earnings per diluted share of $1.53.

“Today Apple is reporting revenue of $90.8 billion for the March quarter, including an all-time revenue record in Services,” said Tim Cook, Apple’s CEO.

[…]

“Given our confidence in Apple’s future and the value we see in our stock, our Board has authorized an additional $110 billion for share repurchases. We are also raising our quarterly dividend for the twelfth year in a row.”

Jason Snell:

The company booked $90.8 billion in revenue (down 4% versus the year-ago quarter) with $23.6 billion in profit. Mac revenue was up 4%, presumably buoyed by the release of the M3 MacBook Air. iPad revenue crashed down to $5.6 billion, a 17% drop from the year-ago quarter and the weakest iPad quarter in four years. iPhone revenue was $46 billion, down 10% versus the year-ago quarter.

Services revenue was the big highlight for Apple this quarter, with a new record $23.9 billion in revenue, up 14% year over year. The Wearables, Home, and Accessories category managed only $7.9 billion in revenue, down 10% versus the year-ago quarter.

Artificial intelligence was mentioned many times, and as Ryan Jones notes, Apple even suggested that the M3 MacBook Air is selling well because of its “incredible AI performance.”

John Gruber:

Tim Cook’s decade-ago decision to focus both the company and investors’ attention on Services looks ever more prescient. As it stands, a 4 percent overall drop in revenue makes for an ever-so-slightly bad quarter. If not for Services growth, however, this would’ve been a not-so-slightly bad quarter.

Maybe it was a good business decision. I still think the focus on services has not been good for the products.

John Gruber:

It’s somewhat interesting to me that those are the two iPhone models: on the consumer side, the smaller-display iPhone 15; on the pro side, the big-display iPhone 15 Pro Max. The cheapest iPhone 15 model and the most expensive one.

Previously:

Update (2024-05-07): Michael E. Cohen and Adam Engst:

Apple’s regional results were a mixed bag, with some regions—the Americas and Europe—providing generally steady or growing revenues, while others—Greater China, Japan, and the rest of Asia Pacific—showing declines. The declines may be less related to Apple’s products than to regional economic conce

Jason Snell:

It’s interesting that Cook calls out generative AI, which is basically the sort of stuff that Apple hasn’t spent the last few years rolling out inside its various products. He acknowledges that they’ve been investing in this technology and once again touts that Apple will share things soon.

[…]

There was one claim that made me laugh out loud during the call, though. Apple CFO Luca Maestri said, as a part of his prepared remarks, that “customers are loving the incredible AI performance of the latest MacBook Air and MacBook Pro models.” Are they, really? I knew some apps have AI features, but the idea that M3 MacBook Air users are just buzzing over how incredible the AI performance they’re getting is… just seems silly. This is the place where Apple’s product marketing hype machine collides with its investor community hype machine and generates something… not optimal.

[…]

Sometimes, it seems like Apple has almost saturated demand for its products, which leads to slower growth (for everything except the Services category, apparently). So, where would growth ever come from? This answer focuses on it: There’s a big portion of the world where Apple’s market share is quite low, but populations are growing and income levels are rising. Apple’s growth story for the next couple of decades may have more to do with India, Brazil, and Indonesia than with Europe or the United States.

[…]

That’s about as savage a shade-throwing as you’ll get on an Apple analyst call. But to summarize, Rakers asked Cook to respond to third-party estimates on Apple’s sales, and Cook essentially pointed at his legally mandated financial statements and declared them the real numbers.

Beats Solo Buds

Chance Miller:

Alongside the launch of Beats Solo 4 today, Apple has also announced new Beats Solo Buds earbuds. The new Beats Solo Buds pack a truly wireless design with an incredibly impressive 18 hours of battery life and $79.99 price.

[…]

While they miss out on features like Active Noise Cancellation, auto play/pause, and Transparency mode, they offer an impressive set of other features.

Via Benjamin Mayo:

even if you halve the quoted 18-hour battery life it’s still much better than AirPods longevity for a single session (like plane journeys?)

Tracking Through MarketplaceKit

Mysk:

@brave for iOS just got updated to support the new “marketplace-kit” scheme. Brave only calls the scheme when trackers blocking is disabled. As we reported earlier, Apple implemented the new scheme in a way that allows tracking across websites based on the unique client_id.

Now users in the EU can use Brave to safely install alternative marketplaces. We would like to thank Brave for considering our advice about potential tracking. Moreover, Brave doesn’t invoke the scheme if it’s called from a website different than the store’s website. Great job. 👏

The client_id is created by MarketplaceKit. It is unique per device, Apple ID account, and marketplace combination. At the moment Apple allows any website to trigger sending client_id to the alternative store backend. This allows a malicious app store to track users across websites.

Via Damien Petrilli:

Apple implementing a half-assed compliance instead of implementing a well proven Mac-like installation.

Pretty sure they are going to blame all the security issues caused by their code on regulation.

All those 600 new APIs they did to fake compliance are just code exposing users to new security flaws.

It’s not clear to me exactly what the client_id is for. Apple mentions it in the context of restricting app downloads to certain “qualified users.”

I think users would already expect a marketplace to track their purchases and browsing through that marketplace, so I’m not sure this is a big deal. Does it matter that the marketplace account is linked to a device–Apple ID combination? Is it that different from a Web store tracking through cookies? I’m not seeing a huge distinction between browsing a Web page associated with a product in the marketplace vs. within a marketplace/store.

Previously:

Update (2024-05-03): The piece I was missing is that any Web site can ping the marketplace to get the unique ID because Safari doesn’t check that the Web site is part of that marketplace.

Talal Haj Bakry and Tommy Mysk:

Our testing shows that Apple delivered this feature with catastrophic security and privacy flaws. First, Safari invokes the marketplace-kit URI scheme without checking the origin of the website containing the URI scheme and the URL passed in the alternativeDistributionPackage input parameter. This allows cross-site tracking as we’ll show in the next section.

Second, MarketplaceKit would accept any parameters once invoked. It doesn’t read or validate the JWT tokens passed in the argument. We are sure that Marketplace doesn’t read the tokens because we sent text that doesn’t conform to a valid JWT structure and MarketplaceKit accepted it. Worse, it blindly relayed the invalid JWT token when calling the /oauth/token endpoint. This opens the door to various injection attacks to target either the MarketplaceKit process or the marketplace back-end.

Third, certificate pinning is not deployed in the entire process. This makes it easy to intercept and manipulate requests between the MarketplaceKit process and the marketplace back-end. It might be tricky to support certificate pinning here because MarketplaceKit might communicate with many servers that can dynamically be changed by the marketplace developer in the .well-known resources. But this also has potential issues. In our testing, we overwrote the .well-known resources through intercepting the calls and we fed our own endpoints. As a result, MarketplaceKit called our endpoints.

[…]

The flaw of exposing users in the EU to tracking is the result of Apple insisting on inserting itself between marketplaces and their users. This is why Apple needs to pass an identifier to the marketplaces so they can identify installs and perhaps better calculate the due Core Technology Fee (CTF).

Thursday, May 2, 2024

Core Technology Fee Exemptions

Apple (MacRumors):

Today, we’re introducing two additional conditions in which the CTF is not required:

  • First, no CTF is required if a developer has no revenue whatsoever. This includes creating a free app without monetization that is not related to revenue of any kind (physical, digital, advertising, or otherwise). This condition is intended to give students, hobbyists, and other non-commercial developers an opportunity to create a popular app without paying the CTF.

  • Second, small developers (less than €10 million in global annual business revenue*) that adopt the alternative business terms receive a 3-year free on-ramp to the CTF to help them create innovative apps and rapidly grow their business. Within this 3-year period, if a small developer that hasn’t previously exceeded one million first annual installs crosses the threshold for the first time, they won’t pay the CTF, even if they continue to exceed one million first annual installs during that time. If a small developer grows to earn global revenue between €10 million and €50 million within the 3-year on-ramp period, they’ll start to pay the CTF after one million first annual installs up to a cap of €1 million per year.

Khaos Tian:

Would be annoying if AltStore PAL no longer qualifies for CTF exemptions because it had sales to cover CTF in the first place 🙃

Previously:

Update (2024-05-03): Kosta Eleftheriou:

Imagine having to pay Apple money to install an app on your Mac from some website.

Update (2024-05-07): Nick Heer:

Two fundamental issues remain with the Core Technology Fee — namely, that developers still need to pay Apple even if their app is distributed exclusively outside the App Store and in-app payments are handled by a third-party processor, and the fee is an unknown and surprising future charge. One marvels at how the Mac could remain such a successful developer platform for so long without the support of a per-install fee.

EagleFiler 1.9.14

EagleFiler 1.9.14 is a maintenance release for my Mac information organizer app.

Some interesting bugs were:

Previously:

Delta Emulator in the App Store

Kyle Orland (MacRumors):

Apple’s decision earlier this month to open the iOS App Store to generic retro game emulators is already bearing fruit. Delta launched Wednesday as one of the first officially approved iOS apps to emulate Nintendo consoles from the NES through the N64 and the Game Boy through the Nintendo DS (though unofficial options have snuck through in the past).

Delta is an outgrowth of developer Riley Testut’s earlier sideloadable GBA4iOS project, which recently had its own unauthorized clone removed from the App Store. Before Wednesday, iOS users could load Delta onto their devices only through AltStore, an iOS marketplace that used a Developer Mode workaround to sideload apps from a self-hosted server. European users can now get that AltStore directly on their iOS devices (for a small 1.50 euro/year fee), while North American users can simply download Delta for free from the iOS App Store, with no ads or user tracking to boot.

It’s not in the EU App Store.

Riley Testut:

Thank God the CTF only applies to downloads in the EU 😅

Shira Ovide (via Hacker News):

The hottest iPhone app in America may owe its popularity to government crackdowns on Apple.

[…]

Apple had banned apps like it for years but un-banned them this month without much explanation. Delta’s creators say growing anti-monopoly pressures were responsible for Apple’s flip-flop.

Dare Obasanjo:

Apple was pressured by regulators to allow game emulators on iOS and now the most popular app is a game emulator with a 4.9 star rating.

Remember this when people claim Apple’s restrictions on what you can do on your phone to protect their app store revenue doesn’t harm consumers.

Parker Ortolani:

Delta’s success is proving that there is an insane amount of pent up demand for the things Apple has insisted on keeping from us for 16 years. It is proving the point of critics.

Jason Snell:

Sure, some of that is probably a natural tendency by some of us veteran App Store users to download forbidden fruit before Apple has a re-think and decides to ban it again. But there’s also a genuine interest in reconnecting with older games, something that’s been there all along on other platforms—but has always been blocked from iOS by Apple’s arbitrary policies.

[…]

So where do we go from here? While Apple’s acceptance of emulators in the App Store is groundbreaking, and should delight many fans of retro gaming consoles, it’s an extremely limited change. Nobody really knows how Apple defines any of the words in that phrase. How old is retro? Is an old computer on which you can play games a console?

I grew up playing games on early computers, including the Apple IIe. Does the ability to open a spreadsheet in AppleWorks disqualify an Apple II emulator that would otherwise let me play Lode Runner and Choplifter? And if so, why?

[…]

Apple should allow retro emulators of all kinds in the app store, and allow game emulators to use JITs to boost performance. Otherwise, its limited expansion of the rules feels mostly for show and not indicative of a real change in approach to App Store rules.

John Gruber:

An incredibly polished, high-performance game emulator, available free of charge with no ads. That’s some old-school internet awesomeness.

[…]

Now the questions is: Does Nintendo care?

Brendon Bigley:

Personally though: I really just want to play Pokémon on my phone. The reason I switch to Android is the prospect of playing Pokémon Silver again while I’m on the subway or in the back of a Lyft or while waiting in line. Ultimately Nintendo is unlikely to allow this in a way that lets me pay them directly for the experience. They justifiably prefer having their Nintendo Online subscription service and providing limited access to their valuable back catalog on devices they control entirely. The idea of launching a Pokémon game as an app on the App Store is a non-starter. But with emulation apps present on both Android and iOS and many people already enjoying these experiences, one wonders why not make a change? I would gladly pay Nintendo to play back-catalog Pokémon games on my iPhone and I would be over the moon if they recognized this as a valuable audience segment worth catering to. In a lot of ways, it’s about to be extremely difficult to ignore this user-behavior.

John Voorhees (via Federico Viticci):

So, you’ve probably seen the (totally justified) hype surrounding the Delta emulator’s launch on the App Store and downloaded it because, why not, it’s free. You may have also recalled that, like a lot of people, you have a box of old Game Boy cartridges stored somewhere that are gathering dust. Or, like me, maybe you spent way too much money on second-hand videogame sites during the COVID lockdown. Regardless of your Game Boy cartridge origin story, today I’m going to show you a simple way to breathe new life into those games by bringing them, along with your save files, to your iPhone.

The easiest way I’ve found to pull the game files from a Game Boy, Game Boy Color, or Game Boy Advance cartridge is with a little USB-C accessory called the GB Operator by Epilogue, or as I like to call it the Game Boy Toaster. That’s because the device looks like a top-loading transparent toaster that takes game cartridges instead of bread. If you have a big collection of game cartridges, the GB Operator is a great investment at $50 because it allows you to both play and back up your games using a Mac.

Riley Testut (via Craig Grannell):

So apparently Apple approved a knock-off of GBA4iOS — the predecessor to @delta I made in high school — in the App Store. I did not give anyone permission to do this, yet it’s now sitting at the top of the charts (despite being filled with ads + tracking)

I’ve bit my tongue a bunch in the past month…but this really frustrates me. So glad App Review exists to protect consumers from scams and rip-offs like this 🙄

Previously:

AltStore PAL

Riley Testut:

I’m thrilled to announce a brand new version of AltStore — AltStore PAL — is launching TODAY as an Apple-approved alternative app marketplace in the EU. AltStore PAL is an open-source app store made specifically for independent developers, designed to address the problems I and so many others have had with the App Store over the years. Basically, if you’ve ever experienced issues with App Review, this is for you!

We’re launching with 2 apps initially: my all-in-one Nintendo emulator Delta — a.k.a. the reason I built AltStore in the first place — and my clipboard manager Clip, a real clipboard manager that can actually run in the background. Delta will be FREE (with no ads!), whereas Clip will require a small donation of €1 or more. Once we’re sure everything is running smoothly we’ll then open the doors to third-party apps — so if you’d like to distribute your app with AltStore, please get in touch.

[…]

Sources are integral to AltStore’s design and allow it to be completely decentralized. This means there is no central directory of apps; the only apps you’ll see in AltStore are from sources you’ve explicitly added yourself. It’s up to developers to self-promote their apps and direct users to their websites, where users can add their source with a single tap via AltStore’s altstore://source?url=[source URL] URL scheme (or by copying & pasting the source URL directly). Distributing apps with AltStore is also completely free of chargeanyone can distribute an app for free on AltStore as long as they make a source.

[…]

I strongly believe this business model works well — especially for indie developers — so we’ve gone all-in and added deep Patreon integration to AltStore to allow all developers to monetize their apps the same way we do. Developers can choose to offer some (or all) of their apps to just their patrons, and even control which tiers unlock which apps on a per-app basis. And to further encourage Patreon use, AltStore will take no commission on Patreon donations, allowing developers to keep the entirety of their Patreon proceeds.

They’re charging €1.50/year for the marketplace itself to cover the CTF.

Mysk:

AltStore PAL just updated their FAQ saying that they currently support one device per subscription. This confirms that Apple left marketplace app developers with no option to tell whether multiple devices belong to the same user or not. Apple promises that the CTF applies once regardless of how many devices the user has.

Since app developers can’t tell if an additional device belongs to a subscribed user, they are forced to charge the user per device to be on the safe side.

John Gruber:

For iOS power users and enthusiasts, alternative app marketplaces are going to be fun and useful. Right now there’s no better place to be an iPhone user than the EU.

David Barnard:

I’m moving to the EU so I can finally have a clipboard manager on iOS.

Adam Demasi (tweet):

The whole marketplace flow is a disaster. While AltStore seems to have tons of problems itself […], the majority of the problems are in Apple’s implementation.

App installation has no progress prompts. The app-marketplace:// URL scheme, used by websites to tell iOS to begin installing a marketplace app, displays zero progress. It only has the ability to display error messages, such as telling you you’re not eligible (not located in the EU), or that you need to go to Settings to allow the app to be installed. Naturally, there’s no button that takes you to Settings, nor any explanation of what you do when you’re there.

Once you’re in Settings, a followup button appears below your Apple ID name. Tapping Allow simply dismisses the prompt. There’s no indication of what happens next. The answer is - nothing happens. You need to go back to Safari and initiate the installation again. Then, you get another full screen prompt, and then an alert prompt. The app then starts downloading, but nothing tells you that. Tapping the download button does nothing now. You just eventually think to go to the home screen and find the app.

[…]

Make no mistake, if a teenager was able to build a jailbreak that puts a Cydia icon on the home screen with a download progress bar back on iOS 4.3 (2011!), Apple can do far better with user experience here. They know what they’re doing. The sloppiness of the whole process is intentional, and AltStore needing to charge €1.50/year is a barrier Apple fully intended to force upon marketplaces.

Kyle Howells:

Apple’s designed the alternative AppStore process to be as terrible a user experience as they think they can get away with.

I used to jailbreak all my devices. EVERY SINGLE Jailbreak app store was miles better than this mess.

Previously:

Update (2024-05-07): Kyle Howells:

I’d like to remind everyone all the work Apple has done, to make such a terrible 3rd party app store experience, was entirely voluntary.

iOS has had app true side loading, install from Safari, since iOS 3. Just locked down. All that was actually required was turning that on.

Update (2024-05-23): Paul Haddad:

I don’t get this at all. One hack is unacceptable, but another uglier hack is OK? Apple disallows always running background applications for battery life reason, but it’s OK to use location services and a map even though that’s almost certainly going to waste a lot more battery?

For the record, I think Apple should allow always running apps on iOS (with scare alert to enable) and I think outside the App Store notarization should concern itself with security issues only.

Wednesday, May 1, 2024

Photos Syncing With iCloud Paused

I just ran into an iCloud issue I’d not seen before. Photos on my Mac now shows “Syncing with iCloud Paused. Optimizing System Performance” at the bottom of the photos grid. It’s not clear to me what this means because the Mac is essentially idle and not running on battery power.

There’s a Sync Now blue text “button,” and when I click it I get an alert that says:

Resume Syncing with iCloud

Syncing with iCloud is paused to optimize system performance. Would you like to resume syncing for four hours?

I clicked Resume, but nothing seemed happened. The main window still says that syncing is paused and still offers the Sync Now button that seemingly doesn’t do anything. I left it overnight and nothing has changed. Syncing is still paused—showing gray thumbnails for photos not downloaded—and Sync Now is still inoperable.

Previously:

Update (2024-05-02): I had restarted the Mac earlier, but I restarted it again this morning and now it is syncing again.

The Joy of Shortcuts

Jarrod Blundy:

I love building shortcuts. I have 579 of them in my personal library at the moment, and I’d guess that I built or modified about half of those at some point or another. Between my HeyDingus Shortcuts Library and my old home on RoutineHub, I’ve shared over 40 of them publicly, thinking that maybe someone else will find these little tools helpful.

[…]

But mostly, it just lights up my brain in a way that few other things do. […] And I enjoyed every second of getting them just right.

Via Federico Viticci:

For me, despite the (many) issues of the Shortcuts app on all platforms, the reason I can’t pull myself away from it is that there’s nothing else like it on any modern computing platform (yes, I have tried Tasker and Power Automate and, no, I did not like them). Shortcuts appeals to that part of my brain that loves it when a plan comes together and different things happen in succession.

I love automating things and have used many utilities to do so, going back to classic Mac OS. These days I mostly rely on AppleScript and shell scripts. For whatever reason, Shortcuts just does not fit my brain. I found Automator intuitive but limited. Shortcuts, not being language-based, is also limited, but it’s seemingly much more powerful than Automator. However, I find it confusing to use, the app’s interface doesn’t feel right for a Mac app, and I wish shortcuts were saved as files.

It’s also a pity that some functionality—e.g. HomeKit—is not available from AppleScript or shell tools, only via Shortcuts.

Joe Rosensteel:

I love Shortcuts. I love WiFi device names. I love conflict resolution when I didn’t edit the Shortcut on either of those dates.

Previously:

Qi2 Battery Packs and Chargers

Christian Selig:

Qi2 was supposed to be a glass of ice water to those in hell of Qi1, and I was hyped! Apple stopped making MagSafe battery packs themselves, and their old pack used Lightning instead of the newer USB-C, so I was excited to see third-parties bring MagSafe into the golden age of USB-C.

[…]

The word “compatible” is doing a lot of heavy lifting there, just indicating that the battery packs have a magnet in them and using just regular Qi1 charging. None of the actual MagSafe benefits are available. This means they’re kinda “dumb” and don’t communicate well with the host device, leading to hotter devices (and thus faster battery degradation) and lower efficiency due to energy loss as heat.

[…]

Despite being announced last year, there’s still like… only one manufacturer offering Qi2 battery packs: Anker. The rest are still “coming soon”. […‘ Qi2 battery packs seemingly don’t even support OS level battery status! I can only assume this is an omission on Apple’s part rather than Anker’s, and is hopefully fixed in the future, but that was one of the aspects of Qi2 I was looking forward to the most. All you get is a slightly larger indicator of the phone’s battery level, but not the pack’s.

This Anker battery pack has been working great with my iPhone 15 Pro, but I don’t think it’s Qi2. Oddly, I’ve had mixed results with USB-C battery packs, e.g. the HTGK Power Bank sometimes causes iOS to report heat errors and seems to actually drain the phone’s battery rather than charge it.

Juli Clover:

Satechi today announced the availability of its two new Qi2 charging stands, the 3-in-1 Foldable Qi2 Wireless Charging Stand and the 2-in-1 Foldable Qi2 Wireless Charging Stand.

[…]

One of the benefits of Qi2 is lower prices, but Satechi's Wireless Charging Stands are still expensive. The 3-in-1 model is priced at $130, likely because Satechi is still licensing Apple Watch charging technology from Apple, while the 2-in-1 Wireless Charging Stand is $80.

Previously:

Compelled to Unlock With Fingerprint

Jon Brodkin:

The US Constitution’s Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law.

[…]

Payne’s Fifth Amendment claim “rests entirely on whether the use of his thumb implicitly related certain facts to officers such that he can avail himself of the privilege against self-incrimination,” the ruling said. Judges rejected his claim, holding “that the compelled use of Payne’s thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking.”

Joe Lancaster (via Hacker News):

From a practical standpoint, this is chilling. First of all, the Supreme Court ruled in 2016 that police needed a warrant before drawing a suspect’s blood.

[…]

But forcibly gaining access to someone’s phone provides more than just their identity—it’s a window into their entire lives. Even cursory access to someone’s phone can turn up travel history, banking information, and call and text logs—a treasure trove of potentially incriminating information, all of which would otherwise require a warrant.

When they drafted the Fourth Amendment, the Founders drew on the history of “writs of assistance,” general warrants used by British authorities in the American colonies that allowed government agents to enter homes at will and look for anything disallowed. As a result, the Fourth Amendment requires search warrants based on probable cause and signed by a judge.

John Gruber:

People who don’t use Face/Touch ID are surely tempted to use a short easily-entered passcode for convenience, and anyone who disables Face/Touch ID while using a nontrivial passphrase is encountering a huge inconvenience every single time they unlock their phone. There’s no good reason to put yourself through that.

My advice is to internalize the shortcut to hard-lock an iPhone, which temporarily disables Face/Touch ID and requires the passcode to unlock: squeeze the side button and either of the volume buttons for a second or so.

[…]

Those concerned with civil liberties should presume, though, that the same court would rule similarly regarding cops unlocking a device by waving it in front of the suspect’s face. But with “Require Attention for Face ID” — which is on by default — Face ID won’t work if you keep your eyes closed, and I don’t think a court would allow police to force your eyes open. The trick to worry about is the police handing you back your phone, under the pretense that you can use it to make a call or something, and then yanking it from your hands after you unlock it.

John C. Welch:

“Ha, I locked my phone, you can’t make me put in my pin!”

<cops all turn off their body cams and draw their sticks>

Previously: