Archive for May 14, 2024

Tuesday, May 14, 2024

The State of iPadOS in 2024

Matthew Snyder (via Steve Troughton-Smith):

The iPad feels like it’s caught between being the best hardware Apple makes, alongside the most ignored software.

Steve Troughton-Smith:

Some of the iPad angst isn’t that we have to wait ‘till WWDC to see if the software is improved.

It’s that little birdies have strongly hinted to us not to expect iPad to really go anywhere from here, that Vision Pro has sucked up all the oxygen inside Apple.

That iPad never really had the resources to fulfill its promises, and much of what was there has now been diverted.

Federico Viticci (Mastodon, Hacker News):

My goal with this story was threefold. First, as I’ve said multiple times, I love my iPad and want the platform to get better. If you care about something or someone, sometimes you have to tell them what’s wrong in order to improve and find a new path forward. I hope this story can serve as a reference for those with the power to steer iPadOS in a different direction in the future.

Second, lately I’ve seen some people argue on Mastodon and Threads that folks who criticize iPadOS do so because their ultimate goal is to have macOS on iPads, and I wanted to clarify this misunderstanding. While I’m on the record as thinking that a hybrid macOS/iPadOS environment would be terrific (I know, because I use it), that is not the point. The reality is that, regardless of whether macOS runs on iPads or not, iPadOS is the ideal OS for touch interactions. But it still gets many basic computing features wrong, and there is plenty of low-hanging fruit for Apple to pick. We don’t need to talk about macOS to cover these issues.

[…]

Despite Apple’s promise of desktop-class apps a couple of years ago, the company’s actual implementation has been erratic at best, with an inconsistent delivery of Mac-like features that haven’t done much to raise the status of iPad apps.

[…]

Out of all the apps I’ve mentioned so far, I want to shine a spotlight on Files. It’s a bad product that needs a fundamental rethink from a design and performance perspective.

[…]

iPadOS needs to gain support for executing long-running, complex tasks in the background. […] As a result, not only have these limitations fostered an environment in which third-party developers are actively discouraged from bringing true desktop-class experiences to iPad, but existing iPad apps still largely feel like blown-up versions of their iPhone counterparts.

Steve Troughton-Smith (Mastodon, Federico Viticci):

Apps should be able to create long-running tasks, or persistent tasks, that can use meaningful resources in the background as sub-processes.

[…]

Virtualization isn’t the answer to all of iPad’s problems, but it provides a runway to let Apple take as long as it wants to evolve iPad’s software while ending the ‘can this replace my computer?’ angst. It also immediately justifies the iPad Pro pricing and strips away the pointless ‘them vs us’ divide between iPad users and Mac users. If a $3,000 Mac can run iPad apps, why can’t a $3,000 iPad do the inverse of this?

[…]

Stage Manager was such a missed opportunity: it tried to bolt-on a windowing model onto iPadOS without providing developers any way to optimize for it, and has had virtually no meaningful improvements in two years. What I really want to see are APIs.

[…]

Massively improve the reliability of the Files app infrastructure, including for third-party file services. I should never have to reboot my iPad because an SMB share isn’t connecting properly, or a file service is showing stale, cached data. I should be able to reliably copy large files off USB mass storage without random disconnects or corruption.

[…]

So much high-end iPad software ends up hiding its advanced functionality behind mystery-meat multi-finger gestures, when really what would be helpful is a persistent menu bar at the top of the screen.

Jason Snell:

I’ve been stunned to see some reactions to our criticism of iPadOS this past week suggest that, somehow, people like Federico and myself just don’t “get” the iPad. We’ve spent years using the iPad and pushing what it can do. We get it all too well.

Matt Birchler:

The more I think about it, the more I’m squarely in the camp of people who want iPad-like hardware that runs macOS, and I’m not sorry for saying it.

Ged Maheux:

I really must be an outlier. I use my iPad Pro for real work all the time. I don’t feel particularly hampered by iPadOS. There are times when I’d like to easily do some things my Mac can do but in general I’ve been super happy with the iPad and its software.

Previously:

Update (2024-05-16): Adam Tow:

As you can see, I’m still getting good use out of nearly all the iPads in the house, despite being reminded that buying tech is participating in planned obsolescence.

[…]

I would welcome the ability to have a windowing system that works with me rather than against me, along with system-level and app-level plug-ins to increase my productivity.

[…]

At the same time, I think of family members for whom a more complicated operating system on the iPad would leave them bewildered and confused. Multiple windows, background tasks, and file management are things they don’t want or at least want abstracted away from them. I’ve seen first-hand how they are tripped up by features like Split View, Slide Over, Stage Manager, Control Center, Home Screen widgets, Safari tabs, and various swiping gestures. For them, iPadOS needs to be even simpler and easier to use.

In order to be the most versatile device Apple has ever made, iPads need to cater to a broader category of people. It’s clear over the years that toeing this line between simplicity and power has been challenging for Apple. The company has to focus on multiple operating systems every year, and it can’t give its best to all of them. iPadOS has gotten the short end of the stick far more often than not.

See also: Mac Power Users.

Steve Troughton-Smith:

Having read and watched through all the iPad coverage, it really seems like a lot of people are aligned on the top items where iPad falls down

  • The Files app infrastructure
  • The too-restrictive audio system
  • Background processing
  • Multiple user support

“Just put macOS on it” is the fallback for most criticism, because it’s hard to articulate just why iPadOS doesn’t cut it. And the “Where’s the Calculator?” discourse isn’t about a calculator app, it’s about the missing apps of the core OS

Steve Troughton-Smith:

I know people like to think iPadOS ‘forked’ from iOS when it was renamed a few years back, but it really didn’t. If you install Xcode, both iPhone and iPad simulators run out of the exact same OS root. It’s the same set of apps, the same SpringBoard — it just decides which features you get at runtime based on screen size and a feature map. That’s not a fork; the name essentially means nothing.

Jeff Johnson:

All I want is for my Macs not to be iPadified.

Update (2024-05-17): Joe Rosensteel:

The iPad Pro doesn’t need to run macOS, but the answer to why an iPad Pro can’t do something a Mac can do, shouldn’t be to carry two kinds of computers with the same M-series chips, with the same RAM, with the same storage, and do different things on each.

Francisco Tolmasky:

The iPad would be 1000% better if I could just buy comics on the Kindle directly instead of having to go to the website. Too bad insisting on 30% is clearly more important than that. But, yes, let's pretend that all the iPad's issues are around whether or not it would be confusing to users if Final Cut Pro used the GPU in the background. Because not having any clue how to buy a comic book in the Kindle app isn't confusing at all. iPadOS: THE KING of usability.

Update (2024-05-21): Jack Wellborn:

I am not opposed to the idea and agree that virtualized macOS would serve as an “escape hatch” of sorts. Instead of physically fleeing to Mac hardware at the first sight of a complicated task, users could merely flee to macOS while using the same iPad hardware. I also think virtualized macOS is a way better idea than using macOS as a tablet OS because it would be a distinct mode where touchability isn’t expected.

That being said, I think supporting of virtualized macOS on iPads would only serve power users who are not necessarily pro users. While the two aren’t mutually exclusive — there are undoubtedly countless pro users on the Mac using things like Homebrew, Applescript, and all sorts of other utilities — I would wager most pro users aren’t power users. To them, the computer is merely a conduit to the apps required to do their job. To non-power users, pro or otherwise, virtualized macOS on iPad would be messy.

[…]

macOS can be information rich on 11 and 13-inch screens specifically because it doesn’t support touch. In theory, iPadOS could also become information rich at the expense of touch friendliness whenever a trackpad and keyboard are connected. Modern iPads already offer display scaling and it’s easy to imagine a future where this sort of scaling could change based on peripherals, orientation, and/or whether Stage Manager is enabled. While I don’t like the idea of diminishing touch in iPadOS, it would still be way better than running an entirely separate OS. Merely toggling scale modes when disconnecting an iPad would be way more elegant than suspending macOS running in a virtual machine.

Quinn Nelson:

The simplest tasks on iPadOS are either incredibly difficult and time-consuming, or they’re so unintuitive that even a 25-year Apple veteran can't figure them out. Frankly, neither reflects well on iPadOS.

Update (2024-05-29): Steve Troughton-Smith:

I could make this a long thread already just from using Files for 20 mins this morning 😛 File transfers failed for no reason, copying a group of files has a ‘calculating’ step that takes several minutes but copying them individually does not, folder contents disappeared periodically, the ‘This Folder is Empty’ placeholder UI doesn’t support dropping files into it, and more. It really is a miserable experience, and it makes it hard to trust that any file actually made it safely to the iPad at all

No Bounty for Kernel Vulnerability

Meysam Firouzi:

I reported CVE-2024-27804, an iOS/macOS kernel vulnerability that leads to the execution of arbitrary code with kernel privileges.

It’s fixed in iOS 17.5 and macOS 14.5, but Apple says it’s not eligible for the security bounty.

Via Hacker News and Jeff Johnson.

Previously:

Update (2024-05-15): See also: Reddit.

Update (2024-05-16): Meysam Firouzi:

seem Apple have concluded that the reported CVE is not exploitable and they are planning to update the description to accurately describe the issue as an unexpected system termination rather than arbitrary code execution, but for good faith they will reward me 1000$.thanks @Apple

Apple really did update the security notes to say “Impact: An app may be able to cause unexpected system termination.” Originally, the description was “Impact: An app may be able to execute arbitrary code with kernel privileges.”

Via John Gruber (Mastodon):

I would think Apple would want to err on the side of being liberal with bug bounty payouts, to encourage researchers to report as many as they can find.

Craig Hockenberry:

A not fun fact: I didn’t get a security bounty for a macOS release that was done specifically to address an issue I found.

The rational was that I disclosed the issue publicly. Which I did after reporting it in the beta releases, and after they said “we’re unable to identify an issue in your report”, AND AFTER THEY RELEASED THE FUCKING VULNERABILITY.

mmzeeman:

Sounds familiar. When I reported a small issue with the Sign in with Apple api they denied there was a problem when they reported back (took months). The thing was that they fixed the problem just before reporting back. 😮. But the introduced another bug. Now one of the boolean values was put in the signed response as the string “true” or “false”. Which potentially leaves implementation vulnerable. So I filed another report. At which their documentation was silently altered at some point. 🙀I never heard back from them.

Ezekiel Elin:

Apple claims the ability to start a remote screen share session by speaking over FaceTime when the receiver has voice control on is not a security risk so…

Criticism of Signal

Justin Ling:

Zimmermann was a hacker in the oldest sense of the word. In the preceding years, he had grown freaked out by a proposal, put forward by a still-not-young Joe Biden, to force internet companies to give the U.S. government access to their users’ communications.

Zimmermann knew it was do-or-die time. Either the internet would be a free and open thing, or it would be subject to American meddling and surveillance.

[…]

When I first emailed Zimmermann, using an encrypted email client that traces its lineage to PGP, he called me back within an hour: “Do you have Signal?” We moved our conversation to the encrypted app, also a direct descendant of PGP, quickly thereafter.

[…]

So imagine my surprise when, this week, I came across a thinly-written essay arguing that Signal had “a problem.” It had, the essay argued, been compromised by the American intelligence state. Not from the outside, but from the inside.

I’ve always assumed that it is, because it’s such an important target and the agencies are good at what they do. I haven’t seen any solid evidence (which is what you’d expect if the compromising were done well), but there have been scattered reports suggesting that conversations have been intercepted (though perhaps this was through the phone or the recipients). That said, it’s probably better than the alternatives, and most of us are not government-level targets. As far as I know, Edward Snowden still recommends it.

Matthew Connatser:

Telegram CEO Pavel Durov issued a scathing criticism of Signal, alleging the messaging service is not secure and has ties to US intelligence agencies.

There is no evidence Signal is hooked into the US government as described by Durov.

[…]

“The US government spent $3 million to build Signal’s encryption, and today the exact same encryption is implemented in WhatsApp, Facebook Messenger, Google Messages and even Skype,” the Telegram leader said. “It looks almost as if big tech in the US is not allowed to build its own encryption protocols that would be independent of government interference.”

The CEO also claims that users’ Signal messages have popped up in court cases or in the media, and implies that this has happened because the app’s encryption isn’t completely secure. However, Durov cites “important people I’ve spoken to” and doesn’t mention any specific instance of this happening.

Matthew Green (Hacker News):

First things first, Signal Protocol, the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.

[…]

One concern with open source code is that even if you review the open code, you don’t know that this code was used to build the app you download from the App Store. “Reproducible builds” let you build the code on your own computer and compare it to the downloaded code.

Signal has these for Android, and it’s a relatively simple process. Because Android is friendly to this. For various Apple-specific reasons this is shockingly hard to do on iOS. Mostly because apps are encrypted. (Apple should fix this.)

I want to give Telegram credit because they’ve tried to “hack” a solution for repro builds on iOS. But reading it shows how bad it is: you need a jailbroken (old) iPhone. And at the end you still can’t verify the whole app. Some files stay encrypted.

josephg (2021):

I spent a few hours trying to get a local build of signal-ios working a few weeks ago, in order to write a PR fix a bug with lost voice messages. The xcode project uses a plethora of device entitlements I’m not allowed to have (since I don’t have the proper signal signing key). Even after a couple hours of tweaking to get it building and deployed to my device, its currently crashing on startup because it can’t access some special signal local device store.

You can certainly get your own build working (without notifications and other features). But personally I found it prohibitively difficult to do so.

Previously:

Update (2024-05-15): Nadim Kobeissi:

Ways through which a complacent Board of Directors can harm Signal:

  • Approve the roll-out of usernames while still keeping phone numbers mandatory, thereby avoiding the elimination of a core metadata element,
  • Roadblock the integration of anonymity tech, such as @nymproject

It is possible to have trust issues towards Signal based on who @mer__edith appointed towards its board of directors (eg. Katherine Maher), while also agreeing that there is no evidence of “undisclosed vulnerabilities” in its source code. Lots of effort to shift the discourse.

When Katherine Maher’s appointment to the Signal board gained attention, Signal began pushing a narrative that Elon Musk is conspiring to push people from Signal to Telegram. But Elon hasn’t mentioned Telegram once, and this seems like an attempt to divert the narrative.

I was surprised to see this, but I did some searches and it really doesn’t seem like Musk has pushed Telegram at all, or even mentioned Twitter DMs much.

Update (2024-05-29): Mike Butcher (Hacker News):

I sat down with the president of Signal at VivaTech in Paris to go over the wide range of serious, grown-up issues society is facing, from disinformation, to who controls AI, to the encroaching surveillance state. In the course of our conversation, we delved into Signal’s interactions with Elon Musk and Telegram’s Pavel Durov[…] Among other things, Whittaker is concerned about the concentration of power in the five main social media platforms, especially in a year when the world faces a large number of general elections, not least in the U.S., and Europe’s reliance on U.S.-based, external tech giants.

Revamping Siri With iOS 18

Tripp Mickle, Brian X. Chen, and Cade Metz (MacRumors, Slashdot):

Apple’s top software executives decided early last year that Siri, the company’s virtual assistant, needed a brain transplant.

The decision came after the executives Craig Federighi and John Giannandrea spent weeks testing OpenAI’s new chatbot, ChatGPT. The product’s use of generative artificial intelligence, which can write poetry, create computer code and answer complex questions, made Siri look antiquated, said two people familiar with the company’s work, who didn’t have permission to speak publicly.

[…]

Apple is expected to show off its A.I. work at its annual developers conference on June 10 when it releases an improved Siri that is more conversational and versatile, according to three people familiar with the company’s work, who didn’t have permission to speak publicly. Siri’s underlying technology will include a new generative A.I. system that will allow it to chat rather than respond to questions one at a time.

The update to Siri is at the forefront of a broader effort to embrace generative A.I. across Apple’s business. The company is also increasing the memory in this year’s iPhones to support its new Siri capabilities.

John Gruber:

I don’t think there’s a single sentence of news in the entire thing.

I think the timeline for recognizing and incorporating generative AI is new.

Dave Mark:

Amazing to me that it took 3 wks of ChatGPT to convince Apple that Siri was “antiquated”.

Whole bunch of folks have been screaming this from the rooftops for years. 😐

SiriVid (2010):

Siri is a virtual personal assistant on your phone. You ask Siri in your own voice, and it helps you get things done when you're on the go. This video shows a demo of Siri helping plan a romantic evening, get tickets to a great movie, discover cool things to do on the weekend, and getting back home.

Via Adam Overholtzer:

Apple never delivered on the promise of Siri.

To be clear: the stuff in this Siri demo, which is from before they were acquired by Apple, never really worked. But Apple chose to abandon this vision and here we are 14 years later, with a Siri that still lacks many of the features shown in the video.

I maintain that the real problem with Siri is that the basics don’t work well. The purported the focus on conversation and generative AI gives the impression that they still don’t get this.

Previously: