Archive for June 7, 2024

Friday, June 7, 2024

WWDC 2024 Preview


From the Keynote to the last session drop, here are the details for an incredible week of sessions, labs, community activities, and more.

Juli Clover:

The updated version of the Developer app will host 2024 session videos, 1-on-1 labs with Apple engineers and designers, and more.

As far as I can tell, the app has the same old problems. I insta-deleted it when I realized that it still hijacks links opened in Safari.

Juli Clover:

The Vision Pro version of the Apple Developer app has a special immersive Environment included that can be used as a backdrop for watching session videos when WWDC begins next week.

Apple (MacRumors):

Every year, the Apple Design Awards recognize innovation, ingenuity, and technical achievement in app and game design. But they’ve also become something more: A moment to step back and celebrate the Apple developer community in its many forms.

Craig Hockenberry:

The next thing you know, they’re going to be giving the answers to Stump The Experts before WWDC starts.

Joe Rosensteel:

Here’s what Apple can learn from the mistakes other companies are making when it comes to demonstrating AI prowess.

Jason Snell:

But this isn’t just Apple’s chance to show it’s doing AI right. It’s also an opportunity to redefine the conversation about AI to make it more substantive and results-oriented–and, of course, to make Apple look better while doing it.

Howard Oakley:

If Apple sticks to its normal timetable, that would bring the release of Xcode 16 with Swift 6 in mid-September.

This is the first major version of Swift for five years; version 5 was distinguished with its introduction of a stable binary interface (ABI), a key milestone in its evolution since its first release ten years ago. Central to the changes in Swift 6 is structured concurrency that encapsulates threads with proper controls.

Jordan Morgan:

Our favorite annual conference is near, which means that the TENTH(!!) annual edition of the Swiftjective-C W.W.D.C. Pregame Quiz is ready to go!

The macOS App Icon Book is currently 20% off with coupon code DROP20.

See also: Who’s Going to WWDC24?, WWDC24 Wallpaper, How to Process WWDC, Dithering.


Update (2024-06-12): Basic Apple Guy:

This is my fourth annual dub-dub Bingo Board and one of the hardest to devise.

Update (2024-06-18): Helge Heß:

The developer app is a perfect testament of the quality of Marzipan and a punch in the face of developers. There is a reason why the vids are all available on YT. And why people are using the proper WWDC native app.


Apple Mail’s Broken “Block All Remote Content”

Jeff Johnson (Mastodon):

Mail app on macOS has a privacy setting Block All Remote Content that prevents downloaded emails from connecting to the internet. For example, HTML emails frequently include image links, which can be used for tracking: when the image is loaded from a remote server, the owner of the server knows that you’ve opened the email! Block All Remote Content is supposed to prevent this kind of tracking, and it did… until macOS Sonoma.


The remote connection attempt doesn’t occur when I open the email. […] In this case, the remote connection attempt occurred when I opened Mail app itself and the new email was downloaded.

What would we do without Little Snitch?

Import and Export From Apple Notes

John Gruber:

I worry that import and export aren’t priorities for Apple. Apple Notes can import RTF and plain text files, but its only option for exporting is, bizarrely, PDF — which is a file format Notes can’t import. A good system for import/export would allow for full fidelity round-tripping. You should be able to export to a file or archive format that Notes can also import, without losing any formatting, metadata, or image attachments. Notes doesn’t even try. And if Notes still doesn’t support robust import/export, 17 years after it debuted as one of the original iPhone apps in 2007, we probably shouldn’t hold our breath for Journal.

Open formats are where it’s at.


No Bounty for Kaspersky

Alexander Martin (via Damien Petrilli):

Apple declined to issue a bug bounty to the Russian cybersecurity company Kaspersky Lab after it disclosed four zero-day vulnerabilities in iPhone software that were allegedly used to spy on Kaspersky employees as well as Russian diplomats.


Operation Triangulation, as the spying campaign was named, was “definitely the most sophisticated attack chain we have ever seen,” the Kaspersky researchers said, with an explanation of it including 13 separate bullet points.


On the same day as Kaspersky’s disclosure, Russia’s Federal Security Service (FSB) accused the United States and Apple of having collaborated to enable the U.S. to spy on Russian diplomats.


Although Kaspersky is not specifically sanctioned in the United States in relation to the Ukraine conflict, the Department of Homeland Security had previously banned its products from government use on security grounds due to the level of control anti-virus software requires on a computer and the risks attached to that control for a company based in Russia.

See also: MalwareTips.


Update (2024-06-12): Arin Waichulis (Hacker News):

Galov even proposed that Kaspersky donate the bounty to charity, but Apple rejected this, citing internal policies without explanation. It’s not uncommon for research firms to donate bounty payments from large companies to charity. Some perceive it as an extension of their ethical obligation, but it undeniably contributes to a positive reputation within the security community.


According to Apple’s Security Bounty Program, the reward for discovering such vulnerabilities can be up to $1 million. It’s crucial to maintain this reward, as non-reported iOS zero-days can sell for well north of a million dollars in corners of the dark web.


Additionally, per Apple Security Bounty’s terms and conditions, “Apple Security Bounty awards may not be paid to you if you are in any U.S. embargoed countries or on the U.S. Treasury Department’s list of Specially Designated Nationals, the U.S. Department of Commerce Denied Person’s List or Entity List, or any other restricted party lists.”

It doesn’t seem like giving it to charity would violate the sanctions.

Nick Heer:

Kaspersky discovered this malware. It has affected devices running versions up to iOS 15.7, and it has been seen in use as early as 2019.

Dan Goodin (via Hacker News):

According to officials inside the Russian National Coordination Centre for Computer Incidents, the attacks were part of a broader campaign by the US National Security Agency that infected several thousand iPhones belonging to people inside diplomatic missions and embassies in Russia, specifically from those located in NATO countries, post-Soviet nations, Israel, and China. A separate alert from the FSB, Russia's Federal Security Service, alleged Apple cooperated with the NSA in the campaign. An Apple representative denied the claim.

Kaspersky Lab (via Hacker News):

This script allows to scan iTunes backups for indicator of compromise by Operation Triangulation.