Archive for July 2, 2026

Thursday, July 2, 2026

EveryMac at 30

EveryMac:

On July 2, 1996, EveryMac.com launched.

Thirty years is a long time -- and a great deal has changed since then -- but what has not changed is that EveryMac.com has been there to provide you with detailed info on every Mac from the original 128k to the current line. Thank you very much for your support through the years.

I think there used to be a bunch of sites like this, but EveryMac has endured, and it’s the one I’ve been using for long time. I asked proprietor Brock Kyle how he got started:

As you know, the Internet was different in the 90s. I was at least partially inspired by Guy Kawasaki’s evangelism and wanted to support what was at that time considered a decidedly “beleaguered” Apple Computer. Mac hardware was a topic that I was interested in and relatively experienced with -- or at least I thought so, I have learned a little bit more since then 🙃 -- and the site was simply my effort to contribute to the body of knowledge. I miss the ethos of those days.

Stephen Hackett:

There are a bunch of ways to support EveryMac, and its anniversary prompted me to chip in to help keep the lights on at a very important resource.

I am a huge fan of the site’s comparison charts, which make it easy to see how a particular model evolved over time[…]

Jason Snell:

Back in 1995 I worked on a project for MacUser magazine called the Mac Catalog, which was a FileMaker-based spec database much like EveryMac’s. I was the person who brought the Mac Catalog to the web for the first time, in fact!

Joe Rossignol:

Launched in 2022, AppleDB is a helpful resource that provides a database of Apple devices, software updates, firmware releases, and more.

Previously:

Hide My Email Vulnerability Exposes Real Address

Joseph Cox (MacRumors, Hacker News):

A vulnerability in Apple’s “Hide My Email” tool lets almost anyone discover a person’s real email address that is supposed to be hidden by the feature, and Apple has failed to fix it for more than a year, according to a security researcher and 404 Media’s own tests.

[…]

“Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” Tyler Murphy, the co-founder of EasyOptOuts, which discovered and reported the issue to Apple, told 404 Media.

“Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk,” Murphy added.

[…]

To test the issue I generated a new Hide My Email address and provided it to Murphy. Around five minutes later, he replied with my real email address linked to my Apple account which was supposed to be hidden.

Ben Lovejoy:

Murphy said that he reported the issue to Apple in June of last year, and the company told him it was looking into it. Apple said it had been fixed in March of this year, but Murphy found that wasn’t the case. He again contacted Apple, with the company saying that it would appreciate him not revealing the existence of the flaw until it had been resolved.

Apple then said it planned to address the issue in June, but since it still hasn’t been fixed[…]

Tyler Murphy:

March 19, 2026: Using the reproduction instructions from our initial report, we determined that the vulnerabilities hadn’t been fixed.

May 22, 2026: We realized that the vulnerabilities may have greater severity and scope than we thought initially and reported this to Apple. Apple never acknowledged the report of increased severity.

June 30, 2026: Apple again reported that the vulnerabilities were fixed and asked us to verify. We determined that the vulnerabilities hadn’t been fixed.

Jeff Johnson:

This is every fucking Feedback I file.

John Gruber:

Not good. Especially the “We reported the issue and replication instructions to Apple over a year ago” part.

This is becoming a pattern. At least Apple still allows third-party e-mail providers.

Nick Heer:

Very few details are available right now. I have seen speculation that the original email address is revealed when someone replies using their hidden email address, but the impression I get from Cox’s reporting is that no user interaction is necessary[…]

[…]

I am also unclear about how, as of May, the EasyOptOuts guys found the “vulnerability may have greater severity and scope” than initially reported. Ominous, though.

Previously:

Hide My Email Moving to private.icloud.com Domain

Apple (MacRumors):

Later this summer, Apple will unify the email domains used by Sign in with Apple and iCloud+ Hide My Email under a single, shared domain: private.icloud.com.

New addresses generated for both features will be issued on the new domain.

[…]

Existing addresses on the legacy domains will continue to work and forward mail to users without interruption.

It’s unclear to me what the benefit of this is. Is there a reason to migrate legacy addresses?

Arseniy Shestakov (Hacker News):

This makes it much easier to ban all aliases without affecting non-relay mailboxes on iCloud mail.

This is certainly a big hit for iCloud privacy, since some plausible deniability together with Apple’s backing made banning iCloud aliases costly. But now a lot of services will just refuse to accept these emails, just like what happens with free temporary mailboxes.

John Gruber:

But my retort is that a service that won’t accept these email addresses is one that I probably don’t want to have anything to do with. The only reason not to accept private.icloud.com email addresses is if you want to do something invasive with users’ actual email addresses.

The main problem I have with Hide My Email is that some customers use it and then have no way to look up their purchase info via e-mail because they don’t know which address they used. Of course, I wouldn’t reject such addresses, but I wonder if services will start using the new domain to recognize that Hide My Email is being used and nudge the user to provide a different address.

Previously:

Golden Gate Spotlight

Hartley Charlton:

Apple today announced that it has rebuilt the search infrastructure that powers key features like Spotlight, Photos, and Mail across all of its major next-generation software platforms.

LLM search using Core Spotlight:

Level up basic search into a retrieval-augmented system using SpotlightSearchTool and LanguageModelSession. Explore Core Spotlight integration, delegate-based hydration patterns, and how metadata quality impacts your search results. Learn how to use custom PipelineStages for tasks like sentiment analysis. Discover best practices for indexing and building flexible, context-rich search experiences in your app.

Corentin Cras-Méneur:

So from what I understand from the WWDC keynote, Spotlight is actually going to work?? When I search for simple files, it fails the VAST majority of the time!

Saagar Jha:

I feel like I am watching the Mac OS X Leopard intro again guys how did we mess up search so bad we have to present it again

Howard Oakley:

Semantic search is different, in that its matches aren’t as crisp and Boolean. Rather than working like a simple index, it’s more like a thesaurus in effect.

[…]

Rather than compiling more exhaustive sets of keywords, semantic search can broaden the scope to cope better. And because we can interact through Siri, we can fine-tune our search results by specifying the cattle should be black and white, perhaps, and combining conventional search criteria such as location.

To get this to work effectively, there are some limitations. Because semantics are so contextual and variable, this involves apps and Core Spotlight. That’s a big benefit to user privacy, as Core Spotlight’s indexes are separated by user and stored locally, although in places like ~/Library/Metadata rather than volume-based Spotlight indexes in the existing hidden .Spotlight-V100 folders. And unlike global Spotlight indexing and search, it requires apps to have code to support both tasks, as it can’t just happen by magic.

While I’m sure we’ll all be impressed with many of the results of semantic search, hits that we never expected to find, it’s going to prove harder to assess those that it misses.

Rhythmic Fistman:

Never has it been so inconvenient to find a file whose name you know exactly

Maybe rebuilding Spotlight’s infrastructure will fix this, or maybe adding the semantic stuff will make handling simple cases like this worse.

i3aychikov:

Personally, in my experience, I’ve noticed that the new Spotlight is much faster than the one in MacOS 26 Tahoe. It opens with less delay, and finds the right app or file instantly when Spotlight in Tahoe seems to have had a slight delay.

See also: TidBITS-Talk.

Previously: