Friday, May 10, 2024

Black Camera.app Screen and Broken Shutter Button

YoungCraxy:

This is about to drive me crazy, whenever I capture a snapshot, when I press the camera, sometimes a black screen pops up and this doesn’t go away, I can’t shoot anything, I have to go in and out of the camera again.

There are two really annoying iOS camera bugs, which I’ve been meaning to write about for years:

Swift Proposal: Objective-C Implementations in Swift

SE-0436 (via Becca Royal-Gordon):

Swift has always had a mechanism that allows Objective-C code to use Swift types: the @objc attribute. When a class is marked with @objc (or, more typically, inherits from an @objc or imported Objective-C class), Swift generates sufficient Objective-C metadata to allow it to be used through the Objective-C runtime, and prints a translated Objective-C declaration into a generated header file that can be imported into Objective-C code. The same goes for members of the class.

This feature works really well for mixed-language apps and project-internal frameworks, but it’s poorly suited to exposing private and especially public APIs to Objective-C.

[…]

We propose adding a new attribute, @implementation, which, when paired with an interop attribute like @objc, tells Swift that it is to implement a declaration it has imported from another language, rather than creating a new declaration and exporting it to that language.

Specifically, in this proposal, @objc @implementation allows a Swift extension to replace an Objective-C @implementation block. You write headers as normal for an Objective-C class, but instead of writing an @implementation in an Objective-C file, you write an @objc @implementation extension in a Swift file. You can even port an existing class’s implementation to Swift one category at a time without breaking backwards compatibility.

This has been a long time coming, and it seems like a great idea. This also makes it possible to implement a base class in Swift and then subclass it in Objective-C.

Steve Troughton-Smith:

No joke, @_objcImplementation has immediately become my favorite way to port ObjC classes to Swift bit by bit. I’m now using it in Pastel to push the last remaining bits of ObjC out of the codebase. It’s basically header-driven-Swift, which is kinda neat.

Previously:

FDA Recalls Defective Insulin Pump App

Jess Weatherbed (Hacker News):

At least 224 people with diabetes have reported injuries linked to a defective iOS app that caused their insulin pumps to shut down prematurely, according to the US Food and Drug Administration (FDA).

On Wednesday, the agency announced that California-based medical device manufacturer Tandem Diabetes Care has issued a recall for version 2.7 of the iOS t:connect mobile app, which is used in conjunction with the company’s t:slim X2 insulin pump. Specifically, the recall relates to a software issue that can cause the app to repeatedly crash and relaunch, resulting in the pump’s battery being drained by excessive Bluetooth communication.

This is an interesting failure mode that was probably not contemplated when designing and testing the app. I also wonder to what extent quality control decreases as more and more products become subsumed by smartphones. When everything is an app that’s in theory easy to update, how carefully does anyone check that a given version is solid?

I’m also fascinated by the idea of FDA recalling an app. What does that even mean when the bug was already fixed back in March? They can’t remove the bad version of the app from the store shelves. Yet it took until May to essentially issue a government press release telling customers to update the app?

I wonder what effect that will have given that most iOS users probably already had automatic updates enabled or heard from the company itself more than a month ago.

Lastly, if ever there were a time that the release notes should accurately describe the benefits of an update, this was it. Yet all the App Store says for version 2.7.1 of the t:connect app is “Overall app performance updates.”

Mariella Moon:

If a pump shuts down without warning and before the user expects it to, it could lead to the under-delivery of insulin. As the FDA explained in its recall, that could result in hyperglycemia and even diabetic ketoacidosis, a life-threatening complication caused by the inability of the body to turn sugar into energy due to the lack of insulin. Tandem Diabetes Care, the company behind the app and the pump, sent all affected customers an emergency notice back in March. It advised them to update their app, to monitor their pump battery level closely and to carry backup insulin supplies.

Via Corentin Cras-Méneur:

We’ve been hit by the issue. The pump was draining really fast. It’s supposed to have been addressed in an update since but lately, the battery drain has been a bit faster than I would have expected…

Previously:

Apple Apologizes for iPad “Crush” Ad

Emma Roth (Hacker News):

Apple has apologized after a commercial meant to showcase its brand-new iPad Pro drew widespread criticism among the creative community. In a statement provided to Ad Age, Tor Myhren, Apple’s vice president of marketing, said the company “missed the mark.”

“Creativity is in our DNA at Apple, and it’s incredibly important to us to design products that empower creatives all over the world,” Myhren told Ad Age. “Our goal is to always celebrate the myriad of ways users express themselves and bring their ideas to life through iPad. We missed the mark with this video, and we’re sorry.”

[…]

The ad rubbed some creatives the wrong way. Hugh Grant called it a “destruction of human experience,” while Handmaid’s Tale director Reed Morano told Apple CEO Tim Cook to “read the room” in a post on X.

As I said, I didn’t care for the ad, and the replies to Tim Cook on Twitter were almost entirely negative, but I’m still surprised that Apple thought it necessary to apologize. I would have preferred an acknowledgment of the widespread Apple ID issue.

John Gruber (Mastodon):

Would this exact same commercial have evoked the same collective response in 2010? I’m going to say no, it would not have. What about in 2018? I’m going to say ... probably not? Something has changed. Part of it is that our culture has changed. I don’t think many people 10 or 15 years ago would have seen dissonance between Apple’s oft-professed sustainability ideals and a commercial celebrating the destruction of artistic tools and objects. And the bigger change is the recognition that computers are eating the world. In 2010 it was seen only as cool that computers were doing more and more stuff. Today there’s widespread uncomfortableness, perhaps outright concern, that the digital world is consuming the analog one. It plays differently today than a decade ago to emphasize that an iPad can replace a veritable truck-full of artistic tools and toys.

But part too is that Apple’s position in our culture has changed. They’re no longer, and never again will be, the upstart. They’re The Man now. They’re part of the firmament of our entire society, not just the tech world.

Andy Allen:

LG phone ad from 2008 (BBH London)

Uli Kusterer:

You’re telling me that not only did Apple decided to run this stupid “crushing it” commercial, they ripped off an old LG ad ???

See also:

Previously:

Thursday, May 9, 2024

Apple Platform Security Guide (May 2024)

Apple (PDF, via Ivan Krstić):

Unless otherwise noted, this documentation covers the following operating system versions: iOS 17.3, iPadOS 17.3, macOS 14.3, tvOS 17.3, and watchOS 10.3.

Apple:

Topics added:

I thought I must have missed last year’s update, but it looks like the previous revision was in December 2022.

Apple:

Certain instructions on ARM64, including but not limited to those described in Arm Architecture Registers for Future Architecture Technologies, may take a different amount of time to run depending on the data values on which they operate. Malicious code running on the device might use this property to infer information about the data the CPU processes, such as cryptographic keys, or other sensitive data.

Apple silicon provides data-independent timing (DIT), in which the processor completes certain instructions in a constant amount of time. With DIT enabled, the processor uses the longer, worst-case amount of time to complete the instruction, regardless of the input data. When you write software specifically to avoid leaking internal information and to run code in constant time, enabling DIT — and restricting your code to instructions that support DIT — before loading cryptographic key material, performing cryptographic operations, or processing sensitive data ensures the timing of specific instructions doesn’t reveal information about the data being processed.

Apple:

Should malware make its way onto a Mac, XProtect also includes technology to remediate infections. For example, it includes an engine that remediates infections based on updates automatically delivered from Apple (as part of automatic updates of system data files and security updates). This system removes malware upon receiving updated information, and it continues to periodically check for infections; however, XProtect doesn’t automatically restart the Mac. In addition, XProtect contains an advanced engine to detect unknown malware based on behavioral analysis. Information about malware detected by this engine, including what software was ultimately responsible for downloading it, is used to improve XProtect signatures and macOS security.

Via tsunekoh:

The latest Apple Platform Security documentation includes a description of XProtectBehaviorService.

Phil Stokes:

So Apple…what they don’t say there is that this behavior “service” just logs “information” back to Apple, doesn’t report what it finds to the user (so no investigation, triage or root cause analysis) nor does it actually block or remediate anything.

Previously:

Update (2024-05-10): Howard Oakley:

On the other hand, XProtectRemediator “continues to periodically check for infections” in background scans run every 24 hours or so. When it detects what it considers to be malicious software, it automatically tries to remove or ‘remediate’ it without informing the user, and “doesnʼt automatically reboot the Mac.”

This was made clearer with the recent release of XProtect Remediator version 132, which took a dislike to some of the optional components in Xcode. A recent amendment to Apple’s release notes for Xcode 15.3 makes it clear that XProtect Remediator’s false positive did change Xcode without informing the user in any way. The only indication that a remediation was taking place was an authentication dialog for the change to be made to the Xcode app, and there was no indication given to the user that this was part of any malware remediation.

Cuckoo Malware

Adam Kohler and Christopher Lopez:

The downloaded DMG contains an application bundle. Normally, macOS applications instruct the user to drag such apps into the /Applications folder. But in this case, it tells the user to right-click on it and click Open.

[…]

Looking into the upd file in the original bundle, we found that it is signed adhoc with no developer ID. This means that Gatekeeper will initially stop the app from running and require the user to manually allow it.

[…]

The application then creates a new copy of upd, renames it DumpMediaSpotifyMusicConverter, and places it in a hidden folder in the /Users directory. This is why it sometimes appears as upd and other times as DumpMediaSpotifyMusicConverter. The original upd will then use xattr -d com.apple.quarantine to remove the quarantine flag from itself and from the copy of DumpMediaSpotifyMusicConverter.

[…]

From here, upd uses osascript to ask the user for their password using the prompt “macOS needs to access System Settings.”

It sends data and even screen captures back to a server, muting the volume so the user doesn’t know a screenshot was being taken.

Root Privilege Escalation via diskutil

Eswar:

A new local privilege escalation vulnerability has been discovered in macOS which could allow any user to escalate their privileges to root by mounting filesystems using “diskutil” command line utility. This new vulnerability has been assigned with CVE-2023-42931 and the severity is yet to be categorized.

[…]

If a user has mount privileges on the macOS, then the user needs to find a file which has the following conditions.

  • Owned by root when mounted in “owners” mode;
  • Considered owned by myself when mounted in “noowners” mode;
  • Not protected by SIP.

[…]

After creating this suidshell binary, the next step would be to mount the targeted filesystem with the “noowners“ flag. Then the researcher proceeded to make the “.file” writable and copy the suidshell binary into the “.file”.

Apple fixed this late last year.

Previously:

Why In-App Purchases Don’t Work for the Enterprise

Caleb Basinger:

We don’t buy apps through the App Store. Rather, we purchase licenses in bulk—one for every employee or device—through Apple’s Apps and Books program, part of Apple Business Manager and Apple School Manager.

[…]

The only problem is that Apps and Books doesn’t support in-app purchases or in-app subscriptions. That means we can’t access the features we need with the licenses we buy that way.

[…]

Without altering your existing app on the App Store, you could use the same code-base to create a second, fully paid premium version of it that includes all the features we need. You could add this premium version to the App Store alongside the one you sell now that has in-app purchases. This would make your app available to us to purchase in the Apps and Books store in large quantities.

[…]

If you’re concerned about potentially confusing buyers by having two similar apps on the App Store with different purchase models, there is another way: Using the same development and App Store process, you could make a custom app available only to specific organizations within the Apps and Books program.

Via Luc Vandal:

It’s kinda odd that on one end Apple is pushing devs to move to a subscription model but on the other end, that model is incompatible with Apple Business Management so schools or businesses cannot purchase your app unless you create a “pro” or custom version, which is just another thing to worry about.

It’s like one hand doesn’t talk to the other at Apple.

At the same time, it’s not that surprising when you see how much the MAS lacks compared to its iOS counterpart.

I sometimes get requests from businesses or schools but I already have 3 binaries to worry about (Mac, iOS, visionOS). Having 6 would be a lot of additional work and I just can’t imagine getting rejected and having to deal with all this.

Craig Hockenberry:

Volume licenses are one of the main reasons we have a download of xScope on our website in addition to the Mac App Store.

But, of course, that’s not possible with iOS apps.

Yannik Bloscheck:

Without Apple Business Essentials, which even now after many years after its original release is still only available in the US, companies still can't even increase the default 5 GB iCloud storage for their managed Apple IDs. So Apple is even really hurting their own direct services revenue with all of this, but despite that they still haven't come around to improving it.

Previously:

Wednesday, May 8, 2024

Turning Off iOS 17 Contact Posters

Federico Viticci:

In iOS 17, you can create a contact poster, which is essentially a combination of a profile picture and artwork that will represent you when calling other people on the phone, FaceTime, and other apps compatible with the CallKit framework.

[…]

When a call comes in from one of my friends who’s created a contact poster on iOS 17, I like that I can see a little bit of their personality and taste in the poster they’ve chosen for themselves. Just like profile pictures before, you can choose to automatically share your poster with your contacts; you can either accept someone else’s poster or override it with your own poster for them.

A. Lee Bennett Jr.:

Getting REALLY pissed at this new Apple behavior of names and photos for a contact on MY phone getting changed to something set by the other person. I know I can revert it to what I had, but WHY THE #^€% do I have to revert it? I was fine with it asking me if I wanted the suggested new info, but leave my existing info alone!!! Besides, the contact photo I set for people is often far better than the low resolution crap or their kid, or stupid Memoji they send me.

I don’t like the way this feature was implemented:

See also:

Previously:

Update (2024-05-09): Kyle Howells:

The “iOS 17 Contact Posters” feature being on by default, and overriding what I have already set for my contact, on my phone, is an abomination that should never have been approved.

That feature makes me angry with how disrespectful and user hostile it is.

Update (2024-05-10): Tanner Bennett:

I have to pull out my iOS 14 iPhone 12 to change a contact photo without going through the poster nonsense.

I don’t even know if you CAN use the cool emoji contact picture creator anymore on iOS 17!

The other problem I have is that sometimes reverting the photo in Contacts does not fix it in Messages. One of my Messages conversations, which previously had a custom photo I took, now only shows the initials on a black background.

The Alternative Implementation Problem

Maxime Chevalier:

What I’ve concluded, based on experience, is that positioning your project as an alternative implementation of something is a losing proposition. It doesn’t matter how smart you are. It doesn’t matter how hard you work. The problem is, when you build an alternative implementation, you’ve made yourself subject to the whims of the canonical implementation. They have control over the direction of the project, and all you can do is try to keep up. In the case of JITted implementations of traditionally interpreted languages, there’s a bit of a weird dynamic, because it’s much faster to implement new features in an interpreter. The implementers of the canonical implementation may see you as competition they are trying to outrun. You may be stuck trying to ice skate uphill.

Almost 4 years ago, with support from Shopify, two dedicated colleagues and I started a project to build YJIT, yet another Ruby JIT. The difference is that we made the key choice to build YJIT not as an alternative implementation, but directly inside CRuby itself. This came with a number of design tradeoffs, but critically, YJIT could be 100% compatible with every CRuby feature from the start. YJIT is now the “official” Ruby JIT, and is deployed at Shopify, Discourse and GitHub among others. If you’ve visited github.com today, or any Shopify store, you’ve interacted with YJIT. We’ve had more success than any other Ruby JIT compiler so far, and compatibility has been key in achieving this.

See also: The Ruby on Rails Podcast.

Previously:

Shiny MacBook Keys

OSXDaily (tweet):

One of the worst things about the MacBook Air and MacBook Pro is the shiny key issue. If you’re unfamiliar, the image above demonstrates the beginning stages of the shiny key development on my otherwise beautiful six month old MacBook Air, visible mostly on the shift key, but “A” and “S” are also beginning to display the hallmark worn key shine.

The shiny keys are unmistakable, and the wear occurs after routine use of MacBook keyboards. For some users they develop within weeks(!) and for others it can take a year or more to appear, but it seems that virtually every MacBook user who types on their built-in keyboard will eventually experience the shiny keys issue.

[…]

There are also tons of forum posts and pictures about shiny keys, worn keys, polished keys, stained keys, people refer to them differently, but they’re appearingon Apple‘s own supportdiscussionforums, MacRumors Forums, myriadredditthreads, and elsewhere. And yes, it does happen with some third party keyboards and PC keyboards too, but we’re focusing on the world of Apple laptop keyboards here.

Jeff Gamet:

Know why you can’t clean the greasy spots off your compute keyboard? Because that isn’t grease. Lots of computer keys are made from ABS plastic, which is soft and cheaper than PBT plastic. Those shiny spots are where you polished the keys by typing.

Via John Gruber (Mastodon):

Those old keycaps clearly weren’t made from cheap ABS plastic. But in recent decades, Apple’s keyboard keycaps have been made from ABS plastic (or, at least, some sort of plastic that develops a greasy-looking shine through use). I’d love to see Apple fix this problem. Apple’s just not known for cheaping out on materials.

John Gruber:

Also, there was a discussion on ATP episode 562 back in November about keycap wear, and one of their listeners pointed out that ABS can be made transparent to let backlighting shine through, but PBT cannot. You can make PBT keycaps with clear (ABS-filled) cut-outs for the letters, but that would undoubtedly add cost and complexity. My beloved Apple Extended Keyboard II has no backlighting at all. It’s quite possible that this entirely explains why Apple sticks with ABS despite the shiny-when-worn factor.

There are two issues here. First, the polish, which is a shame if it’s due to the backlighting, since I never use it. Second, MacBook Pro and MacBook Air keys are more susceptible to showing actual grease (from natural skin oil, sunscreen, etc.) than desktop keyboards or even some of Apple’s older laptops, which had more matte keys. Either way, it looks gross, and I’d like Apple to improve this. My top priorities for the MacBook Pro, though, would be: smaller trackpad and/or better palm rejection, matte display, more USB ports, less sharp edge for the palm rest.

Previously:

Online Messaging Systems of Yesteryear

Jeremy Reimer (via Adam Engst):

PLATO was an educational system that began in 1960 and was nearing its fourth iteration. It was responsible for many computer firsts, such as the first flat-screen plasma display, which launched in 1972 with PLATO IV. These touch-enabled, 512×512 graphical displays looked like they came from the future. And while it couldn’t talk to ARPANET, every PLATO user at every terminal could communicate with each other all over the world.

[…]

CBBS was instantly popular and spawned dozens of imitators. Since long-distance charges applied for calls outside one’s hometown, local BBS sites bloomed in cities all over North America, Europe, and Japan. BBS systems at first delivered only text, which was fine since that’s all personal computers could offer. In later years, support for the ANSI standard added color and special characters like those found on the IBM PC and clones. But when you called a BBS, it didn’t matter what computer you had or what computer the BBS was running on. An IBM PC user could call up an Amiga-based BBS with no problems.

[…]

Meanwhile, ARPANET had merged with PRNET and SATNET in 1977 to form what was increasingly being called the “Internet.” Other networks joined in the fun, like the Unix to Unix Copy Protocol (UUCP) network, which was eventually renamed the Users’ Network, or simply Usenet.

[…]

The “Eternal September” arrived in 1993, when American On-Line (AOL), the most popular online service in the world at the time, with 1.25 million subscribers, added Usenet access. Along with an estimated 60,000 BBSes in the US alone, with an estimated 17 million users worldwide, a lot more people were getting online. But it was a mere foreshock of what was about to come.

AOL, CompuServe, Prodigy, and others also had their own communities, distinct from Usenet and the Web. It’s hard to believe given Ping and Apple’s other recent efforts, but eWorld was actually really good.

Previously:

Tuesday, May 7, 2024

Apple M4

Apple (Hacker News, Slashdot):

Built using second-generation 3-nanometer technology, M4 is a system on a chip (SoC) that advances the industry-leading power efficiency of Apple silicon and enables the incredibly thin design of iPad Pro. It also features an entirely new display engine to drive the stunning precision, color, and brightness of the breakthrough Ultra Retina XDR display on iPad Pro. A new CPU has up to 10 cores, while the new 10-core GPU builds on the next-generation GPU architecture introduced in M3, and brings Dynamic Caching, hardware-accelerated ray tracing, and hardware-accelerated mesh shading to iPad for the first time. M4 has Apple’s fastest Neural Engine ever, capable of up to 38 trillion operations per second, which is faster than the neural processing unit of any AI PC today.

[…]

M4 has a new up-to-10-core CPU consisting of up to four performance cores and now six efficiency cores. The next-generation cores feature improved branch prediction, with wider decode and execution engines for the performance cores, and a deeper execution engine for the efficiency cores. And both types of cores also feature enhanced, next-generation ML accelerators.

M4 delivers up to 1.5x faster CPU performance over the powerful M2 in the previous iPad Pro.

[…]

M4 can deliver the same performance as M2 using just half the power. And compared with the latest PC chip in a thin and light laptop, M4 can deliver the same performance using just a fourth of the power.

Previously:

Update (2024-05-08): Jason Snell:

Why the M4 now? It mostly has to do with Apple shifting chip production at TSMC (the company that fabs Apple’s chips) from the first-generation 3nm process to a new, more efficient second-generation 3nm process. There’s a whole backstory about TSMC’s change in 3nm processes that’s not worth getting into here, but suffice it to say that the first-generation process is largely a dead end, and the company is moving to a new set of 3nm processes.

Scott:

As expected, the performance “gains” of the new M4 chip Apple is using in the new iPad Pros are mostly due to the N3e process. Apple advertises a “1.5x” speed gain: but they slyly compare the prior 8-core Pro M2 to the new 10-core Pro M4 (25% more performance cores, right off).

Update (2024-05-10): Omar Sohail (via Hacker News):

An early look at the M4’s performance did not deliver the best positive first impression because we believed that Apple lowered the clock speeds to achieve better efficiency. However, we are pleasantly surprised by the latest results, as Apple’s new SoC powering the 11-inch and 13-inch iPad Pro models runs circles around the M2, handily beats M3, and zips past the M3 Pro and Qualcomm’s Snapdragon X Elite, which are two chipsets occupying a higher performance bracket.

Mark Tyson (Hacker News):

Apple's M4 processors have become convincing leaders in the Geekbench single-core leaderboard. Several scores of roughly 3,800 points have appeared in the Geekbench online database over recent hours. This is significant as single-core benchmark scores of this magnitude put clear blue water between the M4 and Intel’s flagship Core i9-14900KS. A little Geekbench database checking shows that, in single-threaded tests, Apple's M4 outpaces Intel's power-hungry desktop champ by about 16%.

Juli Clover:

Apple said that the M4 delivers up to 1.5x faster CPU performance than the M2 in the prior-generation iPad Pro, which is accurate based on the benchmarks we’ve seen so far.

Final Cut Pro 2 and Logic Pro 2 for iPad

Apple (MacRumors, Hacker News):

Final Cut Pro for iPad 2 transforms iPad into a multicam production studio with Live Multicam, giving users the power to speed up their shoot by allowing them to connect and preview up to four cameras all at once, all in one place. To support Live Multicam, Final Cut Camera — an all-new video capture app — comes to iPhone and iPad, letting creators wirelessly connect and remotely direct each video angle with powerful pro controls. Final Cut Camera also works as a standalone professional video capture app on iPhone and iPad. External project support gives users the flexibility to edit projects directly from an external drive, leveraging the fast Thunderbolt connection of iPad Pro. Editing and finishing a project with Final Cut Pro on the new iPad Pro with the M4 chip is incredible, enabling users to color grade, apply multiple effects, and render graphically intense timelines even faster. Final Cut Pro for iPad 2 has even more customizable content for editing and creating unique projects, and leverages the advanced features of the all-new Apple Pencil Pro such as barrel roll and squeeze for Live Drawing.

[…]

On Mac, editors can take their professional workflow to the next level. Leveraging the Neural Engine in Apple silicon, new AI features and organizational tools come to Final Cut Pro 10.8. Available as a free update to existing users, Final Cut Pro 10.8 introduces Enhance Light and Color, offering the ability to improve color, color balance, contrast, and brightness in one simple step, and is optimized for SDR, HDR, RAW, and Log-encoded media. With Smooth Slo-Mo, frames of video are intelligently generated and blended together, providing the highest-quality movement and more drama to a project.

Apple (MacRumors):

Apple today unveiled the all-new Logic Pro for iPad 2 and Logic Pro for Mac 11, delivering breakthrough professional experiences for songwriting, beat-making, producing, and mixing. Powered by artificial intelligence, the new Logic Pro introduces incredible studio assistant features that augment the music-making process and provide artists help right when they need it — all while ensuring they maintain full creative control. These features include Session Players, which expand the popular Drummer capabilities in Logic Pro to include a new Bass Player and Keyboard Player; Stem Splitter, to extract and work with individual parts of a single audio recording; and ChromaGlow, to instantly add warmth to tracks.

Previously:

Update (2024-05-10): Joe Rosensteel:

I’ll be interested to see if they release a BTS video in a few days that shows us how much of this was Final Cut Pro for iPad. At what point did they export the project files on that one-way trip to the Mac? How much did they render on the iPad?

Functionally, they still don’t match the desktop counterparts feature for feature.

[…]

The Final Cut Pro for iPad project file format continues to be incapable of round-tripping between a Mac and back to an iPad.

Apple Pencil Pro

Apple (MacRumors):

A new sensor in the barrel can sense a user’s squeeze, bringing up a tool palette to quickly switch tools, line weights, and colors, all without interrupting the creative process. A custom haptic engine delivers a light tap that provides confirmation when users squeeze, use double-tap, or snap to a Smart Shape for a remarkably intuitive experience. A gyroscope allows users to roll Apple Pencil Pro for precise control of the tool they’re using. Rotating the barrel changes the orientation of shaped pen and brush tools, just like pen and paper. And with Apple Pencil hover, users can visualize the exact orientation of a tool before making a mark.

With these advanced features, Apple Pencil Pro allows users to bring their ideas to life in entirely new ways, and developers can also create their own custom interactions. Apple Pencil Pro brings support for Find My for the first time to Apple Pencil, helping users locate Apple Pencil Pro if misplaced. It pairs, charges, and is stored on the side of iPad Pro through a new magnetic interface.

This is really cool. I kind of wish Apple were doing more with Mac input devices. Magic Mouse could use more buttons and smarter gestures. I really liked using a stylus with a Wacom tablet back in the day.

Previously:

Update (2024-05-08): Joe Rossignol:

Priced at $129, the Apple Pencil Pro is only compatible with the new iPad Pro and iPad Air models announced this week. The first-generation Apple Pencil, second-generation Apple Pencil, and lower-cost Apple Pencil with a USB-C port all remain available, making the Apple Pencil lineup more complex than ever for the time being.

Update (2024-05-10): Juli Clover:

There are some major changes that were introduced with the new accessory, including new gestures and capabilities.

Kirk McElhearn:

Apple now sells four different Apple Pencil models. It can be confusing to figure out which one works with your iPad. In this article, we will help you choose the right Apple Pencil for your iPad.

Steve Troughton-Smith:

There are some new docs from Apple to go with the new features enabled by Apple Pencil Pro — they’re well-written, and they have workable sample snippets with a SwiftUI/UIKit toggle.

iPad Pro (M4, 7th Generation)

Apple (MacRumors, keyboard, Hacker News, Slashdot):

Available in silver and space black finishes, the new iPad Pro comes in two sizes: an expansive 13-inch model and a super-portable 11-inch model. Both sizes feature the world’s most advanced display — a new breakthrough Ultra Retina XDR display with state-of-the-art tandem OLED technology — providing a remarkable visual experience. The new iPad Pro is made possible with the new M4 chip, the next generation of Apple silicon, which delivers a huge leap in performance and capabilities. M4 features an entirely new display engine to enable the precision, color, and brightness of the Ultra Retina XDR display.

[…]

The new iPad Pro — the thinnest Apple product ever — features a stunningly thin and light design, taking portability to a whole new level. The 11-inch model is just 5.3 mm thin, and the 13-inch model is even thinner at a striking 5.1 mm, while both models are just as strong as the previous design. The 11-inch model weighs less than a pound, and the 13-inch model is nearly a quarter pound lighter than its predecessor — allowing pro users to extend their workflows in new ways and in more places.

[…]

For pro users working in high-end, color-managed workflows or challenging lighting conditions, a new nano-texture glass option comes to iPad Pro for the first time.

[…]

The new Magic Keyboard opens to the magical floating design that customers love, and now includes a function row for access to features like screen brightness and volume controls. It also has a gorgeous aluminum palm rest and larger trackpad that’s even more responsive with haptic feedback, so the entire experience feels just like using a MacBook.

The 1 TB and 2 TB models have 4 performance cores vs. 3, 16 GB of RAM vs. 8 GB, and the nano-texture glass option.

Jason Snell:

But over this same span, it’s become clear to me that Apple no longer views the iPad as the future of personal computing.

[…]

iPad Pro buyers already value the product for its flexibility. Imagine how much more flexible it would be if it could run macOS, virtualized, when connected to an external keyboard and trackpad. Apple’s first convertible device would be able to becomes a Mac when it needed to—and exit that mode when it doesn’t. Travelers could invest in the iPad Pro and all its accessories—at a price comparable to a MacBook Air, by the way—and know that they’re getting the best of Apple’s tablet experience and its traditional computer experience.

Not today.

Previously:

Update (2024-05-08): Jason Snell:

As someone who uses a keyboard (and a USB microphone, I suppose) to make a living, I’m looking at $2177 for a mid-range 13-inch model with cellular, an Apple Pencil Pro, and a Magic Keyboard. That’s substantially more than I’d pay for a new MacBook Air, and while I know that I can’t use the MacBook Air as a thin and light touch tablet, I also can’t use my iPad Pro as a travel podcasting unit.

Dan Moren:

Still, purely from a price perspective, things do get more confusing now. Consider the comparison between the iPad Pro and the MacBook Air.

Tony Arnold:

Unless Apple is about to announce that you can choose to install macOS on iPads at WWDC (or a huge overhaul of iPadOS), the pricing of the new iPads is pretty wild.

Federico Viticci:

I had high expectations for the new generation of iPad Pros that Apple unveiled today – some of which were exceeded by reality (hardware), and others that were, regrettably but unsurprisingly, faced with the reality of the iPad platform (software).

[…]

The thinness and reduced weight of the big iPad Pro are making me question which model I want to use going forward. I went into this event knowing I’d get an 11” iPad Pro again, but after trying the new 13” in person, I’m not so sure anymore. It’s still a large tablet that’s not as portable as the small one, but the thinness and lightness of it are making reconsider my decision. I can’t get over how wildly thin and light the new 13” iPad Pro feels.

[…]

I don’t need to rehash why I think Apple is missing a huge opportunity by not embracing the iPad Pro as a machine that could do both iPadOS and macOS equally well in the same package.

[…]

I noticed another journalist struggling with opening the Magic Keyboard, and when I tried it, I experienced it myself. Since the edge of the keyboard is now flush aluminum without an inset “lip” like on MacBooks, it’s hard to know at first where you’re supposed to grab it.

Steve Troughton-Smith:

All of the counter-arguments for some form of macOS on iPad have fallen away over the past 14 years. The hardware is the same exact hardware that runs the Mac lineup. iPadOS is now a platform with keyboard, mouse and external display support. It already has a mode to shrink UI elements down dramatically beyond what would traditionally make for safe touch targets. Mac and iPad apps today share an awful lot of code, if not entire codebases, and it all transparently/freely syncs between devices.

Nick Lockwood:

for me the worst thing about trying to use an iOS device for any real work is the sense of my content feeling “trapped” in an app.

Craig Hockenberry:

Apple has had well over a decade to make a machine for pros.

Bolting a file system and windows onto iOS just isn’t cutting it both for users and developers. So yeah it’s time to admit to failure.

And lean into a device/software that can be flexible and get a multitude of jobs done. Time to abandon idealism and be pragmatic.

Eric Schwarz:

While I’m not opposed to new features in iPadOS, I think there are a lot of lot of tech pundits that need to retire the rhetoric that the iPad can’t replace their Mac and iPadOS is lacking.

Jeff Carlson:

Interesting that the iPad Pro lost a camera—now there’s just a single Wide rear-facing camera and no Ultra Wide camera. Maybe Apple internalized that iPad has never been a good camera device (even though I see people take photos with them often)? More likely just to cut costs, and because for video the better solution is to shoot with iPhone anyway (esp with the new Final Cut Camera app).

Tom Goodwin (via Niko Kitsakis, Scott):

If Samsung ever did this, people would destroy them.

Crushing things we love, things we played with, to produce an identical black box.

I think I get what they were going for, but I had a strong negative reaction to this ad.

Update (2024-05-10): John Gruber:

The thinness is noticeable in hand, but the reduction in weight is even more noticeable. Per Apple’s specs, the new 13-inch iPad Pro weighs 579g, down from 682g in the 2022 models. That’s a sounds-too-good-to-be-true 15 percent reduction. The weight reduction for the 11-inch iPad Pros is less dramatic: 444g, down from 466g in the previous generation.

[…]

In briefings yesterday, Apple reps emphasized, repeatedly, that these new iPad Pros could not have been built without the M4. The efficiency gains allowed Apple to make them remarkably thin and light, and more essentially, only the M4 has a display engine that can drive the new tandem OLED displays.

[…]

The only sore thumb in the entire iPad lineup is the iPad Mini, which, since it first appeared, has always been the least-frequently updated iPad.

Juli Clover:

We’ve rounded up some of the most notable changes worth considering when deciding rather to upgrade.

Quinn Nelson:

New iPads are more powerful than ever: with M4 and the first-to-market tandem OLED display technology. But what does that mean? And why does it matter?

Joe Rosensteel:

To go through all that effort and the appeal of the new iPad Air is that it’s like an older iPad Pro, and that the iPad Pro is a thinner iPad Pro, is … well … underwhelming if the hardware wasn’t a primary concern for you before yesterday.

[…]

The consistent refrain before, and after the event is that Apple isn’t addressing the iPad software platform.

Christina Warren:

The problem with the iPad as as many have pointed out is that the software hampers what it can do unless you’re willing to contort yourself into a very specific workflow. For most casual users those limitations aren’t an issue and the advantages of the form factor outweigh the deficits. But when you charge MBPro money for a device the trade-offs sting. As @jsnell says, the best solution would be to just let us virtualize macOS on an iPad Pro when using it in certain modes.

Chris Welch (via John Gruber):

Sure enough, the Smart Keyboard Folio isn’t compatible with the OLED iPad Pros. The 11-inch version can still be used with the sixth-generation iPad Air, but that’s all. So if you’re set on Apple’s very best tablet, it’s not an option anymore. And with no alternative quite like it anywhere in sight, I’m bummed.

Previously:

iPad Air (6th Generation)

Apple (MacRumors, Hacker News):

Apple today announced the redesigned 11-inch and all-new 13-inch iPad Air, supercharged by the M2 chip. Now available in two sizes for the first time, the 11-inch iPad Air is super-portable, and the 13-inch model provides an even larger display for more room to work, learn, and play. […] The front-facing Ultra Wide 12MP camera with Center Stage is now located along the landscape edge of iPad Air, which is perfect for video calls. It also includes faster Wi-Fi, and cellular models include super-fast 5G, so users can stay connected on the go. […] The new iPad Air is available in new blue and purple finishes, along with starlight and space gray. The 11-inch iPad Air still starts at just $599, and the 13-inch iPad Air is a fantastic value at just $799.

The base storage has increased to 128 GB. Why is this still called Air when it’s thicker and heavier than the Pro?

Previously:

Update (2024-05-08): Jason Snell:

This time around, that’s been taken to an extreme: the 11- and new 13-inch iPad Air are identical in size to the old (2018-2022) iPad Pro models. Apple’s literally re-using those old models, with only some minor feature variations. There’s no Mini-LED HDR display on the 13-inch model as there was on the M1 and M2 versions, nor is there a Face ID sensor; if you want a keyboard, the 2020-era Magic Keyboard will suffice.

[…]

One disappointing note: Apple continues its trend of removing color from its products as they escalate in price. The iPad Air’s colors were subtle before, but they’re vanishingly distinguishable now. On Tuesday, I sat not two feet away from two iPad Airs in blue and purple, and, reader, I could not tell that they were not silver.

Hartley Charlton:

This breakdown also serves as a way to clearly see all the differences that the new iPad Air brings to the table.

Dan Moren:

Where Apple has de-muddied the lineup, though, is in the mid-range. Previously, once you went higher than the paltry base of 64GB storage on the iPad Air, you quickly got into entry-level iPad Pro territory, then forcing you to make a more complex decision between more capacity and more capability at around the same price point. Rather than the simplicity of a decision based around more storage for more money, customers instead had to weight the ability to store more photos vs. Face ID which…how do you even?

In the new lineup, that’s not really a problem. The base-level iPad Airs now boast an acceptable 128GB of storage and are still priced well below an iPad Pro. You’ve go to go up to the top-tier iPad Airs before you really start competing with base level iPad Pros—which is as it should be.

Monday, May 6, 2024

SteerMouse 5.7

Plentycom Systems:

SteerMouse is a utility that lets you freely customize buttons, wheels and cursor speed. Both USB and Bluetooth mice are supported.

[…]

You can assign a function to combinations of a button and modifier keys ( command shift option control ). In addition to it, you can assign a function to combinations of buttons. Your mouse will have unlimited potential.

[…]

System Settings only allows adjustment for the Tracking Speed. SteerMouse allows adjustment of the Sensitivity on top of that. By adjusting both values, you can move the cursor just like you move your hand.

Via John Gruber:

I’ve been using and wholeheartedly recommending SteerMouse for nearly 20 years.

It’s also the case that even with a third-party mouse, you might not want any third-party driver software at all. MacOS’s built-in mouse software recognizes most mice. I rely on SteerMouse not because my mouse has lots of buttons (it doesn’t), but to get fine-grained control over the speed and acceleration of the pointer. SteerMouse lets me set my mouse to go way, way faster than the built-in Mouse panel in Settings does — something I’ve done for decades to reduce wrist fatigue and pain. I can move my pointer from corner to corner across my Studio Display by moving my mouse just a few centimeters.

iOS 17 Calendar Search Failures

keldwink (via Ric Ford):

Updated my 15pro to 17.0.2 and I can no longer search in the calendar app. No matter what I search for, it comes up with “no results”

The replies list various potential fixes. It’s not clear to me whether something is specifically broken with iOS 17 or this is just typical Spotlight behavior. My advice is to use Fantastical, even if you don’t need the fancy features, because the basics work so much more reliably.

Previously:

Apple’s Third-Party SDK List for Privacy Manifests

Apple:

Starting May 1, 2024, new or updated apps that have a newly added third-party SDK that‘s on the list of commonly used third-party SDKs will need all of the following to be submitted in App Store Connect:

  1. Required reasons for each listed API
  2. Privacy manifests
  3. Valid signatures when the SDK is added as a binary dependency

Antoine van der Lee:

While Apple provides rich documentation, it’s hard to understand what you must do. Therefore, I decided to simplify the process and added a frequently asked questions section to help you.

Donny Wals:

In this post, I’d like to show you how you can add a privacy manifest file to your app so that you can resolve rejections related to ITMS-91053.

[…]

Adding a privacy manifest file is a new requirement from Apple that, in my opinion, could have been handled better. Manually working on plist files is a tedious job and the keys and values aren’t that easy to manage.

Privacy Manifest Generator:

Since editing the file by hand is somewhat tedious, this site will help you generate the file instead so you just select which items you need to include and we do the rest!

Jesse Squires (Mastodon):

But then… you see that the list contains UI libraries that haven’t seen significant updates or any activity for multiple years, like SVProgressHUD. Why does a library that provides a single UI component need a privacy manifest? Is it as concerning and as potentially privacy invasive as the Facebook SDK? Some of the UI-only SDKs on the list haven’t seen significant updates (or any updates at all) within the last 4-5 years. Furthermore, even AFNetworking hasn’t had an update in 4 years because it was deprecated long ago after being supplanted by Alamofire. The AFNetworking repo on GitHub has been archived and read-only for over a year! Who’s going to bother adding a privacy manifest to that?

[…]

And then… you know what’s even more bizarre about this list? There are no links! There are no links to the SDK project homepages or GitHub repos. It is a plain text list of names, and in some cases, seemingly random names like “file_picker”. Ok LOL. SDK and library names are not necessarily unique. How are you supposed to know exactly which SDKs they are referencing with so little information? Searching for “file_picker” or “image_picker_ios” or any of the other obscure names on both CocoaPods and the Swift Package Index returns no results!

[…]

As many readers have pointed out, there are also a number of popular SDKs that really should be on this list if Apple is concerned about privacy. For example, the TikTok SDK, GoogleAds, and the Unity Ads SDK are all missing from the list, just to name a few. How strange!

[…]

When Apple imposes new privacy regulations in such a slipshod manner, how are we, as developers and as users, supposed to take this seriously? This feels like more bureaucratic security and privacy theater.

Nick Heer:

I assumed this list would be dominated by SDKs for analytics, authentication, logging, advertising, and other potentially sensitive use cases. […] This list of SDKs contains seemingly few such packages. As of writing, there are 87 SDKs on Apple’s list and fully one-quarter of them — by my count — are Flutter packages intended to simplify cross-platform development.

[…]

As Squires writes, any documentation about why these SDKs are on Apple’s list would be helpful.

Talal Haj Bakry and Tommy Mysk:

In practice, we analyzed the network traffic of several popular apps that were updated after May 1, when this new requirement took effect. We focused on the API that retrieves a device’s boot time, or system uptime. It is the elapsed time in seconds since a device was restarted. Combined with a few other signals, the system uptime leads to generating a very accurate fingerprint of a device.

[…]

All the approved reasons emphasize that information retrieved by the APIs may not be sent off-device.

[…]

Our testing shows that Facebook still sends the system uptime off-device.

So do Google Chrome, Instagram, Spotify, and Threads. Like privacy nutrition labels, privacy manifests seem to be privacy theater.

Previously:

Update (2024-05-07): Thomas Claburn (Hacker News):

The Register asked Google, Meta, and Spotify whether they are in fact using these “required reason APIs” for iOS device fingerprinting and beaming that data off to backend servers, and we’ve not heard back from the last two. A Google spokesperson confirmed it is looking into the report, but didn’t immediately have a response.

[…]

Although Apple’s rule plainly states that uptime data cannot be sent off-device, Google Chrome appears to be doing just that, based on network data analysis from Bakry and Mysk. The rule does allow for an exception, but one that doesn’t apply to Chrome.

[…]

Cupertino did not respond to a request for comment.

Swift’s Native Clocks Are Very Inefficient

Wade Tregaskis (Hacker News):

In a nutshell, the problem is that Swift’s Clock protocol has significant overheads by design. If you look at a time profile of code like this, you’ll see things like[…]

That’s a lot of time wasted in function calls and struct initialisation and type conversion and protocol witnesses and all that guff. The only part that’s actually retrieving the time is the swift_get_time call (which is just a wrapper over clock_gettime, which is just a wrapper over clock_gettime_nsec_np(CLOCK_UPTIME_RAW), which is just a wrapper over mach_absolute_time).

[…]

The downside to calling mach_absolute_timedirectly, though, is that it’s on Apple’s “naughty” list – apparently it’s been abused for device fingerprinting, so Apple require you to beg for special permission if you want to use it (even though it’s used by all these other APIs anyway, as the basis for their implementations, and there’s nothing you can get from mach_absolute_time that you can’t get from them too 🤨).

This matches my experience that intuition is often wrong regarding Swift performance. Sometimes what seems like it would be a simple virtual call has more overhead than an Objective-C message send. Various dynamic stuff involving checking types/protocols can also be much slower than with Objective-C. The good news is that Date is fast, not even calling down to NSDate, and that there’s a pull request to inline some of this.

Previously:

Friday, May 3, 2024

Error -609 Launching App From the Mac App Store

Matthias Gansrigler:

Does anybody here know what macOS’ error -609 is when launching an app from the App Store?

“The application “XYZ” can’t be opened. -609”

And, maybe more importantly, how to fix it? Relaunches, re-installs and restarts have not helped.

Mark Cornelisse:

Are you behind a firewall? This usually occurs when MacOS can't communicate with the App Store to get the decryption certificates for the binary.

[…]

I’ve done so research on the subject. It could be the following things:

  • Corrupted Application File or incomplete installation. Unintall the application and download it again from the App Store.
  • Disk Permissions. Use Disk Utility to repair disk to all disk permissions.
  • Outdated MacOS or too new version of it. Download the latest MacOS for the device.
  • Account Authorization. Solution: Logout of the App Store account and log back.
  • Damaged System Files. Reinstall MacOS through the EFI.
  • Conflicting Software like security software. Disable the security software. See if the issue persists. If doesn’mt contact support of the security software or the administrator of the Mac.
  • Network issues in contact the App Store server. Remove any obstacle like firewall and system rights that might prevent the Mac from communicating with the App Store to get the needed certificate.
  • Disk Storage. Free up disk space.

I’m seeing a recurrence of the old problem where launching test versions of Mac App Store apps doesn’t work.

Previously:

Apple’s Q2 2024

Apple (transcript, Hacker News, MacRumors):

The Company posted quarterly revenue of $90.8 billion, down 4 percent year over year, and quarterly earnings per diluted share of $1.53.

“Today Apple is reporting revenue of $90.8 billion for the March quarter, including an all-time revenue record in Services,” said Tim Cook, Apple’s CEO.

[…]

“Given our confidence in Apple’s future and the value we see in our stock, our Board has authorized an additional $110 billion for share repurchases. We are also raising our quarterly dividend for the twelfth year in a row.”

Jason Snell:

The company booked $90.8 billion in revenue (down 4% versus the year-ago quarter) with $23.6 billion in profit. Mac revenue was up 4%, presumably buoyed by the release of the M3 MacBook Air. iPad revenue crashed down to $5.6 billion, a 17% drop from the year-ago quarter and the weakest iPad quarter in four years. iPhone revenue was $46 billion, down 10% versus the year-ago quarter.

Services revenue was the big highlight for Apple this quarter, with a new record $23.9 billion in revenue, up 14% year over year. The Wearables, Home, and Accessories category managed only $7.9 billion in revenue, down 10% versus the year-ago quarter.

Artificial intelligence was mentioned many times, and as Ryan Jones notes, Apple even suggested that the M3 MacBook Air is selling well because of its “incredible AI performance.”

John Gruber:

Tim Cook’s decade-ago decision to focus both the company and investors’ attention on Services looks ever more prescient. As it stands, a 4 percent overall drop in revenue makes for an ever-so-slightly bad quarter. If not for Services growth, however, this would’ve been a not-so-slightly bad quarter.

Maybe it was a good business decision. I still think the focus on services has not been good for the products.

John Gruber:

It’s somewhat interesting to me that those are the two iPhone models: on the consumer side, the smaller-display iPhone 15; on the pro side, the big-display iPhone 15 Pro Max. The cheapest iPhone 15 model and the most expensive one.

Previously:

Update (2024-05-07): Michael E. Cohen and Adam Engst:

Apple’s regional results were a mixed bag, with some regions—the Americas and Europe—providing generally steady or growing revenues, while others—Greater China, Japan, and the rest of Asia Pacific—showing declines. The declines may be less related to Apple’s products than to regional economic conce

Jason Snell:

It’s interesting that Cook calls out generative AI, which is basically the sort of stuff that Apple hasn’t spent the last few years rolling out inside its various products. He acknowledges that they’ve been investing in this technology and once again touts that Apple will share things soon.

[…]

There was one claim that made me laugh out loud during the call, though. Apple CFO Luca Maestri said, as a part of his prepared remarks, that “customers are loving the incredible AI performance of the latest MacBook Air and MacBook Pro models.” Are they, really? I knew some apps have AI features, but the idea that M3 MacBook Air users are just buzzing over how incredible the AI performance they’re getting is… just seems silly. This is the place where Apple’s product marketing hype machine collides with its investor community hype machine and generates something… not optimal.

[…]

Sometimes, it seems like Apple has almost saturated demand for its products, which leads to slower growth (for everything except the Services category, apparently). So, where would growth ever come from? This answer focuses on it: There’s a big portion of the world where Apple’s market share is quite low, but populations are growing and income levels are rising. Apple’s growth story for the next couple of decades may have more to do with India, Brazil, and Indonesia than with Europe or the United States.

[…]

That’s about as savage a shade-throwing as you’ll get on an Apple analyst call. But to summarize, Rakers asked Cook to respond to third-party estimates on Apple’s sales, and Cook essentially pointed at his legally mandated financial statements and declared them the real numbers.

Beats Solo Buds

Chance Miller:

Alongside the launch of Beats Solo 4 today, Apple has also announced new Beats Solo Buds earbuds. The new Beats Solo Buds pack a truly wireless design with an incredibly impressive 18 hours of battery life and $79.99 price.

[…]

While they miss out on features like Active Noise Cancellation, auto play/pause, and Transparency mode, they offer an impressive set of other features.

Via Benjamin Mayo:

even if you halve the quoted 18-hour battery life it’s still much better than AirPods longevity for a single session (like plane journeys?)

Tracking Through MarketplaceKit

Mysk:

@brave for iOS just got updated to support the new “marketplace-kit” scheme. Brave only calls the scheme when trackers blocking is disabled. As we reported earlier, Apple implemented the new scheme in a way that allows tracking across websites based on the unique client_id.

Now users in the EU can use Brave to safely install alternative marketplaces. We would like to thank Brave for considering our advice about potential tracking. Moreover, Brave doesn’t invoke the scheme if it’s called from a website different than the store’s website. Great job. 👏

The client_id is created by MarketplaceKit. It is unique per device, Apple ID account, and marketplace combination. At the moment Apple allows any website to trigger sending client_id to the alternative store backend. This allows a malicious app store to track users across websites.

Via Damien Petrilli:

Apple implementing a half-assed compliance instead of implementing a well proven Mac-like installation.

Pretty sure they are going to blame all the security issues caused by their code on regulation.

All those 600 new APIs they did to fake compliance are just code exposing users to new security flaws.

It’s not clear to me exactly what the client_id is for. Apple mentions it in the context of restricting app downloads to certain “qualified users.”

I think users would already expect a marketplace to track their purchases and browsing through that marketplace, so I’m not sure this is a big deal. Does it matter that the marketplace account is linked to a device–Apple ID combination? Is it that different from a Web store tracking through cookies? I’m not seeing a huge distinction between browsing a Web page associated with a product in the marketplace vs. within a marketplace/store.

Previously:

Update (2024-05-03): The piece I was missing is that any Web site can ping the marketplace to get the unique ID because Safari doesn’t check that the Web site is part of that marketplace.

Talal Haj Bakry and Tommy Mysk:

Our testing shows that Apple delivered this feature with catastrophic security and privacy flaws. First, Safari invokes the marketplace-kit URI scheme without checking the origin of the website containing the URI scheme and the URL passed in the alternativeDistributionPackage input parameter. This allows cross-site tracking as we’ll show in the next section.

Second, MarketplaceKit would accept any parameters once invoked. It doesn’t read or validate the JWT tokens passed in the argument. We are sure that Marketplace doesn’t read the tokens because we sent text that doesn’t conform to a valid JWT structure and MarketplaceKit accepted it. Worse, it blindly relayed the invalid JWT token when calling the /oauth/token endpoint. This opens the door to various injection attacks to target either the MarketplaceKit process or the marketplace back-end.

Third, certificate pinning is not deployed in the entire process. This makes it easy to intercept and manipulate requests between the MarketplaceKit process and the marketplace back-end. It might be tricky to support certificate pinning here because MarketplaceKit might communicate with many servers that can dynamically be changed by the marketplace developer in the .well-known resources. But this also has potential issues. In our testing, we overwrote the .well-known resources through intercepting the calls and we fed our own endpoints. As a result, MarketplaceKit called our endpoints.

[…]

The flaw of exposing users in the EU to tracking is the result of Apple insisting on inserting itself between marketplaces and their users. This is why Apple needs to pass an identifier to the marketplaces so they can identify installs and perhaps better calculate the due Core Technology Fee (CTF).

Thursday, May 2, 2024

Core Technology Fee Exemptions

Apple (MacRumors):

Today, we’re introducing two additional conditions in which the CTF is not required:

  • First, no CTF is required if a developer has no revenue whatsoever. This includes creating a free app without monetization that is not related to revenue of any kind (physical, digital, advertising, or otherwise). This condition is intended to give students, hobbyists, and other non-commercial developers an opportunity to create a popular app without paying the CTF.

  • Second, small developers (less than €10 million in global annual business revenue*) that adopt the alternative business terms receive a 3-year free on-ramp to the CTF to help them create innovative apps and rapidly grow their business. Within this 3-year period, if a small developer that hasn’t previously exceeded one million first annual installs crosses the threshold for the first time, they won’t pay the CTF, even if they continue to exceed one million first annual installs during that time. If a small developer grows to earn global revenue between €10 million and €50 million within the 3-year on-ramp period, they’ll start to pay the CTF after one million first annual installs up to a cap of €1 million per year.

Khaos Tian:

Would be annoying if AltStore PAL no longer qualifies for CTF exemptions because it had sales to cover CTF in the first place 🙃

Previously:

Update (2024-05-03): Kosta Eleftheriou:

Imagine having to pay Apple money to install an app on your Mac from some website.

Update (2024-05-07): Nick Heer:

Two fundamental issues remain with the Core Technology Fee — namely, that developers still need to pay Apple even if their app is distributed exclusively outside the App Store and in-app payments are handled by a third-party processor, and the fee is an unknown and surprising future charge. One marvels at how the Mac could remain such a successful developer platform for so long without the support of a per-install fee.

EagleFiler 1.9.14

EagleFiler 1.9.14 is a maintenance release for my Mac information organizer app.

Some interesting bugs were:

Previously:

Delta Emulator in the App Store

Kyle Orland (MacRumors):

Apple’s decision earlier this month to open the iOS App Store to generic retro game emulators is already bearing fruit. Delta launched Wednesday as one of the first officially approved iOS apps to emulate Nintendo consoles from the NES through the N64 and the Game Boy through the Nintendo DS (though unofficial options have snuck through in the past).

Delta is an outgrowth of developer Riley Testut’s earlier sideloadable GBA4iOS project, which recently had its own unauthorized clone removed from the App Store. Before Wednesday, iOS users could load Delta onto their devices only through AltStore, an iOS marketplace that used a Developer Mode workaround to sideload apps from a self-hosted server. European users can now get that AltStore directly on their iOS devices (for a small 1.50 euro/year fee), while North American users can simply download Delta for free from the iOS App Store, with no ads or user tracking to boot.

It’s not in the EU App Store.

Riley Testut:

Thank God the CTF only applies to downloads in the EU 😅

Shira Ovide (via Hacker News):

The hottest iPhone app in America may owe its popularity to government crackdowns on Apple.

[…]

Apple had banned apps like it for years but un-banned them this month without much explanation. Delta’s creators say growing anti-monopoly pressures were responsible for Apple’s flip-flop.

Dare Obasanjo:

Apple was pressured by regulators to allow game emulators on iOS and now the most popular app is a game emulator with a 4.9 star rating.

Remember this when people claim Apple’s restrictions on what you can do on your phone to protect their app store revenue doesn’t harm consumers.

Parker Ortolani:

Delta’s success is proving that there is an insane amount of pent up demand for the things Apple has insisted on keeping from us for 16 years. It is proving the point of critics.

Jason Snell:

Sure, some of that is probably a natural tendency by some of us veteran App Store users to download forbidden fruit before Apple has a re-think and decides to ban it again. But there’s also a genuine interest in reconnecting with older games, something that’s been there all along on other platforms—but has always been blocked from iOS by Apple’s arbitrary policies.

[…]

So where do we go from here? While Apple’s acceptance of emulators in the App Store is groundbreaking, and should delight many fans of retro gaming consoles, it’s an extremely limited change. Nobody really knows how Apple defines any of the words in that phrase. How old is retro? Is an old computer on which you can play games a console?

I grew up playing games on early computers, including the Apple IIe. Does the ability to open a spreadsheet in AppleWorks disqualify an Apple II emulator that would otherwise let me play Lode Runner and Choplifter? And if so, why?

[…]

Apple should allow retro emulators of all kinds in the app store, and allow game emulators to use JITs to boost performance. Otherwise, its limited expansion of the rules feels mostly for show and not indicative of a real change in approach to App Store rules.

John Gruber:

An incredibly polished, high-performance game emulator, available free of charge with no ads. That’s some old-school internet awesomeness.

[…]

Now the questions is: Does Nintendo care?

Brendon Bigley:

Personally though: I really just want to play Pokémon on my phone. The reason I switch to Android is the prospect of playing Pokémon Silver again while I’m on the subway or in the back of a Lyft or while waiting in line. Ultimately Nintendo is unlikely to allow this in a way that lets me pay them directly for the experience. They justifiably prefer having their Nintendo Online subscription service and providing limited access to their valuable back catalog on devices they control entirely. The idea of launching a Pokémon game as an app on the App Store is a non-starter. But with emulation apps present on both Android and iOS and many people already enjoying these experiences, one wonders why not make a change? I would gladly pay Nintendo to play back-catalog Pokémon games on my iPhone and I would be over the moon if they recognized this as a valuable audience segment worth catering to. In a lot of ways, it’s about to be extremely difficult to ignore this user-behavior.

John Voorhees (via Federico Viticci):

So, you’ve probably seen the (totally justified) hype surrounding the Delta emulator’s launch on the App Store and downloaded it because, why not, it’s free. You may have also recalled that, like a lot of people, you have a box of old Game Boy cartridges stored somewhere that are gathering dust. Or, like me, maybe you spent way too much money on second-hand videogame sites during the COVID lockdown. Regardless of your Game Boy cartridge origin story, today I’m going to show you a simple way to breathe new life into those games by bringing them, along with your save files, to your iPhone.

The easiest way I’ve found to pull the game files from a Game Boy, Game Boy Color, or Game Boy Advance cartridge is with a little USB-C accessory called the GB Operator by Epilogue, or as I like to call it the Game Boy Toaster. That’s because the device looks like a top-loading transparent toaster that takes game cartridges instead of bread. If you have a big collection of game cartridges, the GB Operator is a great investment at $50 because it allows you to both play and back up your games using a Mac.

Riley Testut (via Craig Grannell):

So apparently Apple approved a knock-off of GBA4iOS — the predecessor to @delta I made in high school — in the App Store. I did not give anyone permission to do this, yet it’s now sitting at the top of the charts (despite being filled with ads + tracking)

I’ve bit my tongue a bunch in the past month…but this really frustrates me. So glad App Review exists to protect consumers from scams and rip-offs like this 🙄

Previously:

AltStore PAL

Riley Testut:

I’m thrilled to announce a brand new version of AltStore — AltStore PAL — is launching TODAY as an Apple-approved alternative app marketplace in the EU. AltStore PAL is an open-source app store made specifically for independent developers, designed to address the problems I and so many others have had with the App Store over the years. Basically, if you’ve ever experienced issues with App Review, this is for you!

We’re launching with 2 apps initially: my all-in-one Nintendo emulator Delta — a.k.a. the reason I built AltStore in the first place — and my clipboard manager Clip, a real clipboard manager that can actually run in the background. Delta will be FREE (with no ads!), whereas Clip will require a small donation of €1 or more. Once we’re sure everything is running smoothly we’ll then open the doors to third-party apps — so if you’d like to distribute your app with AltStore, please get in touch.

[…]

Sources are integral to AltStore’s design and allow it to be completely decentralized. This means there is no central directory of apps; the only apps you’ll see in AltStore are from sources you’ve explicitly added yourself. It’s up to developers to self-promote their apps and direct users to their websites, where users can add their source with a single tap via AltStore’s altstore://source?url=[source URL] URL scheme (or by copying & pasting the source URL directly). Distributing apps with AltStore is also completely free of chargeanyone can distribute an app for free on AltStore as long as they make a source.

[…]

I strongly believe this business model works well — especially for indie developers — so we’ve gone all-in and added deep Patreon integration to AltStore to allow all developers to monetize their apps the same way we do. Developers can choose to offer some (or all) of their apps to just their patrons, and even control which tiers unlock which apps on a per-app basis. And to further encourage Patreon use, AltStore will take no commission on Patreon donations, allowing developers to keep the entirety of their Patreon proceeds.

They’re charging €1.50/year for the marketplace itself to cover the CTF.

Mysk:

AltStore PAL just updated their FAQ saying that they currently support one device per subscription. This confirms that Apple left marketplace app developers with no option to tell whether multiple devices belong to the same user or not. Apple promises that the CTF applies once regardless of how many devices the user has.

Since app developers can’t tell if an additional device belongs to a subscribed user, they are forced to charge the user per device to be on the safe side.

John Gruber:

For iOS power users and enthusiasts, alternative app marketplaces are going to be fun and useful. Right now there’s no better place to be an iPhone user than the EU.

David Barnard:

I’m moving to the EU so I can finally have a clipboard manager on iOS.

Adam Demasi:

The whole marketplace flow is a disaster. While AltStore seems to have tons of problems itself […], the majority of the problems are in Apple’s implementation.

App installation has no progress prompts. The app-marketplace:// URL scheme, used by websites to tell iOS to begin installing a marketplace app, displays zero progress. It only has the ability to display error messages, such as telling you you’re not eligible (not located in the EU), or that you need to go to Settings to allow the app to be installed. Naturally, there’s no button that takes you to Settings, nor any explanation of what you do when you’re there.

Once you’re in Settings, a followup button appears below your Apple ID name. Tapping Allow simply dismisses the prompt. There’s no indication of what happens next. The answer is - nothing happens. You need to go back to Safari and initiate the installation again. Then, you get another full screen prompt, and then an alert prompt. The app then starts downloading, but nothing tells you that. Tapping the download button does nothing now. You just eventually think to go to the home screen and find the app.

[…]

Make no mistake, if a teenager was able to build a jailbreak that puts a Cydia icon on the home screen with a download progress bar back on iOS 4.3 (2011!), Apple can do far better with user experience here. They know what they’re doing. The sloppiness of the whole process is intentional, and AltStore needing to charge €1.50/year is a barrier Apple fully intended to force upon marketplaces.

Kyle Howells:

Apple’s designed the alternative AppStore process to be as terrible a user experience as they think they can get away with.

I used to jailbreak all my devices. EVERY SINGLE Jailbreak app store was miles better than this mess.

Previously:

Update (2024-05-07): Kyle Howells:

I’d like to remind everyone all the work Apple has done, to make such a terrible 3rd party app store experience, was entirely voluntary.

iOS has had app true side loading, install from Safari, since iOS 3. Just locked down. All that was actually required was turning that on.

Wednesday, May 1, 2024

Photos Syncing With iCloud Paused

I just ran into an iCloud issue I’d not seen before. Photos on my Mac now shows “Syncing with iCloud Paused. Optimizing System Performance” at the bottom of the photos grid. It’s not clear to me what this means because the Mac is essentially idle and not running on battery power.

There’s a Sync Now blue text “button,” and when I click it I get an alert that says:

Resume Syncing with iCloud

Syncing with iCloud is paused to optimize system performance. Would you like to resume syncing for four hours?

I clicked Resume, but nothing seemed happened. The main window still says that syncing is paused and still offers the Sync Now button that seemingly doesn’t do anything. I left it overnight and nothing has changed. Syncing is still paused—showing gray thumbnails for photos not downloaded—and Sync Now is still inoperable.

Previously:

Update (2024-05-02): I had restarted the Mac earlier, but I restarted it again this morning and now it is syncing again.

The Joy of Shortcuts

Jarrod Blundy:

I love building shortcuts. I have 579 of them in my personal library at the moment, and I’d guess that I built or modified about half of those at some point or another. Between my HeyDingus Shortcuts Library and my old home on RoutineHub, I’ve shared over 40 of them publicly, thinking that maybe someone else will find these little tools helpful.

[…]

But mostly, it just lights up my brain in a way that few other things do. […] And I enjoyed every second of getting them just right.

Via Federico Viticci:

For me, despite the (many) issues of the Shortcuts app on all platforms, the reason I can’t pull myself away from it is that there’s nothing else like it on any modern computing platform (yes, I have tried Tasker and Power Automate and, no, I did not like them). Shortcuts appeals to that part of my brain that loves it when a plan comes together and different things happen in succession.

I love automating things and have used many utilities to do so, going back to classic Mac OS. These days I mostly rely on AppleScript and shell scripts. For whatever reason, Shortcuts just does not fit my brain. I found Automator intuitive but limited. Shortcuts, not being language-based, is also limited, but it’s seemingly much more powerful than Automator. However, I find it confusing to use, the app’s interface doesn’t feel right for a Mac app, and I wish shortcuts were saved as files.

It’s also a pity that some functionality—e.g. HomeKit—is not available from AppleScript or shell tools, only via Shortcuts.

Joe Rosensteel:

I love Shortcuts. I love WiFi device names. I love conflict resolution when I didn’t edit the Shortcut on either of those dates.

Previously:

Qi2 Battery Packs and Chargers

Christian Selig:

Qi2 was supposed to be a glass of ice water to those in hell of Qi1, and I was hyped! Apple stopped making MagSafe battery packs themselves, and their old pack used Lightning instead of the newer USB-C, so I was excited to see third-parties bring MagSafe into the golden age of USB-C.

[…]

The word “compatible” is doing a lot of heavy lifting there, just indicating that the battery packs have a magnet in them and using just regular Qi1 charging. None of the actual MagSafe benefits are available. This means they’re kinda “dumb” and don’t communicate well with the host device, leading to hotter devices (and thus faster battery degradation) and lower efficiency due to energy loss as heat.

[…]

Despite being announced last year, there’s still like… only one manufacturer offering Qi2 battery packs: Anker. The rest are still “coming soon”. […‘ Qi2 battery packs seemingly don’t even support OS level battery status! I can only assume this is an omission on Apple’s part rather than Anker’s, and is hopefully fixed in the future, but that was one of the aspects of Qi2 I was looking forward to the most. All you get is a slightly larger indicator of the phone’s battery level, but not the pack’s.

This Anker battery pack has been working great with my iPhone 15 Pro, but I don’t think it’s Qi2. Oddly, I’ve had mixed results with USB-C battery packs, e.g. the HTGK Power Bank sometimes causes iOS to report heat errors and seems to actually drain the phone’s battery rather than charge it.

Juli Clover:

Satechi today announced the availability of its two new Qi2 charging stands, the 3-in-1 Foldable Qi2 Wireless Charging Stand and the 2-in-1 Foldable Qi2 Wireless Charging Stand.

[…]

One of the benefits of Qi2 is lower prices, but Satechi's Wireless Charging Stands are still expensive. The 3-in-1 model is priced at $130, likely because Satechi is still licensing Apple Watch charging technology from Apple, while the 2-in-1 Wireless Charging Stand is $80.

Previously:

Compelled to Unlock With Fingerprint

Jon Brodkin:

The US Constitution’s Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law.

[…]

Payne’s Fifth Amendment claim “rests entirely on whether the use of his thumb implicitly related certain facts to officers such that he can avail himself of the privilege against self-incrimination,” the ruling said. Judges rejected his claim, holding “that the compelled use of Payne’s thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking.”

Joe Lancaster (via Hacker News):

From a practical standpoint, this is chilling. First of all, the Supreme Court ruled in 2016 that police needed a warrant before drawing a suspect’s blood.

[…]

But forcibly gaining access to someone’s phone provides more than just their identity—it’s a window into their entire lives. Even cursory access to someone’s phone can turn up travel history, banking information, and call and text logs—a treasure trove of potentially incriminating information, all of which would otherwise require a warrant.

When they drafted the Fourth Amendment, the Founders drew on the history of “writs of assistance,” general warrants used by British authorities in the American colonies that allowed government agents to enter homes at will and look for anything disallowed. As a result, the Fourth Amendment requires search warrants based on probable cause and signed by a judge.

John Gruber:

People who don’t use Face/Touch ID are surely tempted to use a short easily-entered passcode for convenience, and anyone who disables Face/Touch ID while using a nontrivial passphrase is encountering a huge inconvenience every single time they unlock their phone. There’s no good reason to put yourself through that.

My advice is to internalize the shortcut to hard-lock an iPhone, which temporarily disables Face/Touch ID and requires the passcode to unlock: squeeze the side button and either of the volume buttons for a second or so.

[…]

Those concerned with civil liberties should presume, though, that the same court would rule similarly regarding cops unlocking a device by waving it in front of the suspect’s face. But with “Require Attention for Face ID” — which is on by default — Face ID won’t work if you keep your eyes closed, and I don’t think a court would allow police to force your eyes open. The trick to worry about is the police handing you back your phone, under the pretense that you can use it to make a call or something, and then yanking it from your hands after you unlock it.

John C. Welch:

“Ha, I locked my phone, you can’t make me put in my pin!”

<cops all turn off their body cams and draw their sticks>

Previously:

Tuesday, April 30, 2024

Ive Drives Icons

Louie Mantia (Mastodon):

It’s been 15 years since the original and 12 years since the sequel. Volume 3 contains a staggering 125 hard drive icons, comprising of 25 metal colors (most—if not all—of Apple’s modern product colors), with 5 varieties of each.

Beautiful external drive icons up to 1,024×1,024.

I’m not sure whether there’s a better way, but if you open the .icns file in Preview, you can Select All and Copy. Then if you Get Info on the drive and Paste it seems to apply all the image representations to the .VolumeIcon.icns file that it creates.

iPadOS Also a Digital Gatekeeper in EU

Tim Hardwick (Hacker News):

EU antitrust officials on Monday identified iPadOS, Apple’s operating system for iPads, as a significant digital gatekeeper under the EU’s new tech regulations, which carry strict requirements that aim to promote fair competition and expand options for consumers.

[…]

“Apple’s business user numbers exceeded the quantitative threshold elevenfold, while its end user numbers were close to the threshold and are predicted to rise in the near future.”

[…]

The Commission has now given Apple a six-month deadline to fully comply with the obligations set by the Digital Markets Act (DMA), which means we should expect enforced changes in iOS like alternative app marketplaces, web distribution, and alternative browsers to come to iPadOS as well in a forthcoming update.

John Gruber:

The “lock-in” is basically just features exclusive to Apple’s own platforms. I’m not even sure how Apple could possibly create a platform without “lock-in”.

On the other hand, iPadOS is clearly more of a marketing distinction than a technical one. It’s iOS under the hood, so I doubt it’ll be much trouble for Apple to apply its DMA compliance features from iOS to iPadOS. I would have been surprised if the EC had not decided to designate iPadOS a “gatekeeping” platform, and I’m guessing Apple itself is unsurprised as well.

See also: Jeff Johnson.

Previously:

Swift Proposal: Synchronous Mutual Exclusion Lock

SE-0433:

Not all code may be able (or want) to adopt actors. Reasons for this can be very varied, for example code may have to execute synchronously without any potential for other tasks interleaving with it. Or the async effect introduced on methods may prevent legacy code which cannot use Swift Concurrency from interacting with the protected state.

[…]

We propose a new type in the Standard Library Synchronization module: Mutex. This type will be a wrapper over a platform-specific mutex primitive, along with a user-defined mutable state to protect.

[…]

Mutex will be decorated with the @_staticExclusiveOnly attribute, meaning you will not be able to declare a variable of type Mutex as var. These are the same restrictions imposed on the recently accepted Atomic and AtomicLazyReference types. […] We do not want to introduce dynamic exclusivity checking when accessing a value of Mutex as a class stored property for instance.

[…]

Mutex is unconditionally Sendable regardless of the value it's protecting. We can ensure the safetyness of this value due to the transferring marked parameters of both the initializer and the closure inout argument.

On Apple platforms, this is based on os_unfair_lock, which is a bit tricky to directly use from Swift because you have to manage the memory for the lock yourself to prevent Swift from moving it. macOS 13 brought OSAllocatedUnfairLock, which is Apple’s implementation that handles this for you. Mutex is better still because it doesn’t need to allocate a separate block of memory for the lock.

Gwendal Roué:

My experience with Swift Concurrency might be somewhat particular.

[…]

And I’m not sure I’ll replace DispatchQueues with any Swift concurrency constructs any time soon, because a demanding user of SQLite won’t accept to be limited to strictly serialized accesses. SQLite supports concurrent database accesses, including parallel reads and writes. Indeed databases support concurrency in a way that is almost never found in any memory-based synchronization primitive: actors, mutexes, read-write locks are all too limited.

Final nail in the coffin: a demanding SQLite user expects to be able to perform synchronous database accesses at will (i.e. when needed) – just like the regular C API – without any risk of concurrency bugs. There’s currently no Swift concurrency construct that allows both sync and async accesses.

Kyle Howells:

I can’t help feeling Swift’s async, Actor, isolation system is a mistake.

Rather than making the safe thing the default, even if a bit slow, and making a slightly awkward API for a “fast mode” it makes most code think about async isolation most of the time.

Previously:

Losing Screen Time Settings

Craig Grannell:

Needed to turn off Screen Time temporarily. Apple: “bollocks to you, then”. Infers the set-up is wiped and has me start from scratch. I go through the set-up, and it merges the new one with what was already there. But the block set-ups have been randomly wiped.

[…]

It’s astonishing that this is the way things work. Because you cannot sign out a child’s device from iCloud without first disabling Screen Time. Which means when you sign that device back in, Screen Time is off and you have to set it up again.

That’s mad. It also suggests sufficiently senior people at Apple don’t have kids, don’t look after their kids, or don’t care about how much screen time their kids have on Apple devices.

And, kids aside, it’s sometimes necessary to sign out of iCloud for troubleshooting purposes. This should not discard any data.

My understanding is that the Mac version of Screen Time still counts time for apps that are in the background. I guess that makes sense in that otherwise it would be trivial to work around the limits for certain apps. But it makes the reports not very informative. Were you spending hours texting? Or did you leave a Messages window open because interacting with Messages notifications doesn’t work very well and you don’t want to keep quitting and relaunching the app?

Previously:

Update (2024-05-01): Kaveh:

Screen Time, and especially the use case of Screen Time with your kids, is woefully inadequate and buggy to boot. So much light needs to be shined on this spot because I’m convinced that Apple doesn’t care enough to fix it.

Simple use case: block an app with a time limit of 0 minutes (so you can unlock it for kid later). Most Apple reps intuitively tell me you can and proceed to try to show me how to do it, only to remove their own foot from their mouth in about 10 minutes.

Table-stakes type parental controls just aren’t well thought out nor are they robust.

Jesse Squires:

this happened to me when upgrading to a new iPhone. I did the direct device-to-device transfer. For some reason ScreenTime settings were lost.

It took me weeks to notice, and then I learned that app time limits really do help me limit my time.

Update (2024-05-03): Cory Birdsong:

it’s also incredible that Screen Time just straight up doesn’t exist on tvOS.

Craig Grannell:

Too often, the result is a stalemate, with me wanting my kid to stop on the iPad nicely (or risk not having it the next day), and her figuring out the absolute limit of what she can get away with. (For the record: she is a fantastic kid and very well behaved on the whole, but she is also a kid. Any parent reading will know exactly what I mean.) And there have been times when I’ve just had to yank the iPad away.

A lot of this could be resolved with a remote off switch that can be activated immediately, when a line is crossed. Ideally, this would be presented in Screen Time as a massive red button. The Nintendo Switch has this (well, the remote off switch – not the red button), but Apple has determined one is not needed. It really is.

Update (2024-05-07): Josh Hrach:

Screen Time is terrible. I have it enabled to keep my kids safe. But it also ignores the actual settings, especially to allow my son to play multiplayer games. So he can’t even play games with our family because the content restrictions are broken. Been dealing with this for 3 years (with multiple radars filed and hours spent talking to senior advisors).

Hearing for Apple Violating Epic’s Injunction

games fray (PDF, via Michael Love):

Judge Yvonne Gonzalez Rogers of the United States District Court for the Northern District of California, who presided over the 2021 Epic v. Apple trial and made the ruling in question, has now reached the preliminary conclusion that Apple is presently out of compliance with the injunction, which could (if not resolved) result in contempt-of-court sanctions. Instead of holding only a short hearing on the matter which was scheduled for April 30, 2024, Judge Gonzalez Rogers has now scheduled a three-day evidentiary hearing for May 8, 10 and 17 in Oakland, California.

[…]

The hearing will serve the purpose of looking at what requirements Apple imposes on app makers, such as by looking at the sequence and appearance of on-screen messages and required user interface actions, and to discuss the commission Apple imposes on purchases made within seven days of clicking on an in-app link. It is possible that Apple will make some adjustments, but at this point the most likely next step is that Judge Gonzalez Rogers will, with or without further measures taken by Apple, hold Apple in civil contempt, and Apple will appeal her decision to the Ninth Circuit.

[…]

“[…] the Court FINDS that Epic Games has made a sufficient preliminary showing that, viewed holistically, Apple’s practice changes undermine the spirit of the injunction by limiting competition, impeding the free flow of information, and constraining user choice.”

Previously:

Update (2024-05-08): Michael Love:

Apple has gotten a total of 38 applications for external link entitlements since January.

[…]

Some pushback from judge on the fact that this is a hyperlink with a website URL and Apple is nevertheless insisting on putting up an alert about it.

[…]

Apple also insisting that nobody reading the screen is going to think that Apple is warning that outside purchases are less safe, which the judge is exceedingly skeptical of.

[…]

And now we’re juxtaposing the Apple HIGs with the requirement that the external purchase link be a meek little un-bordered button, which is great fun.

Judge asking for a logical reason why external purchase link buttons should be less prominent and App Store head can’t think of one.

Also, she keeps asking about discussions and he has to ‘not remember’ because he can’t admit that he was sitting in a meeting where they decided to do this deliberately and yet also is steering clear of perjuring himself.

Update (2024-05-10): Sarah Jeong (Hacker News):

But this interjection, from Judge Rogers, doesn’t look good for Apple:

I can’t imagine a logical reason why Apple would demand that of competitor apps. What’s a logical competitive reason, not for suggesting it, but demanding it? … Other than to stifle competition, I see no other answer. Can you give me one?

Google Lays Off Python Team

Sarah Perez (Reddit):

Ahead of Google’s annual I/O developer conference in May, the tech giant has laid off staff across key teams like Flutter, Dart, Python and others, according to reports from affected employees shared on social media.

zem:

in addition to contributing to upstream python, we

  • maintained a stable version of python within google, and made sure that everything in the monorepo worked with it. in my time on the team we moved from 2.7 to 3.6, then incrementally to 3.11, each update taking months to over a year because the rule at google is if you check any code in, you are responsible for every single breakage it causes
  • maintained tools to keep thousands of third party packages constantly updated from their open source versions, with patch queues for the ones that needed google-specific changes
  • had highly customised versions of tools like pylint and black, targeted to google’s style guide and overall codebase

[…]

we also acted as a help desk of sorts for python users at google, helping troubleshoot tricky issues, and point newcomers in the right direction. plus we worked with a lot of other teams, including the machine learning and AI teams, the colaboratory and IDE teams, teams like protobuf that integrated with and generated python bindings, teams like google cloud who wanted to offer python runtimes to their customers, teams like youtube who had an unusually large system built in python and needed to do extraordinary things to keep it performant and maintainable.

It seems like important work and that this team’s experience will be hard to replace.

HT News Desk (via Hacker News):

The company plans to set up a new team in Munich, Germany which would act as “cheaper” labour, the report claimed.

[…]

The US Python team reportedly had less than ten members and managed most parts of Google’s Python ecosystem, stability of Python at Google, updated with thousands of third-party packages and developed a type-checker.

Thomas Wouters (via Hacker News):

It’s a tough day when everyone you work with directly, including your manager, is laid off -- excuse me, “had their roles reduced”, and you’re asked to onboard their replacements, people told to take those very same roles just in a different country who are not any happier about it.

Previously:

Update (2024-05-03): Jennifer Elias (via Hacker News):

Just ahead of its blowout first-quarter earnings report on April 25, Google laid off at least 200 employees from its “Core” teams, in a reorganization that will include moving some roles to India and Mexico, CNBC has learned.

The Core unit is responsible for building the technical foundation behind the company’s flagship products and for protecting users’ online safety, according to Google’s website. Core teams include key technical units from information technology, its Python developer team, technical infrastructure, security foundation, app platforms, core developers, and various engineering roles.

Dare Obasanjo:

Treating core IT infrastructure teams as a cost center you outsource to cheaper countries is what you expect from IBM or a dying bricks and mortar business not a big tech that made $23.6 billion in profit last quarter

John Nack:

That was the final resting place of the staff of Nik Software, a $200m+ acquisition of world-class imaging talent that Google relocated (specifically to induce attrition) and then reassigned to <checks notes> Roomcycler. 😑🔫

Friday, April 26, 2024

Janky Apple ID Security

I had another instance of my Apple ID mysteriously being locked. First, my iPhone wanted me to enter the password again, which I thought was the “normal” thing it has done every few months, almost since I got it. But after doing so it said that my account was locked.

Unlocking the account would require a 1-hour Security Delay, it said, because I had Stolen Device Protection enabled, and I was not at one of my familiar locations. I was at home. But I went to Settings ‣ Privacy & Security ‣ Location Services ‣ System Services ‣ Significant Locations to check, and for some reason the only location in the list was the grocery store that I go to once every two weeks. It didn’t figure out the location of the home/office where the phone spends nearly all its time and which is identified as Home in Apple Maps, Contacts, and Find My.

So I went to my Mac, where there was no delay to unlock the account. However, unlocking didn’t work. It had me enter the password, texted a code to my phone, and then wanted me to enter the password again, but the sheet was broken. I typed the password and clicked Sign In, and the button stayed grayed out, showed a spinner, and then stopped, but it neither accepted the password nor showed an error. It just got stuck with Sign In disabled. Isn’t the new System Settings great?

(Several of the other Apple ID–related sheets have odd layouts and non-standard behavior. If I were not already familiar with this being the unfortunate status quo, I might worry whether they were fake UI trying to phish me.)

(The iPhone version of System Settings also got stuck in a weird state, where the Apple ID Suggestions screen was showing a spinner and a Continue button that didn’t work. And the whole app was inset with a black border around it. I had to force-quit it. And then it got stuck again the same way.)

The only thing to do was to click Cancel to get out of the sheet. Both of my devices kept popping up alerts about signing in to my Apple ID, and I still didn’t want to wait an hour, so I quit System Settings and relaunched it. I followed the exact same procedure as before to unlock my account, but this time it let me do so using my Mac’s password instead of sending a code to the iPhone. And this time the final sheet asking for my Apple ID password worked.

The good news is that the phone automatically unlocked and made the Apple ID services available again. I didn’t have to enter the new password there.

The bad news is that I had to choose another new password for this account. And everything about this process made me feel less secure. If Stolen Device Protection doesn’t work properly, is it going to cause me real trouble sometime? Maybe I should just turn it off. Is there any way I can run my devices without them relying on my Apple ID? Alas, I don’t think so.

(I have another Apple ID that I use on my test Macs, and for some reason it needs to be unlocked every time I use it to sign in to a new installation. I’ve never been asked to reset its password, though.)

Previously:

Update (2024-04-26): Dave Wood:

WTF #Apple. I’m minding my own business, and get an alert on my watch & phone. “Sign in with your AppleID”. Ok, why? I enter my password anyway. Then: Locked out. WTF? Then worse. I can’t unlock my account for an hour because I’m not at a familiar location. I’m home. Where I rarely leave. If my home isn’t familiar, where the hell is?

Vini Barauna:

Same exact thing happened to my wife’s account earlier today.

Adam Chandler:

Both of my apple IDs just got locked and hour ago. Passwords were over 2 years old so okay, that’s probably for the best but I changed the first one while taking off from Atlanta and then when I landed in charlotte, my other one also wanted to be changed. Did it on iPad since the lock was active on my iPhone. I have 2 Mac’s at home that will need to be updated to the new passcode when I get home. I thought it’s just because I was out of the country and Apple flagged both.

nickf:

Not 20 minutes after reading your article the same thing happened to me, including having to set a new password. Weird!

Although I was at home and Stolen Device Protection did recognise that.

Simon Harris:

This happened to me less than 10 minutes ago

nutbunnies:

I also had this happen to me tonight. Probably a silent forced password reset for an intrusion or something

Jonathan Wight:

Xcodes is causing serious problems with my AppleID (apple keeps locking it for “security reasons”).

Mike Cohen:

The same thing happened to me and I wasn’t using Xcode. A few people got password reset requests this afternoon

Marc:

Same things here, and it also wiped out my application specific passwords which caused problems with several apps.

Nic Lake:

Same boat. Watch, then iPhone, Mac, and Apple TV all did this. I spoke to a chat agent about it, and they wouldn’t tell me what happened, only that “sometimes random security improvements are added to your account”.

leo:

Happened to me this afternoon

Thomas Vander Wal:

I got this on an old iPad used for listening to podcasts in the kitchen about 8pm, then all devices were locked. Only after many attempts I got my MBP connected and the iCloud pw reset. Then I could start getting all other devices unlocked with the new password.

It felt more like a hack than something Apple intended.

Tom Bridge:

Anyone else have their Apple ID locked tonight randomly? I had to re-login on all my devices after a password change and a reset of all my app-specific passwords...

Chance Miller:

Apple’s System Status webpage doesn’t indicate that any of its services are having issues this evening. Still, it’s clear based on social media reports that something wonky is going on behind the scenes at Apple.

Update (2024-04-27): See also:

I had to generate a new app-specific password and add it to Fantastical before it could sync.

Although my iPhone didn’t ask for the new Apple ID password, iMessage silently failed to work. It never asked me to log in again; it just stopped receiving new messages. I toggled it off and then on again, and then it started working for new messages, but the ones sent in the interim never synced down from iCloud.

My secondary Mac did ask me to enter the new Apple ID password. It also silently stopped receiving new iMessages until I launched the Messages app, at which point it did prompt me to log in. It also never synced up the messages received while it was logged out.

Giuseppe Carlino:

same here with the significant locations messed up.

Carlo Zottmann:

My iPhone’s “Significant Locations” aren’t that. Apparently I live in the woods 2km from my actual home, and the fact that I can’t get more details about the other 100s of location records it saved isn’t building confidence

Brent:

Happened to me last night also. Had to create new password and enter new one on every device. The watch was the worst because the iPhone keyboard doesn’t allow password manager fill and had to get another device view and key on iPhone. Didn’t work after 3 attempts so I canceled out. Went back in to Settings on watch and I was logged in. Overall, took at least 1 hour to complete for all devices. And the initial unlock/reset took at least 3 attempts. Not a warm, fuzzy experience.

John Gruber:

I just checked on my own iPhone, and the only two “Significant Locations” listed in Settings → Privacy & Security → Location Services → System Services → Significant Locations are “Work” and my favorite (and truly oft-visited) grocery store. But the “Work” location is centered three entire city blocks (~0.2 miles) from my home, which leaves my home just outside the radius that counts as that location. Luckily I wasn’t hit by this account lockout, but this also reassures me that I’m right to not yet have enabled Stolen Device Protection.

Update (2024-04-28): Nick Heer:

It is unclear to me if it is affecting only accounts associated in some way with a developer Apple ID. Neither of my Apple IDs — both of which are connected to developer tools — were affected by this problem.

This problem is about eighteen hours old. It would be useful if Apple said literally anything useful to acknowledge the issue.

I do not use my regular Apple ID with the developers tools, and my developer Apple ID did not need to be unlocked.

Pierre Igot:

When your iCloud/Apple ID starts acting up in weird ways, throwing you in a Kafkaesque loop with a “locked” account and a password reset process that ends in a useless “try again later” error message, while System Status remains solidly green for all Apple services, don’t bother calling Apple about it. Even they don’t know what’s going on. Wait until the next morning, and try again, and find that somehow this time the password reset actually works.

Francisco Tolmasky:

I checked my “Significant Locations” and all it has is a water park we went to for the first time in my life last weekend. Not my home that I literally spend 90% of my time in and is marked as My Home in Apple Maps.

Joe Cieplinski:

Okay. Being forced to change passwords for no reason on about a thousand devices is bad enough. Now it won’t even accept my new password when trying to generate the dozens of app-specific passwords I need.

Ryan Jones:

I got hit by the Apple ID bug last night. And the poor copy and layouts also had me considering my entire machine had be hacked. It was a mess.

Ryan Jones:

Oh christ, the Apple ID reset borked my Apple Wallet.

I need to verify (?) my cards again, of which there is no button or method. And how does one even verify Apple Cash card?

[…]

Oh great, Family Sharing was turned off and errors out.

Name and Photo Sharing too. Just gone. (Even after reboot.)

Aaaaand iMessage it out of sync between devices.

Update (2024-04-29): I continue to see new reports from people encountering this, as well as reports that Apple Support continues to tell customers that there is no widespread issue. It’s disappointing that new people were still encountering the problem at least two days later and that Apple has yet to post anything on its System Status page or provide any information at all.

I decided to disable Stolen Device Protection on my iPhone, which was at home, and iOS said there would be a one-hour security delay because I was not at a familiar location. 🤦‍♂️ It said I would get a notification when the delay ended. Several hours later, the notification never came, and Stolen Device Protection is still enabled. 🤦‍♂️ I am now more determined than ever to turn it off because I do not trust that the delay works properly. I went back to the grocery store, but now that is no longer listed as a Significant Location. The only location it now shows is a gym that I rarely go to and which I last visited less recently than the grocery store. 🤦‍♂️ However, it did let me turn off Stolen Device Protection when I got home, so maybe the delay works and it’s only the notification that’s broken.

Dave Wood:

I checked what my iPhone considers my significant locations. It’s disabled! So I have no significant locations. How does the system let me enable Stolen Device Protection without it turning on significant locations?

Adam Chandler:

and my AppleID is locked again. So many horror stories with iCloud locks that this is the most careful I am resetting a password ever.

David Owens II:

Password not working for my Apple ID, ok.

Try to reset, but since that’s not the “iCloud” account synced to my device but the store account, none of my “signed in devices” get notifications.

So now I have to wait three more days until I get a text to my number to reset it…

Kirk McElhearn:

Significant Locations shows 55 records on my iPhone, but it only shows one recent location. There’s no way to tell the iPhone which locations you want to consider significant, such as your home or work location, so if you have Stolen Device Protection on, you’re at the whim of Apple’s location services.

I’m not sure what’s going on here, as I’ve seen screenshots from others showing multiple locations. My iPhone shows only one.

This event points out one of the risks of depending on an Apple ID. As more people depend on iCloud, getting locked out of your Apple ID can have devastating consequences. You cannot use iCloud email, IMessage, or FaceTime without this account. You cannot access personal or even work documents if you store them on iCloud. And you cannot use third-party apps that depend on iCloud, such as a calendar or contacts app.

Since an e-mail address can be necessary to access accounts (for verification or if the password needs to be reset), I think it’s a bad idea to to use an iCloud address as the login for any important accounts. This also makes me think twice about using Apple Passwords as my authenticator (actual passwords are in PasswordWallet). Hopefully, I would still be able to use the authenticator if my account were locked because the information would be locally cached. But we all know that iCloud tends to discard cached data for seemingly no reason.

Given the scope of this issue, Apple should explain what happened. Many users were worried that someone had accessed their accounts and rushed to reset their passwords, thinking that their data could be stolen. It’s unclear how many users were affected, but users in many countries had this password reset, and some people even reported this problem occurring as late as Sunday. At the time of this writing, on Monday, April 29, Apple has said nothing.

Pierre Igot:

As usual, Apple screwed up, and as usual, instead of owning up to it, they are just pretending to themselves that it never happened.

In other words, Apple are being their usual arrogant selves, at the expense of their users.

Update (2024-05-01): Pierre Igot:

BTW, unsurprisingly, search for “significant” in Settings in #iOS returns… ∅. “Significant Locations” is actually under Privacy & Security › Location Services › System Services.

[…]

Whatever they might write, a search for it (“significant” or “familiar”) in System Settings in #iOS still returns zilch.

See also: Adam Engst.

Update (2024-05-03): Warner Crocker:

Apple (hell all companies because every company is online and subject to hacks) owe users open communication at the very least. Equally as important, Apple owes its own tech support personnel open and better communication on these problems.

[…]

I won’t go into a blow by blow account with my iCloud Migraine issues. You can find those specifics in blog posts here, here, here, and here. That said, having to re-log into Messages after this event leads me to continue to believe that Apple has deeply rooted issues with iCloud. I’ve been fighting these issues (and Apple) for well over a year.

Update (2024-05-07): Pierre Igot:

Latest chapter in the fallout from Great Apple ID Password Reset of April 2024: Yesterday, I tried to send a message from my mac.com email address, which is my Apple ID, using Apple’s servers, in MailMate. Because Apple BARELY supports (very begrudgingly) third-party mail clients, you need to define not one, but TWO app-specific passwords for MailMate, one for receiving mail and one for sending mail.

[…]

The site… asks me to log in again. (I just did!) Fine. THEN it asks me to… confirm my Apple ID password. I then enter my NEW password (the one I reset last week), and… it tells me it’s the wrong password! I try again and again and… same thing.

So I log out altogether on the Apple ID web page and start from scratch, this time logging in with my Apple ID and the (same) new password (instead of the passkey). It works (wait, didn’t you just say the password was wrong?), but… now Apple says my account has been locked again!

Update (2024-05-09): Andrew Escobar:

Apple ID is either broken or being updated ahead of WWDC.

All my app-specific passwords were wiped when my account was locked on April 24[…] and I still can’t set new ones.

I’m concerned Apple hasn’t even acknowledged the Apple ID indecent on Friday, April 26.

Thursday, April 25, 2024

FTC Bans Noncompetes

FTC (tweet, Hacker News):

Today, the Federal Trade Commission issued a final rule to promote competition by banning noncompetes nationwide, protecting the fundamental freedom of workers to change jobs, increasing innovation, and fostering new business formation.

[…]

The FTC estimates that the final rule banning noncompetes will lead to new business formation growing by 2.7% per year, resulting in more than 8,500 additional new businesses created each year. The final rule is expected to result in higher earnings for workers, with estimated earnings increasing for the average worker by an additional $524 per year, and it is expected to lower health care costs by up to $194 billion over the next decade. In addition, the final rule is expected to help drive innovation, leading to an estimated average increase of 17,000 to 29,000 more patents each year for the next 10 years under the final rule.

As with network neutrality, this is probably something the courts or Congress should have handled, but it seems like a good protection for those of us living outside Silicon Valley.

John Gruber:

As I wrote a year ago, I used to think that noncompete agreements (“agreements”?) were mainly a thing in the tech industry. But their use became so rampant that even sandwich shop chains were requiring them.

Gergely Orosz:

Noncompetes are now banned: not just in California (like before), but nationwide. Very, very relevant for anyone at Amazon (which is the Big Tech that has enforced noncompetes even for low-level engineering positions).

Brian Hall:

Some people might know that Amazon sued me after I had left AWS and later went to Google Cloud. I cannot be happier to see the FTC ruling to ban non-competes in the US. “Noncompete clauses violate a 110-year-old law that prohibits unfair methods of competition, the FTC says.”

Mike Masnick:

The FTC has come out with a very good and important policy ruling, but I’m not sure it has the authority to do so. The legal challenge (that was filed basically seconds after the rule came out) could do way more damage not just to some fundamental parts of the administrative state, but to the very underlying policy that the FTC is trying to enact: protecting the rights of workers to switch jobs and not be effectively tied to an employer in modern-day indentured servitude with no realistic ability to leave.

All the way back in 2007, I wrote about how non-competes were the DRM of human capital. They were an artificial manner of restricting a basic freedom, and one that served no real purpose other than to make everything worse. As I discussed in that post, multiple studies done over the previous couple of decades had more or less shown that non-competes are a tremendous drag on innovation, to the point that some argue (strongly, with data) that Silicon Valley would not be Silicon Valley if not for the fact that California has deemed non-competes unenforceable.

[…]

The rule is 570 pages long, with much of it trying to make the argument for why the FTC actually has this authority. And all those arguments are going to be put to the test. Very shortly after the new rule dropped (long before anyone could have possibly read the 570 pages), a Texas-based tax services company, Ryan LLC, filed a lawsuit.

Previously:

FCC Reinstates Network Neutrality

Jon Brodkin (Hacker News, Slashdot):

The Federal Communications Commission voted 3–2 to impose net neutrality rules today, restoring the common-carrier regulatory framework enforced during the Obama era and then abandoned while Trump was president.

The rules prohibit Internet service providers from blocking and throttling lawful content and ban paid prioritization.

[…]

The court battle against the FCC will center on whether the commission can define broadband as a telecommunications service, a necessary step for imposing Title II common-carrier regulations.

[…]

“Congress never passed a law saying the Internet should be heavily regulated like a utility, nor did it pass one giving the FCC the authority to make that determination. The executive branch pressured the agency into claiming a power that remained, and remains, with the legislative branch,” [Brendan] Carr said.

I don’t recall that argument going anywhere before. Congress seems unlikely to clarify its intent, so maybe this seesaws back and forth depending on who controls the FCC.

Previously:

Update (2024-04-26): See also: Cecilia Kang (via Hacker News).

Update (2024-04-29): Nick Heer:

Bode has, for years, covered the effort to paint the reversal of net neutrality rules as inconsequential. Contrary to popular belief, the reclassification to a Title I service produced plenty of ill effects. Part of the problem was in mainstream coverage of what the rules meant and, similarly, in what their 2018 undoing would entail.

Alexa Copyright Violations

Lindsay Clark (via Hacker News):

According to Ghaderi’s account in the complaint, she returned to work after giving birth in January 2023, inheriting a large language model project. Part of her role was flagging violations of Amazon’s internal copyright policies and escalating these concerns to the in-house legal team. In March 2023, the filing claims, her team director, Andrey Styskin, challenged Ghaderi to understand why Amazon was not meeting its goals on Alexa search quality.

The filing alleges she met with a representative from the legal department to explain her concerns and the tension they posed with the “direction she had received from upper management, which advised her to violate the direction from legal.”

According to the complaint, Styskin rejected Ghaderi’s concerns, allegedly telling her to ignore copyright policies to improve the results. Referring to rival AI companies, the filing alleges he said: “Everyone else is doing it.”

Previously:

Wednesday, April 24, 2024

TikTok Ban

Demetri Sevastopulo and James Fontanella-Khan (2020, Hacker News, CNBC):

TikTok will be removed from US app stores from midnight on Sunday as Washington implements executive orders from President Donald Trump that also target WeChat, a Chinese social media app.

[…]

Oracle and ByteDance have submitted a proposal that would spin out TikTok’s global business into a new US company that would have an all-American board and a security committee headed by someone with government security clearances. The new company would initially be majority owned by ByteDance, but would seek to list publicly in the US.

John Gruber:

Be careful of headlines along the lines of “U.S. bans TikTok” — right now it’s just new downloads that will be banned, not use of the app if already downloaded.

Nick Heer:

The theoretical security risks of apps involved in what Secretary of Commerce Wilbur Ross calls “China’s civil-military fusion” are hazy but plausible. These restrictions only apply to TikTok and WeChat, not all apps with Chinese origin. Furthermore, WeChat is effectively the default digital layer for many in China, so it is an essential app for Americans staying in touch.

[…]

I get why China’s state-connected businesses are worrying for some Americans, but this order does almost nothing to alleviate those concerns.

LibertyRPF:

“ByteDance says it will not transfer algorithm and technology to Oracle as part of TikTok deal” (So it truly is just a cloud hosting deal... so much for national security)

Nick Heer:

At any rate, the TikTok partial sale of unknown structure is still being vetted as of Monday, contrary to the president’s position on Saturday, but it has all of the trappings of a Potemkin arrangement.

Edvard Pettersson (via Hacker News, 3, BBC):

The Trump administration’s curbs on WeChat were put on hold by a judge, upending an effort to halt use of the Chinese-owned app in the U.S.

Tim Hardwick:

U.S. President Joe Biden has withdrawn a series of executive orders from his predecessor Donald Trump banning Chinese apps TikTok and WeChat in the United States.

Casey Newton (Slashdot):

At a hearing in front of the US Senate’s Committee on Homeland Security and Governmental Affairs, TikTok COO Vanessa Pappas faced stern questioning from lawmakers. They had pointed questions about the company’s relationship with its parent, with the Chinese government, and the potential for Americans’ data to be misused. And while on one level it was simply the latest chance for our Senate to grandstand about the tech industry while doing nothing to regulate it, the hearing also showcased the growing momentum to take more definitive action against the company.

[…]

TikTok’s task is impossible because to earn the senators’ trust fully, it must prove a negative: that China has never sought to use the app for influence operations or surveillance purposes, never will, and never could even if it tried. The company swears up and down that nothing of the sort could ever take place.

Nick Heer:

The main thing I am left wondering after reading this New York Times story about a forthcoming deal to resolve U.S. national security concerns is whether anything will be enough to satisfy the biggest TikTok hawks. I can already see the complaints of any agreement not being enough, speculation of the existence of a back door, and general distrust of TikTok.

Brandon Vigliarolo (2022, Hacker News):

TikTok has been accused of preparing to keep covert tabs on the physical whereabouts of certain US citizens using its app.

Bruce Schneier (2023):

Congress is currently debating bills that would ban TikTok in the United States. We are here as technologists to tell you that this is a terrible idea and the side effects would be intolerable. Details matter. There are several ways Congress might ban TikTok, each with different efficacies and side effects. In the end, all the effective ones would destroy the free Internet as we know it.

There’s no doubt that TikTok and ByteDance, the company that owns it, are shady. They, like most large corporations in China, operate at the pleasure of the Chinese government. They collect extreme levels of information about users. But they’re not alone: Many apps you use do the same, including Facebook and Instagram, along with seemingly innocuous apps that have no need for the data. Your data is bought and sold by data brokers you’ve never heard of who have few scruples about where the data ends up. They have digital dossiers on most people in the United States.

If we want to address the real problem, we need to enact serious privacy laws, not security theater, to stop our data from being collected, analyzed, and sold—by anyone. Such laws would protect us in the long term, and not just from the app of the week.

Mike Masnick:

The end result of this might well be that ByteDance divests of TikTok, but we should be clear: the threat, and any potential block, would be a clear, blatant, dangerous violation of the 1st Amendment.

We already know this, from back when former President Trump tried the same damn thing and (rather sloppily) tried to ban both TikTok and WeChat in the US. We called it unconstitutional at the time, and the courts agreed. There were a bunch of lawsuits, and none of them went well.

[…]

Banning TikTok won’t solve the issue of any potential privacy violations. As we’ve noted over and over and over again, the supposed data that TikTok is “collecting” on its users is available from basically anywhere to basically anyone with a few bucks. Want to fix that? Pass a real privacy law.

Paul Matzko:

FB hired a consulting megafirm to astroturf letters to the editor at 100s of newspapers to hype up a TikTok moral panic. The goal? “Dream would be to get stories with headlines like ‘From dances to danger.’” It’s targeted misinformation on a massive scale.

Nick Heer:

It was very clear, from the outset, that most committee members were not much interested in investigating, but were instead trying to justify a forthcoming likely vote to ban TikTok from the United States.

Yoel Roth (Mastodon):

The basic gist of Project Texas, Lawfare reported earlier this year, is that TikTok will stand up a new US-based subsidiary named TikTok US Data Security (USDS) to house business functions that touch US user data, or which could be sensitive from a national security perspective (like content moderation functions impacting Americans). Along with giving the government the right to conduct background checks on potential USDS hires (and block those hires from happening!), TikTok committed as part of Project Texas to host all US-based traffic on Oracle-managed servers, with strict and audited limits on how US data could travel to non-US-based parts of the company’s infrastructure. Needless to say, Oracle stands to make a considerable amount of money from the whole arrangement.

Yesterday’s appearance by TikTok CEO Shou Zi Chew before the House Energy and Commerce Committee shows that even those steps, and the $1.5 billion TikTok are reported to have spent standing up USDS, may prove to be inadequate to stave off the pitchfork mob calling for TikTok’s expulsion from the US. The chair of the committee, Representative Cathy Rodgers of Washington, didn’t mince words in her opening statement, telling Chew, “Your platform should be banned.”

Even as I believe at least some of the single-minded focus on TikTok is a moral panic driven by xenophobia, not hard evidence, I share many of the national security concerns raised about the app.

[…]

The problem is that solutions like Project Texas, and a single-minded focus on China, may end up having the counterproductive result of making the app less resilient to malign influence campaigns targeting the service’s 1.5 billion users around the world.

Michael Love:

One of the big problems with the argument that TikTok can’t be trusted because its executives have to take orders from the CCP is that it naively assumes that Tim Cook does not also have to take orders from the CCP.

Jenny Feng (via Hacker News):

Although Beijing’s opposition to a forced sale of TikTok hasn’t gone beyond words, Chinese internet users seem to have plenty of suggestions as to how China can interfere. “Can we ban iPhone in retaliation?” a Douyin user commented, while another one remarked, “Don’t forget a bunch of American companies like Apple, Tesla, and Microsoft all have businesses in China. We haven’t shown all the cards in our hand yet.”

Adi Robertson (via Hacker News):

It’s hard to describe how strange it feels to sit in New York City in 2023 watching American politicians propose fighting Chinese authoritarianism with their own social media ban.

[…]

Banning TikTok is not, as lawmakers claimed in the hearing, a sign that we’re about to get real tech reform. It will almost certainly be a PR move that lets some of the same politicians who profess outrage at TikTok get back to letting everyone from Comcast to the DMV sell your personal information, looking the other way while cops buy records of your movements or arrest you using faulty facial recognition and getting mad you’re allowed to have encryption that prevents the FBI (and probably also foreign governments) from hacking your phone. And it will be a PR move that betrays America’s supposed commitment to free expression in the face of an increasingly splintered internet — born out of a failure to think bigger than one disfavored app.

It’s almost impossible to tell how grounded the national security concerns about TikTok are in solid evidence.

Breaking Points (via Hacker News):

TikTok Ban Bill Is PATRIOT ACT 2.0 Trojan Horse

David Pogue:

TikTok is the most popular app in the United States. 150 million Americans – almost half the population – use it every month. The app offers an endless, scrolling wonderland of humor, music, dancing, tips, opinion and information – short videos posted by fellow TikTok fans, and all delivered to you according to your interests. And for about five million businesses, TikTok is also a marketing tool.

[…]

Milton Mueller, a professor of cybersecurity and public policy at Georgia Tech, studied the theory that TikTok’s algorithms attempt to influence ideology. He said, “There’s absolutely no indication that this is in some way manipulated or controlled by the Chinese Communist Party. We just found that to be a complete fabrication. You can find information about Uyghur repression, you can find information that ridicules Xi Jinping. It’s all there.”

[…]

So, sell TikTok, or ban it? Selling it might be impossible – though worth a lot, the Chinese Communist Party may object to a sale. As for banning TikTok, Mueller said, “There’s probably a 90% chance that that would be ruled unconstitutional [because of] the First Amendment. You’re banning an information source, you’re banning a publication. I have to emphasize this: if you ban TikTok, it’s not the Chinese Government that would be silenced; it’s the 150 million American users of the app. Those are the ones whose free speech rights would be violated by a ban.”

David Shepardson (via Hacker News):

Montana Governor Greg Gianforte on Wednesday signed legislation to ban Chinese-owned TikTok from operating in the state to protect residents from alleged intelligence gathering by China, making it the first U.S. state to ban the popular short video app.

Montana will make it unlawful for Google and Apple’s app stores to offer TikTok within the state, but will not impose any penalties on individuals using the app.

John Gruber:

Putting aside the fact that Montana is a small state (44th in population, 1.1 million people), it just doesn’t seem feasible to ban TikTok at the state level. Even if this goes into law and Apple and Google comply, Montanans can just cross state lines to download it.

[…]

I do think the U.S. should ban TikTok nationwide. But it seems futile — silly even — for states to do it piecemeal.

Dan Whateley and Ashley Rodriguez (via Hacker News):

An explosive new lawsuit claims TikTok’s owner built a ‘backdoor’ the CCP could exploit

Alexandra S. Levine (via John Gruber):

TikTok has stored the most sensitive financial data of its biggest stars — including those in its “Creator Fund” — on servers in China. Earlier this year, CEO Shou Chew told Congress “American data has always been stored in Virginia and Singapore.”

Makena Kelly:

New York City is banning TikTok from city-owned devices and requiring agencies to remove the app within the next 30 days.

Dan Milmo (via Hacker News):

TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view.

The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.

Gavin Bade (via Hacker News):

Fast forward to the fall and little has changed. Biden’s national security review of the app is still frozen by legal concerns and Congress’ headline TikTok bill — the RESTRICT Act — is stuck in the mud despite backing from senior members of both parties. In an effort to break the logjam, the administration is now throwing its support behind alternative legislation that has yet to be released.

Alexandra Sternlicht (2024, via John Gruber):

Some ex-TikTok employees say the social media service worked closely with its China-based parent despite claims of independence

Sahil Kapur and Kyle Stewart (via Hacker News):

The House also voted Saturday to force TikTok’s parent company to sell it or be banned in the U.S. According to the bill, China-based ByteDance would have to sell TikTok within nine months — which the president could extend to a year — or face a nationwide ban. The policy, which would lengthen the time frame for a sale from an earlier House bill, has Senate buy-in along with Biden’s support, putting TikTok closer than ever to being banned in the U.S.

Cristiano Lima-Strong (via John Gruber):

Congress late Tuesday passed legislation to ban or force a sale of TikTok, delivering a historic rebuke of the video-sharing platform’s Chinese ownership after years of failed attempts to tackle the app’s alleged national security risks.

The Senate approved the measure 79 to 18 as part of a sprawling package offering aid to Israel, Ukraine and Taiwan[…]

Lauren Feiner (Hacker News, MacRumors):

It now heads to President Joe Biden, who already committed to signing the TikTok legislation should it make it through both chambers of Congress.

[…]

Warner added that TikTok’s earlier proposed solution to concerns around its data governance, Project Texas, were inadequate. “Project Texas would still allow TikTok’s algorithm, source code, and development activities to remain in China,” Warner said. “They would remain so under ByteDance control and subject to Chinese government exploitation.”

But he also addressed the concerns of many young Americans who use TikTok and fear this legislation means it will go away. “I want to make clear to all Americans, this is not an effort to take your voice away,” Warner said. “Many Americans, particularly young Americans, are rightfully skeptical. At the end of the day, they’ve not seen what Congress has seen. They’ve not been in the classified briefings that Congress has held, which have delved more deeply into some of the threats posed by foreign control of TikTok.”

Eric Schwarz:

This is a dangerous precedent—the nursing home government hasn’t provided clear-cut data for this, only vibes and fear-mongering. While I’m personally not against aiding our allies, how about we work on fixing ourselves first?

[…]

I’m not so much as giving TikTok a pass as asking why this is the most pressing thing and why we aren’t addressing poor behavior by domestic social media companies?

Pieter Arntz:

The Electronic Frontier Foundation (EFF), an international non-profit digital rights group based in the US, says it opposes this bill, mainly because it is afraid that TikTok will not be the last app to face this type of ban.

Previously:

Update (2024-04-26): See also: TikTok CEO Shou Zi Chew’s response.

Rob Jonson:

US Government: TikTok must be banned because the Chinese Government could demand that the owners hand over data on users.

Also US Government: Everyone must hand over data on their users to US. (FISA 702)

Lauren Feiner (Hacker News, Slashdot):

President Joe Biden signed a foreign aid package that includes a bill that would ban TikTok if China-based parent company ByteDance fails to divest the app within a year.

Louise Matsakis:

The version of TikTok impacted by the legislation is not the same platform that then-president Donald Trump first tried to abolish back in 2020, citing national security concerns about its links to China. TikTok, its user base, and the ecosystem of creators making a living from the platform have grown, transformed, and matured since then. And the potential consequences of the app disappearing have become more significant.

Mike Masnick:

We’ve discussed this a few times before, but the move to ban TikTok is particularly stupid. It demonstrates American hypocrisy regarding its advocacy for an open internet. It goes against basic First Amendment principles. It overreacts to a basic moral panic. And it does fuck all to stop the actual threats that people justifying the ban talk about (surveillance and manipulation/propaganda).

It’s particularly stupid to do this now, just as Congress was finally willing to explore a comprehensive privacy bill.

[…]

This leaves out some fairly important elements, including powerful lobbying by companies like Meta (who were clearly threatened by TikTok) to spread a moral panic about the app. It also leaves out the massive financial conflicts of many of the lawmakers who pushed for this bill.

Kane Wu and Julie Zhu (Slashdot):

TikTok owner ByteDance would prefer to shut down its loss-making app rather than sell it if the Chinese company exhausts all legal options to fight legislation to ban the platform from app stores in the U.S., four sources said.

The algorithms TikTok relies on for its operations are deemed core to ByteDance’s overall operations, which would make a sale of the app with algorithms highly unlikely, said the sources close to the parent.

Update (2024-05-08): Rebecca Kern:

TikTok and its parent company ByteDance sued Tuesday to challenge a law President Joe Biden signed to force the sale or ban of the video sharing app.

[…]

The companies argued that the law would amount to a Bill of Attainder, or a determination of guilt and punishment by law without trial, which the Constitution prohibits.

Via Nick Heer:

TikTok frames a jettisoning from ByteDance as something which would treat the United States as its own distinct company but, surely, an alternative interpretation of the U.S.’ intent is for the entire TikTok enterprise worldwide to be distinct from ByteDance.

Emma Roth (MacRumors:

TikTok argues that a ban in the US wouldn’t be feasible, as it would force TikTok to move “millions of lines” of software code from ByteDance to a new owner. It adds that limitations from the Chinese government would not allow the sale of TikTok with its algorithm. TikTok claims the ban would make the US version of its app an “island” that gives Americans a “detached experience” from the rest of its users while undermining its business.

Extending Section 702 of FISA

H.R.7888:

Section 701(b)(4) is amended[…] by inserting after subparagraph (D) the following new subparagraph[…] any other service provider who has access to equipment that is being or may be used to transmit or store wire or electronic communications[…]

Elizabeth Goitein:

Buried in the Section 702 reauthorization bill (RISAA) passed by the House on Friday is the biggest expansion of domestic surveillance since the Patriot Act.

[…]

If the bill becomes law, any company or individual that provides ANY service whatsoever may be forced to assist in NSA surveillance, as long as they have access to equipment on which communications are transmitted or stored—such as routers, servers, cell towers, etc.

That sweeps in an enormous range of U.S. businesses that provide wifi to their customers and therefore have access to equipment on which communications transit. Barber shops, laundromats, fitness centers, hardware stores, dentist’s offices… the list goes on and on.

[…]

None of these people or businesses would be allowed to tell anyone about the assistance they were compelled to provide.

[…]

The NSA, having wholesale access to domestic communications on an unprecedented scale, would then be on the “honor system” to pull out and retain only the communications of approved foreign targets.

Edward Snowden (via Hacker News):

The NSA is just days from taking over the internet, and it’s not on the front page of any newspaper--because no one has noticed.

AP:

President Biden on Saturday signed legislation reauthorizing a key U.S. surveillance law after divisions over whether the FBI should be restricted from using the program to search for Americans’ data nearly forced the statute to lapse.

Barely missing its midnight deadline, the Senate had approved the bill by a 60-34 vote hours earlier with bipartisan support, extending for two years the program known as Section 702 of the Foreign Intelligence Surveillance Act.

[…]

One of the major changes detractors had proposed centered around restricting the FBI’s access to information about Americans through the program. Though the surveillance tool only targets non-Americans in other countries, it also collects communications of Americans when they are in contact with those targeted foreigners. Sen. Dick Durbin, the No. 2 Democrat in the chamber, had been pushing a proposal that would require U.S. officials to get a warrant before accessing American communications.

Elizabeth Goitein:

It’s a gift to any president who may wish to spy on political enemies, journalists, ideological opponents, etc.

Update (2024-04-26): Richie Koch:

This article examines some of the most important privacy legislation and law enforcement policies in the US and how they impact privacy online.

Update (2024-05-10): Matt Novak (via Hacker News):

But an internal FBI email, leaked to Wired on Wednesday, may accidentally reveal how the federal law enforcement agency plans to overstep the spirit of the law, while technically maintaining the letter of the law.

[…]

Wired spoke with Rep. Zoe Lofgren, a Democrat from California who notes this newly leaked email “directly contradicts earlier assertions” by the FBI when the agency was trying to get the law reauthorized.

Tuesday, April 23, 2024

Elegant Concurrency Operations in Core Data

Fatbobman (Mastodon):

This article aims to explore how to introduce elegant and safe concurrency operations similar to those of SwiftData into Core Data, implementing a Core Data version of @ModelActor.

[…]

Following the fundamental principles of Core Data concurrency operations, all operations on managed objects must be performed on the thread of their owning context. This restriction means that the Actor model cannot be directly applied to Core Data’s concurrent operations.

However, the Swift community proposed the concept of custom Actor executors through SE-392, and this functionality was implemented in Swift 5.9.

Previously:

Charles Edge, RIP

Adam Engst:

News started to spread this morning on the MacAdmins Slack, Rich Trouton’s Der Flounder blog, and Tom Bridge’s site about how our friend and Take Control author Charles Edge died suddenly and unexpectedly on 19 April 2024. He was in his late 40s, and yes, his standard bio picture below gives you a feel for his sense of humor and irreverence.

I met Charles at a MacTech event in New York in 2012, but I already knew that he had written a bunch of tech books and thousands of Krypted blog posts on sysadmin topics. We exchanged some email about the possibility of him writing a Take Control book then, but it wasn’t until early 2014 that we came up with the idea that turned into Take Control of OS X Server.

[…]

He left Jamf in 2020 and was most recently working on Secret Chest, a password manager aimed at quantum-proofing Apple’s Keychain.

Previously:

Update (2024-04-24): See also:

Fairphone Fairbuds

Samuel Gibbs:

Fairphone, the repairable and ethical electronics pioneer, is back with a pair of some of the first Bluetooth earbuds to make it so easy and cheap to replace their batteries that you can do it at home in minutes.

[…]

The earbuds have a little door hidden behind a silicone sleeve, which opens to reveal a small button battery ready to be replaced once it wears out. The design seems so simple you wonder why no one has tried it before.

The oval top of the earbuds has a touch-sensitive surface for a good set of controls. Tap once, twice or thrice for playback controls, slide your finger up and down for volume, or touch and hold on the right to switch noise-cancelling modes or the left to trigger your phone’s voice assistant. Take out an earbud and the music pauses.

Via Nick Heer:

Gibbs noted an audio sync issue which the company says it was working on. Otherwise, these seem to be perfectly fine true water-resistant wireless earbuds with approximately similar battery life to Apple’s AirPods Pro.

Previously:

Update (2024-04-24): Ged Maheux:

A huge thank you to those that wrote about my AirPod volume problem and suggest cleaning with isopropyl and a brush. Totally did the trick, they now sound as good as new.

Monday, April 22, 2024

How to Use Experimental Swift Versions and Features in Xcode

Donny Wals:

We can click the Universal download link to install the Swift toolchain that you’re interested in. For example, if you’re eager to try out a cutting edge feature like Swift 6’s isolation regions feature you can download the trunk development toolchain. Or if you’re interested in trying out a feature that has made its way into the Swift 6 release branch, you could download the Swift 6.0 Development toolchain.

Once you’ve downloaded your toolchain and you can install it through a convenient installer. This process is pretty self explanatory.

After installing the toolchain, you can activate this new Swift version in Xcode through the Xcode → Toolchains menu.

[…]

To try out new Swift features, we sometimes need to enable them through a compiler flag. The evolution proposal that goes along with the feature you’d like to try will have an Implementation field in its header that explains which toolchain contains the feature, and whether the feature is gated behind a flag or not.

Apple Maps in Tokyo

Joe Rosensteel:

When searching for a business, like your hotel which is part of a very large hotel chain, Google will show the one saved in your list as the first search result when you start typing. Apple Maps will show you the search results in the same order you’d see them otherwise, but it will write “in your guide” under the hotel that could be further down the list.

[…]

Apple Maps is also bad if you move the map to an area and want to search within that area. It’ll snap back to where you are and search that area first.

[…]

If I had upgraded from 14.4.0 to 14.4.1 while I was traveling I would need to catch this error with enough time to re-download my offline maps, especially the offline maps for the city I was in.

[…]

Apple Maps is not very good for English-speaking tourists in Japan. Apple Maps Japanese data is from its partnerships with local Japanese companies. That’s great for locals, but that means things like restaurant reviews are in Japanese. Again, this is helpful if you speak Japanese, and very relevant to the residents of Japan, but far less accessible to me, an English-speaking traveler.

[…]

The crowds in some of these places in Japan are no joke. Google Maps has had the ability to show a little bar graph for every location for how busy a place is throughout the day, in addition to how busy it currently is. It’s had this feature since 2016.

Previously:

Hackintosh Is Almost Dead

Aleksandar Vacić (via Hacker News, Ric Ford):

It’s true that latest macOS 14 (Sonoma) still supports the latest generations of Intel Macs and it’s very likely that at least one or two major versions will still be compatible. But there’s one particular development that is de-facto killing off the Hackintosh scene.

In Sonoma, Apple has completely removed all traces of driver support for their oldest WiFi/Bt cards, namely various Broadcom cards that they last used in 2012/13 iMac / MacBook models. Those Mac models are not supported by macOS for few years now thus it’s not surprising the drivers are being removed. Most likely reason is that Apple is moving drivers away from .kext (Kernel Extensions) to .dext (DriverKit) thus cleaning up obsolete and unused code from macOS. They did the same with Ethernet drivers in Ventura.

Those particular cards were the key ingredient to many fully functional Hackintosh builds for simple reason: they worked out of the box with every single (so-called) iService Apple has: Messages, FaceTime, AirDrop, Continuity, Handoff - you name it. Everything worked. Despite the valiant efforts of OCLP crew to make workarounds, those cards can work in Sonoma only if you seriously downgrade the macOS security.

Previously:

The Apple Jonathan

Stephen Hackett (Hacker News):

Those four machines are well known, but there was a fifth possibility in the mix, named the Jonathan. In his book Inventing the Future, John Buck writes about the concept, which was led by Apple engineer Jonathan Fitch starting in the fall of 1984.

This concept envisioned a computer that would expand with the needs of the user, through the use of modular components:

Buck also writes:

It was a consumer model computer that came with pre-installed operations as well as a base-level I/O, and it could be upgraded during/or after purchase to business-centric specifications using a unique set of plug- and-play modules. Customers would be able to add a series of book-sized modules (for software and hardware options) that clicked into a slender docking station sitting under the monitor, that itself looked like a bookshelf. The individual software modules, for the prototype, contained the O/Ss for Apple II, Mac, UNIX, or DOS, while the hardware options were DSP, Ethernet, GenLock (for video), extra RAM, mass storage, or a power supply (for different regions). There were no cables.

Fitch believed that the machine’s literal backbone design could become the backbone of Apple’s future sales strategy. An ever-expandable computer that could cover multiple markets without Apple needing to make multiple devices.

Nicola D’Agostino:

After eight months of development, a Jonathan mockup was finally unveiled to the Apple Executive staff in June 1985.

The Executives’ first reaction was of astonishment. The design’s militaristic look with smooth surfaces, sharp corners, vertical ribs around the base and the use of a dramatic black color with white product graphics was unlike anything done before at Apple.

The Jonathan concept was deemed too advanced and risky. Jean-Louis Gassée, who at the time was Apple’s VP of Product Development, observed that they would have to sell two or three Jonathans to equal the profit of a single Macintosh II.

Both posts have some great photos and renders.

Friday, April 19, 2024

Apple Removes Messaging Apps From Chinese App Store

MacRumors (CNN, Hacker News):

Apple on late Thursday into Friday removed the popular messaging and social media apps WhatsApp, Telegram, Signal, and Threads from its App Store in China at the request of the Chinese government, The Wall Street Journal reported.

[…]

In a statement shared with several media outlets, Apple said China’s national internet regulator ordered the removal of the apps from the App Store in the country due to unspecified “national security concerns.” Apple said it is “obligated to follow the laws in the countries where we operate, even when we disagree.”

However, it’s Apple’s choice to make distribution through the App Store a single point of failure.

Previously:

Update (2024-04-24): John Gruber:

The answer re: sideloading is yes, and both Signal and WhatsApp offer direct downloads of their latest Android builds.

Kaveh:

A small amount of Googling and it seems like sideloading the default way to get any Google apps in China since Android there isn't offered with the Play Store.

Patrick Wardle:

Apple consciously (& greedily) made the decision to be the arbiter/gatekeeper of what can run on our iOS devices…which directly empowers governments to ban whatever apps they so choose[…]

Update (2024-04-26): See also: Jon Brodkin.

VLC vs. the App Stores

VideoLAN (via Hacker News):

App Stores were a mistake.

Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users…

For now, iOS App Store still allows us to ship for iOS9, but until when?

VideoLAN:

If you do wonder why we don’t update VLC on the Windows Store or why VLC/iOS can’t connect properly to OneDrive shares, it’s because Microsoft Kafkaïesque bureaucracy refuses to help us.

We’re only trying to contact someone since 2years…

VideoLAN (Anisse, Hacker News):

If you wonder why we can’t update the VLC on Android version, it’s because Google refuses to let us update:

  • either we give them our private signing keys,
  • or we drop support for Android TV before API-30, and all our users on TV API<30 can’t get fixes.

VideoLAN:

VLC cannot even enter the Mac App Store, because of the restrictions…

Look at all those platforms competing to benefit users.

Florian Mueller:

This here is a European app store for Android and Google’s YouTube has just killed their channel. It’s obviously a problem if you depend on the incumbent’s platforms all the way.

Previously:

Update (2024-04-26): President of VideoLAN (Hacker News):

On Android, we can either give Google our private (!) key or not support existing Android versions, and there is (as usual for Google) no one to discuss this with.

On Windows, they changed soo many times the backend of their store, that even with support from the top of the hierarchy, we cannot even update our desktop apps (change a URL, not even a binary…)

Apple, so far, is less annoying, but to support old versions (iOS9 or 10) is an always on battle.

Apple AppStores does not allow GPL, Microsoft does not allow GPLv3 and Unity does not even allow LGPL…

It’s very frustrating and time consuming, but because we don’t make money out of those, and we are on more platforms than anyone, we can complain publically…

Color Kobo E-readers

Sheena Vasani (Hacker News):

Rakuten Kobo is launching its first color e-readers, the Kobo Libra Colour and the Kobo Clara Colour. Both use E Ink’s latest Kaledio color screen technology, which has subtle, pastel-like hues and drops from a 300ppi grayscale resolution to 150ppi when you view content in color.

[…]

The seven-inch Kobo Libra 2 is my favorite e-reader outside of Amazon’s ecosystem, offering the Kindle Paperwhite’s IPX8 waterproof design but with extras like physical page-turning buttons, no lockscreen ads, and more storage.

The $219.99 Kobo Libra Colour retains all of those features but is also now compatible with the Kobo Stylus 2, just like the Kobo Elipsa 2E.

Nathan:

E Ink’s color “Kaleido” screen technology has been around for several years, but it’s gone through three generations now and devices that use the latest Kaleido 3 screens just started coming out last year.

[…]

Color E Ink supports 4096 colors, which might sound like a lot but it’s actually far lower than a typical LCD screen. Colors tend to look softer and more subdued with E Ink, and color accuracy isn’t great, especially with certain colors, and it has more of a printed newspaper look.

[…]

The main drawback with color E Ink screens is they look darker than regular B&W screens because of a color filter layer that is applied over the top of the screen, which makes the contrast appear lower. Kaleido color screens are really just regular black and white E Ink Carta screens with a fancy passive filter over the top (that’s why color resolution is lower than black and white resolution).

[…]

Afterimage effects are more noticeable on color E Ink screens, where you can see a faint impression of the previous page. Color content may require more full page refreshes and flashes to look clear.

Previously:

Optimizing WebKit & Safari for Speedometer 3.0

Alan Baradlay et al.:

We made our fast JSON stringifier work for unicode characters. We also analyzed profile data carefully and made JSON.parse faster than ever.

[…]

We took the release of the new Speedometer 3.0 benchmark as an opportunity to adjust inlining heuristics based on data collected in modern Apple silicon Macs with the latest JavaScriptCore.

[…]

Prior to the opportunistic task scheduler, incremental sweeping in JavaScriptCore was automatically triggered by a periodically scheduled 100 ms timer. This had the effect of occasionally triggering incremental sweeping during asynchronous timing intervals, but also wasn’t aggressive enough to prevent on-demand sweeping in the middle of script execution. Now that JavaScriptCore is knowledgable about when to opportunistically schedule tasks, it can instead perform the majority of incremental sweeping in between rendering updates while there aren’t imminently scheduled timers. The process of sweeping is also granular to each marked block, which allows us to halt opportunistic sweeping early if we’re about to exceed the deadline for the next estimated rendering update.

[…]

Previously, we required a synchronous IPC call from the Web Process to the GPU process to determine which of the existing buffers had been released by CoreAnimation and was suitable to use for the next frame. We optimized this by having the GPUP just select (or allocate) an appropriate buffer, and direct all incoming drawing commands to the right destination without requiring any response. We also changed the delivery of any newly allocated IOSurface handles to go via a background helper thread, rather than blocking the Web Process’s main thread.

[…]

With all these optimizations and dozens more, we were able to improve the overall Speedometer 3.0 score by ~60% between Safari 17.0 and Safari 17.4.

Previously:

Thursday, April 18, 2024

Daniel C. Lynch, RIP

Katie Hafner (via Hacker News):

In 1986, Mr. Lynch decided to hold a workshop to train vendors and developers to configure equipment for routing traffic through the internet. The point was to make different manufacturers’ equipment work together and demonstrate the uses the internet could have for businesses. The first event, attended by 300 vendors, was run largely by volunteers, who snaked cable through the room and programmed specialized computers called routers, which were just becoming commercially available, to communicate with one another.

“His brainstorm was that you couldn’t be there unless you were willing to interconnect with everyone else,” said Vinton G. Cerf, a vice president and chief internet evangelist at Google. Mr. Lynch required the attendees to adhere to TCP/IP, a language spoken by computers connected to the internet that was quickly becoming the industry standard.

Mr. Lynch started calling his event Interop in the late 1980s. Within a decade, it had become one of the world’s largest computer exhibitions, helping to create a global community of specialists capable of supporting a networking standard that made it possible for all the world’s computers to share data. One computer industry analyst called it “the plumbing exhibition for the information age.”

See also: Internet Hall of Fame and A Brief History of the Internet.

Legibility and San Francisco

Niko Kitsakis (tweet):

Why is San Francisco not the best typeface for a user interface? After all, Apple has gone through quite some trouble designing it in-house. Do a search on the matter and you will find articles and videos for deve lo pers, where the people from Apple explain their thinking. They talk about optical sizes, different use-cases, space efficiency, expressiveness and so forth. It all sounds very professional.

[…]

Apple’s San Francisco falls into the same category as the Japanese sword: It might, from a technical standpoint, be a very well designed typeface, but it’s the wrong kind of typeface to begin with. Apple’s typeface lacks two things that any typeface (to a different extend) needs: Personality and purpose.

[…]

If you compare San Francisco (or SF Pro as Apple also calls it) to FF Unit, you’ll see that the numeral “1” and the shapes of the first three letters of the word “Iliad” are much more distinct from one another in FF Unit than the same characters (or glyphs) are in in SF Pro. This was done on purpose, of course: Typefaces like FF Unit were de signed with legibility in mind, and one of the things a type designer does in that case, is ensuring that visually similar letters have shapes that make them more distinct from one another.

Previously:

Why Has Figma Reinvented the Wheel with PostgreSQL?

Sammy Steele:

The data revealed that some of our tables, containing several terabytes and billions of rows, were becoming too large for a single database. At this size, we began to see reliability impact during Postgres vacuums, which are essential background operations that keep Postgres from running out of transaction IDs and breaking down. Our highest write tables were growing so quickly that we would soon exceed the maximum IO operations per second (IOPS) supported by Amazon’s Relational Database Service (RDS). Vertical partitioning couldn’t save us here because the smallest unit of partitioning is a single table. To keep our databases from toppling, we needed a bigger lever.

[…]

Horizontal sharding was an order of magnitude more complex than our previous scaling efforts. When a table is split across multiple physical databases, we lose many of the reliability and consistency properties that we take for granted in ACID SQL databases.

[…]

We built a DBProxy service that intercepts SQL queries generated by our application layer, and dynamically routes queries to various Postgres databases. DBProxy includes a query engine capable of parsing and executing complex horizontally sharded queries. DBProxy also allowed us to implement features like dynamic load-shedding and request hedging.

[…]

We avoided having to implement “filtered logical replication” (where only a subset of data is copied to each shard). Instead, we copied over the entire dataset and then only allowed reads/writes to the subset of data belonging to a given shard.

Denis Magda (via Hacker News):

Figma doesn’t use the open-source distribution of PostgreSQL. Instead, they utilize PostgreSQL as a service by subscribing to Amazon RDS. There’s an interesting, often overlooked fact about PostgreSQL managed services provided by large cloud providers and smaller vendors. While these services usually offer all the core PostgreSQL capabilities, the list of supported extensions is at the mercy of the service provider.

Now, we have CitusData, a mature PostgreSQL extension for sharding, and we know that Figma uses RDS, a fully-managed PostgreSQL service by Amazon. However, if you check the list of PostgreSQL extensions supported by RDS, CitusData isn’t included[…]

So, now, let me speculate. The real reason why Figma reinvented the wheel by creating their own custom solution for sharding might be as straightforward as this — Figma wanted to stay on RDS, and since Amazon had decided not to support the CitusData extension in the past, the Figma team had no choice but to develop their own sharding solution from scratch.

Cryptocurrency Apple Antitrust Lawsuit

Juli Clover:

A lawsuit targeting Apple’s refusal to allow apps to support cryptocurrency transactions was today tossed out by a San Francisco judge, reports Reuters. The lawsuit, which was filed by Venmo and Cash App customers, claimed that Apple drove up the fees charged by Venmo and Cash App by not letting payment apps facilitate cryptocurrency transactions.

The plaintiffs alleged that Apple curbed competition in the mobile peer-to-peer payment market with its App Store guidelines. No option for cryptocurrency has supposedly caused Venmo and Cash App to raise prices for transactions and services due to “no competitive check.” A payment app that is based on decentralized cryptocurrency technology would let iPhone users “send payments to each other without any intermediary at all.”

Previously:

Copyright © 2000–2024 Michael Tsai.