Archive for February 2025

Friday, February 28, 2025

Mozilla Changes Firefox Terms of Use

Asif Youssuff (Hacker News):

On Wednesday, Mozilla introduced legal updates to users of Firefox, and something feels off. I read, and re-read the new Terms of Use and while much of it reads like standard boilerplate from any tech company, there’s a new section that is unexpected:

When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

The community has also zeroed in on this phrase, with contributors asking directly what up with that?

[…]

Ultimately, Microsoft specifically disclaims ownership of your content - something Mozilla does not do.

Mozilla (Hacker News):

When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.

Ajit Varma:

We’ve seen a little confusion about the language regarding licenses, so we want to clear that up. We need a license to allow us to make some of the basic functionality of Firefox possible. Without it, we couldn’t use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice.

Then why didn’t it say that or specifically limit how they can use the content?

In addition to the Terms of Use, we are providing a more detailed explanation of our data practices in our updated Privacy Notice.

This is the same thing Adobe did. It’s not great to put the key information in what is essentially a FAQ that doesn’t seem as legally binding as a ToS. And the clarification says that they can only use the data as described in the Privacy Notice, while the actual Terms of Service say that that Mozilla gets “all rights necessary” including using it as described in the Privacy Notice. So it seems like the Privacy Notice cannot constrain their behavior, but they want us to think it does.

Alex Kontos (Hacker News):

This situation reveals a recurring issue in how Mozilla communicates with its user base. I believe this represents a fundamental disconnect in communication strategy. Internally at Mozilla, I’m certain there were extensive discussions, agreements, disagreements, and careful consideration about how to phrase and present these changes. The team likely developed a clear understanding of the what, where, and why behind these policy updates.

However, when it came time to present this information to users, Mozilla seems to have forgotten that we—the external community—were not privy to those internal discussions. Critical context, nuance, and rationale that informed their decision-making process were missing from the initial announcement. What may have seemed perfectly clear to those inside Mozilla appeared ambiguous and concerning to those of us on the outside.

David Gerard (via Dave Rahardja, Hacker News):

New Mozilla TOS diff. This is what they just removed:

* Does Firefox sell your personal data?

Nope. Never have, never will. And we protect you from many of the advertisers who do. Firefox products are designed to protect your privacy. That’s a promise.

The purpose of the new TOS appears to be to enable them to do this - such as for their advertising and AI sidelines.

Vlad Prelovac:

There are only two business models on the web - either you pay with your data/attention or you pay with your wallet.

Previously:

Update (2025-03-03): Peter N Lewis:

if the previous terms that were mutually agreed with include “never will”, then it seems unclear how they can now change that. They can introduce a new agreement, but can then unintroduce the old agreement?

I guess they could sell only information collected after the introduction of the new agreement.

Stevie Bonifield (Hacker News):

Firefox users are also concerned about what exactly Mozilla could do with their data within the somewhat vague bounds of “a nonexclusive, royalty-free, worldwide license.” The most obvious possible explanation is some sort of AI feature for Firefox. For AI to function well, it needs to consume huge amounts of training data, and that data has to come from somewhere.

Jay Peters:

Mozilla is revising its new Terms of Use for Firefox introduced on Wednesday following criticisms over language that seemed to give the company broad ownership over user data. With the change, “we’re updating the language to more clearly reflect the limited scope of how Mozilla interacts with user data,” the company says in a Friday post.

[…]

Friday’s post additionally provides some context about why the company has “stepped away from making blanket claims that ‘We never sell your data.’” Mozilla says that “in some places, the LEGAL definition of ‘sale of data’ is broad and evolving,”and that “the competing interpretations of do-not-sell requirements does leave many businesses uncertain about their exact obligations and whether or not they’re considered to be ‘selling data.’”

Liam Proven and Thomas Claburn (Hacker News):

Varma said its contractual language has been updated in an effort to assuage concerns. For one thing, it now states “this does not give Mozilla any ownership” of the data you put into Firefox to use it.

While much of the confusion can be written off as an unforced error in communication – legalese is often misunderstood – the developer’s privacy commitment has changed, in its wording at least. The answer to “what is Firefox?” on Mozilla’s FAQ page about its browser used to read:

The Firefox Browser is the only major browser backed by a not-for-profit that doesn’t sell your personal data to advertisers while helping you protect your personal information.

Now it just says:

The Firefox Browser, the only major browser backed by a not-for-profit, helps you protect your personal information.

Jeff Johnson:

Mozilla has failed to pay its bills.

sylvestre:

Please don’t read too much into this ;) We moved from self-hosted Discourse to hosted Discourse. The transfer was initiated late from the Mozilla side (my bad) and the automatic system from Discourse kicked in.

See also: Louis Rossmann (Hacker News).

Microsoft Shutting Down Skype

Tom Warren (9to5Mac, Hacker News, Slashdot):

Microsoft is shutting down Skype in May and replacing it with the free version of Microsoft Teams for consumers. Existing Skype users will be able to log in to the Microsoft Teams app and have their message history, group chats, and contacts all automatically available without having to create another account, or they can choose to export their data instead. Microsoft is also phasing out support for calling domestic or international numbers.

From my perspective, that was the most useful part of Skype.

Zac Bowden:

Skype first launched in 2003 and was a very popular VOIP messaging platform in its heyday.

Dan Moren:

But there was a time when Skype was a revolution: free, good sounding voice calls across the Internet. Not to mention the ability to make cheap actual phone calls internationally, in a day and age when that was usually ridiculously expensive.

Hartley Charlton:

Microsoft acquired Skype in 2011 for $8.5 billion in what was then its largest-ever acquisition. At its peak, Skype had more than 300 million monthly active users and was synonymous with internet-based voice and video calling. The service steadily declined in relevance in recent years, with its active user base shrinking to approximately 36 million by 2023 as competitors such as Zoom, WhatsApp, and Microsoft’s own Teams platform gained traction.

Teams has since grown to 320 million monthly users, far surpassing Skype’s remaining user base. The company’s decision to discontinue Skype is apparently part of a broader effort to prioritize artificial intelligence features within Teams.

Dare Obasanjo:

Skype was a victim of Microsoft’s focus on Windows to the detriment of every other platform and a culture of mismanaging acquisitions under Steve Ballmer.

It was a great product in its heyday but that hasn’t been the case in over a decade.

Christina Warren:

The best part of Skype (RIP) was Ecamm’s Call Recorder plugin (also RIP) that was not only good for podcasting for YEARS but was a great way to record your phone calls if you used a Skype-out number. When I was a journalist, it was so useful.

Om Malik:

It makes me incredibly sad, but I am not surprised. The writing was on the wall. Skype has been dying a slow death for a long time. As far back as 2018, it was obvious what lay in store. At the time, I wrote about the great Skype vanishing.

[…]

Microsoft now talks about Teams being their focus, showing that even today they haven’t realized what made Skype a cultural, consumer force. Microsoft Teams is a terrible product — and I dread using it. In simplest terms, Teams is a perfect encapsulation of a bureaucratic, archaic, and outdated 50-year-old company that is trying to reinvent itself as an AI leader.

Previously:

Update (2025-03-03): Adam Engst:

Microsoft wants Skype users to transition to Microsoft Teams, but it remains unclear if Teams will fulfill all the functions for which people used Skype, such as calling landlines and cell phones from an app. If you’re still using Skype, how do you plan to replace it?

John Gruber:

The writing has been on the wall for a long time that Skype was no longer strategic for Microsoft. Really, even right after the acquisition, it never seemed Microsoft had any sort of plan for what to do with Skype — even though, at the time, it was their largest-ever acquisition.

But man, for a long while, Skype was singularly amazing, offering high-quality / low-latency audio calls at a time when everything else seemed low-quality / high-latency.

iOS Declared Age Range API

Sarah Perez:

Apple on Thursday announced a range of new initiatives designed to help parents and developers create a safer experience for kids and teens using Apple devices. In addition to easier setup of child accounts, parents will now be able to share information about their kids’ ages, which can then be accessed by app developers to provide age-appropriate content. The App Store will also introduce a new set of age ratings that give developers and App Store users alike a more granular understanding of an app’s appropriateness for a given age range.

[…]

Nine U.S. states, including Utah and South Carolina, have recently proposed bills that would require app store operators like Apple to check kids’ ages in order to get parental consent before minors can download apps, for instance.

[…]

Several of the changes for child accounts are available in the public beta of iOS 18.4, out now. The ability to make updates to the age of a child account after it’s already created, as well as the Declared Age Range API, Age Ratings and App Store updates will be available later this year, Apple says.

I think this makes sense. It’s not clear to me whether Apple is just getting ahead of legislation or sort of had a change of heart. It still kind of sets up a strawman in describing its reluctance.

Nick Heer:

The company is developing a habit of sending PDF links directly to media outlets to circulate.

[…]

This is a direct response to a proposed U.S. law that would require Apple — and Google — to verify ages at the App Store level; it says its solution is an effective alternative. It may well be, but I do not buy this line of argument. It could, for example, wait to verify a user’s age until they attempt to download an app where it would be needed. Also, while Apple’s own data collection would be minimized by hypothetically offloading that responsibility onto third-parties, it would increase the number of copies of this sensitive information floating around.

Dan Moren:

There’s still a lot of work to be done, however. As the father of a two-year-old who gets only limited and controlled access to an iPad, I’ve run into numerous frustrations trying to both maintain appropriate security practices and let me conveniently manage the device. There are also numerous issues with critical features like Screen Time, which suffers from both inaccuracies in its measurements as well as methods for circumvention.

Previously:

Lawsuit Over Apple Watch Carbon Offsets

Jonathan Stempel (MacRumors, 9to5Mac):

Apple has been sued by consumers who said its claim that three versions of Apple Watches are “carbon neutral” and environmentally friendly is false and misleading.

[…]

Apple, also known for the iPhone, launched the watches in September 2023, saying they would be carbon neutral through a combination of lower emissions and purchases of carbon offsets.

[…]

“In both cases, the carbon reductions would have occurred regardless of Apple’s involvement or the projects’ existence,” the complaint said. “Because Apple’s carbon neutrality claims are predicated on the efficacy and legitimacy of these projects, Apple’s carbon neutrality claims are false and misleading.”

I doubt that large numbers of people wouldn’t have purchased Apple Watches without them being carbon neutral, but I guess this is the easiest legal route to try to hold a company to account for (alleged) misleading advertising claims.

Benjamin Turner:

for me it came down to the realization of what apple was saying about the environment versus what they were doing locking down devices through software and hardware pairing that ultimately juices the circulation of ewaste

Previously:

Thursday, February 27, 2025

Xcode Spell Checking

Jesse Squires:

Did you know that Xcode can spell check your code and comments? Based on my experience working on large teams and large Xcode projects, this is a little-known feature. I routinely find spelling errors, not only in code comments but in symbol names. For the latter, this is particularly frustrating when a misspelled symbol is widely used because correcting that error — a rename that affects a substantial portion of the codebase — produces a large diff.

[…]

In Xcode, you can enable spelling from the Edit menu, Edit > Format > Spelling and Grammar > Check Spelling While Typing. Just like a typical word processor, Xcode will helpfully underline misspelled words and offer to apply corrections.

Even better, Xcode understands variable names and will correctly identify errors in camelCase, snake_case, and other common identifier formats.

A good reminder. I think I used to have this enabled, and then it got turned off, and then I forgot Xcode could check spelling because the option isn’t in the contextual menu like in most apps.

It seems to ignore single-letter prefixes and some multi-letter ones like rw, but it doesn’t like ns or most Hungarian notation.

nRootTag

Nathan Kahl (post, Hacker News, MacRumors):

George Mason University researchers recently uncovered a way for hackers to track the location of nearly any computer or mobile device. Named “nRootTag” by the team, the attack uses a device’s Bluetooth address combined with Apple’s Find My network to essentially turn target devices into unwitting homing beacons.

“It’s like transforming any laptop, phone, or even gaming console into an Apple AirTag - without the owner ever realizing it,” said Junming Chen, lead author of the study. “And the hacker can do it all remotely, from thousands of miles away, with just a few dollars.”

The team of Qiang Zeng and Lannan Luo—both associate professors in the Department of Computer Science—and PhD students Chen and Xiaoyue Ma found the attack works by tricking Apple’s Find My network into thinking the target device is a lost AirTag. AirTag sends Bluetooth messages to nearby Apple devices, which then anonymously relay its location via Apple Cloud to the owner for tracking. Their attack method can turn a device—whether it’s a desktop, smartphone, or IoT device—into an “AirTag” without Apple’s permission, at which point the network begins tracking.

Via Filipe Espósito:

The researchers informed Apple about the exploit in July 2024 and recommended that the company update its Find My network to better verify Bluetooth devices. Although the company has publicly acknowledged the support of the George Mason team in discovering the exploit, Apple is yet to fix it (and hasn’t provided details of how it will do so).

The researchers warn that a true fix “may take years to roll out,” since even after Apple releases a new software update that fixes the exploit, not everyone will update their devices immediately. For now, they advise users to never allow unnecessary access to the device’s Bluetooth when requested by apps, and of course, always keep their device’s software updated.

Previously:

Update (2025-03-03): Dan Goodin:

But it isn’t until page 5 of the research paper that we learn the attack requires the successful infection of one device if it’s running Linux and two devices when running Android or Windows.

So unless I’m missing something, this attack is only an iterative development. An attacker could already track infected devices connected to the Internet pretty accurately if they had location services turned on, and even if not, an IP address could give a rough approximation. All that’s new here is the abuse of Apple Find My to make tracking more accurate and allow it to occur even when the infected device isn’t connected to the Internet.

That last part still seems like a big deal to me.

The Tyranny of Apps

Rupert Jones (Hacker News):

Apps have burrowed their way into seemingly every aspect of our lives and there are lots of reasons why companies are pushing us to use them. With an app, it is often “one click and you’re in”, rather than having to faff around online finding the website and remembering passwords. It is also for the “push notifications” that mobile apps send to grab our attention and get us to buy stuff. Many tech experts also argue that apps are generally more secure than websites and allow banks and others to carry out sophisticated ID verification using face, voice and fingerprint biometrics.

But millions of people who cannot afford a smartphone or have an older device that does not support some services are increasingly being locked out of deals, discounts and even some vital services, say digital exclusion and pro-cash campaigners.

They are missing out on everything from savings on their weekly shop, to some of the best interest rates for their cash. And not signing up to the app revolution is making activities including paying for parking and going to concerts increasingly challenging.

I do have a smartphone, so I can run the apps, but I don’t like it when they could have just been Web sites. Having a large number of these limited-use apps takes up a lot of space: in phone storage, on the home screen, and in the App Store’s list of updated apps. Sometimes an app will have lower quality images/maps than the Web site or will refuse to function, right when you need it, unless you install an update. They’re often less reliable, worse at remembering logins, or require an e-mail magic link dance.

Apple:

Coming with iOS 18.4 and iPadOS 18.4 in April, Apple News+ subscribers will have access to Apple News+ Food, a new section that will feature tens of thousands of recipes — as well as stories about restaurants, healthy eating, kitchen essentials, and more — from the world’s top food publishers, including Allrecipes, Bon Appétit, Food & Wine, Good Food, and Serious Eats.

With the new Food feature, users will be able to find stories curated by Apple News editors, as well as browse, search, and filter tens of thousands of recipes in the Recipe Catalog — with new recipes added every day.

I think Apple News would have a better user experience with a Web site and an RSS feed than as an app.

Previously:

Update (2025-02-28): Nick Heer:

If you do not have enough money for a smartphone, you might be locked out of discounts for basic goods. My local supermarket is currently offering a dollar off eggs if I use my personalized coupon — but it is only available in the app.

Even for those of us with smartphones — a majority of people in Canada in all under-75 age groups, for example — we might not want to install software to get grocery coupons or park their car. These apps are often clunky experience, and seem to usually be a website in an app wrapper. Web apps are not treated as mainstream citizens on iOS, in particular, so these bad apps are all we get.

Nick Heer:

Apple News is not only a mediocre app experience, but its existence also causes regressions on the open web.

Stories in Apple News have a permalink, like anything else on the web. However, unlike just about any link you have seen from a mainstream publication for the past, say, twenty years, these links are inscrutable. Instead of being in a format containing the source of an article and its title, all Apple News permalinks are something like https://apple.news/Ayls8UZCzQnWfFNRugL3tPA.

[…]

In MacOS browsers, I am prompted to open Apple News to view the article; if I decline, I have no next steps.

Update (2025-03-04): P. Martin Ortiz:

The smartphone boom changed everything. Suddenly, apps were everywhere, connecting people, solving problems, and entertaining us. But for a while now, they’ve started to feel more like a burden than a blessing. In today’s web-first world, most native apps feel redundant, cluttering our phones unnecessarily. With how far modern web technologies have come, it’s time to rethink if we really need them.

Jeremy Keith:

This is all true. But this post from John Gruber is equally true: One Bit of Anecdata That the Web Is Languishing Vis-à-Vis Native Mobile Apps[…]

[…]

Ten or fifteen years ago, the gap between the web and native apps on mobile was entirely technical. There were certain things that you just couldn’t do in web browsers. That’s no longer the case now. The web caught up quite a while back.

But the experience of using websites on a mobile device is awful. Never mind the terrible performance penalties incurred by unnecessary frameworks and libraries like React and its ilk, there’s the constant game of whack-a-mole with banners and overlays. What’s just about bearable in a large desktop viewport becomes intolerable on a small screen.

This is not a technical problem. This doesn’t get solved by web standards. This is a cultural problem.

Via John Gruber (Mastodon):

There are mobile web proponents who are in denial about this state of affairs, who seek to place the blame at Apple’s feet for the fact that WebKit is the only rendering engine available on iOS. But WebKit’s limitations have nothing to do with the reasons so many websites suck when experienced on mobile devices. The mobile web sucks just as bad on Android.

[…]

And the app experiences from the same companies (whose websites suck on mobile) are much better.

We must be using different apps. The apps-that-should-have-been-web-sites that I see are mostly just wrappers over the same Web-based content. So we end up with the bloat of the app plus the bloat of the JavaScript libraries, and the end result is slower and less reliable than just going to Safari.

Update (2025-03-05): Marc Kalmes:

I’m starting to notice worse eyesight and increased the font-size on the iPhone. There are not many apps adhering to this change and websites-inside-container-apps are definitely not among them.

Our Changing Relationship With Apple

Brent Simmons (2024):

Apple’s positive effect on my life should not be underestimated. […] But I need to remember, now and again, that Apple is a corporation, and corporations aren’t people, and they can’t love you back. You wouldn’t love GE or Exxon or Comcast — and you shouldn’t love Apple. It’s not an exception to the rule: there are no exceptions.

Apple doesn’t care about you personally in the least tiny bit, and if you were in their way somehow, they would do whatever their might — effectively infinite compared to your own — enables them to deal with you.

Marco Arment:

This week’s Under The Radar is significant, therapeutic, and my favorite episode in recent memory:

Our Changing Relationship with Apple

How our values have diverged and our perceived relationship has changed with Apple, forcing our motivations for iOS development to evolve.

Jeff Johnson (2023):

I’m organizing a boycott of Apple’s Feedback Assistant, starting immediately, and I encourage all Apple developers to join me.

Matt Massicotte (Mastodon):

To put it mildly, I have been struggling with this. I have been trying to find ways to respond. Something that could give me some kind of leverage.

Apple relies heavily on feedback from third-party developers to find bugs in new APIs and OSes. Because of their development cycle, this is especially critical during a beta period.

So I’m just no longer going to use Feedback Assistant. I will not use beta OSes. I will not share crash reports for Apple software. Because of Swift’s exclusive use of X, I will no longer participate in the Swift forums or evolution process. I will also actively discourage others from doing these things.

Drew McCormack:

For him to swear off participating in the Swift Forums is immense, knowing how active he has been. I feel the same way.

Swift has since joined Mastodon.

Francisco Tolmasky:

People haven’t put 2 and 2 together that Apple doesn’t give a shit about developers or their feedback. You’d think after years of being notoriously known for never acknowledging or responding to feedback people might take the hint, but instead they construct a fantasy where it’s some prized asset they don’t want you to know about. Look at the new Settings. You think Apple cares about software quality? Apples ideal state is you making them 30% and never bugging them.

To be clear, I’m not saying “file feedback” to get back at them! I’m saying “he’s just not that into you”. You’re not gonna fix him babe. You wouldn’t work this hard to reform Google or Facebook, right? Apple just sent their army of lawyers to defend Google’s web monopoly. Time to wake up, they’re not on your team. There is no version of participating in their closed ecosystem that somehow “fixes the problem from the inside” or whatever you think might happen aside from a revenue relationship.

Craig Hockenberry:

Empires crumble. This is how Apple’s begins.

I think peak Apple was somewhere around 2010. But the innovations and progress since are underrated, and I don’t think it’s crumbling in any sort of business sense. Even if you think they’ve lost their quality or design or moral authorities—which I think are all true to varying degrees, but these are not binaries—what would the effect of that actually be? What alternative do people have?

Boycotting seems futile to me, but I support Johnson and Massicotte participating or not participating however is best for them. It’s healthy to reevaluate your goals, how you spend your time, and how your actions play into the bigger picture. To me, the main point is that there isn’t really a relationship with Apple and never was. It’s in our heads, which actually means it’s under our control. Not Apple, but how we think about Apple.

I think Arment and Tolmasky have it right, which is that Apple’s going to do what it’s going to do. Mostly, all we get to decide is whether or not we want to play in their sandbox. If you do, make it about the satisfaction of what you’re building and about serving your customers and a community that shares your values. Apple should be seen as a tool to those ends, not as a parent or partner or religion. Such expectations will only lead to disappointment.

Previously:

Update (2025-03-03): See also: Hacker News.

Wednesday, February 26, 2025

Testimony on External Purchase Fee and Scare Screens

Tim Hardwick:

Apple Fellow Phil Schiller testified in court on Monday that he initially opposed the 27% commission Apple now charges on purchases made outside the App Store, citing compliance risks and potential developer backlash (via AP News).

Schiller, who oversees the App Store, said he had concerns that the fee would create an “antagonistic relationship” between Apple and developers, and worried about Apple becoming “some kind of collection agency” that might need to audit developers who didn’t pay.

[…]

The current hearings are scheduled to continue until Wednesday, and are focused on determining whether Apple has violated the original court order. Judge Gonzalez Rogers has expressed frustration with Apple witnesses’ hazy recollections about how they developed rules for the alternative payment system.

According to court documents, Apple extensively analyzed how the “less seamless experience” of external purchases would affect transaction completion rates, which helped the company work out when developers would likely return to using Apple’s in-app purchase system.

Paul Thurrott:

Long-time Apple executive Phil Schiller admitted in court that the 27 percent fee Apple imposed likely violated a court order in Epic v. Apple. In effect, he simply confirmed what everyone already knows about Apple’s bad faith compliance with antitrust rulings around the globe: It is doing as little as possible to meet the letter of the law to forestall actual compliance for as long as possible.

[…]

Schiller said he opposed the fee initially, and that multiple Apple executives, including CEO Tim Cook, were involved in the process of determining the fee structure for web-based fees. He also admitted that the fee structure it came up with was “antagonistic,” though he did sign off on it.

The Judge was already unimpressed by Apple’s behavior before this week. “All this does is maintain the non-competitive environment that exists,” she told Schiller last year. Since then, the only thing that’s changed is that Apple hasn’t complied with the court order for a longer period of time. What’s left is for Judge Gonzalez-Rogers to hold Apple in contempt of the court and order it to make more meaningful changes that address her original ruling. From four years ago.

Schiller has been a particularly bad witness for Apple, as he’s claimed to forget almost anything related to Epic Games each time he’s testified. But Epic’s lawyers are using evidence to “refresh” his memory during this week’s hearings.

Tim Sweeney:

And it wasn’t explicitly said, but the testimony had the vibe that Phil didn’t want to do any of this - not even charging the commission - but was overruled by the “revenue committee” (CEO Tim Cook and then-CFO Luca Maestri).

He wasn’t sure it would even be legal, and this lines up with the previous reporting that Schiller wanted to cap the App Store profits at $1 billion per year, in the interest of ecosystem health. Obviously, the buck stops at Tim Cook.

Tim Sweeney:

Exhibit 225 shows that Apple CEO Tim Cook PERSONALLY directed the App Store team to add misleading security warnings to undermine developers and users transacting directly. This is one of the critical points in the Contempt of Court proceeding.

Perhaps he will testify, too, and tell the court that Apple has to deal with the same fees and warnings as developers.

Tim Sweeney:

Now we’re in court reading Apple’s internal emails on making the third-party payment scare screens as scary and intimidating as possible. “It raises questions and hesitancy, ha ha!”, one writes of the latest scare screen.

Now this witness, a UX designer, is on the stand being examined by a friendly Apple lawyer, redefining the English word “scare” as some sort of benign benevolent gesture. 🙄

Previously:

Update (2025-02-28): Josh Sisco (via Tim Sweeney):

Carson Oliver, who oversees the App Store, said he and other executives weighed the judge’s directive to provide “competitive pressure” on pricing against revenue considerations before they introduced “link outs” that allow app developers to collect payments outside the store.

While charging no commission at all “would be an extremely attractive option” for developers, Oliver said, some of his colleagues didn’t want to forgo compensation completely, including then-Chief Financial Officer Luca Maestri.

There was also an internal debate about how much to charge. Oliver said setting the fee at 20% for outside payments would make it hard to justify preserving the store’s standard 30% on most payments made in apps.

xroissance:

Bombshell from Schiller testimony: If just 5% of in-app purchases from top 200 apps shifted to web payments, 🍏 would lose “hundreds of millions of dollars” - and this was their “most conservative” estimate.

Even more telling: This 5% shift scenario was the FLOOR in Apple’s internal analysis. Other scenarios showed potential losses in the billions. But apparently they never analyzed what their IP is actually worth…

The smoking gun: “Option 3” - allowing links without commission - was extensively modeled by the team, showing exactly how much 🍏 stood to lose.

Yet mysteriously, before presentation, “Option 3" disappeared. Schiller claims neither he nor Cook ever saw it, despite financial teams doing detailed analysis.

Hyperspace 1.0

John Siracusa (Mastodon):

There are plenty of Mac apps that will save disk space by finding duplicate files and then deleting the duplicates. Using APFS clones, my app could reclaim disk space without removing any files! As a digital pack rat, this appealed to me immensely.

By the end of that week, I’d written a barebones Mac app to do the same thing my Perl script was doing. In the months that followed, I polished and tested the app, and christened it Hyperspace. I’m happy to announce that Hyperspace is now available in the Mac App Store.

Hyperspace is a free download, and it’s free to scan to see how much space you might save. To actually reclaim any of that space, you will have to pay for the app.

It costs $19.99/year, $9.99/month, or $49.99 lifetime. As he says, it’s “dangerous,” but I trust Siracusa to be careful and get it right. However, this and other duplicate finder apps are not for me. I know from first principles where most of my duplicates are, and how they result from the way I build my apps and Web sites. You have to pay to see which duplicates Hyperspace found, but the overall total was in the expected range. I don’t really care about saving a quarter of a percent of the space on my SSD. I assume my situation is not typical or this wouldn’t be such a popular app category.

Nick Heer:

On my MacBook Pro, used for far less strenuous tasks, the potential savings are around 57 MB.

John Voorhees:

I took Hyperspace for a spin to see what it could find on my Mac Studio, which stores about 2.5 TB of data. The scan was impressively fast at around 30 seconds, identifying 4.04 GB of data that it could free up. That’s not a lot in the grand scheme of things, but it was also nice to know that I don’t generate a lot of duplicate files with my workflows.

Update (2025-02-28): John Siracusa:

The current version doesn’t look inside Photos libraries or any other kind of “bundle” file. This may change in future versions.

“Phonetic Overlap”

Tripp Mickle and Eli Tan (Hacker News, MacRumors):

While using Apple’s automatic dictation feature to send messages on Tuesday, some iPhone users reported seeing a peculiar bug: the word “racist” temporarily appearing as “Trump,” before quickly correcting itself.

The message blip, which was replicated several times by The New York Times, provoked controversy after appearing in a viral TikTok post, raising questions about Apple’s artificial intelligence capabilities.

An Apple spokeswoman blamed the issue on phonetic overlap between the two words, and said the company was working on a fix.

[…]

“This smells like a serious prank,” Mr. Burkey said. “The only question is: Did someone slip this into the data or slip into the code?”

Juli Clover:

Speaking the word racist with dictation doesn’t always show “Trump” first, though it did show up more often than other words in our testing. We also saw “Rhett” and “Rouch” appear before the iPhone corrects to racist.

Chance Miller:

The New York Times story cleverly omits the fact that other words like “rampage” trigger this glitch, not just “racist.” This leads some credence to Apple’s explanation that this is due to “phonetic overlap.”

Except that there is overlap with “rampage.” There are a variety of possible explanations, from a prank to some sort of semantic adjacency in a training dataset, but I think the idea that it’s because the phones are similar is laughable. I wonder why Apple PR felt the need to give this specific explanation instead of just saying that it was a bug.

Previously:

Amazon Removes Direct Downloads of Kindle Books

Andrew Liszewski (Hacker News, Reddit):

Starting on February 26th, 2025, Amazon is removing a feature from its website allowing you to download purchased books to a computer and then copy them manually to a Kindle over USB. It’s a feature that a lot of Kindle users are probably not aware of, given books can be more easily sent to devices over Wi-Fi, but it’s especially useful for backing up purchases or converting them to other formats compatible with non-Kindle e-readers.

[…]

It doesn’t happen frequently, but as Good e-Reader points out, Amazon has occasionally removed books from its online store and remotely deleted them from Kindles or edited titles and re-uploaded new copies to its e-readers.

[…]

The feature is also the easiest way to convert books purchased from Amazon to other formats like EPUB that can be used on alternative devices such as a Kobo. Books downloaded through Amazon’s website are delivered in the older AZW3 format which allows DRM to be easily removed using various software tools.

Jason Snell:

This feature was designed for users who had connectivity on their computer, but not on their Kindle. But it’s also been the easiest pathway to get ebook files out of Amazon’s copy protection scheme so that they can be converted to play back on other devices.

[…]

While I remain optimistic about the ability of scrappy underdogs to circumvent the copy protection regimes of big tech companies, the fact is that Amazon’s newer file format has been incredibly difficult to crack—hence the value of the USB downloading hole that Amazon’s about to close.

[…]

I used the Amazon Kindle eBook Bulk Downloader by friend of the site Sam Davis.

David Sparks (Mac Power Users):

There is something about this that stinks to me. I pay for the books. I feel like I should be able to download them. I’ve bought hundreds of books from Amazon over the years and this push toward cloud-based model data control feels like crossing a line. Maybe this is a thing with me and I should have realized that I was only purchasing a “license” to read the books instead of “ownership” of the books all along.

Nathan (Hacker News):

Amazon recently changed the wording on their website when it comes to buying Kindle ebooks.

As the screenshot above shows, they now have a disclaimer under the buy now button that says, “By placing your order, you’re purchasing a license to the content and you agree to the Kindle Store Terms of Use”.

[…]

I read somewhere about a new law that was passed in California where companies have to “conspicuously” disclose that customers are buying a license when it comes to digital media like ebooks, so that’s likely the reason why Amazon made the change.

Previously:

Tuesday, February 25, 2025

FBI Also Wants to Break iCloud Advanced Data Protection

Zak Doffman (via Eric deRuiter, Hacker News):

What has just shocked the U.K. is exactly what the FBI told me it also wants in the U.S. “Lawful access” to any encrypted user data. The bureau’s quiet warning was confirmed just a few weeks ago.

The U.K. news cannot be seen in isolation and follows years of battling between big tech and governments over warranted, legal access to encrypted messages and content to fuel investigations into serious crimes such as terrorism and child abuse.

As I reported in 2020, “it is looking ever more likely that proponents of end-to-end security, the likes of Facebook and Apple, will lose their campaign to maintain user security as a priority.” It has taken five years, but here we now are.

[…]

When December’s encryption warnings hit in the wake of Salt Typhoon, the bureau told me while it wants to see encrypted messaging, it wants that encryption to be “responsible.”

Because the backdoor worked so well then?

Previously:

Update (2025-03-03): Jaanus Kase:

It’s not far fetched to imagine that the US government will walk up to Apple and demand data about the users of your app, including the data they have stored with your app.

How will Apple respond?

That is the point of this post. I don’t know. I would like to know.

Apple is not going to side with you over the government in cases where they could easily comply. They have no history of doing that. It seems obvious that, if iCloud Advanced Data Protection is disabled, Apple will just give them the data. This has happened many times already. If it’s enabled, Apple will prevent you from using it (as in the UK), so data already encrypted will probably remain safe but future data will not be E2EE. It’s possible, but I think unlikely, that Apple would backdoor the encryption so that you think it’s safe, but it isn’t. It’s also possible that there’s already a vulnerability that Apple did not intentionally put there. Regardless, only way to ensure privacy with such a single point of failure would be to use an app that doesn’t rely on Apple’s services for its encryption layer.

See also: Nick Heer.

Previously:

Update (2025-03-05): John Gruber:

Apple’s most recent [government transparency] report for the United States covers January to June 2023. They didn’t always lag this far behind. […] it has me looking as much at what Apple doesn’t say about government data demands as what Apple does say about them.

XcodeBenchmark

Maxim Eremenko:

XcodeBenchmark measures Mac performance in Xcode by compiling a relatively large codebase.

The project has already saved thousands of dollars for developers and companies when they purchase or upgrade their Macs and I believe these results will help you make the right cost/performance choice.

The code is primary C-family languages, but it also includes some Swift.

Of note:

paya_:

When going from M4 to 12-core M4 Pro, we are adding p-cores and removing e-cores and thus the increase to score per core is justified. When going from the 12-core M4 Pro to any higher-tier chip, we are again adding p-cores but the score per core decreases, indicating diminishing returns (you would expect the score per core to increase because the e-core / p-core ratio is changing in favor of p-cores).

Previously:

Show Network QR Code

Ryan Christoffel:

Tap to open a Wi-Fi network inside the Passwords app, and you’ll see a button that reads, ‘Show Network QR Code.’

This QR code can then be scanned by anyone nearby to instantly connect them to your network.

[…]

Most readers will know that Apple already has a popular solution for sharing your Wi-Fi password with others: its pop-up prompt that sometimes feels like magic.

In practice, the magic solution almost never worked for me, so I’m very happy to see a still-easy solution that should be more reliable.

Humane Acquired, Ai Pin Discontinued

Juli Clover (Hacker News, William Gallagher):

Humane today informed customers that it is discontinuing its $700 Ai Pin at the end of February, with the device set to be taken offline less than a year after it launched in April 2024.

[…]

Humane recommends that Ai Pin users sync their devices over Wi-Fi to download stored pictures, videos, and notes before February 28 because data will be deleted after that.

The sudden discontinuation of the Ai Pin comes as Humane is being sold to HP for $116 million. HP is purchasing Humane’s CosmOS AI platform and more than 300 patents and patent applications, plus HP will be hiring Humane’s employees.

John Gruber (Mastodon):

This was a $700 purchase (for the matte black base model — polished metal ones were $800) with a mandatory $24/month service charge (which included cellular networking) and extra battery “boosters” were $70. Customers who bought when it launched last April have spent at least $1,000, but probably more, all told. Humane gave them 10 days notice before the thing turns into a brick.

M.G. Siegler:

A regular person might read that headline and think, “wow, a startup sold for nine-figures – impressive.” Of course, it’s not impressive in this case. It’s a fire sale for a company that has been under duress for months after their product, the Ai Pin, failed to catch fire in the market.

Nick Heer:

Only so much of that can be blamed on not having access to certain APIs or it being a first-generation product. It still cost $700 and required a subscription of $24 per month. And, while HP’s deal — for less than half what the company raised — includes the software, patents, and most of the staff, it excludes the A.I. Pin.

Manton Reece:

Eventually I believe there will be a successful product like it. It will need to be simpler, though. No laser. Cheaper. Faster.

I won’t judge the team too harshly for being so ambitious. They probably knew 1.0 had fallen short but were expecting to iterate after shipping it, keep improving it. Instead, they had hyped up expectations so beyond what could be achieved at launch that when the first version flopped, it was crippling.

Louie Mantia (in 2022):

I can’t imagine that product being successful.

Which makes me wonder— is the whole idea for Humane to patent any technologies it develops in the hopes of licensing those technologies to big companies? Maybe the product is effectively a demo to facilitate Humane selling patents.

Vidit Bhargava:

I wore the Ai Pin every day for almost six months, and very early on in those six months, I realized one thing, the Ai Pin wasn’t a complete failure. There were kernels of something truly unique and ambitious there, even if the execution was flawed. What started as an albatross around my neck (or shirt) for spending $700 on a device that barely worked, turned into a tiny research project for my thesis on ambient computing, and where a ubiquitous computer like this one would fit into people’s lives.

Previously:

Monday, February 24, 2025

ProVUE at the First Macworld Expo

Jim Rea:

Forty years ago today the doors opened for the very first MacWorld Expo in the Brooks Hall basement in San Francisco. For most of you this event probably seems like ancient history, somewhere back in the mists of time. But for me this was a very real and exciting event that I participated in as an exhibitor, the start of my amazing journey with the Mac community, a journey that continues on today.

As I recall there were two or three dozen software booths that first year. Some of the software on display included Multiplan (Microsoft), PFS:File, Think Tank, FileVision, Mac Slots, Habadex, Mac Draft, Mac Lion, Music Works, Click Art and of course OverVUE (the direct predecessor to today’s Panorama X). Of course all of these companies have long since disappeared, except for two - Microsoft and ProVUE Development.

What an inspiration. OverVUE was originally written in 68k assembly code that he macro-translated from PDP-11 assembly. Now it does AppKit, Unicode, and Apple Silicon. He continues to add major new features and directly support his customers.

To celebrate that, and this 40 year anniversary, I’ve set up a 40% discount code for new users - MACEXPO40.

John Gruber:

There are old-school Mac developers still going strong, and there are old school Mac developers still going strong.

Previously:

Update (2025-02-26): Adam Engst:

While it’s impressive that ProVUE has survived and thrived for so many years, it’s mostly a testament to Jim Rea’s skill and tenacity as a developer, tech writer, and business owner.

Delivering Malware Through Abandoned Amazon S3 Buckets

Bruce Schneier:

Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc.

[…]

Had this been an actual attack, they would have modified the code in those buckets to contain malware and watch as it was incorporated in different software builds around the internet. This is basically the SolarWinds attack, but much more extensive.

[…]

But there’s a second dimension to this attack. Because these update buckets are abandoned, the developers who are using them also no longer have the power to patch them automatically to protect them.

Previously:

Seeing the Location Name in Apple TV’s Aerial Screensaver

Apple:

Ever wonder what location you’re watching in an Aerial screen saver? While the location is playing, just tap the Touch surface on your Apple TV Remote.

Unfortunately, this doesn’t work if, like me, you’ve turned off the touch surface of the remote because it causes unwanted inputs. It used to be possible to see the location name by pressing the Up button, but Apple changed that in tvOS 18.

Previously:

Update (2025-02-26): Martyn Arnold and IT Troll have the unintuitive and undocumented answer: you press the Down button on the remote.

CIFilterBuiltins

Matthias Gansrigler:

Browsing the Core Image headers, I did find functions for these filters where you could just call let filter = CIFilter.colorPosterize()

Yet every time I tried, it never worked and would give me an error that CIFilter has no member 'colorPosterize'. Well, “Crap!”, I thought, this must be something that will become available eventually.

How wrong I was. This has been available for a while, you just need to know how to do it! The “trick” is to not only import CoreImage, but also (why!?) import CoreImage.CIFilterBuiltins.

Apple:

The type-safe approach returns a non-optional filter. Because the returned filter conforms to the relevant protocol—for example, CIFalseColor in the case of falseColor()—the parameters are available as properties.

Saturday, February 22, 2025

New Blog Server

My apologies for this site being slow and dropping connections over past few days. It’s been moved to a new server and should be much faster now. Please let me know if you continue to see any issues.

Friday, February 21, 2025

Apple Pulls iCloud Advanced Data Protection From UK

Zoe Kleinman (Hacker News):

Apple is taking the unprecedented step of removing its highest level data security tool from customers in the UK, after the government demanded access to user data.

Advanced Data Protection (ADP) means only account holders can view items such as photos or documents they have stored online through a process known as end-to-end encryption.

[…]

Apple would not comment on the notice and the Home Office refused to either confirm or deny its existence[…]

[…]

It is not clear that Apple’s actions will fully address those concerns, as the IPA order applies worldwide and ADP will continue to operate in other countries.

John Gruber:

More insidiously and outrageously, they are apparently forbidden by UK law, under severe penalty (imprisonment), from even informing the public about this demand, or, if they were to comply, from telling the public what they’ve done.

[…]

Re-read Apple’s statement above, which I’ve quoted in full, including the hyperlink. What stands out is that Apple is offering no explanation, not even a hint, why the company “can no longer offer Advanced Data Protection (ADP) in the United Kingdom to new users and current UK users will eventually need to disable this security feature”. On issues pertaining to security and privacy, Apple always explains its policies and features as best it can. The fact that Apple has offered no hint as to why they’re doing this is a canary statement of sorts: they’re making clear as best they can that they’re under a legal gag order that prevents them from even acknowledging that they’re under a legal gag order, by not telling us why they’re no longer able to offer ADP in the UK.

Matt Birchler:

It is crazy that Apple would seemingly rather close down the company than let people install apps from outside the App Store, even running an extended PR campaign against it, but they roll over immediately for this.

Even if they didn’t want to risk acknowledging the notice—which I was hoping they would—you’d think Apple could say something in general about the law and the process. On the other hand, I guess Apple is so far doing more than other companies that presumably also received the notice. Are they silently building in backdoors?

Tim Hardwick:

Note that the loss of Advanced Data Protection in the UK does not affect the existing end-to-end encryption of several other Apple features available in the country, including iMessage, FaceTime, password management and health data.

Dan Moren:

As of February 21, users in the country can no longer enable the feature; those users who currently have it on will have to disable it in the near future.

[…]

According to Apple, this change won’t affect data that is end-to-end encrypted by default, such as health data and iCloud Keychain. That does, however, leave one longstanding loophole: though Apple’s Messages in the Cloud system is end-to-end encrypted, the encryption key for those messages is backed up in iCloud Backups, for which Apple holds the keys. Those are, in turn, accessible to law enforcement under the proper procedures.

Previously:

Update (2025-02-25): See also: Matthew Green, Glenn Fleishman, Jaanus Kase, Rui Carmo.

Update (2025-02-26): Bruce Schneier:

Should the UK government persist in its demands, the ramifications will be profound in two ways. First, Apple can’t limit this capability to the UK government, or even only to governments whose politics it agrees with. If Apple is able to turn over users’ data in response to government demand, every other country will expect the same compliance.

[…]

Apple isn’t the only company that offers end-to-end encryption. Google offers the feature as well. WhatsApp, iMessage, Signal, and Facebook Messenger offer the same level of security. There are other end-to-end encrypted cloud storage providers. Similar levels of security are available for phones and laptops. Once the UK forces Apple to break its security, actions against these other systems are sure to follow.

It seems unlikely that the UK is not coordinating its actions with the other “Five Eyes” countries of the United States, Canada, Australia, and New Zealand: the rich English-language-speaking spying club.

Matthew Green:

Apple’s decision to disable their encrypted cloud backup feature has triggered many reactions, including a few angry takes by Apple critics, accusing Apple of selling out its users[…]

With all this in mind, I think it’s time to take a sober look at what might really happening here.

[…]

So if you’re Apple and faced with this demand from the U.K., engaging with the demand is not really an option. You have a relatively small number of choices available to you. In order of increasing destructiveness[…]

Francisco Tolmasky:

“What else could Apple have done in response to the UK encryption law?” I dunno. Seems they’ve come up with all sorts of creative responses to the DMA and other antitrust cases. I guess the creativity just wasn’t flowing when it comes to important things though.

The most obvious idea would be for Apple to provide a way for users to securely store their data outside of iCloud, either with other providers or on their own Time Capsule–like device. This is much easier said than done, however.

Previously:

Update (2025-02-27): John Gruber:

Upon learning of the UK’s odious demands on Apple, the Biden administration’s response wasn’t to defend Apple (or Americans’ privacy), but instead to try to hide it from Congress. Unreal.

Tulsi Gabbard (Hacker News):

My lawyers are working to provide a legal opinion on the implications of the reported UK demands against Apple on the bilateral Cloud Act agreement. Upon initial review of the U.S. and U.K. bilateral CLOUD Act Agreement, the United Kingdom may not issue demands for data of U.S. citizens, nationals, or lawful permanent residents (“U.S. persons”), nor is it authorized to demand the data of persons located inside the United States.

Via John Gruber:

The gag-order aspect of the UK’s Investigatory Powers Act prevented Apple from even fighting it in court. But a US ruling that would hold it illegal for Apple to comply would put Apple in an impossible situation, where they can’t comply with a UK legal demand without violating the law of the home country. That would actually give Apple the ground to fight this in the UK.

It’s unclear how much of the US intelligence establishment agrees with the new DNI.

Update (2025-02-28): John Gruber (Mastodon):

Ben Domenech interviewed President Trump yesterday in the Oval Office, after Trump’s meeting with UK Prime Minister Keir Starmer. The Spectator has published the entire transcript, and I read it so you don’t have to, to get the part about Apple and the UK’s encryption backdoor demand[…]

Update (2025-03-05): Connor Jones:

Apple has reportedly filed a legal complaint with the UK’s Investigatory Powers Tribunal (IPT) contesting the UK government’s order that it must forcibly break the encryption of iCloud data.

The appeal will be the first of its kind lodged with the IPT, an independent judicial body that oversees legal complaints against potential unlawful actions by a public authority or UK intelligence services, according to the Financial Times, which broke the news.

Nick Heer:

It looks like I, by way of Mike Masnick, was wrong to believe the only grounds on which Apple could fight this are financial. It turns out there is an appeals process which I could have found at any time — and in even more detail (PDF) — if I had double-checked. That is on me. However, in the first four years appeals were permitted on legal grounds, just two cases (PDF) were heard, with one being dismissed.

The way this is playing out is farcical. Nobody is legally permitted to discuss it, so we have only on-background leaks from Apple (almost certainly, I am guessing) and U.K. intelligence (maybe) to the same handful of reporters.

Icons in Passwords.app and App Privacy Report

Mysk:

The Passwords app now categorizes the network requests to download the icons as “websites visited in app” and this way the number of requests sent isn’t included in the main count in the #privacy report.

This new categorization makes the requests less visible to privacy-conscious as the app won’t show spikes of 130+ requests as we demonstrated before in iOS 18 and iOS 18.2.

[…]

iOS still doesn’t provide an option to disable downloading the icons, which is the best way to tackle this issue.

[…]

If the app directly contacts the websites, which is the case with Apple Passwords, the app might be at risk of receiving a malicious payload from remote web servers.

It was using unencrypted HTTP, but that’s fixed in iOS 18.2.

Previously:

Orion’s Password Manager

Kagi:

Orion includes a built-in Password Manager that makes it easy to store and automatically fill your usernames and passwords.

[…]

As an alternative to importing passwords from Safari into Orion, you can also access your Safari passwords in Orion directly. To enable this, first go to Orion > Settings > Passwords, and then disable the Use Orion’s Keychain checkbox.

However, I don’t think there’s a way for Orion to add new entries to the Apple password manager.

Orion 130 (tweet, issue):

Added support for passkeys on macOS 14+ to enhance secure authentication.

Previously:

Secrets 4.4 and Passkey Credential Exchange

Paulo Andrade (Mastodon):

One major issue preventing some users from adopting [passkeys] is that neither Apple’s Passwords app nor many password managers offer an option to export them, making it harder to switch platforms or password managers.

Secrets, on the other hand, has always allowed users to export any passkeys it stored. However, since no other password manager could import them, this feature was primarily useful for backups rather than migrations.

The good news is that the FIDO Alliance has been working on a standard to address this issue, and Apple has shipped its initial implementation in iOS 18.2 and macOS 15.2.

[…]

As of this writing, Secrets supports importing items exported from eight different password managers. That requires a lot of code and reverse engineering to handle mostly undocumented file formats.

With this new API, password managers that adopt it will become compatible with each other.

[…]

Additionally, given the preview nature of this API, Apple still has it behind developer toggles[…]

See also: Miles Wolbe.

Previously:

Thursday, February 20, 2025

Git Tower 12.5

Bruno Brito:

Now you can create, check out, and manage Worktrees directly from within your favorite Git client! 🫡

[…]

The git-worktree feature was introduced in version 2.5.0 of Git. The main advantage is that it allows you to have multiple working trees attached to the same repository, enabling you to check out more than one branch simultaneously from a single repository.

[…]

Another great use case is for long-running operations. You can perform time-consuming tasks, such as large builds or extensive tests, in one worktree while continuing to work in another.

Previously:

Beej’s Guide to Git

Brian Hall (via Hacker News):

Which leads us directly to the goal: let’s make sense of all this and go from complete Git novice up to intermediate! We’ll start off easy (allegedly) with commands mixed in with some theory of operation. And we’ll see that understanding what Git does under the hood is critical to using it correctly.

And I promise there’s definitely a chance that after you get through some of this guide, you might actually start to appreciate Git and like using it.

He also has some other great guides, most notably the one about network programming.

Update (2025-02-25): ednl:

Deserves a mention: @b0rk’s “Oh shit, git!” which has a slightly different premise but in the end probably targets the same people who want to better understand git, and her git cheat sheet.

Julia Evans:

ah yeah it’s a bit confusing, “how git works” is the one that explains how git works

Kaleidoscope 5.3

Kaleidoscope 5.1:

Kaleidoscope 5.1 comes with a URL scheme, yet another new way to integrate with other apps on your Mac.

[…]

There’s a very specific use case we had in mind when adding this feature: running tests within Xcode, in particular snapshot testing using swift-snapshot-testing.

[…]

Using the new Kaleidoscope 5.1 and a little diffTool configuration for SnapshortTesting, you instead get a clickable link within Xcode.

Kaleidoscope 5.2:

While Kaleidoscope has always automatically resolved some conflicts using the Base file provided by Git, it lacked the ability to display that file directly. Some merge tools display the Base file alongside the input files and the merge file. However, we never favored this approach because it further complicates the conflict resolution process by presenting you with four rather similar files simultaneously instead of the already confusing three.

But what if you were able to show the Base only in cases where you actually need it? And what if you were able not only see the Base itself, but instead compare what changed between Base and side A or B? After all, why should you try to figure out the difference between Base and A or B while having a diff app at your disposal? And what if, only in cases where that short comparison is unclear to you, you were able to then compare the entire files and inspect what changed between those versions, commit by commit?

Kaleidoscope 5.2 offers exactly all of that.

Florian Albrecht:

We understand that adapting to new keyboard shortcuts can be challenging, especially when you’ve developed muscle memory around the old ones. However, we believe that these changes in Kaleidoscope 5.2 will ultimately enhance your merge experience.

We encourage you to give the new shortcuts a try. If you find that you still prefer the old shortcuts, use System Settings to revert them to your liking.

Florian Albrecht:

Repositories can have a custom icon and/or a colored background.

Florian Albrecht:

In File Properties, you’ll find all the data except for the actual content. Even Extended Attributes and the presence of a BOM in UTF-8 files are included.

[…]

Did you accidentally open a branch comparison in the wrong order? No worries! Just right-click on the row in Recents and select Open Inverted.

[…]

When looking at the commit history of a file, Navigate > File History > Select Previous A & B (keyboard [), and …Select Next A & B (]) let you browse changes one by one, without lifting your fingers from the keyboard.

Kaleidoscope 5.3:

The new top section shows the current status of the repository.

[…]

You can now see a list of recent commits to any branch in your repository, sorted by date, with the latest commit on top. The current working copy branch will be shown by default. You’ll see the most important information about each commit in the row, and for each commit there are two main actions:

  1. Double-click an entry to immediately show all changes made in that commit (the changeset of that commit).
  2. Click the more button to see more details about that commit, like the entire formatted commit message.

[…]

Using the search field, and by picking one of the two available modes, you can either filter the list of commits, or select commits matching your search in the list.

I love the idea of searching for a commit and seeing other commits that are adjacent to it.

Previously:

Retcon 1.2

Nathan Manceaux-Panot:

Get sprawling diffs under control with commit splitting. Break down oversized commits into granular, meaningful ones.

While editing any commit, unstage some of its changes, then confirm the edit. The changes will be moved to a new commit.

Previously:

Wednesday, February 19, 2025

iPhone 16e

Apple (MacRumors, Hacker News):

Apple today announced iPhone 16e, a new addition to the iPhone 16 lineup that offers powerful capabilities at a more affordable price. iPhone 16e delivers fast, smooth performance and breakthrough battery life, thanks to the industry-leading efficiency of the A18 chip and the new Apple C1, the first cellular modem designed by Apple. iPhone 16e is also built for Apple Intelligence, the intuitive personal intelligence system that delivers helpful and relevant intelligence while taking an extraordinary step forward for privacy in AI. The 48MP Fusion camera takes gorgeous photos and videos, and with an integrated 2x Telephoto, it is like having two cameras in one, so users can zoom in with optical quality.

[…]

iPhone 16e features the Action button, allowing users to easily access a variety of functions with just a press.

[…]

The Action button on iPhone 16e also unlocks a new visual intelligence experience that builds on Apple Intelligence to help users learn about objects and places.

[…]

iPhone 16e will be available in white and black in 128GB, 256GB, and 512GB storage capacities, starting at $599 (U.S.) or $24.95 (U.S.) per month for 24 months.

Hartley Charlton:

Just like the now-discontinued iPhone SE, the iPhone 16e does not have MagSafe connectivity.

Juli Clover:

The newer Photographic Styles are also only for the iPhone 16, 16 Pro, and Pro Max. With Photographic Styles, the iPhone 16 models released in September feature an option to set an overall look for all images captured with the iPhone camera, but this doesn't exist for the 16e. Older style filters are available, however.

There are also several missing video recording features, including Cinematic mode and Action mode, but the new Audio Mix feature is supported.

Previously:

Update (2025-02-27): See also:

Update (2025-03-04): John Gruber:

I’ve been waiting for iFixit’s teardown to see if removing MagSafe components might help explain the 16e’s physically larger battery. It doesn’t seem to. The 16e battery seems taller, not thicker, and the MagSafe components in an iPhone 15 don’t seem thick or space consuming.

Matt Birchler:

Just days after I got my iPhone 16e, Apple’s (less) budget (than ever before) iPhone, Nothing is out here with new their new budget phones, the Phone (3a) and (3a) Pro. These models start at $379 and $459 respectively, so they certainly undercut the new iPhone, so let’s take a look at what the differences are and whether they make the iPhone 16e look silly.

Hiding Data in Emoji

Paul Butler (GitHub, via Andy Baio):

This tool allows you to encode a hidden message into an emoji or alphabet letter. You can copy and paste text with a hidden message in it to decode the message.

It does this by encoding the text as a sequence of variation selectors after the emoji.

Previously:

Hiding Vulnerabilities in Source Code

Ross Anderson (via Bruce Schneier):

Today we are releasing Trojan Source: Invisible Vulnerabilities, a paper describing cool new tricks for crafting targeted vulnerabilities that are invisible to human code reviewers.

Until now, an adversary wanting to smuggle a vulnerability into software could try inserting an unobtrusive bug in an obscure piece of code. Critical open-source projects such as operating systems depend on human review of all new code to detect malicious contributions by volunteers. So how might wicked code evade human eyes?

We have discovered ways of manipulating the encoding of source code files so that human viewers and compilers see different logic. One particularly pernicious method uses Unicode directionality override characters to display code as an anagram of its true logic.

Previously:

fileReferenceURL vs. NSURLFileResourceIdentifierKey

Thomas Tempelmann (Mastodon, tweet):

There is a fine but important difference between the two - they behave differently if the item is a hard linked file.

If, especially on a APFS formatted volume, you have multiple hard links for the same file content, then

  • NSURLFileResourceIdentifierKey will return the same value (classic “inode”) for all these hard links, whereas
  • fileReferenceURL returns unique “link IDs” that keep the reference for each hard link entry’s path.

Jim Luther:

Don’t use that info to construct your own URL string. First, the info in that answer is incomplete. Second, that string format could change.

[…]

fileReference URLs were added because AppKit used FSRefs and they wanted a URL equivelent. Bookmarks are always more reliable but not as fast.

BTW, fileReference URLs on non-Mac devices are much less useful because there’s no coreservicesd.

Previously:

Tuesday, February 18, 2025

BenQ PD2730S 5K Display

Tim Hardwick:

Speaking of adjustments, BenQ hasn’t skimped here. The stand offers a comprehensive range of movement: height adjustment up to 150mm, -5° to 20° tilt, and smooth 60° swivel capabilities. This versatility comes as standard - no $400 upgrade required, Apple. For those preferring alternative mounting solutions, there’s a standard VESA mount option.

[…]

The panel employs BenQ’s Nano Matte coating, which effectively manages reflections without compromising image clarity.

[…]

At $1,199, it delivers 5K resolution, excellent color accuracy, Thunderbolt 4 connectivity, and other thoughtful features at a significantly lower price point than Apple’s Studio Display. Yes, the speakers are terrible, but that seems par for the course in third-party monitors. And no, it doesn’t have a webcam like the Studio Display, but that just means you can invest in a better one than the latter offers. While the PD2730S can’t match Apple’s premium build quality or 600-nit brightness, it compensates with superior ergonomics and connectivity options.

Paul Haddad:

VESA Apple Studio is often $1299 and tons more premium. Getting a KVM is nice but still. I’ll give them credit for doing a nice job on the Mac software for it, doesn’t look like your typical Windows port hack job.

Previously:

Update (2025-02-25): D. Griffin Jones (Mastodon):

The BenQ display proves nicer than the Asus ProArt 5K I reviewed two months ago, but it also costs more ($1,199 compared to $799).

ArtIsRight:

In this video, we’re unboxing the BenQ PD2730S, a 27-inch QHD designer monitor built for creatives. We’ll closely examine what’s inside the box, including the monitor itself, accessories, and setup process. Plus, we’ll review its key features like 95% P3 and 100% sRGB color gamut coverage, factory calibration, and ergonomic design. In addition, this display can unofficially show Adobe RGB as well. It has a thunderbolt connection to display daisy chains and many more.

ASUS ProArt 5K Display

Juli Clover (Amazon):

There aren’t too many 5K displays on the market that can compete with Apple’s Studio Display, but ASUS recently came out with the ASUS ProArt Display 5K, which is a solid competitor. The ProArt Display 5K features a 27-inch 5K screen with 218 pixels per inch, aka retina quality.

ASUS sells the ProArt Display 5K for $799, so it’s actually half the price of the Studio Display, and much, much cheaper than the Pro Display XDR.

Previously:

Update (2025-02-25): Ezekiel Elin:

I’m really enjoying my 5K 27” ASUS that I picked up a few months ago. Dual input to a Mac mini and laptop with keyboard/mouse through the display has been great. And it was only $700.

D. Griffin Jones:

Admittedly, Asus’ 5K desktop monitor misses some of the Studio Display’s premium features. The stand wobbles and the body is made of creaky plastic. Plus, the panel isn’t quite as bright as Apple’s display, and it doesn’t come with a webcam.

Still, with very similar specs — and a budget-friendly $799 list price, compared to the Studio Display’s $1,599 (or $1,999 if you dare to desire an adjustable stand) — Asus is making an offer that’s hard to refuse. Keep reading or watch our video review.

Jettison 1.9

St. Clair Software (Mastodon, tweet):

Jettison now asks you to give it permission for Full Disk Access in your system’s privacy controls. This is necessary because macOS will sometimes refuse to let Jettison mount external USB drives unless it has this special permission.

[…]

[A] number of disk images are automatically mounted by the system. Some, known as cryptexes, are encrypted volumes used for augmenting or updating parts of the system itself, while others such as the iOS Simulator are mounted if you use Apple’s Xcode developer tools. […] Jettison used to show all of these in its “Eject” menu, which could be confusing because they’re not shown by the Finder, so they no longer appear there.

[…]

When Jettison can’t eject a drive because there are open files on it, it pops up an error message to tell you so. These messages have been improved to provide more detail, and when you’re manually ejecting a disk you’ll also see “Quit” buttons to quit any offending apps.

This is safer than the Force Eject that Finder offers and much easier than looking up the offending app yourself. Unfortunately, sometimes Sequoia reports an error when ejecting with Jettison, and I have to use Force Eject, anyway.

Previously:

MailMate 2.0 Beta

Benny Kjær Nielsen:

I’ve been very quiet here, but I’ve actually been working on MailMate during all that time — which should be obvious based on the other blog post today about the latest beta and its release notes. For years now, the main focus has been on improving/maintaining MailMate and that is great for existing beta/test users of MailMate, but obviously it’s not great for generating revenue from new users.

[…]

In the new license key setup, a MailMate license key is obtained by starting a subscription ($10 every 3 months). An active subscription means that MailMate will run in its “Paid Mode”. An inactive/cancelled subscription means that MailMate will run in its “Free Mode”. These modes are (almost) identical. Essentially, this means the price of a MailMate license key is now $10, but it is strongly encouraged to continue the subscription and for many users it is, in principle, required.

Why do it this way? First of all, paid upgrades are not a realistic option for me. It requires working on two versions of MailMate at the same time and I’ve clearly proven that I’m not able to do that. The first license key was sold more than 14 years ago and it is still valid!

Previously, it was a $50 one-time charge. One of the reasons it’s not a traditional subscription is that he had promised that 2.0 would be a free upgrade.

Maintaining software requires the same amount of effort as creating, but it is not a straightforward source of revenue. I do not think I can or should make major flashy rewrites which could justify upgrade fees. Instead, a large number of subscribers is going to be an incentive for me to focus on keeping existing users happy. This means iterative/frequent updates improving the details of existing features, improving performance, fixing bugs, and to at least some extent answering support emails. This is essentially how I’ve worked in the past.

Freron Software:

When Paid Mode expires, MailMate will automatically switch to Free Mode. In this mode, you continue to have access to all features of MailMate, but it is not intended to be used by all users. If you are part of a business or you run a business relying on the use of MailMate then it is also required that you use MailMate in Paid Mode.

As described above, MailMate adds a header line to every outgoing email stating the email client used. In Free Mode, this header line will explicitly use “MailMate Free Mode” as the email client name. Most of your correspondents will never see this, but some email clients will display it when it’s available.

Jeff Johnson (Mastodon):

I recently purchased an M4 MacBook Pro with a nano-texture display and set up Mail app fresh on the new machine, which is running macOS Sequoia. In the following weeks, I encountered a bunch of the same old problems—the Mail main window sometimes fails to come to the front when clicking on the Dock icon, requiring one or more additional clicks; the Flagged mailbox lists some unflagged messages, which can be removed from the list only by moving them to a new containing folder and back again; Mail app refuses to quit entirely because it's connecting to Gmail; a message sometimes isn't marked as read when opened in a window; my column widths are forgotten when switching folders—as well as a new problem: the Unread smart mailbox showed a phantom count of 1 when no messages appeared in the folder.

[…]

Although my immediate problem was solved, I started to wonder why Mail app hadn't downloaded that unread message. So for each of my email accounts, I used the Get Account Info contextual menu item to show the number of messages in each mailbox on the IMAP server, comparing it to the number of messages in each mailbox displayed in Mail app. To my horror, I discovered that there were multiple discrepancies, in multiple mailboxes, in multiple accounts. Mail app seems to download most of the messages from each mailbox, but for some unknown reason it doesn't always download every message from every mailbox.

This was the final straw for me, an irreparable loss of confidence in the reliability of Mail app. In my opinion, Apple Mail is a formerly great app, during the 2000s, that has steadily declined in quality since then and ultimately became shoddy. […] RIP Mail app, long live MailMate!

The IMAP problem I’ve been having with Apple Mail for the last few years is that some message moves/deletions don’t get synced to the server promptly. So if I view my account on my iPhone or Webmail I see a sampling of old messages—going back perhaps a month—still in the inboxes. Eventually those messages to get properly moved on the server, but by then new ones have taken their place.

MailMate's IMAP support appears to be flawless: unlike Mail app, MailMate downloaded every message in every mailbox for every account. How is it possible that one developer, Benny Kjær Nielsen, can succeed where an entire team of Apple engineers failed?

[…]

Moreover, Apple Mail has some problems with junk mail filtering. As of macOS Ventura, there's no longer a way to mark a message as not junk that Mail mistakenly marked as junk. And my junk mailboxes accumulate old messages despite the fact that I set Mail to erase junk messages after one month.

Of course, if you have Apple Mail or MailMate you should be using SpamSieve.

Pierre Igot:

Welcome to the club! I am fairly confident, based on your quality standards, that you will not regret it. I switched from Mail to MailMate in 2020 and have never regretted it.

Previously:

Update (2025-02-18): Jeff Johnson notes that Free Mode shows an alert when sending a message and is limited to sending two messages per launch. This seems reasonable to me but is not what I expected given the description of it being “almost identical” to Paid Mode.

Update (2025-02-18): Bernd suggests that the alert Johnson was seeing is due to the trial running out and that this is distinct from the Free Mode that you get after you pay once and stop paying. This is makes more sense given the documentation, so I guess the way to think about it is that there are actually four different modes.

Monday, February 17, 2025

Swift Proposal: InlineArray

SE-0453:

This proposal introduces a new type to the standard library, InlineArray, which is a fixed-size array. This is analogous to the classical C arrays T[N], C++’s std::array<T, N>, and Rust’s arrays [T; N].

[…]

It’s important to understand that Array is a heap allocated growable data structure which can be expensive and unnecessary in some situations. The next best thing is to force a known quantity of elements onto the stack, probably by using tuples.

[…]

We introduce a new top level type, InlineArray, to the standard library which is a fixed-size contiguously inline allocated array. We’re defining “inline” as using the most natural allocation pattern depending on the context of where this is used. It will be stack allocated most of the time, but as a class property member it will be inline allocated on the heap with the rest of the properties. InlineArray will never introduce an implicit heap allocation just for its storage alone.

[…]

InlineArray will be a simple noncopyable struct capable of storing other potentially noncopyable elements. It will be conditionally copyable only when its elements are.

Initialization is special-cased to avoid constructing a temporary array from the literal, and it does not conform to Sequence or Collection.

We do plan to propose new protocols that look like Sequence and Collection that avoid implicit copying making them suitable for types like InlineArray and containers of noncopyable elements. SE-0437 Noncopyable Standard Library Primitives goes into more depth about this rationale and mentions that creating new protocols to support noncopyable containers with potentially noncopyable elements are all marked as future work.

[…]

With the introduction of InlineArray, we have a unique opportunity to fix another pain point within the language with regards to C interop. Currently, the Swift compiler imports a C array of type T[24] as a tuple of T with 24 elements.

But they haven’t decided how to do that yet without breaking compatibility.

Previously:

Grammarly vs. Apple’s Writing Tools

Adam Engst:

Keep that background in mind when I say that my $144 annual subscription to Grammarly is one of my most worthwhile tech expenses. While Apple is just now getting into the game with its Writing Tools, Grammarly has been helping my writing since 2016. Its interface and capabilities have improved over time, and for what I need to write and edit in Google Docs, WordPress, Discourse, Mimestream, and now Lex, Grammarly has become an essential tool. For native Mac apps, you need the Grammarly Desktop app; for Web apps, Grammarly provides extensions for Safari, Chrome (and Chromium browsers like Arc), and Firefox.

[…]

Although Grammarly lets you turn off numerous aspects of its checking, my gripes are not among them.

[…]

However, thanks to the judicious addition of generative AI tools, I’m now happy to accept a few editing tics for the significant improvements that Grammarly makes to my drafts.

[…]

Since late October, I’ve become hooked on a feature that allows you to select text and hover over a blue button to the left of the paragraph to see an improved version with changes clearly highlighted.

[…]

While Grammarly integrates seamlessly into your text and clearly shows what will happen if you accept a change in nearly all situations, Apple’s Writing Tools require constant activation and provide significantly less feedback about their changes.

Chit Chat Across the Pond:

This week, the delightful Adam Engst of TidBITS joins us to talk about how he learned to write so well, what it’s like having an editor, and then moves into how he uses the AI tool Grammarly to improve his writing.

He says that Grammarly has gotten a lot better recently.

Previously:

Update (2025-03-03): Collin Donnell:

I’m back on Grammarly, at least until we see what improvements Apple has in a few months. I still like Proofread, but the UI is pretty lacking. There’s nothing between “add missing commas” and “rewrite this and completely change the tone.”

On the Undesign of Apple Intelligence Features

Nick Heer:

The flaws in results from Apple Intelligence’s many features are correctly scrutinized. Because of that, I think some people have overlooked the questionable user interface choices.

[…]

Apple is not breaking new ground in features, nor is it strategically. It is rarely first to do anything. What it excels at is implementation. Apple often makes some feature or product, however time-worn by others, feel so well-considered it has reached its inevitable form. That is why it is so baffling to me to use features in the Apple Intelligence suite and feel like they are half-baked.

[…]

What this looks like on my Mac, sometimes, is as a blue button beside text I have highlighted. This is not consistent — this button appears in MarsEdit but not Pages; TextEdit but not BBEdit. These tools are also available from a contextual menu, which is the correct place in MacOS for taking actions upon a selection.

In any case, Writing Tools materializes in a popover. Despite my enabling of Reduce Transparency across the system, it launches with a subtle Apple Intelligence gradient background that makes it look translucent before it fades out. This popover works a little bit like a contextual menu and a little like a panel while doing the job of neither very successfully. Any action taken from this popover will spawn another popover.

As with Translate, I don’t think popovers work well for large blocks of text that I want to interact with.

Jason Snell:

I’m sure Apple is pouring everything it can into building better, more modern models, and we’ll hear about that effort in detail in June. But what troubles me most about the Apple Intelligence rollout isn’t that Apple was caught flatfooted by the AI hype train and is struggling to catch up—it’s that Apple’s implementation of AI features also feels slapdash and rushed.

Apple doesn’t have to end up with the best large language model around in order to win the AI wars. It can be in the ballpark of the best or partner with the leaders to get what it needs. But it can’t fail at the part that is uniquely Apple: Making those features a pleasure to use, in the way we all expect from Apple. Right now, that’s where Apple is failing.

Nick Heer:

Apple has a chance to move A.I. features beyond a blinking cursor in a chat bot — like a plain language command line. Very little of what is out today is a thoughtful implementation of these features. Cleanup in Photos is pretty good. Most of the other stuff — summaries of phone calls, Notification Summaries, Writing Tools, Memory Movies in Photos, and response suggestions in Mail and Messages — are more cumbersome than they are elegant.

Previously:

Gatekeeper vs. .terminal and .fileloc Files

Vladimir Metnew (2020, tweet):

Popular macOS apps with a file-sharing functionality didn’t delegate file quarantine to OS leading to File Quarantine bypass (Windows MOTW analogue) for downloaded files.

[…]

Many popular products like Keybase, Slack, Skype, Signal, Telegram decided to fix the issue, but the vulnerability remains unfixed in file-syncing apps: Dropbox, OneDrive, Google Drive, etc.

[…]

Apple knows that it’s possible to execute files on the device with .fileloc. Apple also knows that all default apps have quarantine enabled.

Launching a quarantined file with .fileloc doesn’t have security risks, because the user will be asked to confirm file launching.

That means, .fileloc is not a vulnerability by itself unless there are files without a quarantine attribute.

[…]

OneDrive removes quarantine meta-attribute because Apple granted it com.apple.security.files.user-selected.executable entitlement. […] Apple’s head of macOS security made an exception for OneDrive 😯.

And file sync apps outside the Mac App Store don’t apply it, either.

Jeff Johnson:

Remember my sandbox escape that Apple said doesn’t have any actual security implications?

Well it has actual security implications.

Thomas Reed:

Apple has done EXACTLY what I was hoping they would do to cope with the plague of adware installing malicious configuration profiles! In Big Sur, it will no longer be possible to install these profiles via the command line, or in any way without explicit user consent! 🤩

Previously:

Sunday, February 16, 2025

Martin Pilkington, RIP

Martin Pilkington (November 2024):

As some of you know I’ve been being treated for Oesphageal Cancer, treatment which was going pretty well, especially after surgery in July.

Unfortunately over the past weeks things seem to have gone downhill. The cancer has returned and spread to my brain and spine. My doctors have said it’s terminal and I have on average 3-6 months to live.

Mastodon:

Martin passed away yesterday, peacefully in his sleep. He was a true fighter until the bitter end but he is now pain free and at peace.

I’m terrible at finding the words in these situations, so I’ll just say that he was a wonderful member the Mac/iOS developer community and will be missed.

John Gruber (Mastodon):

He was a Mac developer’s Mac developer, with an eye for details, and his own work was infused with fine craftsmanship. His “Xcode 4: The Super Mega Awesome Review” back in 2011 was a genuine work of art and service to the community (linked with brief commentary), and he rightfully skewered Apple’s Catalyst Mac port of the Developer app in 2020 (linked with significant commentary).

Steve Troughton-Smith:

Devastated to learn about the passing of @pilky last night, at home, surrounded by family, after a short, unexpected battle with cancer. He was a talented developer, designer, miniature painter and accessibility champion, and one of my closest friends for the past sixteen years. He provided the inspiration and design help I needed when bringing my apps to the Mac, and no social media post will ever convey how much he will be missed.

You might have known @pilky for his apps, like Coppice (whose development was streamed on Twitch), or his wealth of knowledge on AppKit & Xcode, or the infamous fixradarorgtfo petition that sparked intense internal debate at Apple and drove a ton of changes to Apple’s bug reporting. I knew him too, for his mini painting and #warhammer hobby, which we shared. He spurred me on to paint more and improve my skills, to build better, more-accessible apps, and so much more.

Matt Gemmell:

Damn. When I first met him he was a kid, but never really changed too much. Positive, gentle, thoughtful. Really showed his sanguinity and quiet composure — grace, I suppose — through all this, and during his previous run-in with cancer. Lauren and I send our condolences. I can say with complete confidence that Martin will be remembered with fondness by everyone in our shared cohort of Apple-platforms developers.

Previously:

Update (2025-03-03): Uli Kusterer:

He was immediately likeable, impossibly young, and full of ideas. He made Mac apps and knew a lot. It was fun to talk shop. You could help him out, he could help you out, and everyone came out a smarter, more optimistic person.

[…]

Coppice was a gorgeous mind-mapping app. You just placed stuff on a canvas, dragged connection noodles between them, and there were so many clever small touches to reduce friction in the process. It let you use all sorts of media on your canvas. And it looked like it had been built and refined by a team of 20, not a clever young man from the North West of England. But here he was, on stream, building away at it, line by line, both textual and graphical.

Update (2025-03-04): Steve Troughton-Smith:

There are still a lot of details to work out, but one of the things @pilky entrusted to me is Coppice, his hypertext mind-mapping app, with the intention of releasing the source code (AppKit & Swift). Coppice was in the middle of a major refactor, so unfortunately that's not as easy as flipping a switch — it will take time to clean it and its dependencies up into a buildable form, but I started on that in December and will work towards a public release.

Friday, February 14, 2025

Netflix Content Accidentally in TV App

Tim Hardwick:

Netflix appears to have softened its stance on Apple TV integration, with some users in the US now reporting seeing prompts to connect their Netflix accounts directly to Apple’s TV app.

[…]

The integration currently seems restricted to Netflix Original content rather than the service’s full catalog of licensed shows and movies. When users select content to watch, they are still directed to the Netflix app for playback.

That’s confusing that it doesn’t apply to the whole catalog.

Dan Moren:

Just yesterday on our Six Colors podcast, I suggested it was high time for Apple and Netflix to make a deal to get Netflix content in the Apple TV app. And it seems maybe, at long last, after years of no movement, finally such a deal is happening?

M.G. Siegler:

To me, this may be the “finally” to end all “finallys”[…]

[…]

It’s now 2025, and I’ve been writing about the problem I like to call: “Where the Fuck Can I Stream This?” for years now. And it has arguably never been worse.

[…]

Assuming Netflix is playing ball with Apple here, there are other questions. For example, will they allow Apple to recommend Netflix content for you based on your viewing habits? Maybe if Apple also agrees to share that data with Netflix? But it’s Apple, will they actually do that? Maybe if a user explicitly agrees? The pop-up users are reporting seeing only says that Netflix will share viewing content with Apple, not the other way around…

[…]

First an Apple TV Android app and now this – what’s next, an actual Apple television set?

Juli Clover:

As it turns out, Netflix content showing up in new places in the Apple TV interface was a bug, and Netflix is not introducing expanded Apple TV functionality. In a statement to The Verge, a Netflix spokesperson confirmed that temporary support for the Continue Watching feature was an error, and it has been rolled back.

Netflix is one of the only major streaming services that has refused to offer integration with the Apple TV app, preferring instead for customers to manage watch lists and browse for content directly in the Netflix app.

Previously:

Update (2025-02-16): John Gruber (Mastodon):

I see why Netflix is sticking to its guns on this one, but they’re on the wrong side. Apple TV users were overjoyed yesterday when the Netflix app briefly started integrating with the TV app for “what next”, etc. Steven Aquino described it as “jubilance”.

Joe Rosensteel:

Netflix deeply regrets accidentally making Netflix a better product for its customers.

[…]

They may very well turn it on later, like, let’s say if Apple is actually shipped a tvOS update that completely displaces the old home screen, and reduces visibility of their app at all. However such a move is just as likely to hurt the commercial appeal of the Apple TV for customers that find Netflix’s mediocrity essential. This “error” may never see the light of day again, or it could be flipped back on any minute now.

Asahi Linux Lead Resigns

Hector Martin (via Hacker News):

When Apple released the M1, I realized that making it run Linux was my dream project. The technical challenges were the same as my console homebrew projects of the past (in fact, much bigger), but this time, the platform was already open - there was no need for a jailbreak, and no drama and entitled users who want to pirate software to worry about.

[…]

Unfortunately, things became less fun after a while. First, there were the issues upstreaming code to the Linux kernel, which I’ve already spoken at length about and I won’t repeat here. Suffice it to say, being in a position to have to upstream code across practically every Linux subsystem, touching drivers of all categories as well as some common code, is an incredibly frustrating experience.

[…]

No matter how much we did, how many impossible feats we pulled off, people always wanted more. And more. Meanwhile, donations and pledges kept slowly decreasing, and have done so since the project launched. […] It seemed the more things we accomplished, the less support we had.

[…]

I consider Linus’ handling of the integration of Rust into Linux a major failure of leadership. Such a large project needs significant support from major stakeholders to survive, while his approach seems to have been to just wait and see. Meanwhile, multiple subsystem maintainers downstream of him have done their best to stonewall or hinder the project, issue unacceptable verbal abuse, and generally hurt morale, with no consequence. One major Rust for Linux maintainer already resigned a few months ago.

As you know, this is deeply personal to me, as we’ve made a bet on Rust for Linux for Asahi.

Previously:

Update (2025-02-16): Kevin Purdy:

Rust is a far more memory-safe coding language than the Linux kernel’s native C. But getting more than 1,700 maintainers, including branch bosses, to accept Rust code after decades of work in C is no small feat. Linux lead Linus Torvalds has shifted ever-so-slightly from a “wait and see” approach in 2021 to noting in the summer of 2024 that he expected Rust updates to be faster while admitting that it’s largely kernel developers’ familiarity with C standing in the way. At that time, Microsoft engineer Wedson Almeida Filho resigned from the Rust for Linux project, citing “nontechnical nonsense” as the motivation.

That conflict between the energy of Rust for Linux contributors and the strictures of kernel practices collided once more this winter in an early January kernel mailing list thread about a patch with the deceptively non-controversial name “Add dma coherent allocator abstraction.”

Kernel maintainer Christoph Hellwig opposed a patch that would have allowed drivers written in Rust to access the Direct Memory Access (DMA) API. “No rust code in kernel/dma, please,” Hellwig wrote. After some back-and-forth about suggested alternatives, Hellwig comes out with it: “Don’t force me to deal with your shiny language of the day. Maintaining multi-language projects is a pain I have no interest in dealing with.” A later post by Hellwig pushed further, and his attempt to clarify that it was “a cross-language codebase” he was comparing to “cancer,” not just Rust, did not likely soften its impact.

Update (2025-02-25): Greg Kroah-Hartman (via Hacker News, Michael Larabel):

The majority of bugs (quantity, not quality/severity) we have are due to the stupid little corner cases in C that are totally gone in Rust. Things like simple overwrites of memory (not that rust can catch all of these by far), error path cleanups, forgetting to check error values, and use-after-free mistakes. That’s why I’m wanting to see Rust get into the kernel, these types of issues just go away, allowing developers and maintainers more time to focus on the REAL bugs that happen (i.e. logic issues, race conditions, etc.)

I’m all for moving our C codebase toward making these types of problems impossible to hit, the work that Kees and Gustavo and others are doing here is wonderful and totally needed, we have 30 million lines of C code that isn’t going anywhere any year soon. That’s a worthy effort and is not going to stop and should not stop no matter what.

But for new code / drivers, writing them in rust where these types of bugs just can’t happen (or happen much much less) is a win for all of us, why wouldn’t we do this?

Kevin Purdy:

Torvalds’ response from Thursday does offer some clarification on Rust bindings in the kernel, but also on what die-hard C coders can and cannot control.

Maintainers like Hellwig who do not want to integrate Rust do not have to. But they also cannot dictate the language or manner of code that touches their area of control but does not alter it. The pull request Hellwig objected to “DID NOT TOUCH THE DMA LAYER AT ALL,” Torvalds writes (all-caps emphasis his), and was “literally just another user of it, in a completely separate subdirectory.”

“Honestly, what you have been doing is basically saying ‘as a DMA maintainer I control what the DMA code is used for.’ And that is not how *any* of this works,” Torvalds writes.

[…]

The leader goes on to state that maintainers who want to be involved in Rust can be, and can influence what Rust bindings look like. Those who “are taking the ‘I don’t want to deal with Rust’ option,” Torvalds writes, can do so—later describing it as a “wall of protection”—but also have no say on Rust code that builds on their C interfaces.

One Year With the Vision Pro

Jason Snell:

A year on, I can’t in good conscience recommend that anyone buy one. It’s a glimpse of a potential future and a developer kit for potential future Apple platforms, but that’s about it.

[…]

Vision Pro is a tremendous video player. […] If there’s a single feature that would actually sell Vision Pros, it would be the creation of some sort of killer immersive video content.

[…]

Beyond video, I’ve found Vision Pro to be an excellent tool for shifting my own personal context. When I’m feeling frustrated or distracted and need to buckle down and get to work, I have frequently put on the Vision Pro, popped in my AirPods Pro, and dialed in an immersive environment (Joshua Tree is my favorite) so I can work with zero distractions.

[…]

And, yes, Mac Virtual Display is a winner. It’s not perfect—the video quality of the Vision Pro display is a little fuzzier than a real Retina Display—but it lets me use my laptop in any context, in any space. Laptops are actually kind of bad for you ergonomically since the keyboard is physically close to the display. In Virtual Display mode, I can float the display higher up, allowing me to view it at a more comfortable angle.

[…]

The problem is that I rarely find myself needing to use the Vision Pro. It’s not that I don’t enjoy using it… in fact, every time I put it on, I find myself wanting to give myself additional reasons to keep on using it because it’s so much fun in there! But the impetus to find a safe place to sit, take off my glasses, slip on a VR headset, and jack into cyberspace doesn’t come along that often.

John Gruber:

Vision Pro is easily worth $3500 alone just for watching 2D movies and TV and sports on a virtual high-res enormous screen. If Apple can also offer 3D live sports and compelling original 3D content and games, they won’t be able to make them fast enough to keep up with demand at $3500.

$3500 is a bargain for what Vision Pro offers.

[…]

It’s just that me, personally, I’m not the target audience for a $3500 super deluxe movie watching headset.

John Gruber:

Am I predicting that the Vision platform will have as bright and essential a future ahead of it as the Macintosh did in 1984? No. But I suspect it has a bright and essential future ahead of it. The entire concept and paradigm is so new and different that, like the Macintosh 40 years prior, the product had to ship years before a version will be made at a price that appeals to the mass market, and years before there’s all that much to do using it.

But, as it stands, Vision Pro today offers an incredible experience for watching traditional movies and shows, and a breakthrough experience for watching spatial content. If Bang & Olufsen sold this product in a form that only played movies — no “spatial computing” — it would cost $10,000 and some people would consider it well worth the price. Spatial computing feels fun to me, but not very productive. That could change, and I suspect “fun but not productive” is how I would have described trying to work on a Macintosh in 1984 vs. an Apple II. And Vision Pro’s remarkable (and with VisionOS 2, much improved) Mac Virtual Display feature is a highly-productive environment for work.

I can’t give Vision Pro an A for 2024, but I foresee A’s in future years.

Mark Gurman (tweet):

Apple Inc. has canceled a project to build advanced augmented reality glasses that would pair with its devices, marking the latest setback in its effort to create a headset that appeals to typical consumers.

[…]

The now-canceled product would have looked like normal glasses but include built-in displays and require a connection to a Mac[…]

Previously:

TikTok Back in the App Store

Juli Clover:

TikTok is once again available for download from the App Store, which means it can be installed on iPhones and will be able to receive updates. Apple’s decision to start distributing TikTok again comes after a letter sent from U.S. Attorney General Pam Bondi, according to Bloomberg, but the letter has not been shared.

[…]

While TikTok has been absent from the App Store for the last month, the social network has remained functional and those who previously downloaded TikTok have been able to continue to use the app.

John Gruber:

I’d sure like to see what exactly that letter says. […] Neither Apple nor Google, wisely, have been talking publicly about this at all, but it seems clear that they’ve been acting in concert throughout the process. It is not a coincidence that they both de-listed and now re-listed TikTok simultaneously.

Also, still no idea how this is going to end, because I really don’t think the CCP is going to allow ByteDance to sell TikTok. And there are Republicans in the Senate — e.g. Tom Cotton — who stand behind the sell-or-you’re-banned law.

Previously:

Thursday, February 13, 2025

Reuters Wins AI Copyright Case

Kate Knibbs (Hacker News):

Thomson Reuters has won the first major AI copyright case in the United States. In 2020, the media and technology conglomerate filed an unprecedented AI copyright lawsuit against the legal AI startup Ross Intelligence. In the complaint, Thomson Reuters claimed the AI firm reproduced materials from its legal research firm Westlaw. Today, a judge ruled in Thomson Reuters’ favor, finding that the company’s copyright was indeed infringed by Ross Intelligence’s actions.

[…]

Notably, Judge Bibas ruled in Thomson Reuters’ favor on the question of fair use. The fair use doctrine is a key component of how AI companies are seeking to defend themselves against claims that they used copyrighted materials illegally. The idea underpinning fair use is that sometimes it’s legally permissible to use copyrighted works without permission—for example, to create parody works, or in noncommercial research or news production. When determining whether fair use applies, courts use a four-factor test, looking at the reason behind the work, the nature of the work (whether it’s poetry, nonfiction, private letters, et cetera), the amount of copyrighted work used, and how the use impacts the market value of the original. Thomson Reuters prevailed on two of the four factors, but Bibas described the fourth as the most important, and ruled that Ross “meant to compete with Westlaw by developing a market substitute.”

Previously:

Gemmell Is Back to Mac

Matt Gemmell (Mastodon):

Almost eight and a half years ago, I switched to using an iPad as my full-time computer, having come from decades of having Macs.

In recent years we did get an emergency-use shared/household M2 MacBook Air, which my wife would occasionally take out of the cupboard. Now, that laptop has become my computer.

[…]

I loved the slab of glass, and the Apple Pencils of each generation. I loved that I could rotate it, and write on it, and pinch-zoom it, and connect it to a keyboard, and just figuratively hug the thing. It was most certainly The Future, and very much on track to become everyone’s full-time computer after another few versions of the OS. Then another few versions. Then another few.

I believed in the promise of the form factor and the interaction language, and the human-focused nature of the device, so much that I made iPad-only a part of my identity. And I really was happy. But eventually, without me really noticing, things started to happen.

[…]

iPads are slower than Macs, subjectively, and almost regardless of hardware. I’m most recently comparing an M2 MacBook with an M4 iPad, but the experience is the opposite of what the hardware might naively suggest.

Eric Schwarz:

Stories of switching between Macs and iPads are nothing new, but this particular post struck a chord with me—regular readers know that I have had some sort of iPad since the very beginning and there were plenty of stints where the iPad was my primary computer. However, I sold mine last November, not because I disliked the device, but felt that it simply was unnecessary and I was naturally using it less and less.

[…]

Apple has done iPadOS a disservice for way too long—every new first-party app seems to be iPhone-only (Sports, Journal, Invites) and sometimes features come to the iPhone, but not the iPad. This creates an attitude of if Apple doesn’t care about the iPad, why should you? At least the Mac is different enough that you can put up with the inconsistencies and/or rely on some older alternatives. I like a lot of the intentions of iOS to simplify and rethink the computing experience, but way too much either feels incomplete or abandoned.

Matt Birchler:

One of the superpowers of the Mac is that it can do many things at once. Obviously, the iPad has multitasking, but not in the way the Mac does. The basic concept of iPad multitasking is that you need to be able to see an app for it to be reliably working. If you can’t see an app, there is a select list of things it can keep doing in the background, but most things die immediately, and it may be booted from memory at any point.

[…]

There are trade-offs to customization and user control, but this is a fundamental difference between the Mac and iPad that can’t be overstated. As a simple example, there have been many window management apps on the Mac forever, so people who don’t love the built in option have had an embarrassment of riches in terms of options, but if you don’t like Stage Manager on the iPad, your only hope is that Apple updates it to your liking someday.

Previously:

Update (2025-02-14): Craig Grannell (Mastodon):

In his post, Matt notes part of the problem with the iPad is that it’s never been strongly defined. When Steve Jobs introduced the iPad, it was positioned somewhere between a phone and a laptop. Since then, users have argued for it to take over the capabilities of both devices – but especially the latter. However, while the iPad has the power of Apple’s ‘proper’ computers, it lacks the flexibility and, in some cases, utility. All of which is by design.

What some people tend to forget is that Apple is very opinionated on wanting people to buy (at least one) Mac alongside any Apple mobile devices. It’s my ongoing belief that arbitrary barriers have therefore been – at best – left in place for that purpose.

For example, the iPad never got true virtual memory or sideloading, and the Mac never got touch.

Update (2025-02-16): Rui Carmo:

You see, the iPad’s attrition has also been getting to me lately–as a case in point, I haven’t used my iPad Pro for anything other than reading and annotating PDFs in months, and that was before I, too, sort of as a way to capture my thoughts and early drafts.

I have the excuse of (literally) using all the platforms, but even as I type this on my Mac thanks to effortless Reading List syncing, a lovely keyboard and my grand pair of huge displays, I can’t help but feel that the iPad has been left to languish in a sort of limbo.

Chinese App Store Antitrust Probe

Tim Hardwick:

China’s State Administration for Market Regulation (SAMR) is said to have been critically examining Apple’s practices and holding discussions with the company since last year, specifically about its 30% commission on in-app purchases and restrictions on external payment services, according to the outlet’s sources.

Chinese regulators are said to be particularly focused on whether Apple’s fees for local developers are unreasonably high. They’re also examining if the company’s prohibition of third-party app stores and payment methods stifles competition and negatively impacts Chinese consumers.

NSDocument Auto Saving and File Types

Gus Mueller:

Has anyone successfully come up with strategies for opting into NSDocument’s autosavesInPlace, but only for certain file types? I’ve looked into overriding scheduleAutosaving and friends, but nothing really works. TextEdit just throws up an alert saying “hey, lossy file format”. Is this the best I can do?

Brian Webster:

The issue is if you Save As where the original file type supports auto save but the new one doesn’t (or vice versa). The override is a class method and not an instance method, so there’s no way for the existing instance to flip its auto save boolean to reflect the new file type.

This is an interesting API problem. The core issue is that NSDocument wants you to have a single subclass for each family of file types that can be mutually converted via Save As. The configuration is done at the class level, so it assumes that each file type is just a different flavor that works in the same way.

One could argue that the Cocoa document architecture is missing several abstractions that would be needed for a proper general solution. The basic stuff both easy and quite configurable, with a small API surface, but to go beyond that you need to reimplement a lot yourself or try to hack it into the desired shape.

Dave DeLong:

Override NSDocumentController to provide unique NSDocument subclasses for each document so that each one can swap its own +autosavesInPlace method IMP without fear of messing up other documents, while also still preserving KVO behavior?

Wednesday, February 12, 2025

Migrating Apple Account Purchases Between Accounts

Apple:

If an Apple Account is only used for making purchases, those purchases can be migrated to a primary Apple Account to consolidate them.

This feature isn’t available to users in the European Union, United Kingdom, or India.

[…]

You can choose to migrate apps, music, and other content you’ve purchased from Apple on a secondary Apple Account to a primary Apple Account. The secondary Apple Account might be an account that’s used only for purchases. You’ll need access to the primary email address or phone number and password for both accounts, and neither account should be shared with anyone else.

Apple:

  • Neither Apple Account can already be used for migrated purchases. Learn how to undo a migration of purchases. If you undo a migration of purchases from a secondary account, you won’t be able to migrate purchases again for 1 year.

  • You can’t migrate purchases if both the primary Apple Account and the secondary Apple Account have music library data associated with each of them.

Via John Gruber:

This might be the “finally” to end all finallys. I really never thought I’d see this day where Apple finally made this possible. This document presents a solution to a situation I’ve been in (and with each subsequent media purchase, digging deeper into) for over 20 years.

[…]

So fast forward to today, and I’ve had two Apple Accounts on every device I use for the last 20-or-so years. One for “Media and Purchases” (my original iTunes account, using the @daringfireball.net address), and my primary Apple ID (the @mac.com address). All my purchases — all the music, books, apps, subscriptions, and thousands of dollars in movies that I’ve purchased with that iTunes account over the years — are using an Apple Account that’s not my iCloud account.

[…]

I’ll wait and let others try this before I do (if it ain’t broke don’t fix it), but if any of you try this, I’m curious how it goes — especially if you’re part of a family sharing group.

It really seems more like migrating purchases (as the title of Apple’s support document says) rather than merging accounts. iCloud data, account balances, and TestFlight betas don’t transfer.

Sean Heber:

It appears that Apple’s new account migration stuff does NOT work for TestFlight access.

That by itself is fine - whatever. The problem here is that it appears when someone does an account migration, it kind of half-migrates TestFlight somehow.

People are telling us their new email address to invite but TestFlight thinks they’re already a tester with that email address!

So you can’t just reinvite them. It seems we have to filter for the user, remove them, then add them as a new tester.

Craig Hockenberry:

If you’re hearing from testers about being kicked out of TestFlight because of the new account migration stuff, DO NOT update their email. It’s a lot of work and will not help them.

For now, you MUST give them a public link, even if it’s a private beta.

Adam Chandler:

Here’s why I can’t add my migrated AppleID to Messages or FaceTime or set it up as a custom domain in iCloud+ Mail….it’s not gone. Apple appears to let me “unmigrate” indefinitely back to having two IDs. I want Apple to release the old one so I can actually use it.

Also, it’s dumb that you have to migrate on iOS and not MacOS. The same panel in MacOS does not offer a migrate option but like usual, MacOS is a second class citizen in Apple’s eyes.

John Voorhees:

I started buying music from iTunes on a Windows PC for an iPod before I owned any other Apple products. Those purchases were linked to one email address. Later, when I got my first Mac, I got a .Mac email address, which became a MobileMe account and, finally, an iCloud account. That left me with an iCloud account for iCloud services and a different address for my music, movies, TV shows, apps, and other purchases.

I’ve gotten used to the process of signing in to different accounts for iCloud and my purchases, but every now and then, it causes some hard-to-troubleshoot conflict somewhere. That’s why I’m glad to see there’s now a process for moving everything to one account. However, having also lived through many iCloud headaches over the years, I think I’ll wait a while before attempting a migration.

See also: TidBITS-Talk and Mac Power Users Talk.

Previously:

Update (2025-02-13): Adam Engst:

Ironically, when Tonya and I were testing Apple Invites last week (see “Streamline Event Planning with New Apple Invites Service,” 4 February 2025), she experienced some confusion because her everyday Apple Account is tied to a rarely used mac.com email address rather than her primary email address. Attempting to respond to an invitation with her primary email address led her down a rabbit hole when she discovered it was linked to another unused Apple Account, likely created decades ago for testing purposes. “If only you could merge the two,” I joked, never realizing it would become possible just days later.

[…]

Be sure to read everything carefully if you’re considering migration. In particular, be aware that after migration, the secondary account can no longer be used for Media & Purchases unless you explicitly undo the migration. And once you undo a migration, that account can’t be migrated again for a year, so you don’t want to goof around. I also recommend waiting a few weeks to increase the likelihood that Apple has fixed any bugs that might affect you.

Update (2025-02-14): John Gruber:

Apple has added a new requirement before proceeding with migration:

You can’t migrate purchases if your secondary Apple Account is used with TestFlight for testing beta versions of apps from a developer. Open TestFlight and select Stop Testing for each app to remove it from your account.

Update (2025-02-25): Jeff Carlson:

The process is complicated and includes several caveats, so let’s walk through it together.

Update (2025-02-27): Zac Hall:

The only problem is that there are also secondary, tertiary, quaternary, quinary, senary, septenary, octonary, nonary, and denary requirements as well. There were so many requirements that I had to learn what comes after tertiary!

Best of all is that the tool doesn’t explain what went wrong when your two Apple Accounts don’t meet the very strict criteria. It just fails.

[…]

But alas, two weeks later, I’m no closer to migrating purchases from my Apple Account used for iTunes and the App Store than I was 14 years ago.

Landen:

I have called in multiple times and spent over 8 hours with Apple support the last couple weeks because of the exact same scenario. The culprit seems to be that both accounts have a music library associated with them. Even though there is an Apple support article that says the secondary account music library will replace the first, the second level support agent was able to confirm that if both accounts have a music library, the migration will fail and cannot be completed. I don’t even get the migrate purchases option anymore. Hopefully Apple will fix this for those of us that are early adopters of iCloud!

App Store and Japanese Consumption Tax

Apple:

As a result of last year’s change in Japan’s tax regulations, Apple (through iTunes K.K. in Japan) is now designated as a Specified Platform Operator by the Japan tax authority. All paid apps and In-App Purchases, (including game items, such as coins) sold by non-Japan-based developers on the App Store in Japan will be subject to the platform tax regime. Apple will collect and remit a 10% Japanese consumption tax (JCT) to the National Tax Agency JAPAN on such transactions at the time of purchase. Your proceeds will be adjusted accordingly.

As far as I’m aware, this does not apply to software sold outside the App Store, though that remains subject to the 20% Japanese tax on software royalties unless you file the yearly paperwork (sending the Japanese government your IRS Form 6166) to show that you are paying taxes in the US.

Previously:

Game Licensing in Vietnam

Apple:

The Vietnamese Ministry of Information and Communications (MIC) requires games to be licensed to remain available on the App Store in Vietnam. To learn more and apply for a game license, review the regulations.

James Thomson:

I suspect this means Dice by PCalc and About by PCalc will be exiting the App Store in Vietnam, because there are new rules which require me to apply for a game license to keep them on the store there.

The rules seem to be mainly targeted at people running multiplayer games, but you still need one for offline single player stuff, and I believe it’s way outside of the scope of what a small indie can do.

[…]

“Foreign enterprises wishing to publish games in Vietnam must establish enterprises in Vietnam with charter capital not exceeding 49% in accordance with the Law on Foreign Investment”.

Previously:

App Store Advanced Commerce API

Apple:

To further support developers’ evolving business models — such as exceptionally large content catalogs, creator experiences, and subscriptions with optional add-ons — we’re introducing the Advanced Commerce API.

Developers can apply to use the Advanced Commerce API to support eligible App Store business models and more flexibly manage their In-App Purchases within their app.

[…]

Learn about eligibility requirements and how to apply

Hartley Charlton:

Apple’s announcement appears to be part of a broader effort to refine its App Store policies following scrutiny, particularly in the European Union. This particular API appears to be a direct response to challenges faced by apps with unconventional monetization models, such as Patreon, an online platform that enables creators to offer paid memberships to their audiences.

Dimitri Bouniol:

Is this a response to Kindle needing an entry for every book in their catalogue, or a response to apps like Patreon where every creator needs an IAP assigned to them? (either way, it looks like it’ll do little to win over those platforms)

To me it seems like checking a box rather than addressing the fundamental issues.

Steve Troughton-Smith:

“If you already have access to the Advanced Commerce API and would like to make updates, like adding product identifiers, new business models, significant price changes, you’ll need to submit your updates to the Advanced Commerce API Access form.”

Why would any large catalog apps sign up for this? This is a trap

Damien Petrilli:

Real title: “Apple announce 30% tax on patreon style content”

David Barnard:

Apple first announced the Advanced Commerce API at WWDC in June of 2024, but offered no documentation and only a vague description of what it would do. With yesterday’s announcement they have now provided a detailed overview and full documentation.

[…]

There are thousands of creators on X that now offer subscriptions. Each creator sets their own price and X users can subscribe to as many accounts as they want to. Without the Advanced Commerce API, apps like X would need to create products for each creator subscription manually in App Store connect in it’s own subscription group.

[…]

On the web, YouTube TV allows customers to purchase add-ons that enhance functionality and add additional content. Google could now offer that same functionality on the App Store with the core package and ad-ons billed and managed as a single subscription.

He lists a bunch of limitations but overall seems bullish on this change, saying that “it shows Apple’s willingness to evolve the App Store for developers’ needs.”

Previously:

Tuesday, February 11, 2025

macOS 15.3.1

Juli Clover (release notes, no security, no enterprise, no developer, full installer, IPSW):

According to Apple’s release notes, macOS Sequoia 15.3.1 includes important security fixes, and it is recommended for all users.

Important security fixes, but no CVEs.

See also: Mr. Macintosh and Howard Oakley.

Ric Ford:

Apple continues to enable Apple Intelligence on customers’ devices without permission during critical security updates as experts (and our own experiences) confirm.

I had Apple Intelligence enabled, turned it off, then updated to macOS 15.3.1, and it was enabled again.

Jeff Johnson (Mastodon):

Some people who had previously disabled Apple Intelligence in macOS 15.3 and iOS 18.3 saw it re-enabled after updating to macOS 15.3.1 and iOS 18.3.1 today. In fact I personally have two different Apple silicon Macs running macOS Sequoia, and after I updated both Macs to 15.3.1, Apple Intelligence was re-enabled on my MacBook Pro but not on my Mac mini. The difference in behavior appears to depend on whether the Setup Assistant and welcome screen is displayed after the update. On my MacBook Pro, but not my Mac mini, I saw the Setup Assistant.

This is essentially an advertisement for Apple Intelligence, with no option to enable or disable it. After pressing the Continue button, I saw the macOS welcome screen, which required me to press Continue a second time.

I wonder why it’s not consistent between Macs.

Tim Hardwick:

In our tests using an M4 Pro Mac mini, iPhone 16 Pro, iPhone 15 Pro, and M4 iPad Pro – all with Apple Intelligence previously disabled in iOS/iPadOS 18.3 and macOS 15.3 – we found that while the iPhones and iPad maintained their disabled status after updating to iOS/iPadOS 18.3.1, the Mac mini automatically re-enabled the feature after updating.

Greg Pierce:

Another macOS Sequoia update (15.3.1) and the whole Message UI framework is still broken in Catalyst apps with no activity on my FB (FB15693837) from Nov. 5. Ugh.

Previously:

macOS 14.7.4 and macOS 13.7.4

macOS 14.7.4 (full installer, no security):

This update provides important security fixes and is recommended for all users.

macOS 13.7.4 (full installer, no security):

This update provides important security fixes and is recommended for all users.

See also: Howard Oakley.

Previously:

iOS 18.3.1 and iPadOS 18.3.1

Juli Clover (iOS/iPadOS release notes, security, no enterprise, no developer):

According to Apple’s release notes, iOS 18.3.1 includes bug fixes and security updates.

Previously:

watchOS 11.3.1

Juli Clover (release notes, no security, no developer):

The watchOS 11.3.1 update includes important security updates, and it is recommended for all Apple Watch owners.

Previously:

visionOS 2.3.1

Juli Clover (release notes, no security, no developer, no enterprise):

According to Apple’s release notes, visionOS 2.3 includes security updates, and the software is recommended for all users.

Previously:

Monday, February 10, 2025

How Safari Search Engine Extensions Work

Jeff Johnson (Hacker News):

Note below how Safari says “Search Google” and “Google Search”, even though I’m supposed to be using Kagi.

[…]

Safari connects to Kagi only after connecting to Google.

[…]

An unfortunate consequence is that Safari always sends your search to your default search engine, Google for example, before it sends your search to your custom search engine! Is that what you wanted? If you’re trying to protect your privacy, well… you’re failing. Another unfortunate consequence is that you can’t use your default search engine in Safari—if you want to check Google occasionally and compare to Kagi—because the Safari extension will always redirect your searches.

Unique among major browsers, Safari doesn’t let users select a custom search engine. The built-in choices include subpar offerings like Yahoo and the failed Ecosia but not newer, better entrants such as Kagi and Brave. Safari extensions are a hacky substitute that offers a bad user experience.

Even though Chrome is made by Google, it lets you pick another search engine. Even though Edge is made by Microsoft, it doesn’t lock you into Bing, and you can add any search URL template that you want. Apple is not encumbered with its own search engine to push, yet it seems to be constrained by its desire for revenue sharing, so Safari users get stuck with fewer choices that are arguably lower quality and less private.

Previously:

Update (2025-02-11): Nick Heer:

One other possibility is that Apple’s nominal desire for simplicity in preferences led to the company ignoring requests for an arguably niche feature like a custom search engine. Yet Safari preferences are complex and messy in other ways, and the company has — thankfully — retained legacy features like user stylesheets. Even if revenue sharing discouraged Apple from developing this feature, how many people are actually going to set a custom search engine, and would they have a meaningful impact on its beloved Google revenue stream? My guesses: very few, and I doubt it. Yet here we are, over twenty years after Safari’s launch, and we can generously choose between five search engines, of which three — Bing, DuckDuckGo, and Yahoo — are dependent on the same index.

Even if you grant that custom search engines would be too complex, Kagi and Brave should probably be built-in options, anyway.

TikTok Android Sideloading

TikTok:

We’re enhancing ways for our community to continue using TikTok by making Android Package Kits available at TikTok.com/download so that our U.S. Android users can download our app and create, discover, and connect on TikTok.

Via John Gruber:

I suspect something is going to give on this standoff. Either (a) China relents and actually sells to a U.S. company, and TikTok comes back to the App Store and Play Store; or (b) Trump’s extralegal extension expires with no sale and Oracle and Akamai are forced to pull the plug on ByteDance’s cloud services in the US.

[…]

If I’m wrong and TikTok remains in this half-zombie state in the US — unavailable in the App Store or Play Store, but operational if you have the app installed on your phone — it’ll be interesting if TikTok is the app that makes the mass market actually care about the lack of sideloading on iOS. It’ll be interesting too if sideloading on Android goes mainstream because of this.

Does app vs. Web make that much difference if you’re just consuming the videos?

Previously:

DeepSeek’s True Training Cost

Anton Shilov:

SemiAnalysis reports that the company behind DeepSeek incurred $1.6 billion in hardware costs and has a fleet of 50,000 Nvidia Hopper GPUs, a finding that undermines the idea that DeepSeek reinvented AI training and inference with dramatically lower investments than the leaders of the AI industry.

DeepSeek operates an extensive computing infrastructure with approximately 50,000 Hopper GPUs, the report claims. This includes 10,000 H800s and 10,000 H100s, with additional purchases of H20 units, according to SemiAnalysis. These resources are distributed across multiple locations and serve purposes such as AI training, research, and financial modeling. The company’s total capital investment in servers is around $1.6 billion, with an estimated $944 million spent on operating costs, according to SemiAnalysis.

Yazhou Sun and Tom Mackenzie:

The notion that China’s DeepSeek spent under $6 million to develop its artificial intelligence system is “exaggerated and a little bit misleading,” according Google DeepMind boss Demis Hassabis.

[…]

DeepSeek “seems to have only reported the cost of the final training round, which is a fraction of the total cost.”

Previously:

Google Maps at 20

James Killick (via Adam Chandler):

In 2018 Bill [Kilday] wrote a book about their travails. It is the definitive, insider story of Google Maps. The book is called “Never Lost Again” and I can’t recommend it enough. Among other places it’s available on Amazon and Apple Books.

[…]

I recently had the privilege of chatting with Bill and I told him about my plans for this post. We both agreed that the timing should coincide with the 20th anniversary of Google Maps.

So, with that in mind, here we go!

It remains one of my favorite Web sites. If I could only keep three Google products, they would probably be YouTube, Maps, and Translate.

Silas Valentino:

After presenting a dynamic map — now compatible with the web — Where 2 Technologies was acquired by Google for an undisclosed sum in October 2004. At the same time, Google also scooped up the satellite imagery service Keyhole, a critical component for developing Google Maps, since it opened access to scores of satellite images. In the ensuing months, Where 2 Technologies and Keyhole fused their products together, building a digital map made of satellite tiles.

[…]

Maps debuted on Feb. 8, 2005, and Lars remembers it immediately disrupted the entire Google system.

“It actually almost destroyed Google’s data centers,” he said in the podcast. “Rather, it clogged the pipes with all of those tiles of mapping images flying back and forth, almost used all of Google’s bandwidth. It was amazing. It was a huge hit from day one.”

Stephen Hutcheon:

Now, on the eve of Google Maps’ 20th anniversary, the 54-year-old Australian software engineer [Stephen Ma] has had a change of heart. He wants to write himself back into the foundation story – as well as acknowledge others whose contributions have been overlooked or undersold.

Previously:

Friday, February 7, 2025

UK Orders Apple to Break iCloud Advanced Data Protection

Dominic Preston (Hacker News, MacRumors):

Apple has reportedly been ordered by the UK government to create a backdoor that would give security officials access to users’ encrypted iCloud backups. If implemented, British security services would have access to the backups of any user worldwide, not just Brits, and Apple would not be permitted to alert users that their encryption was compromised.

The Washington Post reports that the secret order, issued last month, is based on rights given under the UK’s Investigatory Powers Act of 2016, also known as the Snoopers’ Charter. Officials have apparently demanded blanket access to end-to-end encrypted files uploaded by any user worldwide, rather than access to a specific account.

[…]

The UK has reportedly served Apple a document called a technical capability notice. It’s a criminal offense to even reveal that the government has made a demand. Similarly, if Apple did accede to the UK’s demands then it apparently would not be allowed to warn users that its encrypted service is no longer fully secure.

Dan Moren:

While law enforcement has long been able to access encrypted data for which Apple holds the keys, this move would reportedly apply to end-to-end data in which the user holds the keys, such as Apple’s Advanced Data Protection. This law would target end-to-end encrypted data from Google and Meta as well.

This is red alert, five-alarm-fire kind of stuff. Providing a backdoor would be worrying enough for reasons that should be obvious to anybody who knows the barest inkling about technology—to wit, that there exists no mechanism to keep such a tool out of the hands of malicious actors—but the fact that it would apply beyond the UK borders to other countries is a staggering breach of sovereignty. And, moreover, as Menn points out, such a move would no doubt embolden other powers to ask for access to the same capabilities—such as China.

[…]

Ironically, the biggest impediment might come in the form of the European Union, as Apple apparently argued that the implementation would undermine the European right to privacy.

Nick Heer:

In any case, the reported demands by the U.K. government are an extraordinary abuse of their own. It has global implications for both U.K. access and, I would venture, access by its allies. As a reminder, U.S. and U.K. spy agencies routinely shared collected data while avoiding domestic legal protections. This order explicitly revives the bad old days of constant access.

Tim Hardwick:

According to sources that spoke to the publication, Apple is likely to stop offering encrypted storage in the UK as a result of the demand. Specifically, Apple could withdraw Advanced Data Protection, an opt-in feature that provides end-to-end encryption (E2EE) for iCloud backups, such as Photos, Notes, Voice Memos, Messages backups, and device backups.

In this scenario, UK users would still have access to basic iCloud services, but their data would lack the additional layer of security that prevents even Apple from accessing it.

Previously:

Update (2025-02-10): Mike Masnick:

While officials repeatedly insisted they weren’t trying to break encryption entirely, those of us following closely saw this coming. Apple even warned it might have to exit the UK market if pushed too far.

[…]

The UK government is demanding that Apple fundamentally compromise the security architecture of its products for every user worldwide. This isn’t just about giving British authorities access to British users’ data — it’s about creating a master key that would unlock everyone’s encrypted data, everywhere.

This is literally breaking the fundamental tool that protects our privacy and security. Backdoored encryption is not encryption at all.

[…]

This global reach is particularly concerning given the UK’s membership in the Five Eyes intelligence alliance. Any backdoor created for British authorities would inevitably become a tool for intelligence and law enforcement agencies across the US, Australia, Canada, and New Zealand — effectively creating a global surveillance capability without any democratic debate or oversight in those countries.

Bruce Schneier:

Apple is likely to turn the feature off for UK users rather than break it for everyone worldwide. Of course, UK users will be able to spoof their location. But this might not be enough. According to the law, Apple would not be able to offer the feature to anyone who is in the UK at any point: for example, a visitor from the US.

And what happens next? Australia has a law enabling it to ask for the same thing. Will it? Will even more countries follow?

This is madness.

Mark Nottingham (via Hacker News):

The UK is presumably interested in Apple providing this functionality because iCloud’s design conveniently makes a massive amount of data convenient to access in one location: Apple’s servers. If that data is instead spread across servers operated by many different parties, it becomes less available.

In effect, this is the decentralize iCloud option. Apple would open up its implementation of iCloud so that third-party and self-hosted providers could be used for the same functions. They would need to create interfaces to allow switching, publish some specifications and maybe some test suites, and make sure that there weren’t any intellectual property impediments to implementation.

[…]

This isn’t a perfect option. Orders could still force weakened encryption, but now they’d have to target many different parties (depending on the details of implementation and deployment), and they’d have to get access to the stored data. If you choose a provider in another jurisdiction, that makes doing so more difficult, depending on what legal arrangements are in place between those jurisdictions; if you self-host, they’ll need to get physical access to your disks.

SpamSieve 3.1.1

SpamSieve 3.1.1 improves the filtering accuracy of my Mac e-mail spam filter, amongst other enhancements and fixes.

The update was held up because the Developer ID Notary Service was down for most of the business day yesterday.

Some interesting issues were:

Previously:

DeepSeek Privacy Issues

Dan Goodin:

On Thursday, mobile security company NowSecure reported that the app sends sensitive data over unencrypted channels, making the data readable to anyone who can monitor the traffic. More sophisticated attackers could also tamper with the data while it’s in transit. Apple strongly encourages iPhone and iPad developers to enforce encryption of data sent over the wire using ATS (App Transport Security). For unknown reasons, that protection is globally disabled in the app, NowSecure said.

[…]

What’s more, the data is sent to servers that are controlled by ByteDance, the Chinese company that owns TikTok. While some of that data is properly encrypted using transport layer security, once it’s decrypted on the ByteDance-controlled servers, it can be cross-referenced with user data collected elsewhere to identify specific users and potentially track queries and other usage.

Ben Lovejoy:

The latest findings are far worse than the previous security failure which exposed chat history and other sensitive information in a database requiring no authentication …

Brian Krebs:

Beyond security concerns tied to the DeepSeek iOS app, there are indications the Chinese AI company may be playing fast and loose with the data that it collects from and about users. On January 29, researchers at Wiz said they discovered a publicly accessible database linked to DeepSeek that exposed “a significant volume of chat history, backend data and sensitive information, including log streams, API secrets, and operational details.”

“More critically, the exposure allowed for full database control and potential privilege escalation within the DeepSeek environment, without any authentication or defense mechanism to the outside world,” Wiz wrote.

William Gallagher:

NowSecure says it is continuing to research DeepSeek. It notes that the Android version is even less secure than the iOS one.

Previously:

Screenshot-Reading Malware

Wes Davis:

Apps distributed through both Apple and Google’s app stores are hiding malicious screenshot-reading code that’s being used to steal cryptocurrency, the cybersecurity software firm Kaspersky reported today. It’s the “first known case” of apps infected with malware that uses OCR tech to extract text from images making it into Apple’s App Store, according to a blog post detailing the company’s findings.

Kaspersky says it discovered the code from this particular malware campaign, which it calls “SparkCat,” in late 2024 and that the frameworks for it appear to have been created in March of the same year.

Via Guy English:

This is the kind of thing that makes tech so annoying these days. What’s a platform to do? At the scale of adoption of these devices (both Apple and Android) there are countless people who’d not think twice about agreeing to photo access without thinking for a moment of the screenshot with their credentials they saved off a long time ago. The only solution I can think of is only using system UI to pick what apps see. Which we have now. But that’s kind of annoying too.

Bruce Schneier:

That’s a tactic I have not heard of before.

Juli Clover:

Kaspersky located several App Store apps with OCR spyware, including ComeCome, WeTink, and AnyGPT, but it is not clear if the infection was a “deliberate action by the developers” or the “result of a supply chain attack.”

[…]

Apple checks over every app in the App Store , and a malicious app marks a failure of Apple’s app review process. In this case, there does not appear to be an obvious indication of a trojan in the app, and the permissions that it requests appear to be needed for core functionality.

Juli Clover:

Apple pulled the apps from the App Store.

Thursday, February 6, 2025

Mac App Store Broken on macOS 10.14 and Earlier

Alexander Blach:

I’m getting a report from a user that the Mac App Store doesn’t work on macOS Sierra 10.12.6 anymore - they get “An unexpected error occurred while signing in.”

I also see these threads in the the Apple Support Community:

Apple made changes to Mac App Store receipts on January 24, 2025.

Looks like with this change they have also rendered the Mac App Store unusable on older systems, so that customers on these systems can no longer download their purchased apps.

I’m not sure whether there’s actually a connection between the receipts change and the store itself not working, but I can confirm that the store is broken on macOS 10.14 but works on macOS 10.15. On earlier versions, when I try to sign in it doesn’t report an error but never actually signs me in. Thus, you can browse the store but can’t make new purchases, re-download old ones, or install updates.

Previously:

Update (2025-02-07): This story got picked up by MacRumors and AppleInsider, and as of this morning, the Mac App Store is once again working for me on macOS 10.14. Michel Fortin says it now works on 10.13.

Update (2025-03-03): Ric Ford:

Apple’s Mac App Store problems continue for people using older versions of macOS after previous reports, as a longtime MacInTouch reader describes in emails to us after trying potential workarounds, such as logging out and in to iCloud, rebooting, etc. (The older macOS version is required for compatibility with critical application software.)

Wednesday, February 5, 2025

Tapestry 1.0

The Iconfactory (Mastodon):

Tapestry combines posts from your favorite social media services like Bluesky, Mastodon, Tumblr and others with RSS feeds, podcasts, YouTube channels and more. All of your content presented in chronological order, with no algorithm deciding what you should or shouldn't see.

[…]

Third-party connectors can be added to Tapestry to allow it to work with even more sources. If it has a publicly-accessible feed on the internet, a connector can be built for it.

Ryan Christoffel:

Tapestry is a free download on the App Store, with subscription options available to remove ads, unlock custom timelines, content muting, and theme customization. Subscriptions run $1.99/month, $19.99/year, or you can make a one-time purchase of $79.99.

The Iconfactory:

Connectors are created with standard web technologies: JavaScript and JSON. All of Tapestry’s connectors are open source and easy to adapt for your needs.

You’ll use Tapestry Loom on a Mac to test and debug your connector[…]

Craig Hockenberry:

Centralized systems have shown their weakness and siloed content has as much a chance of surviving as “You’ve got mail!”.

Tapestry was built with this change in mind. Your content comes from a lot of different places, and how that data is retrieved from a feed is entirely customizable. Our goal was to put RSS, social media, podcasts, and more into a flexible and easy-to-read timeline. Tapestry syncs this variety of feeds across devices in a way that is seamless, secure, and easy to understand.

Nick Heer:

I am not sure I want all of these things inside a single app’s timeline. I typically want to treat reading web feeds as a discrete task, for example, and I would use a dedicated podcast client instead. But I like the idea of a merged social media feed. Some people have accounts on Bluesky, Mastodon, and Micro.blog, while others are on only one of those services. I would often like to see all of them at the same time.

[…]

What I would really like — and I do not mean to sound ungrateful or demanding — is a MacOS client.

Previously:

Update (2025-02-11): Federico Viticci:

My problem with timeline apps is that I struggle to understand their pitch as alternatives to browsing Mastodon and Bluesky (supported by both Tapestry and Reeder) when they don’t support key functionalities of those services such as posting, replying, reposting, or marking items as favorites.

[…]

But: the beauty of the open web and the approach embraced by Tapestry and Reeder is that there are plenty of potential use cases to satisfy everyone. Crucially, this includes people who are not like me. There is no one-size-fits-all approach here because the web isn’t built like that.

So, while I still haven’t decided which of these two apps I’m going to use yet, I’ve found my own way to take advantage of timeline apps: I like to use them as specialized feeds for timelines that I don’t want to (or can’t) have in my RSS reader or add as lists to Mastodon/Bluesky.

Reeder Rebuilt

Silvio Rizzi (September 2024):

The new Reeder is out!

A note to Reeder Classic users: For this release, I’ve tried to cover any questions you might have about the new Reeder and Reeder Classic in the FAQ.

There’s no pressure to upgrade. As mentioned before, both apps will coexist.

Devon Dundee:

The best word to describe the new Reeder is “ambitious.” Its purpose is not just to be your RSS reader, but your inbox for keeping up with feeds of many different kinds from various sources across the Internet – text from websites, sure, but also videos on YouTube, audio from podcasts, posts on social media, and more. It’s a one-stop shop for the feeds you follow online, collecting them together into a single timeline that you can seamlessly browse across all of your devices.

This concept—like Tapestry—doesn’t really appeal to me. But I’m probably not a typical user. I like that they’re experimenting in this space and that Reeder Classic is sticking around.

Matt Birchler:

What concerned me is that a new app that didn’t click for me had taken over the name of the app I loved. It felt like the app I loved was being put into a legacy status with the “classic” moniker. “Reeder Classic remains a product in our lineup,” if you will. Like I said, there aren’t a bunch of features I hope are added to Reeder Classic, so I’m fine if it goes on the back-burner, I just hope it continues to get support for the latest operating systems so I can keep using it how I do now for many years to come.

Dave Rahardja:

Maybe I’m not getting it, but it no longer has the concept of read/unread blog posts; everything just…hangs out there forever. It also makes it very difficult to read the content in a web browser; you used to be able to press B to open an article in Safari, but now it’s a click on the share arrow, then Open, with no keyboard shortcuts.

Rui Carmo:

And the new Reeder just doesn’t do what I need it to. In fact, it doesn’t even do what it tries to do in a way that I find useful:

  • Polling 200+ feeds? Local polling and iCloud syncing won’t cut it, and the lack of support for feed aggregators tells me this isn’t an app to keep track of a lot of diverse interests.
  • Catching up on Mastodon? I have custom RSS feeds that track lists from a server, since having my home timeline or tags is just useless and too much noise in my experience.
  • Reddit? Erm. Why? I do visit, but (guess what) I already have summary feeds from the couple of subreddits I care about.
  • Videos and podcasts? I can get a much better experience in specialized apps like Yattee and Overcast, and I never consume that kind of content together with the rest–the contexts and use cases just don’t overlap for me.

See also: Mac Power Users and Reddit.

Previously:

Apple “Approved” Hot Tub Porn App

Jess Weatherbed (MacRumors, 9to5Mac):

The first “Apple approved” porn app for iPhone is rolling out in Europe, via AltStore PAL’s alternative iOS app marketplace. AltStore PAL developer Riley Testut says that Hot Tub, which describes itself as an ad-free “adult content browser,” has made it through Apple’s notarization review for fraud, security threats, and functionality, and will be available for AltStore PAL users in the EU to download starting today.

Apple bans “overtly sexual or pornographic material” on its own iOS store. Steve Jobs once replied to a customer email questioning App Store policing, saying that Apple has “a moral responsibility to keep porn off the iPhone,” and said that people looking for such apps should “buy an Android phone.” Thanks to the EU’s Digital Markets Act, iPhone users within the bloc now have greater freedom to install other apps.

Jason Snell:

AltStore and Testut knew exactly what they were doing when they implied an Apple endorsement of this product, presumably based on Apple’s notarization approval of an iOS app. Legally, Apple must notarize apps so long as they are “free of known malware, viruses or other security threats, function as promised and don’t expose users to egregious fraud.” So you can see that Apple’s hands are tied here. Which is why Apple is deeply unhappy with AltStore’s announcement, releasing this PR statement:

We are deeply concerned about the safety risks that hardcore porn apps of this type create for EU users, especially kids. This app and others like it will undermine consumer trust and confidence in our ecosystem that we have worked for more than a decade to make the best in the world. Contrary to the false statements made by the marketplace developer, we certainly do not approve of this app and would never offer it in our App Store. The truth is that we are required by the European Commission to allow it to be distributed by marketplace operators like AltStore and Epic who may not share our concerns for user safety.

But here’s the thing about notarization: Apple has used it in the past, in the EU, for reasons not covered by the above exceptions.

[…]

Apple representatives claim that AltStore is lying by asserting that Hot Tub was approved by the company. (Though it’s not great that Apple’s own emails use the phrase, “The following app has been approved for distribution.”) Instead, they claim that Apple’s hands are tied by the European Commission. And yet… the company has used its lever before to protect users from (checking my notes here) emulators of very old Mac models. Seems dangerous.

Paul Haddad:

If Apple doesn’t want notarization to imply approval they maybe should stop using it that way.

Steve Troughton-Smith:

You decided notarization would be an approval process, and you inserted yourself in it, which means yes you approved this app.

Much like you didn't approve a bunch of other apps, like emulators.

Phil Dennis-Jordan:

Apple decided any non-App-Store-app would require their approval, therefore if this app ships, Apple has approved it.

If iOS notarisation was anything like macOS app notarisation (automated, takes literally 1 minute) then sure, I’d say calling it “Apple-approved” would be misleading. But by all accounts, iOS notarisation is not that. It’s app store review without the app store.

AltStore:

Unfortunately, Apple has rejected several apps from our store in the past for dubious reasons, so the phrase “Apple-approved” in our marketing is a reference to the fact that Hot Tub was approved, not rejected, by Apple for notarization.

John Gruber:

What they mean is that Hot Tub was duly notarized by Apple — an ostensibly technical, not editorial, review that encompasses (using terms from Apple’s own documentation) accuracy, functionality, safety, security, and privacy. I say “ostensibly” there because Apple has, controversially, refused to notarize apps for other reasons[…]

[…]

If we want to get nitty-gritty over verbs, I’d argue that Apple accepts apps — like Hot Tub — for notarization, not approves. Begrudging acceptance is more of a thing than begrudging approval.

Apple is the one who literally chose to use the word “approved” after an app passes notarization.

Riccardo Mori:

Notice the weasely wording of the statement, making it sound as if the EU is to blame. “We didn’t want to distribute this, but the EU made us do it!”

It’s very weaselly. There’s no allegation that there’s actually anything unsafe about the app. It’s gone through Apple’s vaunted review process and runs within a sandbox. Apple is just spreading FUD and throwing its partner under the bus, implying that they have bad motives. It’s also trying to imply that Epic is distributing porn, which is not the case.

Tim Sweeney:

To correct Apple’s false statement screenshotted here, Epic Games Store for PC and mobile - unlike Apple’s App Store - don’t host any porn apps, have never hosted porn apps.

Steve Troughton-Smith:

Adult apps aren’t kept off of iPhone. The top 50 list on the App Store includes several apps filled with hardcore porn, including social media apps and Reddit. This is entirely performative.

Tim Sweeney:

Apple is being extremely disingenuous in attacking the European Union here. The iOS App Store hosts the Reddit app, which provides access to massive amounts of porn. Apple knows this, permits it, and gave Reddit a 17+ (!!!) rating and Editors Choice award.

Peter Steinberger:

Let’s hope nobody tells Apple about Reddit and X!

Not to mention that there’s more porn in Safari than in any third-party app.

John Gruber (Mastodon):

You’ve been able to watch porno on your iPhone since the first day it shipped — a full year ahead of the App Store — by using the web. Apple’s line has always been clear: native apps = Apple-approved; the web = anything goes.

[…]

Jobs responded:

Fiore’s app will be in the store shortly. That was a mistake. However, we do believe we have a moral responsibility to keep porn off the iPhone. Folks who want porn can buy an Android phone.

I agree that Apple shouldn’t be policing what a Web browser can do, but that makes Jobs’ statement nonsensical. There’s every reason to assume that iPhone was and is one of the leading ways that people get this content. If Apple has a moral responsibility, it’s completely failing. It’s not even blocking porn in native apps in the App Store.

John Gruber:

Sweeney has a real point here, and it really is a bit of a conundrum.

[…]

But how is it possible that these super popular platforms have apps in the no-porn App Store while hosting tons of porn? It’s an issue with Reddit, with Tumblr, and apparently especially so with X (fka Twitter).

[…]

I think Sweeney’s synopsis captures Apple’s de facto policy accurately, with the exception that they don’t welcome apps that host porn (so long as the app has controls to hide it, and if the adult content is effectively a side hustle in the overall context of the app), but tolerate it.

Some banks are too big to fail. Some platforms are too big to ban. Apple won’t say that, but that’s clearly the tacit policy.

That’s how a lot of the App Store works. There’s what they say, and then there’s what they actually do.

Putting aside whether this should even be Apple’s role, I think it’s fair to say that they care more about appearing to be on the right side of the issue than about actually addressing it. If they approved an app like Hot Tub with an appropriate age range and warning label, everyone would be clear on what’s happening. Parents could easily block their kids from installing it. What they are actually doing is promoting—giving Editors Choice awards—to apps that hide the content within an innocuous looking shell.

Previously:

Update (2025-02-11): See also: Hacker News.

Update (2025-02-25): Riley Testut:

Looks like Apple changed the wording of Notarization emails to no longer say “approved,” wonder what caused that!

Via John Gruber:

  • February 11: “The following app has been approved for distribution”
  • February 19: “The following app is ready for distribution”

Spotify Profitable

Ben Lovejoy:

Spotify achieved its first full year of profitability since launching in 2008. The company has previously had occasional profitable quarters, but consistently lost money each year.

[…]

One profitability factor may have been Apple’s decision to allow Spotify to display pricing within the iOS app within Europe, and to direct users to the Spotify website to sign up – avoiding Apple’s 30% cut.

[…]

It was never clear why Apple blocked this given that it appeared to be permissible under the company’s music entitlement.

Todd Spangler:

There was only about a two-year window (from June 2014 to May 2016) during which Spotify Premium subs could opt to sign up and pay through the Apple App Store. Now [July 2023], Spotify is no longer letting those customers continue paying through Apple’s in-app purchases.

Jem Aswad (via Hacker News):

Spotify paid out $10 billion to the music industry in 2024 — some $1 billion more than last year, the previous record — making its total around $60 billion since it was founded in 2006. The company made the announcement in a blog post Tuesday morning.

[…]

In 2023, the company said it pays out nearly 70% of every dollar it generates from music back to the industry, generating its music revenue from two sources: subscription fees from its Premium platform paying subscribers, and fees from advertisings on music on its Free tier.

Previously:

Tuesday, February 4, 2025

Apple Invites

Apple (MacRumors, Hacker News):

Apple today introduced Apple Invites, a new app for iPhone that helps users create custom invitations to gather friends and family for any occasion. With Apple Invites, users can create and easily share invitations, RSVP, contribute to Shared Albums, and engage with Apple Music playlists. Starting today, users can download Apple Invites from the App Store, or access it on the web through icloud.com/invites. iCloud+ subscribers can create invitations, and anyone can RSVP, regardless of whether they have an Apple Account or Apple device.

[…]

With Apple Intelligence, creating unique event invitations is easy. Users can tap in to the built-in Image Playground experience to produce original images using concepts, descriptions, and people from their photo library.

We’ve been using Paperless Post, which works pretty well, and from that perspective Apple’s solution looks nice but seems rather odd. It doesn’t really handle the most important step of actually inviting people. I expect to be able to enter a bunch of names and addresses, and have my wife do the same, and then when we both think the list is done we press a button and it e-mails everyone.

Apple Invites doesn’t seem to allow for multiple hosts. Is one of us supposed to log into the other’s iCloud account using a private Safari window? More importantly, it doesn’t send a bulk e-mail. Rather, each time you add someone it opens a share sheet so that you can e-mail the person individually. It doesn’t make a pretty e-mail; it just puts a bare link into the body field and you have to fill in everything else—even the subject—separately for each invitee.

There is an option to Send a Note, but this only e-mails the people who have RSVP’d. There is no way to see who has received the e-mail or to remind the ones who haven’t responded. There’s also no way to update the names after the invitation has been sent (e.g. to keep track of who from each party is attending), nor a way to export (or import) the address list data. The invitees can’t see the names of who was invited. And it’s cumbersome to RSVP because you have to type your e-mail address, wait for a confirmation code to be sent, and then type it in (no magic link to click). Or, if there’s an Apple account associated with the e-mail address, you have to log in.

I see the “job to be done” as “help me create and send a nice e-mail and manage the list of people throughout the process.” It feels like Apple thought it was “demo Image Playground and promote Apple’s various services.” It’s also frustrating that Apple is launching another new app that doesn’t have a Mac or iPad version.

John Voorhees:

The app can generate full-screen graphics for invitations to any sort of event. The invitations allow you to mix a combination of photos and AI-generated images that are combined with details about the event and the Memojis of the people you invite. There are multiple font choices, the option to add a playlist from Apple Music, and sections for draft invitations, upcoming events, events you’re hosting, those you’re attending, plus past and upcoming events. Invitees can send notes back to the sender too.

Ben Schoon:

An iPhone user can send you an invitation either via email or through a direct link. On opening the the invite, you’ll be asked to enter an email address and verify that email. You can then enter your RSVP status and see details about the event including (as the event date nears) the weather. There’s also a map location and you can see a list of other attendees.

[…]

Since there’s no Apple Invites app on Android, you’ll instead have the option to download the calendar event file and add it to the calendar app of your choice. This works well enough, but we noticed that the iCloud invites link in the event is entirely generic, where if you save an event to Apple’s Calendar app on iOS, you get a direct link to this specific event. This doesn’t change if you’re signed into an iCloud account.

Another drawback is that you can’t use or even view photos without an iCloud account. Photo sharing is perhaps the biggest draw of Apple Invites over alternatives, so this is a bit of a frustrating hurdle for those who aren’t using an iPhone.

Quinn Nelson:

Apple Invites looks basic but good. The ability to automatically create a shared iCloud Photo Library amongst participants, however, is absolutely MONEY. Great idea.

Steve Troughton-Smith:

I look forward to seeing all the great new APIs available to developers to allow them fairly compete with Apple’s new subscriber-only Invites app, like its seamless shared photo albums feature, just like they’re required to by law here!

Ryan Christoffel:

Invites follows this trend by integrating with features and data from a whopping six other pre-installed Apple apps.

BasicAppleGuy:

Who else here remembers the OG Apple Invites app: Cards...

Previously:

Update (2025-02-10): Rui Carmo:

Instead of improving Shortcuts, making the iPad more useful or de-enshittifying Photos, they devoted (probably heartfelt and well-meaning) engineering resources to this, and, well… Read the room, guys.

Fine, it’s pretty and clever, but after decades in the tech world, one might ponder if customizing invitations really needed another Apple tool. Or any tool at all.

Update (2025-02-14): Adam Engst:

Whenever Apple releases a new app like Clips, Journal, or Freeform that’s unlikely to appeal to most Apple users, I wonder what internal discussions led to its development, especially when it’s entering a crowded space. With the new Apple Invites, the answer is slightly more apparent: to encourage iCloud+ subscriptions to boost Services revenue.

Something only Apple could do…

I’m quite impressed with Apple Invites. I expected it to be a somewhat cheesy app that lacked key features or was difficult to use effectively outside the Apple ecosystem. Instead, Apple appears to have done a solid job of considering what’s necessary for both hosts and guests.

Instapaper 9.1 and Send to Kindle Extension

Instapaper:

On Instapaper iOS and macOS, you can now sign in to websites directly within the app. When you’re logged into sites, Instapaper can more reliably retrieve and display complete articles.

Increasingly, we’re seeing more “hard paywalls” across the Internet, where publishers are preventing third parties from accessing content. Sometimes, this results in Instapaper only receiving part of an article and, other times, Instapaper is completely blocked from accessing any information including basic metadata (i.e. title, author, image thumbnail, etc.).

I don’t really like the idea of logging into sites from within the app, but incomplete imports are a real problem and hopefully this will help. What I’ve been doing lately—for sites that don’t save to Instapaper properly or where I want to read the comments that Instapaper would normally strip out—is use the Send to Kindle browser extension. The downside is that it’s only available for Chrome, but it works really well.

Previously:

Swift Concurrency Glossary

Matt Massicotte:

It would be nice if there was a single place to go to look up all the terms, keywords, and annotations related to Swift concurrency. So here it is.

Each term is linked to the Swift evolution proposal that introduced it, which is usually the most extensive documentation available.

Previously:

Monday, February 3, 2025

AppleCare+ Only As a Subscription

Joe Rossignol:

Starting next week, Apple’s retail stores will no longer offer AppleCare+ plans as a one-time purchase, according to Bloomberg’s Mark Gurman.

Instead, he said the stores will only offer AppleCare+ as a subscription.

It was already available as a subscription, so the main effect of this change seems to be to remove the discount for purchasing multiple years up front.

Previously:

Update (2025-02-10): Adam Chandler:

I thought AppleCare was only changing for retail customers but it appears Apple Store online only offers monthly or annual now when just last week you could pay for 3 years

Wow. So if you click “monthly or annually” it now pops up a box after you click “checkout” given you a 3rd choice of 3 years.

2024 Six Colors Apple Report Card

Jason Snell (complete commentary):

It’s time for our annual look back on Apple’s performance during the past year, as seen through the eyes of writers, editors, developers, podcasters, and other people who spend an awful lot of time thinking about Apple. The whole idea here is to get a broad sense of sentiment—the “vibe in the room”—regarding the past year. (And by looking at previous survey results, we can even see how that sentiment has drifted over the course of an entire decade.)

Here are my responses:

Mac: 3 The M4 Macs have some virtualization, display, and USB issues, but overall the updates seem seem strong. I’m particularly excited about the MacBook Pro’s nanotexture display. The Mac input devices are finally USB-C, but they got the most minimal of updates, not fixing the Magic Mouse’s charging point or modernizing the globe key’s location on the extended keyboard. Unfortunately, the Mac Studio and Mac Pro are still using M2 processors. SSD pricing is still ridiculous, and the software side is still a mess, both in terms of reliability and design. I have not found the Apple Intelligence features very useful. Probably the most exciting things for me in Sequoia are the new Passwords app and the new window management features, though in both cases I prefer third-party solutions.

iPhone: 4 This is one of those years where the new iPhones seem fine, but I feel no urgency to upgrade from the previous model. The most interesting things to me are Photographic Styles and Camera Control. I’m hoping that the former will eventually let me reduce over processing. The latter sounded promising but is now seeming more like the new Touch Bar: over-engineered and less useful than the basic Action button. iOS 18 adds a bunch of useful features.

iPad: 3 This seemed to be the year where a lot of people accepted that the software is what it is. If you love iPadOS, the hardware for running it is now better than ever. If not, no matter how much potential there may be, it’s time to stop waiting for Pro to happen in the way that you want and just use a Mac.

Wearables: 4, Apple Watch: 4, Vision Pro: 1 The AirPods 4 seem good. AirPods Max remains a product in Apple’s lineup. Apple no longer offers software updates for my watch, and I’m waiting for a new Apple Watch SE, which hasn’t been announced yet. Apple Vision Pro is technically impressive, but it increasingly seems like Apple built the wrong thing. Those engineering resources would have been much better spent improving Apple’s other platforms.

Home: 2 My HomePod continues to not work well for Siri or music. This year I dipped my toes into the Matter ecosystem. I was pleased to find that it all “just worked,” though the automation options are a bit limited, and I still don’t like the Home app.

Apple TV: 3 Nothing much happened this year, though I like the new feature of automatically showing subtitles when you rewind a bit. I still don’t like the software or the remote.

Services: 2 iMessage and Siri still work poorly for me. Apple Pay and the rest of iCloud are OK. The other services don’t interest me except in that their existence seems to be warping Apple’s product design decisions.

Hardware Reliability: 4 My most recent hardware has been working well this year. My 2019 Intel MacBook Pro’s internal SSD partially failed. The Mac is out of AppleCare, and the SSD is non-replaceable, so now it can only be used with an external SSD, which is inconvenient for a portable computer and somewhat unreliable (with sleep, etc.). This would be worse with an Apple Silicon–based MacBook Pro because, for security reasons, they no longer support booting from external storage when the internal storage isn’t working. Without being able to replace the SSD, the whole Mac would be dead.

OS Quality: 1, Apple Apps: 3 The software quality slide continues. The same old bugs are still there. Finder views still don’t update or reveal properly, and external drives still don’t mount reliably. macOS Sequoia bought new problems, particularly related to storage. Now, it’s sometimes impossible to unmount drives cleanly. Time Machine deleted lots of my old backups unnecessarily and had trouble completing new backups. Third-party backup utilities are also having trouble, as Sequoia broke ASR’s ability to create bootable backups. Multiple of my Macs now have regular kernel panics, which never happened before. There are a variety of new networking issues. Safari often stops working under heavy load, so, though it’s still my default browser, I’m increasingly incorporating Chrome and Firefox. I wish that, instead of focusing on Apple Intelligence, Apple had focused on improving the quality of the OS and on improving the design of Music and the other media/services apps.

Developer Relations: 2 The same old issues with the App Store, documentation, and bug reporting. Nothing seems to be getting better. This was the second year in a row that Xcode shipped with a showstopper bug for Mac developers. Once again, it was reported during the beta period but there was no urgency to fix it. The Swift toolchain is still crashy and unreliable. Apple continues to write SwiftUI and SwiftData checks that the frameworks can’t cash.

Apple’s Impact in the World: No vote

See also: Nick Heer.

Previously:

Update (2025-02-07): Upgrade (tweet):

We discuss the results of the Six Colors Apple Report Card for 2024 in depth, with our opinions on every category.

See also:

John Gruber (Mastodon, Bluesky):

If “Siri/Apple Intelligence” were a category for this report card, I’d have graded it a D — and much closer to an F than a C. Longstanding Siri features have not only not gotten better, they’ve seemingly gotten worse. Apple is simply not a relevant player in the explosively popular LLM game. The features under the “Apple Intelligence” umbrella mostly feel like Apple shipped them a full year ahead of readiness simply because the rest of the industry — and Wall Street — is way ahead of them, and they felt the need to ship what they had, ready or not. There are a lot of obviously useful potential AI-powered features — ones that integrate between apps, and/or use your personal data on-device — that, thanks to the tightly restricted sandboxing system Apple itself designed for iOS, only Apple itself can provide via AI. It doesn’t matter that Apple doesn’t offer, say, its own web search engine, because Safari can use whatever search engine you want. It does matter that Siri sucks because only Siri can tightly integrate at the system level with your device, and with your private cross-application data.

[…]

Apple’s goal should be for developer relations to be so good that developers look for excuses to create software exclusively for Apple’s platforms. The opposite is happening.

Riccardo Mori:

Here’s my 2024 Apple Report Card. I won’t abuse your time.

Mac hardware: A+
iPhone hardware: A
Services: B (mostly thanks to some good AppleTV+ shows).
The rest: from C to worse.

Dishonourable mention: Software, UI, and UX.

See also: Adam Engst.

Previously:

Swift Build

Owen Voorhees (tweet, Hacker News):

As a foundational step in this new chapter of Swift build technologies, today Apple is open sourcing Swift Build, a powerful and extensible build engine that provides a set of build rules for building Swift projects. Swift Build is the engine used by Xcode, which supports millions of apps in the App Store as well as the internal build process for Apple’s own operating systems. The open source repository also includes support for targeting Linux and Windows.

[…]

Swift Build is an infrastructural component designed to plan and execute builds requested by a higher-level client like Swift Package Manager or Xcode. It builds on top of the existing llbuild project to add capabilities including:

  • Robust integration with the Swift compiler to reliably and efficiently coordinate the build of Swift projects
  • Support for a wide variety of product types including libraries, command line tools, and GUI applications with advanced build configuration options
  • Build graph optimizations that maximize parallelism when building Swift and C code

I suspect this is the component responsible for one of my main frustrations with Swift: spurious compilation errors (or sometimes crashes at runtime) unless I clean the build folder, because it doesn’t correctly figure out which files need to be recompiled after certain changes.

Saagar Jha:

Swift Build being open sourced is a really huge deal. This should remove barriers for teams that are running into Xcode build performance or correctness limitations because they can now debug, profile, and most importantly fix the issues themselves.

Tony Arnold:

I am unbelievably happy to see Apple open source the Xcode build system — I have checked out the project, explored the tests, and am looking at starter issues alongside a relaxing cup of tea.

What to Do When macOS Won’t Let You Unmount a Volume

Howard Oakley:

When all else fails, the next step is to identify what’s using files on that volume or disk, so you can decide whether to force quit that process in Activity Monitor. Don’t do that blindly, as you could end up killing processes that your Mac does need to run.

[…]

If you’d rather use an app, then my personal favourite is Sloth from here. Although it’s not notarized, it does everything that I’d want in terms of matching lsof or fuser’s features. Most importantly, if you click its padlock at the lower right and authenticate, it will show all processes running as root.

I like Sloth, but it’s annoying to have to authenticate each time I use it. There’s a preference to have it prompt at launch so that at least you don’t have to click the little padlock icon each time (or forget to click it and get incorrect results).

In practice, I almost never had problems with volumes that wouldn’t eject before Sequoia, and now it happens multiple times per day. The culprits are always mds (Spotlight) and revisionsd (file versioning) so there seems to be nothing to do except Force Eject.

See also: TidBITS-Talk.

Previously:

Copyright © 2000–2025 Michael Tsai.