Friday, July 26, 2024

Stripe Acquires Lemon Squeezy

In 2020, when the world gave us lemons, we decided to make lemonade. We imagined a world where selling digital products would be as simple as opening a lemonade stand. We dreamed of a platform that would take the pain out of selling globally.

Tax headaches, fraud prevention, handling chargebacks, license key management, and file delivery, among other things, are complicated.

[…]

Going forward, our mission remains the same: make selling digital products easy-peasy.

With Stripe’s help, we’ll continue to improve the merchant of record offering, bolstering billing support, building an even more intuitive customer experience, and more.

Previously:

Acquisition Business Lemon Squeezy Payments Stripe Web

1 Comment

Sonos Apologizes for App Redesign

Marco.B:

Today we are introducing the most extensive app redesign ever, creating an unprecedented streaming experience that allows listeners to organize their favorite playlists, stations, albums and more from over 100 services on one customizable Home screen.

The new Home screen provides faster access to Sonos system controls with one easy swipe up, making tab to tab jumping a thing of the past. As a leader in sound experience that’s focused on creating a better way to listen, Sonos intentionally redesigned the app on a modern software platform for an easier, faster and better experience that can support more rapid innovation.

DianeRoberts (AMA):

The app is not exclusively built with Flutter, but does make use of Flutter for certain portions of the setup experience. We’ve actually been using Flutter for those experiences for many years, and ported that forward to the new app.
The majority of the app is in fact native. On iOS that means Swift, using SwiftUI. On Android that means Kotlin, using Jetpack Compose.

Juli Clover (forum threads):

Sonos this week released a major redesign for the Sonos app, introducing customizable home screen meant to deliver a personalized listening experience. The update was announced back in April, but just went live, and unfortunately, it removes a number of features while also introducing several bugs.
Multiple complaints on social media have called the app a “step back” with missing features like editing a song queue, managing playlists, shuffling a music library, and setting alarms and timers, along with slow performance and hard-to-access system controls. There has also been feedback from users about missing accessibility features.
The Verge asked Sonos about the negative feedback, and in response, Sonos said that it’s aware of the complaints, but “it takes courage” to rebuild a core product.

Juli Clover:

Sonos CEO Patrick Spence today penned a blog post on the Sonos website apologizing for the controversial Sonos app redesign and promising ongoing updates throughout the year.
Spence said that improving the app for customers is the company’s number one priority, and he explained that addressing bugs that came up in the new app delayed the introduction of additional features.

Previously:

Design iOS iOS 17 iOS App Software Rewrite Sonos SwiftUI

1 Comment

HP Discontinues Online-Only LaserJet Printers

Sean Hollister:

Last May, I told you how HP’s bestselling printer can lock you to the company’s own subscription ink for life, with no way to cancel, with its dastardly HP Plus scheme. But HP has decided to remove those shackles from future laser printers, at least.

Christopher Harper (via Slashdot):

HP has finally been forced to discontinue its cheaper e-series LaserJet printers due to customers experiencing problems with their online-only and always tied to HP+ subscription requirements. Among other things, HP+ requires a permanent Internet connection, and customers only use HP-original ink and toners, not allowing for third-party alternatives to be used at all. There are benefits to HP+, including cloud printing and an extra year’s warranty, but the forced online requirement for a cheaper printer left a bad taste in the mouths of many consumers.
In any case, it’s important to clarify that this discontinuation of HP printers will only impact HP LaserJet printers that have an “e” added to the end of their model name to denote the alternative business model.

Previously:

DRM HP Printing Sunset

Comments

SwiftData and Core Data at WWDC24

What’s new in SwiftData:

SwiftData makes it easy to add persistence to your app with its expressive, declarative API. Learn about refinements to SwiftData, including compound uniqueness constraints, faster queries with #Index, queries in Xcode previews, and rich predicate expressions. Join us to explore how you can use all of these features to express richer models and improve performance in your app.

[…]

You can use the new #Unique macro to tell SwiftData which combinations of your model’s properties must always remain unique in the model data. When two model instances share the same unique values, SwiftData will perform an upsert on collision with an existing model!

It seems there is still no way to control the merge policy.

New in iOS 18 is the ability to use Foundation’s new #Expression macro to build complex predicates easily! Expressions allow for reference values that do not produce true or false but instead allow for arbitrary types.

Create a custom data store with SwiftData:

Combine the power of SwiftData’s expressive, declarative modeling API with your own persistence backend. Learn how to build a custom data store and explore how to progressively add persistence features in your app.

Track model changes with SwiftData history:

Reveal the history of your model’s changes with SwiftData! Use the history API to understand when data store changes occurred, and learn how to use this information to build features like remote server sync and out-of-process change handing in your app. We’ll also cover how you can build support for the history API into a custom data store.

See also: the SwiftData documentation and updates.

I was not impressed with the introduction of SwiftData last year, and this year was also a disappointment. It seems like they are working on the wrong things and not communicating their vision for the future of SwiftData and how it will work with (or supplant) Core Data. It’s not clear whether this is a strategy and execution problem or primarily a communication problem, but it is leaving me unsettled.

Last year, SwiftData was very buggy and incomplete. This year, they didn’t talk about fixing the basics but rather about advanced and somewhat niche features like custom stores and history tracking. Last year, there was no integration between SwiftData and Core Data identifiers and predicates. There still seems to be none. The only mention of Core Data was that if you’re using Core Data’s persistent history you can now migrate to SwiftData history. There were no Core Data sessions at WWDC 2024.

So it remains unclear whether it’s even planned for SwiftData to be able to do the things that Core Data can. Is this going to be like SwiftUI where five years later they are still reimplementing features the previous framework has had for decades? It’s also unclear whether Core Data even has a future. Last year was encouraging in that both frameworks got equivalent new features at the same time. This year, Core Data got nothing, even though there’s a long list of outstanding feature requests, limitations, and bugs. Is this year an aberration? Or is Core Data in maintenance mode while they focus on SwiftData? It really does not feel good to have multiple apps and 20 years of code built on a framework that Apple isn’t talking about.

The point of building on system frameworks is that they’re in theory better supported than random open source projects. But now the future is uncertain, and it’s closed-source so that no one else can make the fixes or improvements that Apple won’t. I can’t rewrite my Core Data code in SwiftData because it’s so limited. Even if there are major improvements next year, they will be locked to macOS 16 and later, so it will be a long time before I can deploy code that uses them. At least right now, it’s not worth rewriting my code for a third-party framework. Core Data isn’t announced dead yet, and many other apps use it, so hopefully it’s safe to assume that Apple won’t let it break too badly. But if I were starting a new app today I would seriously consider whether it makes sense to be on the Apple train. There are some interesting alternatives such as GRDB, Lighter, and Blackbird.

Donny Wals:

It feels like Apple wanted to do more with SwiftData but they ran out of time. Surely being able to write your own persistence layer wasn’t the one thing they really wanted to ship, right?
There’s so much that developers were hoping for this year but we didn’t get any of it.
Makes me wonder whether the plan was to replace Core Data entirely and go from there but they couldn’t get it done so they gave us this instead?

Gwendal Roué:

I mostly see people hitting walls with SwiftData (limited support for non-optional relationships and ordered relationships, predicates that won’t compile, no dynamic predicate, change reactivity that does not work, etc.) And I’m all but charmed by its mutable model classes anyway. Maybe it would be interesting to have a GRDB store, so that one can workaround SwiftData limitations with a robust database API. But then, why not use the robust API in the first place?

Donny Wals:

Sadly, none of these limitations are the result of Core Data not supporting them. They’re a result of SwiftData’s interface not exposing these features. So even if you ship a custom persistence layer you’re limited by what SwiftData supports. And that’s not much.

For now, SwiftData remains a framework that’s only useful for small, simple apps that don’t need much in terms of features.

Fatbobman:

The latest version of SwiftData was surprisingly impactful. Although it might seem that few features were added on the surface, the substantial underlying adjustments were revolutionary. Considering that SwiftData was only founded a year ago, such changes were particularly unexpected. Stability remains a challenge, as seen in the first test version, which may disappoint many developers who had high expectations for SwiftData. However, after in-depth analysis, I believe there is sound reasoning behind these significant adjustments. The new version of SwiftData has almost achieved decoupling from the Apple ecosystem, and once it adds an independent default storage implementation, it will have all the makings of a cross-platform open-source framework. While this is just my personal hope, given Apple’s increasingly open approach to the community, the potential for this transformation is significant. If realized, the current waiting and effort will undoubtedly be worthwhile.

Helge Heß:

What they apparently didn’t do is fix the actual issues it had, like missing Observation refreshes 🙃

dasdom:

Is SwiftData dead already?

SENTINELITE:

I picked up SwiftData last year for my app, & it’s been an excruciatingly painful experience. Cloud syncing doesn’t always work, duplicate entries, etc.

Things didn’t really improve this year, although some internal things did, because some bugs have been cleaned up.

But… I just feel lost. I need the foundation of the app to be working, so I can dive into other APIs (Widgets, shortcuts, etc), but it’s been an uphill battle.

Helge Heß:

Something disappointing in SwiftData is that it doesn’t make use of the static nature of the macro(s). The macro can’t see the full schema like Lighter does, but it could still statically generate a ton, e.g. a static snapshot struct for the backing data. Or predefined indices for quickly binding the snapshot to the SQLite API (or really any).
Instead we get custom backends. Is anyone going to use this, for anything? Maybe they’ll eventually release it as FOSS for server side?

Helge Heß:

IMO the ability to replace the backend is exactly the wrong direction to go 🤷‍♀️ (for an embedded persistence framework). Specific backends should have specific implementations of the SwiftData API, not yet another layer in between that does abstractions which likely won’t fly. Remember the LDAP EOAdapter…

SENTINELITE:

Adopting SwiftData’s new History stuff, causes my model(s) to crash, as you can’t query embedded structs. […] I’m THIS close to rewriting the back-end. Gah.

Jon Duenas:

Yeah, it’s just, credit where credit is due, adding CloudKit to SwiftData “just worked”. With bugs and crashes, sure. But barely any extra effort on the developer’s end to do the actual syncing.
I’m actually considering whether I should just move rolling my own backend with something like Firebase or Supabase and make local storage more of a cache than the source of truth.

Duncan Babbage:

Would love any leads on this: setting [Core Data’s] .fetchBatchSize causes entire collection to be immediately traversed [by SwiftUI].

With Core Data and AppKit there are several possible solutions. If you fetch whole objects, the batching “just works,” so long as you stick to one store and avoid converting the NSArray to a Swift Array. With multiple stores, or to save memory, it’s straightforward to just fetch the sorted IDs and bring the objects into memory as needed.

Previously:

Core Data Database iOS iOS 18 Mac macOS 15 Sequoia Programming SwiftData

Comments

Thursday, July 25, 2024

SearchGPT

Kylie Robison (Hacker News):

OpenAI is announcing its much-anticipated entry into the search market, SearchGPT, an AI-powered search engine with real-time access to information across the internet.

The search engine starts with a large textbox that asks the user “What are you looking for?” But rather than returning a plain list of links, SearchGPT tries to organize and make sense of them. In one example from OpenAI, the search engine summarizes its findings on music festivals and then presents short descriptions of the events followed by an attribution link.

[…]

Publishers will have a way to “manage how they appear in OpenAI search features,” the company writes. They can opt out of having their content used to train OpenAI’s models and still be surfaced in search.

Previously:

Update (2024-07-26): Juli Clover:

SearchGPT is available to a small group of users and publishers at the current time, with OpenAI seeking feedback on the product. The prototype is temporary at the current time, but "best" of the features will be integrated into ChatGPT in the future.

Artificial Intelligence OpenAI Search SearchGPT Web

1 Comment

Only Google Can Crawl Reddit

Emanuel Maiberg (Hacker News):

Google is now the only search engine that can surface results from Reddit, making one of the web’s most valuable repositories of user generated content exclusive to the internet’s already dominant search engine. If you use Bing, DuckDuckGo, Mojeek, Qwant or any other alternative search engine that doesn’t rely on Google’s indexing and search Reddit by using “site:reddit.com,” you will not see any results from the last week.

DuckDuckGo is currently turning up seven links when searching Reddit, but provides no data on where the links go or why, instead only saying that “We would like to show you a description here but the site won't allow us.” Older results will still show up, but these search engines are no longer able to “crawl” Reddit, meaning that Google is the only search engine that will turn up results from Reddit going forward. Searching for Reddit still works on Kagi, an independent, paid search engine that buys part of its search index from Google.

Simon Willison:

Is this a direct result of Google’s deal to license Reddit content for AI training, rumored at $60 million? That’s not been confirmed but it looks likely, especially since accessing that robots.txt using the Google Rich Results testing tool (hence proxied via their IP) appears to return a different file, via this comment, my copy here.

As he says, this is depressing.

Dare Obasanjo:

The pay-to-play internet is here. […] This pretty much kills any chance of disrupting Google with AI as they can outspend everyone on content exclusivity.

Sriram Karra:

“Pay to play” arrived years ago… Just that folks were not paying attention..
Microsoft did this with GitHub. You haven’t been able to find any GitHub responses in Google searches for years.

Previously:

Artificial Intelligence GitHub Google Search Reddit Search Web Web Crawlers

5 Comments

Apple Commits to Opening NFC in EU

Tim Hardwick:

The European Union has accepted commitments from Apple to open its mobile payments system and give competitors access to the iPhone's NFC technology, bringing an end to a lengthy investigation by EU regulators into the technology.

According to the announcement, Apple has agreed to open up its payments system to other providers free of charge for a decade. Apple will let users set a third-party wallet app as their default, rather than its own Apple Wallet. It will also allow rivals full access to key iOS features, such as double click to launch wallet apps, along with Face ID, Touch ID, and passcodes for authentication.

As John Siracusa says, it’s unclear what this will mean in practice. Maybe the APIs will be unexpectedly limited or Apple will stonewall or reject apps that attempt to use them. And what happens after 10 years?

Previously:

Antitrust Digital Markets Act (DMA) European Union iOS iOS 18 Near-Field Communication (NFC)

1 Comment

Swift’s AnyObject

Jordan Rose:

You can also use AnyObject as a constraint on protocols: protocol MyDelegate: AnyObject. Now the implementers are known to have reference semantics, and with T: MyDelegate you can have weak references to T, as before. You can even have weak references to any MyDelegate, allowing swapping between delegates of different types.

What you might run into, though, is that any MyDelegate is not itself AnyObject.

[…]

Because it carries more information than just a single object reference: it also has a “witness table” pointer, the run-time representation of a protocol conformance.

[…]

But wait, Objective-C never had this problem! The id <MyDelegate> type doesn’t take up more than a single-object-reference to store! But that’s because ObjC protocols aren’t represented as tables of methods; they’re just promises that the implementing class has methods with particular names.

Previously:

Language Design Objective-C Programming Swift Programming Language

Comments

Books for iPad Gets the Photos Treatment

Federico Viticci:

So, uhm, the UI changes to the Books app for iPad are pretty concerning…?
The app went from having a rich sidebar in iPadOS 17 with sections and collections always available to a simplified layout where sections are hidden away in a popover. Less flexible and discoverable than before.
Does Apple want to make iPad apps less desktop class now?

Previously:

Redesigned Photos App in iOS 18

Books Design iBooks iPadOS iPadOS 18 Music.app

4 Comments

Wednesday, July 24, 2024

Steve Jobs: Objects of Our Life

Jony Ive (Hacker News):

Steve rarely attended design conferences. This was 1983, before the launch of the Mac, and still relatively early days of Apple. I find it breathtaking how profound his understanding was of the dramatic changes that were about to happen as the computer became broadly accessible. Of course, beyond just being prophetic, he was fundamental in defining products that would change our culture and our lives forever.

[…]

In the talk, Steve predicts that by 1986 sales of the PC would exceed sales of cars, and that in the following ten years, people would be spending more time with a PC than in a car. These were absurd claims for the early 1980s. Describing what he sees as the inevitability that this would be a pervasive new category, he asks the designers in the audience for help. He asks that they start to think about the design of these products, because designed well or designed poorly, they still would be made.

He was such a clear thinker and communicator.

Adam Engst:

It’s a fabulous time capsule of the pre-digital era, with Jobs saying “Uh-oh” when no one in the audience admits to owning an Apple or any other personal computer. This is a young Steve Jobs, speaking more extemporaneously and unguardedly than he would in later years. I encourage you to spend some time on the exhibit and, in particular, try to watch the full 55-minute presentation.

I was mostly struck by how prescient Jobs was in that talk. Although he had to explain computers and software by analogy for an utterly non-technical audience, he still tossed out prediction after prediction about how things would be in the future. Given that this is 1983, we’ve lived through much of that future by now, and with the benefit of hindsight, we can see that he was remarkably accurate, if sometimes optimistic regarding timeframes.

M.G. Siegler:

I’ve never seen a bad Steve Jobs video. So when a new one is put out there into the world, the bar is quite high. Surprising no one [it] does not disappoint.
[…]
His talk really takes off though when he ends his prepared remarks almost comically abruptly with “so what do you want to talk about?” The crowd sort of laughs and then realizes he’s dead serious and breaks into applause. And then the questions start. I’ve written about Jobs’ ability to command a Q&A before, and it was clearly the mode in which he best operates. As someone who was in a few such sessions (mostly public, as a member of the press, but one memorable one which was private), it’s impossible to overstate how good he was at these. Everyone knows the famous/infamous “reality distortion field”, but it really undersells Jobs’ ability to command a room by speaking in a way that’s intensely human.

Apple II Artificial Intelligence Design History Lisa Networking Programming Speech Recognition Steve Jobs Xerox

Comments

Safari Profiles and Extension Permissions Madness

Jeff Johnson:

I’ve discovered a bug that unexpectedly causes Safari extensions in a profile to lose access to websites. I’ve reproduced the bug in Safari 17.5 on macOS 14.5 and in the Safari 18 beta on the macOS 15 beta. I haven’t yet been able to reproduce on iOS, but correspondence with a customer—the origin of my discovery—suggests that the bug may also exist on iOS. Here are steps to reproduce on Mac with StopTheMadness Pro[…]
[…]
Curiously, and falsely, Safari Websites Settings still claims that everything is allowed.
The worst part is that if you’re temporarily experiencing this Safari bug where extensions lack access to websites, and you click Always Allow on This Website, that confused action permanently erases the permissions to access all http and https pages, as seen under the new GrantedPermissionOrigins in the profile’s Extensions.plist file.

Previously:

Bug Mac macOS 14 Sonoma macOS 15 Sequoia Safari Safari Extensions StopTheMadness

1 Comment

SwiftUI at WWDC24

What’s new in SwiftUI:

Learn how you can use SwiftUI to build great apps for any Apple platform. Explore a fresh new look and feel for tabs and documents on iPadOS. Improve your window management with new windowing APIs, and gain more control over immersive spaces and volumes in your visionOS apps. We’ll also take you through other exciting refinements that help you make expressive charts, customize and layout text, and so much more.

SwiftUI essentials:

Join us on a tour of SwiftUI, Apple’s declarative user interface framework. Learn essential concepts for building apps in SwiftUI, like views, state variables, and layout. Discover the breadth of APIs for building fully featured experiences and crafting unique custom components. Whether you’re brand new to SwiftUI or an experienced developer, you’ll learn how to take advantage of what SwiftUI has to offer when building great apps.

Work with windows in SwiftUI:

Learn how to create great single and multi-window apps in visionOS, macOS, and iPadOS. Discover tools that let you programmatically open and close windows, adjust position and size, and even replace one window with another. We’ll also explore design principles for windows that help people use your app within their workflows.

Tailor macOS windows with SwiftUI:

Make your windows feel tailor-made for macOS. Fine-tune your app’s windows for focused purposes, ease of use, and to express functionality. Use SwiftUI to style window toolbars and backgrounds. Arrange your windows with precision, and make smart decisions about restoration and minimization.

Demystify SwiftUI containers:

Learn about the capabilities of SwiftUI container views and build a mental model for how subviews are managed by their containers. Leverage new APIs to build your own custom containers, create modifiers to customize container content, and give your containers that extra polish that helps your apps stand out.

Create custom visual effects with SwiftUI:

Discover how to create stunning visual effects in SwiftUI. Learn to build unique scroll effects, rich color treatments, and custom transitions. We’ll also explore advanced graphic effects using Metal shaders and custom text rendering.

Catch up on accessibility in SwiftUI:

SwiftUI makes it easy to build amazing experiences that are accessible to everyone. We’ll discover how assistive technologies understand and navigate your app through the rich accessibility elements provided by SwiftUI. We’ll also discuss how you can further customize these experiences by providing more information about your app’s content and interactions by using accessibility modifiers.

Enhance your UI animations and transitions:

Explore how to adopt the zoom transition in navigation and presentations to increase the sense of continuity in your app, and learn how to animate UIKit views with SwiftUI animations to make it easier to build animations that feel continuous.

Swift Charts: Vectorized and function plots:

The plot thickens! Learn how to render beautiful charts representing math functions and extensive datasets using function and vectorized plots in your app. Whether you’re looking to display functions common in aerodynamics, magnetism, and higher order field theory, or create large interactive heat maps, Swift Charts has you covered.

Migrate your TVML app to SwiftUI:

SwiftUI helps you build great apps on all Apple platforms and is the preferred toolkit for bringing your content into the living room with tvOS 18. Learn how to use SwiftUI to create familiar layouts and controls from TVMLKit, and get tips and best practices.

Fatbobman:

Starting with this version, the SwiftUI development team appears to have found the right path to rapidly evolve SwiftUI, exploring ways to enhance its capabilities while maintaining the characteristics of a declarative framework.

In this update, the SwiftUI team changed its previous API design strategy—from highly encapsulated and less flexible designs to providing developers with greater lower-level control. This includes integrating UIKit gestures, introducing more functional custom containers, custom rendering of Text and providing precise scroll control. These improvements have significantly raised the upper limits of SwiftUI, opening up broader technical possibilities for advanced developers.

As SwiftUI shares mechanisms for animations, transitions, and gestures with the UIKit framework, it is gradually transitioning from a framework built on UIKit/AppKit to a more equal partner within Apple’s UI framework ecosystem. It is no longer just drawing features from other frameworks but is starting to give back by contributing new features to them.

The new version of the SwiftUI framework also underwent code-level stratification, carving out a separate SwiftUICore framework. This was likely done to facilitate better collaboration with UIKit and AppKit, but it also opens up exciting possibilities for future developments.

Colin Cornaby:

SwiftUI has usually been thought of as an abstraction layer over AppKit and UIKit. But this WWDC is the first time I get the feeling AppKit and UIKit are becoming abstraction layers over SwiftUI.

Majid Jabrayilov:

SwiftUI introduced the new overloads for Group and ForEach views, allowing us to create custom containers like List or TabView.
[…]
The new ScrollPosition type, in pair with the scrollPosition view modifier, allows us to read the precise position of a ScrollView instance. We can also use it to programmatically scroll to the particular point of the scrolling content.
[…]
The new Entry macro allows us to quickly introduce environment values, focused values, container values, etc, without boilerplate.

Paul Hudson:

This is another good year for SwiftUI, with another batch of scrollview improvements, some welcome macOS features, remarkable control over text rendering, and more – the team at Apple have a lot to be proud of, and many developers will breathe a sigh of relief as API such as fine-grained subview control is now public for all of us to use.

[…]

The difference is small, but makes a huge difference: the @MainActor attribute moved from body up to the [View] protocol itself, which means the body property along with all other properties and methods we make are run on the main actor.

Kyle Howells:

After 5 years SwiftUI ScrollView finally gets one of the basic fundamental features a ScrollView needs.

Majid Jabrayilov:

This week, we will discuss monitoring scroll phases in SwiftUI.

Clarko:

The new Entry macro being backported is so wonderful.

Immediately deleted a bunch of boilerplate from EnvironmentValues and FocusedValues.

Majid Jabrayilov:

This week, we will talk about the Entry macro type.

Swift Talk:

Today, we want to discuss environment values, preferences, and view updates.

robb:

There are some real crowd pleasers coming to SwiftUI this year at WWDC2024.
Here’s the full list, but I’ll call out some personal favorites[…]

[…]

Group and ForEach are getting superpowers this year, including the ability to iterate over and transform the subviews of a view. (No more _VariadicView shenanigans!)

This seems like the biggest change to me. I will be interested to hear how the performance is.

Matthaus Woolard:

New in macOS 15, we can now use onModifierKeysChanged(mask:initial:_:) to update our views when keyboard modifiers are held down.

Francisco Tolmasky:

“If we just keep saying SwiftUI is the best way to write apps it’ll eventually come true, right?”

Steve Troughton-Smith:

You can now build AppKit NSMenus in SwiftUI with the NSHostingMenu API.

Marcin Krzyzanowski:

I had some hopes that Apple would embrace new Swift concurrency in their API for a Swift 6 launch. I guess not necessarily, if not even modern SwiftUI API got update.

It’s going fine: @preconcurrency, @unchecked Sendable

Robb Böhnke:

SwiftUI’s new Color.mix(with:by:) API allows you to interpolate Colors that match SwiftUI.Gradient in discrete steps.

Khoa:

The new SwiftUI Window modifier for macOS is great. There is less need for AppKit now

Antoine:

I’m DYING to know why can’t SwiftUI just give you the NSWindow so we don’t have to wait years for them to add the most basic stuff

Ron Avitzur:

I submitted FB13821655 June 9, 2024 “Support onboarding View for iOS SwiftUI document-based apps” and received response from Apple June 12, 2024 saying “The API you’re asking for has been released in a new Beta now. Here’s the WWDC session that covers it.
This wins both the “Fastest response to a Feedback feature request” and the “Most useful response” awards by a long mile.

Duncan Babbage:

Would love any leads on this: setting [Core Data] .fetchBatchSize causes entire collection to be immediately traversed [by SwiftUI].

Helge Heß:

Did someone try whether the SwiftUI refresh issue in SwiftData got fixed? Some blog sounded like no?

Scott Anguish:

Just realized, SwiftUI views still can’t just print. I can’t believe another year went by without that.

Damien Petrilli:

5y into SwiftUI, still no justify Text alignment.

Natalia Panferova:

For a while, presenting a form sheet in SwiftUI, equivalent to the UIModalPresentationStyle.formSheet, was a challenge. Now, with the new presentationSizing() modifier, we can easily achieve this using the form sizing option.

Andy Finnell:

I feel like SwiftUI’s Form should have been an exemplar of the power and ease-of-use of declarative UI code. It instead its a demonstration of the pitfalls.

The same code doesn’t adapt correctly across platforms. When layout goes wrong, it’s not clear how to fix it or if it can even be fixed.

alfamsome2:

I have a simple SwiftUI app that has a picker, textfield and several buttons. It is using a Enum as a focus state for the various controls. When I compile and run it on Mac Studio desktop it works as expected: Picker has initial focus, Selection in Picker changes focus to TextField, Tab key moves through buttons; last button resets to Picker

However when I run the exact same app on MacBook Pro (same version of MacOS, 14.5) it does not work at all as expected. Instead: Initial focus is set to TextField, Tab does not change the focus, Clicking on last button resets focus to TextField rather than Picker.

[Update (2024-07-25): It turns out that this was due to a different system setting.]

Andy Finnell:

Xcode previews would be super-helpful in iterating over Forms. However, I also discovered if my SwiftUI View uses macros to generate any of its code, previews don’t work at all. Doesn’t matter if I build them old-school or use the #\Preview macro.

Maybe the new preview system in Xcode 16 fixes this?

Andy Finnell:

For all of Swift’s rich static typing, SwiftUI doesn’t seem able to leverage it in ways that would make it ergonomic. Everything gets erased to a View, effectively. There’s no typing to hint at what Views would work in a specific context, or type errors about invalid combinations.

Ole Begemann:

If you want to go spelunking in SwiftUI’s .swiftinterface file (people have found interesting things in there in past years), note that there’s a new SwiftUICore.framework this year, so now there’s two files to check.
/Applications/Xcode-16.0b1.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/SwiftUICore.framework/Modules/SwiftUICore.swiftmodule/arm64-apple-ios.swiftinterface

Marcin Krzyzanowski:

My beef about today’s Swift adoption at Apple is SwiftUI. It is a framework that stands against what Swift promised to developers back in the days

slow

limited

runtime crashes if you use the wrong variable type (compile and don’t work?)

unhelpful/misleading compilation diagnostics

underlying objc frameworks crash and mem leak as it always been

bad devtools that never improved

Steve Troughton-Smith:

With SwiftUI entering its sixth year, with Apple having now revealed what this year’s change cycle will be, I haven’t seen anything that moves the needle re adopting it in existing apps if you’ve been holding off. It’s certainly improving for SwiftUI developers, and it’s getting carve-outs for things that have been pain points traditionally like gesture recognizers, but it doesn’t feel like an essential capital-t Transition, just a different way to make apps if that’s how you prefer it

Previously:

Accessibility Core Data iOS iOS 18 Mac macOS 15 Sequoia Programming Swift Concurrency Swift Programming Language SwiftUI

8 Comments

Tuesday, July 23, 2024

Google Breaking URL Shortener Links

Google:

In 2018, we announced the deprecation and transition of Google URL Shortener because of the changes we’ve seen in how people find content on the internet, and the number of new popular URL shortening services that emerged in that time. This meant that we no longer accepted new URLs to shorten but that we would continue serving existing URLs.
Today, the time has come to turn off the serving portion of Google URL Shortener.

[…]

Note that the interstitial page may cause disruptions in the current flow of your goo.gl links. For example, if you are using other 302 redirects, the interstitial page may prevent the redirect flow from completing correctly.

Stephen Hackett:

A lot things on the Internet are going to break next fall. I know people like using short URLs for social media, or to hide tracking parameters, but this yet another example of why they are a bad idea.

Jess Weatherbed:

When Google announced in 2018 that it was shutting down goo.gl, the company encouraged developers to migrate to Firebase Dynamic Links (FDL) — which has also since been deprecated.

John Gruber:

How much money could it possible cost to just keep this service running in perpetuity? Tim Berners-Lee wrote his seminal essay, “Cool URIs Don’t Change” back in 1998. It’s bad enough when companies go out of business, taking their web servers down with them. But Google isn’t struggling financially.

Dare Obasanjo:

Google continues its epic run of reminding people why you should never depend on their services.

Previously:

Datacide Google Sunset URL Web

8 Comments

Scaling Back Apple TV+ Content

Hartley Charlton:

Apple is in active talks to license more films from major Hollywood studios as it seeks to bolster Apple TV+, according to Bloomberg.
Apple has traditionally focused on original productions for its streaming platform, but it is increasingly looking to expand its offerings by acquiring programming from the extensive libraries of established studios, sources familiar with the matter claim.

Hartley Charlton (Hacker News):

Apple is scaling back its Hollywood spending after investing over $20 billion in original programming with limited success, Bloomberg reports.
This shift comes after the streaming service, which launched in 2019, struggled to capture a significant share of the market, accounting for only 0.2% of TV viewership in the U.S., compared to Netflix’s 8%. Despite heavy investment, critical acclaim, and numerous award nominations, Apple TV+ purportedly generates less viewing in one month than Netflix does in a single day.
[…]
The company’s new strategy is said to involve tighter budget controls and a more cautious approach to spending. This includes paying less upfront for shows, being quicker to cancel underperforming series, and delaying productions to manage costs better.

The report doesn’t say what the revenue is.

I still find it frustrating that so many billions were spent on this and the car project when so many parts of Apple’s operating systems, apps, and developer services seem under-resourced.

M.G. Siegler:

This one, I’d argue, has just as much to do with Apple being awful at marketing their content. Which is wild given that it’s Apple! The company perhaps best known for its marketing prowess – of any company in the world! They can’t seem to crack the Hollywood nut here for whatever reason. This is anecdotal, but no one seemed to know about Fly Me to the Moon. You obviously won’t go to see what you don’t even know is out. Again, in those old days people would go to see whatever was playing. That’s not the case any longer.

Damien Petrilli:

Over the past 5y, I have been spammed non stop with “free trials” in the system and the TV app constantly default to the Apple TV+ service tab instead of my library.

Also saw ads for Apple TV+ on multiple websites.

It seems like owning the platform hasn’t helped as much as people expected.

M.G. Siegler:

I talk around these parts ad nauseam about how the quality of the Apple TV+ content is actually quite strong. Pound-for-pound, they may even be the best right now given that Warner Bros Discovery has merged HBO into the Max machine. But it sounds like even Apple, the most valuable and profitable company in the world, has to answer to the ROI gods[…]
[…]
It would be very interesting to know if and how Apple actually tracks such things. Fittingly, a WSJ report from yesterday about Amazon’s Alexa/Echo spend is predicated around “DSI” or “downstream impact” – that is the notion that you shouldn’t just measure the revenue brought in from device sales, but also how those devices impact tangential sales for Amazon. The article is about how after years of such metrics covering Alexa’s ass, Andy Jassy has thrown it out in order to try to turn Alexa into an actual business. Will Apple eventually feel the same? Do they already, hence the belt tightening?

Dare Obasanjo:

Amazon lost $5B a year on Alexa devices between 2017 and 2021 with 10,000 people working on it.

After a decade, voice has not become the next major software platform nor has Alexa helped Amazon’s retail business. It’s instead been a massive money losing business for Amazon.

With Bezos gone, Andy Jassy has cranked up the pressure on Amazon’s devices businesses to focus on profitability. It’s since been hit by multiple layoffs and product cancellations.

Previously:

Apple Services Apple TV+ Business iOS Mac

14 Comments

India Calls Out App Store

Aditya Kalra (via Ryan Christoffel):

An investigation by India’s antitrust body has found that Apple exploited its dominant position in the market for app stores on its iOS operating system, engaging “in abusive conduct and practices”, a confidential report seen by Reuters showed.
The Competition Commission of India (CCI) has been investigating Apple Inc, opens new tab since 2021 for possibly abusing its dominant position in the apps market by forcing developers to use its proprietary in-app purchase system.

Michael Love:

That’s OK, if India is too mean to them Apple can just start withholding features and/or pull out of the country. Like they’re going to do in the EU.

Previously:

No Apple Intelligence or iPhone Mirroring in EU at Launch

Antitrust App Store In-App Purchase India iOS iOS 17

5 Comments

Monday, July 22, 2024

Taboola + Apple News

Sara Fischer (Hacker News):

Ad tech giant Taboola has struck a deal with Apple to power native advertising within the Apple News and Apple Stocks apps, Taboola founder and CEO Adam Singolda told Axios.
[…]
The deal is also a recognition from Apple that growing its ad business will require a serious sales operation — one that, if Apple doesn’t build internally, will need to be outsourced.
[…]
This isn’t the first time Apple has worked with a third party on ad sales. Before working with Taboola, Apple had an exclusive deal with NBCUniversal to sell ads for Apple Stocks and Apple News.

Om Malik:

I’ve been a happy Apple One customer. It made perfect sense to sign up for the package considering I was paying for Apple TV+, Apple Music, and iCloud storage. For an extra couple of dollars, I could get Apple News+, so I thought why not. That ended today when I learned that Apple had struck a deal with Taboola, a company known for serving low-quality ads next to web content. I decided to cut bait.

[…]

If you look at Facebook’s ARPU in the U.S. and Canada, it is hovering around $54 or about $4.50 a month. There’s no way Apple News and Stocks are as good at monetizing from advertising or have the market power to extract better advertising pricing. If they did, then they wouldn’t be partnering with Taboola. It makes more sense for Apple to charge a few dollars more from its Apple News customers and eschew all advertising. That’s almost a better business decision and actually maintains brand integrity.

Nick Heer:

Then again, services revenue seems to have compelled Apple to do lots of things which previously felt wrong. It has a credit card with interest rates currently between 19.24% and 29.49%. It aggressively advertises its services in its operating systems to the detriment of users’ experiences.

These moves may not feel like they fit Apple’s brand if your impression of it was formed more than ten years ago. There is no use protesting that they are out of character, however, when priorities like these feel like they represent today’s Apple.

M.G. Siegler:

The typical Taboola ads you see around the web – “chumbox” as they’re called, which is just a great way to frame them – are terrible. They’re visual reminders of the worst tendencies of humanity. They’re clickbait, productized to the max. So yes, it is shocking that Apple would partner with the company responsible for spreading these around the web.
But it’s also quite possible that Apple is going to heavily restrict the kind of ads Taboola can serve up.

Eric Schwarz:

Apple News as a whole (both the free version and the “plus” version) just isn’t very good and hasn’t been for awhile. Between repeatedly surfacing content from topics and news organizations I’ve blocked and already tacky ads, it’s not a place I really want to spend time or spend money on.

John Gruber:

If you told me that the ads in Apple News have been sold by Taboola for the last few years, I’d have said, “Oh, that makes sense.” Because the ads in Apple News — at least the ones I see — already look like chumbox Taboola ads. Even worse, they’re incredibly repetitious.

senturion:

A service you pay for should have no ads let alone the shitty ads Apple adds to the News app.

Previously:

Advertising Apple News Apple One Apple Services Business iOS iOS 17 Mac macOS 14 Sonoma Stocks

3 Comments

CrowdStrike Update Causes BSOD

Rory Tingle et al.:

The ‘most serious IT outage the world has ever seen’ sparked global chaos today - with planes and trains halted, the NHS disrupted, shops closed, football teams unable to sell tickets and banks and TV channels knocked offline.

See also: Reddit, Hacker News, and Slashdot.

Qasim Nauman (Hacker News):

Frontier Airlines briefly grounded all flights on Thursday amid a major outage in Microsoft networks, which also knocked out some computer systems at low-cost carriers Allegiant Air and Sun Country Airlines.

Microsoft said on the status page for Azure, its flagship cloud computing platform, that the problem began at 5:56 p.m. and affected multiple systems for customers in the central United States.

Andrew Cunningham (Hacker News):

Airlines, payment processors, 911 call centers, TV networks, and other businesses have been scrambling this morning after a buggy update to CrowdStrike's Falcon security software caused Windows-based systems to crash with a dreaded blue screen of death (BSOD) error message.

Sergiu Gatlan (Hacker News):

The list of services impacted by the outage includes Microsoft Defender, Intune, Teams, PowerBI, Fabric, OneNote, OneDrive for Business, SharePoint Online, Windows 365, Viva Engage, Microsoft Purview, and the Microsoft 365 admin center.

Edward Zitron:

What’s happened today with Crowdstrike is completely unprecedented (and I’ll get to why shortly), and on the scale of the much-feared Y2K bug that threatened to ground the entirety of the world’s computer-based infrastructure once the Year 2000 began.
[…]
The problem here is systemic — that there is a company that the majority of people affected by this outage had no idea existed until today that Microsoft trusted to the extent that they were able to push an update that broke the back of a huge chunk of the world’s digital infrastructure.

Jowi Morales:

Southwest Airlines, the fourth largest airline in the US, is seemingly unaffected by the problematic CrowdStrike update that caused millions of computers to BSoD (Blue Screen of Death) because it used Windows 3.1.

Tim Hardwick:

The cause of the failure has been identified as an update to Crowdstrike Falcon antivirus software installed on Windows 10 PCs, but Mac and Linux machines running the same cybersecurity software have been spared.

Simon Sharwood:

CrowdStrike’s now-infamous Falcon Sensor software, which last week led to widespread outages of Windows-powered computers, has also caused crashes of Linux machines.

Tom Warren:

CrowdStrike says the issue has been identified and a fix has been deployed, but fixing these machines won’t be simple for IT admins. The root cause appears to be an update to the kernel-level driver that CrowdStrike uses to secure Windows machines. While CrowdStrike identified the issue and reverted the faulty update after “widespread reports of BSODs on Windows hosts,” it doesn’t appear to help machines that have already been impacted.

Rui Carmo:

This is why I keep telling people that third-party kernel extensions should be banned from production servers, period.

And shipping LIVE cloud updates direct to endpoints, unchecked, without any canaries?

[…]

But since most of the affected systems are in a boot loop that may well require physical (or IPMI) access to the machine.

Howard Oakley:

The macOS version of the Falcon sensor uses a kernel extension (kext) on Intel Macs prior to Big Sur, but because of the limitations of kexts on Apple silicon, it now uses an endpoint security System Extension instead.

Stefan Esser:

People pointing to EndpointSecurity framework in MacOS as the solution for the Crowdstrike problem are missing the point. ES is a typical Apple solution and basically means:anyone who can bypass it has to have exactly one exploit (chain) that will allow them to bypass ALL vendors
Sure yes running drivers in user land has less likelihood of taking down the whole system but it also means their functionality is severely limited by what API the vendor provided. Apple is simply gatekeeper in one more area of their devices.
It would be sufficient for OS protection to mark drivers that crash as dirty and if this happens repeatedly boot without the driver and/or optionally allow a rollback to a previously not crashing configuration

M.G. Siegler:

The EC obviously felt they were helping out third-parties by requiring Microsoft to continue to grant the same level of kernel access that they have. And perhaps this was even a good thing for end-users as these companies could cover security bases that Microsoft wouldn't, for whatever reason – security in general, of course, has not been a Microsoft strong suit, of late. But there are also often unintended consequences of such actions. In this case, a third-party service with a single code-push could take out millions of machines overnight and thus, cripple key infrastructure around the world.

Ben Thompson:

Fast forward nearly two decades, and while Symantec and McAfee are still around, there is a new wave of cloud-based security companies that dominate the space, including CrowdStrike; Windows is much more secure than it used to be, but after the disastrous 2000s, a wave of regulations were imposed on companies requiring them to adhere to a host of requirements that are best met by subscribing to an all-in-one solution that checks all of the relevant boxes, and CrowdStrike fits the bill. What is the same is kernel-level access, and that brings us to last week’s disaster.

Tavis Ormandy:

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though… like what’s up with the DEI stuff, and who says “stack trace dump”? Let’s take a closer look…

Patrick Wardle (tweet, Hacker News):

I don’t do Windows but here are some (initial) details about why the CrowdStrike’s CSAgent.sys crashed.

Aleksey Shipilëv:

“Professional programmers” focusing on CrowdStrike disassembly/language is a coping mechanism that protects them from realizing that there is a remotely updated 3rd party kernel module that is deployed on significant part of the world. That is why real postmortems are important.

Bryan Cantrill:

The CrowdStrike BSOD fiasco is extraordinary in its scale and scope; on Monday’s Oxide and Friends, @ahl and I will be joined by security researcher and @LutaSecurity CEO @k8em0 to help us sort through the many layers of this mess

Swift 6 Announced

What’s new in Swift:

We’ll briefly go through a history of Swift over the past decade, and show you how the community has grown through workgroups, expanded the package ecosystem, and increased platform support. We’ll introduce you to a new language mode that achieves data-race safety by default, and a language subset that lets you run Swift on highly constrained systems. We’ll also explore some language updates including noncopyable types, typed throws, and improved C++ interoperability.

Migrate your app to Swift 6:

Experience Swift 6 migration in action as we update an existing sample app. Learn how to migrate incrementally, module by module, and how the compiler helps you identify code that's at risk of data races. Discover different techniques for ensuring clear isolation boundaries and eliminating concurrent access to shared mutable state.

Explore Swift performance:

Discover how Swift balances abstraction and performance. Learn what elements of performance to consider and how the Swift optimizer affects them. Explore the different features of Swift and how they’re implemented to further understand the tradeoffs available that can impact performance.

Demystify explicitly built modules:

Explore how builds are changing in Xcode 16 with explicitly built modules. Discover how modules are used to build your code, how explicitly built modules improve transparency in compilation tasks, and how you can optimize your build by sharing modules across targets.

Paul Hudson (list):

2024 is Swift’s 10th anniversary, and for the last five of those years we’ve had no major-version Swift updates – literally half of Swift’s life has been 5.0 through to 5.10.
This is more common than you might think. In fact, several major programming languages have some kind of release that takes significantly longer than all others: Python 3 took years to arrive, PHP 6 took so long the team bailed out and jumped straight to PHP 7, and Perl 6 dragged on so much that it ended up evolving into a different language called Raku.
Swift last had major breaking changes back in Swift 3, but when enabled in full Swift’s own v6 has the potential to make Swift 3 look like a walk in the park. This is partly because of new changes, but partly also because many features added in recent Swift versions have been hidden behind feature flags that will be enabled by default in Swift 6.

Migrating to Swift 6:

Swift’s concurrency system, introduced in Swift 5.5, makes asynchronous and parallel code easier to write and understand. With the Swift 6 language mode, the compiler can now guarantee that concurrent programs are free of data races. When enabled, compiler safety checks that were previously optional become required.

Adopting the Swift 6 language mode is entirely under your control on a per-target basis. Targets that build with previous modes, as well as code in other languages exposed to Swift, can all interoperate with modules that have been migrated to the Swift 6 language mode.

Joe Heck:

There is a lot of great stuff coming in the Swift programming language. I love the focus and effort on validating data-race safety, and is probably the feature set that I’ll spend the most time with. But my favorite new tidbit? Swift 6 now supports a Linux SDK and the ability to compile a stand-alone, statically linked binary.

Alex Grebenyuk:

In recent years, there’ve been some questionable changes, the latest one being Data Race Safety in its current form in Xcode 16 beta.

[…]

If you want to migrate a large codebase to support Swift 6 mode, you need to fix thousands of compiler warnings that become errors once you enable this mode. For example, if you have any global variables, they are now errors.

[…]

In the ideal world, I would love to have more granular control over the types of warnings and errors the compiler produces, depending on what you can tolerate in your project. If data race safety is a compelling enough feature, people will enable it. There are also questions about whether it should be enabled by default and whether its current design can allow it to be enabled by default considering the lack of progressive disclosure.

[…]

Speaking about compile time, one of Swift’s original premises was that it was “fast,” and you would expect it to apply to the compile time. However, with the current slow compilation, developers have to go to extreme lengths to work this around, including reinventing header files by creating protocol-only modules, which Swift was designed to eliminate. If there was a way to disable some of the language features to improve compile time, I would do it in an instant. I’m bringing this up because I wonder what the impact of data race safety is going to be, especially once it gets upgraded with more advanced techniques for eliminating false positives.

Alex Grebenyuk:

For context, it took me months and multiple releases to get this ~4K lines of code somewhat compatible with Sendable and Swift 6. And I now have to revert my concurrency changes in Pulse from last week because I broke some stuff.
I’m farily certain no existing large size codebase will ever be able to fully adopt Swift Concurrency Checking and Swift 6. I would also expect a short-term rise in concurrency bugs in iOS apps.

Heath Borders:

I really love Swift the language, but if I had my way, Twitch would only have switched to Swift 2-3 years ago when static linking was easily available.
I got a lot of pressure from other devs to switch back in 2018, so we did, but we had a modularized codebase in Objective-C that we had to demodulalize in Swift bc of no static linking back then. Our clean build times used to be 90 seconds, and now it’s 8 minutes.
[…]
People would be mad if we were still in Objective-C, but I think that’s bc they’d see all the cool stuff at WWDC and wouldn’t be able to use any of it. They’d rightly think they were falling behind the industry. They wouldn’t be as marketable in other jobs.
The main reason for Swift is because everyone else is using it.

Helge Heß:

No, it is because of:

> fighting the direction of the platform, and fighting Apple is generally a losing game

This is IMO not rooted in preferences of developers.

A big issue here is that Apple ties features to the language (and unlike ObjC, Swift has no FFI). The Apple platform developer tooling is a closed system and Apple exploits that to lock devs into their own things over alternatives, regardless of quality.

Previously:

Update (2024-07-23): Drew McCormack:

It is a risky time for Swift. They are channeling enormous resources into solving multi-threading at compile time, but the remedy is worse than the sickness. They are introducing a whole different problem: systemic race conditions. Interleaving of async functions. These are much more difficult to track down IMO. I am literally breaking my head on some of these things. Without a transactional system like dispatch, you end up with something more complex than multithreading.

Language Design Programming Swift Concurrency Swift Programming Language

6 Comments

Friday, July 19, 2024

Google Docs Can Import and Export Markdown

Google (via Hacker News):

In 2022, we introduced expanded support for composing with Markdown in Google Docs on web. Today, we’re introducing highly-requested features that enhance Docs’ interoperability with other Markdown supporting tools. These include the ability to:
Convert Markdown to Docs content on paste
Copy Docs content as Markdown
Export a Doc as Markdown (from File > Download)
Import Markdown as a Doc (from File > Open or “Open with Google Docs” from Drive)

This sounds great, reminiscent of OmniFocus’s support for TaskPaper. You can collaborate on a big document in Google Docs and then convert it to a more useful format. And it’s also great to be able to copy and paste little snippets, as Markdown has become kind of an interchange micro format for formatted text.

Google Docs Markdown OmniFocus TaskPaper Web

3 Comments

iDOS 3 Still Rejected From the App Store, Despite UTM

Litchie (Hacker News):

Appeal was rejected by App Review Board: “We understand that you might disagree with our findings. However, the app still provides emulator functionality but is not emulating a retro game console specifically. Only emulators of retro game consoles are appropriate per guideline 4.7.” As to why UTM was approved but not iDOS, they wrote: “If you believe that you have identified apps that don’t comply with the App Review Guidelines, you may use the Report an app form at any time to report trust and safety concerns for apps on the App Store.” Thanks, but no, that is ridiculous, I have zero concern about trust and safety running an emulator.

Christina Warren:

This is so bogus. UTM SE gets into the App Store after it was accepted into @rileytestut’s Alt Store but iDOS 3 is still not allowed. Just bogus.

alanlammiman:

Our app Sticky has been rejected based on guideline 4.7 too. We are a social media app and included HTML5 games. Apple kept claiming that “offering HTML5 games appears to be the primary purpose of your app” which is not the case (certainly not in the update we are submitting) as we have several other features with equal weight. The changes to guideline 4.7 which allow HTML5 mini-games or mini-apps and which allow emulators were made in late January of this year, shortly before the US DOJ antitrust suit, where these issues are central, was filed (March). I imagine Apple changed the guideline for a legal or PR reason related to that suit, but does not really want to follow its own updated guidelines and so is finding every excuse it possibly can to reject emulators and apps with HTML5 mini-games/mini-apps. In our case, after the appeal, we were called up by someone from Apple who started the call saying they did not consent to it being recorded (how’s that for inspiring trust?), who walked-back what they had said about HTML5 (and of course they did not put that in writing in the message they sent afterwards), but then came up with a couple of brand-new reasons for keeping our update off the store: claiming that we had changed the app concept… because our app was different some 4 years ago and hundreds of updates ago when it started! And including mentioning rule 4.7 regarding emulators… which we are not and do not claim to be!

Previously:

Update (2024-07-22): Craig Grannell (Mastodon):

Apple has been inconsistent in the past with App Store rules and approvals, but this pairing is especially stark and egregious. At this point, I wouldn’t spend a single second developing an emulator for iOS. Which is probably how Apple wants it anyway.

[…]

What gets me is this is all so stupid and unnecessary. There’s clearly reluctance from somewhere senior in Apple about emulators. But then the company sort of changed its mind, yet provided no rules. It instead went for the developer-hostile “we’ll know it when we see it”. Only ‘it’ doesn’t mean anything specific. If it did, we wouldn’t currently have ZX81, C64 and MSX emulators on the App Store, given that they emulate hardware platforms that are not retro gaming consoles.

App Store App Store Rejection Emulator iDOS iOS iOS 17 iOS App MS-DOS Sticky

2 Comments

Apple Passwords App in Sequoia and iOS 18

Jay Peters (Hacker News):

Password managers are essential. They keep track of your passwords, encourage better security practices, and generally help to manage your life across your devices. They’re the kind of feature that really should be built into every device — and Apple is massively expanding their reach with the launch of its new Passwords app, announced this week at WWDC.

We have companies like 1Password and LastPass to thank for the popularity of today’s password managers. But an announcement like Apple’s puts them in a tough position: now that Apple has a free, built-in Passwords app, is there a future for the third-party apps that defined the space?

I assume they’ve been expecting a Sherlocking for a long time, which is why they pivoted to the enterprise, multiple platforms, and multi-user stuff.

I see nothing to tempt me from PasswordWallet—which has a separate long password, uses standard files, and supports HTML export, a compact UI, and auto-typing. But the new Passwords app will be nice for managing my 2FA codes and passkeys, and for family passwords. I haven’t used it extensively yet, but my initial impression is that it’s the best-feeling SwiftUI app from Apple. (Hopefully they’ll add drag and drop to groups.)

Matthias Gansrigler:

Passwords app. At last an app that is released for all of Apple’s platforms at once.

Ricky Mondello:

There’s an awesome new tool in the journey to replace passwords: Automatic passkey upgrades.
For a short window after a user signs in using Password AutoFill, apps and websites can “conditionally” request passkey creation for that same account. The Passwords app then creates a new passkey and notifies the user. No upsells or speed bumps.
All credential managers can support this! (There’s lots of new API for credential managers this year!)
[…]
Here’s how I think about this: we’ve transferred the consent-to-upgrade from being something every website secures to something that the password manager secures. Up to the password manager to decide how to talk to the user about it. In Apple’s Passwords app, users can turn this off.

System Settings in Sequoia

Malcolm Owen:

Apple has refreshed the System Settings app of macOS Sequoia, with tweaks to how it looks and performs.
[…]
The biggest difference for System Settings is that Apple has shuffled around the positioning of items in the sidebar. This does make it slightly difficult to find things if you’re used to Sonoma placements, but everything’s still findable.

[…]

While there was previously a Passwords section in System Settings, Apple has now moved it to its own dedicated Passwords app.

Jeff Johnson:

This is the System Settings “redesign” LOL

reycat (via Accidental Tech Podcast):

Network locations are back in Sequoia. 👏 👏 👏

Jeff Johnson:

System Settings Privacy & Security now show the number of apps that have access (e.g., None and 0), which is a bit of a relief.

Jeff Johnson:

Look at this ridiculous UI.

I have 5 startup disks.

Is this the oldest instance of horizontal scrolling UI in macOS? It was annoying from the beginning and is even harder to use with the larger icons.

Mario Guzmán:

New iCloud UI in System Settings.

Thomas Tempelmann:

Can someone explain why macOS System Settings lets me reveal non-apps in Finder, via the (i) button, but not “Background” apps? Right-clicking there doesn’t work (that works only in the “Open at login” section). What a UI mess!

This is not fixed in Sequoia.

Mario Guzmán:

We already have to scroll a lot to get to many things due to the lazy list-y design of Setting Settings but do they have to make it so we have to scroll more? Not sure how necessary these headers are.
It’s also a header, so not sure it needs its own visual box around it or row box -- whatever you want to call it.

Ryan Jones:

iOS 18 Settings app is not really different.

big explainer headers

new Apps section

Previously:

Update (2024-07-22): Jeff Johnson:

This is macOS 15 all the time for me.

Apple Password Manager Design iOS iOS 18 Mac macOS 15 Sequoia Software Update System Preferences Transparency Consent and Control (TCC)

8 Comments

Thursday, July 18, 2024

Overcast’s New Foundation

Marco Arment (Mastodon):

Today, on the tenth anniversary of Overcast 1.0, I’m happy to launch a complete rewrite and redesign of most of the iOS app, built to carry Overcast into the next decade — and hopefully beyond.
[…]
Much faster, more responsive, more reliable, and more accessible.
Modern design, optimized for easily-reached controls on today’s phone sizes.
Improvements throughout, such as undoing large seeks, new playlist-priority options, easier navigation, and more.
[…]

The last few missing features from the old app, such as Shortcuts support, storage management, and OPML. These are absent now, but will return soon.

[…]

For Overcast to have a future, it needed a modern foundation for its second decade. I’ve spent the past 18 months rebuilding most of the app with Swift, SwiftUI, Blackbird, and modern Swift concurrency.
Now, development is rapidly accelerating. I’m more responsive, iterating more quickly, and ultimately making the app much better.

Overcast is one of my favorite apps, and I expect to like this version, too. However, after hearing about the self-imposed anniversary deadline, the smaller beta group and short beta period, and some unimplemented old features, I’m delaying for a bit. I’m in no rush and would like to avoid any initial bugs. The App Store doesn’t offer any way to downgrade, so it seems like the only way to wait for a few maintenance updates is to turn off auto-updating across all apps.

Safari Private Click Measurement and Firefox Privacy-Preserving Attribution

John Wilander (2021):

A new, on-by-default feature called Private Click Measurement, or PCM, for privacy-preserving measurement of ad clicks across websites and from iOS apps to websites in iOS and iPadOS 14.5 betas.

This didn’t attract a lot of attention at the time, but now it’s getting some criticism for being opt-out and somewhat hidden in the settings. Apple words it as Allow privacy-preserving measurement of ad effectiveness, which is a bit confusing because it’s actually more private if you uncheck this. The French and Dutch localizations are apparently even more confusing because without the Allow part it sounds like you are missing out on privacy features if you don’t check it.

Actually, as far as I can tell, the benefit to checking the box is that it sends more information to advertisers and that this improves the economics of content creation while reducing the incentives for more intrusive tracking. If all browsers and sites are good citizens and support this, aggregate privacy should improve, even though at the micro level you are at best revealing more information in a way that doesn’t actually affect you.

Now it’s big news because Firefox added a similar option.

Lokjo (Hacker News):

Firefox is just another US-corporate product with an ‘open source’ sticker on it.
Their version 128 update has auto checked a new little privacy breach setting.

Jonah Aragon (Hacker News):

Less than a month after acquiring the AdTech company Anonym, Mozilla has added special software co-authored by Meta and built for the advertising industry directly to the latest release of Firefox, in an experimental trial you have to opt out of manually. This “Privacy-Preserving Attribution” (PPA) API adds another tool to the arsenal of tracking features that advertisers can use, which is thwarted by traditional content blocking extensions.

Moritz Förster (Hacker News):

What may sound good on paper does not go down well with many users for several reasons: Firstly, Firefox automatically delivers the Privacy-Preserving Attribution (PPA) with the update to the new version, despite the “experimental” label. More serious, however, is the fact that Mozilla also activates the feature directly - users must therefore deactivate the PPA manually by opting out.

Bobby Holley, Firefox CTO (Hacker News):

Most users just accept the defaults they’re given, and framing the issue as one of individual responsibility is a great way to mollify savvy users while ensuring that most peoples’ privacy remains compromised. Cookie banners are a good example of where this thinking ends up.

Whatever opinion you may have of advertising as an economic model, it’s a powerful industry that’s not going to pack up and go away. A mechanism for advertisers to accomplish their goals in a way that did not entail gathering a bunch of personal data would be a profound improvement to the Internet we have today, and so we’ve invested a significant amount of technical effort into trying to figure it out.

The devil is in the details, and not everything that claims to be privacy-preserving actually is. We’ve published extensive analyses of how certain other proposals in this vein come up short. But rather than just taking shots, we’re also trying to design a system that actually meets the bar. We’ve been collaborating with Meta on this, because any successful mechanism will need to be actually useful to advertisers, and designing something that Mozilla and Meta are simultaneously happy with is a good indicator we’ve hit the mark.

ozjimbob:

I think the issue I see is; this may well be a better way. But advertisers aren’t going to quit the arms race either, quit what they currently do and switch to this. They will use this but also continue the bloated, privacy-invading malware ads. So now we have two problems, not one.

Safari Private Browsing 2.0

John Wilander et al. (Mastodon):

These are the protections and defenses added to Private Browsing in Safari 17.0:

Link Tracking Protection

Blocking network loads of known trackers, including CNAME-cloaked known trackers

Advanced Fingerprinting Protection

Extensions with website or history access are off by default

In addition, we added these protections and defenses in all browsing modes:

Capped lifetime of cookies set in responses from cloaked third-party IP addresses

Partitioned SessionStorage

Partitioned blob URLs (starting in Safari 17.2)

We also expanded Web AdAttributionKit (formerly Private Click Measurement) as a replacement for tracking parameters in URL to help developers understand the performance of their marketing campaigns even under Private Browsing.

Kyle Howells:

Seriously considering switching from Safari to Chrome or Firefox because EVERY TIME I visit most websites I’m logged out.
Safari’s stupidly over aggressive privacy policy of purging cookies after 7 days turns out to be quicker than I visit most sites.

Jeff Johnson:

I don’t use 1password, but I signed up for a trial a few days ago to diagnose an issue. Just got this email. What an indictment of Safari!

Steve Troughton-Smith:

I don’t know if Safari has just fundamentally broken the web, or if sites are just detecting Safari and clearing their own cookies to get a tracking refresh. It’s got worse and worse to browse with

I’ve been seeing this logout problem with Safari for years, and it’s gotten especially bad in the last few months.

Kyle Howells:

I posted this complaint about Safari logging me out 24hrs ago.

I just had to relogin in order to post this.

Jeff Johnson:

FWIW I almost never get logged out after this:
defaults write -g WebKitExperimentalIsFirstPartyWebsiteDataRemovalDisabled -bool true
Except for App Store Connect, which uses session cookies, which affects all web browsers.

It’s in the Feature Flags now, Disable Removal of Non-Cookie Data After 7 Days of No User Interaction.
Safari may reset this on updates, but putting it in the global defaults makes it immune from reset.

This did not work for me, so I think there must be multiple issues here.

Daniel Jalkut:

For the last few weeks Safari has become nearly impossible for me to use because it logs me out of EVERYTHING and forgets my state in web apps with cookie-based storage.
When I say it logs me out, I mean several times per day! Almost every time I return to a site, I have to log in again.
Googling suggests I’m not alone, but it’s far from a universal problem.
[…]
I’ve been to hell and back investigating this, and let me just say for now that if you suffer from this problem, I think turning ON the “Prevent cross-site tracking” preference in Safari will alleviate it.

He seems to have found a bug where turning off the extra privacy—which I did long ago to try to make Safari compatible with more sites—triggers a bug where Safari inappropriately deletes saved data.

Jeff Johnson:

“Private Browsing uses Oblivious DNS over HTTPS by default, which encrypts and proxies DNS queries to protect the privacy and integrity of these lookups.”

I’m not actually seeing this in my testing. Packet traces show DNS queries still occurring in the clear. Anyone else test this?

Jeff Johnson:

Advanced tracking and fingerprinting protection is in the Safari Advanced Settings on both iOS and macOS. The setting has three options: disabled, enabled in private browsing, or enabled in all browsing. Last year I wrote about why I disabled advanced tracking and fingerprinting protection in Safari. This year I found another reason: it breaks my Safari extension StopTheMadness Pro!
[…]
The way advanced tracking and fingerprinting protection appears to work is that if it blocks at least one third-party tracking script on a web page, then it also prevents every third-party script on the page from accessing the URL query string.
[…]
The problem with this “protection” is that it can break innocent third-party scripts. Even worse, Safari extension content scripts are treated as third party!

Previously:

Update (2024-07-22): Kyle Howells:

The big problem with things like “Advanced tracking and fingerprinting protection” in Safari, is they are basically a fancy way of saying
“We worked out how to break as much of the webpage as possible, without you actually noticing anything is wrong”
Except they now disable, or break so many things that Safari is starting to just become a horrible unreliable web browser to use.

Kyle Howells:

In the last few days I’ve had to re-login to:
Google 5 times
reddit 4 times
mastodon 4 times
YouTube 3 times
Github 3 times
This can’t just be the privacy measures, this has to be an actual bug.
Except I haven’t installed a macOS update recently, so in theory nothing has changed?

This is the type of thing that I’ve been seeing lately, though worse. Turning on Prevent cross-site tracking seems to have helped a bit but did not fix the problem. I’m currently trying the voodoo of disabling the Develop menu.

Advertising Bug iOS iOS 17 Mac macOS 14 Sonoma Privacy Safari Safari Extensions StopTheMadness

7 Comments

Safari 18 Announced

Apple:

Safari, the world’s fastest browser, now offers Highlights, an even easier way to discover information on the web, such as directions, summaries, or quick links to learn more about people, music, movies, and TV shows. A redesigned Reader includes even more ways to enjoy articles without distractions, featuring a streamlined view of the article a user is reading, a summary, and a table of contents for longer articles. And when Safari detects a video on the page, Viewer helps users put it front and center, while still giving them full access to system playback controls, including Picture in Picture.

Jen Simmons et al.:

Now, we are pleased to announce WebKit for Safari 18 beta. It adds another 48 web platform features, as well as 18 deprecations and 174 bug fixes.

[…]

macOS Sequoia beta adds support for opening links directly in web apps. Now, when a user clicks a link, if it matches the scope of a web app that the user has added to their Dock, that link will open in the web app instead of their default web browser.

[…]

Now you can personalize web apps on Mac with Safari Web Extensions and Content Blockers.

Jeff Johnson:

Note that this new feature does not apply to home screen apps on iOS 18. It’s Mac-only.
My blog post The four types of Safari extension explained the difference between Safari content blockers, Safari web extensions, Safari app extensions, and the discontinued Safariextz format. My own Homecoming for Mastodon is a Safari web extension, and StopTheFonts is a Safari content blocker, so those now work in Safari web apps on macOS 15. However, StopTheMadness Pro and StopTheScript are Safari app extensions, which means that they don’t work in Safari web apps, unfortunately. You probably don’t need StopTheScript in a web app, but StopTheMadness Pro would be nice, wouldn’t it? If you want StopTheMadness Pro in Safari web apps, let Apple know that they should support Safari app extensions too!

Christina Warren:

You know what would make Safari great? Support for ublock origin.

Corey Quinn:

And custom search engines.

Nicolas Magand:

Still no mention of search improvements on Safari. This is a wait and see situation and I hope more details will come out about Safari and if custom search engine settings are available, or at least more options than just Google and Bing-related search engines.

Jen Simmons et al.:

WebKit for Safari 18 beta adds support for three new features as we continue to improve passkeys. First, Safari 18 beta adds support for using mediation=conditional for web authentication credential creation. This allows websites to automatically upgrade existing password-based accounts to use passkeys.

Juli Clover:

With the new Passwords app in iOS 18, iPadOS 18, and macOS Sequoia, there’s a feature that is designed to allow websites and apps to upgrade existing accounts to passkeys automatically.
Enabled by default, the feature will speed up the adoption of passkeys, which are more secure than a traditional login and password.

Daniel Jalkut:

The only feature anybody REALLY wants from Safari is “Now works with every site Chrome does.”

Previously:

Apple Intelligence Apple Software Announcement iOS iOS 18 Mac macOS 15 Sequoia Passkeys Safari Safari Extensions StopTheMadness WebKit

6 Comments

Wednesday, July 17, 2024

XCTest in Xcode 16

Jesse Squires:

The first is waitForNonExistence(withTimeout:), which provides the inverse of the existing waitForExistence(timeout:) API. Finally! This is such a welcome change. Often in UI testing it is more semantic to wait for an element to disappear rather than appear — for example, waiting for a loading indicator or waiting for a UIContentUnavailableView to disappear. Previously, you would have to roll your own implementation or awkwardly use waitForExistence(timeout:) and negate the result — both options are cumbersome and inefficient.
[…]
The second new API is wait(for:toEqual:timeout:), which waits for a property value of an element to equal a new value. This is useful for when the contents of an existing view should be updated and you want to verify the update happened. The most common use case here is likely for checking the contents of labels, text fields, or text views that change based on state updates or user interaction. Previously, there was not a great way to achieve this without introducing artificial timeouts in your test, or changing the UI element’s .accessibilityIdentifier in your app when its contents updated and then checking for the existence of the new identifier.

But he says that the latter currently doesn’t work.

Previously:

Mac macOS 15 Sequoia Programming Testing Xcode

Comments

Swift Testing in Xcode 16

Stuart Montgomery (September 2023):

I’m excited to announce a new open source project exploring improvements to the testing experience for Swift.

John McCall:

I’m pleased to announce that the Swift project has accepted a vision document for A New Direction for Testing in Swift.

The vision:

It should gracefully coexist with projects that use XCTest or other testing libraries and allow incremental adoption so that users can transition at their own pace.

[…]

When a test fails, it should collect and show as much relevant information as reasonably possible, especially since it may not reproduce reliably.

[…]

There must be a way to carefully store per-test data, to ensure it is isolated to a single test and initialized deterministically to avoid unexpected dependencies or failures.

[…]

Many tests consist of a template with minor variations—for example, invoking a function multiple times with different arguments each time and validating the result of each invocation. A testing library should make this pattern easy to apply, and include detailed reporting so a failure during a single argument is represented clearly.

[…]

Depending on the library, these APIs may be called “assertions”, “expectations”, “checks”, “requirements”, “matchers“, or other names. In this document we refer to them as expectations.

What XCTest called “assertions” are now called “expectations,” what XCTest called “expectations” are now called “confirmations,” and what XCTest called “messages” are now called “comments.” As with SwiftData, it’s not clear to me that these renamings are accomplishing much.

Some specifics:

@Test and @Suite attached macros: These declare test functions and suite types, respectively.
Traits: Values passed to @Test or @Suite which customize the behavior of test functions or suite types.
Expectations #expect and #require: expression macros which validate expected conditions and report failures.

I had hoped that Swift’s runtime features would be enhanced to the point where XCTest-style test discovery would be possible. Instead, it’s being done through macros.

Likewise, the trait stuff appears to be done through special-purpose macros rather than a general way of attaching metadata to functions.

I like the distinction between #require, which halts execution of the test, and #expect, which allows it to continue running and report more failures. #require is also used for unwrapping.

In existing test solutions available to Swift developers, there is limited diagnostic information available for a failed expectation such as assert(2 < 1). The expression is reduced at runtime to a simple boolean value with no context (such as the original source code) available to include in a test’s output.

[…]

We can also extract the components of an expression like a.contains(b) and, on failure, report the value of a and b.

There are two different things going on here. First, XCTest had a large number of macros with verbose names for different kinds of assertions (and object vs. primitive types). It has always been unergonomic, even compared with predecessors such as JUnit and its Objective-C ports. Swift Testing spells almost all of these as simply #expect, which is great. But it’s not clear to me why it took a decade to make this sort of ergonomic improvement. I’ve long been using very short names like eq() and overloads to achieve much the same effect. This was not really possible with Objective-C (without polluting the namespace) because you need macros (which are top-level) in order to capture the source location. But Swift can do this with methods on the test class. It can also use autoclosures to avoid evaluating the failure message on success.

The second cool thing is that, with XCTest, any values that were not passed as arguments to the assertion would be lost at runtime. To get detailed failure information you had to write extra code. Swift Testing’s #expect macro can look at the structure of the expression to extract these values (as well as how they were being used) automatically. This is a killer feature, which I first saw in Python nearly 20 years ago via pytest and once used to test my Objective-C code, too. (Python doesn’t have macros, but import hooks can modify the parsed AST before compilation.)

I’m not sure how to square the principle of scalability with the heavy use of macros and their effect on compilation time. There are also issues with runtime performance, though those seem more easily solveable.

Swift Testing ships with Xcode 16 and has two WWDC videos and a repo.

Rachel Brindle:

My current spike: Implementing a BDD DSL on top of Swift Testing using resultbuilders.

[…]

Already filed my first issue: The Test struct needs a public initializer.

Jonathan Grynspan:

One of the downsides of having a public initializer for Test is that it encourages people to use it. But since it doesn’t produce an instance of Test that’s visible to Swift Testing’s infrastructural layer, there’s no actual way to run it.

It’s a continual worry with Swift and Swift-based APIs that third-party developers will get locked out.

Xcode 16 Announced

Apple:

Discover the latest productivity and performance improvements in Xcode 16. Learn about enhancements to code completion, diagnostics, and Xcode Previews. Find out more about updates in builds and explore improvements in debugging and Instruments.

See also: Download, Release Notes, Updates.

• • •

Adam Bell:

The new Xcode 16 AI autocomplete tech is actually really slick when it has contextual awareness.

Oskar:

First look at AI autocomplete in Xcode 16. It feels really nice to have Tab fill in actual code, and it stays mostly on task. However the speed isn’t great and it does hallucinate a lot. For example, in this run it tried to use a view that did not exist.
It also tries to use UIKit in a Mac app…

Jonathan Wight:

Xcode’s AI code completions are by far the worst AI based code completions I’ve come across.
It just totally hallucinates bullshit code with 100% confidence.

• • •

John Voorhees:

Swift Assist allows developers to type a natural language prompt to generate code and UIs. Code can even be created from the text of a developer’s inline comment. The model that powers Swift Assist has an awareness of the Human Interface Guidelines, Apple’s frameworks, and what Apple considers coding best practices.

Saagar Jha:

I guess if you write Objective-C you don’t get good code completion

Jesse Squires:

Kind of ridiculous that the first 2 default configurations of the latest M3 MacBook Pro (up to $1800!!!) can’t even do full Xcode 16.
Call me crazy, but I think every MacBook Pro should be able to handle all of the new Xcode things.
How does a “Pro” level laptop come with 8GB RAM by default?

• • •

Der Teilweise:

“Fixed an issue where previously resolved Swift compiler diagnostics would reappear in the log and issue navigator in subsequent builds. (119533281)” [I want to believe.]

Marcin Krzyzanowski:

I……… don’t think Xcode 16 actually “fixed an issue where previously resolved Swift compiler diagnostics would reappear in the log and issue navigator in subsequent builds (119533281)”

I’m not finding this to be fixed, either. I’m also still seeing the same spurious errors related to conditional compilation in Swift.

Craig Hockenberry:

If you see the error below when switching SwiftUI previews from a macOS target to an iOS target the following WILL NOT help:

Cleaning the build

Killing CoreSimulator processes

Quitting and restarting Xcode

What WILL work is finding another tab with a hidden preview canvas for the wrong platform. And the subsequent swearing.

• • •

Keith Harrison:

Xcode 16 introduces an experimental setting to explicitly build Swift modules. Here’s my notes from trying it out.

[…]

This explicit discovery and build process avoids the build system having to wait for unbuilt modules. Apple also claims this makes the debugger faster as it can share the already built modules with the debugger.

[…]

I’m not sure how representative my timings are but I’m not seeing any faster builds using explicitly built modules. If anything, it’s slower than the implicit builds in my tests.

Ben Cohen:

If you’ve experienced long pauses when first inspecting variables in the debugger, you may find enabling explicit modules makes a big difference. When this is enabled, the debugger can make use of the same module files created during the build.

• • •

Matt Massicotte:

I still cannot get over it. Xcode getting EditorConfig support AND directory-based compilation. I could cry.

Everyone using local packages take note. Static libs are far more powerful, and their biggest downside is now gone.

Marin Todorov:

I certainly love this new feature in Xcode 16 🥰

Isaiah Carew:

on sequoia you can only run xcode 16 beta.

that means i can’t really install sequoia on my primary dev machine — releasing software on a beta OS with beta Xcode seems… well… bad.

dasdom:

Did you know that you can open a file from another project side by side in your current project in Xcode? The file is not copied to your current project. It is just shown in the editor.

This is especially useful with the demo code from WWDC.

James Dempsey:

It’s disappointing that side-by-side diffs have not made it back to Xcode’s source control views.

It bums me out that the user experience of GitHub on the web is more flexible than the native IDE, especially since the side-by-side diffs used to be there in Xcode.

Aaron Pearce:

Seems no big changes to Xcode Cloud this year. Was hoping to get webhooks that tell us when a build has processed.

Daniel Jalkut:

Best new feature I’ve seen in Xcode 16 Beta: simple breakpoints set in the lldb console are reflected in the UI. No need to reset them on every launch. Unfortunately, regex breakpoints are still not reflected nor settable via UI. Can I dare to dream?

Sami Samhuri:

In Xcode 16 beta 1 the keyboard shortcuts ctrl-n and ctrl-p no longer let you select a completion suggestion, and instead they move the cursor. It bugs me so much I actually filed a feedback. Please dupe if you use those too! I’d hate to have to start using the arrow keys for this.

Der Teilweise:

Oh, in case you wonder why you never heard of @retroactive that is supported in Xcode 16b1: It’s from an enhancement that is currently in review. It’s not mentioned in the Swift 6 migration guide. It is required if you want to use a CNContactViewController.

bjosh:

This wasted 2 days of development time, but in WKNavigationDelegate, the webView(_:decidePolicyFor:decisionHandler:) method has a new type signature that will ONLY work in the latest SDK. The change was that the decisionHandler now has a @MainActor attribute. This causes Swift to recognize that it “almost” meets an optional requirement and suggests that you change it. If you change it, it will cause builds to not include the optional method.

Previously:

Update (2024-07-18): Apple:

Apple Intelligence features are not supported on Virtual Machines and Simulators.

Apple Event Apple Intelligence Apple Software Announcement Contacts Debugging iOS iOS 18 macOS 10.12 Sierra macOS 15 Sequoia Programming Swift Programming Language Transparency Consent and Control (TCC) WebKit WWDC Xcode Xcode Cloud

7 Comments

Mac Marketshare in Q2 2024

William Gallagher:

Overall, the global PC market grew by 3.4% year on year in Q2 2024, for a total of 62.8 million shipped. Of those, laptops represented 50 million, which by itself is a 4% rise YoY.

Global desktop computer shipments rose by 1% to reach 12.8 million.

Across both laptops and desktops, Apple came in fourth with shipments of 5.5 million. That gave it a 9% market share, which is a 6% increase on the same period in 2023.

Jason Snell:

Apple has been outpacing the PC market for years now, but with the overall market now growing and the possibility of a sales spurt due to the introduction of Copilot Plus PCs, it’ll be interesting to see how Apple fares overall.

Previously:

Mac macOS 14 Sonoma Marketshare

Comments

Tuesday, July 16, 2024

macOS 15 Sequoia Public Beta

Juli Clover:

Apple today released the first beta of an upcoming macOS Sequoia update to its public beta testing group, giving the general public a chance to try out the new operating system's features ahead of its fall launch. The first public beta includes the same content as the third developer beta.

[…]

All of the Apple Intelligence features coming to iOS 18 will also be available in macOS Sequoia , but Apple does not plan to add these until later in the beta testing process. Apple Intelligence includes Writing Tools for editing, proofreading, and summarizing text in apps, and an Image Playground allows for AI images to be created from prompts.

Here are the release notes. Curiously, there was just a second developer beta 3 update. It’s really frustrating that they’re calling this a beta, and presumably not moving the release date back, even though it’s far from feature complete.

Jason Snell:

Every so often, Apple comes out with a new operating system feature that takes me completely by surprise. So it is with iPhone Mirroring, a new app that lets you view and operate your iPhone from the comfort of your Mac.

[…]

The screen appears flawless, operating at high frame rates and even transmitting audio back to the Mac. I was able to click around and play games as if I were running the apps right on my Mac.

That said, I did encounter some issues. Apple says that the screen will automatically rotate into horizontal orientation when an app requires it, which I found to be true, but there seems to be no way to force a rotation when you’d prefer to use an app horizontally that also works vertically. I also couldn’t seem to bring up Control Center, enter “jiggle mode” to move or remove apps or widgets. And when I was in horizontal orientation, I kind of wished I could make the window bigger—even if all it did was blow up the content from the iPhone.

[…]

Depending on how you feel about the new Photos app interface—and it’s definitely got some issues—it might be a blessing that Apple has passed over the Mac. But I don’t love the idea that at last, Apple’s building a proper tool for removing background clutter for images… and apparently the Mac’s not going to get that feature this year?

John Voorhees:

iPhone Mirroring isn’t a feature I’ve found myself using daily, but it can come in handy. For instance, the app that controls my Roomba isn’t available on the Mac. When the vacuum is on another floor of my house, I like to check in on it to see if it’s gotten stuck or needs emptying. In the past, that has meant checking the app on my iPhone from time to time as the Roomba does its thing. With iPhone Mirroring, I can simply open that app in a window on my Mac and flip over to it for a quick status check now and then. It’s still an interruption of what I’m doing, but it’s less so than grabbing my iPhone.

As much as I’ve enjoyed iPhone Mirroring, it has been buggy. In fact, for most of the past week, it didn’t work at all. […] Nothing I tried would fix the problem until, on a whim, I opened the microphone access section of my Mac’s System Settings and toggled microphone access off and then on again for one random app I haven’t used in months, which fixed it.

[…]

Why it took macOS until 2024 to include basic window tiling is beyond me, but it will finally arrive with Sequoia, and it is nicely done. There are too many third-party apps that have filled this gap in macOS to list, but as well as window tiling is implemented in Sequoia, I don’t think the best third-party apps have anything to worry about.

Previously:

Update (2024-07-25): Norbert Doerner:

The ugly “System Settings.app” claims that the Mac is not connected to the Internet, which is utter crap, as it is.
And then it claims my Apple ID is not enrolled in the dev programme, which of course it is.
[…]
Two hours and another FIVE reboots later, macOS 15 was finally able to download something[…] But after ANOTHER two hours, it was still stuck there, nothing moving.

Apple Intelligence iPhone Mirroring macOS 15 Sequoia macOS Beta Photos.app

4 Comments

An Ode to the Volume Swipe

M.G. Siegler:

I found myself thinking about the AirPods…

Specifically, how truly great the volume swiping mechanism is on the AirPods Pro. This must be my most-used gesture in life beyond perhaps swiping up to unlock my phone. I have AirPods in my ears a good percentage of the day and I’m constantly swiping up or down on the stems to raise or lower the volume of whatever I’m listening to. It’s so handy, literally. It’s done so casually now that it’s second-nature.

Sebastiaan de With:

Reddit comments 8 years ago, when the AirPods were first introduced. Eight years later, AirPods are a bigger business if broken out in revenue than McDonalds or Nike.

Deservedly so. Amazon currently has a Prime Day deal with AirPods Pro 2023 for $168.99 (i.e. $10 more than the original AirPods).

Previously:

Update (2024-07-18): Flo Crivello:

TIL: there are more transistors in the AirPods Pro than in the CPU of a MacBook Pro from 2010
One is a professional laptop, the other earphones running on a battery weighing about 1 gram
Moore’s Law’s one hell of a thing

NSCopyObject, the Griefer That Keeps on Griefing

Wade Tregaskis:

Almost nobody intentionally uses NSCopyObject, but your superclass might, and therefore you might.
[…]
Some guides specify a better method, which is to manually zero out the copied object’s ivars and then repopulate them via formal property setters. That actually works with or without ARC, although it may break – causing memory leaks – if the superclass ever stops using NSCopyObject (or if NSCopyObject ever gets upgraded to understand reference-counted ivars that it currently does not). It’s also only possible in Objective-C because Swift doesn’t provide direct access to instance variables.
[…]
It appears that the best you can do [in Swift] is assume the superclass will always use NSCopyObject, if it does currently, and just manually increment the retain count. Like Objective-C with ARC, the language & standard library really don’t want you to actually do this, but at least in Swift it’s relatively straightforward[…]
[…]
And yet, Apple still use NSCopyObject themselves to this very day, in their own applications and frameworks – including major frameworks like AppKit that almost all 3rd party developers rely on. NSCell is still broken, three decades later, as is NSImage & NSImageRep, and NSAnimation. Most of those are explicitly designed to be subclassed, despite Apple’s own very clear instructions to never mix subclassing with NSCopyObject.

Maybe Apple doesn’t want to dig into that old code and possibly break apps. However, with recent major changes to NSView, perhaps it’s not entirely off the table.

Previously:

Update (2024-07-17): See also: Hacker News.

Automatic Reference Counting (ARC) Cocoa iOS iOS 17 Mac macOS 14 Sonoma Objective-C Programming Swift Programming Language

2 Comments

Chromium Browsers Preferencing *.google.com Domains

Simon Willison (Hacker News):

It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the *.google.com domains - tweeted about today by Luca Casonato, but the code has been there in the public repo since October 2013 as far as I can tell.
It looks like it’s a way to let Google Hangouts (or presumably its modern predecessors) get additional information from the browser, including the current load on the user’s CPU.

Since the code is in Chromium, it also affects Brave and Edge.

Luca Casonato:

This is interesting because it is a clear violation of the idea that browser vendors should not give preference to their websites over anyone elses.

The DMA codifies this idea into law: browser vendors, as gatekeepers of the internet, must give the same capabilities to everyone.

John Gruber:

I frequently bemoan the DMA’s ambiguity but here I’d say it’s crystal clear. Chrome is a designated gatekeeping platform, and granting system-monitoring privileges only to Google’s own websites is clearly in violation. Here’s a Hacker News comment from a purported Google employee who calls the feature “mundane” while admitting that Google Meet uses it as a tool to debug bad connections, even though no other web-based meeting app has access to it. I can think of no better example proving that Google views the open web as a platform that it owns.

Previously:

Brave Chromium Debugging Digital Markets Act (DMA) Google Chrome Google Hangouts Google Meet Mac Mac App macOS 14 Sonoma Microsoft Edge Privacy Web

11 Comments

Monday, July 15, 2024

UTM SE Now in the App Store

Wes Davis (Hacker News, MacRumors):

Apple has approved UTM SE, an app for emulating a computer to run classic software and games, weeks after the company rejected it and barred it from being notarized for third-party app stores in the European Union. The app is now available for free for iOS, iPadOS, and visionOS.
After Apple rejected the app in June, the developer said it wasn’t going to keep trying because the app was “a subpar experience.” Today, UTM thanked the AltStore team for helping it and credited another developer “whose QEMU TCTI implementation was pivotal for this JIT-less build.”

Craig Grannell:

OK, now this is completely incoherent. UTM is on the App Store itself (not a third-party store), but iDOS isn’t. I hope the iDOS dev resubmits and points at UTM.

Apple looks ridiculous with all this app review stuff. Like it has no idea what it’s doing, what’s OK and what’s not OK. That might have been acceptable in 2008 when it was figuring things out. But not in 2024.

Jorge Salvador Caffarena:

Apple saw that they were going to be forced to notarize UTM for the EU alternative stores, AltStore, and as with Delta figured is better to allow it on the official App Store to undermine AltStore. That’s what’s happening over and over.

Riley Testut:

Thanks Apple for once again proving the best way to change the App Store rules is to submit an app to AltStore :)

Craig Grannell:

App Store review is inconsistent at the best of times, but the situation with emulation is now beyond absurd. The MAME4iOS dev says their app has been rejected multiple times for ‘spam’.

[…]

But who’s to say Apple won’t change its mind next week, depending on what it thinks it can get away with? And I do wonder what will happen if someone dares to submit an Apple II or Mac emulator for review. Perhaps they should submit it to AltStore first – that at least appears to make Apple rethink.

[…]

And Apple’s ridiculous review stance means great devs won’t bother making emulators for iPhone and iPad. Why would they? Why spend months polishing an emulator only for Apple to arbitrarily decide to reject it? (And, yes, this is the wider App Store in microcosm. Creators of other apps and games increasingly feel the same way.)

Rui Carmo:

I’m really sad Apple still forbids shipping apps with a JIT, but we are so close to having a usable Linux sandbox on an iPad that I will take whatever I can get.

Rui Carmo:

I spent a few hours trying out UTM SE (which, if you’re new here, is a just-released version of the UTM front-end for QEMU that runs on iOS) on my M1 iPad Pro, and quickly came to the conclusion that it is not really usable to do local development out of the box.
It might be great to, say, run Windows 95 or older DOS games (and I’m still sore that the Mac OS 9.2.1 image vanished), but unlike the “real” UTM, using UTM SE on iOS or an iPad is severely hobbled by the lack of a JIT.

Previously:

AltStore App Store Emulator iOS iOS 17 iOS App Just-In-Time Compilation (JIT) Linux MS-DOS UTM Windows

3 Comments

Stack Overflow Changes Data Dump Process

Philippe (via Hacker News):

I’m going to start with an important statement: this is primarily only a change in location for where the data dump is accessed. Moving forward, we’ll be providing the data dump from a section of the site user profile on a Stack Exchange profile.
There are a number of reasons for this: first, this is an attempt to put commercial pressure on LLM manufacturers to join us and our existing partners in the “socially responsible AI“ usage that we’re advocating for - to get them to give back to the communities whose data they consume.
Second, we want to help make the process of accessing data dumps quicker and more efficient. While Archive.org has been a great partner to us, as you may know, both internally and externally, people have encountered challenges with uploading and downloading the dumps with any reasonable speed.
[…]
We are requiring that all partners in socially responsible AI comply with the CC BY-SA attribution requirements, attributing content to the community members who contributed it.

They will no longer be uploading the data dump to archive.org, reducing redundancy.

Shog9:

At best, this is extremely inconvenient; at worst, it guarantees no one will ever again have a consistent “dump”.
I’m going to guess: no one involved in making this decision has ever downloaded and worked with the full data dump. It’s already slow and fairly inconvenient; the one bright spot is that a decent torrent client lets you start it and do other stuff while waiting. Best-case, you devote a fast enough pipe to this that the hundreds of extra clicks necessary are rewarded with shorter turnaround… But somehow, I doubt it.

Restore The Data Dumps Again:

You have been engaging on this topic disingenuously for a year.

It was your intention to turn off the dumps a year ago, and now you're trying to make them as inconvenient as possible.

Andras Deak:

You are making it very easy to pull access to our own content that brings you profit. Even if we trusted the company now, this would make it not just possible, but trivial, for some future nefarious company leadership to backstab the community. And guess what: we already have the nefarious company leadership in the present.

AMtwo:

Just over a year ago when I was still staff at the company, I was personally in the unenviable position of having been instructed by the Stack Overflow CEO to disable the Data Dump, and to not re-enable it because he wanted to end the dump. That decision ultimately snowballed until Stack Overflow made commitments to continue the data dump quarterly. Data Superstar Aaron ultimately made some improvements and there was a shift made to the delivery schedule, to make it align better with quarterly boundaries. This is all excellent news for those of us who use the data dumps, and/or are proponents for equal data, and/or are defenders of the open data commitments made by and for the community.
Now, just one quarter after the company’s most recent commitment to a schedule, it’s shifting, again. For no reason. Apparently undoing the most recent schedule-shift by bumping (at least) a month.

goldPseudo:

How do you plan to enforce “I agree that I will use this file for non-commercial use. I will not use it for any other purpose, and I will not transfer it to others without permission from Stack Overflow.” when the CC BY-SA license explicitly forbids adding downstream restrictions?

Previously:

Artificial Intelligence BitTorrent Copyright Internet Archive Legal Stack Overflow Web

Comments

Midnight HomePod mini

Joe Rossignol:

Apple today announced that the existing HomePod mini is now available in a Midnight color option, which replaces the nearly-identical Space Gray color previously offered.

[…]

Apple first released the HomePod mini in November 2020, and it has yet to release a second-generation model of the speaker.

Caveat emptor:

Apple still advertises this as allowing “iTunes music purchases” as an audio source, though in practice many purchases are not available.
With a slow processor and not much RAM, it’s unlikely to get the next round of Siri and Apple Intelligence improvements.

Previously:

Update (2024-07-15): John Gruber:

The bigger question: is this a sign that a HomePod Mini gen 2 isn’t coming soon? The current models debuted in November 2020, and are powered by the S5 chip from Apple Watch Series 5.

[…]

Makes me wonder if Apple produced a bunch of space gray HomePod Minis all at once, when the product debuted, and has been waiting for them to sell out before switching to midnight.

Apple Intelligence audioOS audioOS 17 HomePod iTunes Store Siri

3 Comments

NSCopying in a Swift World

Douglas Hill:

This crash happens because, behind the scenes, the Swift compiler synthesises overrides of a superclass’s designated initialisers. These overridden initialisers crash to prevent objects from being incorrectly initialised from Objective-C.

[…]

From a quick look on Stack Overflow, it seems [self.class alloc] is often a recommended way to create a copy in Objective-C. However, the problem is that the use of self.class dynamically looks up the subclass SocialDocument, but the code here in our framework has no idea that SocialDocument has changed the initialisation requirements.

[…]

If Document were a simpler type where all state that should be copied was public, then subclasses that required copying to create instances of the subclass could override copy(with:) without calling super[…]

[…]

There isn’t a nice way to make copying subclasses work while still adhering to Swift’s principle of reducing the amount of mutable state by using let to create read-only properties.

Adrian Kashivskyy:

PSA: Don’t cast values to NSCopying in Swift or you risk a crash at runtime. Learned this the hard way. 🤠
[…]
Because all values that were originally bridged from Objective-C will pass the alone NSCopying cast, even when they don’t actually conform to the protocol. Such values immediately become instances of _SwiftValue and, like trojans, they will sit there pretending to be innocent but will crash at runtime as soon as they’re accessed.

Previously:

Cocoa iOS iOS 17 Mac macOS 14 Sonoma Objective-C Programming PSPDFKit Swift Programming Language

Comments

Sequoia Beta 3 VMs Don’t Support Mac App Store

Howard Oakley:

The third developer beta of macOS 15 Sequoia finally brings support for Apple ID in macOS virtual machines (VM). As this is likely to form the first public beta-release next week, here’s a short guide to how to install a Sequoia VM, and what you can do with it.
[…]
Apple has previously stated that Sequoia “supports access to iCloud accounts and resources when running macOS in a virtual machine (VM) on Apple silicon”. However, that currently doesn’t include access to the App Store or use of apps purchased from it.

Howard Oakley:

With issues of virtualising what was needed from the host’s Secure Enclave apparently solved, some of us had come to expect that would include App Store access, which is also controlled by Apple ID. It’s now clear that Apple didn’t intend to include its App Store as a “related application”, which was implicitly excluded.

However little you might love the App Store, support in macOS VMs is essential if they are to be of any general use. VMs that can’t run all App Store apps as part of the benefits of signing in with an Apple ID are so stunted as to be of little use. Would it be that difficult to implement, now that those VMs can be signed in to all the other services that depend on an Apple ID? Did Apple really forget its own App Store when deciding what apps should be allowed to run in a VM?

Previously:

Update (2024-07-17): Howard Oakley:

If you are beta-testing macOS 15 Sequoia in a lightweight virtual machine on an Apple silicon Mac, beware that it can cause the host to suffer a kernel panic.

[…]

In Sonoma and earlier VMs, if you give the guest 16 GB of memory, it’s likely to use considerably less than that. Those betas of Sequoia will probably use a little more than is allocated to them. But that will double if you restart the VM, and if your host Mac has insufficient memory for twice that VM’s original allocation, it’s likely to suffer a kernel panic with the VM still open.

Update (2024-07-25): Matthias Gansrigler:

I read somewhere that when running macOS Sequoia in a virtual machine, I can log into my Apple account. But that does not seem to be available for Feedback Assistant, or is it? I still get the same error I used to when virtualizing earlier versions of macOS.

Previously:

macOS 15 Sequoia Public Beta

Mac Mac App Store macOS 15 Sequoia Radar and Feedback Assistant Virtualization

1 Comment

Sequoia Finally Addresses Notification Center Privacy

Arin Waichulis:

The privacy implications of Notification Center popups are well-known in the security forensics community. Whether a user likes it or not, macOS temporarily keeps a log of every notification received in a single plaintext database. This can include messages from applications like iMessage, Slack, Teams, and virtually anything else.

However, it now appears Apple has moved the Notification Center database in macOS Sequoia to address concerns.

They’re moving it from the temporary items folder to a group container, which will be protected by TCC.

Previously:

Mac macOS 15 Sequoia Notification Center Privacy Transparency Consent and Control (TCC)

2 Comments

Friday, July 12, 2024

Transferring Google Photos

Data Transfer Project:

Beginning today, Apple and Google are expanding on their direct data transfer offerings to allow users of Google Photos to transfer their collections directly to iCloud Photos. This complements and completes the existing transfers that were first made possible from iCloud Photos to Google Photos and fulfills a core Data Transfer Initiative (DTI) principle of reciprocity.

Joe Rossignol:

More details can be found in the Google and Apple support documents for each tool[…]

Chance Miller:

Apple says that the service will be available in over 240 countries and regions around the world. The service isn’t available for child accounts or Managed Apple ID accounts. You also can’t import photo and video data to iCloud while Advanced Data Protection is enabled.

Nick Heer:

While Google has long permitted users’ retrieval of data it holds, it has not been the most enthusiastic supporter of direct transfers away from its services. This distinction becomes increasingly important as users store more data with cloud-based services instead of keeping local copies — they may not have space to download all their pictures if they trust the cloud provider’s hosting.

Previously:

Transferring iCloud Photos

Google Photos iCloud iCloud Photo Library iOS iOS 17 Mac macOS 14 Sonoma Photography Photos.app

1 Comment

Delta 1.6 Rejected From the App Store

Zac Hall:

We knew the retro game emulator app Delta was popular, but over 10 million users on iPhone alone? That’s the stat that the team behind Delta shared today alongside the latest news about availability on iPad.

[…]

Delta for iPad comes with features exclusive to iPadOS, including support for Handoff from iPhone, opening multiple Delta windows, and even playing Delta in Stage Manager or in Split View. That’s in addition to each console skin being optimized for the iPad and full-screen game support.

Riley Testut:

lol Apple rejected it

John Voorhees (Mastodon):

I’ve had a chance to try the new Delta 1.6 iPad features and they’re great, so it was disappointing to see that the app has been rejected by App Review. According to the AltStore Mastodon account, the reason was that the app included a link to the developers’ Patreon page, even though that link appeared in prior versions of the app. The Patreon link has been removed and the app resubmitted, so hopefully the update will be available worldwide soon.

Riley Testut:

Some positive news! App Review just called — tl;dr we are allowed to include Patreon benefits (e.g. alternate app icons), there are just some changes we need to make first

Rather than delay 1.6 any more though, we’ve removed all Patreon functionality for now and resubmitted. Plan is to add it back in an update soon once we get 1.6 out the door (hopefully soon)🤞

It was also rejected for “4.3.0: Design Spam.”

Stuart McHattie:

it’s their get out clause for “actually we just don’t want to approve your app any more”. See the review guidelines and in particular (b). So I guess what they’re saying is that they wanted emulators, but they’ve had their fill.

Which is a dumb reason for an update. I could understand this reason for rejection on a brand new app.

Craig Grannell:

Rejecting Delta – DELTA! – for “spam” is, even by Apple standards, taking the piss. Then again, this is one of those opaque rules that often just means Apple doesn’t want the app. MAME4iOS has been tangled in this net for some time now (although I suspect will now fall foul of Apple gradually deciding to punt emulators that aren’t specifically for game consoles, despite having approved a bunch for home micros; still, arcade boards were an unknown).

Craig Grannell:

Emulation state of play on iOS:

A few stars (eg Delta & PPSSPP)

A cut-back RetroArch (and no front-ends)

The odd fun curio (eg ZX81)

Loads of crap (me-too NES; terrible C64)

Presumably intentionally opaque Apple rules that would be simple to clarify, but Apple doesn’t want to because it never wanted emulators on the store and appeared to only approve Delta to blunt AltStore, and this also means many good devs won’t bother and Android remains way better for emulation

[…]

So three months in and, as predicted by me and others, emulation on iOS is an incoherent mess. Which probably suits Apple just fine but it further dents the platform’s credibility with a very noisy contingent of gamers and makes it look inferior compared to Android. And Apple’s ridiculous review stance means a lot of great devs won’t bother. Why would they? Why spend months polishing an emulator only for Apple to arbitrarily decide to reject it?

Joe Rosensteel:

We need some people who can manage from the bottom up. Who can talk to developers directly about App Store issues. Whose responsibilities are the interrelated aspects of customer experience, not just the UX of a single product.

Decades ago, Apple changed its relationship with the community with Apple Evangelists. Maybe it’s time to do so again with a team of Apple Ombudspeople?

[…]

Apple famously isn’t aligned around product lines, which is part of the whole “secret sauce” of Apple product development. Except it sometimes seems that nobody is asking the big questions about how Apple’s products interoperate.

[…]

It’s not the job of the security boffins to worry about balancing security with user experience. They’re thinking about making sure the user is safe, and that’s a fine role. But it has to be counterbalanced by larger considerations, and it’s hard to imagine that anyone is empowered to do that right now.

I like the general idea. But two of his examples are Epic and emulators, and I think those are cases where the people at the top were well in the loop. If they had wanted these submissions to go smoothly they would have. Ombudspeople can be great at surfacing issues, but I don’t see how they get leadership to fundamentally change its mind about major issues.

Previously:

Update (2024-07-15): AltStore:

Just in time for the weekend — Delta 1.6 has been approved and is now available in the App Store!

Craig Grannell:

Good grief, Apple. Glad you got to the right result but why does it so often require devs to fight against bullshit rules and then hope someone might call and that said person can provide clear advice? (Because that doesn’t always happen.)

Tim Hardwick:

With iPad support in v1.6, users can now take full advantage of the device’s larger display and play in fullscreen. There are new controller skins designed specifically for iPad, and the app supports multiple windows in Stage Manager and Split View, with games able to optionally pause when switching windows. The iPad version also supports external game controllers, and the developer Riley Testut says emulated games “hand off” seamlessly between iPhone and iPad, allowing gamers to continue playing where they left off.
Testut says the need for BIOS files has now been eliminated, streamlining the setup process. Users should also notice a considerable improvement in the performance of DS games.

AltStore App Store App Store Rejection Delta Emulator Emulator iOS iOS 17 iPadOS iPadOS 17 Patreon

4 Comments

HTTP Status Codes As Area Codes

httpareacodes (via Mark Christian):

Things that are three digits?

HTTP response headers.

Area codes.

[…]

301: Moved Permanently: Western Maryland

Fun Hack HTTP Web

1 Comment

Huge AT&T Data Breach

Zack Whittaker ( Hacker News):

U.S. phone giant AT&T confirmed Friday it will begin notifying millions of consumers about a fresh data breach that allowed cybercriminals to steal the phone records of “nearly all” of its customers, a company spokesperson told TechCrunch.
In a statement, AT&T said that the stolen data contains phone numbers of both cellular and landline customers, as well as AT&T records of calls and text messages — such as who contacted who by phone or text — during a six-month period between May 1, 2022 and October 31, 2022.
[…]
AT&T’s Huguely told TechCrunch that the most recent compromise of customer records were stolen from the cloud data giant Snowflake during a recent spate of data thefts targeting Snowflake’s customers.

Brian Krebs:

In a written statement shared with KrebsOnSecurity, the FBI confirmed that it asked AT&T to delay notifying affected customers.

[…]

Earlier this year, malicious hackers figured out that many major companies have uploaded massive amounts of valuable and sensitive customer data to Snowflake servers, all the while protecting those Snowflake accounts with little more than a username and password.

[…]

Other companies with millions of customer records stolen from Snowflake servers include Advance Auto Parts, Allstate, Anheuser-Busch, Los Angeles Unified, Mitsubishi, Neiman Marcus, Progressive, Pure Storage, Santander Bank, State Farm, and Ticketmaster.

Brian Krebs:

AT&T’s SEC filing says some cellular site tower information is also among the data accessed by the intruders, which could be used to determine the approximate location of where a call was made or text message sent.

This raises an important question: Was the AT&T customer data stolen from a law enforcement portal set up by AT&T? Sure seems like it.

Joseph Cox:

I’ve also seen a section of the hacked AT&T data. It is incredibly sensitive. The numbers dialed by targets can include apparent family members, businesses, and other places that build a detailed picture of someone’s life. Staggering data breach.

Update (2024-07-15): Matthew Green:

If you want to avoid disasters like the AT&T breach, there are basically only three solutions:

Don’t store data

Don’t store unencrypted data

Have security practices like Google

AT&T Breach Carrir Federal Bureau of Investigation (FBI) Privacy Web

3 Comments

Thursday, July 11, 2024

Affinity Six-Month Trial

Jess Weatherbed (Hacker News, Reddit):

Design software developer Serif has launched a new six-month free trial for its Affinity creative suite, which is well regarded as being one of the few viable alternatives to Adobe’s professional design apps. The offer is available for Affinity Photo, Affinity Designer, and Affinity Publisher starting today on Mac, Windows PC, and iPad.
Affinity uses a one-time purchase pricing model that has earned it a loyal fanbase among creatives who are sick of paying for recurring subscriptions. Prices start at $69.99 for Affinity’s individual desktop apps or $164.99 for the entire suite, with a separate deal currently offering customers 50 percent off all perpetual licenses.

Previously:

Canva Acquires Affinity/Serif

Affinity Designer Affinity Photo Affinity Publisher Bargain iOS App iPadOS iPadOS 17 Mac Mac App macOS 14 Sonoma Marketing

3 Comments

Ricoh ScanSnap iX1600

Ricoh (Amazon):

The newest flagship in the ScanSnap family is 33% faster, giving you more time back in your day. Designed for everyday use, the ScanSnap iX1600 gets documents digitized, organized and sent anywhere—anytime—with minimal effort.

The Fujitsu ScanSnap S500M was the only document scanner that ever worked well for me. I’d been using it for almost 18 years (lately via my 2012 MacBook Pro to run the old software), making it probably the longest serving equipment in my office aside from the desk chair.

Unfortunately, it finally died, with the rollers melting, so that they stick to the paper and no longer turn. There’s some possibility of taking it apart and installing aftermarket rollers, but with unscanned papers stacking up I opted to get a new ScanSnap iX1600.

I’m glad to say that it essentially works the same way as before, just a bit better. The new ScanSnap Home software is ugly and awkward, but you can use it without the cloud features and even lock it down with Little Snitch. As before, you can pretty much ignore the software once it’s configure because you can initiate scans by pressing a button on the scanner itself. It now has a touch-screen so you can switch between different profiles (e.g. receipt, black-and-white document, photo) without even touching the Mac.

It works via Wi-Fi, so I can scan to the Mac and update the firmware without ever connecting a USB cable—which would be inconvenient as it’s on the other side of the room from the Mac. I suppose this means that I can’t control which servers it’s talking to, though…

Scanning itself is much faster. It can optionally use OCR to try to help name the files, e.g. figuring out the vendor and date for receipts. This works surprisingly well, although it’s slow even for tiny documents on an M1 Mac. The scanner will pause for a few seconds before it lets me start scanning the next document. Maybe this limited subset of the OCR functionality runs on the scanner itself?

TWAIN support is still missing. I also wish that it could preview the scan on the device’s own display, since, as mentioned, I don’t have the scanner set up next to the Mac. If previews are not a concern, you can avoid installing the Mac software entirely and just have it save the scans to an SMB share on your Mac.

Mac UPS Software

Howard Oakley:

The commonest error in deciding whether to use a UPS is the argument that, because your Mac isn’t left on 24/7, it’s always attended, so should anything go wrong with the power, you’ll be able to deal with it. Even if you’re sat at your Mac, with instant reactions, there’s no way that it can shut down in time to protect it. Whether you use your Mac for half an hour a day or only power it off once a year for cleaning, it still needs a UPS.

Next in the reasons we persuade ourselves to believe is that UPSes are expensive. Yes, many are, but the more expensive ones are designed to keep things like power-hungry servers running for an hour or more. Most Macs are well-protected if the UPS keeps them going long enough to allow an orderly shutdown, a minute or two at most. It’s far better for a Mac to be given that chance than to have no UPS at all.

[…]

Sadly, few manufacturers bother to provide software that supports Macs. CyberPower is one of those few, and although its bundled software looks oddly blurry, it has valuable features that go well beyond the basics reported by Energy Saver settings.

My Tripp Lite UPS continues to work well, but the Energy Saver integration broke with macOS Catalina, and as far as I know it was never fixed.

Howard Oakley:

If you use a wireless keyboard, mouse or trackpad, or have a UPS connected to your Mac, you might wonder how often macOS checks their charge and functional status. The answer is often, typically every 2-5 seconds. You can follow those checks in the log by listing entries for the subsystem com.apple.BatteryCenter.

Howard Oakley:

Unless your Mac has a Battery widget installed, perhaps on its Desktop, Battery Center entries don’t appear in its log. When you do add a Battery widget to the Desktop, though, checks are made every few seconds, and their results written to the log, and those continue even after removing the widget, at least until the next time that Mac is shut down or restarted.

Third-party software isn’t supposed to access private services like Battery Center, so creating an independent utility to perform similar functions would have to capture its own data. However, given access to the log, it’s possible to read Battery Center’s entries there instead.

[…]

This initial version [of Unhidden] does one job: each time you open a new window in the app, it displays the most recent results obtained by Battery Center, across all the devices that it checks.

Previously:

Powering Your Mac: Power Filters and UPS

Mac Mac App macOS 14 Sonoma Power Unhidden Uninterruptible Power Supply (UPS)

6 Comments

App Intents Dogfooding

Matthew Cassinelli:

Overall, seeing updates to these Reminders actions is a good sign for the Shortcuts ecosystem, as it’s the first signal that Apple is updating their native Shortcuts actions with App Intents-based replacements in iOS 18.

Since the inception of many of these actions in Workflow when Shortcuts was a third-party app, many actions have been built on longstanding external-facing developer APIs (hence actions like “Get Upcoming Reminders”) and then later custom intents from within teams at Apple – they either stayed the same as the Workflow actions, or got piece-by-piece updates for new features each year like Tags in Reminders.

However, as is the nature of intents development, Apple also has tried not to break anything or remove features that are being used in existing shortcuts – but rather than deprecating actions over time, they either have been updated-in-place, added as separate actions (like “Open Smart List”), or simply not implemented in Shortcuts at all.

Now, it appears that we’re seeing the first evidence of an Apple team seeding new actions in betas, hopefully testing and iterating on them, and then likely replacing the Workflow- and custom intents-era actions with modern App Intents actions that can be extended with new features more easily and updated going forward.

iOS iOS 18 Reminders Shortcuts

Comments

Wednesday, July 10, 2024

USPS Metadata Surveillance Program

Tim Cushing:

The USPS wasn’t filing its required paperwork tracking government requests for snail mail info. The USPS rarely rejected another government agency’s demand for mail metadata. And the problems weren’t minute. The forms detailing compliance with government demands for data often weren’t being filed until more than two years after those reports were due.

[…]

It wasn’t until 2023 that Congress made a move to shut the program down — citing not only some concerning privacy violations but the lack of evidence showing easy access to weeks or months of mail snapshots was essential to law enforcement investigations. Roughly a year later, that request from Congress has gone nowhere.

[…]

The USPS (quite reasonably) points out there’s no expectation of privacy in the information contained on the outside of mail. And that’s an understandable position to take… to a certain extent. But no postal worker on their own could compile this information on their own despite having access to this information. And even if they could, it could not be obtained in bulk after the fact because the USPS and its employees would need to know what mail to track beforehand to generate these records.

Previously:

Metadata Privacy Shipping United States Postal Service

Comments

The Unofficial Apple AI Weblog

TUAW:

The Unofficial Apple Weblog (TUAW) has been a cornerstone of Apple-related journalism since its establishment on December 5, 2004. Acquired by Web Orange Limited from Yahoo IP Holdings LLC in 2024 without its original content, our mission has been rejuvenated to continue providing Apple enthusiasts and tech professionals with authoritative and engaging content. We strive to serve as a comprehensive resource for news, credible rumors, and instructional content that spans the Apple ecosystem and beyond.

Karissa Bell:

The sale, notably, did not include the TUAW archive. But, it seems that Web Orange Limited found a convenient (if legally dubious) way around that.

They scraped archive.org.

Christina Warren:

So someone bought the old TUAW domain name. TUAW was a site that I worked at in college, that has been dead for a decade and that I stopped working for 15 years ago. But now my name is bylined on 1500+ articles alongside an AI-generated photo. Revive the old brand. Fine. But leave my name off of it!

Jason Snell:

They’ve re-used the names of key historic contributors, but generated new bios and photos(!) and claim that new stories are written by these historic contributors.

[…]

After coverage here and elsewhere, the site has changed all the names of real people to fake people. Same bios, same photos, but now fake names. This doesn’t stop the new TUAW from being an AI-generated garbage farm, but at least my friends’ names aren’t attached to the garbage anymore.

Eric Schwarz:

It’s like what happened with iPodlounge/iLounge…cashing in on the name, but just crap regurgitated content.

Previously:

Update (2024-07-15): Nick Heer:

The same advertising identifier has been used with a handful of other previously defunct publications like Metapress and Tapscape, as well as a vanity URL generator for Google Plus.

Adam Engst:

Christina Warren said AOL shuttered TUAW in 2015 and moved the archives to Engadget, breaking all the URLs. I suspect Web Orange Limited used a spider to crawl all old TUAW URLs on the Wayback Machine, had an AI tool “meticulously rewrite” those articles, and posted them on the new site. That would explain how we get Steve Sande’s favorite apps article from 2014 written by “Jeffrey Adams” but still using the first person. Compare against the original on the Engadget site.
TUAW was prolific, so there are thousands of articles going back to the site’s founding in 2004. When I checked out the oldest pages, I quickly found some places where the system broke down, linking modern headlines with ancient content and revealing what looks like generative AI behind the curtain.
Why do this? There are a lot of old TUAW URLs floating around on the Web. They didn’t resolve a week ago, but they do now, and their content will often pass the average Web surfer’s sniff test. Having content on the other side of all those old URLs will help the overall SEO ranking for the TUAW site, thus increasing the chance Google will return TUAW pages for searches and cause people to see ads.

Calling AI a Bubble

Ron Miller (via Hacker News):

[Rodney Brooks] knows what he’s talking about, and he thinks maybe it’s time to put the brakes on the screaming hype that is generative AI. Brooks thinks it’s impressive technology, but maybe not quite as capable as many are suggesting. “I’m not saying LLMs are not important, but we have to be careful [with] how we evaluate them,” he told TechCrunch.
He says the trouble with generative AI is that, while it’s perfectly capable of performing a certain set of tasks, it can’t do everything a human can, and humans tend to overestimate its capabilities. “When a human sees an AI system perform a task, they immediately generalize it to things that are similar and make an estimate of the competence of the AI system; not just the performance on that, but the competence around that,” Brooks said. “And they’re usually very over-optimistic, and that’s because they use a model of a person’s performance on a task.”
He added that the problem is that generative AI is not human or even human-like, and it’s flawed to try and assign human capabilities to it. He says people see it as so capable they even want to use it for applications that don’t make sense.

M.G. Siegler:

Seemingly every investor I talk to these days is struggling with the same basic thing: they believe AI is going to be one of the most transformative technologies of the past several decades – and perhaps ever – but they have almost no idea how to invest in the space. And yet they are investing in the space. At a pace that puts the crypto boom to shame. Because, well, that’s the job.

Katie Balevic (via Hacker News):

Tech companies are spending big on the AI craze, but it will be a while before they have much — if anything — to show for it.
As companies prepare to spend over $1 trillion on artificial intelligence, a Goldman Sachs report examined the big question at hand: “Will this large spend ever pay off?”
That sizable investment will go toward the data centers needed to run AI, the power grid, and AI chips. But shortages of those AI ingredients could lead to disappointing returns for companies.

The report is here.

Edward Zitron:

The report covers AI’s productivity benefits (which Goldman remarks are likely limited), AI’s returns (which are likely to be significantly more limited than anticipated), and AI’s power demands (which are likely so significant that utility companies will have to spend nearly 40% more in the next three years to keep up with the demand from hyperscalers like Google and Microsoft).
[…]
The report includes an interview with economist Daron Acemoglu of MIT (page 4), an Institute Professor who published a paper back in May called “The Simple Macroeconomics of AI” that argued that “the upside to US productivity and, consequently, GDP growth from generative AI will likely prove much more limited than many forecasters expect.” A month has only made Acemoglu more pessimistic, declaring that “truly transformative changes won’t happen quickly and few – if any – will likely occur within the next 10 years,” and that generative AI’s ability to affect global productivity is low because “many of the tasks that humans currently perform…are multi-faceted and require real-world interaction, which AI won’t be able to materially improve anytime soon.”

Dare Obasanjo:

This is a great article from Sequoia which argues the tech industry needs $600B in AI revenue to justify the money spent on GPUs and data centers.
OpenAI is the biggest AI pure play and is at $3.4B ARR. This feels like a bubble unless products worth buying show up.
There is no doubt that there will be a lot of money made from AI. The question is whether it will be enough to support a $3T valuation for Nvidia?

Hemant Mohapatra (Thread Reader, via Hacker News):

So now that Nvidia has far outstripped the market cap of AMD and Intel, I thought this would be a fun story to tell. I spent 6+yrs @ AMD engg in mid to late 2000s helping design the CPU/APU/GPUs that we see today. Back then it was unimaginable for AMD to beat Intel in market-cap (we did in 2020!) and for Nvidia to beat both! In fact, AMD almost bought Nvidia but Jensen wasn’t ready to sell unless he replace Hector Ruiz of AMD as the CEO of the joint company. The world would have looked very different had that happened. Here’s the inside scoop of how & why AMD saw the GPU oppty, lost it, and then won it back in the backdrop of Nvidia’s far more insane trajectory, & lessons I still carry from those heady days[…]

Update (2024-07-15): See also: Hacker News.

Advanced Micro Devices (AMD) Artificial Intelligence Business NVIDIA

7 Comments

Google Maps Is Killing Timeline for Web

Emma Roth:

Google Maps is changing the way it handles your location data. Instead of backing up your data to the cloud, Google will soon store it locally on your device.
In an email sent to users, Google says you have until December 1st to save all your travels to your mobile device before it starts deleting your old data. Timeline — previously known as Location History — is the feature that tracks your routes and trips based on your phone’s location, allowing you to revisit all the places you’ve been in the past.
But now, instead of tying all of this information to your Google account, the company will link it to the devices you use.

Mahmoud Itani (via Hacker News):

Through a dedicated button on the updated app, you’ll then be able to migrate your existing location history to the on-device database. If you take no action and miss the deadline, Google could purge some or all of your location history when it sunsets Timeline’s web access.

To help users retain their data in the long run, Google Maps has also introduced a new backup feature for Timeline. Users can rely on it to save encrypted copies of their location history on Google’s servers. They can then restore these backups in the Google Maps app when they switch to a new phone.

Pieter Arntz:

As I pointed out years ago, Location History allowed me to “spy” on my wife’s whereabouts without having to install anything on her phone. After some digging, I learned that my Google account was added to my wife’s phone’s accounts when I logged in on the Play Store on her phone. The extra account this created on her phone was not removed when I logged out after noticing the tracking issue.
That issue should be solved by implementing this new policy. (Let’s remember, though, that this is an issue that Google formerly considered a feature rather than a problem.)

Previously:

Google’s Confusing New Location Data Settings

Datacide Google Maps Privacy Sunset Web

3 Comments

Tuesday, July 9, 2024

iOS 18: Vehicle Motion Cues

Tim Hardwick:

According to Apple, research shows that motion sickness is commonly caused by a sensory conflict between what a person sees and what they feel, which can prevent some users from comfortably using iPhone or iPad while riding in a moving vehicle.

Vehicle Motion Cues are designed to avoid this sensory conflict with the use of visual elements on the display that indicate real-time changes in motion.

[…]

If you turned on the feature, you should now see the motion cues – roving little dots – around the edges of your iPhone or iPad screen.

I wonder whether this also applies to the CarPlay display.

Previously:

CarPlay at WWDC24

Car CarPlay Health iOS iOS 18

5 Comments

CarPlay at WWDC24

Casper Kessels (April 2024, via Hacker News):

The first version of CarPlay has been available since 2016 and has been a major success. For car industry standards, it was adopted quickly and by almost every carmaker. But since then, the car industry has been changing while the design and functionality of CarPlay have mostly stayed the same.
With lower hardware cost and an increased focus on software, carmakers have invested more in their interiors to set themselves apart. Google jumped on this opportunity by releasing Android Automotive. Unlike Android Auto, Google’s equivalent to Apple CarPlay, Android Automotive runs natively inside the car and any carmaker is free to use it. Google monetizes it by licensing its ‘Google Automotive Services’ to carmakers. This gives carmakers access to Google’s services like Google Maps, Waze, the Play Store, and Google Assistant.
[…]
Thanks to a deep integration with the software stack of the vehicle, CarPlay 2 can control most infotainment functions. It can therefore take over the entire infotainment display, the instrument cluster, and any passenger displays. For customers, it will appear like CarPlay works exactly in the same way but underneath, a lot of custom work is necessary by the carmaker and Apple to integrate. For example, even though most of the computing power still comes from the iPhone, there will be some software engineering necessary on the carmakers’ hardware to ensure that safety-critical information like speed doesn’t disappear when the iPhone crashes.
Apple is fully dependent on the carmaker’s willingness to work with them to implement this. This is why the WWDC keynote was clearly a pitch aimed at carmakers, not consumers. But so far, on the surface, it seems like carmakers have not been eager to implement the new version.

Dave Mark (May 2024):

GM dumped CarPlay. This Bloomberg piece digs into the why and the what of it all.
Lots of great bits here, including what the “Ultifi” (GM’s CarPlay replacement) experience is like.
Spoiler: It’s not pretty.
The CarPlay vs Android Auto vs Android Automotive saga is incredibly important to Apple, and GM is on the front lines.

Malcolm Owen:

The entire situation was an attempt by GM to create its own software team to make a better dashboard experience than CarPlay. One that it could control directly, and potentially capitalize on instead of relying on Apple’s software.
Apple was a threat to become “the iOS of the vehicle,” said GM SVP of strategy and innovation Alan Wexler. “It’s a physical vehicle, but it’s an iPhone you’re driving.”
GM was fine with CarPlay offering entertainment, but balked at Apple’s intention to control more of a vehicle’s functions. Achieving that would mean Apple had more control over how GM could earn digital revenue from its customers.

I don’t want CarPlay taking over the vehicle’s functions any more than I want the vehicle blocking me from using my iPhone for maps and entertainment.

WWDC Session 10112:

Explore the design system at the heart of the next generation of CarPlay that allows each automaker to express their vehicle’s character and brand. Learn how gauges, layouts, dynamic content, and more are deeply customizable and adaptable, allowing you to express your own design philosophy and create an iconic, tailored look. This session is intended for automakers, system developers, and anyone designing a system that supports the next generation of CarPlay.

Khaos Tian:

This explains why next generation CarPlay is never going to happen 😛

No auto manufacturer is going to build their car UI twice just for iPhone…

And this shows why HI shouldn’t do car instrument cluster design 😅

Nilay Patel (Threads):

The result is an approach to CarPlay that’s much less “Apple runs your car” and much more “Apple built a design toolkit for automakers to use however they want.”

[…]

But if you want to integrate things like speedometers and climate controls, CarPlay needs to actually collect data from your car, display it in real time, and be able to control various features like HVAC directly. So, for next-gen CarPlay, Apple’s split things into what it calls “layers,” some of which run on your iPhone while others run locally on the car so they don’t break if your phone disconnects. And phone disconnects are going to be an issue because next-generation CarPlay only supports wireless connections. “The stability and performance of the wireless connection are essential,” Apple’s Tanya Kancheva says while talking about the next-gen architecture. Given that CarPlay connectivity issues are still the most common issue in new cars and wireless made it worse, that’s something Apple needs to keep an eye on.

[…]

Apple’s example here is a vision of multiple colliding interface ideas all at once: a button in CarPlay to control massage seats that can either show native CarPlay controls or simply drop you into the car’s own interface.

Joe Rosensteel (Mastodon):

The two 2024 videos are basically sales pitches and explainers for the vague 2022 announcement. A lot of extra work has happened in two years, but … will anything ever ship with what they keep teasing?
[…]
Ironically car makers are teased with a level of customization that has never appeared on an Apple product in this century, but it’s when working in conjunction with Apple designers, and you apparently have to use the San Francisco family of typefaces? Wild proposition.
[…]
Setting aside the highly polarizing topic of what should be a physical button, and what should be on a screen, there’s no reason to do all the screen work twice. Especially not if it adds to customer confusion over their vehicle controls when their phone isn’t connected to the vehicle.
[…]
In my humble opinion, Next-Gen CarPlay is dead on arrival. Too late, too complicated, and it doesn’t solve the needs of automakers or customers.

Joe Rossignol:

iOS 18 adds contact photos next to names in the Messages app, making it easier to identify conversations at a glance.

[…]

In the Settings app, you can now choose to have Silent mode on your iPhone automatically turn on or off when the device is connected to CarPlay.

[…]

Voice Control is another new accessibility feature that allows you to control CarPlay entirely with Siri voice commands through a connected iPhone.

But will it be able to display the full title of the song that’s playing?

Mac App Impersonation

Jérôme Segura (via Ric Ford):

On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows RAT, also via Google ads.
The macOS stealer being dropped in this latest campaign is actively being developed as an Atomic Stealer competitor, with a large part of its code base being the same as its predecessor. Malwarebytes was previously tracking this payload as OSX.RodStealer, in reference to its author, Rodrigo4. The threat actor rebranded the new project ‘Poseidon’ and added a few new features such as looting VPN configurations.

Kseniia Yamburh (via Ric Ford):

As malware researchers in Moonlock, the cybersecurity division of MacPaw, we are always on the lookout for new samples to analyze and protect our users from. One day, we came across a sample with the name CleanMyMac, which caught our attention. However, this sample was not the genuine CleanMyMac, but a malicious impersonation.
We decided to investigate this campaign further and uncovered many more samples with different malware inside, such as Atomic Stealer, PSW Stealer, and AdLoad Adware. These malware can steal users’ passwords and personal data and display unwanted ads on their Macs.

Howard Oakley:

There is a problem common to all products that try to detect malicious software, in false positives. Over the 20 months or so since XProtect Remediator went live, several of its scanning modules have reported what appear to be false positives.
[…]
To our disappointment, Apple Support didn’t appear concerned, and told them that such events don’t get reported to the user unless there’s something that the user needs to do. They were then pointed at a discussion on Apple Support Communities, where the “Best reply” may be familiar to some of you.
[…]
This immediately reveals that the respondent is unable to draw the distinction between ‘classic’ XProtect, the part of Gatekeeper that performs checks on executable code before it’s run, and the newer XProtect Remediator, which scans for telltale signs of malicious software when your Mac isn’t in use.

Previously:

Update (2024-07-19): Jérôme Segura:

We were able to reliably search for and see the same malicious ad for Microsoft Teams which was likely paid for by a compromised Google ad account.

[…]

Once the downloaded file MicrosoftTeams_v.(xx).dmg is mounted, users are instructed to open it via a right click in order to bypass Apple’s built-in protection mechanism for unsigned installers.

Google search is unlikely to take you to a fake app because popular apps have good PageRanks; just don’t click on an ad.

AdWords Arc Browser CleanMyMac Google Search Mac Mac App macOS 14 Sonoma Malware Privacy

Comments

Stack Overflow Links Pushing Malware

Lawrence Abrams (via Hacker News):

Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users’ questions by promoting a malicious PyPi package that installs Windows information-stealing malware.
[…]
This PyPi package is named ‘pytoileur’ and was uploaded by threat actors to the PyPi repository over the weekend, claiming it was an API management tool. Notice how the package has the “Cool package” string in the Summary metadata field, indicating it is part of this ongoing campaign.

Previously:

Longstanding CocoaPods Vulnerabities

Malware Open-source Software Privacy Programming Python Stack Overflow Web Windows

Comments

Monday, July 8, 2024

Apple Intelligence for Siri in Spring 2025

William Gallagher:

While many Apple Intelligence features will roll out with iOS 18 during the remainder of 2024, its much-awaited revamp of Siri will wait until iOS 18.4 in 2025.
[…]
Before then, there will be a new design to Siri. That will presumably include how Apple has shown that invoking Siri will bring a flare around the edges of the iPhone screen, instead of the current circle icon.

This is a rumor, but, if true, it’s the first time I can recall a key part of the WWDC announcements being so quickly pushed so far back in the release cycle.

It’s also interesting that the new engine is not tied to the new user interface.

Hartley Charlton:

The more capable version of Siri allows the voice assistant to control actions within Apps, allowing it to understand what is currently on-screen and determine what to do based on context.

That all sounds good, but when are they going to fix the basics?

Previously:

Update (2024-07-09): John Gruber:

If the usual pattern holds, it’s a safe guess that iOS 18.4 will arrive in mid-to-late March.

If generative AI weren’t seen as essential — both in terms of consumer marketing and investor confidence — I think much, if not most, of what Apple unveiled in “Apple Intelligence” wouldn’t even have been announced until next year’s WWDC[…]

Apple Intelligence HomePod iOS iOS 18 Rumor Siri

4 Comments

Ivory 2.0

Niléane:

Now, in the app’s redesigned Hashtags tab, you can create a list that contains up to four hashtags, and you can even exclude specific hashtags if you’re looking to fine-tune the resulting timeline.

[…]

The other big improvement in Ivory 2.0 is its redesigned share sheet extension for creating posts. It is now fully-featured, with the ability to set the post’s visibility and language, as well as an option to add alternative text descriptions to shared images and videos. When sharing a URL, the share sheet will now show a preview of the link card that will appear as part of your post.

With no way to turn off Universal Links, I still can’t use the Mac version because whenever I work on a document that includes a Mastodon link it will open in Ivory instead of in my browser.

Previously:

iOS iOS 17 iOS App Ivory Mac Mac App macOS 14 Sonoma Mastodon Universal Links

6 Comments

Signal for Mac’s “Encrypted” Database

Signal:

Storing messages outside of your active Signal device is not supported.

Messages are only stored locally.

An iTunes or iCloud backup does not contain any of your Signal message history.

This makes it private on iOS because other apps can’t access the message database. But the same design doesn’t work so well with the Mac version.

Mysk:

This is the folder structure of Signal’s local data on macOS. The encrypted database and encryption key are stored next to each other. The folder is accessible to any app running on the Mac.

Why didn’t they store the encryption key in the keychain?

Mysk:

The encryption key used to encrypt the local DB that contains all the secrets and chat history is stored in plain text in a location accessible by any app, process or script started by the Mac user.
It’s very tempting to use Signal’s desktop app. This is particularly useful for activists who can be more productive using a desktop than a mobile phone. Signal doesn’t make it clear that linking a desktop app can render Signal’s “gold standard” for encryption useless.

This seems like a much bigger deal than last week’s ChatGPT story.

Mysk:

I wrote a simple Python script that copies the directory of Signal’s local storage to another location (to mimic a malicious script or app)
[…]
Messages were either delivered to the Mac or to the VM. The iPhone received all messages. All of the three sessions were live and valid. Signal didn’t warn me of the existence of the third session [that I cloned]. Moreover, Signal on the iPhone still shows one linked device. This is particularly dangerous because any malicious script can do the same to seize a session.

Saagar Jha:

I think a lot of people have recently learned something that horrifies them. I do not fault them for that in the slightest. I just also want them to share my terror of this being standard best practice in the industry.

Previously:

Update (2024-07-09): Lawrence Abrams:

A mistake in the process used by the Signal Desktop application to encrypt locally stored messages leaves them wide open to an attacker.

He wrote this in 2018, and there are forum posts older than that referencing the issue. Curiously, a Signal developer offers the explanation that even though they are using an encrypted extension to SQLite and configured it to encrypt the database with a password, it was not their intention to protect the database with encryption:

The database key was never intended to be a secret. At-rest encryption is not something that Signal Desktop is currently trying to provide or has ever claimed to provide. Full-disk encryption can be enabled at the OS level on most desktop platforms.

I don’t understand what the reason was, then. And full-disk encryption is a solution to a different problem; it does not protect the data from other processes on the system.

Matt Henderson:

This is shocking for anyone considering Signal the gold standard in security.

Update (2024-07-15): Lawrence Abrams:

The response was unusual after Whittaker’s constant retweets about the security and privacy implications of Microsoft’s Windows Recall and how data could be stolen by local attackers or malware.
[…]
In April, an independent developer, Tom Plant, created a request to merge code that uses Electron’s SafeStorage API to further secure Signal’s data store from offline attacks.
[…]
While the solution would provide additional security for all Signal desktop users, the request lay dormant until last week’s X drama. Two days ago, a Signal developer finally replied that they implemented support for Electron’s safeStorage, which would be available soon in an upcoming Beta version.

Ben Lovejoy:

Using Keychain on Mac fully secures the encryption key, while the Windows solution could still potentially be compromised by some malware, but will be significantly safer than now.

Keychain Mac Mac App macOS 14 Sonoma Privacy Signal SQLite

25 Comments

Epic Games Store Temporarily Allowed

Epic Games:

Apple has informed us that our previously rejected Epic Games Store notarization submission has now been accepted.

Eric Slivka (Hacker News):

Apple today said it has approved the third-party Epic Games Store in the European Union, allowing the Fortnite developer to launch its alternative app marketplace in those countries, reports Reuters.

Is running to the EU the new running to the press?

Tim Sweeney:

Now about those 9 to 16 day TestFlight app approval delays…

App Review Guidelines:

5.2.5 Apple Products: Don’t create an app that appears confusingly similar to an existing Apple product, interface (e.g. Finder), app (such as the App Store, iTunes Store, or Messages) or advertising theme.

Malcolm Owen:

Epic had defended itself, insisting it used the same naming conventions employed across different platforms. Epic also said it followed standard conventions for buttons in iOS apps.

Tim Sweeney:

Apple is now telling reporters that this approval is temporary and are demanding we change the buttons in the next version - which would make our store less standard and harder to use.

We’ll fight this.

Matthew Connatser:

If Epic is representing Apple’s position accurately, this would be a very strange reason to reject a third-party storefront. It’s unclear why Epic needs to use significantly different language than is used in the App Store, not to mention that the online souk is just one of many storefronts in the digital world where the words “install” and “in-app purchases” are used.

Is Apple’s position that it’s “confusingly similar” if it says “Epic Games Store” in large friendly letters but the buttons have the same titles and colors as in the App Store? Or are they complaining about specific pixels in the design? If so, are Epic’s buttons on other platforms copyright infringements of the App Store?

Nick Heer:

As far as I know, there are no screenshots of the version of Epic Games’ store submitted to Apple. Maybe it is designed in a way that duplicates Apple’s App Store to the point where it is confusing, as Apple argues. […] Regardless, it seems like a bad idea for Apple to be using its moderate control over alternative app stores are distributed to litigate intellectual property disputes. Perhaps when trust in the company’s processes is healthier, it would be less objectionable. But right now? If Apple wants to give competition investigators more material, it appears to be succeeding.

John Gruber (Mastodon):

Epic is certainly under no obligation to reveal screenshots of its in-progress iOS games marketplace, but without screenshots, there’s also no reason for anyone to take their own description of the notarization dispute with Apple at face value. Epic Games is an unreliable narrator.

Well, the screenshots were submitted to the EU, and it would look really bad if Epic were found to be lying about this, so what would be the point? My recollection is that Epic has been accurate in its descriptions of its disputes with Apple, whereas Apple has a history of making misleading statements about Epic. Gruber started calling Epic an “unreliable narrator” after Epic claimed that Apple was going to punish its customers who had used “Sign In with Apple.” However, documents from court filings later showed that his sources were wrong and Epic’s version of story and timeline were correct.

Previously:

Update (2024-07-15): See also: ArsTechnica (Hacker News).

Antitrust App Marketplaces Design Digital Markets Act (DMA) Epic Games European Union Fortnite In-App Purchase iOS iOS 17 Notarization

17 Comments