Friday, June 14, 2024

WWDC 2024 Links

General:

What’s New:

Release Notes:

Key Sessions:

Podcasts:

Interviews:

Other:

This post will be updated as I find new links. If you see anything good that I missed, please post a comment, tweet, toot, or e-mail me.

Previously:

Private Cloud Compute

Apple (via Ivan Krstić, ArsTechnica):

Apple Intelligence is the personal intelligence system that brings powerful generative models to iPhone, iPad, and Mac. For advanced features that need to reason over complex data with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. For the first time ever, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. Built with custom Apple silicon and a hardened operating system designed for privacy, we believe PCC is the most advanced security architecture ever deployed for cloud AI compute at scale.

[…]

The root of trust for Private Cloud Compute is our compute node: custom-built server hardware that brings the power and security of Apple silicon to the data center, with the same hardware security technologies used in iPhone, including the Secure Enclave and Secure Boot. We paired this hardware with a new operating system: a hardened subset of the foundations of iOS and macOS tailored to support Large Language Model (LLM) inference workloads while presenting an extremely narrow attack surface. This allows us to take advantage of iOS security technologies such as Code Signing and sandboxing.

On top of this foundation, we built a custom set of cloud extensions with privacy in mind. We excluded components that are traditionally critical to data center administration, such as remote shells and system introspection and observability tools. We replaced those general-purpose software components with components that are purpose-built to deterministically provide only a small, restricted set of operational metrics to SRE staff. And finally, we used Swift on Server to build a new Machine Learning stack specifically for hosting our cloud-based foundation model.

[…]

Since Private Cloud Compute needs to be able to access the data in the user’s request to allow a large foundation model to fulfill it, complete end-to-end encryption is not an option. Instead, the PCC compute node must have technical enforcement for the privacy of user data during processing, and must be incapable of retaining user data after its duty cycle is complete.

[…]

Every production Private Cloud Compute software image will be published for independent binary inspection — including the OS, applications, and all relevant executables, which researchers can verify against the measurements in the transparency log.

Matthew Green:

Then they’re throwing all kinds of processes at the server hardware to make sure the hardware isn’t tampered with. I can’t tell if this prevents hardware attacks, but it seems like a start.

They also use a bunch of protections to ensure that software is legitimate. One is that the software is “stateless” and allegedly doesn’t keep information between user requests. To help ensure this, each server/node reboot re-keys and wipes all storage.

[…]

Of course, knowing that the phone is running a specific piece of software doesn’t help you if you don’t trust the software. So Apple plans to put each binary image into a “transparency log” and publish the software.

But here’s a sticky point: not with the full source code.

Security researchers will get some code and a VM they can use to run the software. They’ll then have to reverse-engineer the binaries to see if they’re doing unexpected things. It’s a little suboptimal.

And I don’t understand how you can tell whether the binary image in the log is actually what’s running on the compute node.

Matthew Green:

As best I can tell, Apple does not have explicit plans to announce when your data is going off-device for to Private Compute. You won’t opt into this, you won’t necessarily even be told it’s happening. It will just happen. Magically.

[…]

Wrapping up on a more positive note: it’s worth keeping in mind that sometimes the perfect is the enemy of the really good.

[…]

I would imagine they’ll install these servers in a cage at a Chinese cloud provider and they’ll monitor them remotely via a camera. I don’t know how you should feel about that.

Aside from the source code issue, it’s not clear to me what more Apple could reasonably do. Let researches inspect the premises? They’re making a strong effort, but that doesn’t mean this system is actually as private as on-device. You have to trust their design and all the people implementing it and hope there aren’t any bad bugs.

Matthew Green:

It’s a very thoughtful design. Indeed, if you gave an excellent team a huge pile of money and told them to build the best “private” cloud in the world, it would probably look like this.

Francisco Tolmasky:

I’ve asked a lot of people: “OK, imagine Facebook implemented the same system, you’d be fine using it?” Their answer was “Well, no…” Because at the end of the day this system still fundamentally relies on trust. None of this stuff is actually verifiable. And that becomes crystal clear when you realize that you wouldn’t trust it if you simply switched out the names. No one is saying they’re not trying, but that’s different than having created an actually secure system.

Francisco Tolmasky:

Shell game: We put the data under the “local processing cup,” mention you need servers, start swapping cups around, invent a nonsense term “Private Cloud Compute” & voila! These are SPECIAL servers. That’s how you go from “local matters” to “we’re doing it on servers!”

Francisco Tolmasky:

Something that gets lost in discussions about trust is the kind of trust you actually need. Plenty of people trust Apple’s intentions. But with the cloud you actually further need to trust they, e.g., never write any bugs. That they have perfect hiring that catches someone trying to infiltrate them, despite it being super tempting for a gov to try. That they’ll shut the whole feature down if a gov passes a data retention law. This seems pedantic, but these were Apple’s own arguments in the past.

Jeff Johnson:

The so-called “verifiable transparency” of Private Cloud Compute nodes is a bad joke. They’re mostly closed source, so security researchers would have to reverse engineer almost everything. That’s the opposite of transparency.

Only Apple could claim that closed source is transparent. Orwellian doublespeak.

Previously:

UTM Blocked Outside App Store via Notarization

Benjamin Mayo (Hacker News):

App Review has rejected a submission from the developers of UTM, a generic PC system emulator for iPhone and iPad.

The open source app was submitted to the store, given the recent rule change that allows retro game console emulators, like Delta or Folium. App Review rejected UTM, deciding that a “PC is not a console”. What is more surprising, is the fact that UTM says that Apple is also blocking the app from being listed in third-party app stores in the EU.

As written in the App Review Guidelines, Rule 4.7 covers “mini apps, mini games, streaming games, chatbots, plug-ins and game emulators”.

UTM says Apple refused to notarize the app because of the violation of rule 4.7, as that is included in Notarization Review Guidelines. However, the App Review Guidelines page disagrees. It does not annotate rule 4.7 as being part of the Notarization Review Guidelines. Indeed, if you select the “Show Notarization Review Guidelines Only” toggle, rule 4.7 is greyed out as not being applicable.

UTM:

Apple has reached out and clarified that the notarization was rejected under rule 2.5.2 and that 4.7 is an exception that only applies to App Store apps (but which UTM SE does not qualify for).

This is confusing, but I think what Apple is saying is that, even with notarization, apps are not allowed to “download executable code.” Rule 2.5.2 says apps may not “download, install, or execute code” except for limited educational purposes. Rule 4.7 makes an exception to this so that retro game emulators and some other app types can run code “that is not embedded in the binary.” This is grayed out when you select Show Notarization Review Guidelines Only, meaning that the exception only applies within the App Store. Thus, the general prohibition remains in effect for App Marketplaces and Web Distribution. But it seems like this wasn’t initially clear to Apple, either, because the review process took two months.

This also seems inconsistent with the fact that the Delta emulator is allowed to be notarized outside the App Store. It doesn’t make much sense for the rules to be more lax within the App Store. I first thought the mistake was that Apple didn’t mean to gray out 4.7 for notarization. Then everything would make sense. But the clarification states that 4.7 is not intended to apply to notarization.

The bottom line for me is that Apple doesn’t want general-purpose emulators, it’s questionable whether the DMA lets it block them, and even siding with Apple on this it isn’t consistently applying its own rules.

kelthuzad:

If Apple can block what’s on “independent” third-party app stores, then the letter of the DMA may be violated or not, but its spirit is most certainly violated. Hope the EU cracks down on such malicious compliance.

Steve Troughton-Smith:

Apple needs to read the terms of the DMA again; Apple can’t reject UTM from distribution in third party marketplaces, in just the same way it can’t prevent Epic from building an App Store. App Review is going to land them yet another clash with the EU, and potential fine-worthy rule violation

Thomas Clement:

Sigh… what is even the point of third-party distribution if Apple is going to block whatever competition it does not want to see there?

Miguel Arroz:

This is so stupid. UTM is an essential tool for my work, running stuff I need 24/7. This shows that 1. The EU didn’t go far enough in telling tech companies the products people buy belong to them and they must be able to run whatever the hell they want on those products regardless of what some multinational company likes it or not, and 2. Every platform Apple makes is not targeted for real work and productivity except macOS and that’s mostly for historic reasons.

UTM:

We will adhere by Apple’s content and policy decision because we believe UTM SE (which does not have JIT) is a subpar experience and isn’t worth fighting for. We do not wish to invest any additional time or effort trying to get UTM SE in the App Store or third party stores unless Apple changes their stance.

gorkish:

I remember the flash-in-the-pan moment where through some strange conflux of exploits and firmware features UTM on iOS was able to access full hardware virtualization support. It was a glorious glimpse into an alternate reality that we will likely never get to see again.

I don’t have enough superlatives to express my disappointment when seeing all of that effort suppressed and restricted by Apple.

When the UTM authors say “it’s not worth it” -- they may be onto something. Apple is slowly but surely beginning to be “not worth it” for me and for many other professional users.

Previously:

Thursday, June 13, 2024

iPhone Mirroring

Filipe Espósito (Reddit):

Both macOS 15 and iOS 18 introduce iPhone Mirroring, which is a new way of interacting with your iPhone from your Mac. The feature lets you see and control your iPhone screen from your computer without having to touch your phone. You can also drag and drop files between macOS and the mirrored iPhone.

At least in beta 1, this feature is not available.

Wayne G:

iPhone Mirroring steps things up considerably, allowing you to use your phone, see notifications, and use your apps—all from your Mac desktop. Because this is a Continuity feature, it does require that your iPhone be on the same WiFi network as your Mac and have Bluetooth enabled.

When you launch iPhone mirroring, your iPhone’s Home Screen appears in a window on the Mac desktop. From there you can use your keyboard and mouse/trackpad to navigate the phone, swiping between Home Screen pages, and launching and browsing apps.

I’m really looking forward to this, both so that I can access my phone when it’s locked and so that I can fly through tasks with the keyboard and mouse that would be awkward on the touch screen. Universal Clipboard helps but doesn’t go far enough.

Matthias Gansrigler:

iPhone Mirroring. Aka “I can finally post to Instagram from my Mac”

Matt Birchler:

Bezel has done something like this before, but Apple uses their elevated position as the platform owner to take this to the next level.

This looks sick and is really cleverly done. The thing that gets me most excited is the ability to have notifications appear on my Mac and not just on my iPhone. The fact that clicking on that notification opens that on my iPhone on my Mac’s display is just awesome. And again, since Apple has elevated powers here, the fact that your phone screen remains off while all this is happening is just a cherry on top.

I can’t help but snark that Apple lets you use your iPhone with a mouse and everyone thinks it’s awesome, but touching a Mac remains beyond the pale and something only a fool would suggest 😉

Christina Warren:

So if I can control my phone from my Mac with a touchpad — wouldn’t it be cool if I could I dunno, control those apps on my Mac with a touch screen? What if I just got a touch screen on my Mac!

Previously:

Dark Mode iOS 18 App Icons

Apple:

People can customize the appearance of their app icons to be light, dark, or tinted. You can create your own variations to ensure that each one looks exactly the way you way you want. See Apple Design Resources for icon templates.

Design your dark and tinted icons to feel at home next to system app icons and widgets. You can preserve the color palette of your default icon, but be mindful that dark icons are more subdued, and tinted icons are even more so. A great app icon is visible, legible, and recognizable, even with a different tint and background.

Louie Mantia:

It appears to me that all white-glyph icons in dark mode use their background color as their foreground color. Mail’s white envelope becomes blue. The blue background becomes black. A blue envelope is a little weird, but it’s rendered as a symbol, unlike Wallet or Files, which have minor shading.

The white-background icons simply become black-background icons. Maps utilizes a dark mode color palette from the app itself, Weather turns the sky black, but oddly keeps the sun rather than switching to the moon. This could be a rule Apple enforces only for themselves, where their app icons won’t change shape, only coloration. The Photos petals are now additive color rather than subtractive.

Unfortunately, some icons appear to have lost or gained weight in dark mode. For example, the Settings gear didn’t change size in dark mode, but it appears to occupy less space because the dark circle around it blends with its background. That makes it appear smaller than the Find My icon, which now looks enormous next to FaceTime. This is a remnant of some questionable design choices in iOS 7 that have lingered now for the last decade.

[…]

Now, let’s walk through some icons I adapted into dark mode to see how we might tackle this new challenge.

Nick Heer:

I think it is safe to say a quality app from a developer that cares about design will want to supply a specific dark mode icon instead of relying upon the system-generated one. Any icon with more detail than a glyph on a background will benefit.

Also, now that there are two distinct appearances, I also think it would be great if icons which are very dark also had lighter alternates, where appropriate.

Ryan Jones:

These tinted icons are… something.

Includes a Large icon option. 🫣

Matt Birchler:

On Android, app developers need to submit their icons in a specific way to make them available for theming like this. If an app developer doesn’t do this and just has an image file for an icon, then they won’t get themed. What this ends up meaning is that icons that are set up for theming look great and those that are not stick out like a sore thumb.

[…]

iOS 18 takes a different approach, in that it will change every single icon for you, no matter what. This removes the case above where apps like Letterboxd and Readwise Reader don’t support theming, but in my view, also makes it so that every icon looks pretty bad.

Previously:

Redesigned Photos App in iOS 18

Federico Viticci:

The Photos app is getting a big redesign in iOS 18 that is surely going to take some time getting used to. The new design revolves around a single-page UI that eschews a tab bar in favor of a split-screen approach with your grid of photos shown at the top, followed by a series of collections that encompass both traditional albums, previous categories such as ‘People and Pets’ and Memories, as well as new sections such as Trips and Recent Days.

The best way to think about this redesign – which I’m sure will be debated a lot this summer – is that everything can now be considered a “collection” that you can pin for quick access to the top of the Photos UI. The top of the interface is still taken up by the regular photo grid (which you can more easily filter for content now), but that part can also be scrolled horizontally to swipe between the grid and other collections. For example, you can swipe from the grid of recents to, say, featured photos, your favorites, or any other collections you want to pin there.

[…]

It’s a lot to take in at once, and this new design can be quite daunting at first. I understand that Apple wants to try a unified design for the Photos app to put a stronger emphasis on rediscovering memories, but I wonder if maybe packing too much information all at once on-screen could be disorienting for less proficient users. The new Photos design almost feels like an exercise in showing off what Apple can build with SwiftUI just because they can; time will tell if users will also appreciate that.

The new Photos interface reminds me of the TV and Music stores, which are among my least favorite Apple designs. I never want to see horizontal scrolling.

Ryan Christoffel:

Photos in iOS 18 now puts all your content on a single screen. Similar to the Journal app introduced last year, the entirety of Photos navigation is done in a single screen that you scroll through to find all your content. That’s it. One screen, scroll up and down, scroll side to side for carousels—everything in the app lives there.

I suppose I should reserve judgement until I try it, but this sounds dreadful.

Juli Clover:

These changes to Photos are in iPadOS 18 and macOS Sequoia as well as iOS 18.

The Mac version does still have a sidebar.

Benjamin Mayo:

iOS 18 Photos app is weird. It’s like they tried to simplify it, but in reality it is now more complicated. No tab bar means there’s nothing to permanently ground navigation.

Ryan Jones:

iOS 18 Photos app is NOT going to go over well.

Waaaaaaay too little org hierarchy.

iOS 18 Photos == iOS 15 Safari

Steve Troughton-Smith:

If the new Photos app is the new poster child for ‘rewritten in SwiftUI’, hoo-boy…

Previously:

Catalyst (Not) at WWDC24

As far as I can tell, there were no Catalyst sessions this year. Apple hasn’t talked about it much since 2021.

The Mac developer page says:

Choose your app-builder technology

Another early choice to make is which app-builder technology to use for your interface. Apple’s app-builder technologies provide the core infrastructure macOS needs to communicate with your app. They also define the programming model you use to build your interface, handle events, and more.

The two technologies listed are SwiftUI and AppKit, with SwiftUI preferred. There is still a navigation bar item for Mac Catalyst, but I’m not sure Apple itself is using it much except for the apps like Messages and Home that it already ported. I wonder whether those will become SwiftUI in time. Initially, Catalyst sounded like a transition technology, but, as with Carbon, Apple didn’t paint it that way. Some in the iOS developer community like it. It started out with a lot more functionality than SwiftUI. But I don’t hear developers talk about it that much anymore, and Apple doesn’t seem to be using it for new apps. Freeform for Mac uses AppKit and nibs (along with SwiftUI). Journal curiously remains iOS-only.

Michael Love:

Catalyst appears to be dead, more-or-less.

Amber Neely:

Apple has announced a handful of new features coming to its Journal app this fall, but for reasons only it knows, the company hasn’t announced any plans to bring it to iPad.

Jesse Squires:

The iOS Journal app improvements look great.

Still a mystery why it is not available on iPad or Mac.

Even if it’s just catalyst or otherwise not customized for the other platforms, it would still be incredibly useful as is.

But instead, I’m going to be using iPhone Mirroring to use the journal app on my Mac. And that just seems so fucking dumb and absurd.

Previously:

Update (2024-06-14): See also: Steve Troughton-Smith.

Using Apple Accounts With macOS Virtual Machines

Andrew Cunningham (Hacker News):

But up until now, you haven’t been able to sign into iCloud using macOS on a VM. This made the feature less useful for developers or users hoping to test iCloud features in macOS, or whose apps rely on some kind of syncing with iCloud, or people who just wanted easy access to their iCloud data from within a VM.

Or even to run an app from the Mac App Store.

This limitation is going away in macOS 15 Sequoia, according to developer documentation that Apple released yesterday. As long as your host operating system is macOS 15 or newer and your guest operating system is macOS 15 or newer, VMs will now be able to sign into and use iCloud and other Apple ID-related services just as they would when running directly on the hardware.

Great news, but the version restrictions mean it will be most useful after the next WWDC.

Apple (via Hacker News):

Nested virtualization is available for Mac with the M3 chip, and later.

This means running a VM inside of a VM.

Marcin Krzyzanowski:

macOS virtual machine allows to install macOS AND USE ICLOUD

That is 99% what you need to have viable macOS simulator.

Miles Wolbe:

“Using a macOS 15 installer to upgrade an older VM doesn’t provide support for iCloud.”

Sadly, signing in to the App Store does not appear to be supported (for now?), returning “An unknown error occurred.”

Previously:

Apple Account

Joe Rossignol:

Earlier this year, we reported that “Apple ID” would be renamed to “Apple Account,” and this change has now been officially announced.

Wednesday, June 12, 2024

Thank You, Big Nerd Ranch

Big Nerd Ranch:

It is with a mix of emotions that we announce the upcoming sunsetting of some key aspects of Big Nerd Ranch and the transition of others. For over 23 years, we’ve had the privilege of empowering aspiring programmers through our immersive bootcamps and books. From the iconic ranch in south Georgia to the late-night coding sessions, Big Nerd Ranch has fostered a unique and beloved community for anyone looking to grow and learn new technology.This decision hasn’t been an easy one. The landscape of tech education has evolved significantly since our inception. While Big Nerd Ranch has always strived to adapt, the current environment necessitates a more substantial shift.

[…]

We are not planning on releasing any new editions of our books. Current editions will be available for the foreseeable future but will go out of print over time.

Via Tim Schmitz:

I got into developing for Apple platforms by reading Big Nerd Ranch books in the 2000s. Sad to see them go.

Same.

Previously:

Update (2024-06-13): David Kopec:

That’s too bad. Some of the best macOS, iOS, and Android books. I used them in my classes.

Rob Jonson:

what a shame, Big Nerd Ranch Bootcamp was how I transitioned from PalmOS to MacOS (they didn’t yet have a course for iOS!)

iOS RCS Support Delayed

Allison Johnson (Hacker News):

The long-awaited day is here: Apple has announced that its Messages app will support RCS in iOS 18. The new standard will replace SMS as the default communication protocol between Android and iOS devices. The move comes after years of taunting, cajoling, and finally, some regulatory scrutiny from the EU.

Unfortunately, we don’t know much else other than the fact that it’s coming in iOS 18. Apple’s website on the upcoming release does at least include one example of how RCS will look on iPhones. “RCS” appears in the text field to indicate a connection, but otherwise, it’s all pretty standard.

Green bubbles, of course.

Andrew Orr:

Apple said in its WWDC 2024 announcement on Monday that RCS support will be introduced in a software update later in the year.

However, it may not coincide with the initial release of iOS 18. Users might see RCS features become available in subsequent updates.

Last November, Apple had said that RCS would be added to iOS 17 in early 2024, so it’s disappointing to hear that it probably won’t even be in iOS 18.0.

The keynote announcement had the same energy as announcing the iPhone 15 switch from Lightning to USB-C. But I thought that was great, and I have high hopes for RCS if it can indeed improve the photo quality over MMS.

Previously:

Tuesday, June 11, 2024

Window Tiling and Snapping in Sequoia

William Gallagher:

Now with macOS Sequoia, it’s having a third go — and this time it’s mimicking third-party window management apps. There are very many of these, including perhaps the most popular, Moom.

All of them, including Apple’s new window tiling feature, let you either drag a given window to a certain spot on your screen, and then have it automatically reposition itself. It’s startling how many options there can be, but the basics that Apple does mean if you drag a window to the left, it expands out to occupy the whole left side of your display.

[…]

Apple has also copied one particularly good element of third-party window management apps. Once a window has been dragged to tile on one side or the other, dragging it back immediately resizes it to the width and height it had before.

I’ve tested this a bit, and it seems great. I’ve never understood why Apple spent 20+ years working on Mission Control, Spaces, full screen, and Stage Manager—all while mostly neglecting regular window management. (They did add the hidden Move Window to Left/Right Side of Screen commands in the Window menu, which only appear if you hold down Option and which have no built-in keyboard shortcuts.)

It’s great to have these features built-in, but I will probably still use Moom because of its more advanced tiling features and ability to reposition windows when I connect and disconnect displays.

On my Mac, with Developer Beta 1, the Window menu shows the new commands with no modifiers keys for the keyboard shortcuts. I couldn’t figure out how to type them. This screenshot shows that the modifiers are intended to be fn-Control and fn-Control-Shift, which do work on my Mac, even though I can’t see them.

Steve Troughton-Smith:

The biggest ‘finally’ of the WWDC keynote was macOS picking up Windows-style window snapping.

Craig Grannell:

What got me: someone at Apple thought it a good idea to leave gaps between the windows.

I wondered that, too, but there is a Tiled windows have margins setting to turn off the extra spacing.

Previously:

Update (2024-06-12): Jack Brewster:

I don’t think I’ll be switching away from Moom. Saved layouts, and automatic layout changes with display changes are too useful to me. And the custom window sizes with keyboard shortcuts are more useful to me than what I’ve seen with Apple’s feature.

I do think it’s a solid implementation though, and lighter-weight tiling apps will probably be Sherlocked by this.

I think Apple is leaving room for more powerful third-party utilities. I just Apple would give them better APIs to work with.

Many Tricks:

In theory, we could add support in Moom to leave space for the thumbnails, but it’s non-trivial because Apple didn’t provide a developer API to Stage Manager (which we would use to find out if it’s running, and the size and location of its thumbnails).

Tim Hardwick:

PC users have had tiling since at least Windows 7 and Aero Snap, and if you've ever used those, the new window tiling feature in macOS Sequoia will be familiar.

[…]

The dragging system is far from infallible though. If you drag a window to the side of the screen and hold it for more than a couple of seconds, you can sometimes unintentionally switch to an adjacent desktop space if one is active. It can also be quite tricky to place certain app windows so that they snap to corners.

A good reason to use keyboard shortcuts, except that the fn/globe key is hard to access on a full-sized keyboard.

Monday, June 10, 2024

Apple Intelligence Announced

Apple (preview, Hacker News, MacRumors, 9To5Mac):

Writing Tools help users feel more confident in their writing. With Rewrite, Apple Intelligence allows users to choose from different versions of what they have written, adjusting the tone to suit the audience and task at hand. From finessing a cover letter, to adding humor and creativity to a party invitation, Rewrite helps deliver the right words to meet the occasion. Proofread checks grammar, word choice, and sentence structure while also suggesting edits — along with explanations of the edits — that users can review or quickly accept. With Summarize, users can select text and have it recapped in the form of a digestible paragraph, bulleted key points, a table, or a list.

[…]

In the Notes and Phone apps, users can now record, transcribe, and summarize audio.

[…]

Natural language can be used to search for specific photos, such as “Maya skateboarding in a tie-dye shirt,” or “Katie with stickers on her face.” Search in videos also becomes more powerful with the ability to find specific moments in clips so users can go right to the relevant segment. Additionally, the new Clean Up tool can identify and remove distracting objects in the background of a photo — without accidentally altering the subject.

[…]

A cornerstone of Apple Intelligence is on-device processing, and many of the models that power it run entirely on device. To run more complex requests that require more processing power, Private Cloud Compute extends the privacy and security of Apple devices into the cloud to unlock even more intelligence.

Benjamin Mayo:

Apple today unveiled a new version of Siri, that it promises is more natural and helpful. The new Siri is powered by Apple Intelligence generative AI models.

[…]

Apple says the new Siri will understand context, so you don’t have to repeat information in subsequent requests.

[…]

Siri will have on-screen awareness about what you are currently looking at, and have the ability to take in-app actions.

[…]

App Intents will allow Siri to work deeply with first-party and third-party apps.

But will Siri be able to create a reminder with the literal text of what I said?

Hartley Charlton (9to5Mac):

Siri will determine if queries may be useful to forward to ChatGPT, and asks the user for permission to share. This enables Siri to leverage ChatGPT's image- and text-understanding capabilities with no need to jump between tools.

[…]

Siri will leverage GPT-4o for free, with no need to create an account. Requests are not logged and IP addresses are obscured.

Tim Hardwick:

has unveiled a new Image Playground feature that allows you to create generative images on the fly using a range of concepts like themes, costumes, accessories, places, and more.

You can type a description, and choose from Animation, Illustration, or Sketch, and Image Playground will create the image tailored to your preferences.

Ryan Christoffel (MacRumors):

Apple shared a new feature that will enable you to create an emoji for any occasion. Apple calls this AI-powered feature Genmoji.

[…]

Since emojis are actually unicode characters that work cross-platform, Apple’s Genmoji won’t technically work the same way as other emoji, since if they were, they wouldn’t display properly on non-Apple devices. Instead, Apple creates Genmoji as images.

Meek Geek wonders whether the hardware requirements are artificial.

Previously:

Update (2024-06-14): See also:

Tyler Hall:

Here’s the thing. This all looks amazing. But, when it comes to knowing when to pick my mom up from the airport, I’m going to have to triple-check the results with the source data to be sure the AI isn’t just making stuff up.

I’m sure Apple has this covered better than other companies, but it’s going to be a long time before I blindly trust the results of so much disparate data.

Francisco Tolmasky:

Biggest takeaway from WWDC: everyone overestimated Tim Cook and underestimated Sam Altman. Apple I’m sure thinks this is a stopgap until they can swap in their own LLMs. But OpenAI is betting this is a stopgap until they can swap in their own phone. It remains to be seen who is right here, but I can tell you that OpenAI is getting way more out of being put in front of every Apple customer than Apple is getting from finally accurately telling you George Washington’s birthday or whatever.

Mark Gurman (Hacker News:

Left unanswered on Monday: which company is paying the other as part of a tight collaboration that has potentially lasting monetary benefits for both. But, according to people briefed on the matter, the partnership isn’t expected to generate meaningful revenue for either party — at least at the outset.

JP Simard:

I initially wrote off Apple’s integration with ChatGPT as an admission of defeat, that they couldn’t develop an LLM competitive with GPT-4o or Gemini or Claude despite having near infinite resources, powerful ML co-processors in their hardware lineup going back years and some very bright people.

But now I’m beginning to see that Apple’s strategy is actually kinda brilliant in unexpected ways.

[…]

Apple is letting the rest of the industry burn money and duke it out while providing a ton of value for their customers. This has echoes of its approach to integrate 3rd party search providers, with a 2024 AI craze twist.

Steve Troughton-Smith:

I still have so many questions about ‘Apple Intelligence’ after yesterday. Does Siri just… not get better?… on anything below an iPhone 15 Pro? No improvement to the cloud-based Siri on older devices? No HomePods? Can we as developers not rely on an improved conversational, smart Siri across devices when building our new Siri features?

Jim Dalrymple:

Lots of great AI things from Apple, as expected.

I still don’t know if Siri can set a fucking timer, get reliable directions from Siri in Maps, or ask Siri for a specific song/band to be played in Apple Music.

Previously:

macOS 15 Sequoia Announced

Apple (preview, Hacker News, MacRumors, 9to5Mac):

macOS Sequoia makes Continuity even more magical with iPhone Mirroring, which allows users to fully access and engage with their iPhone — right from their Mac. A user’s custom wallpaper and icons appear just like on their iPhone, and they can swipe between pages on their Home Screen, or launch and browse any of their favorite apps. The keyboard, trackpad, and mouse on Mac also let a user interact with their iPhone, and audio even comes through. Users can seamlessly drag and drop between iPhone and Mac, and a user’s iPhone remains locked, so nobody else can access or see what the user is doing. It also works great with StandBy, which stays visible, so users can get information at a glance. Additionally, users can review and respond to iPhone notifications directly from their Mac.

[…]

Game Porting Toolkit 2 takes this to the next level with some of the most-requested capabilities from game developers, making it even easier to bring advanced games to Mac, as well as iPhone and iPad.

[…]

When a user drags a window to the edge of the screen, macOS Sequoia automatically suggests a tiled position on their desktop. Users can release their window right into place, quickly arrange tiles side by side, or place them in corners to keep even more apps in view. And new keyboard and menu shortcuts help users organize tiles even faster.

[…]

macOS Sequoia brings Passwords, a new app that makes it even easier to access passwords, passkeys, Wi-Fi passwords, and other credentials all in one place.

Joe Rossignol:

In a post on X, the leaker said macOS 15 will be compatible with all Apple silicon Macs with the M1 chip and newer, and all Intel-based Macs equipped with Apple's T2 security chip. If this information is accurate, macOS 15 would be compatible with all Macs that support macOS Sonoma, with one possible exception: the 2019 iMac.

Previously:

Update (2024-06-13): Mr. Macintosh:

The 2018 & 2019 MacBook Air models ARE DEAD

Highlights: 2017 iMac Pro & 2019 NON T2 LIVES!!!

Howard Oakley:

However, Apple Intelligence will only be available on Apple silicon Macs. Because a T2 chip isn’t required by Intel Macs, it’s possible that OCLP will enable other Intel Macs to run Sequoia.

Steve Troughton-Smith:

I think macOS Sequoia is the last release you can reasonably expect to run on Intel; half the WWDC keynote was AI features that don’t run on Intel Macs, including Xcode’s new editor functionality, and the visionOS SDK already requires ARM. You can only expect more from here. The writing is clearly on the wall; if we get next year’s release, it would be unnecessarily generous of Apple,

See also: MacStories, ArsTechnica, AppleInsider.

Michael Love:

If Apple actually wanted more advanced games on Mac, they’d make a deal with Valve to integrate Game Porting Toolkit with Steam, but that means sharing the cake and Apple does not under any circumstances share the cake.

Basic Apple Guy (MacRumors):

One of the rumours that came out right before WWDC was that Apple might be adding the ability to include ‘retro wallpaper packs’. While those are nowhere to be found in Developer Beta 1, we did get an excellent new Macintosh screensaver/wallpaper in macOS 15. This new dynamic wallpaper floats over Susan Kare’s iconic Macintosh iconography, Control Panel, and applications like the Calculator and MacWrite, Apple’s early word processor.

After a couple of hours scouring macOS Seqioua, I wasn’t able to find the file responsible for these images, so I opted for the next best option and took some high-resolution screenshots of some of my favourite parts to share before people unearth the file.

Mario Guzmán:

I guess we now have individual processes for both dynamic/animated wallpapers introduced in Sequoia.

I assume the new default wallpaper is called Helios.

I have to admit, I get happy seeing the word “Macintosh” anywhere.

Mario Guzmán:

macOS Sequoia has two new Energy widgets under the Home app.

💡Electricity Usage - Get an idea of how your home's electricity usage is trending.
💡Electricity Rates - Quickly see how your electricity is priced.

Previously:

iPadOS 18 Announced

Apple (preview, MacRumors, 9to5Mac):

With iPadOS 18, Calculator comes to iPad with Math Notes, along with new handwriting tools in Notes — all designed for Apple Pencil.

[…]

An all-new Math Notes calculator allows users to type or write out mathematical expressions and see them instantly solved in their own handwriting. They can also assign values to variables when learning new concepts in class, calculating a budget, and more. With a new graphing feature, users can write or type an equation and insert a graph with just one tap, and can even add multiple equations on the same graph to see how they relate. And Math Notes are automatically accessible in the Notes app in the new Math Notes folder.

[…]

With the power of Apple Pencil, Smart Script makes handwritten notes fluid, flexible, and easier to read, all while maintaining the look and feel of a user’s personal handwriting. Smart Script allows users to write quickly without sacrificing legibility by smoothing and straightening handwritten text in real time. And it makes editing handwritten text just as simple as editing typed text.

[…]

A redesigned tab bar floats above app content and complements the sidebar to help users stay focused on what matters most while keeping favorite tabs within reach. The new floating tab bar elegantly morphs into the sidebar so users can dive deeper into an app’s full functionality.

Previously:

Update (2024-06-13): See also: ArsTechnica.

Federico Viticci:

As I feared, iPadOS 18 is not a meaningful update for iPad users who hoped Apple would fill some of the longstanding platform gaps between the Mac and iPad. With no Stage Manager improvements, no changes to audio routing, and seemingly very little happening in Shortcuts in terms of new actions (for now), it’s hard to be excited about iPadOS 18. Sadly, everything I wrote last month in my article about iPadOS still stands today.

[…]

Unsurprisingly, pro features for iPadOS users are nowhere to be seen, adding to my concerns regarding who’s in charge of this platform and what their vision for it actually is. It’s quite telling that the marquee additions to iPad this year are…a Calculator app and a redesigned tab bar.

Marina Epelman:

Ok, when Craig said “solve math” in the keynote, I cringed and moved on since it was a fleeting moment (not really, but for argument’s sake, let’s say I have). But this shit is on their actual website. Who the hell solves a function?! What does it even mean to solve a function?!

You solve a problem. You solve an equation. You solve a riddle. A mystery. A crime.

You don’t solve a function. Or math (or maths, for that matter).

Steve Troughton-Smith:

I’m not convinced by the new floaty-morphy tab bar in iPadOS 18, and I don’t think I want to put it in any of my apps. It kinda feels like an attempt to simplify/dumb-down the iPad UI too, which is the opposite direction of where I want to see iPadOS go.

Christina Warren:

Still no actual file manager on the iPad, but we got new animations!

Steve Troughton-Smith:

Stage Manager, now entering its third year, is unchanged in iPadOS 18.

Fernando Silva:

Regarding iPadOS 18 and everything they showed we are still missing a few features. Most, if not all, have to do with Apple Intelligence. As of now, Beta 1 does not have any of the Apple Intelligence-related features. There is no new siri animations, no genmojis, no ChatGPT integration.

watchOS 11 Announced

Apple (preview, MacRumors, 9to5Mac):

The new Vitals app surfaces key health metrics and context to help users make more informed day-to-day decisions, and the ability to measure training load offers a game-changing new experience when working out for improved fitness and performance. Activity rings are even more customizable, the Smart Stack and Photos face use intelligence to feature more individualization, and Apple Watch and the Health app on iPhone and iPad offer additional support for users who are pregnant. Check In, the Translate app, and new capabilities for the double tap gesture come to Apple Watch for added connectivity and convenience.

Chance Miller:

watchOS 11 will drop support for the Apple Watch Series 4, Apple Watch Series 5, and the original Apple Watch SE.

Previously:

tvOS 18 Announced

Apple (MacRumors, 9to5Mac):

With tvOS 18, intelligent new features like InSight — and updates to Enhance Dialogue and subtitles — level up cinematic experiences, while new Apple Fitness+, Apple Music, and FaceTime capabilities get even better on users’ biggest screen. The Home app gains new features with iOS 18, like guest access and hands-free unlock with home keys, delivering effortless and secure access to the home.

[…]

Enhance Dialogue gets smarter with tvOS 18, leveraging machine learning and computational audio to deliver greater vocal clarity over music, action, and background noise on Apple TV 4K.

[…]

For even more convenience, subtitles now automatically appear at just the right moments with tvOS 18, including when the language in a show or film does not match the device language, when users mute, or when they skip back while watching something.

Previously:

Update (2024-06-12): Sigmund Judge:

A new addition to Apple TV+, InSight gives users real-time access to information about the actors and their characters onscreen, as well as the soundtrack in a given scene, allowing viewers to quickly add that song or musical performance to an Apple Music playlist to enjoy later. Much like Amazon Prime Video’s X-Ray feature that came before it, there’s lots of fine granular detail that could be added to InSight before its fall launch, but this is a great start.

In addition to accessing InSight on the big screen, users will also be able to view real-time actor, character, and music information through the Remote app found in Control Center on iOS and iPadOS, allowing access to the same information for a distraction-free experience when watching with friends and family.

[…]

While the latest iteration of Apple’s big-screen entertainment experience may not offer the grand reinvention some might have hoped for, the ninth iteration of tvOS does introduce a handful of welcome enhancements.

iOS 18 Announced

Apple (MacRumors, 9to5Mac):

Users will be able to arrange apps and widgets in any open space on the Home Screen, customize the buttons at the bottom of the Lock Screen, and quickly access more controls in Control Center. Photo libraries are automatically organized in a new single view in Photos, and helpful new collections keep favorites easily accessible. Mail simplifies the inbox by sorting email into categories using on-device intelligence, and all-new text effects come to iMessage. Powered by the same groundbreaking technology as existing iPhone satellite capabilities, users can now communicate over satellite in the Messages app when a cellular or Wi-Fi connection isn’t available.

[…]

Locked and hidden apps offer users peace of mind that information they want to keep private, such as app notifications and content, will not inadvertently be seen by others. Users can now lock an app; and for additional privacy, they can hide an app, moving it to a locked, hidden apps folder. When an app is locked or hidden, content like messages or emails inside the app are hidden from search, notifications, and other places across the system.

[…]

In Apple Maps, users can browse thousands of hikes across national parks in the United States and easily create their own custom walking routes, which they can access offline. Maps users can also save their favorite national park hikes, custom walking routes, and locations to an all-new Places Library and add personal notes about each spot.

Tim Hardwick:

iOS 18 will be compatible with the same iPhone models as iOS 17[…] iOS 18 will be compatible with the iPhone XR, and hence also the iPhone XS and iPhone XS Max models with the same A12 Bionic chip, but older iPhone models will miss out.

Ryan Christoffel:

One major new feature will enable using the Messages app even when you don’t have a Wi-Fi or cellular connection.

Benjamin Mayo:

iOS 18 includes Tap to Cash, a new way to send money to your friends using Apple Pay Cash. By simply bringing your phone close to a friend, you can send money instantly – transferring from your Apple Cash account.

It’s like AirDrop, but for sending money.

Tim Hardwick:

In iOS 18, when you invoke Control Center with a swipe down from the top-right of your iPhone's screen, you can continuously swipe to get to more control center screens. There's a new controls gallery that lets you customize the controls you see, and you can change the size of buttons to emphasize priority. Additionally, developers can include controls from their own apps, enabling quick access to controls like remotely starting a car, for example.

Apple (MacRumors):

Siri Interactions allow AirPods Pro users to privately respond to Siri with a simple head nod yes or shake no. For even clearer call quality, Voice Isolation comes to AirPods Pro, helping ensure the caller’s voice is heard in loud or windy environments. AirPods updates also significantly reduce audio latency while gaming, and add Personalized Spatial Audio for even more immersive gameplay.

Joe Rossignol:

iMessage is finally getting bold, italics, underline, and strikeout options, along with all-new text effects that allow you to animate individual words in a message.

Apple has redesigned the Tapback icons like the heart, thumbs up, thumbs down, and exclamation marks to be more colorful on iOS 18, and the Tapback system now works with any emoji too.

Previously:

Update (2024-06-13): See also: ArsTechnica, MacStories, Hacker News, Macworld, AppleInsider.

Malcolm Owen (MacRumors, 9To9Mac):

Under iOS 18, it is possible to change how wide or narrow the beam of light is for some later models of iPhone.

Tim Hardwick:

As part of its Home Screen customization overhaul, iOS 18 lets iPhone users hide the labels on app icons for a cleaner look.

Juli Clover:

One of the interesting new features coming in iOS 18 will let you automatically record and transcribe your live phone calls through the Phone app.

Benjamin Mayo:

A long-requested feature for Android users switching to iPhone is the addition of T9 dialling. This is a shortcut to dialling phone numbers from your address book, by typing in letters on the keypad.

Juli Clover:

Apple revamped the iCloud section of the Apple Account (formerly Apple ID) that’s available in the Settings app. The redesigned interface has much of the same functionality, but a “Saved to iCloud” feature makes it clearer how storage is being used.

visionOS 2 Announced

Apple (preview, MacRumors, 9to5Mac):

With visionOS 2, users can revisit past memories by creating spatial photos directly from their library in the Photos app. visionOS uses advanced machine learning to transform a 2D image into a beautiful spatial photo that truly comes to life on Vision Pro.

[…]

Later this year, Canon will offer a brand-new spatial lens for its popular EOS R7 digital camera to capture gorgeous spatial video, even in challenging lighting conditions. An update to Final Cut Pro will enable creators to edit spatial videos on their Mac and add immersive titles and effects to their projects, and with the Vimeo app designed for Vision Pro, users will be able to upload and share spatial videos for others to discover and enjoy.

[…]

visionOS 2 makes navigating Apple Vision Pro faster and easier for users to access key functions with new hand gestures to get to frequently used features like Home View and Control Center.

[…]

Later this year, Mac Virtual Display will feature a higher resolution and larger size — creating an ultra-wide display that is equivalent to two 4K monitors side by side. To create the perfect workspace, visionOS 2 also adds mouse support for additional workflow options, and Vision Pro will now reveal the user’s physical Magic Keyboard — even when they are fully immersed in an Environment or app.

Previously:

Update (2024-06-12): See also: Hacker News.

Samuel Axon:

Vision Pro users hoping for multiple virtual Mac monitors will be disappointed that's not planned this time around, but Apple plans to add the next-best thing: Users will be able to take advantage of a larger and higher-resolution single virtual display, including a huge, wraparound ultrawide monitor mode that Apple says is equivalent to two 4K monitors.

[…]

A lot of the improvements that will lead to better apps come in the form of new developer APIs that will facilitate apps that really take advantage of the spatial features rather than just being flat 2D windows floating around you—something we noted as a disappointment when we shared our impressions of the device. Some APIs help create shared spatial experiences with other Vision Pro users who aren't in the same room as you. One of those, TabletopKit, is focused on creating apps that sit on a 2D surface, like board and card games.

Wes Davis:

But the company glossed right over some of the most sorely needed features that it’s adding to visionOS — and those quieter changes make for a much more exciting update.

After the update arrives this fall, you’ll be able to see a Magic Keyboard while you’re working in a virtual environment, use any Bluetooth mouse you want, and rearrange your homescreen icons — including putting iPad and iPhone apps where you want.

[…]

Apple says the Vision Pro will also start saving eye and hand setups for guest users for 30 days, too. It’s been nothing short of a pain to share a Vision Pro with anyone because each time you pop it in guest mode, that person has to go through setup all over again.

[…]

Lastly, when you encounter a video on the web, you’ll be able to break it out into a free-floating video player — something Apple was bound to do since neither YouTube nor Netflix have built apps for the Vision Pro.

[…]

Here’s a brief list of additional features it notes are on the way[…]

Malcolm Owen:

Here’s what’s coming in visionOS 2.0.

mb bischoff:

lmao at Vimeo making a visionOS app for Spatial Video after literally killing their Apple TV app in 2023…

Colin Cornaby:

I was a little disappointed to see a lack of conversation around gaming on visionOS. visionOS isn’t really a gaming platform - so kind of understandable. But it does feel weird I’m considering buying a Quest to play the Riven remaster when I have a perfectly good Vision Pro.

Steve Troughton-Smith:

By the way, we’re now a full year on and Apple never did ‘get back to [you] soon’ re the application for a Vision Pro Developer Kit. Just crickets, for twelve months.

Steve Troughton-Smith:

New in visionOS 2.0, you can create UI that changes when looked at, much like some of the existing system experiences.

Friday, June 7, 2024

WWDC 2024 Preview

Apple:

From the Keynote to the last session drop, here are the details for an incredible week of sessions, labs, community activities, and more.

Juli Clover:

The updated version of the Developer app will host 2024 session videos, 1-on-1 labs with Apple engineers and designers, and more.

As far as I can tell, the app has the same old problems. I insta-deleted it when I realized that it still hijacks links opened in Safari.

Juli Clover:

The Vision Pro version of the Apple Developer app has a special immersive Environment included that can be used as a backdrop for watching session videos when WWDC begins next week.

Apple (MacRumors):

Every year, the Apple Design Awards recognize innovation, ingenuity, and technical achievement in app and game design. But they’ve also become something more: A moment to step back and celebrate the Apple developer community in its many forms.

Craig Hockenberry:

The next thing you know, they’re going to be giving the answers to Stump The Experts before WWDC starts.

Joe Rosensteel:

Here’s what Apple can learn from the mistakes other companies are making when it comes to demonstrating AI prowess.

Jason Snell:

But this isn’t just Apple’s chance to show it’s doing AI right. It’s also an opportunity to redefine the conversation about AI to make it more substantive and results-oriented–and, of course, to make Apple look better while doing it.

Howard Oakley:

If Apple sticks to its normal timetable, that would bring the release of Xcode 16 with Swift 6 in mid-September.

This is the first major version of Swift for five years; version 5 was distinguished with its introduction of a stable binary interface (ABI), a key milestone in its evolution since its first release ten years ago. Central to the changes in Swift 6 is structured concurrency that encapsulates threads with proper controls.

Jordan Morgan:

Our favorite annual conference is near, which means that the TENTH(!!) annual edition of the Swiftjective-C W.W.D.C. Pregame Quiz is ready to go!

The macOS App Icon Book is currently 20% off with coupon code DROP20.

See also: Who’s Going to WWDC24?, WWDC24 Wallpaper, How to Process WWDC, Dithering.

Previously:

Update (2024-06-12): Basic Apple Guy:

This is my fourth annual dub-dub Bingo Board and one of the hardest to devise.

Apple Mail’s Broken “Block All Remote Content”

Jeff Johnson (Mastodon):

Mail app on macOS has a privacy setting Block All Remote Content that prevents downloaded emails from connecting to the internet. For example, HTML emails frequently include image links, which can be used for tracking: when the image is loaded from a remote server, the owner of the server knows that you’ve opened the email! Block All Remote Content is supposed to prevent this kind of tracking, and it did… until macOS Sonoma.

[…]

The remote connection attempt doesn’t occur when I open the email. […] In this case, the remote connection attempt occurred when I opened Mail app itself and the new email was downloaded.

What would we do without Little Snitch?

Import and Export From Apple Notes

John Gruber:

I worry that import and export aren’t priorities for Apple. Apple Notes can import RTF and plain text files, but its only option for exporting is, bizarrely, PDF — which is a file format Notes can’t import. A good system for import/export would allow for full fidelity round-tripping. You should be able to export to a file or archive format that Notes can also import, without losing any formatting, metadata, or image attachments. Notes doesn’t even try. And if Notes still doesn’t support robust import/export, 17 years after it debuted as one of the original iPhone apps in 2007, we probably shouldn’t hold our breath for Journal.

Open formats are where it’s at.

Previously:

No Bounty for Kaspersky

Alexander Martin (via Damien Petrilli):

Apple declined to issue a bug bounty to the Russian cybersecurity company Kaspersky Lab after it disclosed four zero-day vulnerabilities in iPhone software that were allegedly used to spy on Kaspersky employees as well as Russian diplomats.

[…]

Operation Triangulation, as the spying campaign was named, was “definitely the most sophisticated attack chain we have ever seen,” the Kaspersky researchers said, with an explanation of it including 13 separate bullet points.

[…]

On the same day as Kaspersky’s disclosure, Russia’s Federal Security Service (FSB) accused the United States and Apple of having collaborated to enable the U.S. to spy on Russian diplomats.

[…]

Although Kaspersky is not specifically sanctioned in the United States in relation to the Ukraine conflict, the Department of Homeland Security had previously banned its products from government use on security grounds due to the level of control anti-virus software requires on a computer and the risks attached to that control for a company based in Russia.

See also: MalwareTips.

Previously:

Update (2024-06-12): Arin Waichulis (Hacker News):

Galov even proposed that Kaspersky donate the bounty to charity, but Apple rejected this, citing internal policies without explanation. It’s not uncommon for research firms to donate bounty payments from large companies to charity. Some perceive it as an extension of their ethical obligation, but it undeniably contributes to a positive reputation within the security community.

[…]

According to Apple’s Security Bounty Program, the reward for discovering such vulnerabilities can be up to $1 million. It’s crucial to maintain this reward, as non-reported iOS zero-days can sell for well north of a million dollars in corners of the dark web.

[…]

Additionally, per Apple Security Bounty’s terms and conditions, “Apple Security Bounty awards may not be paid to you if you are in any U.S. embargoed countries or on the U.S. Treasury Department’s list of Specially Designated Nationals, the U.S. Department of Commerce Denied Person’s List or Entity List, or any other restricted party lists.”

It doesn’t seem like giving it to charity would violate the sanctions.

Nick Heer:

Kaspersky discovered this malware. It has affected devices running versions up to iOS 15.7, and it has been seen in use as early as 2019.

Dan Goodin (via Hacker News):

According to officials inside the Russian National Coordination Centre for Computer Incidents, the attacks were part of a broader campaign by the US National Security Agency that infected several thousand iPhones belonging to people inside diplomatic missions and embassies in Russia, specifically from those located in NATO countries, post-Soviet nations, Israel, and China. A separate alert from the FSB, Russia's Federal Security Service, alleged Apple cooperated with the NSA in the campaign. An Apple representative denied the claim.

Kaspersky Lab (via Hacker News):

This script allows to scan iTunes backups for indicator of compromise by Operation Triangulation.

Thursday, June 6, 2024

WWDC 2024 Wish Lists

I always want releases focused on bug fixes, but we all know that isn’t going to happen. If we’re dreaming big, how about something like virtual memory for iOS so that it stops losing my Safari tabs?

Cihat Gündüz:

From a SportsKit API and .zoom modifier in SwiftUI, over improved SwiftData and source control in Xcode, to my biggest pain points in tvOS and visionOS, and much more! Blending long-standing requests with fresh ideas.

John Gordon:

In particular it would be rather nice if the courts decide that Apple uses Photos lock-in as a part of its monopoly.

[…]

Here are two ways that Apple could free photo management from their iron control and provide options for the tiny sliver of the Apple base that cares.

Matt Birchler:

I think they have too much power in too many industries and the more they spread out the less they can focus on the parts of their business that I personally enjoy the most.

Steve Troughton-Smith:

If all macOS 15 does is remove that stupid emoji-palette-blocking autocomplete popup that Sonoma added, I will be happy. Adding an extra step to something I do a hundred times a day, without giving an option to turn it off? Genius.

Brian Webster:

My number 1 wish for macOS 15 is support for SMS filtering in Messages. I have an app that works great on iOS but all the spam still shows up on my Mac unless I shut off text message forwarding altogether. But if I do that then I can't autofill two factor codes on my Mac. Grrrrr.

Dave DeLong:

All I want for WWDC is for this to be fixed.

Mike Cohen:

I still want them to fix the thing where just looking at a xib without changing anything modifies it.

Craig Hockenberry:

Are we absolutely sure we want AI features in Xcode?

Ryan Jones:

  • iMessage group typing indicators
  • iMessage draft sync
  • iMessage emoji tapbacks
  • First tap works on Always On Display
  • Mail secondary inbox
  • iMessage expiring threads
  • Photos stack similar pics
  • Siri reboot
  • paste hyperlinks on text
  • Warn about high refund rate apps
  • AI merge group photos for smiles
  • Rotation lock except video
  • Live Activities queue offline events
  • Don’t offload recent photos!
  • “5G Minimal” option
  • AI emoji suggestions
  • AI Memoji
  • Native spam call filter

Scott Anguish:

This is my short list of what I’d love to see added to SwiftUI and Xcode.

Aaron Pearce:

It is the time of the year that I start compiling my list of HomeKit feature requests that will be promptly be ignored by the team at Apple.

Jeff Johnson:

Move the iPhone call and end call buttons away from each other on the screen.

Christian Beer:

Just fix Xcode so that it works again!

Harshil Shah:

Smart charging reminders. They’ve got all the usage data and calendar info, it’s all right there!

Just remind me to charge my watch because I’m gonna go to sleep and then off to the gym as soon as I wake up.

Rob Napier:

I know it’s a really hard thing to do well, and it isn’t in the top 10 things I hope to be improved in Xcode, but I still wish Xcode could handle Arabic string literals without getting so confused.

Mr. Macintosh:

Below is a list of possible macOS 15 features. NOTE: You can only pick 2.

Ryan Jones:

Hopes for a better Control Center:

  1. Big clear single tap audio output
  2. Pick home controls
  3. Any shortcut
  4. Hide less in long presses
  5. Rotation lock except video
  6. All buttons are customizable
  7. No double button in Focus Modes
  8. Mini TV Remote at first level

Benjamin Mayo:

For tvOS 18, Apple should just add whatever format/codec support is needed to get BBC iPlayer to stream in 4K and with subtitles.

John C. Welch:

  1. documentation that isn’t header regurgitation written by people who think only incompetents need documentation.
  2. Apple actually dogfooding beyond their own convenience.
  3. full-throated support for automation, both Shortcuts and AppleScript/JXA (or even a more swift-based language)

Tim Schmitz:

[Make] it easier and more reliable for Siri to do basic things.

Dave DeLong:

iOS SMS filtering needs to apply to messages that are forwarded to my Mac.

It’s a straight-up bug that things that I’ve explicitly said to block on my phone are still causing alerts and badges on my Mac.

Christian Beer:

[Bring] back speed and stability to LLDB

David Smith:

These are minor annoyances or little things which have bugged me in the last year.

Steve Troughton-Smith:

Every time I see some B-roll with a MacBook entering Mission Control or Exposé, it makes me wish iPad had that instead of Stage Manager. Unlimited windows, that can be tiled on a key press, and Fullscreen Spaces that you can flip through with the trackpad

Mitchell Cohen (Mastodon):

WWDC is almost here, so it’s a good time to talk about the @1Password browser extension for Safari, its history, challenges, and the future — what we’re working on and what we’d like to see from Apple, Safari, and the web platform.

[…]

Safari’s implementation of the spec is new. There are missing/incomplete APIs which must be worked around, and others which simply do not work.

[…]

This mandatory layer of indirection has unique bugs and reliability issues, most of which are outside of a developer's control, on both Mac and iOS.

Sebastiaan de With:

I really want only one thing from WWDC24 and that’s One True Gear (I vote VisionOS)

Sam Rowlands:

Every year my wish for WWDC is that they DON’T release a new version of the macOS, just fix the bugs in the current one.

Next year, release an optimized version that cuts the bloat, and improves performance.

Rob Jonson:

Swift Package Management that works like Ruby Package management.

Nick Heer:

Apple still has not fixed the bug in Mail where the All Inboxes view does not show huge numbers of recent emails.

Mine keeps loading today with a near three-month gap in which messages are visible.

Joe Rosensteel:

For a few years (2016, 2017, 2018) I wrote a specific post before WWDC about updates I was hoping to see for tvOS. These were never requests for those features to be built in a few days, but things I was hoping had already occurred to Apple, like the many years I put picture-in-picture on the list before it occurred to someone at Apple to ship it in 2020.

I stopped writing these posts because fewer and fewer updates were coming out for tvOS, in general, and those that were were often tied to new hardware launches usually occurring late in the Fall.

[…]

Knowing that it’s very unlikely we’ll see anything from Apple for the Apple TV this summer, I’ll offer a critique of where things are at instead, and offer some possible solutions ranging in complexity.

mb bischoff:

I’m hoping for thoughtful integration of LLMs across the OSes, performance and reliability updates for core services, and the introduction of a few power-user tweaks and long-missing features.

Some of these ideas have been inspired by others’ wishlists, and where applicable, I’ve included those references.

Previously:

Update (2024-06-07): Craig Grannell:

A switch in Settings to turn off the Home indicator.

[Overriding] the daft iCloud Photos sync. Drives me bonkers.

Der Teilweise:

Fix the handling of bug reports!

It’s been 12 years since “Fix Radar or GTFO” but little (if anything) has improved.

Warner Crocker:

Apple’s iCloud has gotten so much better since its initial debut, but these problems remain and keep getting put off year after year. Most notably, users aren’t freely allowed any control over syncing when things appear stuck.

Christian Beer:

„Build better document-based apps" with a „real" app example, not a simple Markdown editor. One that uses NavigationSplitView in the UIDocumentViewController

Christian Beer:

Another thing added to my WWDC wishlist for macOS: video controls in picture-in-picture videos. I mean... does somebody at Apple even use this?!

Miguel de Icaza:

Search option on the Journal app.

Updated Adobe Terms of Use

Ben Lovejoy (via John C. Randolph):

A change to Adobe terms & conditions for apps like Photoshop has outraged many professional users, concerned that the company is claiming the right to access their content, use it freely, and even sub-licence it to others.

The company is requiring users to agree to the new terms in order to continue using their Adobe apps, locking them out until they do so …

Adobe says that its new terms “clarify that we may access your content through both automated and manual methods, such as for content review.”

[…]

Concept artist Sam Santala pointed out that you can’t raise a support request to discuss the terms without first agreeing to them. You can’t even uninstall the apps!

Brandon Lyttle (via Hacker News):

This has caused concern among professionals, as it means Adobe would have access to projects under NDA such as logos for unannounced games or other media projects. Sam Santala, the founder of Songhorn Studios noted the language of the terms on Twitter, calling out the company’s overreach.

As with Slack, I doubt there’s nefarious intent here, but why can’t these documents be written in a more narrow way to allay people’s fears? Right now it says that “Our automated systems may analyze your Content[…] using techniques such as machine learning.” And they define “Content” as including anything that you create using their software. The machine learning FAQ says that they “don't analyze content processed or stored locally on your device” and that you can opt out. I’m not sure whether there’s any legal force to a FAQ linked from a ToS.

See also: Theodore McKenzie, Penny Horwood, Reddit.

Previously:

Update (2024-06-07): See also: Hacker News.

Mike Wuerthele:

We saw that furor, and reached out to Adobe about it. Then, they issued an unclear statement on the matter, saying that the terms had always been this way.

“Adobe accesses user content for a number of reasons, including the ability to deliver some of our most innovative cloud-based features, such as Photoshop Neural Filters and Remove Background in Adobe Express, as well as to take action against prohibited content,” the company said at the time. “Adobe does not access, view or listen to content that is stored locally on any user’s device.”

[…]

They finally said something concrete on Thursday night.

[…]

The company says that it will be clarifying the Terms of Use acceptance to reflect the details of Thursday’s post. It’s not clear when this is going to happen.

He does think the post addresses all the issues, either.

Glenn Fleishman:

Adobe did the thing companies that host and sync data keep doing: they updated their terms in what is a reasonable way without a) giving advance warning and a thorough explanation and b) realizing that the legal niceties sound horrifying to an average person. Adobe can’t legally safely host your content without a license. This updates mostly adds compliance issues that are govt focused—and should be examined.

mcc:

I don’t think this “explanation” helps at all. They don’t justify why this data needs to be on their server rather than at rest on the user computer, and I don’t see where they make it clear what you’d need to do to prevent exfiltration to “the cloud” or applicability of the bad terms. Some of the justifications they give as to when and why they apply tos terms are either so elastic they could mean anything (“to improve the service”) or are the exact features people are afraid of (“AI”).

Update (2024-06-12): Scott Nover (via Hacker News):

According to a post on its blog, the company is not training its A.I. model on user projects: “Adobe does not train Firefly Gen AI models on customer content. Firefly generative AI models are trained on a dataset of licensed content, such as Adobe Stock, and public domain content where copyright has expired.” The post claims that the company often uses machine learning to review user projects for signs of illegal content, such as child pornography, spam, and phishing material.

Although an outside spokesperson for Adobe simply pointed me to the blog post, Belsky offered a view into the consternation inside the company, admitting on X that the wording of the terms of use was confusing. “Trust and transparency couldn’t be more crucial these days, and we need to be clear when it comes to summarizing terms of service in these pop-ups,” he wrote.

Despite the cleanup efforts, this episode demonstrates how gun-shy everyone is about generative A.I. And perhaps there’s no population that has been more wronged here than creative professionals, many of whom feel that generative A.I. companies have illicitly trained their image-, video-, and sound-generation models on copyright works. Big Tech is splitting its loyalties between serving its existing audiences and taking advantage of self-propagating hype for generative A.I. But by doing this, it risks alienating loyal customers. No one wants to be treated like training data—even if that’s what we all are.

Adam Engst:

It feels like we’re descending into a morass of miscommunication, with examples from companies large and small, including Slack, Bartender, and Adobe.

[…]

Slack’s error lay in failing to update its privacy principles as generative AI became a thing. In contrast, Adobe got in trouble for updating its terms of use—and requiring users to agree before they could use Photoshop or other Adobe apps. (Apparently, you couldn’t even uninstall Photoshop without agreeing.)

[…]

That’s not to criticize the people who did freak out. Yes, many of them were playing to a social media audience and exaggerating the potential downside, but the resulting media attention may have been necessary to get these companies to update their documents, clarify what they meant, and back down from potentially problematic changes.

On the other hand, it’s painfully obvious that companies need to do a better job with corporate communications.

Right now, we just have of bunch of tweets and blog posts clarifying Adobe’s intent. I would like to see the Adobe General Terms of Use updated to say, directly in the document, what people actually want to know:

Currently, the document is written very broadly, I guess to protect Adobe, but from the customer’s point of view it seems to be full of loopholes.

Previously:

MarketplaceKit License Renewal Problems

Mysk:

Several iOS apps installed from alternative marketplaces stopped working after some time. Some are grayed out and can’t be opened or deleted. Others crash on launch because MarketplaceKit can’t renew the license. How would users recover their data when apps end up like this?

Oleksandr Bilous:

Technically, apps doesn’t crash, they are just terminated due to invalid license. But for me this UX is definitely looks like crash and users associated behaviour with crash on launch.

I’m not sure whose bug this is, but the system is way more complicated than it needs to be, which creates more opportunities for problems.

appdb:

All this is done by Apple just to get a “checkmark” for “compliance”. They aren’t interested in this in any way. Only independence from Apple allows customers to install apps outside their app store without any problems.

Previously:

Windows 11 Requires Microsoft Account

Laura Pippig (via Hacker News):

Before PC users can enjoy everything Windows 11 has on tap, they must first enter an e-mail address that’s linked to a Microsoft account. If you don’t have one, you’ll be asked to create one before you can start setting it up.

A frequently used trick to circumvent this block is a small but ingenious step. By entering a random e-mail address and password, which doesn’t exist and causes the link to fail, you end up directly with the creation of a local account and can thus avoid creating an official account with Microsoft.

[…]

This common method no longer seems to work, as Microsoft has apparently patched this bug. Instead of skipping the account link, you’re led into a kind of continuous loop that doesn’t end until you have entered the correct email address.

Previously:

Wednesday, June 5, 2024

Bartender Acquired by Applause Group

Juli Clover (Reddit, Hacker News, Mac Power Users Talk, AppleInsider):

Popular Mac app Bartender appears to have been quietly sold approximately two months ago, with neither the prior owner nor the current owner providing customers or potential customers with information on the sale.

[…]

Bartender’s new owners replied to the Reddit thread and confirmed that Bartender had been acquired, but did not explain why customers had not been notified nor why there had been a certificate change without said explanation.

[…]

Reddit users asked Bartender’s owners for more information on their identity, but there was no response.

Jason Snell:

These things happen—no developer should be chained to their software forever—but it’s odd that (anonymous?) new owners could appear without any communication to existing Bartender customers beyond a note saying a certificate had been changed. It’s Apple’s rules around signing app binaries, and the attention of MacUpdater, that brought this out into the open at all.

A glance around the Bartender website does reveal that while Surtees celebrated 12 years of Bartender in a blog post announcing version 5, posts from 2024 read more like SEO spam, with “key takeaways” summaries at the top, followed by unrelated Mac tips, followed by a pitch for Bartender.

Jonas Wisser:

The transaction needs to be acknowledged and endorsed by both the seller and the buyer. Otherwise it looks like one or the other (or both) are trying to pull something.

Jeff Johnson:

I am doing fine, hope to be an indie dev forever, have no plans to sell StopTheMadness, and indeed never had an acquisition offer, but if someone totally mad offered me $millions for it, I absolutely would owe my customers an announcement.

Don’t let anyone tell you otherwise. It’s a sacred responsibility to run my native code on other people’s computers, and I take that responsibility seriously. Your customers trusted you, and any developer who violates that trust harms all other developers.

Jeff Johnson:

1) A comment by MacUpdater about the new Developer ID code signing certificate. Before it became Bartender App LLC it was temporarily App Sub 1 LLC, a name shared by a number of iOS App Store apps.

2) A tweet from a Chinese software distributor claiming that the new owner of Bartender is applause.dev

ran mak:

This is the same group that acquired and then fucked up VoiceDream by forcing users to a subscription model even if they had paid the full price when it first came out (they later backtracked).

A few weeks ago, I heard from a reader who said that:

[The] app now attempts to connect to Amplitude and to export analytics without, as far as I can tell, making this clear. I found my Wi-Fi MAC address in the Analytics’ JSON trail, which is dirty at best and a gross violation of GDPR at worst.

[…]

The release notes for the latest update did not make the change in certificate clear, only explaining that macOS would prompt for permissions again due to an issue in the TCC database — which is sadly riddled with bugs, making the explanation perfectly plausible.

Greg Pierce:

I don’t know anything about Bartender, but I do know that acquisition by a private equity backed app farm is one of the only practical exit strategies for indie developers who are looking to move on from a project, so expect it to happen again.

I think this not inherently bad, there are such organizations that are reputable, but certainly there are plenty that are not.

Craig Hockenberry:

The problem with Bartender is that you are giving Accessibility and Screen Recording permissions to an unknown entity.

With Accessibility APIs you can control the Mac (including other apps). With Screen Recording APIs you can see everything that’s happening.

Both of those things require trust, and the new owners being silent about the matter does not gain that.

Craig Hockenberry:

If you have Bartender currently installed, I would not assume that dragging the app to the trash is enough to get rid of it.

Again, since it has a higher level of access than other apps, there may be things lurking around.

Christian Tietze:

Marco (@esamecar@social.lol) posted a list of alternatives. From that list, I filtered out MAS-only and Chinese-subtitled apps[…]

As I was about to hit Publish, I saw that the original developer, Ben Surtees, had finally made an announcement:

After the release of Bartender 5, I came to the realization that supporting all the users and maintaining the app at the high standard I expect and you deserve was too much for one person. It required a dedicated team that could provide continuous support, innovate, and keep up with the fast-evolving macOS landscape. This realization led me to make a difficult decision.

Three months ago, I sold Bartender to Applause, a company with the resources and expertise to take the app to new heights. Applause shares my vision for Bartender and is committed to maintaining its core values while bringing in new features and improvements. I truly believe they are the right team to continue the journey and ensure Bartender remains a valuable tool for all of you.

I understand that the transition hasn’t been entirely smooth. Recently, there was a change in the signing certificate for the app, and unfortunately, this change wasn’t communicated properly to you, our loyal users. I apologize for any confusion or concern this may have caused.

Previously:

Update (2024-06-06): Christian Sonnenfleck:

A bit curious that Applause’s website looks like a ripoff of Tiny.com.

Stephen Hackett:

I take slight exception with his explanation of Notarization.

Michael Schmitt:

What’s the latest release you can download that is from before the acquisition, and doesn’t include the new Amplitude telemetry framework? […] The reddit article gives links for previous versions, but also says that the size of 5.0.51 jumped from 8 to 10 MB when the telemetry was added and it was re-released.

It seems that the last Surtees version, 5.0.51, has been removed. [Update: The correct link still works.]

qforzy:

I’m an extremely long-time Bartender user. I hope this doesn’t sound like I’ve donned my tinfoil hat, but I am concerned that there is no assurance that the above statement actually comes from Ben Surtees.

It seems likely that both sites where this statement was posted are currently under the control of Applause. As a commenter on the original Reddit thread has pointed out, an ICANN lookup indicates that the registration of surteesstudios.com was updated in February 2024, and that domain is currently redirecting to macbartender.com (try loading https://www.surteesstudios.com/foo and you are taken to a 404 page on the macbartender.com domain). People are reporting that emails to the original developer’s bens@surteesstudios.com email address have been bouncing for months.

If you don’t believe the domain is under his control then there would be no reason to trust the e-mail address, either. Or maybe he sold the whole business, not just the app. How can one prove identity online? There doesn’t seem to be a Twitter account, but any online account could be transferred, anyway. I guess he could go on an another podcast? But I see no reason to doubt the simplest explanation.

Adam Engst:

Instead, this was merely a case of botched PR. As a friend with a decades-long career in the field once told me, the goal of PR is to tell the truth and tell it first.

It is a bit strange given that acquiring indie apps is Applause’s whole thing, evaluating “hundreds of acquisitions” since 2020. You would think they would know how to do this smoothly.

Earth759:

I find it hilarious that the new owners decided to just take a randomly generated reddit name instead of taking the 5 seconds to change it to something more official like “BartenderAppLLC” to try and assure users.

Also the fact that they said they offered a subscription instead of actually saying it’s setapp just further shows me there is a lack of due care that makes me weary like the others in the thread.

It’s also worth noting they have just raised the price of every option of the app. I was looking to upgrade to a lifetime license a couple of days ago and I know for a fact it was for $30 (now $38). Regular license I believe was $16 now it’s $22.

Tim Hardwick:

Bartender is not the only app of its kind. So unless Apple ever gets round to integrating better menu bar management into macOS, here are some alternative menu bar utilities that are worth considering.

Update (2024-06-07): Adam Engst (Mastodon):

Since the initial publication of this piece, I have corresponded via email with Ben Surtees, who confirmed that he wrote the post.

Update (2024-06-12): jimblock:

Applause issued a new version 5.0.53, explaining (and apologizing) for the bad way they released it. The new version removes the Amplitude digital analytics framework entirely, explaining that they initially included it (as Adam said in his note) to get an idea of the user base.

See also: Reddit.

Screen Time Bugs

Joanna Stern (tweet):

Porn, violent images, illicit drugs. I could see it all by typing a special string of characters into the Safari browser’s address bar. The parental controls I had set via Apple’s Screen Time? Useless.

Security researchers reported this particular software bug to Apple multiple times over the past three years with no luck. After I contacted Apple about the problem, the company said it would release a fix in the next software update. The bug is a bad one, allowing users to easily circumvent web restrictions, although it doesn’t appear to have been well-known or widely exploited.

Parents who read this aren’t surprised. Apple’s Screen Time has seen more bugs than a soda spill on a summer’s day. Many report that the app time restrictions they set for kids—say, one hour for YouTube—don’t work. Last year Apple told my colleague Julie Jargon that it fixed a bug where kids could use their devices even during preset Downtime hours. When my son requests to download a new app, I often don’t get a notification, and the Screen Time interface doesn’t always accurately show how much my kids or I are using our devices.

The WSJ also wrote about Screen Time bugs last summer.

Mark Jardine:

As a parent who heavily relies on Screentime to keep my kids safe and prevent them from staring at a screen all day, I agree that the whole service is super buggy, feels like an afterthought, and there seems to be loopholes around everything. And it’s been like this for over a decade.

Ilja A. Iwas:

neatly summarizes Apple’s software quality for everything that isn’t used by Tim Cook daily.

David Friedman:

Three weeks ago ScreenTime just stopped blocking apps on my kids’ devices. I had no idea until I discovered that one kid spent every night watching YouTube shorts til midnight. For three days, every time I turned “block apps” back on, it turned itself off. (I changed the code so it definitely wasn’t my kid bypassing it). Then for no reason it started working again. How can I trust it?

Ogi:

every time I try and use it, it never works as intended and I always wonder if I did something wrong. This is a service that everyone (except Ninendo?) seems to have put the absolute bare minimum of effort into. And not just in the functionality but the documentation or capabilities too.

Don Whiteside:

It doesn’t help that they put out an API for it that’s just as mediocre and poorly supported. For the first year (maybe still?) it didn’t work as documented in the emulator. By the time I got two more devices I could devote to screwing around with it I was so angry about the whole situation I dropped the project.

Dan Moren:

I’ve heard from plenty of other parents, though, who’ve found Screen Time frustrating and full of loopholes. And this is after Apple started pruning third-party parental control apps from its iOS store.

At the end of the piece, Stern details a number of other Screen Time bugs that she’s had reported by others. I’d add a few more, like, say, making a passcode that’s longer than four digits.

Previously:

Update (2024-06-06): Nick Heer:

I find this chart is always wildly disconnected from actual usage figures for my own devices. My iMac recently reported a week straight of 24-hour screen-on time per day, including through a weekend when I was out of town, because of a web browser tab I left open in the background.

[…]

It sucks how common problems are basically ignored until Stern writes about them.

Jesse Squires:

The “Developer” app opened when I clicked on a WWDC video link (because of universal links).

I immediately quit the app and opened the link in a browser.

And yet… Screen Time reports 14h of usage. 🤦🏼‍♂️

Juli Clover:

In a statement to Stern, Apple said that it is aware of an “issue with an underlying web technology protocol for developers, which allows a user to bypass web content restrictions.” A fix is planned for “the next software update.”

Kaveh:

So happy that Joanna Stern is bringing attention to this. Apple always tells you not to run to the media, but Screen Time is so buggy and parents have been complaining about it to Apple for years to no avail. Finally someone in the media says something and Apple’s like “we take this very seriously and will fix”. 🤔

Tuesday, June 4, 2024

macOS Installer’s “Failed to Personalize” Error

Adam Engst:

Typically, Mac firmware is updated whenever a new version of macOS is installed, but if something goes wrong in the process, the Mac can be left with outdated firmware. When automatic firmware updates fail, the solution is to “revive” or “restore” the Mac using another Mac running macOS 12 Monterey or later and a USB-C cable that supports data and charging, such as the Apple USB-C Charge Cable (Apple explicitly warns against trying to use a Thunderbolt 3 cable). Although Macs running Sonoma can update firmware using the Finder, Apple Configurator is necessary for Macs running Monterey or Ventura, and LALicata’s Apple rep said that this particular problem could be resolved only by restoring from Apple Configurator, not the Finder. (Reviving leaves your data in place and is worth trying first; restoring erases the Mac and reverts it to factory defaults.)

[…]

If you’re having problems associated with startup or updating, compare your Mac’s current firmware version with the latest version. Howard Oakley’s excellent Silent Knight utility, which reports on the update status of various system settings, makes that easier.

[…]

I’d argue that the problem here revolves around documentation. First, the error message is terrible. What does “Failed to personalize” mean (nothing, in at least this context, and not much in any I can imagine), and how is it related to firmware (it’s not)? […] The error condition might be rare, but it’s not unheard of, so the second problem is that Apple’s article about reviving and restoring Mac firmware doesn’t include the error message text as one of the symptoms of corrupted firmware.

Previously:

Update (2024-06-06): Paul Goracke:

I had to DFU revive to fix an even more generic install error. Unfortunately, it seems I need to do it again to update to 14.5 😭

Proposed EU Chat Control

Patrick Breyer (via Hacker News):

The highly controversial indiscriminate child sexual abuse regulation (so-called chat control) could still be endorsed by EU governments after all, as France could give up its previous veto. This is reported by Euractiv and confirmed by internal documents. France considers the new “upload moderation” proposal in principle as a viable option.

[…]

[Users] of apps and services with chat functions are to be asked whether they accept the indiscriminate and error-prone scanning and possibly reporting of their privately shared images, photos and videos. Previously unknown images and videos are also to be scrutinised using “artificial intelligence” technology. If a user refuses the scanning, they would be blocked from sending or receiving images, photos, videos and links (Article 10). End-to-end encrypted services such as Whatsapp or Signal would have to implement the automated searches “prior to transmission” of a message (so-called client-side scanning, Article 10a).

[…]

Probably as a concession to France, the chats of employees of security authorities and the military are also to be exempted from chat control.

This is kind of like what Apple was planning to do with iMessage, using AI rather than just checking for known images, but:

Meredith Whittaker:

Signal strongly opposes this proposal.

Let there be no doubt: we will leave the EU market rather than undermine our privacy guarantees.

This proposal--if passed and enforced against us--would require us to make this choice.

It’s surveillance wine in safety bottles.

Previously:

Swift at 10

Basic Apple Guy:

10 Years Ago: Apple Announced Swift

Brian Webster:

10 year anniversary of Swift being announced at WWDC.

Chris Lattner:

Wow that’s right. This was a big day and Swift has come a long way in the intervening decade: Congrats to everyone who has driven it forward to support such an amazing tech platform! 🍎🐣

Jim Rea:

Interesting to go back and watch this presentation and see how Swift was originally promoted ten years ago. I would certainly say that Swift has been a huge success. On the other hand, I’m personally still 100% programming in Objective-C and that continues to be an excellent development environment for building a sophisticated Mac app.

My high-level take is that I generally like programming in Swift. I’m rewriting all my apps in it. But I’m not sure it was the right thing to build. It’s been such an immense effort both within Apple and for the community. This has been a distraction from apps, frameworks, architecture, and documentation. So much mindshare has been taken up by the language itself, which should be just a tool for building the things that actually matter for our customers. It’s come a long way, but the “end” is not yet in sight, as, even 10 years in, essential pieces are still being designed.

I think it’s quite possible that most of the parts that I, as an app developer, care about could have been had—sooner, and with greater tools speed and reliability—with a less ambitious project that actually tried to be Objective-C without the C, rather than a more static mega language that tries to replace C, C++, Objective-C, and Rust. The question is not how Swift 5.10 compares with Objective-C 2 but how it would compare with the hypothetical Objective-C n or Objective-Mojo that we could have had instead.

It all comes down to the big vision of world domination and having a single language from the bottom of the stack to the top. That would never have happened with a more pragmatic evolution of Objective-C. If that eventually pans out, and Swift ends up being good at all levels of the stack, that would be a triumph. But, here in 2024, it still seems like a very long way away. In another 10 years, I suspect that XNU and WebKit will still be mostly C and C++, and the app frameworks will still have large amounts of Objective-C (or C++ in the case of SwiftUI).

Now let’s look at some specifics. The good:

The bad:

Previously:

Update (2024-06-05): See also: Hacker News.

Der Teilweise:

I’d say what I like most about Swift is Optional. It is simple to use (especially since we got if let x {}) but gives one a warm feeling of not missing a nil.

I 100% agree with each and every point in the bad list.

Thinking of integer index for string, I’d add a “Stubbornness of the language guardians” (phrased as “Strict adherence to a clean design.”) but I do not disagree with any of the points that are on the list.

Damien Petrilli:

I agree with Michael’s take but to me the jury is still out on performance. It’s clearly not competitive against C++.

Update (2024-06-06): See also: this Swift roast and Nathan Manceaux-Panot.

Francisco Tolmasky:

Swift is 10. I think at 7 or so I asked whether it felt it was as mature as ObjC/Cocoa were at that age. I have a different question now. Where do we think Swift will be in 10 years? Will SwiftUI actually be capable of making a real Mac app? Or will we have a new language and/or framework by then (20 years after Swift). Or will the Mac maybe just no longer exist by then, making this question moot?

Kyle Howells:

There’s 2 separate worlds of software development.

Building apps and user facing features.

Infrastructure and low level language design.

Swift concurrency (and a lot of Swift actually) just looks to me like evidence the language people being given far too much power, to run away with architecture astronauting projects.

Sarah Reichelt:

Apple banning employees from developing their own apps has many negative effects and this is one of them.

Alex Grebenyuk:

The parts of Swift Concurrency that make me more productive when building apps are Async/Await and maybe MainActor. Everything else is more work for little benefit, making it impractical.

Update (2024-06-07): See also: Reddit and Lobsters.

Steve Streza:

  • The language delivered on core promises of better architecture, reduced crashes, more semantic types
  • The compiler is simply not adequate, it is barely functional and Apple has failed to invest in it sufficiently
  • Initiatives like WASM, server-side are exciting but hamstrung by the BDFL problem making it difficult to widen the ecosystem like in Rust, JavaScript, etc
  • Swift is still just “the language for Apple dev”, not a true C-level player like Rust

SwiftData Issues in macOS 14 and iOS 17

Helge Heß:

Ugh, inverse SwiftData relationship updates do not seem to trigger Observation, that feels like a biggie 😳

[…]

This feels really bad, because the relationships are the thing which make an ORM worthwhile. I.e. you’d usually have a network of many objects being displayed in distinct views (not just the simple demo). Those will lack updates as connections change.

[…]

As far as I can tell CoreData does the right thing here and updates the inverse properly.

Tony Arnold:

SwiftData’s ModelContext.didSave and ModelContext.willSave don’t actually work in any current OS release, do they? FB13509149

Jon Duenas:

Trying to build a SwiftData predicate with even the slightest bit of complexity is a nightmare. I only have 4 properties to filter on and the compiler completely chokes when building the macro.

Tony Arnold:

Has anyone had much luck with non-optional one-to-many relationships in SwiftData?

[…]

I have the setup working, but I need to decode and insert the User entities prior to decoding and inserting the Place entities (and save!) so that I can lookup an existing User entity each time I decode and insert a new set of Places.

It seems like more effort than the rest of the framework would suggest is necessary.

Paul Darcey:

Yeah, it’s non-intuitive - you have to do it what I think of as “the wrong way around.”

Decode and initialise your User, but don’t insert it yet!

Decode and initialise your Place(s), and use the just-initialised User as the user for those Places

Then insert the Place(s).

Senor Ganso:

What I found is SwiftData is really finicky about relationships. The only reliable way is to make all of them optional, then first insert the base model and only the add the related models to it (preferably inserting them first too).

Helge Heß:

A SwiftData PersistentModel class stores the actual property data in an opaque BackingData thing which is created with the model. The interesting thing is that this seems to require a ModelContainer existing “somewhere” that has the model registered already.

[…]

Using the same type in multiple containers may be an antipattern. Though it shouldn’t be, they are global types.

I’m already running into crashes seemingly related to this in my test suite.

Sixten Otto:

I encountered this just a couple of days ago, and it makes me vaguely concerned that something’s going to end up inadvertently tied to the WRONG container stack, just because of the order in which things were initialized.

Helge Heß:

It is the bug where SwiftData doesn’t refresh the object when the underlying object changes. I think I can hack-fix that ;-)

Deeje Cooley:

Apple needs to start internalizing the idea that APIs need actual internal app customers before they can be ready for third-party developers. Looking at you, SwiftData.

Fatbobman:

With WWDC 2024 approaching, this article will evaluate the overall performance of SwiftData since its initial release during the Xcode 15 period (i.e., its first major version), and provide a forecast of its future development.

[…]

Although SwiftData’s design is highly visionary, its launch was clearly rushed, and its first version not only lacks some important features, but several key issues have also severely impacted its performance and usability[…]

[…]

SwiftData’s current performance in converting predicates that include optional values (transforming predicates into SQL commands) is poor, especially when handling “to-many” relationships with optional predicates. This deficiency not only severely impacts SwiftData’s usability but also significantly restricts the functionalities that applications using SwiftData can offer.

[…]

Appendix: Some Key Features Missing, Major Issues, and Partial Temporary Solutions in the First Version of SwiftData

Previously:

Monday, June 3, 2024

Privacy of Windows Copilot+ Recall

Kevin Beaumont (via Stephen Hackett):

Microsoft told media outlets a hacker cannot exfiltrate Copilot+ Recall activity remotely.

Reality: how do you think hackers will exfiltrate this plain text database of everything the user has ever viewed on their PC? Very easily, I have it automated.

[…]

Microsoft are going to deliberately set cybersecurity back a decade & endanger customers by empowering low level criminals.

Kevin Beaumont:

Every few seconds, screenshots are taken. These are automatically OCR’d by Azure AI, running on your device, and written into an SQLite database in the user’s folder.

This database file has a record of everything you’ve ever viewed on your PC in plain text.

[…]

In fact, you don’t even need to be an admin to read the database — more on that in a later blog.

[…]

Recall enables threat actors to automate scraping everything you’ve ever looked at within seconds.

During testing this with an off the shelf infostealer, I used Microsoft Defender for Endpoint — which detected the off the shelve infostealer — but by the time the automated remediation kicked in (which took over ten minutes) my Recall data was already long gone.

Tom Warren (The Verge):

This is the out of box experience for Windows 11’s new Recall feature on Copilot+ PCs. It’s enabled by default during setup and you can’t disable it directly here. There is an option to tick “open Settings after setup completes so I can manage my Recall preferences” instead.

Eric Schwarz:

This fact that this feature is basically on by default and requires numerous steps to disable is going to create a lot of problems for people, especially those who click through every privacy/permission screen and fundamentally don’t know how their computer actually operates—I’ve counted way too many instances where I’ve had to help people find something and they have no idea where anything lives in their file system (mostly work off the Desktop or Downloads folders). How are they going to even grapple with this?

Previously:

Update (2024-06-04): Zac Bowden (via Hacker News, MacRumors):

Microsoft has done the bare minimum to protect this data. It’s stored in a system directory that requires administrator and system-level rights to access and edit. However, these protections are easily bypassed, and an attacker could easily write a bit of software to ignore those permissions if they wanted.

[…]

With that said, I find the outrage about this discovery to be somewhat overblown. All your files are unencrypted when you’re using your PC, yet most people aren’t constantly concerned about malware potentially scraping their personal documents, pictures, downloads, videos, and synced cloud folders.

However, Recall would give it access to information that was deleted or that was shown on screen but never otherwise saved to disk.

John Gordon:

Windows Recall won’t be deployed in the enterprise.

Remember how much effort is put into archiving and deleting email to reduce legal discovery risks?

Update (2024-06-05): Kevin Beaumont:

If you want to know how Microsoft have got themselves into this giant mess with Recall, here’s what the documentation says between the lines: you, the customer, are a simpleton who doesn’t want to be an AI genius yet. Have a caveman mode.

Alternative view: Microsoft put their CEO in front of world’s media to launch a product customers largely don’t want, attached to their biggest brand, Windows, attached to new brand, Copilot, and didn’t handle security, privacy and AI safety properly while under massive scrutiny.

Charlie Stross (via Hacker News):

Use a password manager like 1Password? Sorry, your 1Password passwords are probably visible via Recall, now.

Now, “unencrypted” is relative; the database is stored on a filesystem which should be encrypted using Microsoft’s BitLocker. But anyone with credentials for your Microsoft account can decrypt it and poke around. Indeed, anyone with access to your PC, unlocked, has your entire world at their fingertips.

But this is an utter privacy shit-show. Victims of domestic abuse are at risk of their abuser trawling their PC for any signs that they’re looking for help. Anyone who’s fallen for a scam that gave criminals access to their PC is also completely at risk.

[…]

Microsoft “got serious” about security earlier this decade, around the time Steve Balmer stepped down as CEO, and managed to recover somwhat from having a reputation for taking a slapdash approach to its users data. But they’ve been going backwards since 2020, with dick moves like disabling auto-save to local files in Microsoft Word (your autosave data only autosaves to OneDrive), slurping all incoming email for accounts accessed via Microsoft Outlook into Microsoft’s own cloud for AI training purposes (ask the Department of Justice how they feel about Microsoft potentially having access to the correspondence for all their investigations in progress), and now this.

Rosyna Keller:

I’m not saying that it’s not possible to secure Windows Recall data stores from malware and other users.

I’m just saying that the features to secure it don’t exist on Windows.

See also: Andrew Cunningham.

Update (2024-06-07): Thomas Claburn (via Hacker News):

Asked to explore the data privacy issues arising from Microsoft Recall, the Windows maker’s poorly received self-surveillance tool, Jaime Teevan, chief scientist and technical fellow at Microsoft Research, brushed aside concerns.

Mark Hurst (via Hacker News):

Whatever blowback Microsoft faces if and when users are hacked because of Recall, there’s no chance the feature gets killed.

[…]

“Linux on the Desktop.” The free, open-source operating system of Linux is not owned by any company (Big Tech or otherwise), doesn’t contain any opaque surveillance code, and enjoys a worldwide community of developers who actually want to make the software better – not, as in Microsoft’s case, worse.

Pieter Arntz:

As a warning about how Recall could be abused by criminal hackers, Alex Hagenah, a cybersecurity researcher, has released a demo tool that is capable of automatically extracting and displaying everything Recall records on a laptop.

Kevin Beaumont:

If anybody is wondering if you can enable Recall on a machine remotely without Copilot+ hardware support - yep.

I’ve also found a way to disable the tray icon.

Andy Greenberg (via Hacker News):

On Friday, Microsoft announced that it would be making multiple dramatic changes to its rollout of its Recall feature, making it an opt-in feature in the Copilot+ compatible versions of Windows where it had previously been turned on by default, and introducing new security measures designed to better keep data encrypted and require authentication to access Recall's stored data.

Trent Harvey (screenshot):

This is their updated screen. It forces an absolute choice with happy language “Yes, save” as the choice in the default “continue/next” position - most likely to be selected by users who don’t read the screen or don’t have a fully informed context to decide.

As opposed to a more honest opt-in which would be a separate radio choice to Enable / Disable the feature with Continue/Next being it’s own action.

It’s better than Apple’s opt-outs that say “Later” and don’t even look like buttons.

Previously:

Update (2024-06-12): Zac Bowden (via Kevin Beaumont):

Microsoft has the Windows Insider Program, yet to maintain secrecy, it chose not to test this feature openly. I can’t think of a single feature that would have benefitted from public testing more than Windows Recall. This is the kind of feature that needs to be built in the open so that users can learn to trust you with it.

Had it been tested openly, these security concerns would have definitely been pointed out well ahead of general availability, and likely fixed before mass hysteria could ensue. Of course, the true reason Windows Recall wasn’t tested openly was because the company wanted to make it exclusive to new Copilot+ PCs, and you can’t really do that if you’re testing the feature on existing PCs where it works quite well.

Microsoft also wanted to keep Windows Recall a secret so it could have a big reveal on May 20. Except, it wasn’t really much of a big reveal. Many of us in the tech press already knew it was coming, even without being briefed on the feature ahead of time.

“Lightning” Headphones That Require Bluetooth

Josh Whiton:

A crazy experience — I lost my earbuds in a remote town in Chile, so tried buying a new pair at the airport before flying out. But the new wired, iPhone, lightning-cable headphones didn’t work. Strange.

[…]

By now the gift shop people and their manager and all the people in line behind me are super annoyed, until one of the girls says in Spanish, “You need to have bluetooth on.” Oh yes, everyone else nods in agreement. Wired headphones for iPhones definitely need bluetooth.

[…]

With a little back and forth I realize that they don’t even conceptually know what bluetooth is, while I have actually programmed for the bluetooth stack before. I was submitting low-level bugs to Ericsson back in the early 2000’s! Yet somehow, I with my computer science degree, am wrong, and they, having no idea what bluetooth even is, are right.

[…]

True Apple lightning devices are more expensive to make. So instead of conforming to the Apple standard, these companies have made headphones that receive audio via bluetooth — avoiding the Apple specification — while powering the bluetooth chip via a wired cable, thereby avoiding any need for a battery.

Via John Gruber (Hacker News):

I think the problem these cheap manufacturers are solving isn’t that Lightning is expensive to license, but that it’s difficult to implement for audio. Actual Lightning headphones and headphone adapters have a tiny little digital-to-analog converter (DAC) inside the Lightning plug. It’s like a little computer. Doing it with Bluetooth and using the Lightning plug only for power is surely easier. It’s just lazy. But it’s kind of wild that the laziest, cheapest way to make unofficial “Lightning” headphones is with Bluetooth.

Previously:

The End of ICQ

ICQ (via Hacker News):

ICQ will stop working from June 26

You can chat with friends in VK Messenger, and with colleagues in VK WorkSpace

Wes Davis:

ICQ was started in 1996 by Israeli company Mirabilis, which AOL bought in 1998. ICQ grew to 100 million registered users at one point, at least according to a 2001 release from Time Warner, which had combined with AOL in a famously doomed merger. AOL sold the service to Digital Sky Technologies, the firm that owned VK, then known as Mail.ru, in 2010.

Via Mark Christian:

ICQ really was something special to me. I was absolutely glued to it for most of 1998 in particular, although I used it for years and years. I made some great friends on there[…] ICQ was the first social media platform I ever made a home on, and the uh-oh! notification sound will be etched in my mind forever. It’s hard to believe it’s been more than a quarter of a century since I was using it all day long; it’s even harder to believe that I’m still talking to some of those internet friends on a regular basis.

John Gruber:

Pre-mobile, “instant messaging” had a surprising number of popular platforms.

[…]

They all worked more or less the same way, and using any of these protocols was a lot like messaging today with iMessage, WhatsApp, or Signal. But there was one big difference: with the old “instant” messengers, you were only available while your computer was online. And even then, you could set your “status” — green for “sure, hit me up, I’m free”, and red for “I’m online, but don’t bother me right now”. And if you quit your messaging client or, you know, closed your laptop, poof, you were offline and unavailable.

If you wanted to contact someone asynchronously, you sent them an email. If you wanted to chat with messaging, you both needed to be online simultaneously.

The other key difference was that there used to be clients like iChat and Adium that worked with more than one service. It felt like you had some control and could use these services on your own terms. Now everything is all locked together. The only iMessage client is Apple’s. You can only use it on Apple’s platforms. And even then you can only log into one account at a time.

Previously:

AirTag Anti-Theft Successes

Elisha Fieldstadt (via Hacker News):

An Apple AirTag led to the arrest of an airline subcontractor accused of stealing thousands of dollars’ worth of items from luggage at a Florida airport.

[…]

Okaloosa County sheriff’s deputies investigating both suspected thefts cross-referenced Destin-Fort Walton Beach Airport employees who lived near Kathy Court and found De Luca at his home. He was arrested Aug. 10.

The items reported missing on Aug. 9 were recovered, and De Luca admitted to rummaging through someone else’s luggage and removing an Apple AirTag, the sheriff’s office said. The woman’s luggage has not been found.

Paul Duggan (via Hacker News):

Twice before, this Virginia carpenter had awoken in the predawn to start his work day only to find one of his vans broken into. Tools he depends on for a living had been stolen, and there was little hope of retrieving them. Determined to shut down thieves, he said, he bought a bunch of Apple AirTags and hid the locator devices in some of his larger tools that hadn’t been pilfered. Next time, he figured, he would track them.

It worked.

On Jan. 22, after a third break-in and theft, the carpenter said, he drove around D.C.’s Maryland suburbs for hours, following an intermittent blip on his iPhone, until he arrived at a storage facility in Howard County. He called police, who got a search warrant, and what they found in the locker was far more than just one contractor’s nail guns and miter saws. […] Seth Hoffman, a Howard County police spokesman, said investigators think most of the 15,000 or so tools were stolen in Northern Virginia and Pennsylvania. Howard County is just where they were stashed.

Previously:

Update (2024-06-06): Jeff Weinsier:

Now, an airport employee has been arrested and charged with grand theft, and the incident was caught on camera.

[…]

Garcia’s MacBook, two Apple watches, an iPad, jewelry and designer clothes were all taken.

[…]

The Apple watch signal was coming from a house at 1017 NW 11th Ct.

When she arrived, she said she saw suitcases all over the place, so she started to take video and called 911.

That was lucky since batteries for Apple Watch don’t last as long as for AirTag.

Friday, May 31, 2024

Why Your Wi-Fi Router Doubles As an AirTag

Brian Krebs:

Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID.

Periodically, Apple and Google mobile devices will forward their locations — by querying GPS and/or by using cellular towers as landmarks — along with any nearby BSSIDs. This combination of data allows Apple and Google devices to figure out where they are within a few feet or meters, and it’s what allows your mobile phone to continue displaying your planned route even when the device can’t get a fix on GPS.

[…]

In essence, Google’s WPS computes the user’s location and shares it with the device. Apple’s WPS gives its devices a large enough amount of data about the location of known access points in the area that the devices can do that estimation on their own.

That’s according to two researchers at the University of Maryland, who theorized they could use the verbosity of Apple’s API to map the movement of individual devices into and out of virtually any defined area of the world.

See also: Bruce Schneier.

Unwanted Tracking Alerts in iOS and Android

Apple (Hacker News, Slashdot):

Apple and Google have worked together to create an industry specification — Detecting Unwanted Location Trackers — for Bluetooth tracking devices that makes it possible to alert users across both iOS and Android if such a device is unknowingly being used to track them. This will help mitigate the misuse of devices designed to help keep track of belongings. Today Apple is implementing this capability in iOS 17.5, and Google is now launching this capability on Android 6.0+ devices.

Android 6 is the equivalent of iOS 9.

With this new capability, users will now get an “[Item] Found Moving With You” alert on their device if an unknown Bluetooth tracking device is seen moving with them over time, regardless of the platform the device is paired with.

This is not a unified platform for tracking, i.e. AirTag, Android, and Tile still use separate networks.

Bruce Schneier:

This seems like a good idea, but I worry about false alarms. If I am walking with a friend, will it alert if they have a Bluetooth tracking device in their pocket?

As with anti-theft vs. anti-stalking, it seems like there are fundamental tensions here that cannot be resolved.

Previously:

Thursday, May 30, 2024

Apple Silicon MacBook Pro Battery Replacement

Jeff Johnson (Mastodon):

Yesterday I took the M1 MacBook Pro to my local Apple-authorized service provider that I’ve been going to for many years, who performed all of the work on my Intel MacBook Pro, including the battery replacements and a Staingate screen replacement. This is a third-party shop, not an Apple Store. To my utter shock, they told me that they couldn’t replace the battery in-house, because starting with the Apple silicon transition, Apple now requires that the MacBook Pro be mailed in to Apple for battery replacement!

[…]

As a Mac owner for over twenty years, I’ve always been able to arrange for same-day repair, dropping off the Mac in the morning and picking it up later in the day. The last time, due to Apple’s increasing restrictions on Apple service providers, I had to pay an “emergency service fee” for the same-day repair, but I’m perfectly willing to do that. My time at the computer was worth more than the fee. This new nonsense about requiring mail-in repairs, however, is a step way over the line.

[…]

I checked Apple’s Self Service Repair Store, and sure enough the top case with battery and keyboard for my MacBook Pro cost $615.12, although there is an $88 credit if you return the replaced part to Apple.

I didn’t like it when Apple first got rid of user-replaceable batteries, but it didn’t seem like that big of a deal because they promised quick replacements at any authorized service provider. The battery wasn’t glued in; you just had to unscrew the bottom of the laptop. It’s surprising and disappointing that they’re now designing products such that this essential service is even more difficult.

Previously:

Update (2024-05-31): Nick Heer:

I called my local third-party repair place and asked them about replacing the battery. They told me they could change it in the store with same-day turnaround for $350, about the same as what Apple charges, using official parts.

[…]

Ternus’ point is that Apple’s solution for preventing liquid damage to all components, including the battery, compromised the ease of repairing an iPhone, but the company saw it as a reasonable trade-off.

But it is also a bit of a red herring for two reasons.

[…]

If there is any repair which should be straightforward and doable without replacing unrelated components or the entire device, it is the battery.

See also: Hacker News.

Jeff Johnson:

The problem isn’t really the hardware. I actually do have a Mac mini that I use for testing. (And I still have a couple of older MacBook Pros, though they can’t run the latest macOS versions.) The problem is my software setup. Like I said in the blog post, I’ve got everything on the MacBook Pro. To get everything I need in working order onto a secondary Mac, and then “sync” all changes in various software back to my main machine after a period without it, would be a major pain in the butt. And that’s never been an issue before, because like I said, this is the first time in decades of computer ownership that I haven’t been able to arrange same-day service. Even overnight service would be ok, but mail-in is out of the question.

Jason Snell:

There are a lot of trade-offs when it comes to the design of mobile devices, but making it easy to replace a device’s battery should always be a high priority.

Especially for a Pro device.

Update (2024-06-04): Jeff Johnson:

As a kind of test, I emailed my local Apple Authorized Service Provider from a masked address and asked anonymously about MacBook Pro battery replacement, without giving them my serial number. They actually have 3 locations in town.

The first reply was kind of misleading: “We can do the repair through AppleCare+. The process takes usually around 3-5 business days. We can do the repair at 2 locations…”

I expressed confusion about the 3-5 day process, and the second reply said, “The 3-5 business day process requires us to run diagnostics, isolate the issue and mail the device out to Apple for repair.”

So it had nothing to do with me specifically, and my machine wasn’t “flagged”, as someone suggested on the web. They’re sending all repairs out to Apple.

YouTube Playables

Juli Clover:

YouTube is the latest company to introduce mobile games that are available outside of the App Store, today announcing the official launch of “Playables” in the YouTube app.

[…]

YouTube is focusing on “lightweight, entertaining games,” so many of the options are games that are meant to be played for a short period of time rather than longer games that you might find on the App Store.

YouTube:

Playables are a fun, interactive way to experience YouTube — with lightweight, entertaining games like Angry Birds Showdown, Words of Wonders, Cut the Rope, Tomb of the Mask, and Trivia Crack and so many more that you can play right now.

You can also save your game progress and track your all-time best scores.

Previously:

iOS Retro Console Game Emulators

OatmealDome (via Steve Troughton-Smith):

Apple modified their App Store guidelines to allow retro game emulators in the App Store. This week, Delta, a multi-system emulator that was previously only available via AltStore, was released on the App Store.

Since these events happened, we’ve been asked many times if we will submit DolphiniOS (our fork of Dolphin) to the App Store.

Unfortunately, no.

Apple still does not allow us to use a vital technology that is necessary for Dolphin to run with good performance: JIT.

Joe Rossignol:

Apple told us that emulators that can load games (ROMs) are permitted on the App Store, so long as the apps are emulating “retro console games” only.

Apple would not tell us which consoles it classifies as retro[…]

[…]

There is also a Commodore 64 emulator on the App Store called Emu64 XL.

Joe Rossignol:

The lead developer of the multi-emulator app Provenance has told iMore that his team is working towards releasing the app on the App Store, but he did not provide a timeframe. Provenance is a frontend for many existing emulators, and it would allow iPhone and Apple TV users to emulate games released for a wide variety of classic game consoles, including the original PlayStation, SEGA Genesis, Atari 2600, and others.

Craig Grannell:

When iGBA was removed, Apple cited “spam” and “copyright” reasons, which led to speculation that emulators allowing you to load your own games were still banned. Apple later clarified this wasn’t the case – if they emulated “retro console games”. But what is ‘retro’? Is that about blocking emulators of commercially viable systems, or does Apple have a set time period in mind? And is ‘console’ shorthand for ‘old game system’ or more literal, meaning Apple would block emulators for arcade systems and also old computers that weren’t primarily geared toward gaming?

We just don’t know, and Apple in the past has glibly said “we know it when we see it” regarding unacceptable App Store submissions. Not great for developers, but we can make predictions. Notably, Apple has historically blocked virtual implementations of its own hardware, and so a big test of the new rules would be a developer submitting an Apple II or Mac Plus emulator. And don’t expect an iPhone emulator for classic iPhone games on the App Store any time soon – or perhaps ever. For that, you’ll still – ironically – need an Android device.

Tim Hardwick:

Gamma, a new emulator for playing classic PlayStation 1 games on iPhone and iPad, has just hit the App Store.

Joe Rossignol:

RetroArch is a frontend that provides all-in-one access to many different emulators for consoles from Atari, Commodore, Nintendo, SEGA, Sony, and others. The app offers RetroAchievements, which are essentially custom challenges added on top of classic games, such as “find and collect a Fire Flower” in Super Mario Bros. for NES.

Mike Rockwell:

The only arguments I can see in favor of other emulation apps is that RetroArch isn’t great without a controller and it can be a little tricky to get setup. But I think most people would be better off watching or reading a guide and buying a Backbone One.

Previously:

Update (2024-06-04): Joe Rossignol:

Folium has become the first Nintendo 3DS emulator for the iPhone available in the App Store, although there are some caveats to be aware of.

Foremost, this is the first Nintendo emulator on the App Store that costs money. Folium developer Jarrod Norwell is charging $4.99 for the app, which is a bold choice given that Nintendo recently sued the developers of Yuzu, a Nintendo Switch emulator that made a profit off a subscription-based “early access” tier.

Wednesday, May 29, 2024

App Store Apps Can Be Translocated

Howard Oakley:

This article demonstrates that the last of those isn’t necessarily true, and what happens when an App Store app ends up being translocated.

The combination of an App Store app with a quarantine xattr is a particular problem for users, as those apps are installed direct to their intended final destination, and their permissions discourage the user from trying to move them from there. That combination therefore defaults to satisfying all three requirements for app translocation to occur, which it will every time that app is run.

Without using Terminal’s command tools or third-party utilities like xattred and Mints, there’s no way for the user to discover whether an App Store app has a quarantine xattr, nor to check whether the app is being translocated. As (almost?) all other App Store apps don’t have a quarantine xattr and aren’t translocated, the user is unlikely to suspect those might be occurring, and could account for problems with that App Store app. In this case, purchasing and using the App Store version of UTM puts the app and its user at significant disadvantage compared to obtaining the app direct.

It’s not clear to me how the App Store download got the quarantine attribute. My guess was that this could happen if you do a direct download, don’t move it to /Applications, and then the App Store updates it to a newer version. In other words, the quarantined app becomes the App Store version. But that doesn’t seem to be what happened here.

Howard Oakley:

When you run an iOS/iPadOS app on an M1 Mac, if it has been downloaded from the App Store (currently the only supported method, as sideloading is forbidden), it doesn’t have a quarantine flag. Not only that, but app translocation has only occurred with apps undergoing their first run: once that flag has been unset, further translocations don’t occur. Thus, under the original rules for app translocation, there’s no way that it should occur in this case.

I’m going to look in more detail at how macOS launches and runs iOS/iPadOS apps in future articles, but here I’ll show some relevant log entries which demonstrate what happens, including the translocation.

John Smith:

iOS apps are translocated on macOS because of the possibility of spaces in app names (and in “Group Containers”). Some iOS apps expect GUID-based names and may not properly escape spaces, hence the translocation, whose name has no spaces.

Pico:

[Another]/related factor is that the user could rename the apps, which is something that isn’t allowed or accounted for when run on iOS.

Previously:

CloudKit Throttles and Debugging

TN3162:

The CloudKit infrastructure is shared by all apps and services. The resources are finite, and so high utilization from one app can negatively affect others. To avoid this kind of impact and optimize the overall experience, CloudKit implements a number of limits and controls on incoming traffic, which are known as throttles.

CloudKit can enforce throttles when it deems necessary on any app or service that uses the CloudKit framework, CloudKit Web Services, CloudKit JS, NSPersistentCloudKitContainer, and NSUbiquitousKeyValueStore. This technote discusses how to identify CloudKit throttles with representative error messages and how to handle them.

It does not actually say what the limits are.

Howard Oakley:

I came to suspect that iCloud imposed quotas on its use nearly six years ago, when I was exploring the only command tool that provides any useful information about iCloud, brctl. When examining one of its dumps, I came across an entry for syncUpBudget referring to BRCSyncBudgetThrottle, and another item global sync up budget giving the budget available. As with almost everything in brctl and iCloud generally, there appeared to be no documentation of these.

[…]

Devices can also apply their own local system throttles in some circumstances; for example, when the device’s battery runs low, its system may well throttle CloudKit requests until the device has been recharged to a specific battery level. Those shouldn’t affect the syncing of other devices, though.

[…]

Perhaps the worst approach the user could then try is one of the solutions most commonly recommended: turning iCloud off and back on again, as it has no effect on the retry interval, and could trigger further throttling.

Howard Oakley:

Apple has recently confirmed that CloudKit databases can be throttled, which effectively blocks all access to them for requests for a set period of time. This isn’t a limitation in transfer rate in the way that iCloud Drive might experience, but an intentional denial of service until the retry interval has elapsed.

[…]

Apple currently imposes limits on the number of items that can be stored in shared databases and elsewhere in iCloud. These are given here for Contacts, Calendars, Reminders, Bookmarks and Maps, here for mailboxes and message size, and here for Shared Albums.

Throttling, as described by Apple, doesn’t make any sense in the context of iCloud Drive, as CloudKit doesn’t manage that, and no app is making requests of CloudKit in the process.

But iCloud Drive is built on CloudKit, which as Apple says is shared infrastructure. It’s not clear to me whether CloudKit will throttle one app due to high utilization from another app or system service (iCloud Drive, iCloud Photos).

Howard Oakley:

Stages in transfers with iCloud Drive are subject to throttling, although throttles appear to occur infrequently and only last a few hundred milliseconds.

[…]

For transfer and storage in iCloud, files are divided into chunks of just over 15,350 bytes in size, although the maximum chunk size imposed by the system is either 28,455,742 bytes (28 MB), or a fixed maximum of 33,554,432 bytes (33 MB).

Some iCloud servers may impose a connection.max.requests of 100, although others are unlimited.

TN3163:

Under the hood, NSPersistentCloudKitContainer separates the synchronization process into many tasks, and encapsulates all the implementation details. When performing a task, it generates logs, which are persisted as a part of a sysdiagnose. To understand what really happens in the process, which is sometimes necessary when diagnosing a synchronization issue, you need to look into a sysdiagnose.

This technote unveils some details inside the synchronization by analyzing a sysdiagnose, and provides some representative logs that can be used to identify some important tasks and their state.

TN3164:

A synchronization failure can happen because of a code-level issue in your data presentation layer, a configuration issue related to CloudKit, or a limit on the system side. To debug a synchronization issue, look into the system logs in Xcode console or a sysdiagnose, then identify the relevant errors. This technote describes how to identify and resolve common errors seen in the logs when working with NSPersistentCloudKitContainer.

Nikhil Nigade:

Yay! New weird CloudKit situation: The background notifications get delivered to the device, but not to the app unless it’s restarted

John Gordon:

5 hours later and Photos.app is still stuck on “Syncing with iCloud”. I’ll let it run overnight but it’s not looking good.

Previously:

Can Anyone But a Tech Giant Build the Next Big Thing?

Jason Snell (Mastodon):

I’m sad about the Ai Pin because it—and a similar AI hardware product, the Rabbit R1—shows just how much potential innovation is strangled by the presence of enormously powerful tech companies, most notably the Android-iPhone duopoly.

[…]

The problem is that I’m dismissing the Ai Pin and looking forward to the Apple Watch specifically because of the control Apple has over its platforms. Yes, the company’s entire business model is based on tightly integrating its hardware and software, and it allows devices like the Apple Watch to exist. But that focus on tight integration comes at a cost (to everyone but Apple, anyway): Nobody else can have the access Apple has.

[…]

It seems like we’re at the point where even the most groundbreaking hardware device simply can’t succeed in a world where it’s unable to deeply integrate with either the iPhone or Android. (And really, in the U.S. especially, it would need to integrate with both.) This is why the Ai Pin and the Rabbit and similar products are not going to succeed. Instead, Apple and Google will integrate everything that the Ai Pin does into iOS and Android, and those will be the best-in-class implementations, and that’ll be it for Humane and anyone else who wants to create an AI-powered hardware dingus.

[…]

I’m not making a legal argument here. (Which is good, because I am not a lawyer.) I’m just observing that the smartphone has become so central to life that if your product can’t offer deep connections to the smartphone, you’re stuck.

This is what I said at the Ai Pin’s unveiling. It should have been an app, but what it wants to do is not allowed for third-party apps. Apple and Google will integrate best-in-class implementations, but they’ll be best in the sense that no one can do better, not that no one could do better.

Jeff Johnson:

Three companies control all of the consumer OS market share on both mobile and desktop. Microsoft was founded in 1975, Apple in 1976, Google in 1998. We’re in a period of terrible tech stagnation.

Also, Apple acquired NeXT and Google acquired Android. Those weren’t home-grown technologies.

Steve Troughton-Smith:

Some simple categories of apps that can’t realistically exist on the iOS/iPadOS/visionOS App Store off the top of my head[…]

[…]

Many of Apple’s apps, like Playgrounds, simply could not be built by any third party developer.

John Gruber:

I would argue, strenuously, that the phone is the natural AI device. It already has: always-on networking, cameras, a screen, microphones, and speakers. Everyone owns one and almost everyone takes theirs with them almost everywhere they go.

Sören:

I’ve been saying for a while that instead of “all phones should use USB-C” and “users should pick a web browser when setting up their phones”, “the Apple-Google duopoly must provide APIs that allow third parties to thrive” is the real thing the EU should’ve focused on.

For example, third-party headphones can’t integrate as well as AirPods, no matter how hard the vendor tries.

[…]

I’m still unconvinced it would be a good product. But I think Snell is right: Apple makes it so that Humane cannot make a good product.

Previously:

Tuesday, May 28, 2024

iPhones Pause Charging During Continuity Camera

Adam Engst:

Apple seems allergic to saying that an iPhone won’t charge with MagSafe during Continuity Camera. However, it may not charge over USB either. Several users in a Reddit conversation reported that their iPhones lost charge during Continuity Camera sessions, even while plugged in.

I suspect that Continuity Camera taxes the processor sufficiently that the iPhone heats up. (It’s always warm when I take it off the mount after a meeting.) Since MagSafe charging also causes the iPhone to get warm—warmer than USB-based charging—Apple’s battery optimization system may be putting charging on hold to protect the battery from thermal overload. Which is good, if unexpected in the moment.

The practical upshot is that if you use Continuity Camera, you should expect your iPhone’s battery to drop, potentially significantly.

Dynamic Swift Predicates in macOS 14 and iOS 17

Helge Heß:

The new Foundation/#Swiftlang Predicates (and its expressions) seem a little weird because they can’t be constructed dynamically?

Fly0strich:

However, when I try to use that method inside of a #Predicate closure, it gives an error saying that the method is not supported by this predicate.

Debbie Goldsmith:

If you want to construct a Predicate dynamically, you need to build it up from PredicateExpression pieces rather than use the #Predicate macro (similar to building an NSPredicate from NSExpression). Expand the macro in Xcode and you can see how the pieces are put together.

It’s a lot more complicated than NSPredicate due to the static typing, and there’s no way to convert between the two types if you’re using both Core Data and SwiftData.

Fatbobman:

NSCompoundPredicate allows developers to combine multiple NSPredicate objects into a single compound predicate. This mechanism is particularly suited for scenarios that require data filtering based on multiple criteria. However, in the new Foundation framework restructured with Swift, the direct functionality corresponding to NSCompoundPredicate is missing. This change poses a significant challenge for developers who wish to build applications using SwiftData. This article aims to explore how to dynamically construct complex predicates that meet the requirements of SwiftData, utilizing PredicateExpression, under the current technical conditions.

[…]

The issue lies in the expression property being of the type any StandardPredicateExpression<Bool>, which doesn’t contain sufficient information to identify the specific PredicateExpression implementation type. Since Conjunction requires the exact types of the left and right sub-expressions for initialization, we are unable to use the expression property directly to dynamically construct new combined expressions.

[…]

Although we cannot directly utilize the expression attribute of Swift Predicate, there are still alternative ways to achieve the goal of dynamically constructing predicates. The key lies in understanding how to extract or independently create expressions from existing predicates and utilize expression builders such as build_Conjunction or build_Disjunction to generate new predicate expressions.

Jeremy Schonfeld:

If you need to dynamically create a predicate while analyzing what should go into the predicate, you can do so by manually constructing the expression tree. Unfortunately, since this is a more advanced use case you wouldn't be able to use the macro to help here, but you could write something along the lines of the following[…]

[…]

In short, we create a list of the conditions that need to be met and build up the list based on which parameters are specified to the makePredicate function. We can then reduce this array into a single tree of conjunctions to ensure that all of the conditions are met. There are a few small hoops to jump through here in order to satisfy the type-checker with the use of generics such as the closure and separate buildConjunction function, but this allows you to just append to conditions for each new property rather than needing to work with a combinatorial explosion of conditions using the macro.

Noah Kamara:

CompoundPredicate aims to improve the Predicate system to enable combining multiple predicates after constructing them[…]

This looks like a huge improvement. It’s not clear to me whether there are still limitations compared with NSPredicate.

Fatbobman:

This new strategy abandons the previous reliance on a custom StandardPredicateExpression implementation, opting instead for a type-casting strategy that effectively concretizes the information of expression. This improvement means developers can avoid the cumbersome process of manually extracting and combining expressions.

[…]

This method enables the automatic acquisition of the exact type of expressions inside the Predicate during the predicate combination process, facilitating an automated and efficient combination of predicates.

Helge Heß:

You know how Foundation (in part to support SwiftData) now has the Predicate macro? Well, RealityKit has its own generic QueryPredicate And guess what, they don’t need a macro to build them, looks like overloading the operators || and && is fine there.

Debbie Goldsmith:

Operator overloads not only cause longer build times for Predicate, but for other uses of that operator.

But even with macros:

In this example, even minor code changes can cause the compilation time for this file to exceed 10 seconds. This delay can also occur when generating expressions using closures.

Andy Finnell:

Using generics to create SwiftData Predicates leads to crashy times.

[…]

FYI, I solved this by writing another macro.

This is my new mantra: code not working? You don't have enough macros.

Jeremy Schonfeld:

Since Predicate is both Codable and Sendable, it requires that everything the predicate captures (i.e. all instances captured by the closure) are also Codable and Sendable.

Previously:

Friday, May 24, 2024

Google’s AI Search and “Web” View

Ernie Smith (Hacker News):

Simply put, Google has started adding “AI overviews” to many of its search results, which essentially throw pre-processed answers that often do not match the original intent of the search. If you’re using Google to actually find websites rather than get answers, it $!@(&!@ sucks. Admittedly though, it’s not the first time Google has adulterated its results like a food manufacturer in the 19th century—knowledge panels have been around for years.

But in the midst of all this, Google quietly added something else to its results—a “Web” filter that presents what Google used to look like a decade ago, no extra junk. While Google made its AI-focused changes known on its biggest stage—during its Google I/O event—the Web filter was curiously announced on Twitter by Search Liaison Danny Sullivan.

[…]

Google does not make it easy, because its URLs seem extra-loaded with cruft these days, but by adding a URL parameter to your search—in this case, “udm=14”—you can get directly to the Web results in a search.

John Gruber:

Safari, uniquely amongst popular web browsers, doesn’t allow users to configure custom search engines. There are ways to get custom search engines in Safari using extensions — Kagi, my default search engine of choice since late 2022, does just this — but it’s kludgy. Why doesn’t Safari support adding custom search engines like every other browser does?

On the Mac, I initiate most web searches from LaunchBar, not Safari’s location field, and LaunchBar makes it trivial to add a custom search using this &udm=14 URL trick. Similar utilities like Alfred and Raycast do too. The downside compared to LaunchBar’s built-in Google search action (and Safari’s location field) is that a simple custom query URL doesn’t provide as-you-type suggested results.

Jeff Johnson:

Can you perform the trick with StopTheMadness Pro? Yes! Use the redirects feature.

John Gruber:

Expert users won’t need this site, but typical users might love it as their home page.

Kylie Robison:

Imagine this: you’ve carved out an evening to unwind and decide to make a homemade pizza. You assemble your pie, throw it in the oven, and are excited to start eating. But once you get ready to take a bite of your oily creation, you run into a problem — the cheese falls right off. Frustrated, you turn to Google for a solution.

“Add some glue,” Google answers. “Mix about 1/8 cup of Elmer’s glue in with the sauce. Non-toxic glue will work.”

So, yeah, don’t do that. As of writing this, though, that’s what Google’s new AI Overviews feature will tell you to do. The feature, while not triggered for every query, scans the web and drums up an AI-generated response. The answer received for the pizza glue query appears to be based on a comment from a user named “fucksmith” in a more than decade-old Reddit thread, and they’re clearly joking.

John Gruber:

We’re all rightly dunking on the Elmer’s Glue suggestion, but it’s just as wrong to suggest mixing cheese into the sauce. No one does that.

crumbler:

I thought AI Overviews would be disastrous but I never imagined they would be this funny

This answer apparently came from The Onion.

Matt Birchler:

What the AI responses have done for me is add more bullshit above the actual search results I want. Now I’m scrolling past the AI vomit at the top of the page, then past the ads, and then to the links that get me what I want. They’re pushing the valuable content lower and lower down the page, which is driving me nuts.

To their credit, sometimes the AI answers are useful, and they do a decent job of linking to the source that gave them the info that appeared in the AI vomit, but the hit rate is too low in my experience. Not to mention those answers take a few seconds to load, so I’m often scrolling down to the web results since they’re available instantly and I don’t have to wait to maybe get the right answer.

Previously:

Update (2024-05-28): Kylie Robison (Hacker News):

The messy rollout means Google is racing to manually disable AI Overviews for specific searches as various memes get posted, which is why users are seeing so many of them disappear shortly after being posted to social networks.

It’s an odd situation, since Google has been testing AI Overviews for a year now — the feature launched in beta in May 2023 as the Search Generative Experience — and CEO Sundar Pichai has said the company served over a billion queries in that time.

Maxwell Zeff (Hacker News):

In my experience, AI overviews are more often right than wrong. However, every wrong answer I get makes me question my entire experience on Google Search even more – I have to asses each answer carefully. Google notes that AI is “experimental” but they’ve opted everyone into this experiment by default.

[…]

What is clear is that Google felt pressured to put its money where its mouth is, and that means putting AI into Search. People are increasingly choosing ChatGPT, Perplexity, or other AI offerings as their main way to find information on the internet. Google views this race existentially, but it may have just jeopardized the Search experience by trying to catch up.

Update (2024-05-29): John Gruber:

LLM-powered search results are a bauble. The trust Google has built with users over the last 25 years is the most valuable asset the company owns. Google most certainly does have a choice, and they’ve chosen to erode that trust just so they can avoid accusations that they’re “behind”.

Redesigned Apple Developer Forums

Apple:

The Apple Developer Forums have been redesigned for WWDC24 to help developers connect with Apple experts, engineers, and each other to find answers and get advice.

Apple Developer Relations and Apple engineering are joining forces to field your questions and work to solve your technical issues. You’ll have access to an expanded knowledge base and enjoy quick response times — so you can get back to creating and enhancing your app or game. Plus, Apple Developer Program members now have priority access to expert advice on the forums.

I don’t understand what “priority access” means. Is this another way of saying that some sections (e.g. related to new stuff announced at WWDC) will be hidden if you aren’t logged in?

It seems like Apple keeps reskinning the forums, but the core problems remain. They’re really slow, the interface doesn’t work as well as Stack Overflow or Discourse, and most questions never get good answers, if any at all. With a few notable exceptions, Apple doesn’t seem to pay its engineers to hang out there and answer questions. Sometimes that happens for a little while during WWDC but then stops.

Craig Hockenberry:

So where is the switch to disable the help in the new Apple Developer Forums?

It’s a nice idea, but in a world where I use multiple browsers on multiple devices, it’s repetitive and intrusive.

It never remembers that I’m logged in, so I keep seeing the annoying, Apple ID–specific login sheet. It always suggests entering the password for my non-developer Apple ID and has no keyboard control to select the Use a different Apple ID button that doesn’t look like a button.

Previously:

Author:

Dave Verwer:

But what about my only request? Four years seems like a good amount of time to see if Apple employees are being encouraged and given time to participate. The good news is that plenty of Apple folks are active, made obvious by the little Apple badge added to any thread where they are talking. Taking a couple of popular categories, I found that ~30% of recent threads had Apple involvement. That’s much better than I expected, and those categories all had threads spanning more than two weeks, so it’s not just a flurry of activity related to the launch of this refresh.

Looking at reply and view counts on threads in those same categories, it appears they are not particularly well visited, and most threads only had two-digit view counts.

Fatbobman:

Historically, as an official platform of Apple, this forum has not achieved the desired levels of activity. Despite recent efforts by Apple to boost engagement through the introduction of a points system, the impact has been limited. For many developers, this forum is not the preferred choice for technical exchanges. Insufficient popularity, overly detailed categorization, a lack of a unique community atmosphere, and unappealing incentive mechanisms have all hindered the development of the forum. More importantly, the expected advantage of active participation by Apple engineers, a hallmark of an official forum, has not been fully realized.

In the new version of the forum, Apple engineers are now identified by a uniform symbol (an Apple logo on their avatar), replacing the previous method of signing their posts. However, this approach of answering under departmental identities has inadvertently increased the distance between engineers and developers, making the interactions less personal and lacking in emotional engagement, which is not conducive to fostering a welcoming forum atmosphere.

See also: Antonio Strijdom.

Update (2024-05-29): Craig Hockenberry:

I saw this half a dozen times yesterday and a few times today.

If you work on Developer Forums, or know someone who does, please make it stop.

(Also of note: developers have a pretty good understanding of how forum software works - we’ve used everything from phpBB to Stack Overflow. A single page summary of what’s different would be much more effective.)

Update (2024-06-12): Marcin Krzyzanowski:

🪄 magical 2 weeks of the year when Apple employees allowed to answer technical questions on Apple Developer Forum for whole 2 weeks

Thursday, May 23, 2024

The Dark Age of Authentication

Sriram Karra and Christiaan Brand (via Hacker News):

We’ve received really positive feedback from our users, so today we’re making passkeys even more accessible by offering them as the default option across personal Google Accounts.

This means the next time you sign in to your account, you’ll start seeing prompts to create and use passkeys, simplifying your future sign-ins. It also means you’ll see the “Skip password when possible” option toggled on in your Google Account settings.

A lot of sites are doing this now, and they keep prompting me even after I opt out. Passkey pop-ups are the new GDPR cookie pop-ups.

In the meantime, we’ll continue encouraging the industry to make the pivot to passkeys — making passwords a rarity, and eventually obsolete.

dilippkumar:

The biggest mistake that the passkeys movement did is try to make it sound more marketable at the cost of oversimplification.

First up, these aren’t really “no password” mechanisms. They’re closer to ssh certificates. You need to authenticate through some other mechanism and then agree to do the equivalent of creating and installing ssh certificates on your device.

The ssh certificates get synchronized across your devices securely by your cloud provider. But they can never serve as the primary authentication mechanism - that will still have to be a traditional authentication mechanism.

J. Carlos Roldán (via Hacker News):

It’s no secret that authenticating into services is an unresolved topic. With time, we have managed to make them more secure, but that was at the expense of user experience. The new generation of mail codes and authenticator apps has moved us from the ease of one-click browser autocomplete to complex ordeals involving multiple steps and sometimes multiple devices.

Last month, I was logging into Notion after it automatically logged me out, and I couldn’t help but think “It feels like I’m logging in here every second week; maybe I’m doing something wrong.”

[…]

Notion is not alone in this; many other services enforce similarly short sessions and uncomfortable methods. This has me pondering the evolution of our authentication methods, from their ancient beginnings to modern complexities.

William Brown (via Hacker News):

At around 11pm last night my partner went to change our lounge room lights with our home light control system. When she tried to login, her account couldn’t be accessed. Her Apple Keychain had deleted the Passkey she was using on that site.

This is just the icing on a long trail of enshittification that has undermined Webauthn. I’m over it at this point, and I think it’s time to pour one out for Passkeys.

[…]

The more egregious offender is Android, which won’t even activate your security key if the website sends the set of options that are needed for Passkeys. This means the IDP gets to choose what device you enroll without your input. […] A sobering pair of reads are the Github Passkey Beta and Github Passkey threads. There are instances of users whose security keys are not able to be enrolled as the resident key slots are filled. Multiple users describe that Android can not create Passkeys due to platform bugs. Some devices need firmware resets to create Passkeys. Keys can be saved on the client but not the server leading to duplicate account presence and credentials that don’t work, or worse lead users to delete the real credentials.

The helplessness of users on these threads is obvious - and these are technical early adopters.

[…]

Apple Keychain has personally wiped out all my Passkeys on three separate occasions. There are external reports we have recieved of other users who’s Keychain Passkeys have been wiped just like mine.

Saagar Jha:

The biggest issue with passkeys is that I just can’t trust the companies offering them. They are locked into the platform for reasons that are ostensibly security but often indistinguishable from platform lock-in. If you make a passkey on an Apple device as far as I can tell it will never leave [your Apple devices and iCloud] and there is no way to change this. Of course this means you can never be phished for your credentials but if Apple decides to delete your key or you want to leave your iPhone behind, what are you supposed to do?

We’re coming up on two years since Apple introduced passkeys. This should have been addressed on day one. 1Password can’t import/export, either.

Matt Birchler:

Taking Apple’s passkey implementation as an example, it usually works well if you’re using 100% Safari and Apple devices signed into your iCloud account, but as soon as you step a single toe out of the perfect use case, it turns into a nightmare of authentication. As soon as a website throws up the QR code that I need to scan with my phone I want to scream.

[…]

At this point, sometimes it works, sometimes it doesn’t and you need to try again. I’m not saying where the blame lies in these situations where it fails, just that it does way more often than I’ve ever experienced with usernames and passwords.

[…]

I use 1Password and I have about 20 passkeys saved there. I’ve considered switching to Proton Pass, but there is no way to migrate passkeys from one service to another, so I’d lose my authentication to 20 sites if I did that. And this isn’t a 1Password thing, there’s no service that allows for importing or exporting passkeys as far as I know.

Miguel Arroz:

I think passkeys are a good idea, but I see two major problems with the implementations:

  1. Lack of control. I can’t export them, I can’t even find them anywhere on the OS. Supposedly they show up on the Passwords pane of System Settings (ironic since they’re supposed to replace passwords), but I can’t find some of the passkeys there I know I have.

    This needs to support exporting and a much better UI to help people inspect, organize and delete their passkeys.

    Overall, this feels like the modern trend of “simplifying” things by hiding them. This really makes everything more complicated. A good UI simplifies how people do things, they don’t hide and prevent people from doing those things.

  2. All sites I’ve seen so far that work with passkeys also require a password. This means I still have to keep a password manager, the passwords and I’m still exposed to every security concern regarding passwords.

    […]

    Something is not right when I only feel safe using a thing if I keep around something else said thing is supposed to replace.

    Someone on a thread said passkey marketing material only presents the optimistic case. What happens when everything goes right. The pessimist case (you lost all the devices, you got locked out of iCloud, etc) is never addressed. I do feel that. Many of the “what ifs” I think about aren’t addressed anywhere.

Previously:

Update (2024-05-24): Paulo Andrade:

Secrets does allow importing/exporting of passkeys. But no other app is able to import them 🤷‍♂️. I’m not entirely sure why other apps/keychain are skipping this feature. Seems too important not to have.

I get that they’re working on a more secure way to do this for passkeys, but Safari already lets you export unencrypted passwords and authenticator info, and I think that’s better than having no export at all.

Radu Ursache:

i really like passkeys. sure, i use 1password but i have no plans to leave them so the “platform lock-in” is not an issue. however considering most websites now have the username, password and 2fa fields on different pages, simply tapping 1 button to login again it’s amazing. it’s also as easy on mobile apps where password managers can’t fill every time.

sure, for the simple people it might be annoying but all tech is annoying at first for them so 🤷🏻‍♂️

If anything, I think passkeys make more sense for the “simple people.” The happy path where everything works is nice. And if you were already using Safari and putting all your password eggs in the iCloud Keychain basket, anyway, it should be no less reliable with passkeys. The main passkeys issues seem to be around less simple workflows and failure modes. So, contra William Brown, I’m not writing passkeys off for the mainstream.

Andrew Escobar:

I’m a passkey optimist, but appreciate the passkey skepticism @mjtsai has curated.

ednl:

It just never worked for me with Github despite an all-Apple setup. “You have a passkey for this website. Do you want to login using your passkey?” Yes, please. Always failed.

Melvin Gundlach:

GitHub has been extremely stable in that regard for me. I don’t even need to enter my username or email. Love it!

[…]

Funnily enough, today the PassKey login on GitHub stopped working in Desktop Safari (mobile still works) 🙈

See also: Jesse Squires.

Update (2024-05-28): See also: Mac Power Users Talk.

Update (2024-05-29): Jeff Johnson:

Ugh, how do I stop Safari from offering a passkey option?!?

I don’t have a passkey saved, and I don’t even have iCloud Keychain enabled, which is required for passkeys.

This is adding extra fucking steps to my login process. And of course App Store Connect demands that you login all the fucking time!

Update (2024-05-30): Nick Lockwood:

The AppleID login page is one of the least iCloud Keychain-compatible sites I’ve used. It never at any point offers to save your password and the two-step login breaks the autofill flow.

Wednesday, May 22, 2024

tvOS 17.5.1

Juli Clover:

According to Apple’s release notes, the update addresses a bug with the Photos app that could cause deleted images to reappear.

It’s really interesting that this bug also applies to tvOS, considering that, as far as I know, tvOS doesn’t let you directly add or delete photos. I guess the bug must be related to syncing with the cloud.

Previously:

Mac App Rejected for Web Site Link

Jonathan Deutsch:

My 1 bugfix update got rejected because I link to my website.

How are my fellow Mac app developers dealing with Apple’s last gasp crackdown at their anti-steering provisions?

Are you making entirely separate versions of your website? Are you using query args to change behavior?

I should mention that this rejection is disingenuous; “purchases(s) are immediately presented” isn’t quite accurate - there’s a link to our store page yes, but even that has a link to the Mac App Store. Apple sent over screen shot “evidence” but conveniently cropped this out.

Of course it was a bug fix update, and the link has probably been there forever.

There’s been a lot of news about iOS apps being rejected for links, and legal efforts challenging that, but I rarely hear about it happening for Mac apps.

Unlike, say, Spotify, this developer is not trying to get around Apple’s fees. Apple is going out of its way to be offended. It’s not clear what the solution is if you want to comply with this ridiculous rule.

Previously:

Is this about a general link out to your site? If so, fight that.

Jonathan Deutsch:

In my case, this is just opening a link to Hype’s main product page in the browser.

[…]

Even if I removed just this menu item, there’s other links in the purchase flow (like learning about pro vs standard, going to the professional product page, etc.) that I suspect they’d reject me for if they were upholding the same user-hostile logic.

Jonathan Deutsch:

I just submitted a solution where I add query args to the URL and if those exist my ‘buy now’ button will use an app url scheme to open the in-app’s payment page. We’ll see what they say (I don’t persist this across reloads and there’s plenty of other ways to get to our store).

I resubmitted with ?build=MAS on the offending links. Those pages strip the query string and change my Buy Now button to reopen my app to its Unlock screen.

Apple approved the update.

Whether they approved because of the changes, or just because, we’ll never know.

The Man Who Killed Google Search

Edward Zitron (Hacker News):

In emails released as part of the Department of Justice’s antitrust case against Google, Dischler laid out several contributing factors — search query growth was “significantly behind forecast,” the “timing” of revenue launches was significantly behind, and a vague worry that “several advertiser-specific and sector weaknesses” existed in search.

[…]

The thread is a dark window into the world of growth-focused tech, where Thakur listed the multiple points of disconnection between the ads and search teams, discussing how the search team wasn’t able to finely optimize engagement on Google without “hacking engagement,” a term that means effectively tricking users into spending more time on a site, and that doing so would lead them to “abandon work on efficient journeys.” In one email, Fox adds that there was a “pretty big disconnect between what finance and ads want” and what search was doing.

When Gomes pushed back on the multiple requests for growth, Fox added that all three of them were responsible for search, that search was “the revenue engine of the company,” and that bartering with the ads and finance teams was potentially “the new reality of their jobs.”

[…]

A day later, Gomes emailed Fox and Thakur an email he intended to send to Raghavan. He led by saying he was “annoyed both personally and on behalf of the search team.” in a long email, he explained how one might increase engagement with Google Search, but specifically added that they could “increase queries quite easily in the short term in user negative ways,” like turning off spell correction, turning off ranking improvements, or placing refinements — effectively labels — all over the page, adding that it was “possible that there are trade offs here between different kinds of user negativity caused by engagement hacking,” and that he was “deeply deeply uncomfortable with this.” He also added that this was the reason he didn’t believe that queries were a good metric to measure search and that the best defense about the weakness of queries was to create “compelling user experiences that make users want to come back.”

John Gruber (Mastodon):

Long story short, Ben Gomes was a search guy who’d been at Google since 1999, before they even had any ads in search results. He was replaced by Prabhakar Raghavan, who previously was Head of Ads at the company. So instead of there being any sort of firewall between search and ads, search became a subsidiary of ads.

Irreal:

The story is an old and sad one. The founders have quit active involvement with the company and the first thing the “professional managers” did was to sideline anyone still carrying the torch of the founding principles. As one of the commenters put it, Google moved from being a search company to being an ad company.

Nick Heer:

This is not the same thing as what Gray claimed, even though it is along similar lines. Google allegedly sacrificed an update to its search engine which improved the quality of results for users because it was less profitable. This was done, according to these emails and documents, with cooperation between search and ads.

regw134:

I know a lot of the veteran engineers were upset when Ben Gomes got shunted off. Probably the bigger change, from what I’ve heard, was losing Amit Singhal who led Search until 2016. Amit fought against creeping complexity. There is a semi-famous internal document he wrote where he argued against the other search leads that Google should use less machine-learning, or at least contain it as much as possible, so that ranking stays debuggable and understandable by human search engineers. My impression is that since he left complexity exploded, with every team launching as many deep learning projects as they can (just like every other large tech company has).

The problem though, is the older systems had obvious problems, while the newer systems have hidden bugs and conceptual issues which often don’t show up in the metrics, and which compound over time as more complexity is layered on. For example: I found an off by 1 error deep in a formula from an old launch that has been reordering top results for 15% of queries since 2015.

Barry Schwartz:

Google sent me the following statements in response to this:

(1) On the March 2019 core update claim in the piece: This is baseless speculation. The March 2019 core update was designed to improve the quality of our search results, as all core updates are designed to do. It is incorrect to say it rolled back our quality or our anti-spam protections, which we’ve developed over many years and continue to improve upon.

(2) As we have stated definitively: the organic results you see in Search are not affected by our ads systems.

Edward Zitron:

Google can play semantics all it wants, but if changes were made to an algorithm that increased traffic to previously-suppressed sites, how does one interpret these changes as anything other than a rollback, especially when these sites were suppressed in previous updates?

The one party that could actually clear this up with meaningful data and thorough explanations is Google, and it has instead chosen to vaguely and unilaterally state that I was incorrect.

[…]

Furthermore, in another email revealed as part of the Department of Justice’s antitrust trial, where Jerry Dischler on 5/3/2019, Jerry Dischler asks Anil Sabharwal, then the Vice President and General Manager of Chrome on an email including Prabhakar Raghavan, Nick Fox, Ben Gomes, and several other Googlers, whether it was “worth reconsidering a rollback,” and that he didn’t want the message to be “we’re doing this thing because the Ads team needs revenue” in a sentence referring to the ads team asking the Search and Chrome teams to do stuff to increase revenue.

[…]

I found it peculiar that Google responded with unlinked and uncited testimonies “from the DOJ trial that puts these misleading claims in context.” I will now go through each quote.

Carl Hendy:

Remember why Google banned all those AdSense publishers for blurring the lines between ads and links?

The Luddite (via Hacker News):

This is not actually where the Apportionment Calculator lives, but instead, a link to what the site looked like last week, before Google made me make it worse on purpose to make money. It is common knowledge that Google is cluttering the internet with SEO blogspam ad-driven garbage; less known is how direct, and even banal, this causal relationship really is.

[…]

The unanimous conclusion was that Google wants you to have a lot of content before they will approve you [for AdSense], and more importantly, the quality of the content doesn’t really matter.

[…]

ChatGPT made us several blogposts, each more deranged than the last.

Nick Heer:

Both of those are claimed by Google as things I said were qualities of the 2017 base model iPad, but that is not the case for either. (The third phrase, “pretty great value”, is cited correctly in context.) I did not make a list of “pros and cons” anywhere in my review; neither word appears anywhere in its text. But most upsetting is that Google does not make it apparent anywhere on this results page that it is responsible for this description, not me.

Previously:

Tuesday, May 21, 2024

Windows Copilot+ AI Features

Microsoft (Hacker News, MacRumors, Ryan Jones):

Now with Recall, you can access virtually what you have seen or done on your PC in a way that feels like having photographic memory. Copilot+ PCs organize information like we do – based on relationships and associations unique to each of our individual experiences. This helps you remember things you may have forgotten so you can find what you’re looking for quickly and intuitively by simply using the cues you remember.

[…]

Combine your ink strokes with text prompts to generate new images in nearly real time with Cocreator. As you iterate, so does the artwork, helping you more easily refine, edit and evolve your ideas. Powerful diffusion-based algorithms optimize for the highest quality output over minimum steps to make it feel like you are creating alongside AI. Use the creativity slider to choose from a range of artwork from more literal to more expressive.

[…]

Live Captions now has live translations and will turn any audio that passes through your PC into a single, English-language caption experience, in real time on your screen across all your apps consistently. You can translate any live or pre-recorded audio in any app or video platform from over 40 languages into English subtitles instantly, automatically and even while you’re offline.

[…]

Eye contact teleprompter helps you maintain eye contact while reading your screen. New improvements to voice focus and portrait blur help ensure you’re always in focus.

[…]

Every Copilot+ PC comes with your personal powerful AI agent that is just a single tap away on keyboards with the new Copilot key. Copilot will now have the full application experience customers have been asking for in a streamlined, simple yet powerful and personal design. Copilot puts the most advanced AI models at your fingertips. In the coming weeks, get access to the latest models including GPT-4o from our partners at OpenAI, so you can have voice conversations that feel more natural.

Dare Obasanjo:

Recall reminds me of Stuff I’ve Seen, a 2003 Microsoft Research project to help solve the problem of finding content you’d previously seen. The big problem then was most stuff you saw was on websites not local files.

Recall uses screenshots to solve this.

Matt Birchler:

If you saw this feature and thought, “huh, that sure looks like Limitless,” you would be absolutely right. Just a few weeks ago I suggested Apple should buy Limitless and build it into macOS natively, but Microsoft beat them to the punch by just building it themselves.

It’s an absolute classic Sherlocking, but it totally makes sense. The second I saw Rewind 2 years ago I knew it was something cool, but that was exactly the sort of feature that only works for more people if it’s built by the OS provider. Microsoft is already dealing with privacy concerns with it, so you can only imagine how people feel about letting a VC-funded company they’ve never heard of record everything they do, even if it’s all local, all encrypted, and theoretically actually private in the way people want.

John Gruber:

Recall can “view” and remember everything that appears on screen because it’s integrated with the Windows 11 graphics system. That’s the sort of “AI feature” that truly benefits from being a first-party solution that can integrate at lower levels of the OS than third-party apps can.

Rui Carmo:

I’m a bit skeptical on the concept (even though I did use Windows 10 timeline a fair bit), but I find it rather telling that a key future Windows feature is tied to ARM processors (plus their NPUs, sure, but it’s a key sign that Intel lost the plot here).

Ben Thompson:

That celebration, though, is not because Windows is differentiating the rest of Microsoft, but because the rest of Microsoft is now differentiating Windows. Nadella’s focus on AI and the company’s massive investments in compute are the real drivers of the business, and, going forward, are real potential drivers of Windows.

[…]

Nadella, similarly, needed to break up Windows and end Ballmer’s dreams of vertical domination so that the company could build a horizontal services business that, a few years later, could actually make Windows into a differentiated operating system that might, for the first time in years, actually drive new customer acquisition.

Previously:

Update (2024-05-29): Nick Heer:

Recall is the kind of feature I have always wanted but I am not sure I would ever enable. Setting aside Microsoft’s recent high-profile security problems, it seems like there is a new risk in keeping track of everything you see on your computer — bank accounts, a list of passwords, messages, work documents and other things sent by a third-party which they expect to be confidential, credit card information — for a rolling three month window.

See also: Bruce Schneier and Ben Thompson.

Microsoft’s Copilot+ PCs

Tom Warren (MacRumors, Hacker News):

Over the past two years, Microsoft has worked in secret with all of its top laptop partners to ready a selection of Arm-powered Windows machines that will hit the market this summer. Known as Copilot Plus PCs, they’re meant to kick-start a generation of powerful, battery-efficient Windows laptops and lay the groundwork for an AI-powered future.

“You’re going to have the most powerful PC ever,” says Yusuf Mehdi, executive vice president and consumer chief marketing officer at Microsoft, during the briefing. “In fact, it’s going to outperform any device out there, including a MacBook Air with an M3 processor, by over 50 percent on sustained performance.”

[…]

One of the big advancements is an improved emulator called Prism, which Microsoft claims is as efficient as Apple’s Rosetta 2 translation layer and can emulate apps twice as fast as the previous generation of Windows on Arm devices.

[…]

Overall, Microsoft believes 87 percent of total app minutes spent on these Copilot Plus PCs will be inside native apps.

They also claim to have significantly better battery life.

Martin Pilkington:

The Snapdragon X Elite benchmarks are impressive, but when you realise it’s using 80W to slightly beat the M3 Pro which is using under 50W for the same benchmark (and both are matched by the M4 which is probably using much less than the Pro) I don’t think Apple it too worried.

Andrew Cunningham:

The Surface Laptop—referred to as the “7th edition” in its Microsoft Store URL but simply called the “Surface Laptop” most other places—is Microsoft’s first traditional laptop with an Arm chip. The laptop comes in both 13.8-inch and 15-inch sizes and starts at $1,000 for a 13.8-inch config with a Snapdragon X Plus chip, 16GB of RAM, and 256GB of storage. The cheapest 15-inch version is $1,300, but it includes a Snapdragon X Elite chip instead.

[…]

As for the Surface Pro tablet, this update to Microsoft’s flagship convertible is a lot closer to what Microsoft shipped a year and a half ago in the Surface Pro 9 and Surface Pro 9 with 5G. The new Surface Pro, called “11th edition” in its Microsoft Store URL but not in most other places, still weighs just a hair under 2 lbs, still has the same dimensions (and maintains compatibility with the same Slim Pen and keyboard covers), and still has a 13-inch screen. It starts at $1,000 for a version with a Snapdragon X Plus chip, 16GB of RAM, 256GB of storage, and an IPS LCD display; keyboards and pens are still add-on accessories.

Martin Pilkington:

Looking at the new Copilot + PC specs I hope they push Apple to move to a minimum of 16GB of RAM on M4 Macs (especially given how much more powerful the GPU and NPU are)

John Gruber:

Are any of today’s first batch of “Copilot+ PCs” fanless? If not, can any of them truly be said to have “taken aim” at the MacBook Air?

John Gruber:

I’ll go out on a limb and say that today marks the beginning of the end for x86. Either the x86 architecture has reached an inevitable endpoint, or Intel and AMD are just unable to compete talent-wise. (Or both.) But as of today the performance-per-watt gulf between ARM and Intel/x86 is no longer just an Apple silicon thing — it’s now a PC thing too.

[…]

The saddest part of the event were the cursory appearances — both by pre-recorded videos, despite it being an in-person event in Redmond — of Intel CEO Pat Gelsinger and AMD CEO Lisa Su. Their token appearances felt like Microsoft pretending they haven’t moved on from x86, during an event whose entire theme was, effectively, “moving on from x86”.

Previously:

Apple Updates Silently Enable iCloud Keychain

Jeff Johnson:

I’ve discovered today that unfortunately this issue—this bug, I would call it, though who knows whether Apple considers it a bug or “expected behavior”—still exists with the latest versions of macOS Ventura and Sonoma, 13.6.7 and 14.5 respectively.

[…]

The external drive had a macOS Ventura 13.6.7 boot volume with iCloud enabled but iCloud Keychain disabled. After updating the volume to macOS Sonoma 14.5, iCloud Keychain was enabled. (I then disabled iCloud Keychain, which actually caused System Settings to hang and eventually crash, but afterward iCloud Keychain did seem to be disabled.)

[…]

What I’d like to do is update from Ventura to Sonoma without an internet connection, giving Sonoma no chance to upload my passwords or other data to iCloud before I can disable iCloud Keychain.

[…]

You might wonder why I don’t sign out of iCloud before I update from Ventura to Sonoma. It turns out that there’s no point in that, due to another bug, “Signing out of iCloud and signing back in again forgets all of your previous iCloud settings” (FB12168173), which I also discovered last year.

Because installing macOS also re-enables Wi-Fi, his workaround was to turn off Wi-Fi after downloading the installer, delete his Wi-Fi password, and then install the update.

Mysk:

If you’ve never enabled iCloud Keychain and recently upgraded to iOS 17, chances are good that your passwords are now stored on Apple servers. As confirmed by many users, iOS 17 secretly turns iCloud Keychain on. This video shows the entire process step by step[…]

Previously:

Update (2024-05-28): See also: Hacker News.

Update (2024-05-29): Marcin Krzyzanowski:

I noticed my disk storage went drastically low and I started to check system, then I realized something ( #macos update???) enabled iCloud Photos synchronization to my Mac (that can take all the storage it get, and for that very reason I didn’t enable it on my mac)

Update (2024-05-31): See also: TidBITS-Talk.

Update (2024-06-03): Johann Campbell:

Really wish Apple could stop toggling iCloud Photos on without my permission, when it KNOWS I won’t pay for more than the base 5 GB of iCloud storage.

Update (2024-06-05): Jeff Johnson:

A follower on Mastodon gave me a nice tip on how to prevent this in the future: create a configuration profile.

First, download the Apple Configurator app from the Mac App Store. Then open Apple Configurator, select New Profile from the File menu, uncheck Allow iCloud Keychain in Restrictions, and save the .mobileconfig file.

Slack AI Privacy

Ashley Belanger (Hacker News):

After launching Slack AI in February, Slack appears to be digging its heels in, defending its vague policy that by default sucks up customers’ data—including messages, content, and files—to train Slack’s global AI models.

According to Slack engineer Aaron Maurer, Slack has explained in a blog that the Salesforce-owned chat service does not train its large language models (LLMs) on customer data. But Slack’s policy may need updating “to explain more carefully how these privacy principles play with Slack AI,” Maurer wrote on Threads, partly because the policy “was originally written about the search/recommendation work we’ve been doing for years prior to Slack AI.”

Maurer was responding to a Threads post from engineer and writer Gergely Orosz, who called for companies to opt out of data sharing until the policy is clarified, not by a blog, but in the actual policy language.

Gergely Orosz:

An ML engineer at Slack says they don’t use messages to train LLM models. My response is that the current terms allow them to do so. I’ll believe this is the policy when it’s in the policy.

Richard Speed:

Salesforce division Slack has responded to criticism by users outraged that its privacy principles allowed the messaging service to slurp customer data for AI training unless specifically told not to, claiming the data never leaves the platform and isn’t used to train “third party” models.

The app maker said its ML models were “platform level” for things like channel and emoji recommendations and search results, and it has now updated the principles “to better explain the relationship between customer data and generative AI in Slack.”

[…]

The privacy principles were overhauled in 2023 and contained the text: “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content and files) submitted to Slack.”

[…]

The principles have since been tweaked slightly, and now read: “To develop non-generative AI/ML models for features such as emoji and channel recommendations, our systems analyze Customer Data.”

Adam Engst:

If people actually read Slack’s privacy principles document instead of just reacting to an incorrectly titled link or an out-of-context screenshot on X/Twitter, they would see that Slack isn’t doing any of those things.

However, the “unambiguous sentences” that he quotes seem to be from the current privacy principles, not the May 17 version that sparked the outrage.

More seriously, there’s an important point to make here. Even as we rely ever more on gadgets and services, society has lost a great deal of trust in the tech industry. This controversy arose because the suggestion that Slack was doing something underhanded fit a lot of preconceived notions.

People didn’t want to give them the benefit of the doubt because their behavior played into preconceived notions and seemed sketchy. Their privacy document was antiquated (written to cover a previous AI feature) and not very clearly written. It gave examples of how the customer data might be used but didn’t specify limits. The document has no modification date or change history, with the overall privacy policy still showing a date of July 5, 2023. You had to opt out, and not via a visible setting—but by sending them an e-mail with a special subject. It’s all basically the opposite of what Steve Jobs recommended.

Update (2024-05-22): Adam Engst:

All that said, I still feel like Slack’s mistake in failing to update the document to be more clear wasn’t that bad. The subsequent changes Slack made show that even if the document wasn’t as clear as would be ideal, Slack wasn’t trying to put one over on us. Even in the problematic May 17 version, Slack said:

For any model that will be used broadly across all of our customers, we do not build or train these models in such a way that they could learn, memorise, or be able to reproduce some part of Customer Data.

Of course, because of the lack of trust many people have in the tech industry, even relatively clear statements like that don’t necessarily have the desired effect. “Sure,” one may think, “that’s what you say, but how do we know that’s true?”

And we don’t. There are many lapses, security breaches, and broken promises. But simultaneously, we have to trust the technology we use to a large extent because the only other option is to stop using it.

Monday, May 20, 2024

iOS 17.5.1 and iPadOS 17.5.1

Juli Clover (release notes, no security, no developer):

According to Apple’s release notes, the updates include a fix for an issue that could cause images to reappear in the Photos library even after being deleted.

Mysk:

MarketplaceKit updated in iOS 17.5.1. Now it returns a consistent client ID per device, but the ID is different from the one that was generated in iOS 17.4. So this will only impact customers who installed @altstore before iOS 17.5.1. But will it be reliable this time? 🤷‍♂️

Previously:

Update (2024-06-04): Ric Ford (MacRumors):

Apple has issued an odd update, re-issuing a different “build” of the critical iPadOS 17.5.1 update for undisclosed bugs affecting one specific iPad model without changing the version number.

Safari Hover Link Preview Keyboard Shortcut

Jeff Johnson (Mastodon):

Pressing control-command-d (⌃⌘D) while hovering over a link in Safari opens a popup window containing a preview of the linked web page, just like pressing and holding down a link in Safari on iOS.

Apple does say that you can preview a link in a webpage in Safari on Mac with a Force Touch trackpad, but Apple’s support document doesn’t mention the keyboard shortcut. Typically, the control-command-d shortcut is used to show or hide the definition of the selected word, and indeed this works in Safari to show the Dictionary definition when hovering over non-link text. So the link preview behavior of the keyboard shortcut was a surprise, at least to me.

This was new to me, too. It doesn’t work on my main Mac, even with a safe boot, so I guess it’s controlled by an unknown setting that I somehow turned off. It does work on a Mac with a clean install of macOS.

Previously:

Swift FormatStyle Issues

Wade Tregaskis:

They’re terser than using their otherwise more powerful cousins the Formatters, as they support a “fluent” style of property-based access, which tends to read more naturally and usually avoids having to define variables to hold the formatter.

[…]

They almost always break Xcode’s auto-complete, which is a problem since their syntax is non-trivial and unintuitive.

They’re hard to understand – and to even find in Apple’s official documentation – because there’s so many protocols and indirection involved.

It’s particularly hard to tell where the inexplicable gaps are. e.g. Double doesn’t support ByteCountFormatStyle, even though logically it should and Xcode will sometimes auto-complete as if it does.

I haven’t used the new formatter API much because it isn’t available in the SDK that I’m targeting. I like that it’s terser and doesn’t require tracking a formatter instance. But it’s probably not terse enough that I would use it directly vs. via a more semantically named helper method. And I agree that it’s not actually that easy to use if you don’t already know what you’re doing.

Wade Tregaskis:

Alas, they don’t always work correctly; some of these formatters contain egregious bugs.

In particular, ByteCountFormatStyle pretends to support multiple numeric bases – decimal and binary – but it doesn’t[…] Note how it still uses decimal units, “kB”. Decimal is not binary. I mean, duh, right? But apparently Apple don’t know this.

NSByteCountFormatter behaves the same way. I don’t think it’s a bug so much as Apple deciding to never display binary prefixes even though it is intentional about calculating memory sizes as binary and file sizes as decimal.

Previously: