Craig Hockenberry:
This site now supports Dynamic Type on iOS and iPadOS. If you go to System Settings on your iPhone or iPad, and change the setting for Display & Brightness > Text Size, you’ll see the change reflected on this website.
This is a big win for accessibility: many folks make this adjustment on their device to match their abilities. Just because you can read a tiny font doesn’t mean that I can. It also is a win for consistency: my site’s font size matches the other text that a visitor sees on their device.
The best part is that this improvement can be realized with only a few lines of CSS:
html {
font-size: 0.9em;
font: -apple-system-body;
font-family: "Avenir Next", "Helvetica Neue", sans-serif;
}
Note that his site gets the system sizing but does not have to use the system font.
Previously:
Update (2024-07-08): Jeff Johnson:
The text is kind of small on the Mac.
Craig Hockenberry:
That’s macOS setting a default value that’s too small. (And I cover some mitigation in the post.)
Craig Hockenberry:
I’d like it to be higher. But doing so punishes people on mobile devices who aren’t using Safari. This is what it looks like on Android.
I’m not holding out on this being a standard outside the Apple ecosystem because AFAIK there isn’t a notion of Dynamic Type on other platforms.
The failing here is Apple not implementing it on all of their platforms.
Accessibility CSS Typography Web WebKit
Jason Snell:
Here’s a thing I noticed today. macOS Sequoia changes how non-notarized apps are handled on first launch. I couldn’t override by doing the control-click > Open > yes really Open dance. Instead, I had to go to the Settings app, to the Security screen, and click there to allow it to open. At which point it asked me AGAIN if I wanted to open it, and then had to put in my password!
I get the impulse about making it harder to socially engineer bad apps from opening, but… this is ridiculous.
Apparently, after the first time of going through System Settings, you can just use the contextual menu like before. But who’s going to figure this out on their own? It’s another take on security through obscurity.
With Mac notarization increasingly difficult to bypass, it becomes even more important that Apple not add a human element to it, like with iOS, where it could be weaponized to “review” apps that aren’t in the Mac App Store.
Meanwhile, the more pressing concern for me is that a significant number of my customers continue to encounter the Gatekeeper bug where it refuses to launch (notarized!) apps because it incorrectly reports them as damaged. The Control-click bypass never worked in this case. I don’t know how to reproduce the bug except that it seems to be related to downloading a new version of an app that had previously been installed.
Jeff Johnson:
Apple keeps twisting the screw to lock down the Mac.
Previously:
In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn’t signed correctly or notarized. They’ll need to visit System Settings > Privacy & Security to review security information for software before allowing it to run.
Jeff Johnson:
It’s gotten worse since the first macOS 15 beta:
In the first beta, once you allowed the first app to open in System Settings, subsequent apps could be allowed to open via the contextual menu.
In the latest beta, the rules don’t change, and you can never allow apps to open via the contextual menu, only in System Settings.
Nick Heer:
This is one of those little things which will go unnoticed by most users, but will become a thorn in the side of anyone who relies on it. These are likely developers and other people who are more technologically literate placed in the position of increasingly fighting with the tools they use to get things done. It may be a small thing, but small things add up.
Dominik Wagner:
The end of non-notarized software for regular users seems nigh.
John Gruber (Mastodon):
I mean, if there are exploits running wild because unsophisticated Mac users are Control-clicking malware apps they’ve somehow downloaded, where are they? I can only see two possible explanations for these changes: (a) these decisions that are making MacOS increasingly annoying for expert and power users are being made by cover-your-ass bureaucrats for no good reason, and no one who knows better is shooting them down within Apple; or (b) there’s a serious rash of unreported abuse of these features and Apple is too timid to publicize them to justify the increased frequency and arduousness of these permission nags, lest they admit the Mac has any problems at all.
See also: MacRumors, AppleInsider, and Hacker News.
Previously:
As there’s some confusion as to exactly what’s going on, this article explains how this should work, and what benefits notarization brings in return for this added inconvenience.
Previously:
Malware authors are more clever than ever. One of the latest trends is cloning real applications, often productivity apps like Notion or Slack, and injecting malware somewhere in the code. Authors then create install screens like the one below, instructing the user to right-click and open the malware to get around Gatekeeper. The crazy part is that sometimes users will go on to use these applications for quite some time and never know their system has been infected. Persistence is key for cybercriminals.
I don’t understand how making the override more difficult solves the problem of the user being tricked by a fake app.
Once again, I don’t doubt that unsigned apps are a vector for malware and scamware and that Apple has the best intentions in trying to prevent people from launching them unawares. But this new approach, which involves nearly a half-dozen steps, goes way too far. It crosses a line, I think, between Apple trying to protect the user and Apple aggressively trying to poison any app that would defy its notarization scheme.
Apple has promised to let you run any software you want on your Mac, but it never promised it wouldn’t make the process painful, I guess. I don’t like it. This is just too much.
When an app is being launched for the first time on that Mac, if it has been put into quarantine with a quarantine extended attribute, Gatekeeper will check whether it has been notarized. If it has, then its launch will progress to further checks such as those of XProtect. If it hasn’t been notarized, then macOS will warn you of that, and halt its launch.
[…]
If you want to launch the app despite that warning, open Privacy & Security settings, where you can click the button to Open Anyway.
The spctl
command line utility used to allow full manual control of Gatekeeper. In macOS Sequoia, it has lost most of its power, but you can still use it to re-enable the Anywhere option in System Settings -> Privacy & Security -> Allow applications from using this command:
spctl --global-disable
[…]
As a developer, I realize that it is now virtually impossible to release any Mac apps without having a developer account.
Previously:
Gatekeeper Mac macOS 14 Sonoma macOS 15 Sequoia Notarization Security
Ben Lovejoy (Slashdot):
Epic Games has accused Apple of deliberately delaying its attempt to launch its own iOS games store in Europe, and has filed a further antitrust complaint with the EU.
Epic Games:
Apple has rejected our Epic Games Store notarization submission twice now, claiming the design and position of Epic’s “Install” button is too similar to Apple’s “Get” button and that our “In-app purchases” label is too similar to the App Store’s “In-App Purchases” label.
We are using the same “Install” and “In-app purchases” naming conventions that are used across popular app stores on multiple platforms, and are following standard conventions for buttons in iOS apps. We’re just trying to build a store that mobile users can easily understand, and the disclosure of in-app purchases is a regulatory best practice followed by all stores nowadays.
Apple’s rejection is arbitrary, obstructive, and in violation of the DMA, and we’ve shared our concerns with the European Commission.
Tim Sweeney:
Epic had supported notarization during Epic v Apple on the basis that Mac’s mandatory malware scanning could add value to iOS. Now it’s disheartening to see Apple twist its once-honest notarization process into another vector to manipulate and thwart competition.
[…]
Gatekeeper review of apps cannot possibly stand under the DMA when they misuse this power to delay competitors, dictate confusing or non-standard user interface designs to competitors, sherlock competitors by sharing pre-release app details with executives and internal teams competing with the app, and introduce potentially many-year delays to fair competition during appeals.
Tim Sweeney:
I can share that, at the top of the Epic Games Store screen that Apple rejected, is a big Epic Games Store logo displaying the text “Epic Games Store”.
Apple says users may confuse this screen with their App Store, whose screens don’t prominently identify itself through the App Store trademark or its logo as our store does.
Ernesto Monasterio:
While I might not agree with everything the EU is asking from Apple, the fact that they’re using notarization as a de facto review process burns all the goodwill I might have towards the folks at Cupertino.
Jeff Johnson:
Funny how Apple will follow the law in Russia and China but flout the law in the EU. Censorship? Fine, great! Sideloading? Hell no!
Previously:
Antitrust App Marketplaces App Store Rejection Design Digital Markets Act (DMA) Epic Games European Union Fortnite In-App Purchase iOS iOS 17 Notarization
William Gallagher (Mastodon):
Apple’s App Store team has been notifying VPN developers that their apps are being removed “per demand from Roskomnadzor.” This the state media watchdog that previously forced both Apple and Google to remove a political app backed by the leader of the country’s opposition.
According to the Moscow Times, the Roskomnadzor regulator based its demand on how the apps include “content that is illegal in Russia.” It also reports that this demand to remove mobile apps follows the regulator’s increasing blocking of VPN services.
Francisco Tolmasky:
Just like when Apple got rid of the HKlive app during the Hong Kong protests. Imagine if there was a way to install apps not through the AppStore. That way the AppStore couldn’t be exploited as a censorship tool by governments. But then Apple might not make every possible cent off the iPhone, so probably not worth it. It’s crazy that Apple is probably happier with Russia’s actions towards the AppStore than Europe’s. No public fit. No press release. Just quiet compliance.
I am seeing some pushback in the form of “What is Apple supposed to do? That’s the law in Russia!” This is a bizarre post-2007 mentality. No one asked “How is Microsoft going to stop Limewire?!” No one thought it was Microsoft’s responsibility to single-handedly defeat piracy. Apple went out of their way to make themselves the sole gatekeeper, thus making themselves a target for manipulation.
Miguel Arroz:
The problem is not Apple complying with foreign laws. They have to, and although that is not true here, in most instances it’s a good thing (I don’t want American companies bullying through European or Canadian laws, for example).
The problem is Apple building platforms that prevent users from violating the law if they so wish. And from the moment authoritarian governments know such a thing is possible, they will leverage it and eventually require it.
Francisco Tolmasky:
It is much harder to write a law requiring an existing open platform become closed. Russia could have theoretically mandated that Microsoft write a new version of Win95 that used a certificate system so apps could only be acquired through a new mandated app store, but… that’s kind of a stretch (and would require considerable imagination). Instead, Apple on their own created a button that can be used for censorship, allowing a gov to simply have to ask to press it.
One way to look at it is that Apple has created a situation where the path of least resistance, the easiest thing for them to do, is to just comply with whatever censorship request is asked of them. That is never a good thing. It’s similar to the argument for end-to-end encryption: you create a situation where it is incredibly difficult (impossible) to comply with a government request, because it is too dangerous to just leave it up to whether can effectively “challenge” the request.
Apple understands this with private messaging. They can do right by their customers and avoid getting involved in these political matters. It’s a win-win, but perhaps that’s only possible because iMessage is a loss leader. End-to-end encryption makes iPhones better, so Apple sells more hardware. But with the App Store and the services strategy, the incentives are not so aligned. There could be a nice decentralized system for getting software, as with the Mac and the Web. But the temptation is too great to mandate that all the roads converge on a single choke point so that they can put a tollbooth on it.
Luke Dormehl:
The apparent trouble with Russia’s secret police and spy agency came up in Walter Isaacson’s 2011 biography of Jobs. Isaacson wrote that Jobs “insisted on talking about” Trotsky, the Bolshevik leader exiled as an “enemy of the people.” Trotsky was later assassinated in Mexico under the orders of Soviet dictator Joseph Stalin.
“You don’t want to talk about Trotsky,” a KGB agent allegedly told Jobs. “Our historians have studied the situation, and we don’t believe he’s a great man anymore.”
Jobs ignored this advice, according to Isaacson. “When they got to the state university in Moscow to speak to computer students, Jobs began his speech by praising Trotsky,” he wrote.
Previously:
Update (2024-07-08): Matthew Connatser:
“We also know that Google has received similar requests from the Russian regulatory agency and has even notified some proxy services that they might face removal,” Roskomsvoboda claims. “However, it has not taken any action so far.”
Roskomsvoboda believes eight VPN apps are no longer available on the Russian App Store, including popular ones such as NordVPN, Proton, and Private Internet Access.
Update (2024-09-30): Iain Thomson:
Apple has pulled 60 VPNs from its App Store in Russia, according to research from anti-censorship org GreatFire.
[…]
Russia’s also not that keen on Apple anyway. Last year the Kremlin banned employees from owning an iPhone – not a problem for Putin, as he famously doesn’t use a mobile. Over the last couple of years Apple has also had to pay tens of millions of dollars in fines over its anticompetitive behavior.
Update (2024-10-02): John Gruber (Mastodon):
The correct criticism to target at Apple is that this is the best argument against the App Store as the sole distribution channel of software for iOS. VPN software is still available for the Mac in Russia, and, I presume, is still available via sideloading for Android phones. When you create a choke point, you can be choked.
App Store App Store Takedown iOS iOS 17 iOS App Russia Steve Jobs Virtual Private Network (VPN)
Hartley Charlton:
Apple’s deal with Google that makes it the default engine on Safari faces uncertainty as the U.S. Department of Justice’s antitrust lawsuit looms, The Information reports.
Chance Miller:
Google pays Apple upwards of $20 billion per year to retain that default status, something the Justice Department says hinders competition in the search engine industry. Notably, Apple is not named as a party in the lawsuit, but the case has led to testimonies from Apple executives such as Eddy Cue.
It seems to me that that the built-in choices of search engines and the inability for users to add custom ones are much bigger deals than which one is the default.
Previously:
Antitrust Business Department of Justice (DOJ) Google Search iOS iOS 17 Lawsuit Legal Mac macOS 14 Sonoma Safari
Thomas Claburn:
Bastian helped create the word processing application that became WordPerfect while still a graduate student at Brigham Young University, working with Alan Ashton, his computer science professor.
They formed Satellite Software International (SSI) in 1979 and released an initial version of the software in March 1980 under the name SSI*WP for the Data General minicomputer. It cost $5,500 at the time, according to W. E. Pete Peterson, who wrote a history of the WordPerfect Corporation in the book Almost Perfect.
[…]
Microsoft Windows also debuted in 1985 and its rapid adoption in the years that followed meant WordPerfect had to compete on a new platform. By July 1991, WordPerfect’s share had started to slip and within a few years, Windows and Word had taken over.
[…]
As The Washington Post noted at the time, WordPerfect lost significant market share during the first half of the 1990s due to Microsoft’s strategy of bundling its Word application with other office software and selling them as a suite of applications.
There was a period in the mid-90s when WordPerfect was my favorite Mac word processor. It was not particularly Mac-like; it just worked really well. At the time, one of my issues with Microsoft Word was that the formatting would get all screwed up, and it was really hard to debug it. You couldn’t see which styling and spacing commands were attached to which bits of text. Most of the time, the problem was within a run of whitespace, so everything was invisible and it wasn’t clear where to click. Sometimes you’d have to just delete the whole section and start over. WordPerfect had a mode where you could show all the formatting codes. You could see—and edit—them like pseudo–HTML tags mixed in with the text. This made it easy to see exactly where to put the insertion point. You could even put it between “tags” and start typing to separate two regions that would seem glued together when Reveal Codes was off.
Michael S. Rosenwald:
Highly customizable, with a free customer support line, WordPerfect emerged from a crowded market of upstart word processors as the go-to choice of new personal computer users. (Among its fans was Philip Roth, who used it until he retired in 2012, long after the program was supplanted in popularity by Microsoft Word.)
Curtis Booker (via Hacker News):
Bastian stepped down from his role as chairman of WordPerfect in 1994 and the company was sold to Novell a short time later.
Bastian would go on to focus his time on charitable causes and philanthropy. In 1997, he started the B.W. Bastian Foundation, whose commitment is to only support organizations that fully embrace equality.
Previously:
Acquisition Business Mac Rest in Peace Windows Word Processing WordPerfect