Archive for October 2024

Apple Intelligence Digital Markets Act (DMA) European Union iOS iOS 18

iOS Apple Intelligence in EU in April 2025

Romain Dillet (Hacker News, MacRumors):

Remember when Apple blamed EU tech rules — and more specifically the Digital Markets Act — to justify the fact that Apple Intelligence wouldn’t be available in the European Union? Maybe that was just an attempt to turn EU users against their regulators as Apple Intelligence is coming to the EU in April 2025 along with local language support.
[…]
While Apple Intelligence is technically out of beta, you have to set your iPhone or Mac to U.S. English. On the iPhone, Apple also checks if your Apple account is associated with a European address. If that’s the case, you can’t enable Apple Intelligence on your iPhone at all, even if you set your iPhone to U.S. English.
On the Mac, it’s a different story, as European users can try out Apple Intelligence features starting Monday.

I don’t think this is quite accurate: Apple Intelligence no longer requires a beta version of the OS, but the feature itself is still marked as in beta.

Max von Thun:

So in the end, Europeans only need to wait five extra months for Apple’s new AI features, while presumably getting a better and safer experience due to compliance with EU laws on privacy and fair competition. So much for all the hysteria about Europe being “left behind”.

So far I have not heard any specifics about what will be “better and safer.” It just seems like a combination of Apple not being ready with other languages and not having had the time to report to EU regulators what it’s doing.

Previously:

Update (2024-10-31): Holger Eilhard:

This is also incorrect: “On the iPhone, Apple also checks if your Apple account is associated with a European address.” I have a European address on my iPhone (along with my german credit cards). I happen to be in the US and can use Apple Intelligence just fine – with the device set to US English and all that.

Update (2024-11-04): Nick Heer:

All we know right now is that Apple’s E.U. rollout of Apple Intelligence coincides with the availability of a bunch of European languages. The April language pack notably also adds support for two other English languages — Indian and Singaporean — plus Chinese, Japanese, Korean, and Vietnamese. No word on availability in China, but Tim Cook is working on it.

Wednesday, October 30, 2024

MacBook Pro 2024

Apple (Hacker News, MacRumors):

With M4, MacBook Pro is up to 1.8x faster than the 13-inch MacBook Pro with M1 for tasks like editing gigapixel photos, and even more demanding workloads like rendering complex scenes in Blender are up to 3.4x faster. With a Neural Engine that’s over 3x more powerful than in M1, it’s great for features in Apple Intelligence and other AI workloads. The M4 model also supports two high-resolution external displays in addition to the built-in display, and now features three Thunderbolt 4 ports so users can connect all their peripherals.

[…]

The new MacBook Pro with M4 Pro is up to 3x faster than models with M1 Pro, speeding up workflows like geo mapping, structural engineering, and data modeling.

[…]

With M4 Max, MacBook Pro delivers up to 3.5x the performance of M1 Max, ripping through heavy creative workloads like visual effects, 3D animation, and film scoring.

[…]

The new MacBook Pro introduces an all-new nano-texture display option that dramatically reduces glare and distractions from reflections.

[…]

MacBook Pro includes a new 12MP Center Stage camera that delivers enhanced video quality in challenging lighting conditions.

[…]

MacBook Pro with M4 Pro and M4 Max features Thunderbolt 5 ports that more than double transfer speeds up to 120 Gb/s, enabling faster external storage, expansion chassis, and powerful docking and hub solutions.

The nano-texture display and its non-crazy price are my favorite news here. There are still only 3 Thunderbolt ports, whereas the Intel MacBook Pros had 4. If more Thunderbolt 5 ports are not possible, I wish they would add some USB-C ports, like with the Mac mini. I’d also still like to see a smaller trackpad.

I’m still quite happy with my M1 Pro MacBook Pro, except for when a Lightroom import destroys it. However, this is a tempting upgrade; I’m mainly put off by the RAM and SSD prices. I would probably get it if I used the internal display more.

Unlike last year, where only more expensive configurations gained access to the Space Black shade, this year all MacBook Pro models come in just Silver and Space Black, even the base M4 model.

[…]

All three chip levels get a major webcam upgrade to the 12MP Center stage camera, which is the first Mac laptop webcam upgrade in quite a while. And Apple is claiming that all models can get up to 24 hours of battery life, which seems like a bit of a major milestone, even though (as always) battery life is not a simple thing to measure, and can vary widely based on how you use the computer in question.

Jonathan Deutsch:

The battery characteristics on the M4 vs M4 Pro vs M4 Max are interesting.

If you were hoping for a battery life upgrade like me from the M1 Pro, going for the M4 Max would not do very much.

Previously:

Update (2024-10-31): Joe Rossignol:

The new MacBook Pro models unveiled today feature display brightness enhancements in both bright outdoor lighting and low lighting.

Center Stage is available in video calling apps like FaceTime and Zoom. The feature was previously limited to newer iPad models and Macs connected to Apple's external Studio Display. The new MacBook Pro and iMac models are the first Macs to support Center Stage without needing to rely on a Studio Display.

I hope the video quality is better than on the Studio Display. The fact that the camera is 12MP doesn’t mean much if it’s only using part of the image.

Shadowfacts:

The RAM ceiling for the Pro chip has technically increased to 64GB, but unfortunately it’s almost moot because, on the laptop, “64GB or 128GB available with M4 Max with 40-core GPU.” It’s an artificial limitation, the Mac mini doesn’t have the same constraint.

I would probably go for 64 GB instead of 48 GB if I could get it with the M4 Pro, but I don’t need or want the M4 Max.

Adam Engst:

Apple’s storage prices are sky-high: you can buy an external 8 TB SSD for $500–$600, compared with Apple’s $2200, and it’s easy to find SSDs under $75 per terabyte.
[…]
Personally, I’m most intrigued by the 14-inch MacBook Pro with the base-level M4 chip because it can drive a pair of external displays. I rely on two 27-inch displays, but until now, that would have required either an expensive MX Pro-level machine or closing the lid on an M3 MacBook Pro or M3 MacBook Air.

Mitchel Broussard:

Best Buy is already providing early pre-order discounts exclusively to My Best Buy Plus and Total members at up to $150 off.

Adam Chandler:

So $50-$150 off a brand new computer and members get AppleCare ($279-$399 value) included.
I’m still so curious how BestBuy can just advertise these prices as an Apple Premium Reseller.

Adam Chandler:

Here’s an article from 2012 (LOL) talking about Apple’s advertised price rules retailers have to follow.
Clearly something changed.

Previously:

Apple’s Stale Mac Displays

Update (2024-11-08): Tim Hardwick:

The first wave of reviews of Apple’s new M4-powered MacBook Pro models were published this morning. We’ve collected some of the latest impressions from YouTube channels and select media outlets below.

Apple Hardware Announcement Apple M4 Apple M4 Max Apple M4 Pro Hardware Mac MacBook Pro macOS 15 Sequoia

I’m happy to report that, as of now, the $1599 base-model 14-inch MacBook Pro really feels like a full member of the family.
[…]
Laptops are designed to be portable. That means they can be used in uncontrollable conditions, and this display is more resilient in those situations. Of course, you may also be able to turn your chair to a different angle and solve the problem that way. It’s up to you to decide if you’d rather trade a little contrast for some dramatic glare reduction.
[…]
With the M4, the MacBook Pro’s FaceTime camera has been upgraded from a 1080p model to a new 12MP Center Stage camera. I can hear the groans now, but here’s the thing: This isn’t the same sensor as in some previous Center Stage cameras. It seems better, though for whatever reason, it doesn’t look as good as the one in the M4 iMac.

Jaron Schneider:

The MacBook Pro has been very prone to glare over the years and would have to rely solely on pure brightness to overcome it. Now it has another tool in its arsenal although the implementation is slightly different than nano-texture has been on previous Apple devices like the Pro Display XDR and iPad Pro. While those two devices have a layer of glass which is then etched with the nano-texture, the MacBook Pro doesn’t use that same glass cover. The nano-texture is, therefore, instead embedded on the inside of the display. The effect is the same, or similar enough, and Apple includes its special polishing cloth too, but it’s not strictly “necessary” to use to clean the MacBook Pro display (although it is recommended).
In practice, the nano-texture display has, to me, no downsides. Indoors, I didn’t notice anything different about the display versus the M3 Max MacBook Pro from last year. Outside, in direct sunlight, is a different story.
[…]
The M4 Max performs pretty much how we expected [with Lightroom]: it’s faster than the M3 Max, M4 Pro, and M1 Ultra, but slower than both a high-end PC and the M2 Ultra. It’s not much slower than those two desktop machines, however. It’s an excellent showing and is the fastest laptop we’ve ever tested.

Previously:

High Power Mode for M4 Pro Macs

Update (2024-11-15): Juli Clover:

The M4 MacBook Pro models feature quantum dot display technology, according to display analyst Ross Young. Apple used a quantum dot film instead of a red KSF phosphor film, a change that provides more vibrant, accurate color results.

Update (2024-11-18): See also: Hacker News.

Apple M4 Pro and M4 Max

Apple (Hacker News, MacRumors):

All three chips are built using industry-leading, second-generation 3-nanometer technology, which improves performance and power efficiency. The CPUs across the M4 family feature the world’s fastest CPU core, delivering the industry’s best single-threaded performance, and dramatically faster multithreaded performance. The GPUs build on the breakthrough graphics architecture introduced in the previous generation, with faster cores and a 2x faster ray-tracing engine. M4 Pro and M4 Max enable Thunderbolt 5 for the Mac for the first time, and unified memory bandwidth is greatly increased — up to 75 percent. Combined with a Neural Engine that’s up to 2x faster than the previous generation and enhanced machine learning (ML) accelerators in the CPUs, the M4 family of chips brings incredible performance for pro and AI workloads.

[…]

M4 Pro features an up to 14-core CPU consisting of up to 10 performance cores and four efficiency cores. It’s up to 1.9x faster than the CPU of M1 Pro, and up to 2.1x faster than the latest AI PC chip. The GPU features up to 20 cores for graphics performance that is 2x that of M4, and up to 2.4x faster than the latest AI PC chip. […] M4 Pro supports up to 64GB of fast unified memory and 273GB/s of memory bandwidth, which is a massive 75 percent increase over M3 Pro and 2x the bandwidth of any AI PC chip.

[…]

M4 Max is the ultimate choice for data scientists, 3D artists, and composers who push pro workflows to the limit. It has an up to 16-core CPU, with up to 12 performance cores and four efficiency cores. It’s up to 2.2x faster than the CPU in M1 Max and up to 2.5x faster than the latest AI PC chip. The GPU has up to 40 cores for performance that is up to 1.9x faster than M1 Max and up to an astounding 4x faster than the latest AI PC chip. […] M4 Max supports up to 128GB of fast unified memory and up to 546GB/s of memory bandwidth, which is 4x the bandwidth of the latest AI PC chip.

The RAM ceiling for the Pro chip has increased from 36 GB to 64 GB, but for the Max it’s unchanged at 128 GB.

Here’s a summary of the cores situation:

	Regular	Pro	Max
M1	4p/4e	8p/2e	8p/2e
M2	4p/4e	8p/4e	8p/4e
M3	4p/4e	6p/6e	12p/4e
M4	4p/6e	10p/4e	12p/4e

So this seems like a bit of a return to form, where the Pro is closer to the Max, and the Max is mostly attractive for GPU performance and RAM capacity, rather than the CPU. (And you need a $900 BTO option to get those extra 2 cores on the M4 Max.)

Previously:

Update (2024-10-31): Andrew Cunningham:

Because Apple staggered its product and chip announcements, we’ve gathered some basic specs from all versions of the M4, M4 Pro, and M4 Max to help compare them to the outgoing M2 and M3 chip families, including the slightly cut-down versions that Apple sells in the cheaper new Macs. We’ve also rounded up some of Apple’s performance claims, so people with older Macs can see exactly what they’re getting if they upgrade (Apple still likes to use the M1 as a baseline, acknowledging that the year-over-year gains are sometimes minor and that many people are still getting by just fine with some version of the M1 chip).

So how do the three latest-generation Apple silicon chips compare and which should you choose?

Update (2024-11-04): AppleLeaker (via Hacker News):

Apple’s M4 Max is the first production CPU to pass 4000 Single-Core score in Geekbench 6. The M4 Max is faster than the M2 Ultra in almost every way (90% as powerful as M2 Ultra in GPU). Simply incredible.

Joe Rossignol (Hacker News):

Impressively, the results that are available so far show that the highest-end M4 Pro chip is faster than the highest-end M2 Ultra chip in terms of peak multi-core CPU performance.

I’m not sure how the benchmark is constructed, but that’s surprising given that the M2 Ultra has 10 more cores.

Based on the Metal scores that are available so far, the M4 Pro and M4 Max are up to around 40% and 25% faster for graphics than the M3 Pro and M3 Max chips, respectively.

The first Geekbench 6 benchmark results for the high-end M4 Max chip with a 16-core CPU surfaced today, and they show that the chip is up to 25% faster than the high-end M2 Ultra chip with a 24-core CPU in terms of peak multi-core CPU performance.

[…]

As we mentioned in our previous reporting, you can now purchase a Mac mini with a 14-core M4 Pro for $1,599 in the U.S. and get similar to faster peak performance than a Mac Studio with the 24-core M2 Ultra, a configuration that starts at $3,999.

As these are complicated by sub-variants and binned versions, I have brought the details together in a table.

[…]

I’ve been looking to replace my original Mac Studio M1 Max. As it looks likely that an M4 version of the Studio won’t be announced until well into next year, I’m taking the opportunity to shrink its already modest size to that of a new Mac mini. What better choice than an M4 Pro with 10 P and 4 E cores and a 20-core GPU, and the optional 10 Gb Ethernet?

Update (2024-11-11): Howard Oakley (Hacker News):

All CPU cores are arranged in clusters of up to 6. All cores within any given cluster share L2 cache, and are run at the same frequency (clock speed). The Base M4 has a single cluster of 4 P cores, while the Pro and Max have two clusters of 5 and 6 cores respectively.

[…]

Threads are normally allocated by macOS to an available P core when their designated Quality of Service (QoS) is higher than 9 (Background), for example when using Dispatch, formerly branded Grand Central Dispatch (GCD). Running threads may also be moved periodically between P cores in the same cluster, and between clusters. Previous M-series chips appear to move threads less frequently, and may leave them to run to completion after several seconds on the same core, but threads appear to be considerably more mobile when running on M4 P cores.

Andreas Hegenberg:

The only benchmark that matters to me: Clean build of BetterTouchTool on M1 Max: 182s, on M4 Max: 99s (in general building seems significantly slower on Xcode 16 than on older Xcode versions)

Previously:

High Power Mode for M4 Pro Macs

Update (2024-11-13): Sherief, FYI:

Apple has the best CPU scheduler and the only one that takes efficiency (perf/watt) and thermal headroom into account that I know of. Incredible work really.

Apple Hardware Announcement Apple M4 Max Apple M4 Pro Mac Processors

All virtualised threads are treated by the host as if they are running at high Quality of Service (QoS), so are preferentially allocated to P cores, even though their original thread may be running at the lowest QoS. This has the side-effect of running virtual background processes considerably quicker than real background threads on the host.

Andreas Osthoff:

The M3 generation already offered extremely good single-core performance, leaving the competition from AMD, Intel and Qualcomm in the dust. Only Intel’s new desktop processor, the Core Ultra 9 285K, was on a comparable level to the M3 SoCs. Apple has stepped up its game even more with its new M4 processors, further widening the gap massively. The P-cores’ maximum clock rate, which is about 500 Mhz higher, results in a performance boost of over 20% compared to the M3 models.
[…]
Depending on the test, its lead over the old M3 Pro with 12 cores was between 47-57% and, as a result, the new M4 Pro is on par with the old full M3 Max. This is a considerable increase in performance and, especially within the 14-inch field, the new M4 Pro faces no competition—neither from AMD, Qualcomm nor Intel. The only exception in this case is the Ryzen AI 9 HX370 inside the Asus TUF A14, which can permanently consume 80 watts and performed slightly better in the CB-R23 test.

Update (2024-11-18): Howard Oakley (Hacker News):

E cores running low QoS threads at close to minimum frequency take about four times as long, 38.5 seconds, but use less than 45 mW power per thread. Total energy used to complete one thread is therefore over 23 J when run on P cores, and less than 1.7 J when run on E cores. E cores therefore use only 7% of the energy that P cores do performing the same task.

Update (2024-11-22): Howard Oakley:

In this series I concentrate on much narrower concepts of performance in CPU cores, to provide deeper insight into topics such as core types and energy efficiency. This article examines the in-core performance of P and E cores, and how they differ.

[…]

P core frequencies have increased substantially since the M1. If we set that as 100%, M3 P cores run at around 112-126% of that frequency, and those in the M4 at 140%.

Update (2024-11-25): Howard Oakley:

This article tries to estimate the cost in terms of power and energy of running identical tests on M4 P and E cores, and thereby provide insight into some of the most distinctive features of Apple silicon, and their benefits.

Update (2024-11-27): Howard Oakley:

From early work by Dougall Johnson on the M1, it has been known that some of the functions in Apple’s vast Accelerate maths libraries can run code on the AMX. Thanks to the guidance of Maynard Handley, a year ago I concluded that one of those is the vDSP_mmul function in the vDSP sub-library. This article reports tests of that function in a Mac mini M4 Pro running Sequoia 15.1.1, leads on to an explanation of previous results using floating point and NEON tests, and considers the effects of Power Modes.

Update (2024-12-03): Howard Oakley:

When running on Apple silicon Macs, macOS modulates ‘cluster HW active frequency’ of P cores, limiting frequency to below maximum when cluster total active residency exceeds 100%.

Although small in M1 variants, this is most prominent in M4 variants, where a total active residency of 300% may reduce cluster frequency to 87% of maximum.

Frequency limitation is most probably part of a pre-emptive strategy in thermal management.

Update (2024-12-06): Howard Oakley:

For the purposes of this article, I’ll consider a single thread that macOS is ready to load onto a CPU core for execution. For that to happen, five decisions are to be made:

which type of core, P or E,

which cluster to run it in,

which core within that cluster,

what frequency to run that cluster at,

the mobility of that thread between cores in the same cluster, and between clusters (when available).

Use a Cloned Drive to Recover From Mac Failures

I got up and running in no time because I keep a USB drive permanently attached to my Mac Studio, and make sure it’s a complete clone of my drive. When I reinstalled macOS Sequoia, I was able to use Migration Assistant to restore from my cloned backup drive, and it returned me to more or less the same state I had been in when the computer died.

[…]

Yes, I also do a Time Machine backup—because it’s nice to have redundancy and it can be helpful in grabbing a file that’s changed in the past. It used to be that Time Machine was a must-have because your cloned disk wasn’t really a backup, since it only contained the most recent view of your disk, and if a file was deleted a few days earlier, it would not be retrievable.

But with the advent of Apple’s APFS filesystem, tools like Carbon Copy Cloner use the APFS snapshot feature to fill up all the excess space on your backup drive—remember, I bought a 2TB drive for a 1TB disk—with previous versions of your disk. So there are some extra layers of protection, though I’m still running Time Machine and Backblaze too. You can never have enough data protection.

It’s nice that Migration Assistant makes it so easy to restore. The downside is that it can be slow, even if the clone is on an SSD. Back in the day you could just boot directly from the clone and be up and running almost immediately. It helps to keep the bulk of your data files on separate drives or partition so that restoring the home folder doesn’t take as long.

Apple File System (APFS) Backup Carbon Copy Cloner DropDMG EagleFiler Mac macOS 15 Sequoia Migration Assistant SuperDuper Time Machine

Over the last few weeks I’ve had several questions from those trying to use TM in more demanding circumstances. This article explains how you can design volume layout and backup exclusions for the most efficient backups in such cases.

Previously:

Update (2024-11-01): Howard Oakley:

By archiving, I mean putting precious files somewhere they can be retrieved in at least ten years time. They may include financial, business, employment and personal records, as well as all finished work that you want to record for posterity. For most, they’ll also include a careful selection of still images, movies, and the more important documents you might create, such as books, theses and papers. They’re what you and the law want you to keep in perpetuity, and to be able to retrieve even after you’re gone.

To see how this can be achieved, I consider: the storage medium to be used, file formats that will be retrievable, how to index them for access, physical storage conditions, and the checks of their integrity that are needed.

[…]

If you’re serious about maintaining your archives, some form of integrity checking, such as that provided by my free utilities Dintch, Fintch and cintch, is essential. Check a sample on each disk once a year, to ensure that none has started to deteriorate. If you do detect errors, that’s the time to burn a replacement before the original is lost to decay.

I use USB sticks and hard drives for my archives and DropDMG and EagleFiler for integrity checking.

Tuesday, October 29, 2024

Mac mini 2024

Apple (Hacker News, MacRumors):

Apple today unveiled the all-new Mac mini powered by the M4 and new M4 Pro chips, and redesigned around Apple silicon to pack an incredible amount of performance into an even smaller form of just 5 by 5 inches.

[…]

For more convenient connectivity, it features front and back ports, and for the first time includes Thunderbolt 5 for faster data transfer speeds on the M4 Pro model.

[…]

Mac mini with M4 features a 10-core CPU, 10-core GPU, and now starts with 16GB of unified memory.

[…]

For users who want pro-level performance, Mac mini with M4 Pro features the world’s fastest CPU core with lightning-fast single-threaded performance. With up to 14 cores, including 10 performance cores and four efficiency cores, M4 Pro also provides phenomenal multithreaded performance. With up to 20 cores, the M4 Pro GPU is up to twice as powerful as the GPU in M4, and both chips bring hardware-accelerated ray tracing to the Mac mini for the first time. The Neural Engine in M4 Pro is also over 3x faster than in Mac mini with M1, so on-device Apple Intelligence models run at blazing speed. M4 Pro supports up to 64GB of unified memory and 273GB/s of memory bandwidth — twice as much bandwidth as any AI PC chip — for accelerating AI workloads.

They kept HDMI but dropped a Thunderbolt port. The version with the Pro processor starts at $1,399 instead of $1,299 with the previous model, but it includes 24 GB of RAM, up from 16 GB.

Dan Moren (post):

Apparently you cannot spec the new M4 Pro Mac mini with 32GB of RAM—it’s the standard 24GB or you have to pay $400 to double that to 48GB? (I have 32GB on my M2 Pro Mac mini…so I’d have to downgrade or pay wayyyy more.)

Since people always ask this: a base model Mac mini is a perfectly fine computer for developing iPhone, iPad, Mac and Vision Pro apps comfortably. I’ve never had to worry about performance or RAM usage on my M1 — it’s fast, stable, and reliable.
(But I also do not use Slack or Chrome, or any of the other worst offenders, so weigh that appropriately)

And keep in mind, the Mac mini was never updated to the M3—its last update was to the M2 in early 2023. So if you’re just looking at the Mac mini, the model-to-model speed boosts will be even more impressive than the gains between this chip generation and the last.

Mr. Macintosh:

A lot of people are talking about the new M4 Mac mini power button location.

Apple decided to put it on the bottom. While the bottom vent raises the height, you will still have to tip it up to reach the power button.

The new Mac Mini internal architecture is reminiscent of the Apple TVs. Fan on the bottom (some Apple TVs have it), logic board in the middle, power supply on top. This way, heat generated from the power supply doesn’t go up to the SoC. Quite cool (no pun intended)!

Damn, new Mac mini is (I believe?) the first Mac with DisplayPort 2.1 support. That means a theoretical maximum monitor support of 8K at 240Hz (!!) with HDR and DSC.

Previously:

Update (2024-10-30): John Gruber:

The new Mini form factor sports a dramatically smaller footprint, but because it’s taller (which ought to be better for thermals), the difference isn’t as great by volume[…]

[…]

No cheating either: the power supply remains inside the Mac Mini case. (But as shown above, the Mac Mini remains quite a bit larger than an Apple TV 4K.)

There are now two desktop Macs and four Apple silicon chip options for users who do not need the expandability of the Mac Pro. The Mac Studio starts at $1,999, overshadowing the $599 starting price of the M4 Mac mini and even the $1,399 starting price of the M4 Pro Mac mini, so do you need the performance of the Mac Studio , or is the humble Mac mini sufficient for your needs? Our guide helps to answer the question of how to decide which of these two desktop Macs is best for you.

John Voorhees:

The new Mac mini is exactly the Mac I wanted when I got the Mac Studio. It doesn’t support as much memory or storage as a Studio, but you can build a real beast of a Mac around this tiny computer including with Thunderbolt 5.

The Mac mini is Apple’s first carbon neutral Mac to date, and it joins the carbon neutral Series 10 Apple Watch models.

However, this was possible through “high-quality carbon credits.”

Adam Tow:

In this article, I’m going to talk about my experience with Mac mini over the years, and how I see myself potentially using the new M4-powered Mac mini in the future.

Ezekiel Elin:

I’ve just ordered a new base model to replace my M2 base model. Double the RAM and M2->M4 for just $240 after trade-in made this an easy swap.

iMac 2024

Apple (Hacker News, Slashdot):

With M4, iMac is up to 1.7x faster for daily productivity, and up to 2.1x faster for demanding workflows like photo editing and gaming, compared to iMac with M1. With the Neural Engine in M4, iMac is the world’s best all-in-one for AI and is built for Apple Intelligence, the personal intelligence system that transforms how users work, communicate, and express themselves, while protecting their privacy. The new iMac is available in an array of beautiful new colors, and the 24-inch 4.5K Retina display offers a new nano-texture glass option. iMac features a new 12MP Center Stage camera with Desk View, up to four Thunderbolt 4 ports, and color-matched accessories that include USB-C. Starting at just $1,299, now with 16GB of unified memory, the new iMac is available to pre-order today, with availability beginning Friday, November 8.

This seems good as far as it goes, but there are no models with Pro processors or larger displays. It still has a lower RAM ceiling and fewer ports than the Intel-based iMacs. The SD Card slot is back on the MacBook Pros, but not here.

Christina Warren:

Apple might finally be forced to ship computers with 16GB of RAM as default (2016 called and it’s laughing) but glad to see the dedication to charging truly obscene amounts of money for storage is still alive and well. $600 upcharge for 2TB is a war crime.

My bad — it’s actually worse! The upcharge from 256GB on the base model iMac to 2TB is $800. That’s 2/3 the price of the computer.

Samsung, a top brand, is currently selling external 2 TB SSDs for $150.

Benjamin Mayo:

now they need to do a studio display update featuring the new iMac’s upgraded camera

I don’t know—the Studio Display’s camera is also described as 12MP. So I wonder whether they actually made the iMac’s camera worse by using better hardware but coupling it with Center Stage.

For the M4 iMac models with 10-core CPU and 10-core GPU, all four of the USB-C ports support Thunderbolt 4 transfer speeds of up to 40Gb/s. The prior-generation M3 iMac with four ports had two Thunderbolt 3 ports and two USB-3 ports.

The 8-core CPU and 8-core GPU models only have two ports, but both of those are Thunderbolt 4.

First introduced with the Pro Display XDR in 2019, nano-texture glass is etched at a nanometer scale, which is meant to preserve image quality while scattering ambient light to cut down on glare. It is the most matte display type that Apple makes, and Apple claims that it is useful for high-end, color-managed workflows or demanding ambient lighting environments.
The 2020 27-inch Intel-based iMac was available with a nano-texture display option prior to its discontinuation, so the new iMac marks the first time that the feature has been available with the Apple silicon version of the device. The new iMac ‘s nano-texture glass is a build-to-order option that costs $200, configurable at the point of purchase.

Scott:

No Target Display Mode… when do we start holding @Apple to account on their PR narratives, in this case e-waste and environmental sustainability?

The M4 chip debuted in the iPad Pro earlier this year, promising around 20% faster performance than the M3 chip in both single and multi-core tasks. All of the key differences between the two chip generations are listed below[…]

Dan Moren:

While the colors remain the same—blue, purple, pink, orange, yellow, green, and silver—Apple has tweaked the backs of the computer with more vibrant versions of most of the colors.

The new colors don’t seem all that different from the old ones, except for green, which seems much more just-plain-green green. The old iMac green was more like teal? It also seems like maybe the new colors are a bit less saturated on the back?

Previously:

Update (2024-10-30): Rob Mathers:

It used to be that the egregious SSD prices at least got you better performance. Nowadays they’re well behind the best NVMe speeds and even more out of whack with pricing.

Apple’s third Apple silicon iMac gains the M4 chip alongside a range of other small but notable improvements, so how does the new machine compare to its two predecessors?

One difference: the entry-priced $1,300 2-port model, which has an 8-core CPU (rather than 10-core), ships with a Magic Keyboard that doesn’t have a Touch ID button; all of the 4-port/10-core configurations ship with a Touch-ID–equipped keyboard.

Update (2024-11-08): Joe Rossignol:

Ahead of time, the first reviews of Apple’s latest all-in-one desktop computer have been shared by select media outlets and YouTube channels.

Apple Hardware Announcement Apple M4 iMac Mac macOS 15 Sequoia RAM Solid-State Drive (SSD)

With the M4 iMac, the FaceTime camera has finally been upgraded to Center Stage. And maybe it was worth the wait, because this isn’t the same 12MP sensor as in some previous Center Stage cameras. It’s new and improved—so improved that I could tell the difference the first second that I turned it on.

In a challenging low-light environment, the original Center Stage camera on an Apple Studio Display can look fuzzy, blotchy, and low contrast. The new Center Stage camera on the M4 iMac looks sharper, with more contrast and much more natural-looking skin tones. It’s what Center Stage should’ve looked like all along, and it’s a nice upgrade.

[…]

Using a nano-texture-covered display is a little weird—the reflections just stop at the screen edge, as if by magic. It works incredibly well. And most of the time, in more normal lighting conditions, I didn’t really notice the nano-texture being there. (Yes, if you look closely you will notice a light scatter that can reduce contrast a bit.)

[…]

Apple talks a lot about how it wants to reduce waste and be a better environmental force in the world. Making iMacs with perfectly good displays that can’t ever be repurposed into something else doesn’t seem to fit with that attitude. It’s unfortunate.

Update (2024-11-25): Nathan Edwards (Hacker News):

But otherwise, it’s the same machine as it was in 2023, and it’s substantially the same as it was back in 2021. Don’t get me wrong, I love looking at this thing. I feel calmer and more productive walking into my office and seeing that unbroken expanse of blue instead of the rat’s nest of cables that come out of my regular monitor. There are just vanishingly few situations in which the most important thing about a computer is how it looks from the back, and the iMac asks you to give up too much in exchange.

[…]

The thing about an all-in-one computer is that all of those things have to be worth it. If you have to start plugging in a bunch of stuff to compensate for what’s built in, you might as well get something else.

[…]

But even when I’m using a different keyboard, I have to keep the Magic Keyboard within arm’s reach so I can use TouchID. TouchID is great, and it’s frustrating that Apple put it on the keyboard instead of the power button, and it’s doubly frustrating that you have to upgrade from the base model to get it.

7 Comments

USB-C Magic Mouse, Magic Keyboard, and Magic Trackpad

Alongside the new iMac, Apple announced updated versions of the Magic Mouse, Magic Keyboard, and Magic Trackpad. The accessories are now equipped with USB-C charging ports, whereas the previous models used Lightning. Apple includes the Magic Mouse and Magic Keyboard in the box with the iMac, and the Magic Trackpad is an optional upgrade.

Unfortunately, unlike the first-generation Magic peripherals, these are still only able to pair with one Mac at a time. So you cannot switch them between Macs in software.

Jay Peters:

Apple’s new USB-C-equipped Magic Mouse somehow still has the charging port on the bottom. While Apple could have used the launch as an opportunity to move the charging port from the underside of the device — where the port has remained for nearly a decade, despite other updates to the mouse and being mocked for the decision — the port is still there, as shown in the “view in your space” augmented reality rendering from Apple’s website.

I really hope nobody is surprised that the USB-C Magic Mouse charging point is in the same location.

Mike Piatek-Jimenez:

Wait, so Apple updated the port on the Magic Mouse, but didn’t fix the biggest bug related to the port of the Magic Mouse?!? 🤦‍♂️

Yes, with the charging port on the mouse’s belly, you cannot use it while it charges. There are obvious downsides to that. But those positing the Magic Mouse as absurd act as though Apple doesn’t know this. Of course Apple knows this. Apple obviously just sees this as a trade-off worth making. Apple wants the mouse to be visually symmetric, and they want the top surface to slope all the way down to the desk or table top it rests upon. You can’t achieve that with an exposed port.

My other hunch is that the Magic Mouse’s designers actually see the inability to use it while plugged in as a feature, not a bug. They want you to use it wirelessly, so you have to use it wirelessly.

[…]

With this design, the mouse looks better 100 percent of the time it’s in use, and it looks a bit silly every few months when you need to charge it.

I’ll grant that it looks better, but I thought Apple design was supposed to be about how it works. I guess my question is, why are they optimizing for the minority of people who don’t know it’s wireless? In order to prevent some people from using it non-optimally, they’re consigning others to having mice that sometimes, at the worst possible time, don’t work at all. Could they not put an instruction card in the box or show a bezel notification when you plug it in to remind people that it can be used wirelessly?

Also, I’m seeing a lot of commentary about how you only have to charge it a few times a year or every few months, but I think for me it’s more like once or twice a month. I like the way the Magic Mouse works as a mouse, but it’s way more annoying than when I had a Logitech mouse that ran on a single AA battery for a whole year.

The low-battery notifications are also a problem. In my experience, they show up way too late (when the mouse is so close to dying that you have to interrupt what you’re doing) or not at all. Lately I’ve been using ToothFairy to show the current battery level in the menu bar so that I get earlier notice that the battery is getting low. One of the top feature requests I get is for it to support customizable low-battery notifications because the built-in macOS ones aren’t fit for purpose.

Another use case: I have a test Mac that I mostly access via screen sharing. It would be simpler if I could just leave the Magic Mouse plugged in so that, on the rare occasion when I do physically use that Mac, I can be sure that the battery won’t be dead. Since that’s not possible, I have to leave the mouse belly up, then unplug it for use, and I sometimes forget to plug it back in when I’m done using it.

None of this is the end of the world, but there’s a reason it’s a meme. One upon a time, all the Mac notebooks had upside down Apple logos, and I’m sure the designers had a reason for that, but eventually they had the courage to change it, to great applause.

Zac Alan Cichy:

What’s less fine than the charging port location is just the lack of fundamental iteration. We’re going on 16 years of not altering this mouse in any serious way.

I just grew up with an Apple that would KEEP PUSHING. I don’t think they found the end of the mouse with the Magic Mouse. It’s damn good, but not the end. Haptics. So much could be done.

One idea would be to support Qi charging so that you could just leave it on the pad now and then. I’m sure there’s more that could be done in other areas—I miss the side buttons that the Mighty Mouse had.

Jesper:

These properties of the Magic Mouse are reasonably understood within minutes, if not intellectually then at least vividly. It’s possible I’m underestimating the proportion of people whose anatomy allow them complete comfort with a Magic Mouse — that proportion, even if small, is likely at least hundreds of thousands of people at Apple’s scale — or the probably decidely bigger proportion who just don’t care and consider it a worthwhile trade-off.

It’s comfortable for me, but then I also like those small Logitech mice that you hold with your finger tips instead of putting your palm on top.

New needs friends, and progress is often downstream of a few blind alleys. But at this point I'm more than interested what a Magic Mouse 2, that tries to take the learnings of how Magic Mouse has played out in real life and how people's bodies actually work and do something different, would look like.

To just ship the same thing after nine years, with all the flaws that its trade-offs have lead to would be... well, pants-on-head stupid.

Sebastiaan de With:

OK but the most exciting news today is that you can now get a really nice woven black USB-C cable from Apple with a Magic Keyboard, Trackpad or Keyboard.

Nicholas Riley:

Seems the new Magic Keyboards without keypad are only available with an iMac for now? That was the one thing I planned on buying this week, but I guess it’ll be a while…

The USB-C Magic Keyboard is available, but not in any colors.

Apple Intelligence Mac macOS 15 Sequoia macOS Release SwiftUI Synology

For the time being, Apple is continuing to sell a Lightning version of the Magic Keyboard with a numeric keypad, but it lacks a Touch ID button. Apple has yet to release a USB-C version of this particular Magic Keyboard.

The list of Apple devices and accessories that are still sold with either a Lightning port or a Lightning connector is now quite small[…]

Previously:

Update (2024-10-30): I don’t care about Touch ID, but unfortunately the non–Touch ID Magic Keyboard still has the globe key on the right side, where it’s nearly impossible to use as a modifier for the new window management keyboard shortcuts.

Update (2024-11-01): Juli Clover:

The new USB-C accessories require macOS Sequoia 15.1 to work properly, and as noted on the MacRumors forums, earlier versions of macOS do not work. There are reports from users running macOS Sonoma and Ventura who are having issues with the new devices. With the keyboard, Touch ID and function keys don’t work, and with the Magic Mouse, the scrolling doesn’t function. In some cases, the accessories are recognized as older devices, inhibiting proper functionality.
This isn’t a problem limited to just people running older versions of macOS, because there are also reports from developers who have installed the first macOS Sequoia 15.2 beta. It appears that the macOS Sequoia 15.2 beta was released before Apple could add in support for the new Magic Mouse, Magic Keyboard, and Magic Trackpad.

Touch ID, I guess I can understand, but why don’t the basic features work? Are they not using standard Bluetooth? Did Apple make more extensive changes beyond just the port?

macOS 15.1

Juli Clover (release notes, security, enterprise, developer, full installer, IPSW):

macOS Sequoia 15.1 introduces the first Apple Intelligence features for Macs that are equipped with an M-series chip. Not all Apple Intelligence features are available, but the update includes support for Writing Tools, a new Siri design, AI-powered Focus modes, smart replies, and summaries.
[…]
Siri has been updated with a new design that includes a subtle glow around the display, and Type to Siri means you don’t have to speak to Siri to get answers. Siri can follow along if you stumble over your words, and can maintain context between requests. Safari can summarize articles, and there’s a new Reduce Interruptions Focus Mode that intelligently highlights only important notifications.
Smart replies are available in Messages and Mail, plus the Mail app surfaces priority time sensitive messages and puts them at the top of your inbox. Photos has a Memory Movie feature for creating slideshows based on text descriptions, and there is a Clean Up tool for unwanted objects in your photos.

See also: Mr. Macintosh and Howard Oakley.

Rich Trouton:

While not all of these Apple Intelligence features may be available as of macOS 15.1 in all areas of the world, use of these new features may not be acceptable for security reasons in all Mac environments. Having these management options available now allows Mac admins to get management of these features in place before Apple makes them available.

Marcin Krzyzanowski:

new SwiftUI [toolbar items] crash just shipped

workaround:

a) DispatchQueue.main.async { }
b) apply random modifiers to random places hoping it help

Apple reports this as a known issue in 15.1, but it was apparently introduced in 15.0.

Previously:

Update (2024-10-29): Patrick Wardle:

macOS 15.1 appears to have (finally!) fully resolved the slew of networking issues that plagued the initial macOS 15 release! 🩹🍎

Previously:

Update (2024-10-30): Paul Kafasis:

MacOS 15.1 includes important audio-related bug fixes.

I just updated, and my first impression is that it feels faster than macOS 14. The same old bugs are still present.

Update (2024-12-03): Ric Ford (Synology forum):

Synology software is failing on macOS 15.1 and later, and the company recommends that customers revert to an older Synology software with unpatched security flaws as a temporary workaround.

7 Comments

macOS 14.7.1 and macOS 13.7.1

Apple (release notes, full installer):

This document describes the security content of macOS Sonoma 14.7.1.

Apple (release notes, full installer):

This document describes the security content of macOS Ventura 13.7.1.

iOS 18.1 and iPadOS 18.1

Juli Clover (iOS/iPadOS release notes, security, enterprise, developer):

Apple Intelligence is the main draw in iOS 18.1 and iPadOS 18.1, and some of the first Apple Intelligence features are available on the iPhone 15 Pro, iPhone 15 Pro Max, any iPhone 16 model, or any iPad with an M-series or A17 Pro chip. Note that Apple Intelligence is launching in a beta capacity, and there will be a short waitlist initially.

Previously:

Update (2024-11-13): Scott:

Wow, iPadOS 18.1 is not great on the iPad mini 6th gen. Frequent slow downs, parts of apps not responding to touches, bugs from iPadOS 17 still around. 17.7 wasn’t anywhere near this bad. Often feels like when I was using my original iPad past year 2 (caused by insufficient RAM)!

Apple Intelligence iOS iOS 18 iOS Release iPadOS iPadOS 18 iPadOS Release

watchOS watchOS 11 watchOS Release

watchOS 11.1

Juli Clover (release notes, security, developer):

According to Apple’s release notes, watchOS 11.1 adds improvements and bug fixes, including a fix for an issue with writing breathing disturbances data to HealthKit for some users.

Previously:

watchOS 11.0.1

tvOS tvOS 18 tvOS Release

tvOS 18.1

Juli Clover (release notes, security, developer):

tvOS updates are often minor in scale, and tvOS 18.1 doesn’t seem to be an exception.
Apple still hasn’t added the 21:9 aspect ratio for projectors or the new Snoopy screensavers that it promised at WWDC, but those features were not in tvOS 18.1 during the beta testing process, and we don’t know what’s new.

Previously:

tvOS 18

visionOS visionOS 2 visionOS Release

visionOS 2.1

Juli Clover (release notes, developer, security, no enterprise):

According to Apple’s release notes, visionOS 2.1 includes bug fixes and security updates, and the software is recommended for all users.

Previously:

visionOS 2.0.1

audioOS audioOS 18 audioOS Release

audioOS 18.1

My HomePod is reporting this update as available with the following amazing release notes:

This update includes performance and stability improvements.

It’s not yet listed on Apple’s page, and I haven’t seen any press coverage yet.

Here’s a Reddit thread about the 18.1 release candidate.

Previously:

audioOS 18

Friday, October 25, 2024

Security Research on Private Cloud Compute

Apple (tweet, Hacker News, MacRumors):

In the weeks after we announced Apple Intelligence and PCC, we provided third-party auditors and select security researchers early access to the resources we created to enable this inspection, including the PCC Virtual Research Environment (VRE).

Today we’re making these resources publicly available to invite all security and privacy researchers — or anyone with interest and a technical curiosity — to learn more about PCC and perform their own independent verification of our claims. And we’re excited to announce that we’re expanding Apple Security Bounty to include PCC, with significant rewards for reports of issues with our security or privacy claims.

To help you understand how we designed PCC’s architecture to accomplish each of our core requirements, we’ve published the Private Cloud Compute Security Guide. The guide includes comprehensive technical details about the components of PCC and how they work together to deliver a groundbreaking level of privacy for AI processing in the cloud. The guide covers topics such as: how PCC attestations build on an immutable foundation of features implemented in hardware; how PCC requests are authenticated and routed to provide non-targetability; how we technically ensure that you can inspect the software running in Apple’s data centers; and how PCC’s privacy and security properties hold up in various attack scenarios.

[…]

We’re also making available the source code for certain key components of PCC that help to implement its security and privacy requirements. We provide this source under a limited-use license agreement to allow you to perform deeper analysis of PCC.

Saagar Jha:

It’s interesting to note that Apple’s PCC code is not open source but only available under a limited 90-day license for use as described here. However, posting code on GitHub requires the code to be viewable and forkable. IANAL, but this seems sketch.

mike_hearn:

All remote attestation technology is rooted by a PKI (the DCA certificate authority in this case). There’s some data somewhere that simply asserts that a particular key was generated inside a CPU, and everything is chained off that. There’s currently no good way to prove this step so you just have to take it on faith. Forge such an assertion and you can sign statements that device X is actually a Y and it’s game over, it’s not detectable remotely.
Therefore, you must take on faith the organization providing the root of trust i.e. the CPU. No way around it. Apple does the best it can within this constraint by trying to have numerous employees be involved, and there’s this third party auditor they hired, but that auditor is ultimately engaging in a process controlled by Apple. It’s a good start but the whole thing assumes either that Apple employees will become whistleblowers if given a sufficiently powerful order, or that the third party auditor will be willing and able to shut down Apple Intelligence if they aren’t satisfied with the audit. Given Apple’s legal resources and famously leak-proof operation, is this a convincing proposition?
Conventional confidential computing conceptually works, because the people designing and selling the CPUs are different to the people deploying them to run confidential workloads. The deployers can’t forge an attestation (assuming absence of bugs) because they don’t have access to the root signing keys. The CPU makers could, theoretically, but they have no reason to because they aren’t running any confidential workloads so there’s no data to steal. And they are in practice constrained by basic problems like not knowing what CPU the deployers actually have, not being able to force changes to other people’s hardware, not being able to intercept the network connections and so on.
[…]
In this case, Apple is doing everything right except that the root of trust for everything is Apple itself. They can publish in their log an entry that claims to be an Apple CPU but for which the key was generated outside of the manufacturing process, and that’s all it takes to dismantle the entire architecture.

It’s good that Apple is building in these safeguards because there are many scenarios where they would help. We just need to realize that there are limits to the marketing claims.

Apple Intelligence Apple Security Bounty Artificial Intelligence iOS iOS 18 Mac macOS 15 Sequoia Open Source Privacy Private Cloud Compute Security

The Apple Security Research blog now has an RSS feed, though it’s not properly advertised.

Previously:

Private Cloud Compute

Update (2024-11-06): Apple (via Hacker News):

This guide is designed to walk you through these requirements and provide the resources you need to verify them for yourself, including a comprehensive look at the technical design of PCC and the specific implementation details needed to validate it.

Testing EU iOS Features in iOS 18.2

Apple:

As previewed earlier this year, changes to the browser choice screen, default apps, and app deletion for EU users, as well as support in Safari for exporting user data and for web browsers to import that data, are now available in the beta versions of iOS 18.2 and iPadOS 18.2.
[…]
Following feedback from the European Commission and from developers, in these releases developers can develop and test EU-specific features, such as alternative browser engines, contactless apps, marketplace installations from web browsers, and marketplace apps, from anywhere in the world. Developers of apps that use alternative browser engines can now use WebKit in those same apps.

I just spent a few minutes trying to figure out how this works, but haven’t found it. If anyone can point me to the answer, let me know. It’s kind of bananas that EU-specific features couldn’t even be tested outside the EU until now.

Riley Testut:

If you’re on 18.2 you can test installing alternative marketplaces from websites (e.g https://altstore.io/download), which means they’ll download but you still can’t launch them

I’m also assuming it means I’ll be able to actually test installing apps with AltStore PAL without having to fly back to Europe, but need to wait ~72 hours for Apple to process my UDID to confirm.

Juli Clover (Hacker News):

With iOS 18.2, iPhone users in the European Union can fully delete a number of core apps, including the App Store, Safari, Messages, Camera, and Photos.

App Marketplaces Digital Markets Act (DMA) European Union iOS iOS 18 Near-Field Communication (NFC) Testing

Clearly this wouldn’t be in iOS 18.2 anywhere in the world if the European Commission weren’t demanding it for DMA compliance, but given that Apple had to do it for the EU, why not make it worldwide?

Previously:

Disney+ and Hulu Drop IAP

The change was noted on Reddit over the weekend, and there are details on the Disney+ and Hulu websites. Both the Disney+ and Hulu websites say that new and returning subscribers cannot sign up for and pay through Apple, but existing Apple-billed subscribers are not affected.

[…]

Eliminating the in-app purchase fees paid to Apple seems to be part of an effort to boost streaming revenue, paired with price hikes and also a recent crackdown on password sharing.

Disney+ and Hulu will no longer be eligible for Apple’s Video Partner Program going forward, and subscribers may notice a change in tvOS and the Apple TV app. The Video Partner Program provides integration with Apple technologies like AirPlay, Universal Search, zero sign-on, and more for streaming video apps that support in-app purchase.

Peter Kafka (Slashdot):

Disney’s rationale is clear here: When customers sign up for Disney subscription services via Apple, Apple takes up to 15% of the monthly fees those services generate. And Disney CEO Bob Iger has made it clear that he doesn’t want to pay that anymore.

Dare Obasanjo:

As Disney focuses on getting its streaming services to profitability, avoiding the Apple tax is a no brainer.

It’s telling that even the largest companies in the world find the Apple tax to business impairing. The more you tighten your grip, the more companies will slip through your fingers.

Damien Petrilli:

Disney, one of the biggest Apple ally doesn’t want to pay the Apple tax anymore?
I don’t understand, it’s bringing them so much value, don’t they get it?

Even with all the special treatment they got.

Tim Sweeney:

But Apple only allows video, audio, and e-book apps to do this[…]

Joe Rosensteel (post):

Sure, it sucks if you prefer to manage your subscriptions through Apple, just like when Netflix bailed, but Apple charges a lot for that convenience and it does limit what these platforms can do in terms of moving people to bundle pricing, which Disney is very interested in. Apple fails to justify their cut, or offer options that are more appealing than handling this themselves, so even BFF Disney is leaving.

Nick Heer:

As of writing a day after Disney made this change, Disney Plus is still listed as a member on Apple’s Video Partner Program page. I wrote about that program four years ago in the context of Apple seemingly retconning it into being a longstanding and “established” option available to developers of media applications.

[…]

It is hard to feel anything at all, really, about the business decisions of one massive conglomerate compared to another. But Apple’s subscription management is — in a vacuum and distinct from anything else — one of the nicest around, and it ultimately hurts users that it is so unattractive to some developers when given other options.

Previously:

App Store Business Disney Hulu In-App Purchase iOS iOS 18 iOS App

Thursday, October 24, 2024

Apple Intelligence in macOS 15.2 and iOS 18.2

Six Colors:

On Wednesday, Apple rolled out developer betas of iOS 18.2, iPadOS 18.2, and macOS 15.2, which run Apple Intelligence features previously seen only in Apple’s own marketing materials and product announcements: Three different kinds of image generation, ChatGPT support, Visual Intelligence, expanded English language support, and Writing Tools prompts.

[…]

It’s still English-only for now, but English speakers in Canada, the United Kingdom, Australia, New Zealand, and South Africa will be able to use Apple Intelligence in their versions of English.

Apple introduced an updated version of the Mail app with built-in categorization.

I still don’t see the categories feature in the Mac version of Mail, although there are some invisible menu commands that show up when searching with the Help menu.

From a SpamSieve perspective, I note that Mail’s data store is still at version 10 but that the schema has changed from both macOS 14 and from macOS 15.0 (in seemingly backwards compatible ways).

These developer betas also contain new APIs for third-party apps: the Writing Tools API (which will allow any text app to support the features only Apple’s first-party apps have access to in iOS 18.1 and MacOS 15.1), Genmoji API (so third-party messaging apps can support them like Messages will), and Image Playground API.

Apple reassured us that “if you’re using any of the standard UI frameworks to render text fields, your app will automatically get the ability to use Writing Tools.” But that appears to make the assumption that the text view is already using TextKit 2, and the only documentation that I can find about that states that NSTextViews need to be opted into that with additional code. However, the class documentation for NSTextView doesn’t even mention TextKit 2, although it does now include some information about support for Writing Tools.

Apple Intelligence in macOS 15.1 and iOS 18.1

Joanna Stern:

Apple will launch iOS 18.1 next week, bringing its much anticipated generative-AI tools to the iPhone 15 Pro models and the new iPhone 16 lineup. It will be available for most newer iPads and Macs, too.
If you’re expecting AI fireworks, prepare for AI…sparklers. Back in June, at the company’s annual developers conference, executives showed off do-it-yourself emojis, ChatGPT integration and a Siri that can recall the name of a person you met months ago. Apple has even been running ads for some features. None are in this release.
[…]
I’ve been testing Apple Intelligence on my iPhone and iPad. Apple’s ability to build tools right into the operating systems is undeniably powerful and convenient. But many are half-baked. I asked Federighi to explain the features—and Apple’s broader AI strategy.

It’s a very good interview, and also available on YouTube.

[…]

But as Stern herself points out in the article, the features that are shipping are genuinely useful. Notification summaries are good — the occasional mistakes can be funny, but overall it’s solid, and especially helpful for batches of notification from the same app or group text. The Clean Up unwanted-object-remover in Photos is great.

M.G. Siegler:

The first version of Apple Intelligence, which has been in beta testing for a few months now and is rolling out broadly next week, is pretty underwhelming. There’s just not much there. Not a lot beyond perhaps notification summaries that you’re going to be using all the time.

Tim Hardwick:

The most significant Siri enhancements are scheduled for iOS 18.4 around March 2025. These include onscreen awareness for contextual commands, personal context for better understanding of user data, and expanded app control capabilities. Initially, Apple Intelligence will only support U.S. English, with additional languages planned for next year.

Om Malik:

If my memory serves me correctly, it’s roughly the same number Apple shared during the WWDC keynote. So, essentially flat. While 1.5 billion might appear big, when it comes to internet scale, it isn’t such a large number for a company the size of Apple. I looked up the number of active Apple devices. That number is estimated to be 2.2 billion devices — I assume this includes phones, computers, watches, headphones, TV-streaming devices, and speakers. So 1.5 billion requests a day is actually far less than one daily request per active device.

Writing Tools don’t themselves generate new content in text, but use the original text to produce derivatives. I’m particularly looking forward to using its proofreading feature, which can suggest improvements that I can choose to ignore, or adapt to my own style, as I wish.

Adam Engst:

I’ve relied on Grammarly for years for proofreading. It catches typos, doubled words, and extra spaces, and its newer AI-powered features sometimes make helpful suggestions for recasting awkward sentences. I’m slightly annoyed that Grammarly’s proofreading tools are so helpful, but it’s challenging to edit your own text to a professional level, and Grammarly can identify errors much faster than I can. Don’t assume that tools like Apple Intelligence’s proofreading capabilities for helping with grammar, word choice, and sentence structure are necessarily a crutch. They may be for some people, but even people who care about their writing can still benefit from some suggestions while ignoring unhelpful ones.

Ben Lovejoy:

AI suggested a total of six changes to my piece, of which three were duplicates – adding periods to bullet-point text.

[…]

Overall, though, a really excellent job.

I am very likely underselling how valuable the new writing tools might prove to people trying to write in a second language, or who simply aren’t capable of expressing themselves well in their first language.

Apple Intelligence Artificial Intelligence iOS iOS 18 Mac macOS 15 Sequoia Notification Center Photos.app Siri Writing Tools

This guide goes over everything you can do with Writing Tools, where you can use them, and what you need to access the feature.

Previously:

Update (2024-10-28): Apple (Hacker News):

Apple today announced the first set of Apple Intelligence features for iPhone, iPad, and Mac users is now available through a free software update with the release of iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1. Apple Intelligence is the personal intelligence system that harnesses the power of Apple silicon to understand and create language and images, take action across apps, and draw from personal context to simplify and accelerate everyday tasks while taking an extraordinary step forward for privacy in AI. Today marks the availability of the first set of features, with many more rolling out in the coming months.

Six Colors:

It’s unquestionable that Apple is putting its weight behind these efforts, but what’s been less clear is just how effective and useful these tools will be. Perhaps unsurprisingly, for anybody who has used similar generative AI tools, the answer is a definite maybe.

[…]

Despite Apple’s marketing of a new and improved Siri, the voice assistant hasn’t changed that much with this first set of Apple Intelligence capabilities. The most obvious “new feature” is actually a new look: on iOS and iPadOS, instead of the little glowing orb that used to indicate Siri had been activated, you’ll now see a colorful wash over the entire screen, accompanied by a “ripple” effect.

Previously:

Update (2024-10-30): Kirk McElhearn:

These writing tools could be useful for non-native speakers or people with limited writing skills. But for any serious writing, they are limited and problematic. Someone in a hurry may accept rewrites without checking and later discover that their text has been corrupted, their style flattened, and their message obfuscated.

iA:

Apple’s Intelligence misses a crucial step in the process. Writing Tools will simply replace your original text. If you can’t see the edits. The more you use it, the more you risk losing control over what you wrote.

Update (2024-10-31): Joe Rosensteel:

Clean Up (YIKES)

Pixelmator (yuck)

Retouch (ok, and what I used originally)

Lightroom (many removal options that all seem viable)

Update (2024-12-13): Chance Miller:

The BBC isn’t pleased with Apple Intelligence’s notification summary feature. The corporation says that the notification summary feature “generated a false headline” about Lugi Magione, who was arrested this week as the suspected killer of the United HealthGroup CEO.

The notification summary in question suggested that Mangione had shot himself: “Luigi Mangione shoots himself; Syrian mother hopes Assad pays the price; South Korea police raid Yoon Suk Yeol’s office.”

Update (2024-12-16): Mario Guzmán:

I think iOS Notification Summaries should have an easier way to be disabled and shouldn’t even be allowed for any app that delivers the news to users.
Is there a way for developers to even opt out altogether from notification summaries?

Benjamin Mayo:

what a UI

13 Comments

Postbox Discontinued

Adam Engst (Hacker News, MacRumors Forum):

Sad news. The longstanding email client Postbox has been acquired and shut down by eM Client, described by the announcement as “a leading email platform for Windows and macOS that combines email, calendars, tasks, contacts, notes, and chat into a single, easy-to-use application.”
[…]
On the other side of the equation, I’ve never heard of any Mac users relying on eM Client, despite its cross-platform status. I was going to say that I’d never heard of it at all, but searching my email reveals that I tested it briefly in February 2022. I suspect it’s a Windows app that has been clumsily ported to macOS. (Ironically, I was just encouraged by a PR person to look at Mailbird, another Windows email client that just released a version that runs on the Mac but bears little resemblance to a true Mac app.) eM Client gained iOS and Android clients only this year.

There’s a migration guide. I know that eM Client has some dedicated fans, and I’ve received requests over the years for SpamSieve to work with it. Unfortunately, eM Client does not support plug-ins or have any meaningful AppleScript support. Some customers are running Apple Mail in the background to filter their mail with SpamSieve. They can correct any mistakes from within eM Client by moving messages to special TrainSpam and TrainGood mailboxes. I’m open to working with eM Client if they would like to add direct integration.

Ric Ford:

Postbox was based on Mozilla’s cross-platform, open-source code Thunderbird email app, which does provide native Apple Silicon code, along with timely development and updates, security fixes, and additional features, including calendars.

Acquisition E-mail Client eM Client Mac Mac App macOS 15 Sequoia Postbox SpamSieve Sunset

11 Comments

Wednesday, October 23, 2024

TouchArcade Is Shutting Down

Jared Nelson (Hacker News):

Many of you who have followed TouchArcade for a long time are well aware that we’ve had financial troubles for many years now, and to be frank I think it’s a miracle that we’ve been able to last as long as we have. The truth of the matter is that a website like ours just doesn’t make money anymore. To our own detriment we’ve resisted things like obnoxious in-your-face advertising, egregious clickbait headlines, or ethically questionable sponsorships, which sadly are the types of things that actually still make money in the internet of today.

There are a number of other reasons that have contributed to us reaching this point, but I’d rather not get into all that right now. TouchArcade was an institution for many millions of people over the past 16 years, and it was my full-time job for the last 14+ years.

[…]

The job market is not great anywhere, and finding new work is tough, especially in the games industry. If you are reading this and you have a need for very capable game industry veterans such as ourselves, please reach out.

[…]

If there is some sort of silver lining to all of this, it’s that for the foreseeable future all of the content that has ever been posted to TouchArcade will remain online and accessible to all. More than 33,000 published articles, including more than 4,000 game reviews, not to mention all of our yearly Best Of content and Game of the Year picks. These should hopefully all continue living on into the future for reference purposes and just to look back and see how drastically the mobile gaming landscape changed over the last decade and a half.

Michael Love:

Just saw this - pretty sad reflection on the state of iOS gaming that the marquee iOS game review site couldn’t afford to keep the lights on.

Previously:

Apple Removes Apps From Their Affiliate Program

Advertising App Store Business Game iOS Sunset The Media Web

AppleScript BusyCal Calendar Esoteric Preferences Fantastical Mac Mac App macOS 15 Sequoia Readdle Calendars

The Sad State of Mac Calendar Scripting

AppleScript support with popular Mac calendar apps is surprisingly limited. With Apple Mail, it’s easy to write a script that operates on the selected e-mail messages, and I’ve written many such scripts. I’d like to do this same with calendar events. For example, sometimes I want to make the same change to one of the fields of all the selected events (since there’s no bulk edit inspector). Other times I want to reschedule by shifting all the events by the same amount of time. Sometimes I have a group of past events (e.g. for cooking a Thanksgiving dinner or traveling to a familiar location) and I want to start planning the next iteration by duplicating and shifting them to the future. When traveling east-west, I would like to check that the time zone information is entered consistently.

But this just doesn’t seem to be possible to script. With Apple Calendar and BusyCal, the scripting dictionary does not even let you access the selected calendar events. Readdle Calendars, which recently switched to a subscription, is not scriptable at all. With Fantastical, the dictionary looks promising but mostly doesn’t work:

You can get the selected events, but key properties such as the containing calendar and the repetition and alarm info are missing. So I can’t just copy by making a new event based on the selected one.
I usually want the copied event to keep the same calendar, so how about just letting Fantastical copy an existing event and then edit it with the script? There’s a duplicate command, but it doesn’t work.
OK, how about if I have the script pick the calendar and create a new event using the properties of the selected one? It turns out that creating new events via AppleScript doesn’t work, either.
How about if I duplicate the events using the menu command and then use AppleScript to edit them? The properties are shown as editable, and you can set their values, but this seems to just mutate a temporary object. The changes are never reflected in the user interface or saved to disk.

I contacted support, who said that, despite what the dictionary shows, none of this is supported. All you can do is read (some) of the properties of the selected events and create new events using the parse sentence command. They suggested exporting to ICS, processing the file, and re-importing the ICS. The Export… command exports an entire calendar and so isn’t very useful for this purpose, unless you first copy the events to a temporary calendar. However, you can export individual events via drag and drop.

Some other partial solutions that I found:

You can click here to set a hidden Fantastical preference to make the event editor popover always open in expanded form. This saves a lot of clicks when editing a sequence of events.
You can Option-drag a selection of events to copy them to a particular day. I mostly don’t find this useful because the source and destination days don’t usually fit on screen at the same time (and it doesn’t let me open multiple windows).
Similarly, if you can manage to view and select a bunch of events in the week or day view, you can drag and drop to reschedule them all at once. This is in general rather awkward, but it can work if you’re doing something basic like shifting them all an hour later.
Although there is no command to Duplicate the selected events to a particular day, you can Copy them, then click on the desired start day, and Paste, and it will preserve the relative times between the events. (This also works in Apple Calendar.)

Previously:

Qbix Calendar Apps and the Mac App Store

Update (2024-10-28): A reader notes that, although Calendar does not provide AppleScript access to the selected events, if an event is in edit mode you can use GUI scripting to extract its information:

tell application "System Events"
    tell application process "Calendar"
        set parametersOfEvent to description of every button of pop over 1 of window 1
        --eg...{"Oct 25, 2024  9 AM to 5 PM", "Alert when I need to leave Alert 15 minutes before start (default)", "Edit Attendees", "add", "Add Notes or URL"}
        
        set nameOfEvent to value of every text field of pop over 1 of window 1
        
        set repeatsHow to value of every static text of pop over 1 of window 1
        --eg..{"Busy", "Repeats every week on Monday, Tuesday, and Thursday"} 
        --item 1 is the title, item 2 is how it repeats
    end tell
end tell

And Shane Stanley’s CalendarLib EC is an AppleScript wrapper for accessing EventKit using AppleScriptObjC.

App Store Scams Apple Card Calendar 2 In-App Purchase Mac Mac App Mac App Store macOS 10.13 High Sierra macOS 14 Sonoma

Qbix Calendar Apps and the Mac App Store

A reader shared a story about the confusing and unfortunate situation with Qbix’s calendar apps on the Mac App Store. There are two separate apps: Calendars (which used to be called Calendar 2, previously discussed) and Calendar Plus.

Calendar Plus hasn’t been updated in 10 years but is still for sale as a $9.99 up-front purchase. The reader first purchased this one, but then he found that it doesn’t work on macOS 10.13 and got a refund.

He then purchased Calendars, which is free with In-App Purchase. He purchased the $17.99 IAP called “Unlock All Features Permanently,” rather than subscribing for $1.99/month or $15.99/year. Unfortunately, the IAP “expired” after exactly one month. Reviews say that support is only available via Facebook and that the developer is unresponsive to questions. He tried to get a refund from Apple but was told:

After reviewing your account details Apple decides no.

So the Mac App Store, which is supposed to protect customers, failed twice: the purchase didn’t work as advertised, and Apple didn’t make the customer whole. Nor did it do anything to protect future customers: nearly a year later, the app hasn’t been updated, and the broken permanent unlock IAP is still available.

Previously:

Update (2024-10-24): sundevil671 (via Jeff Johnson):

I purchased [a different] app that doesn’t work how I need it to. After exhaustive troubleshooting attempts with their helpful support staff, it became clear I wasn’t going to be able to use the software as intended. When I requested a pro-rated refund for the annual subscription I’d purchased, I was told the request had to be made through Apple’s process since the purchase was made through the App Store. Apple denied the request so quickly it almost had to be automated, and the appeal of that decision denied almost as fast. I’m not sure how much weight such an appeal could even be given since they provide a tiny field for an explanation and no way to include supporting documentation of any kind. I was prepared to include transcripts of my interactions with the software’s support staff that acknowledged the malfunction & suggested I submit the request through Apple. The last resort was to try and dispute the charge through my credit card company, which I’ve discovered to be a fool’s errand with Chase for many years now. On that front it was denied immediately as well.
So my question is - is there any recourse whatsoever if you purchase an application that ends up not working in an essential way? Now I have a $100 application I can’t use, and am going to have to purchase another one for the same purpose.

As far as I know, there is no solution, even if the developer wants to help. Disputing the credit card charge—which, incidentally, was harder with an Apple Card—can work in other contexts but is not a good idea with Apple because it can endanger your entire Apple Account.

Adobe Lightroom Apple A18 Apple A18 Pro Camera Firefox Google Chrome HEIF iOS 18 iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max JPEG JPEG XL Photography Photos.app Safari

Tuesday, October 22, 2024

iPhone 16 Adds JPEG XL

Jeremy Gray (Hacker News, Reddit):

Apple and its various software iterations have supported JPEG XL for at least a year, including in Finder, Preview, Final Cut Pro, Pages, Photos, Mail, Safari, and more. Adobe has also supported the format for a while, including in Adobe Camera Raw and Lightroom Classic.
Despite JPEG XL supporting reversible JPEG transcoding and being superior to JPEG in terms of quality and efficiency, the format has yet to be widely adopted. Neither Chrome nor Firefox, two very popular web browsers, support the format natively, for example. Extensions are available to support JPEG XL files, but they’re not installed by default.
The JPEG XL community website cites the format’s ability to reduce file size while delivering “unmatched quality-per-byte.” Compared to a standard JPEG, a JPEG XL file is up to 55% smaller while providing a cleaner image that is visually lossless. Gone are typical JPEG artifacts.

[…]

As Apple explains on the new iPhone models, JPEG XL files are supported on iOS 17 and later and macOS 14 and later. However, as mentioned, these .jxl files are wrapped in a DNG container, so you can’t just fire off .jxl files from the iPhone 16 Pro.

Juli Clover (Reddit):

Compared to the HEIC format that Apple introduced several years ago, JPEG-XL supports both lossy and lossless compression. HEIC is a lossy format, and while it retains better quality than JPG images, pros will likely prefer JPEG-XL for zero image degradation. HEIC has never gained wide support, which has hindered its usefulness.

It sounds like Apple has only enabled Camera support for JPEG XL with the iPhone 16 family, not with iOS 18 generally. Is this because it depends on hardware acceleration that’s only available with the A18? However, iOS 17 and macOS 14 can read the files.

Also, although JPEG XL seems to be superior to HEIC, Apple is not offering it as a general choice alongside JPEG and HEIC. It’s only available when using ProRAW. This is all rather confusing.

Ryan Jones:

Photo settings have gone too far. WTF is happening.

Collin Donnell:

So JPEG XL seems flat out better than HEIC for images? I’m going to start saving all my film scans as 16 bit JPEG XL.

praseodym:

JPEG XL also supports re-encoding existing JPEG files to decrease file size while keeping the original file quality. That really seems like useful feature but so far I haven’t seen any tooling (in macOS) to re-encode my existing photo library.

Previously:

Update (2024-10-23): Florian Pircher:

A lot of confusion, as you mentioned, since the new iPhones don’t use JXL for storing regular images, just for raw images. It used to be that regular images are either JPEG or HEIF and raw images are DNG with the pixel data stored as lossless JPEG. Now, regular images are the same as before, but for raw images you can choose how the pixel data inside the DNG should be stored: lossless JPEG (as before), lossless JXL, or lossy JXL.
Most people who have heard of JPEG XL have only seen it used for regular (non-raw) images. And few people know about the lossless JPEG format that was used before for DNG pixel data.

Update (2024-10-28): Jon Sneyers (2020, via Hacker News):

This section highlights the important features that distinguish JPEG XL from other state-of-the-art image codecs like HEIC and AVIF.

morpheuskafka:

I found this interesting note in the article:
HEIC and AVIF can handle larger [than 35MP, 8MP respectively] images but not directly in a single code stream. You must decompose the image into a grid of independently encoded tiles, which could cause discontinuities at the grid boundaries. [demo image follows].
[…]
The newest Fujifilm X cameras have HEIC support but also added 40MP sensors--does this mean they are having to split their HEIC outputs into two encoding grids?
It seems like the iPhone avoided this, as 48MP output is only available as a “ProRAW” i.e. RAW+JPEG, which previously used regular JPEG and now JPEG-XL, but never HEIC.

13 Comments

Lightroom Classic 14

Agen Schmitz (release notes):

Adobe has issued Lightroom Classic 14.0, a big update with several new features. The release enhances the Generative Remove feature with improved selection and object detection for easier removal of unwanted objects and distractions; introduces Content Credentials to help secure digital assets by attaching credentials like digital signature, editing information, and more; adds denoise support for Linear Raw Digital Negatives (DNGs) to help reduce noise in high-resolution raw files, provides optimized tethering support with Nikon cameras (without Rosetta emulation); helps you to save disk space by setting the preview cache size limit; improves navigation and responsiveness in the Develop module[…]

Adobe:

Remove with Generative AI is now available with improved selection and object detection. Generative Remove lets you easily select and remove objects on complex backgrounds without any hassle.
Detect Objects lets you detect an object within the roughly brushed area to help you make a precise selection when you want to preserve as many details as possible from the scene.

I wish they would add better support for getting rid of Live Photos.

Previously:

Lightroom Classic 13.3 and 13.4

Adobe Lightroom Artificial Intelligence Live Photos Mac Mac App macOS 15 Sequoia Photography

Time Machine in Sequoia

Der Teilweise:

Backing up to a NAS currently says 3 days (!) left, after having backed up ~160GB. Was using WiFi with TX rate 133MBit.

Now I connected using Gigabit Ethernet, does not seem to be faster.

Plus: CPU usage is ridiculously high, fans spinning up to medium/max speed several times per hour.

[…]

I did not change all files on my disk …

Maybe they removed the alert that was shown when the backup got corrupted? Seems to be the case because I did not get that alert and all my old backups (on the NAS) seem to be gone.

[…]

So it seems like Apple indeed removed the confirmation dialog that they showed when they delete corrupted backups, taking away the chance to manually repair it.

I wonder whether this happened pre-Sequoia? Even on Sonoma, I would regularly have Time Machine backups where I would imagine that less than 50 GB changed, but it took all day to back up to a local hard drive. (Yet it wasn’t so slow that it seemed to be starting from scratch.) I wish Time Machine were better at showing which files are being copied and how the space is being used. (I guess some of this can be figured out using BackupLoupe.)

There’s some annoying bug in Sequoia that makes a Time Machine backup fail with an error “The backup failed because some files were not available”.
How on earth can files “not be available” on something running locally? And whatever it is, why isn’t Time Machine dealing with it properly? It’s all made by the same company. And it had all night to do whatever it has to.
I needed to have a current backup fresh in the morning, and now I’m sitting here waiting.

Der Teilweise:

I wouldn’t be surprised if the opendir bug described by @cdfinder is a race condition that also happens (more rarely) for local filesystems.

Previously:

Update (2024-10-23): Adam Chandler:

I recently had Time Machine issues on Developer beta where I wasn’t getting successful backups. I tried everything and finally disabling the MacOS Firewall fixed it for me.
MBP wired Ethernet to Synology using SMB on x.1 developer beta.

Kurt:

I don’t use my MacBook Pro (M1 Max running Sequoia) daily, but last night I went to use it and it was warm to the touch and the fans were at full blast. The process “diskimagesiod” was using 800% CPU. I also get the “files were not available” all the time with Time Machine. Super annoying.

You can see files and progress in the log, easily accessible from T2M2’s Speed button during a backup.

Previously:

macOS Firewall Regressions in Sequoia

Update (2024-11-22): I and others have been having problems with Time Machine in Sequoia, where it’s copying files that don’t need to be copied, leading to unnecessary pruning of old backups. However, sometimes it gets wedged so that it can’t prune old snapshots and just reports that the backup failed. After restarting the Mac, it’s able to prune the snapshots again, though Disk Utility can’t show them.

Backup BackupLoupe Bug Datacide Mac macOS 14 Sonoma macOS 15 Sequoia Spotlight TheTimeMachineMechanic (T2M2) Time Machine

Another thing that broke in 15.1 is ejecting disks now fails often because mds indexer holds a file open in them and just won’t let go. I keen to kill mds before ejecting the disks successfully. Fails on two Macs, both with Time Machine spinning disks and SSDs.

Update (2024-12-02): Jesse Squires:

Seems like Apple broke Time Machine in macOS 15 Sequoia because Time Machine doesn’t have Full Disk Access (or some other security theater permissions).

I am not seeing this particular problem.

Update (2024-12-19): Howard Oakley:

First full backups to SSD appear to run at higher priority to allow them to complete more quickly.

As a result, effective write speeds to SSDs during Time Machine backups are significantly faster than could be achieved to hard disks.

When the consequences of using APFS on hard disks are taken into account, storing Time Machine backups on SSD has considerable advantages in terms of both speed and longevity.

macOS 15.2 seems to introduce new problems, for both Time Machine and asr backups.

Previously:

macOS 15.2 Breaks Bootable Backups

17 Comments

Monday, October 21, 2024

Leaky macOS VPN After System Update

Mullvad VPN (Hacker News):

We have found that you could be leaking traffic on macOS after system updates. To our current knowledge a reboot resolves it. We are currently investigating this and will follow up with more information.
In this scenario the macOS firewall does not seem to function correctly and is disregarding firewall rules. Most traffic will still go inside the VPN tunnel since the routing table specifies that it should. Unfortunately apps are not required to respect the routing table and can send traffic outside the tunnel if they try to. Some examples of apps that do this are Apple’s own apps and services since macOS 14.6, up until a recent 15.1 beta.

Previously:

Bug Firewall Mac macOS 15 Sequoia Networking Privacy Software Update Virtual Private Network (VPN)

Microsoft Threat Intelligence:

TCC and Gatekeeper Bypasses

Wojciech Reguła (September 2021, tweet):

I was looking for code injection opportunities that may allow reaching TCC bypasses. My simple shell script discovered a potential victim - /System/Library/CoreServices/Applications/Directory Utility.app. It had (and has) the following private TCC entitlement[…] This entitlement allows the Directory Utility to modify the user’s records stored in the /var/db/dslocal/nodes directory.

[…]

After some time I stumbled across the above-mentioned Matt Shockley’s article on how he was able to bypass TCC only by changing the $HOME directory via launchctl. I was really curious about how Apple fixed that vulnerability so I started reversing the TCC. Turns out that now TCC takes the information about the user’s home directory from the getpwuid function.

[…]

I was really shocked that Apple decided that this vulnerability is not eligible for the bounty. [They later changed their mind.]

Wojciech Reguła (March 2022):

This post shows how to bypass the macOS privacy framework (TCC) using old app versions.
[…]
Summing it up - there is no version information. It is exactly the same architectonical problem as the macOS Keychain has. In most cases it is possible to get an older version of the “donor” application (without the hardened runtime flag), inject to it, and thus abuse its TCC permissions.

Phil Stokes (March 2023):

The scourge of ransomware attacks that has plagued Windows endpoints over the past half decade or so has, thankfully, not been replicated on Mac devices. With a few unsuccessful exceptions, the notion of locking a Mac device and holding its owner to ransom in return for access to the machine and its data has not yet proven an attractive proposition for attackers.
However, the idea of stealing valuable data and then monetizing it in nefarious ways is a tactic that is now common across platforms. On macOS, threat actors will quietly exfiltrate session cookies, keychains, SSH keys and more as malicious processes from adware to spyware look to harvest data that can be recycled and sold on various underground forums and marketplaces, or used directly in espionage campaigns and supply chain attacks.
[…]
Session cookies can be stored anywhere, but typically they are in locations which can be accessed by the user or a process running as the user. Some locations, such as the User’s Library Cookies folder, may be restricted by TCC unless the parent process has Full Disk Access or uses one of the many known TCC bypasses. Real world attacks (e.g., XCSSET) and researchers have consistently shown that TCC, while often a nuisance to users, does not present a significant obstacle to attackers.

Mickey Jin (January 2024):

Last year, I discovered a full user TCC bypass issue in the macOS Sonoma beta version. There was a CVE number assigned at the beginning, but removed by Apple in the release of macOS 14.0. Instead, I got the credit in their Additional Recognitions.
According to the Apple Security Bounty program, this report should have been rewarded with an additional 50%. Unfortunately, the truth is that I was cut off 50%.

Wojciech Reguła:

This vulnerability was disclosed at Black Hat Europe 2022 in the talk Knockout Win Against TCC - 20+ NEW Ways to Bypass Your MacOS Privacy Mechanisms. The technique used an old Launch Services function LSSetDefaultRoleHandlerForContentType that allowed (without any restrictions) to register arbitrary applications for handling specified UTI handlers. After the UTI handling app registration, the exploit simply opens juicy files (like AddressBook or iMessages database) and TCC happily grants access to them. At that time TCC couldn’t recognize correctly if a file was opened by launch services or double-clicked by a user.

Wojciech Reguła:

The technique relied on an SQLite environment variable respected by libsqlite3.dylib which made apps using the standard SQLite system API log all the SQL queries. As such queries may contain sensitive user data normally protected by the TCC - I started researching all the problematic occurrences.

Unit 42:

Apple states that user-installed unarchiving tools preserve quarantine. As we can see in the following examples, there are some third-party archive tools that do not enforce that, which means that Gatekeeper won’t scan the extracted files.
[…]
In VMware Fusion, when copying a file from a host machine to a guest macOS virtual machine (VM) using VMware tools, the quarantine extended attribute will be dropped from the copied file as shown in Figure 4. This means Gatekeeper won’t scan any files copied into the virtual machine.

The vulnerability, which we refer to as “HM Surf”, involves removing the TCC protection for the Safari browser directory and modifying a configuration file in the said directory to gain access to the user’s data, including browsed pages, the device’s camera, microphone, and location, without the user’s consent.
[…]
Our exploit involves the following steps:
Change the home directory of the current user with the dscl utility, which does not require TCC access in Sonoma (At this point, the ~/Library/Safari directory is no longer TCC protected).
Modify the sensitive files under the user’s real home directory (such as /Users/$USER/Library/Safari/PerSitePreferences.db).
Change the home directory again so Safari uses the now modified files.
Run Safari to open a webpage that takes a camera snapshot and trace device location.

Osama Alhour (PDF, tweet):

This paper seeks to provide a comprehensive technical analysis of how TCC works internally, how it interacts with other system components, and it’s impact on both how developers shape their applications as well as user control granting sensitive data to applications.

Previously:

Apple Security Bounty Bug Exploit Extended Attributes Gatekeeper Launch Services Mac macOS 12 Monterey macOS 14 Sonoma macOS 15 Sequoia Safari Security SQLite Transparency Consent and Control (TCC) Virtualization ZIP Archive

Antitrust Business Car Digital Millennium Copyright Act (DMCA) DRM Google Google Chrome Privacy Processors TikTok Unauthorized Repair Web YouTube

Autoenshittification, YouTube, and Disenshittify or Die

Cory Doctorow (July 2023, Hacker News):

Forget F1: the only car race that matters now is the race to turn your car into a digital extraction machine, a high-speed inkjet printer on wheels, stealing your private data as it picks your pocket.
[…]
The car manufacturers got so desperate for chips that they started buying up washing machines for the microchips in them, extracting the chips and discarding the washing machines like some absurdo-dystopian cyberpunk walnut-shelling machine[…]
[…]
These digital systems are a huge problem for the car companies. They are the underlying cause of a precipitous decline in car quality. From touch-based digital door-locks to networked sensors and cameras, every digital system in your car is a source of endless repair nightmares, costly recalls and cybersecurity vulnerabilities[…]

Cory Doctorow (September 2023):

It doesn’t have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to “five giant websites filled with screenshots of text from the other four” (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification. We don’t have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!

Cory Doctorow (November 2023, Hacker News):

For example, when Google contemplates raising the price of a Youtube subscription, the dissent might say, “Well, this will reduce viewership and might shift viewers to rivals like Tiktok” (competition). But the price-hiking side can counter, “No, because we have a giant archive, we control 90% of searches, we are embedded in the workflow of vloggers and other creators who automatically stream and archive to Youtube, and Youtube comes pre-installed on every Android device.” Even if the company leaks a few viewers to Tiktok, it will still make more money in aggregate. Prices go up.
When Google contemplates increasing the number of ads shown to nonsubscribers, the dissent might say, “This will incentivize more users to install ad-blockers, and then we’ll see no ad-revenue from them.” The pro-ad side can counter, “No, because most Youtube viewing is in-app, and reverse-engineering the Youtube app to add an ad-blocker is a felony under Section 1201 of the Digital Millennium Copyright Act. As to non-app viewers: we control the majority of browser installations and have Chrome progressively less hospitable to ad-blocking.”
When Google contemplates adding anti-adblock to its web viewers, the dissent might say, “Processing users’ data in order to ad-block them will violate Europe’s GDPR.” The anti-adblock side can counter, “But we maintain the fiction that our EU corporate headquarters is in the corporate crime-haven of Ireland, where the privacy regulator systematically underenforces the GDPR. We can expect a very long tenure of anti-adblock before we are investigated, and we might win the investigation. Even if we are punished, the expected fine is less than the additional ad-revenue we stand to make.”
When Google contemplates stealing performers’ wages through opaque reshufflings of its revenue-sharing system, the dissent might say, “Our best performers have options, they can go to Twitch or Tiktok.” To which the pro-wage-theft side can counter, “But they have no way of taking their viewers with them. There’s no way for them to offer their viewers on Youtube a tool that alerts them whenever they post a new video to a rival platform. Their archives are on Youtube, and if they move them to another platform, there’s no way to redirect users searching for those videos to their new homes. What’s more, any attempt to unilaterally extract their users’ contact info, or redirect searchers or create a multiplatform client, violates some mix of our terms of service, our rights under DMCA 1201, etc.”

Cory Doctorow (August 2024, transcript):

The enshittification of the internet wasn’t inevitable. The old, good internet gave way to the enshitternet because we let our bosses enshittify it. We took away the constraints of competition, regulation, interop and tech worker power, and so when our bosses yanked on the big enshittification lever in the c-suite, it started to budge further and further, toward total enshittification. A new, good internet is possible - and necessary - and it needs you.

Previously:

Update (2024-10-22): Cory Doctorow (via Hacker News):

In 2020, 75% of Massachusetts voters voted in favor of an automotive right-to-repair ballot initiative, which would force auto manufacturers to share access to diagnostic information with car owners and independent mechanics, so any mechanic could fix your car. You wouldn’t be locked into taking it to the manufacturer.
The people of Massachusetts were pretty adamant: They wanted to choose their own mechanics. They had voted even more forcefully for a very similar right-to-repair initiative in 2012.
The problem is that right to repair only came into effect in August. The carmakers had so much ready cash (much of it accumulated by gouging drivers on maintenance) that they were able to pay an army of lawyers to challenge the law in court. In the decade since Massachusetts voters affirmed their overwhelming support for automotive right to repair, the actual state of it in Massachusetts went into freefall, with an ever-growing proportion of the cars on the road becoming inaccessible to independent mechanics. And it’s still on shaky ground, not fully enforced, and carmakers are deactivating some of the features in cars so they don’t have to share the specifics of how to repair them.
[…]
Governments can — and should — have rules about interoperability in their procurement policies. They should require companies hoping to receive public money to supply the schematics, error codes, keys and other technical matter needed to maintain and improve the things they sell and provide to our public institutions.

Update (2024-11-19): See also: Hacker News.

7 Comments

Friday, October 18, 2024

exit(173) Receipt Fetching Deprecated on Sequoia

Jeff Johnson (Mastodon):

[If] you compile your app with the macOS 15 SDK in Xcode 16, and your app exits with the status 173—the traditional way to handle Mac App Store receipt validation failure—then macOS 15 Sequoia will show the user an alert[…]
The alert is terrible for at least two reasons. First, the text is total nonsense to end users and meaningful only to app developers. Second, the text is inaccurate. Exiting with status 173, for example returning 173 from the main() function, still works! A new, valid Mac App Store receipt will be fetched, if possible. In this respect, the only difference between Sonoma and Sequoia is that Sequoia shows the annoying, confusing, inaccurate alert to the user.
As far as I’m aware, the new macOS 15 behavior has not been documented by Apple anywhere.

The WWDC session only says:

If your app still uses the Original API for In-App Purchases, I have an important update to share with you. Beginning with iOS 18 and aligned OS releases, the Original API for In-App Purchase is deprecated, including the unified receipt. Your existing apps will continue to work, but the legacy API won’t receive any enhancements or new features in future operating system releases.

But this doesn’t mention the scary alert, and it’s not obvious that exit(173) is part of the IAP API because it was introduced for up-front purchases before IAP even existed.

Johnson has investigated the documentation history. Apple no longer mentions exit(173) at all, never saying that it was deprecated, and the current documentation recommends using StoreKit 1, which is is deprecated.

According to the WWDC session, Apple wants apps to switch to StoreKit 2, which is a Swift-only API. Apps targeting older versions of macOS would need to bundle the entire Swift runtime just to download the Mac App Store receipt.

It’s not yet clear to me whether Sequoia shows the alert for apps (linking with the macOS 15 SDK) downloaded from the App Store or only when testing such apps. I presume it’s only the latter because I have not seen a huge outpouring of users mentioning the alerts. However, it’s also possible that few apps have been shipped using Xcode 16 so far, e.g. because doing so will make apps that use Quick Look crash.

Previously:

Update (2024-10-21): Alexander Blach:

Mona (@MonaApp) seems to be a Mac App Store app compiled with the macOS 15 SDK (DTSDKName is “macosx15.0") that does call exit(173) on launch when the receipt is not present in its app bundle.
It does not show the deprecation alert for me and successfully refreshes the receipt.
So it looks like calling exit(173) in the production environment still works as before.

App Store Receipt Validation iOS iOS 18 Mac Mac App Store macOS 15 Sequoia Programming Swift Programming Language

App Store Business Federal Trade Commission (FTC) iOS Legal The New York Times Web

Click-to-Cancel

Thomas Claburn (MacRumors):

The US Federal Trade Commission on Wednesday announced a final “click-to-cancel” rule that aims to simplify the process of ending unwanted subscriptions to products and services.
[…]
“Too often, businesses make people jump through endless hoops just to cancel a subscription,” said FTC Chair Lina Khan in a statement. “The FTC’s rule will end these tricks and traps, saving Americans time and money. Nobody should be stuck paying for a service they no longer want.”

FTC (Hacker News):

The final rule will provide a consistent legal framework by prohibiting sellers from:
misrepresenting any material fact made while marketing goods or services with a negative option feature;
failing to clearly and conspicuously disclose material terms prior to obtaining a consumer’s billing information in connection with a negative option feature;
failing to obtain a consumer’s express informed consent to the negative option feature before charging the consumer; and
failing to provide a simple mechanism to cancel the negative option feature and immediately halt charges.

While it was good that in some cases customers could get easier cancellation by paying for an additional layer such as the App Store, I think it makes sense to just make these bad practices illegal.

Karl Bode:

Cemented by AOL in its heyday, and perfected by everybody from the Wall Street Journal to your broadband and wireless phone provider, corporate America loves to make it as annoying as possible to simply cancel services, often actively hiding any way to do so.
[…]
Most of the FTC’s new guidelines will go into effect in 180 days, with some in effect within 60 days after publication in the Federal Register. The rulemaking updates started way back in 2019. There’s a fact sheet here that explains the proposal in more detail.
[…]
Trade groups representing everything from media companies and telecoms to car wash operations called the rules “burdensome and unnecessary.” Publishers and Advertisers like the News/Media Alliance also complained about the rules, insisting they would “confuse customers“ (one alliance group member, the WSJ, worked for years to make subscription cancellation as annoying as humanly possible, and didn’t seem too upset about consumer confusion at the time).

Previously:

Netscape at 30

Jamie Zawinski:

According to my notes, it went live shortly after midnight on Oct 13, 1994. We sat in the conference room in the dark and listened to different sound effects fired for each different platform that was downloaded. At some point late that night I wandered off and wrote the first version of the page that loaded when you pressed the “What’s Cool” button in the toolbar.
[…]
This beta release was an unannounced surprise. Prior to this, everyone assumed that what we were doing was going to be a standard for-sale product where you sent off your $35 and then some time later got a disc in the mail with a license key.
[…]
These anniversaries keep piling up, so I don’t really have a lot to add, but check my NSCP tag or the Previouslies for more, particularly the links in this one.

The thing that confuses people sometimes about new platforms is that while the platform and its clients are different things, you usually need both to be great for the whole thing to succeed.

a16z:

In this special episode, Marc and Ben dive deep into the REAL story behind the creation of Netscape—a web browser co-created by Marc that revolutionized the internet and changed the world. As Ben notes at the top, until today, this story has never been fully told either in its entirety or accurately.

In this one-on-one conversation, Marc and Ben discuss Marc’s early life and how it shaped his journey into technology, the pivotal moments at the University of Illinois that led to the development of Mosaic (a renegade browser that Marc developed as an undergrad), and the fierce competition and legal battles that ensued as Netscape rose to prominence.

Previously:

Update (2024-10-22): Adam:

Don’t forget the documentary!

Anniversary History Mac Mac App Netscape System 7 Web

Cocoa Mac Mac App macOS 15 Sequoia Programming ToothFairy

Thursday, October 17, 2024

ToothFairy 2.8.5

ToothFairy 2.8.5 is a maintenance update of my Bluetooth menu bar utility. It fixes a bug where sometimes ToothFairy wouldn’t auto-launch at login.

An interesting bug was:

ToothFairy uses SMLoginItemSetEnabled(), which, instead of launching the app directly, launches a helper app that can launch the main app. Originally, it did this using NSWorkspace.launchApplication(_:), but then Xcode reported this as deprecated, so I updated it to the new API, openApplication(at:configuration:completionHandler:). There seemed to be no need to report errors in this case, so I just passed nil for the completion handler. The documentation says that the method “Launches the app at the specified URL and asynchronously reports back on the app’s status.” What I didn’t realize, and seems contrary to the documentation, is that it doesn’t just report the success or failure asynchronously, but it seems to also do the launching asynchronously. Sometimes the API would return, the helper app would quit, and this would derail the launching. The fix is to keep the helper running until the completion handler has been called.

Kindle Colorsoft and 2024 Updates

Amazon (Hacker News, MacRumors):

The all-new Kindle Colorsoft brings color to Kindle without compromise. It has everything customers love about Kindle today—high contrast, fast page turns, an auto-adjusting front light, and weeks of battery life. It adds color that is vibrant yet easy on the eyes. Now, you can browse covers in color in your Kindle Library or Store; see book photos and images in color; or add color highlights that you can easily search later.

It’s $279.99 with a 7-inch display (wireless charging dock extra). Color is 150 ppi vs. 300 ppi for monochrome.

The all-new Kindle Scribe combines all the benefits of Kindle with a powerful notetaking device. The display has new white borders, and the screen has a smooth, paper-like texture that makes it look and feel like you’re writing on a sheet of paper. Plus, at 300 ppi, text looks crisp and clear when you’re writing or reading. The Premium Pen is finely crafted to deliver just the right heft and balance, so it feels like holding an actual pen, and the new soft-tipped eraser feels like a pencil—you’ll think you have to brush the screen clean after erasing.
[…]
The new Kindle Scribe offers a first-of-its-kind in-book writing experience and a more powerful notetaking experience. With Active Canvas, you can write your thoughts directly in the book when inspiration strikes. Your note becomes part of the page, and the book text dynamically flows around it—if you increase the font size, change the font style, or the book layout changes, the note remains visible exactly where you want it so you never lose any meaning or context. Coming soon, you’ll also be able to write your notes in the side panel and easily hide them when you are done.

It’s $399.99 with 10.2-inch display. I guess it doesn’t work with the wireless charging dock.

Since its debut in 2012, customers have made Kindle Paperwhite our best-selling Kindle—and the all-new Kindle Paperwhite is our fastest yet. Scrolling through your Kindle Library or Store is snappy and responsive with 25% faster page turns. The display uses an oxide thin-film transistor, which gives it the highest contrast ratio of any Kindle, so text and images pop off the screen. A larger, 7-inch display is a first for Kindle Paperwhite—and yet, it is also the thinnest Kindle Paperwhite ever with up to three months of battery life.

The regular edition is $159.99, and the signature edition (double the storage, wireless charging, front light sensor) is $199.99.

Weighing in at just 158g, the new entry-level Kindle is small enough to fit in your hand or carry in your back pocket—and it’s packed with premium Kindle features. It has a 300 ppi, glare-free display, now with faster page turns, higher contrast ratio, and a front light that is 25% brighter at max setting—as bright as Kindle Paperwhite.

This is $109.99 for a 6-inch display.

Sadly, the Kindle Oasis was not updated and is, in fact, discontinued. This was my favorite design, as it had physical page-turn buttons, a more comfortable shape to hold, and the lightest weight (131g without the cover).

The writing was on the wall, but it’s still sad. Amazon has apparently decided that there’s no place in the Kindle line-up for an e-reader that still has physical page-turn buttons.

Regular readers of this site will know that I am an ardent supporter of physical page-turn buttons on e-readers, because they allow you to rest a finger on the button and turn the page with a simple squeeze, while touch-only readers require you to constantly reposition a finger, tap, and the move the finger away. Not exactly torturous, but decidedly less optimal.

See also: M.G. Siegler and Andrew Liszewski.

Previously:

Update (2024-10-21): Riccardo Mori:

Now that the new iPad mini and the new Kindles are out, I can tell you that they both have one thing in common: they have sold me on the previous generation of their respective models or product lines.

[…]

I imagine that, from a manufacturing standpoint, devices with physical buttons may be annoying because they have parts and components that are subject to stress and wear. But physical buttons in ebook readers — especially when well placed — are crucial and make for a much more pleasant experience; they’re exactly where your thumbs rest while holding the device, and turning pages becomes a frictionless action; you click the button instinctively, without having to constantly move your hand away from holding the device to tap on the screen (hopefully in the right place). Amazon should have kept at least one Kindle with physical buttons instead of going touch-only across the whole lineup. Last week, at the local second-hand electronics shop I frequently visit, I’ve seen a Kindle Oasis at a good price, so I guess I’ll go with that.

Kirk McElhearn:

In my experience with Kindles and other devices, automatically adjustable brightness never works. When using it on Kindles, they suddenly darken or brighten, and I’ve always turned this feature off.

[…]

One note about brightness. Amazon says that all these devices have 94 nits maximum brightness. I compared my Kindle Oasis – 2019 model – to my iPad Pro, which maxes out at 1,000 nits. The brightest setting on the Oasis matched about 60% of the highest brightness on the iPad Pro. So I’m not sure what 94 nits actually means. It’s true that Kindles don’t need to be bright, because their e-ink displays are reflective, so when reading outdoors you can generally turn the brightness all the way down, saving on battery.

[…]

Many Kindle users hold onto their devices for a long time, if Internet forum comments are any indication, so getting people to upgrade isn’t easy. Amazon does offer a 20% discount on trade-ins for these new Kindles, along with whatever they offer for the trade-in devices, and runs this offer from time to time. […] Note that you’ll get 20% off regardless of how much your old Kindle is worth, so if you have a very old one, trade that in to get the discount.

Update (2024-11-04): Kirk McElhearn:

The device is aptly named: its colors are, well, soft.

[…]

Both of these devices are set to the same brightness and warmth, and I had to tone down the exposure and highlights to get the right contrast in the above photo. One thing you may notice is a moiré effect on the Colorsoft; this is an artifact of the extra layers in the display. These layers darken the display, and are especially obvious when comparing the two devices with their backlights off, under a bright reading lamp.

[…]

If you read comics or graphic novels, if you read books that have illustrations and photos, or if you just like to highlight your books in different colors, it’s a nice addition. But Amazon seems to have made an own goal here. Either they didn’t know how bad these displays were, or they figured people wouldn’t complain, but this is a bad look for a device this expensive.

Update (2024-11-05): Kuro TimeDesign:

[The] tech used is not very good and is quite famous for its shortcomings. They pretend they tweaked the backplane and the light system to achieve better results. But it is still the same quite disappointing technology and generation than most other color devices …

[…]

Just compare a color page and the real paper book. There is a reason why brands never show pictures comparing an actual book to the same book on their e-readers. It’s because colors and contrasts are so bad that nobody would buy these devices.

[…]

Many units exhibits a yellowich tint on the bottop of the display. Amazon is investigating this and says it’s a software issue which will be solved with an update.

[…]

Download and transfer via USB is not available anymore with the new line of Kindle device, making it more difficult to backup you books on your computer. You still can install the Kindle PC app to download your books and retrieve the files for backup, but it’s a step towards an even more closed ecosystem.

Color E Ink Hardware Kindle

Digital River Not Paying Developers

Thomas Claburn (Hacker News):

Digital River has not paid numerous merchants since midsummer for software and digital products they sold through its MyCommerce platform.
[…]
“Astonishingly, Digital River continued to take sales from our loyal customers until we removed them from the order system. It now appears they have no intention of making payments and may be entering a liquidation process under a new CEO who has been involved in similar situations before.”
[…]
The privately-owned, Minnesota-based business appears to have laid off a significant number of employees, presumably the result of what its UK subsidiary describes as cost reduction initiatives implemented in late 2022.
[…]
In a post to LinkedIn three weeks ago, Lorant Barla, CEO of Romania-based Softland, said, “Digital River is automatically ‘pre-signing’ contracts in your MyCommerce account without your approval. The new MSAs [Master Services Agreements] stipulate additional platform fees and payments delayed for up to 60 days (we are still waiting for the payment from July).”

It’s so sad to see them fall apart. eSellerate was great back in the day.

Previously:

Update (2024-10-18): See also: Hacker News.

Business Layoffs MyCommerce Payments Sunset Web

Core Data iOS iOS 18 Mac macOS 15 Sequoia Programming Swift Concurrency Swift Programming Language SwiftData

Wednesday, October 16, 2024

Returning to Core Data

Fatbobman:

However, the release of iOS 18 cast a shadow over this beautiful vision. A year after its first appearance, SwiftData underwent a major underlying refactoring. Although this adjustment was aimed at shifting from a strong coupling with Core Data to supporting more flexible multi-persistence solutions—a direction undoubtedly correct—it seems that the significant changes led to considerable impact on the new version’s stability.

Disappointingly, a large amount of SwiftData code that ran well on iOS 17 encountered various problems in the new version. For a data persistence framework that shoulders heavy responsibilities, these issues are undoubtedly fatal. What’s more worrying is that the complexity of these problems means they may not be thoroughly resolved in the short term. It is foreseeable that throughout the iOS 18 cycle, developers choosing to use SwiftData will have to continuously grapple with these challenges.

[…]

SwiftData’s performance on iOS 18 put me in a dilemma. For an application centered on data management, stability and reliability are non-negotiable. After repeated deliberation, I had to make a tough decision: abandon the thousands of lines of SwiftData code I had completed and return to Core Data.

[…]

When rebuilding the Core Data project, I decided to integrate the modern thinking I learned from SwiftData, using a more innovative approach to harness this time-tested framework.

Personally, I think the sweet spot is using mature frameworks like Core Data and Cocoa from Swift. Apple hasn’t done as much as I’d hoped to make this ergonomic, but there’s a lot you can do yourself. I actually go further than the example here and make all managed object initializers take the required attributes plus the context as arguments.

Previously:

Update (2024-10-17): See also: Hacker News.

Update (2024-10-18): Peter Steinberger:

So a year in, SwiftData is now worse than it was in the initial release? Honestly, don’t trust Apple there, use something open source that is properly maintained and has tests, like GRDB.

Update (2024-11-08): See also this thread from Steve Troughton-Smith:

What’s the consensus on SwiftData? Are any big apps using it? Does it have blockers or major issues to worry about?

Uhl Albert:

SwiftData performance was so bad on iOS 17 that I switched my app to CoreData to make it usable. I submitted two test projects to Apple code-level support. They acknowledged the problem and advised me to “try it in iOS 18 beta.”
I did, and while there was much less lag, memory usage was still double that of CoreData.
Here’s my Apple Dev Forum thread with more details and links to the test projects.

Airplane Apple Vision Pro Mac macOS 15 Sequoia Travel visionOS visionOS 2

Traveling With Apple Vision Pro

Azad Balabanian (via Federico Viticci):

The Vision Pro has quickly become an essential item that I take onto every flight.

It’s a fantastic device to travel with—Be it by train or by plane, it offers an unparalleled opportunity to selectively tune out your environment and sink into an engaging activity like watching a movie or just working on your laptop.

In this blog post, I’ll outline what I’ve learned about the Vision Pro while traveling, explain some of the functionality, shine light onto its drawbacks, as well as assess how it fares against solutions like a phone or a laptop.

[…]

The problem is that for meals that require eyesight to coordinate (aka using a fork to pick up food from a plate), as soon as you look down at your food, the tracking often gets lost. This causes the movie to stop playing and for you to have to look forward for the tracking to re-initialize.

[…]

Here, it doesn’t matter what my front seat neighbor does, I can just tilt my screen down, place the laptop on my lap or tray, pull up a virtual monitor, and get to work.

He uses a generic lens protector instead of the bulky Apple case, adds an Anker battery bank, and uses an extra third-party strap to make it more comfortable.

Passkeys Credential Exchange

Filipe Espósito (Hacker News, MacRumors, Dan Moren):

As just announced by the FIDO Alliance, the new specifications aim to promote user choice by offering a way to import and export passkeys. The draft of the new specifications establishes the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) formats for transferring not only passkeys, but other types of credentials will also be supported.
[…]
1Password, which worked with the FIDO Alliance on the new specifications, has already committed to supporting the new passkey import and export formats as soon as they become available. Other companies such as Dashlane, Bitwarden, NordPass, and Google also worked on the draft of the new specifications.
Although nothing has been said about Apple, the company is also part of the FIDO Alliance and was one of the first to introduce support for passkeys in 2022 with iOS 16.

I don’t love this framing because, to me, “export” means that it generates a standalone file that I can do with what I please. I can edit it. Or back it up and import it later—possibly into a different app. As far as I can tell, this is not that. It’s more of a way to transfer passkeys between password managers. It’s specifically designed to “export” an encrypted blob that can only be read by the password manager that requested the export. There’s no use even storing the exported file because, unless you have a way to back up the receiving private key, you won’t even be able to import it again. Maybe a third-party developer will make an app that requests/receives an export and lets you access your own data.

Export and import should have been extremely simple. Instead, they took years to come up with some convoluted system where the only possibility is to transfer from one vendor lock-in to another vendor lock-in.

The FIDO Alliance would probably say that not allowing true exporting makes it more secure, but I think that’s only true in a kind of security-through-obscurity way. If you make an encrypted happy path for transferring credentials, people will use it because it’s easier. Credential exchange does open the way for people to get at the decrypted data—it just makes it a pain and requires trusting an additional helper app. (Or are they going to somehow prevent non-big-players from participating?) If someone has direct access to my Mac and unlocked password manager, it’s game over, anyway. So I fail to see what this is really protecting against. Do they think people will export CSV files and leave them on unencrypted storage?

Jay Peters:

“It is critical that users can choose the credential management platform they prefer, and switch credential providers securely and without burden,” the FIDO Alliance wrote in its press release.

It’s about platforms, not giving you control of your data.

Martin Pilkington:

This is a big improvement, but I’m still very wary of any authentication system whose secret I can’t easily write down on a piece of paper.

Yes that may seem insecure, but I would also consider having a system that pretty much only major vendors can support to also be insecure in other ways. Loss of access is just as bad as being hacked as an authentication failure point.

I really want to like Passkeys given they’re technically much better, but their flaw is they require you to trust Big Tech (and do so in a far more important way than with passwords). Unfortunately Big Tech has used up pretty much all its remaining trust budget 🤷‍♂️

Phil Dennis-Jordan:

I particularly resent how they’re treating their proprietary, heavily networked implementations in always-connected devices as superior to a mostly-airgapped FIDO2 device. Those USB key like devices don’t have great UX, but I’d rather see some iteration on that idea than allowing Big Tech to silently sync (i.e. delete, copy, insert, etc.) those secrets in my phone.

Micah R Ledbetter (via Hacker News):

Passkeys are a technically interesting idea with many upsides, but I am concerned about the power they take away from users.

[…]

The passkey spec is designed intentionally such that:

Sites that use passkeys, like your bank, can tell what app you keep your passkeys in

Site that use passkeys can choose to support some apps and not others

This is not a hypothetical concern – it’s being discussed today with regard to the open source KeePassXC app.

[…]

The second ticket linked above makes it clear that sites are prepared to block passkey apps not just for their default settings, but for allowing certain actions to happen at all. In that ticket, the concern is that passkeys can be exported without being encrypted.

tadfisher:

There are FIDO Alliance folks posting Github issues requesting to remove features such as plaintext exporting of credentials, with the explicit threat that the Alliance might block such “open” passkey providers in the future. A local database is not enough, it needs to be locked in a secure element or protected with some TPM-like scheme.
The spec allows for hardware attestation as well, to ensure passkeys are being provided from blessed computing environments. Hopefully implementers continue to ignore this anti-feature, because it’s entirely stupid to lock out users who want to control their own security; at the same time, letting anyone with an Android phone restore passkeys from the cloud with one of their device PINs.

Terr_:

I would also be concerned about whether you can recover when a provider becomes unusable or hostile, and there is no cooperative migration path.

That might be the company going bankrupt, a physical or digital disaster, geopolitical firewalls, or simply a Kafka-esque bureaucracy where your entire account has been deleted without appeal because the company decided it was easier than figuring out the truth behind some moderation issue.

David Heinemeier Hansson (Lobsters):

We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out again.
The problem with passkeys is that they’re essentially a halfway house to a password manager, but tied to a specific platform in ways that aren’t obvious to a user at all, and liable to easily leave them unable to access of their accounts. Much the same way that two-factor authentication can do, but worse, since you’re not even aware of it.

Vincent:

With this blog post, I want to share with you the learnings on my way when working on a passkey-first auth solution and passkey intelligence with Corbado. All the hard truths, the unknown unknowns (factors that were not anticipated prior to my experience, essentially things we did not know we did not know), and the misconceptions should be uncovered, so that you know what to consider when implementing your own passkey-based authentication.

[…]

Implementing passkeys in a real-life project is 100x harder than you might initially think (trust us – we’ve gone through it).

Jeff Johnson (Mastodon, Hacker News):

I don’t want to place my credentials database under someone else’s control and because I don’t trust the availability and reliability of cloud sync. I prefer to manage credentials myself. Thus, I was surprised to find two passkeys in the “Passkeys Information.csv” file. I don’t recall ever creating a passkey.
[…]
What I didn’t realize until now is that enabling iCloud Keychain also automatically generated apple.com passkeys. I must have missed it at the time or forgot, but Apple automatically assigned passkeys to users of iOS 17, iPadOS 17, and macOS 14 Sonoma. Since passkeys require iCloud Keychain, it makes sense that this happened the exact same time that iCloud Keychain was (forcibly) enabled on my iPad. However, I seem to have lost the passkeys when I manually disabled iCloud Keychain, because the new Passwords app in iPadOS 18 shows zero passkeys. I have no idea how to revoke the lost credentials on Apple’s systems.
My question is, why does Apple have all of this personal, private information, stored in plain text?

Previously:

Update (2024-10-17): Dimitri Bouniol:

For what its worth, exporting passkeys is non-trivial, because authenticators are sometimes expected to count how many times they’ve signed a challenge, specifically so the server can ensure it hasn’t been copied and used on the side by a non-trusted 3rd party 😔

Update (2024-10-18): Lawrence Abrams:

Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use the security feature.

I would not call it quiet since when users log in it prompts them to add a passkey. If you don’t store cookies it will ask you every time.

Kyle Howells:

This is a worrying decree of platform lock-in. I expect a lot of issues when people lose access to their devices or try to login from a new computer.

Currently, this is not an issue because Amazon allows both password and passkey access to the same account (thus negating some of the benefits of passkeys). But the goal is for passkeys to replace passwords, and some sites already prevent you from using both. So backup and transfer of passkeys are very important.

Apple’s Ricky Mondello has been entertaining my questions about this. My conclusion is that the current situation (pre-CXF and CXP) is not good. You have very little control over your passkeys and can easily get into trouble if something goes wrong. There is always the option of using recovery, e.g. sending a special link to your e-mail, to generate a new passkey. Some people do this as a matter of course whenever they need to log in because they don’t remember their passwords. This horrifies me, as I think of passwords more as irreplaceable secrets to be carefully guarded. Recovery via e-mail (or postal mail) does not easily scale to large numbers of logins, and I don’t think it’s very secure, as people often leave their mail open on an unlocked device. And, as passkeys replace passwords, it may be difficult to access your e-mail without a passkey, creating a circular problem.

When Credential Exchange becomes available, I think it will help a lot, though I still have some concerns.

The Passwords app seems unlikely to support backups directly, so you would need to periodically export manually to maintain control of your data. Will this be limited?

As I suggested in the initial post, it will be possible to write an app that lets users truly export their data, not just transfer it. I was worried that, because sites can block certain authenticators, such an app might only be useful as a utility and could not be used as an actual password manager. It seemed that this was being used to pressure KeePassXC into not allowing exports. However, Mondello says that the identification is “extremely intentionally, an optional unattested hint string.” In other words, like a Web browser’s “User-Agent,” the password manager could identify itself however it wants.

I still don’t like that sites get to see which password manager I’m using. This is a privacy violation, as I doubt the big players are going to let me use a custom user agent. But if this is at least possible (in future versions or with indie password managers) it would prevent users from being locked out due to sites not liking a particular authenticator or big players going to war with each other.

At this point, I would say that I’m cautiously optimistic. However, the whole passkeys system is so complex that I’m sure there are important questions that I don’t even know to ask and failure modes I haven’t considered.

The credential exchange protocol introduces phishing to passkeys.
What stops an attacker from tricking a victim into approving a transfer of passkeys to a credential provider under the control of the attacker? I’ve read the working drafts, and they’re appalling terse on the subject of security considerations.

John Gruber (Mastodon):

I don’t have strong feelings about passkeys, but I am vaguely unsettled by them. There’s no way to use passkeys without using a proper password manager, like Apple Passwords with iCloud Keychain, or 1Password. But if you’re using a proper password manager, your passwords should all be unique and random, and you should have convenient access to 2FA codes. So what’s the point of passkeys if they can only be used by people who are already using a good password manager? Perhaps the thinking is that too many users just can’t be budged from the risky habit of using passwords they have memorized, and passkeys are a way to break that habit because they can’t be memorized.

The main benefits vs. a password manager seem to be that users can be phished and convinced to bypass the safe auto-fill and that incompetent sites store unsalted passwords, which can then be leaked.

John Gruber (Mastodon):

A friend texted me with another argument for passkeys: it’s somewhat common for websites to break password autofill. Maybe it’s deliberate, in the name of fighting bots? But whether deliberate or not, with passkeys, they have to work with your browser’s connected password manager. So maybe passkeys are a net win for convenience, even for technically-knowledgeable users who are unlikely to fall for phishing scams.

They are also more convenient than 2FA.

Alex R:

I think a lot of the passkey discourse(™) comes about because we’re a cohort of highly technical early adopters who already have password managers set up with sync, autofill, and two-factor auth. For those users, passkeys might lack some features (although I think the gaps are being filled rapidly there), but they aren’t really the people for whom passkeys are a big improvement.

opoto:

From the other side of this correct consideration, the point is to explain to the non tech users that from now they will need to use a password/passkey manager. This introduces complexity for them.

1Password Apple Password Manager iCloud Keychain iOS KeePass Mac Passkeys Passwords Phishing Privacy Security Top Posts Two-Factor Authentication (2FA) Web

A bit of feedback: the main problem to me is not the security factor (passkeys are more secure than passwords, period) but the apparent lack of control and ownership of my credentials.
[…]
Why is an Apple platform, macOS, seemingly intentionally hiding my own credential to my Apple account, at least in the Passwords app?

Update (2024-10-23): See also: Dithering.

Update (2024-11-05): Chris Adamson:

Cool new bits that just went up in AuthenticationServices: ASCredentialExportManager and ASCredentialImportManager. This will allow password manager apps on macOS/iOS/visionOS to exchange credentials like passwords and passkeys. Cool thing is, OS acts as an intermediary between the two apps, and none of your credentials are written to the filesystem mid-flight.

They are Swift-only.

17 Comments

Disk Images in Sequoia

When you create the disk image, macOS creates and attaches its container, and creates and mounts the file system within that. This is then saved to disk as a regular file occupying the full size of the disk image, plus the overhead incurred by the disk image container itself. No sparse files are involved at this stage.

When that disk image is mounted next, its container is attached through diskarbitrationd, then its file system is mounted. If that’s APFS (or HFS+), it undergoes Trimming, as with other mounts. That coalesces free storage blocks within the image to form one contiguous free space. The disk image is then saved in APFS sparse file format, skipping that contiguous free space. When the file system has been unmounted and the container detached, the space used to store the disk image has shrunk to the space actually used within the disk image, plus the container overhead. Unless the disk image is almost full, the amount of space required to store it on disk will be smaller than the full size of the disk image.

[…]

The size of read-write disk images is therefore variable depending on the contents, the effectiveness of Trimming in coalescing free space, and the efficiency of APFS sparse file format.

[…]

Although read-write disk images stored as sparse files are efficient in their use of disk space, they’re still not as compact as sparse bundles.

Read speeds for sparse bundles and read-write disk images were high, whether the container was encrypted or not. On the internal SSD, encryption resulted in read speeds about 1 GB/s lower than those for unencrypted tests, but differences for the external SSD were small and not consistent.

Write speeds were only high for sparse bundles, where they showed similar effects with encryption. Read-write disk images showed write speeds consistently about 1 GB/s, whether on the internal or external SSD, and regardless of encryption.

When unencrypted, read and write speeds for sparse (disk) images were also slower. Although faster than read-write disk images when writing to the internal SSD, read speed was around 2.2 GB/s for both. Results for encrypted sparse images were by far the worst of all the tests performed, and ranged between 0.08 to 0.5 GB/s.

Surprisingly good results were obtained from a new-style virtual machine with FileVault enabled in its disk image. Although previous tests had found read and write speeds of 4.4 and 0.7 GB/s respectively, the Sequoia VM achieved 5.9 and 4.5 GB/s.

Sparse bundles generally have the best performance, though plain read-write images can be faster for reading. Single-file sparse disk images are slow.

Apple File System (APFS) Disk Image DropDMG Mac macOS 12 Monterey macOS 15 Sequoia Virtualization

If you’re going to use disk images of any type, then getting the right tool for the job is essential. This article considers the leading candidates:
Disk Utility, bundled with macOS
DropDMG, $24.99 from C-Command, or from the App Store
Spundle, free from its Product Page here
hdiutil, the command tool bundled with macOS.

Previously:

Update (2024-10-18): Howard Oakley:

While this remarkable bug is present in macOS Sequoia 15.0 and 15.0.1, I’m afraid its days are numbered. If you want to experience the TARDIS sparse bundle, you’ve only got another week or two, as it appears to be fixed in the current beta of 15.1.

Update (2024-10-21): Howard Oakley:

Sparse bundles are more complicated than read-write disk images (UDRW), with band size to be set, and compaction to be performed.

Default band size appears to work well, and manually setting band size should seldom be necessary.

Both types appear highly efficient in their use of disk space, with only small differences between them.

Although it might be important to compact sparse bundles in some cases, the amount of free space returned by compaction is unlikely to be significant in many circumstances.

Perhaps this is because we don’t have tools to defragment the free space on APFS volumes.

Previously:

A Brief History of Defragging

Update (2024-12-17): Howard Oakley:

Sparse bundles (UDSB) remain generally faster in use than read-write (UDRW) disk images.

[…]

When sparse bundle performance is critical, it may be worth optimising band file size instead of using the default.

Tuesday, October 15, 2024

iPad mini (7th Generation)

Apple (MacRumors, Hacker News):

With a beloved ultraportable design, the new iPad mini is available in four gorgeous finishes, including a new blue and purple, and features the brilliant 8.3-inch Liquid Retina display. A17 Pro delivers a huge performance boost for even the most demanding tasks, with a faster CPU and GPU, a 2x faster Neural Engine than the previous-generation iPad mini, and support for Apple Intelligence. The versatility and advanced capabilities of the new iPad mini are taken to a whole new level with support for Apple Pencil Pro, opening up entirely new ways to be even more productive and creative. The 12MP wide back camera supports Smart HDR 4 for natural-looking photos with increased dynamic range, and uses machine learning to detect and scan documents right in the Camera app.

The new iPad mini features all-day battery life and brand-new experiences with iPadOS 18. Starting at just $499 with 128GB — double the storage of the previous generation — the new iPad mini delivers incredible value and the full iPad experience in an ultraportable design.

A17 Pro is the chip from last year’s iPhone 15 Pro models, and, notably, there was no non-“Pro” variant. Still, though: an interesting chip to use for iPad Mini.

I thought the rumor was that was to be a temporary chip because it was much more expensive to manufacture.

Ryan Christoffel:

For Wi-Fi, the previous mini offered Wi-Fi 6 compatibility, but the new mini takes it further by supporting Wi-Fi 6E.

The previous mini supported Bluetooth 5, but the new mini adds the more modern Bluetooth 5.3 spec.

[…]

Both models support USB 3. However, the old mini only offered speeds up to 5 GB/s, whereas the new model doubles that and goes up to 10 GB/s.

M.G. Siegler:

Overall, the update to the iPad mini would seem to be a good one – as tends to be the case when you wait three years between product refreshes.

Federico Viticci:

I’m not even sure that “disappointing” would properly describe this iPad mini update.
Three years for a chip bump and Apple Intelligence, and this thing will likely be replaced in 2027? Cool.

Rui Carmo:

[No] matter how they sugarcoat the A17 Pro, it’s not the upgrade I wanted for my mini 5 in either CPU, display, camera or anything else short of the USB-C port and TouchID (yes, I prefer TouchID).
Given the PR-only prerelease and outrageously spaced out refreshes it’s obvious the mini isn’t a priority for Apple, so I have to figure out if I want to address the fact that the 256GB cellular model is closer to €1000 than I would like or wait another two years to upgrade.

René Fouquet:

Still no Pro Motion display. I tried the last iPad Mini and had to send it back because I couldn’t get used to the low refresh rate.

iPad mini battery life is pretty miserable as-is, without Stage Manager or ProMotion or Face ID. While I would love to see an M-series iPad mini Pro, with all the bells and whistles, I’m not convinced it can be done to that level with current battery technology.

Adam Overholtzer:

The big problem for me remains the price. The iPad mini isn’t worth $500–600 and I don’t want to pay $500+ for an iPad.

I would honestly fully support Apple splitting the iPad mini into two separate lines — remove some stuff to make the mini even cheaper than it is today, but have an iPad Pro 8.3-inch (M4) with everything the bigger models have. Give it that 5.1mm OLED design to make it the ultimate notepad/sketchpad

Previously:

Update (2024-10-16): Steve Troughton-Smith:

Well this is dumb — today’s new iPad mini is compatible with the previous generation folio cases, and vice versa. Except those options aren’t provided to you during the purchase process, even though you can still buy them on Apple’s site. So if you preordered with a case color combo you’re not super fond of, now’s your chance to change your order!

Update (2024-10-21): Jason Snell:

Based on various reports, it seems like Apple’s goal is to turn over its entire Mac product line to the M4, so they can leave the old process (used on the M3 as well as the A17 Pro) behind. And yet… here’s a new product that uses a chip on the old process that everyone is trying to drop like a hot rock? What?

That’s why my guess is that the new iPad mini is using this chip for non-technical reasons. Here are the possible explanations[…]

Second, while it’s certainly possible that Apple has stockpiled enough five-GPU A17 Pro chips to make three years’ worth of iPad minis, this model feels more like a holding action that gets the iPad mini onto Apple Intelligence… while also using up some amount of chip excess. If I had to predict when we’ll see a next-next-generation iPad mini, I think I’d guess that it will probably be sooner than three years from now.

Apple A17 Pro Apple Hardware Announcement Apple Intelligence iOS iOS 18 iPad mini Touch ID

One of the main complaints about the prior-generation iPad mini 6 was “jelly scrolling” or screen tearing, and it sounds like it’s a problem that Apple may have addressed with hardware updates to the iPad mini 7 display.

Update (2024-10-22): Joe Rossignol:

The first iPad mini 7 reviews were published today, and many of them said that “jelly scrolling” display behavior is either less noticeable or fully unnoticeable on the device. However, one prominent technology website disagrees.

See also: Jason Snell and Federico Viticci.

Update (2024-10-24): Sebastiaan de With:

Brutal but honest paragraph from David Pierce in the @verge iPad mini review, and I can’t help but agree. They couldn’t even put a new wallpaper on the screen?

Filipe Espósito:

As we reported last month, all iPhone 16 models feature a new system that lets users restore the device’s firmware wirelessly from another iPhone or iPad. Now we’ve learned that Apple is also expanding this system to the recently announced iPad mini 7 with the A17 Pro chip.

Meek Geek:

The jelly effect is less pronounced that it’s negligible.

What’s terrible is the extreme bluriness when scrolling, especially when there’s text. Gives me a headache. Scrolling on a MacBook Air’s 60Hz display is so much better.

IBM Networking Rest in Peace

Ward Christensen, RIP

Benj Edwards (Hacker News):

Ward Christensen, co-inventor of the computer bulletin board system (BBS), has died at age 78 in Rolling Meadows, Illinois. He was found deceased at his home on Friday after friends requested a wellness check. Christensen, along with Randy Suess, created the first BBS in Chicago in 1978, leading to an important cultural era of digital community-building that presaged much of our online world today.
[…]
Despite creating one of the foundational technologies of the digital age, Christensen maintained a low profile throughout his life, content with his long-standing career at IBM and showing no bitterness or sense of missed opportunity as the Internet age dawned.
[…]
Prior to creating the first BBS, Christensen invented XMODEM, a 1977 file transfer protocol that made much of the later BBS world possible by breaking binary files into packets and ensuring that each packet was safely delivered over sometimes unstable and noisy analog telephone lines. It inspired other file transfer protocols that allowed ad-hoc online file sharing to flourish.

Matt Keeter (Hacker News):

How did I find myself writing a new implementation of a 45-year old protocol?

Previously:

Apple’s Stale Mac Displays

Artificial Intelligence LLaMA Math OpenAI

Apple sells two external displays, including the Pro Display XDR and the Studio Display, but neither has received hardware upgrades in years. In fact, the Pro Display XDR is nearly five years old, having been released all the way back in December 2019.
[…]
In December 2022, Bloomberg’s Mark Gurman said Apple was working on an updated version of the Pro Display XDR with an Apple silicon chip, something the current model lacks. In the Studio Display, an A13 Bionic chip powers features such as Center Stage camera framing, spatial audio, and Siri voice commands. However, there have not been any recent rumors about a new Pro Display XDR, so it’s unclear what Apple’s current plans are.
[…]
There have been on-again, off-again rumors about Apple planning a new 27-inch external display with mini-LED backlighting, which would allow for increased brightness and higher contrast ratio. In April 2023, Apple supply chain analyst Ming-Chi Kuo said the display was slated for mass production in 2024 or early 2025.

This is not surprising, since Apple has historically taken a long time to update its displays. I don’t think the panels necessarily need to be updated. But it’s disappointing because the Studio Display has well documented camera problems and power issues. I had high hopes that, coming from Apple, it would be reliable as a USB hub, but I end up directly connecting as many storage devices as possible to the meager ports on my MacBook Pro.

Also, it would be nice to have a mid-range display in the lineup. You can get an M3 iMac with a built-in 4.5K display for $1,299, yet the Studio Display by itself starts at $1,599. It’s still hard to find good third-party Retina displays. Why can’t Apple sell an iMac-less panel for a reasonable price?

Previously:

Update (2024-10-16): Adam Chandler:

I guess it’s correct to report Apple’s prices but aside from BTO/CTO Macs, I haven’t paid MSRP on an Apple Device in a while. Channel Partners have gotten brazen about prices that undercut Apple’s the point that I buy everything from BestBuy which has price match guarantee for 45 days after purchase and includes 2 years of AppleCare through BestBuy Total for no charge.
Case in point, $1599 was actually $1294 last week on Amazon.

That still seems like a lot for what you get. It’s not clear to me why Apple seems to have stopped caring about retailers charging consistent prices.

Nick Her:

Apple’s software quality has been insufficiently great for years and, so, it does not surprise me that a display running iOS is not as reliable as a display that does not use an entire mobile operating system.

Update (2024-10-21): Kuba Suder:

I asked people recently about this, and from what I could find, for more compact displays (<= 24″) it’s not just that they’re hard to find, there are no good Retina-DPI monitors, unless you manage to find a used LG on Ebay…

Display Hardware Mac Pro Display XDR Retina Rumor Studio Display USB

10 Comments

Understanding the Limitations of Mathematical Reasoning in Large Language Models

Hartley Charlton (Hacker News):

The study, published on arXiv, outlines Apple’s evaluation of a range of leading language models, including those from OpenAI, Meta, and other prominent developers, to determine how well these models could handle mathematical reasoning tasks. The findings reveal that even slight changes in the phrasing of questions can cause major discrepancies in model performance that can undermine their reliability in scenarios requiring logical consistency.
Apple draws attention to a persistent problem in language models: their reliance on pattern matching rather than genuine logical reasoning. In several tests, the researchers demonstrated that adding irrelevant information to a question—details that should not affect the mathematical outcome—can lead to vastly different answers from the models.

Gary Marcus:

Everyone actively working with AI should read it, or at least this terrific X thread by senior author, Mehrdad Farajtabar, that summarizes what they observed.
[…]
Another manifestation of the lack of sufficiently abstract, formal reasoning in LLMs is the way in which performance often fall apart as problems are made bigger.
[…]
What I argued in 2001, in The Algebraic Mind, still holds: symbol manipulation, in which some knowledge is represented truly abstractly in terms of variables and operations over those variables, much as we see in algebra and traditional computer programming, must be part of the mix. Neurosymbolic AI — combining such machinery with neural networks – is likely a necessary condition for going forward.

Dare Obasanjo:

This is a problem for anyone who belueves they can build autonomous AI agents on this foundation since it means anytime the “agent” sees a pattern it doesn’t recognize, it will fail hilariously or even catastrophically.

Nick Lockwood:

The most surprising part of the news that Apple researchers have discovered that LLMs can’t reason is that anybody who had even a layman’s understanding of LLMs thought they could in the first place.

Pierre Habouzit:

I think that what [LLMs] do is similar to our human so called “intuition”: they recognize “patterns they’ve seen before and intuitively go to the answer that worked then.”

This is an important aspect of how Inthink and a lot of the creative process I have at work is a back and forth between “intuition” and verifying that it sustains a more rigorous model.

[…]

LLMs have a role into an actual form of AI. It just can’t be on its own.

Dave Rahardja:

LLMs can’t do math because they don’t actually understand concepts; they are just really fancy autocomplete engines.

We knew that already, but this paper quantifies it. The math performance is really pretty dismal even with training that tries to optimize for math. The best performance was by OpenAI’s GPT-4o, which scored around 95% for the most basic of grade-school word problems, which means it got 1 in 20 questions wrong, which means it’s not usable for anything in production.

[…]

IMO the biggest problem with LLMs is not that performance is poor, but that there is no way to tell when they get it wrong. The models may make one mistake in a million, but *which output is the wrong one*?

Jason Koebler:

In December, NARA plans to launch a public-facing AI-powered chatbot called “Archie AI,” 404 Media has learned. “The National Archives has big plans for AI,” a NARA spokesperson told 404 Media. It’s going to be essential to how we conduct our work, how we scale our services for Americans who want to be able to access our records from anywhere, anytime, and how we ensure that we are ready to care for the records being created today and in the future.”

Employee chat logs given during the presentation show that National Archives employees are concerned about the idea that AI tools will be used in archiving, a practice that is inherently concerned with accurately recording history.

Previously:

Apple’s Hidden AI Prompts

3 Comments

Monday, October 14, 2024

PolyCapture 1.5

App ahead (Reddit):

PolyCapture for Mac lets you to record webcams, microphones, screens, and apps — individually or simultaneously.

[…]

Filter apps from your recordings on the fly, ensuring nothing gets in your way.

[…]

Capture voiceovers, podcasts, interviews, music, or commentary. If a microphone can pick it up, PolyCapture can record it.

[…]

Use macOS’s Voice Isolation to enhance speech quality and reduce background noise. Apply video effects like Portrait Mode, Studio Light, and Center Stage to level-up your recordings.

This looks well done, and it’s only $3.99.

Previously:

Update (2024-10-15): Marc Edwards:

Screenflick has been my screen recording app of choice for a very long time, but PolyCapture looks extremely nice.

Audio Camera Mac Mac App macOS 15 Sequoia PolyCapture Screen Recording

Fake Safari Link Sharing Text

Joshua Long:

For nearly six years, Apple has neglected to fix a bug that enables anyone to effectively create false or misleading news headlines that appear to come from credible sources.

[…]

Apple’s Safari browser includes a feature related to link sharing. If you select (highlight) text within a Web page and then tap on the Share button, you can “quote” the selected portion of the page for the recipient when you share the link via Apple’s Messages app. The feature is intended to allow users to include a direct quote from an article, embedded within the iMessage link preview.

However, Apple does not limit the preview text selection to the contents of the page as received from the Web server—and therein lies the flaw.

Users can type something into a page’s search bar (or any other text field), select the text they just typed, tap Safari’s Share button, and then tap the green-and-white Messages icon to send it to any iMessage recipient—either an individual or a group.

Bug Exploit iMessage iOS iOS 12 iOS 18 Mac macOS 15 Sequoia Safari

Cocoa Code Generation Core Foundation iOS iOS 18 Java Linux Mac macOS 13 Ventura macOS 14 Sonoma macOS 15 Sequoia Memory Management Objective-C Runtime Open Source Open-source Software Optimization Programming Software Rewrite Swift Programming Language Things

Swift Foundation Unification

Ben Cohen:

The keynote from Tony [Parker] and me at ServerSideSwift2024 is up. Hear about how Swift interoperability allowed Foundation to make the switch to Swift, and about the latest direction for interoperability: from Swift to Java.

Apple has rewritten Foundation in Swift, and the Objective-C Foundation and Core Foundation now call into the Swift implementation. This improves performance from Swift, as there are fewer conversions, and also generally, as the Swift code has in some cases been optimized to reduce allocations.

The actual Foundation running on Apple’s platforms is now open source! They are working on a simpler review process for minor API proposals and encouraging more proposals from new contributors.

Quinn:

This seems to be a good time to remind folks that…

Those who live by the swizzle will die by the swizzle!

When I was getting started with Cocoa, Apple had just written an Objective-C to Java bridge. Apple emphasized that you could write native apps in Java This was seemingly rarely done, and I opted to use Objective-C even though I had been a Java programmer. I did use the Java bridge to call into a Java library that didn’t have an Objective-C equivalent. It worked well.

Anyway, there’s now a prototype bridge between Swift and Java. There are code generation tools to make it easier to call in both directions.

Previously:

Update (2024-10-28): Tina Liu:

I’d like to share the first-ever yearly update from Swift-Foundation workgroup.

3 Comments

Greppability Is an Underrated Code Metric

Moriz Büsing (via Hacker News):

It turns out that splitting up, or dynamically constructing identifiers is a bad idea.

[…]

Don’t rename fields at application boundaries to match naming schemes. An obvious example is then importing postgres-style snake_case identifiers into javascript, then converting them to camelCase.

[…]

Taking inspiration from the Zen of Python, when dealing with namespaces, flattening your folders/object structures is mostly better than nesting.

Sarah Reichelt:

I applauded Swift’s plan to eliminate all the NS prefixes but searching for Data or String is impossible. NSData & NSString were much more searchable.

No matter how smart the IDE is, there will be times when you need to search the raw source. And, of course, Google and Stack Overflow and your issue tracker don’t understand what the symbols refer to.

Cocoa Craft grep iOS iOS 18 Mac macOS 15 Sequoia Objective-C Programming Swift Programming Language

Friday, October 11, 2024

A Brief History of Defragging

Apple File System (APFS) DiskWarrior Drive Genius HFS+ History iDefrag Mac macOS 15 Sequoia Storage TechTool Pro

All storage media, including memory, SSDs and rotating hard disks, can develop fragmentation, but most serious attention has been paid to the problem on hard disks. This is because of their electro-mechanical mechanism for seeking to locations on the spinning platter they use for storage. To read a fragmented file sequentially, the read-write head has to keep physically moving to new positions, which takes time and contributes to ageing of the mechanism and eventual failure. Although solid-state media can have slight overhead accessing disparate storage blocks sequentially, this isn’t thought significant and attempts to address that invariably have greater disadvantages.

Fragmentation on hard disks comes in three quite distinct forms: file data across most of the storage, file system metadata, and free space. Different strategies and products have been used to tackle each of those, with varying degrees of success.

[…]

Manually defragging HFS+ hard disks was always a questionable activity, as Apple added background defragmentation to Mac OS X 10.2, released two years before Coriolis was even founded. By El Capitan and Sierra that built-in defragging was highly effective, and the need for manual defragging had almost certainly become a popular myth.

I would agree that defragging became much less useful since the days when I was using the Speed Disk component of Norton Utilities on System 7. But my recollection is that HFS+’s automatic defragmentation didn’t fully solve the problem because it wasn’t able to work on all files (notably skipping large ones, which could have hundreds or even thousands of fragments for a single file) and didn’t consolidate the free space. iDefrag remained useful for spinning disks until the advent of APFS.

APFS also has built-in defragmentation, which in some cases I enabled myself and in other cases seemed to have been automatically enabled. I haven’t noticed any improvement from enabling it, which is unsurprising since Oakley and Mike Bombich say that it doesn’t defragment the file system metadata. APFS performance remains really bad on spinning disks, in my opinion.

Previously:

Cocoa Dock Mac Mac App Store Mac OS X 10.5 Leopard macOS 15 Sequoia Open Source Programming Swift Programming Language

Using NSDockTilePlugIn

Mario Guzmán (Mastodon):

Customizing an application’s Dock tile when the application itself is not running requires that you write a plug-in. The plug-in’s principal class must implement the NSDockTilePlugIn protocol.
The name of the plugin is indicated by a NSDockTilePlugIn key in the application’s Info.plist file.
The plugin is loaded in a system process at login time or when the application tile is added to the Dock. When the plugin is loaded, the principal class’ implementation of setDockTile(_:) is invoked, passing an NSDockTile for the plug-in to customize. If the principal class implements dockMenu() it is invoked whenever the user causes the application’s dock menu to be shown.
[…]
It is rare to see apps use NSDockTilePlugIn because apps that contain one are not allowed on the Mac App Store.

Previously:

Big Sur Application Icons

Mac macOS 15 Sequoia Photography Photos.app Time

Sorting Burst Shots in Apple Photos

Kevin Yank:

When I import a large batch of shots from my camera into Photos, I usually want them in an album, sorted in the order I shot them. The Keep Sorted By Oldest First option would seem to be what I want, but unfortunately its sorting is only based on the capture time of each photo in seconds.

[…]

In order to get the photos into the order I want them, I just need to sort them in the order of their filenames. PA020007.ORF comes after PA020006.ORF, and so on. But Apple Photos can only sort by title, not by filename.

So, to get the sort order I want, I must first assign every photo in the album a title based on its original filename. Of course, typing all these titles in by hand would be impossibly tedious. Thankfully, there’s an open-source tool for that!

iOS iOS 15 Mac macOS 12 Monterey Programming Virtualization

Virtualizing iOS on Apple Silicon

Nick Botticelli (via Hacker News):

Now, to get started, a strategy for approaching the daunting task of running iOS on vma2 is needed. I found the most success with reusing a fully macOS 12.0.1 bootchain and simply replacing the system (OS) image, along with its associated mtree, root_hash, and trustcache files, with that of the iOS 15.0.2’s (iPhone XR build). This would largely bypass the need for (almost) any modifications before iOS initializes, such as to the bootchain and ramdisk (restore process). The XR build was chosen for its arm64e capability and lower-resolution (if that mattered). You should see success with other arm64e device configurations, but do note that the vma2 kernel is hardcoded to return “iPad8,6" for some sysctl key. arm64 versions experienced additional issues and binary incompatibilities, so there is no point in trying these builds.
I used my own fork of tart (a third-party application for managing Apple silicon virtual machines), super-tart for running the iOS VM, which allows for using the required undocumented features provided by Virtualization.framework. I have not yet pushed all of my changes, such as for setting _setProductionModeEnabled(false). Do note that such Virtualization.framework tools that use private APIs require SIP to be turned off, and maybe AMFI as well. I also use my own fork of idevicerestore.
[…]
Getting past the system keybag issues requires many more patches and an understanding of the system as it exists in the iOS system and kernel that I currently lack. This project has already taken at least a few hundred hours of exploration, and I’d be curious to see if anyone can take it further than just booting to PreBoard.app.

Previously:

Amazon Instant Video Apple TV+ TV.app tvOS tvOS 18 tvOS App Web

Thursday, October 10, 2024

Apple TV+ in Amazon Prime Video

Jess Weatherbed:

Amazon is adding Apple TV Plus to Prime Video, a move that could help bolster the iPhone maker’s languishing streaming service. Apple TV Plus will be available on Prime Video in the US later this month as a $9.99 monthly add-on — the same you’d otherwise pay directly to Apple. The difference now is that Apple TV Plus is being promoted directly to Amazon’s massive video subscriber base.

[…]

For Amazon, Apple TV Plus joins over 100 streaming service add-ons already available through Prime Video Channels. It’s all part of the company’s plan to become a global “first-stop entertainment hub” according to Hopkins, a goal that Apple once had for Apple TV.

Alex Weprin:

“We want to make Apple TV+ and its award-winning library of series and films from the world’s greatest storytellers available to as many viewers as possible,” said Eddy Cue, Apple’s senior VP of services, in a statement.

I wonder whether Apple will allow this within the Prime Video app on Apple TV or whether you’ll still have to use the TV app there.

Benjamin Mayo:

Apple TV+ as a channel inside Amazon Prime Video is perfectly fine and sensible for Apple TV+, but it speaks volumes about how Prime Video is eating the TV app’s lunch as a streaming all-in-one aggregator.

Previously:

Breach Internet Archive Privacy Web

Internet Archive Hacked

Lawrence Abrams (Hacker News):

Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records.
[…]
Hunt told BleepingComputer that the threat actor shared the Internet Archive’s authentication database nine days ago and it is a 6.4GB SQL file named “ia_users.sql.” The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.
[…]
While the Internet Archive is facing both a data breach and DDoS attacks at the same, it is not believed that the two attacks are connected.

Springtime:

Just in terms of privacy, it’s worth noting that anyone who has uploaded something on IA already has their email address publicly viewable.
This isn’t something that commonly known (even judging by comments here) but in the publicly viewable metadata of every upload it contains the uploader’s IA account email address. So from a security perspective it’s bad but from a privacy perspective a lot of users probably weren’t aware of this detail if they’ve uploaded anything.

Previously:

Update (2024-10-21): Lawrence Abrams (Hacker News):

The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens.

[…]

In the case of the Internet Archive, there was no money to be made by trying to extort the organization. However, as a well-known and extremely popular website, it definitely boosted a person's reputation amongst this community.

We need a fully separate Internet archive as a backup.

Apple Password Manager iOS iOS 18 Mac macOS 15 Sequoia Passwords PasswordWallet Safari

Apple Passwords’ Generated Strong Password Format

Ricky Mondello (Mastodon):

To make these passwords easier to type on suboptimal keyboard layouts like my colleague’s game controller, where the mode switching might be difficult, these new passwords are actually dominated by lowercase characters. And to make it easier to short-term have in your head little chunks of it to bring over to the other device, the passwords are based on syllables. That’s consonant, vowel, consonant patterns. With these considerations put together, in our experience, these passwords are actually a lot easier to type on a foreign, weird keyboard, in the rare instances where that might be needed for some of our users.

And we weren’t going to make any changes to our password format unless we can guarantee that it was as strong or stronger than our old format. So if you want to talk in terms of Shannon entropy once again, these new passwords have 71 bits of entropy, up from the 69 from the previous format.

[…]

So these new passwords are 20 characters long. They contain the standard stuff, an uppercase character. They’re dominated by lowercase. We chose a symbol to use, which is hyphen. We put two of them in there, and a single [digit]. We picked this length and the mix of characters to be compatible with a good mix of existing websites.

I like the password format that Safari generates, but I wish I could turn off auto-generation of passwords. It’s a really awkward workflow if I prefer to create new accounts and passwords in PasswordWallet. As far as I can tell, I can only opt out for individual text fields. That takes a bunch of extra clicks, and if I forget I end up with the password stored in the wrong place, which I may not realize until much later, when it’s harder to fix. Just let me choose to have an empty text field by default.

Previously:

cachiporra:

I love how Hulu’s password reset input field silently strips out the dashes and compacts the password, while Apple dutifully saves the original.

Update (2024-10-11): Ricky Mondello notes that on Sequoia there’s a setting in the Passwords app to turn off password generation.

Update (2024-10-18): See also: Hacker News.

Sequoia Security Scoped Bookmarks Bug

Matthias Gansrigler:

If you’re using Yoink on macOS Sequoia, you might have encountered an issue where Yoink would not accept any files anymore.
[…]
Basically any app that handles file URLs and saves them as a security-scoped bookmark for later access can be bitten by this bug, currently occurring on macOS 15.0 and 15.0.1.

DTS Engineer:

What you’re hitting is bug in “ScopedBookmarksAgent” which can cause it hang if it happens to have been launched when the keychain was also locked (for example, late in the screen lock process). That bug is fixed as of macOS 15.1 beta 4.
If you’re hitting it regularly during development, you can resolve the issue by killing ScopedBookmarksAgent (you may also need to kill and relaunch your app, depending on what state it ends up). On the user side, a log out (or reboot) should resolve the issue.

Bug Mac macOS 15 Sequoia Sandboxing Security Scoped Bookmarks

macOS Sequoia is disproof of the theory that spreading out WWDC-announced features over the course of the year will improve software quality.

Previously:

Wednesday, October 9, 2024

Panic Drops Google Drive Access

Michael Buckley (Mastodon, Hacker News):

At some unknown point in the future, Google will revoke Transmit’s access to Google Drive. Sometime after that, we’ll be releasing updates to Transmit and Nova that remove the ability to create Google Drive connections.

[…]

In March, Transmit was re-approved for Google Drive access — but we were told we would now need to pass this check annually. At this point, we began to question whether this yearly process was worth it.

Between the weeks of waiting, submitting the required documentation and the process of scanning the code, it took a significant amount of time from our engineers. For example, Google provided a Docker image for running the scanner, but it didn’t work. We had to spend more than a week debugging and fixing it. And because the scanner found no problems, it didn’t result in any improvements to Transmit. No one benefitted from this process. Not Google, not Panic, and not our users.

[…]

Google completely removed the option for us to scan our own code. Instead, to keep access to Google Drive, we would now have to pay one of Google’s business partners to conduct the review. […] These ever-shifting requirements and expenses are finally catching up to third parties.

Damien Petrilli:

I have the feeling that Google Drive is going to be useless very soon. Most indie apps are going to stop supporting it.

Previously:

Google Drive Mac Mac App macOS 15 Sequoia Nova Panic Transmit Web API

Musi for YouTube Removed From the App Store

Ashley Belanger:

Musi, a free music-streaming app only available on iPhone, sued Apple last week, arguing that Apple breached Musi’s developer agreement by abruptly removing the app from its App Store for no good reason.
According to Musi, Apple decided to remove Musi from the App Store based on allegedly “unsubstantiated” claims from YouTube that Musi was infringing on YouTube’s intellectual property. The removal came, Musi alleged, based on a five-word complaint from YouTube that simply said Musi was “violating YouTube terms of service”—without ever explaining how. And YouTube also lied to Apple, Musi’s complaint said, by claiming that Musi neglected to respond to YouTube’s efforts to settle the dispute outside the App Store when Musi allegedly showed evidence that the opposite was true.
[…]
In its complaint, Musi fully admits that its app’s streams come from “publicly available content on YouTube’s website.” But rather than relying on YouTube’s Application Programming Interface (API) to make the content available to Musi users—which potentially could violate YouTube’s terms of service—Musi claims that it designed its own “augmentative interface.” That interface, Musi said, does not “store, process, or transmit YouTube videos” and instead “plays or displays content based on the user’s own interactions with YouTube and enhances the user experience via Musi’s proprietary technology.”

Ben Lovejoy:

Musi launched back in 2016, and proved a big hint with teens in particular, as it provided completely free music streams without the audio ad interruptions you get on Spotify’s free tier.
By the beginning of this year, Musi was actually bigger than many of its rivals.
[…]
The Google-owned company said that Musi violated its terms of service by doing this, while the service claimed it was effectively just acting as a web browser and therefore was doing nothing wrong.

Previously:

Juno for YouTube Removed From the App Store

App Store App Store Takedown Copyright iOS iOS 18 iOS App Lawsuit Musi Music YouTube

China Possibly Hacking US “Lawful Access” Backdoor

Bruce Schneier:

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.

Zack Whittaker:

The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider’s network, typically granting a select few employees nearly unfettered access to information about their customers, including their internet traffic and browsing histories.

But for the technologists who have for years sounded the alarm about the security risks of legally required backdoors, news of the compromises are the “told you so” moment they hoped would never come but knew one day would.

Jon Brodkin:

The Washington Post reported on the hacking campaign yesterday, describing it as “an audacious espionage operation likely aimed in part at discovering the Chinese targets of American surveillance.” The Post report attributed the information to US government officials and said an investigation by the FBI, other intelligence agencies, and the Department of Homeland Security “is in its early stages.”
The Post report said there are indications that China’s Ministry of State Security is involved in the attacks.

AT&T China Exploit Federal Bureau of Investigation (FBI) Internet Service Provider (ISP) Legal Security Verizon Web

This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse.

Nick Heer:

According to a 2016 paper from Public Safety Canada, “Australia, the U.S., the UK and many other European nations require CSPs [Communications Service Providers] to have an interception capability”; it also notes Canada does not. Such a requirement is understandable from an investigative perspective. But, as Pfefferkorn says, capabilities like these have been exploited before, and it will happen again. These are big targets and there are no safe backdoors.

Previously:

Google App Store Monopoly Remedy

Sean Hollister (PDF, Hacker News, MacRumors):

Today, Judge James Donato issued his final ruling in Epic v. Google, ordering Google to effectively open up the Google Play app store to competition for three whole years. Google will have to distribute rival third-party app stores within Google Play, and it must give rival third-party app stores access to the full catalog of Google Play apps, unless developers opt out individually.
These were Epic’s biggest asks, and they might change the Android app marketplace forever — if they aren’t immediately paused or blocked on appeal.
[…]
In Epic v. Google, Epic successfully argued that Google had created such a substantial array of deals with developers, carriers, and device makers that it was nigh-impossible for rival stores to spring up. By blocking those sorts of deals, and proactively helping rival app stores, it’s possible some real competition to Google’s monopoly could now arrive.
Google will still have some control over safety and security as it opens up the Google Play Store to rival stores. The injunction says that Google can “take reasonable measures” that are “strictly necessary and narrowly tailored” and are “comparable” to how it currently polices the Google Play Store. Google will be able to charge a fee for that policing, too. Epic has repeatedly argued that Google should not be able to deter third-party app stores through policing, so it’s likely Epic and Google will keep butting heads over this.

Thomas Claburn:

Google, in a blog post, unsurprisingly disagreed – it is appealing the verdict and will ask the courts to pause the injunction until its appeal is heard.

Android Antitrust Department of Justice (DOJ) Epic Games Google Google Play Store Lawsuit Legal

What Judge Donato is demanding is effectively pass-through to the actual Play Store listing for any apps and games that aren’t available in a third-party app store. So if you search in the Brand X app store for “FooApp” but FooApp isn’t available in the Brand X store, Brand X’s store app can let you install and download FooApp from the Play Store. But that counts as a regular Play Store installation. It’s just a way to encourage users of third-party stores to search those stores first, even though the vast majority of apps will likely remain exclusively in the Play Store.

Michael Love:

This is fantastic news, going way beyond what Apple v Epic required. And will solve a big practical problem for me, namely that people get unofficial mirrored Play versions of Pleco from Chinese app stores, can’t use Play IAP + I can’t link to another method.
It’s also going to help a lot with getting iOS users to buy from my website, because their Android friends will see a link to save money buying on my website and will tell their iOS using friends about it. (In fact I can even mention in the app that it works on iOS too)

M.G. Siegler:

The DoJ is basically putting every option on the table, including the big one: a breakup of Google itself into smaller parts.

Previously:

Update (2024-10-10): See also: Hacker News.

Tuesday, October 8, 2024

Scripting News at 30

Dave Winer:

Today is the 30th anniversary of this blog.
I did a roundup of thoughts when this blog turned 25. I stand by what I wrote then, but I’d add this. My blog started because I needed content to test a script I had written that sent emails on my Mac using Eudora, which was an early scriptable app and I had a nice scripting system that worked with it. I looked around for something to send (30 years ago today), and shot out an email to the people whose business cards I had collected at various tech conferences. It was a thrill, so I did it again, and again and three more times, before I realized hey I could use this thing to get my own ideas out there. And thus began this thing that I still do to this day. Look at the two posts I wrote about WordPress in the last few days. There may be hope to find a blogosphere buried somewhere in there. And it may be possible to give them some sweet new writing tools so they can get excited about writing on the web the way we did all those years ago. I actually am kind of optimistic about that. Maybe we can stand up something in the midst of the noise. When we booted up podcasting, approx 20 years ago, we had a slogan -- “Users and developers party together.” It worked! That is still the way I want to build stuff, it’s the only way I know how to do it. Blogging started out as a programming adventure and eventually became a form of literature. How about that. I’m up for doing more of that if you all are. But please expect to make contributions, don’t expect it all to come to you for free, because as we know nothing really is free.
[…]
I appreciate all of the messages, but would appreciate them even more if they were on your blog. We need to keep using the tech. Blogging is kind of lost, and I would like to see that change. Every time you post something you’re proud of on a social media site, how about taking a moment and posting it to your blog too. And while there, if appropriate, link to something from some part of your post, even though the social media sites don’t support linking, the web is still there and it still does.

Om Malik:

The best version of Dave is the Hopeful Dave. Today, writing on his blog, he is still pushing for the blogs into the future, one line at a time.

John Naughton:

In 1983, Winer founded a company, Living Videotext, to develop and commercialise the outlining idea, and six years later sold it to Symantec for enough money to enable him to do his own thing for the rest of his life. One of those things involved playing a leading role in developing RSS (really simple syndication), a tool that allows users to keep track of many different websites in a single application (a news aggregator) that constantly monitors sites for new content. (Think of it as the hidden wiring of the web.)
[…]
Like many of us, he realised that what came to be known as the blogosphere could be a modern realisation of Jürgen Habermas’s idea of “the public sphere” because it was open to all, everything was discussable and social rank didn’t determine who was allowed to speak. But what he – and we – underestimated was the speed and comprehensiveness that tech corporations such as Google and Facebook would enclose that public sphere with their own walled gardens in which “free speech” could be algorithmically curated while the speakers were intensively surveilled and their data mined for advertising purposes.

Winer is rightfully renowned for his technical achievements — outliners as an application genre, RSS in general, and RSS in the specific context of podcasting in particular — but what’s kept me reading Scripting News for the entirety of Scripting News’s 30-years-and-counting run is his writing. He has such a distinctive writing voice that is impossible to imagine in any medium other than the web.

See also: Guy Kawasaki’s podcast about Winer’s career and this post about MORE:

We called it that because there was so much more in it than the earlier outliner, ThinkTank 512, we didn’t have any idea which new feature, if any, would be the one that turned people on.
We didn’t have the luxury of picking among them because our company was on the verge of going out of business. We needed help from Apple to make it to shipping. They gave us a loan of $400K, and we put our source code in escrow in case the company failed, which looked like a real possibility.

Dave Winer:

This is why listening to users is so important.
Sometimes they give you the idea that puts your product over the top.
That’s how our outliner became a blockbuster on the Mac in 1986.
It’s how podcasting was born in 2001.

Previously:

Anniversary Frontier History Mac Mac App Outliner Podcasts RSS The Media Web

Disk Utility Finder Jettison Mac macOS 14 Sonoma Sleep Storage Time Machine

Jettison 1.8.9

St. Clair Software:

When you set keyboard shortcuts for ejecting, sleeping and remounting, they are now shown in Jettison’s menu.
Fixed a bug that could result in an error message when manually mounting a volume even though the volume mounts correctly.
When an encrypted disk cannot be mounted because its password is not in the keychain, the error message explains how to fix the problem.

The app is presented as a way to eject external drives before putting your Mac to sleep. I use it for other things:

When I’m done for the day, I eject certain spinning hard drives that can be loud and to prevent Time Machine from churning all night.
Since Big Sur or so, macOS sometimes doesn’t auto-mount drives when I connect them. I can usually do this with Jettison, although sometimes I still need to fire up Disk Utility in order to see the drives.
Since around the same time, Finder has not been reliable at showing when a drive has actually been unmounted, so that it’s safe to disconnect it. Sometimes the drive’s icon will still be shown after ejecting. Other times the icon disappears too soon, leading to errors when I disconnect the drive. Jettison shows a progress window that seems to accurately tell me when the process has completed.

Previously:

Adobe Adobe Creative Cloud App Subscriptions Artificial Intelligence Business Mac Mac App macOS 15 Sequoia Photoshop Elements

Photoshop Elements Switches to Subscriptions

Jeremy Gray (Hacker News):

In Photoshop Elements 2025, a new AI-powered Remove Tool makes it easy to erase and replace distracting objects in photos, including unwanted people and distracting objects. This new feature also includes an accompanying “Object Removal” Guided Edit to walk new users through the process.
[…]
Photoshop Elements has long included a range of collage tools, enabling users to combine multiple photos. With AI-powered subject detection tools, it’s now easier to blend the subject from one shot with the background of another. Editors can learn the ropes of this type of photo compositing with a new “Combine Photos” Guided Edit.
[…]
While prior versions of Photoshop and Premiere Elements have been lifetime licenses — the user buys the software and then owns it indefinitely — this year’s release has moved to a three-year license term. […] Once that period is up, users will no longer have access to the software’s editing functions, although they will still have access to Elements Organizer to view and manage their files.

But at least it’s separate from Creative Cloud.

Previously:

Bug Domain Name System (DNS) Little Snitch Mac macOS 15 Sequoia Networking SSH TCP UDP

Networking Issues in Sequoia

Christian Starkjohann:

We don’t recommend upgrading [to Sequoia] now because there are several bugs related to networking and firewalls in the 15.0 release. We expect most of them to be fixed in 15.1.
[…]
There are individual reports of websites aborting loading midway. We believe this is a general problem with TCP connections, not only ssh, but ssh seems to trigger it most frequently.
[…]
If you have configured Apple’s firewall to block incoming connections, it blocks all incoming UDP packets, even if they are responses to requests, e.g. responses to DNS name lookups.

Christian Starkjohann:

According to our tests, the issue with the built-in firewall appears to be fixed [in 15.0.1].
[…]
Recent user feedback indicates a shift of the situation: users who consistently encountered the problem no longer report it, while others, who were previously unaffected, are now experiencing ssh connections dropping after some time. We don’t yet have sufficient data to determine whether this is coincidence or if the bug persists.
[…]
We have received several reports from users of Little Snitch and Little Snitch Mini where the network content filter became inactive in the course of installing the macOS update. You’ll notice that you are affected if the Network Monitor stops displaying traffic or if connection blocking no longer works.

Previously:

Monday, October 7, 2024

Launching Before UserDefaults Is Available

Christian Selig (Mastodon):

It seems at some point, even though UserDefaults is intended for non-sensitive information, it started getting marked as data that needs to be encrypted and cannot be accessed until the user unlocked their device. I don’t know if it’s because Apple found developers were storing sensitive data in there even when they shouldn’t be, but the result is even if you just store something innocuous like what color scheme the user has set for your app, that theme cannot be accessed until the device is unlocked.

[…]

Again, who cares? Users have to unlock the device before launching my app, right? I thought so too! It turns out, even though Apple’s prewarming documentation states otherwise, developers have been reporting for years that that’s just wrong, and your app can effectively be fully launched at any time, including before the device is even unlocked.

Combining this with the previous UserDefaults change, you’re left with the above situation where the app is launched with crucial data just completely unavailable because the device is still locked.

[…]

If you use Live Activities at all, the cool new API that puts activities in your Dynamic Island and Lock Screen, it seems if your app has an active Live Activity and the user reboots their device, virtually 100% of the time the above situation will occur where your app is launched in the background without UserDefaults being available to it.

UserDefaults doesn’t actually report an error, and this can lead to incorrect behavior and data loss.

It’s a really rough bug, because if you sometimes can’t trust UserDefaults, it means you can read out data from it with the intent to modify it slightly before saving it back, only now you’re modifying junk data and overwriting the good data 🫤

Quinn (in 2015):

IMO the best way around this is to avoid NSUserDefaults for stuff that you rely on in code paths that can execute in the background. Instead store those settings in your own preferences file, one whose data protection you can explicitly manage[…]

NSFileProtectionCompleteUntilFirstUserAuthentication and prewarming don’t apply on the Mac, but similar problems can occur there. A common cause of support issues is that the customer has entered some data or changed a setting, and the app seems to work normally for that launch, but upon relaunch all the changes are forgotten. macOS doesn’t notify the app that the data was never saved to the .plist file, e.g. because of a file permissions problem or because the user tried to redirect the user defaults storage using a symlink.

Previously:

Update (2024-10-08): Guy English:

This is a very nasty corner of a dead simple API that can lead to data loss for customers. UserDefaults should be as straightforward to use as possible. I’d propose a new UserDefaults domain for “public” data that you’d access via something like: UserDefaults.public.

[…]
As more of app functionality is subsumed by the OS managing a series of plugins this sort of thing must be reliable and foolproof.
[…]

“Changed” may be off the mark here too—I think those security changes were done way back in iOS 7. I suspect what’s happening is that the issue is becoming more apparent due to the differing security contexts code is running under more frequently now. It makes sense to secure the Defaults. But it also makes sense to store non-sensitive defaults there… so it’s a pickle currently.

Pasi Salenius:

In addition to encrypted userdefaults being unavailable on background launches, there is something else that is not working right. I sometimes notice defaults not being available in viewDidLoad, and have received reports of that happening to my users. It usually happens after an OS update and reboot.

Yeah that’s part of the whole “full launch” business unfortunately, appDidFinishLaunching and corresponding view controllers will be fully getting built without UserDefaults being available even though the docs on prewarming state otherwise.

Cocoa Datacide File Permissions iOS iOS 15 iOS 18 iOS 7 Live Activities Mac macOS 15 Sequoia Programming

I wanted to build something small and lightweight that would serve to fix the issues I was encountering with UserDefaults and thus TinyStorage was born! It’s open source so you can use it in your projects too if would like.

9 Comments

Dealing With Objective-C Protocol Types in Swift

Dave Rahardja:

There are two ways to refer to this protocol in Swift: using a native Swift type, or using an Objective-C Protocol object reference.
let fungibleSwiftProtocol = Fungible.self
let fungibleObjCProtocol = NSProtocolFromString("Fungible")!
These two types should be the same—after all, they refer to the same protocol—but they are not, as shown when we print out their descriptions and ObjectIdentifiers[…]

[…]

The answer is yes: there is a way to convert a Swift type that refers to an Objective-C protocol into an Objective-C Protocol reference.

[…]
fungibleSwiftProtocol as AnyObject as? Protocol

There is apparently no way to convert in the other direction.

Previously:

Mac macOS 15 Sequoia Objective-C Programming Swift Programming Language

Mac macOS 15 Sequoia Programming Version Control Xcode

Xcode 16 Folders and Groups

Sarah Reichelt (Mastodon):

In Xcode 16, project files and folders are arranged differently in the Project navigator. What used to be a group is now a folder, and this simple change has some interesting effects. At first, I was against the new scheme - in fact in my SwiftUI for Mac 2024 article, I specifically recommended reverting back to the old group method. But after doing some more reading and testing, I think the answer is not so clear cut.

[…]

At a first glance, there are two differences: the order of the files & folders and the color of the folder icons. A less obvious difference is that in Xcode 15, I can drag files around to arrange them in the order I prefer. In Xcode 16, I can’t do that. I can drag files into or out of folders, but I can’t move them around at the same level.

[…]

This points out the fundamental difference between the two approaches: groups are an artificial construct that is stored in the project files. Usually, this mirrors the file and folder structure in Finder, but it doesn’t have to. When you use folders, Xcode is reading the file and folder structure directly from the Finder.

[…]

The big difference is in source control, especially if you’re working with other people. When every file addition, deletion or move also changes the project file, you have a much greater chance of getting a merge conflict.

Previously:

Xcode 16

Update (2024-10-24): Thomas Ricouard:

I’ve recently migrated Ice Cubes, my open-source SwiftUI Mastodon client to use file system folders instead of Xcode groups.

[…]

Folders have many advantages over Xcode virtual groups, so I think it’s worth enumerating them in an article so you can get the gist of it.

Meta Fined for Logging Passwords

Alexander Martin (via Hacker News):

The social media giant Meta has been fined €91 million ($101 million) for accidentally storing hundreds of millions of its users’ passwords in plaintext instead of in an encrypted format on its internal systems.
Meta first announced discovering the engineering mistake back in 2019. At the time, the company stated it would be notifying everyone whose passwords were stored without protection although it stressed the passwords were only exposed internally at Meta, and there was no evidence that any of them had been abused.
Following a five year investigation, the Irish Data Protection Commission (DPC) — which is the EU’s lead privacy authority on Meta, as the company’s European headquarters are based in Ireland — found the incident was a breach of Meta’s legal duties under the EU’s General Data Protection Regulations (GDPR).

Dan Goodin (Hacker News):

The company said that apps for connecting to various Meta-owned social networks had logged user passwords in plaintext and stored them in a database that had been searched by roughly 2,000 company engineers, who collectively queried the stash more than 9 million times.

[…]

For more than three decades, best practices across just about every industry have been to cryptographically hash passwords.

Because “only” hundreds of millions of users are affected, it sounds like they were not actually storing the passwords in the database unhashed. Rather, they were probably inappropriately logging some raw request data. So it’s not that the passwords should have been hashed but that they shouldn’t have been logged. This is bad, but it seems Meta caught the problem themselves and were transparent about it. It’s unclear to me what the DPC was investigating for five years.

European Union GDPR Ireland Legal Meta Passwords Privacy Web

App Store Receipt Validation Mac Mac App Store macOS 12 Monterey macOS 13 Ventura macOS 14 Sonoma macOS 15 Sequoia

Friday, October 4, 2024

“Damaged” Mac App Store Apps

Keith Gugliotto:

The Mac App Store places a receipt file in each purchased application. The receipt includes a certificate the application uses to validate that receipt to be sure you’ve made a bona fide purchase. That certificate is only valid for a limited amount of time – in our experience, up to about 25 months, though sometimes significantly less, which could indicate the App Store renews these certificates every so often. So, when you see this “damaged” message out of the blue, it’s almost surely because the certificate in the receipt has expired. You could set the date on your Mac back a bit to work around it, but you really want to straighten things out so you don’t have to go through that fun every time you sit down to use an application.

Usually, as long as your current Apple Account has a valid purchase for the application in question, you won’t ever see the “damaged” message because the application will tell the Mac the receipt’s invalid, the Mac will automatically refresh your receipt, and you’re on your way. You should only see the message in those three cases we outlined above.

Matthias Gansrigler:

Are any other Mac developers observing a surge of support requests for “<App> is damaged and can’t be opened. Please re-download it from the Mac App Store” recently?

It started yesterday, out of the blue. macOS 15, 14, 13 and 12 as well…

I am not seeing this personally, and I’m not sure what’s going on here, but there are multiple reports of problems launching Mac App Store apps.

This bug thread suggests that some receipt validation code needs to change because Sequoia adds MAC address randomization. This post and other sources suggest that it’s important to use StoreKit 2 instead of validating receipts directly, although perhaps that only pertains to IAP. Apple’s sample code does not seem to have changed.

Previously:

Update (2024-10-08): Sam Rowlands (tweet):

The OWStoreKitBridge is the latest Mac App Store receipt verification code from Ohanaware. It uses a whole new design to fit in with Apple’s StoreKit, now that the classic Mac receipt verification functions have been moved to legacy.

Update (2024-10-15): See also: this thread.

Lukas Kubanek:

Since exit(173) is the macOS counterpart to SKReceiptRefreshRequest on iOS, I guess it falls into the same deprecation category. However, they say that the original API will continue to work. But then, exit(173) has had long phases of not working at all (example), so I’m not surprised if it’s been cut.

Alexander Blach:

I would like to move to AppTransaction, but last time I checked it didn’t support volume purchases (VPP). For apps bought in Apple School Manager, it showed an Apple ID login prompt instead.
exit(173) now shows the “API no longer available” alert when I run a build from Xcode 16 on macOS 15, but it still actually refreshes the receipt anyway.
I wonder in which circumstances exactly this alert is shown. Maybe only when using the sandbox environment?

AltStore iOS iOS 18 Networking Russia Virtual Private Network (VPN)

Setting Up an iOS VPN Without an App

ForestVPN:

Many of us rely on VPN apps to secure our online activities, but did you know there’s a way to set up a VPN on your iPhone without downloading an app? This method not only saves space but also provides a seamless experience for users who prefer a more direct approach.

Via John Gruber:

It just requires some futzing in Settings and a VPN provider that supports it. Presumably, this technique remains available to iPhone users in Russia.

[…]

VPN apps remove complexity from this process, but it’s worth noting that VPN access doesn’t require an app.

However, at least in the case of ForestVPN, it’s confusing how to sign up for the service without using an app. If you click Get Started it just directs you to download the app. It looks like if you click Get MacOS CLI it will let you sign up on the Web.

Riley Testut:

Anecdotally, Russia has long been the most popular country for AltStore Classic usage by far

Previously:

CrowdStrike Mac macOS 15 Sequoia macOS Release Microsoft Defender Virtual Private Network (VPN)

macOS 15.0.1

Juli Clover (release notes, no security, enterprise, no developer, full installer, IPSW):

According to Apple’s release notes, macOS Sequoia 15.0.1 fixes a bug that could cause the Messages app to crash when a message with a shared Apple Watch face was sent, and it improves third-party software compatibility.

See also: Mr. Macintosh and Howard Oakley.

Previously:

macOS 15 Sequoia

Update (2024-10-08): Lorenzo Franceschi-Bicchierai:

In September, Apple released the new version of its computer operating system macOS 15, also known as Sequoia, which broke the functionality of several cybersecurity products, including those made by CrowdStrike and Microsoft.
Three weeks later, on Friday, Apple released the first update to macOS 15, and it claims to have fixed those issues. In the macOS 15.0.1 release notes, Apple says that the update “improves compatibility with third-party security software.”

Update (2024-10-15): Ugur Koc:

We’ve noticed some users still facing internet connectivity issues (with 15.0.1). Please check if you have multiple Network Filters enabled, as having more than one can cause network problems on Mac. This issue is not limited to Defender for Endpoint on macOS and can also affect other security software vendors and VPN applications.

iOS 18.0.1

Juli Clover (release notes, security, enterprise, no developer):

iOS 18.0.1 update addresses issues with several bug fixes for the touch screen, camera, and Messages app.

Previously:

iOS iOS 18 iOS Release

iPadOS iPadOS 18 iPadOS Release

iPadOS 18.0.1

Juli Clover (release notes, security, no developer):

Apple today released iPadOS 18.0.1 for the iPad, and it brings iPadOS 18 to the for M4 iPad Pro models for the first time since the iPadOS 18 update was pulled for those devices. After iPadOS 18 was released, it was found that a small number of M4 iPads were bricked when the software was installed. If you haven’t been able to install iPadOS 18 on your iPad Pro, it is now available.

Previously:

watchOS watchOS 11 watchOS Release

watchOS 11.0.1

Juli Clover (release notes, no security, no developer):

watchOS 11.0.1 introduces bug fixes for the Apple Watch. It fixes an issue that could cause the Music app to crash, plus it addresses a bug that could cause the battery to drain faster than expected. There’s also a fix for a bug that could cause the touchscreen to be unresponsive on the latest Apple Watch models, and a bug that could cause unexpected restarts.

Previously:

watchOS 11

visionOS visionOS 2 visionOS Release

visionOS 2.0.1

Juli Clover (release notes, no developer, no security, no enterprise):

The visionOS 2 update fixes a bug that could cause YouTube in Safari to freeze, plus it addresses an issue with Safari Web Extension data.

Previously:

visionOS 2

App Subscriptions Mac Mac App macOS 15 Sequoia Payments PDF PDFpen

Thursday, October 3, 2024

PDFpen/Nitro and Cleverbridge

Matt Henderson:

There used to be a great PDF app for the Mac called something like PDFPro [PDFpen]. At some point it got acquired by @NitroHQ, and began to ask to upgrade to a new version seemingly every time I launched it—up to version 13.
Today, on macOS 15, I needed it, but it wouldn’t launch. So I visited the website and it’s been acquired by a faceless enterprise company called @cleverbridge.
Version 14 for Mac is $170 (!) but I needed it so off to checkout. I enter my details, all fields light up green, and—purchase failed, please fix the “incomplete fields”. Wtf.

They double-billed him and signed him up for an unwanted subscription.

Not only that but I get activation instructions for the Windows version of the app! The Mac version simply shows a login screen.
But I don’t have an account! Create an account with the same email address, and their system doesn’t recognize I’ve purchased the app.
[…]
Visiting the “customer support portal” and trying to submit a request results in a—blank page.

As far as I can tell, Nitro purchased Cleverbridge and is using it to process payments:

Online orders of Nitro PDF Pro are processed (payment and order fulfillment) by our partner, Cleverbridge, Inc.

If you are an account admin who has purchased a Nitro Pro subscription through our partner reseller CleverBridge, you can now purchase additional licenses directly from within the Nitro Admin app.

[…]

When your payment is successfully processed, you will be directed to a Purchase Confirmation page with your CleverBridge Order number and invoice.

But if you need a refund you’re supposed to contact Nitro:

If you recently purchased Nitro Productivity Suite and wish to request a refund, please contact Nitro directly via their website. They would be happy to assist you with your request. While Cleverbridge is a partner of Nitro, we do not currently process their refunds.

It’s too bad that Smile didn’t want to keep developing and supporting the app.

Previously:

10 Comments

Finder Sync Extensions Removed From System Settings in Sequoia

ZigZag (also):

Even though Finder Sync extensions are embedded and distributed in their containing applications (like containing application FileUtils embeds its extension FileUtilsSync), the actual hosting application for those extensions is Finder. They modify Finder’s appearance and behavior, adding menu items and icon badges. Hence, fundamental things related to these extensions, like registering with OS, start and termination, as well as enabling and disabling them, aren’t controlled by the containing application, but by Finder and macOS instead. Registration with OS is done by Launch Services. It usually happens at the time the containing application is launched for the first time (after passing TCC quarantine check). Starting and termination of Finder Sync extension is also controlled by Finder/macOS and there may even be more processes of the same extension running, depending on how many Finder windows and file selectors (open/save panels) are open. The containing application can surely try to start and terminate its embedded extension, but the documentation clearly discourages that, since it can collide with how Finder controls them.
Finally, there’s enabling and disabling Finder Sync extensions. Even though an extension can be installed and registered, per user request it can be disabled (thus, completely ignored) and enabled. Containing application can do this programmatically, by tasking pluginkit command line tool to list, enable and disable (any, not just Finder Sync) extension, or using private NSExtension class found in FoundationKit framework. End users traditionally performed this task in System Settings application (System Preferences on macOS 12 Monterey and earlier). Well… Until macOS 15 Sequoia! In the latest incarnation of macOS, there isn’t any graphical UI way to manage Finder Sync extensions!
[…]
Revealing “Extensions” settings in System Settings on Ventura shows the same subsections like in System Preferences on Monterey, with one, for this story very important, change… “Finder Extensions” subsection is missing! The only place to find Finder Sync extensions settings is “Added Extensions” subsection. Early versions of Ventura even had “Finder Extensions” subsection, dedicated to Finder Sync extensions, but it was buggy and unreliable.
[…]
And then macOS 15 Sequoia came some 17 days ago. In its third reincarnation, System Settings application experienced third rearranging and shifting. “Extensions” settings are now under “General” section, “Logging Items & Extensions” subsection. […] Yes, you see it right, there is no “Added Extensions” section!

Managing extensions using the pluginkit command-line tool is not very friendly (and can’t be invoked by a sandboxed app), so Dragan Milić has written a free app called FinderSyncer that puts a nice user interface on top.

It’s not entirely clear what Apple is doing here, but the impression I get is that these days Apple is focusing on the File Provider Extension architecture that’s used for cloud syncing. It’s a shame because this does not allow all the same functionality as Finder Sync Extensions:

I believe many other developers understood it the same as me, especially considering the fact that Finder Sync extensions provide a way to add custom menu items to Finder’s contextual menu. I think most developers saw it as a sort of continuation of old CMPlugin API from MacOS (yes, the capital ‘M’) 8/9 days, which was available until Mac OS 10.6 Snow Leopard. It’s seen as a way to extend Finder’s capabilities, by executing custom operations (not limited to “synchronize the contents of a local folder with a remote data source”) on files selected in Finder.
I think I know about 50 - 60 applications embedding Finder Sync extensions at the moment, and only a dozen of them actually “synchronize the contents of a local folder with a remote data source”, mostly coming from huge and well known cloud providers (Dropbox, Google, Microsoft…). All others, mostly coming from independent Mac developers, offer some custom operations of files selected in Finder, nothing related to any sort of syncing. I believe MR_Noodle’s case is the similar one, “outside of its recommended use case”. Taking the above into consideration, I think it’d be a huge mistake for Apple to discontinue and deprecate Finder Sync extensions without providing functionally equivalent replacement. That would break a lot of third party Mac software and render those applications completely useless.

Previously:

Extensions File Provider Extensions Finder FinderSyncer Hazel Mac Mac App macOS 12 Monterey macOS 13 Ventura macOS 15 Sequoia System Preferences

App Subscriptions Developer Tool Ghidra Interactive Disassembler (IDA) Mac Mac App macOS 15 Sequoia WebAssembly

IDA Pro 9 Switches to Subscriptions

Alex Petrov (release notes):

This release is amplified with new disassemblers and decompilers, such as the RISC-V decompiler, the disassembler support of T-Head instruction set for the XUANTIE-RV architecture, the nanoMIPS decompiler and disassembler, and the Web Assembly (WASM) disassembler.

Balaji N:

The latest version of the Interactive Disassembler (IDA) software introduces a unified licensing model, allowing users to operate a single license across Windows, Linux, and macOS platforms.

Also, there are no more perpetual licenses, only subscriptions. The home version (2 cloud-based decompilers) is $365/year, while the Pro Expert 2 version (2 local decompilers) is $2,999/year.

Stefan Esser:

In light of recent changes to the IDA license model my training courses will be adjusted to fully support Ghidra scripting within the next 12 months. Existing IDA 8.x scripts will not be ported to IDA 9.

No idea what happens to the free version but for pay versions will become a yearly subscription that actually expires one month after it runs out. IDA will stop working then. Furthermore the subscription with 2 decompilers will cost nearly double what I pay now for 4 dexompiers

And it seems like they are reneging, in that if you had recently purchased a perpetual license for version 8, you were supposed to get free updates for a year. Instead, they are giving access to version 9 for a year, but then it stops working and you have to go back to version 8 or sign up for a subscription.

Previously:

31 Comments

Restoring Shift-Key Slow-Motion Minimizing to Dock

Dock Esoteric Preferences Mac macOS 10.13 High Sierra macOS 10.14 Mojave macOS 15 Sequoia

What I’d forgotten is that Apple had removed this as default behavior a few years ago (I think in MacOS 10.14 Mojave), but you can restore the feature with this hidden preference, typed in Terminal:

[…]
defaults write com.apple.dock slow-motion-allowed -bool YES; killall Dock

Update (2024-10-07): Saagar Jha:

High Sierra, actually.

Wednesday, October 2, 2024

Juno for YouTube Removed From the App Store

Christian Selig (tweet, Mastodon, Hacker News):

For those not aware, a few months ago after reaching out to me, YouTube contacted the App Store stating that Juno does not adhere to YouTube guidelines and modifies the website in a way they don’t approve of, and alludes to their trademarks and iconography.
I don’t personally agree with this, as Juno is just a web view, and acts as little more than a browser extension that modifies CSS to make the website and video player look more “visionOS” like. No logos are placed other than those already on the website, and the “for YouTube” suffix is permitted in their branding guidelines. Juno also doesn’t block ads in any capacity, for the curious.
I stated as much to YouTube, they wouldn’t really clarify or budge any, and as a result of both parties not being able to come to a conclusion I received an email a few minutes ago from Apple that Juno has been removed from the App Store.

The App Store guideline is stacked against developers:

5.2.2 Third-Party Sites/Services: If your app uses, accesses, monetizes access to, or displays content from a third-party service, ensure that you are specifically permitted to do so under the service’s terms of use. Authorization must be provided upon request.

So it doesn’t matter whether the app was actually violating the terms of use. If YouTube complains and won’t provide authorization, there’s nothing you can do. There seems to be no limiting factor that would prevent any Web site from objecting to any app that displays Web content.

App Store App Store Takedown Juno Sunset Trademark visionOS visionOS 2 visionOS App YouTube

YouTube does not have a dedicated app for the Vision Pro, which is why Selig designed and released Juno last February. Prior to when the Vision Pro launched, YouTube said that it would not develop a Vision Pro app, nor would it allow the YouTube iPad app to run on the headset. With Juno removed, those who want to watch YouTube on Vision Pro will need to use Safari.

Kyle:

Dang, just last night I thought to myself, “if it wasn’t for Juno I would never use my Vision Pro.”

David Barnard:

Welp… with that, the one use-case I really cared about on Vision Pro is now gone (or at least unable to be updated, and Google may eventually break the app).
Vision Pro is probably the worst “business investment” I’ve ever made. As much as I love the hardware, there’s just not enough content and not enough compelling apps. If Google does break Juno, my several hour a week usage will probably drop to near zero.

John Gruber (Mastodon):

I don’t expect to see YouTube launch a native VisionOS app soon, and even if they do, I doubt it’ll be anywhere near as good as Juno. What I was obviously wrong about in that February post was thinking that YouTube wouldn’t care about Juno’s existence, given that Juno did not block ads. All it did was make the YouTube experience great on Vision Pro.

This makes Selig — one of the most gifted indie developers working on Apple’s platforms today — 2 for 2 on getting hosed by big platforms for which Selig created exquisitely well-crafted clients.

It’s a shame, but clients for services that you don’t control just seem to be a bad place to be. If the service is free, the company providing it can kill your app. If it’s paid, Apple will want a cut of the revenue, even though it doesn’t pass through you.

Previously:

Update (2024-10-03): Andre LaBranche:

There is exactly one reason that Juno is very easy for YouTube to kill and yt-dlp is very hard for YouTube to kill.

16 Comments

Pinning iCloud Drive in Sequoia

Extended Attributes Finder iCloud Drive Mac macOS 15 Sequoia

The reason for this bizarre and annoying interface is the way that pinning is implemented.

When you pin files individually or in groups of up to ten, each file gains its own pinning extended attribute, of com.apple.fileprovider.pinned. But when you pin a folder, only that folder gains the extended attribute, none of the files or folders within it. The whole folder and the paths within it are designated as being pinned. And, as far as I can tell from the absence of any better information in Apple’s missing documentation, there’s no single method to determine whether a file in iCloud Drive is pinned.

Instead, you have to both

look for the extended attribute attached to the file, and

check all the folders in its path to determine if any of them has the extended attribute, which would then pin everything in their path.

Apple doesn’t document any file or URL attribute that can be used to determine whether a file or folder is pinned.

I think the design makes sense in that if I pin a folder I do want its future contents to be pinned. This is also how inclusions and exclusions for backup software generally work. But it seems that the interface could be clearer and more helpful.

Previously:

macOS 15 Sequoia

Update (2024-10-03): Howard Oakley:

If you have 100 files in a folder and want to pin 99 of them, you have to select groups of no more than 10 and pin each group, ten times.

Cocoa iOS iOS 18 Mac macOS 15 Sequoia NSDateFormatter Programming Swift Concurrency Swift Programming Language

Migrating the TelemetryDeck SDK to Swift 6 Mode

Cihat Gündüz:

And this summer at WWDC 2024 the longest session of them all was migrating your app to Swift 6 for a reason. This major new update to the language brings a new level of safety – namely data-race safety – which is awesome news for more correct code, but it also comes with a lot of new requirements we all need to adapt to.

[…]

The following 3 sections explain how we fixed the ~30 issues we've run into in our code, grouped by the solution we applied and an explanation why we opted for that solution with a code sample.

[…]

As ISO8601DateFormatter is a type defined within Foundation, we can't make it concurrency-safe itself, so we just need to deal with its mutable nature and work around it. The easiest way to this in our case was to turn our let constant into a get-only computed property, like so[…]

I find this aesthetically displeasing. It would be unusual and bad form to modify the properties of a shared formatter. But there’s no way to tell Swift you’ll treat it as immutable, so therefore we give every user a fresh copy? There’s probably a way to wrap it in a Sendable type, but how much do you want to contort your code to avoid this inefficiency?

Migrating to Swift 6 mode with all of its data-race safety glory was not an easy task. Despite our small project size, we ran into many warnings that all looked similar on the surface, but each of them needed careful consideration.

Previously:

Update (2024-10-03): Jesse Squires:

Ok so it appears someone has botched Swift Concurrency for UICollectionViewDiffableDataSource.

How are you supposed to work around this?

Emergency SOS via Satellite iOS iOS 16 iOS 17 iOS 18 Processors Starlink

Local Network Privacy on Sequoia

Collin Allen:

Running into a Sequoia bug where third party binaries running under a launchd agent are denied local network access despite approving the privacy prompt. This has the effect of making my iOS app’s CI unable to deploy successful builds, as my deployment tool is not one that ships with macOS.

Quinn:

If you run a tool from Terminal, then Terminal is considered the responsible code and, as a system app, it’s not subject to local network privacy.
If you run an executable as a launchd daemon, it runs as root and local network privacy does not apply to code running as root.
However, if you configure the executable to run as a launchd agent, you will see local network privacy prompts.

dverevkin:

Here my experiments also show different results - if the bundled application is launched as a launchd daemon, the prompt will appear, even though the app runs with root privileges[…]

And, apparently, even approving the prompt doesn’t work.

Previously:

Update (2024-10-31): Apple:

A third-party app or launch agent that wants to interact with devices on a user’s local network must ask for permission the first time that it tries to browse the local network. This does not apply to launch daemons running as root. Similar to iOS and iPadOS, the user can go to System Settings > Privacy > Local Network to allow or deny this access giving users control over their privacy.

This has been confusing for me because some users have been reporting that macOS is prompting for access:

Allow <App> to find devices on local networks?

even though my apps are not intentionally trying to find other devices. I don’t want to scare potential customers away, especially for access that the app doesn’t actually need!

I don’t know whether the prompt is incorrect or there’s some API they’re using that’s doing something I didn’t realize. All I can think of is that SpamSieve opens a port for communication with Apple Mail—but this uses loopback so it doesn’t pertain to other devices. And EagleFiler supports Growl, which I think does something similar.

It’s hard to investigate this because I don’t see a way to detect what’s triggering the alert. Nothing of interest seems to be logged, and sampling the app while the alert is up doesn’t show it blocked on any calls.

benson3816:

I would like to analyze when it popup and how it impacts my app user scenario. But this dialog only popup when Local Network privacy list not contain this app, once user pressed allow / don’t allow, it won’t popup again.

Local Network Privacy does not use TCC, so you cannot use tccutil to reset it for testing.

Quinn:

I generally do this sort of testing in a VM, restoring the VM to a ‘clean’ snapshot between each test.

Update (2024-11-01): Just after I wrote this post, Apple updated TN3179: Understanding local network privacy, but it doesn’t seem to offer satisfying answers.

Bug EagleFiler Growl launchd Mac macOS 15 Sequoia Networking Privacy SpamSieve Testing

14 Comments

Tuesday, October 1, 2024

Hurricane Helene and Messages via Satellite

Ryan Christoffel:

Hurricane Helene has caused massive damage and taken over 100 lives across several US states. Many thousands of people are without power and/or cell service. But in the wake of the storm, reports have surfaced about a key iOS 18 feature that has been a lifeline for survivors: Messages via satellite.

[…]

To learn more about Messages via satellite, Apple has a support document available here.

Satellite messaging was added in iOS 16 (for iPhone 14 and newer) but only supported contacting emergency services. With iOS 18, you can also contact family and friends when there’s no Wi-Fi or cellular coverage.

Eric Berger:

Unfortunately, the National Climatic Data Center is based in Asheville, North Carolina. As I write this, the center’s website remains offline. That’s because Asheville, a city in North Carolina’s Blue Ridge Mountains, is the epicenter of catastrophic flooding from Hurricane Helene that has played out over the last week. The climate data facility is inoperable because water and electricity services in the region have entirely broken down due to flooding.
[…]
So how does a region nearly 500 miles from the Gulf of Mexico become devastated by flooding from a hurricane that originated there?
The answer is that Helene’s rapid movement inland—it was one of the fastest-moving storms at landfall in the Gulf of Mexico in recent history—created a massive river of atmospheric moisture and funneled it into parts of North Carolina, northern Georgia, and southeastern Tennessee.

Kanishka Singh:

The White House said on Monday dozens of Starlink satellite systems that provide high-speed internet access were in use in North Carolina, with over 100 more in transit to areas devastated by Hurricane Helene.

Tommy Greene (Hacker News):

Spruce Pine sits about an hour northeast of Asheville, Mitchell County, and is home to the world’s biggest known source of ultra-pure quartz—often referred to as “high-purity quartz,” or HPQ. This material is used for manufacturing crucibles, on which global semiconductor production relies, as well as to make components within semiconductors themselves.
[…]
Spruce Pine supplies around 70 percent of the naturally occurring HPQ that is needed for computing devices and products. The site’s market position and significance were underlined in 2019 when a manager for Quartz Corp, one of the two main mining companies that works the deposit, told the BBC: “Inside nearly every cell phone and computer chip you’ll find quartz from Spruce Pine.”

Previously:

Update (2024-10-07): Joe Rosensteel (Mastodon):

He tried force-quitting Messages, and restarting his iPhone, and reseting his network settings, but no matter what he did, my iPhone insisted Ry was only reachable via satellite. So then I restarted my iPhone, and I tried turning off and on all the various connection methods at my disposal.

That’s when I found out that everyone else having a one-on-one conversation with Ry from an iOS 18 device was also experiencing what I was experiencing.

[…]

If I had to guess (and it’s probably better if I don’t) it seems like Ry’s phone pushed some status to Apple’s iMessage servers which was pushed to our iOS 18 devices… and stuck. I can’t think of another reason why the satellite messaging state was preserved until we each toggled off iMessage support on our individual devices. There’s no toggle to disable sending and receiving satellite messages in Settings. In fact, if you search Settings for “satellite” it doesn’t return any results at all.

Update (2024-10-10): Adam Engst:

The bottom two screenshots in the collection above show conversations that refused to allow satellite communications. The first is straightforward—group chats aren’t available via satellite, even if everyone is on iMessage. I get that—even if there isn’t a technical limitation, Apple presumably doesn’t want people overloading the system with chatty conversations.

The second is more obscure. Apple warns in its notes that iMessage won’t work for someone “if you haven’t sent them an iMessage recently,” but SMS should. That message appears in a conversation that hasn’t seen any traffic for six months. We should have been given the option to use SMS.

Combine framework Grand Central Dispatch (GCD) iOS iOS 18 Language Design Mac macOS 15 Sequoia Objective-C Programming Swift Concurrency Swift Programming Language

Swift Concurrency and Objective-C

Paul Haddad:

Anyone know why calling the following in a MainActor class/func
MyTest.increment(1) { result in
    NSLog("result=\(result)")
}
crashes (asserts) when building with Swift 6?

I get that its not happy that the completion is coming in on another dispatch_queue but it should complain about it at compile time, or ignore it at run time.

Unfortunately, it seems to be designed this way.

OneSadCookie:

SE-0423 “Dynamic actor isolation enforcement from non-strict-concurrency contexts” adds the crash (otherwise your “safe” Swift 6 code is unsafe).

It’s not that the code is unsafe but that neither the Swift compiler nor the Swift runtime can prove that it’s safe because the MyTest class is written in Objective-C. You are supposed to annotate your Objective-C code so that Swift Concurrency can understand it, though this is not really documented.

Doug Gregor:

In Swift 5 mode, this code silently introduces a data race into the program.

In Swift 6 mode, the data race is caught by the dynamic isolation check. That’s the first point at which the data race can be detected, and the check is there to prevent this race from becoming weird runtime behavior.

This is all as designed. If that Objective-C code were Swift 6 code, we’d catch the error at compile time. As Objective-C, runtime is the earliest it’s possible to detect the race. Enabling Swift 6 language mode means turning previously-unobserved or undiagnosed data races into ones that fail predictably to flush out any contract violations outside of the Swift 6 code. As more code enables Swift 6, the runtime checks get replaced with compile-time.

Swift 6 mode is being “helpful” by proactively crashing the app even though there’s not necessarily a problem. It may be that it just doesn’t understand that GCD is being used to call everything on the right thread.

I get why Swift 6 is designed this way, but I don’t understand how you’re supposed to make the transition. Swift 5 mode gives no errors at compile time and doesn’t even log any errors at runtime. Swift 6 mode gives no errors at compile time and crashes at runtime. To get from one to the other you’re supposed to go through the code line-by-line and not make any mistakes.

Personally, I’m skeptical of the benefit of switching to Swift 6 mode with a hybrid codebase. If you started off with good code, it seems more likely that you’ll get some annotation wrong and have Swift 6 trigger an unnecessary crash than that you actually discover a latent concurrency bug that matters. I think it makes more sense to migrate the code to Swift before flipping the switch. Then you can get errors at compile time instead of at runtime.

Mike Apurin:

I think that Swift 5 mode doing nothing is part of the problem here. I’ve run in similar issues in Combine and was very blindsided by it. There is no way to progressively discover and deal with such isolation violations, just enabling 6 mode and praying.

But this illustrates that porting your code to Swift doesn’t fully solve the problem, either. It seems that you still have to annotate your closures because of Apple’s code.

Matt Massicotte:

The core problem, in my opinion, was Combine was not updated and that’s bananas.

Previously:

Update (2024-10-02): See also: further discussion on Mastodon.

Update (2024-11-11): Aleksandar Vacić:

After upgrading all my active projects to Swift 6 language mode, I was bound to encounter some head-scratching edge cases. One of the weirdest ones was this runtime crash[…]
It does not happen when app is compiled and ran in Swift 5 language mode. It is not caught by Swift 6 compiler at build time. But it regularly crashed on app start (in AppDelegate) when a method in Objective-C framework that has a callback closure is executed.

Epic’s Document Request and Apple’s Injunction Challenge

Anthony Ha (Hacker News):

Apple faces a looming deadline to produce what it says are more than 1 million documents related to recent App Store changes.
On Friday, Judge Thomas S. Hixson denied the company’s attempt to extend that deadline, describing the request as “bad behavior.” So Apple’s deadline is still Monday, September 30: “It’s up to Apple to figure out how to meet the deadline, but Monday is indeed the deadline.”
[…]
In August, a judge directed Apple to produce all documents related to how it decided on the new App Store rules. But on Thursday, Apple said Epic’s search terms surfaced more than twice as many documents as expected, so the company needed two more weeks to review what turned out to be “north of 1.3 million documents.”

Ben Lovejoy:

A second judge in the Apple versus Epic Games lawsuit has implied that the Cupertino company has lied to the court. It comes after the original judge strongly implied that Apple had not told the truth about the reasons for its new App Store policy.
A second judge tasked with overseeing Apple’s disclosure of decision-making documents in the antitrust case said that a court filing made by the company was “simply not believable” …
[…]
Apple had claimed its decision wasn’t financially motivated, despite the 27% commission being identical to 30% less the 3% typically charged by payment processors (which would now be paid by Epic). The judge expressed skepticism, and ordered the iPhone maker to hand over all documents leading up to it decision to continue charging commission even on sales made outside the App Store.
[…]
In a response (spotted by The Verge), the Judge Hixson has rejected that request, and said that Apple’s claim that it had only just discovered this error was “simply not believable.”

Wesley Hilliard:

The Epic vs Apple saga resulted in an injunction forcing Apple to remove its anti-steering rules, but Epic wasn’t happy with Apple’s implementation. After more back and forth, Apple was meant to produce 1.3 million documents related to the App Store rules, but it produced something else unexpected on Monday.
Apple has filed for the court to set aside its injunction based on two new sets of precedents that didn’t exist when the injunction was filed. The 32 page court document goes into excruciating detail, and was first shared by X user Vidushi Dyall.
Basically, Apple says the injunction is no longer viable given two specific cases that took place in recent months — Beverage vs Apple and Murthy vs Missouri. The first is a state case that establishes Apple’s anti-steering rules aren’t unfair, and the second is, well, complicated.

The weird thing about the continuing Epic Games v. Apple case is that Epic is still banned in the US App Store, so even if they win on the anti-steering charge, they can’t take advantage of any remedy.

Previously:

Antitrust App Store Apple Epic Games Fortnite iOS iOS 18 Lawsuit Legal

Sequoia’s Warning When Turning Off Bluetooth

Jeff Johnson (Mastodon, Hacker News):

Does this prompt appear monthly? No, that would be far too convenient. So how often? Every. Single. Time. You. Try. To. Disable. Bluetooth.
Have I mentioned that Apple re-enables Bluetooth on every OS update on purpose? This behavior continues with macOS 15. Also, Bluetooth is notorious for security vulnerabilities; just google site:support.apple.com bluetooth “security content”.
The prompt warns that I “won’t be able to use a Bluetooth keyboard or mouse,” despite the fact my Mac mini already has a USB keyboard and mouse plugged in. Indeed, the Mac isn’t using any Bluetooth devices, and macOS knows this but doesn’t care. Moreover, the Bluetooth prompt appears even when all Bluetooth-related features are disabled such as AirDrop and Handoff. There’s no “intelligence” to the prompt.
[…]
The issue isn’t whether the existence of a warning makes sense. The issue is that the warning can’t be suppressed. The prompt has no “Don’t ask me again” checkbox.

Phillip Cohen:

thankfully, looks like you can still turn it off without a confirmation by using the shortcut action, but still ridiculous

Bluetooth Mac macOS 15 Sequoia Shortcuts

The prompt also appears on macOS 14.7 (but not macOS 13.7).

The prompt does not appear on laptops.

Previously: