Month: November 2020

Application Trust Is Hard, but Apple Does It Well security-embedded.com

I promise just one more link about this overblown Apple certificate mess, but it is a good one. Phil Vachon’s piece is comprehensive, and I thought this was a thoughtful counterpoint:

One might argue Apple has catered to the lowest common denominator in this case. There’s some truth to this — you don’t want to start a war against your users and assume they’re stupid. But if people who are “information security professionals” can’t even tell you what the implications of various controls truly are (due to the vast complexity of these systems), how could your average user make these decisions?

Finally, there’s the open source argument — if I have the code, build the code, nothing can hide in the code. This is a fallacy that people buy in to thanks to effective marketing by the open source community. Software systems are so complex today that subtle issues lurk in even the most carefully curated code bases. Would a Chrome build that you built yourself and are running be inherently more secure or less likely to be compromised than one you downloaded from Google that was co-signed by Apple? Definitely not (I’d argue the other direction, in fact, but that is not germane to this conversation), but the Chrome build co-signed by Apple could be revoked if there turns out to be some malware embedded in the package. This is an interesting control that benefits users massively.

If you are absolutely furious with the way certificates are handled on MacOS, Apple is working on a solution for you. For what it is worth, I am keeping these protections switched on unless I hear a terrific reason for disabling them. I am fairly confident in my ability to avoid malware and other nefarious processes, but I am not so conceited as to think that I could not use a second set of eyes, as it were. This is especially true now that I have been working from my home computer for eight months.

In a Support Article, Apple Clarifies MacOS App Privacy Concerns support.apple.com

In an update to the obliquely-titled “safely open apps on your Mac” support article,1 Apple has added a new privacy-related section clarifying some of this week’s concerns about certificate validity checking [sic]:

These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:

  • A new encrypted protocol for Developer ID certificate revocation checks

  • Strong protections against server failure

  • A new preference for users to opt out of these security protections

The last item on this list is perhaps the most tantalizing. Does this mean the Gatekeeper system will have an off switch, as some more technically-literate users have been requesting? We will find out soon enough, I expect, but it is relieving to hear that changes are being made to prevent server problems from slowing down MacOS app launches.

This seems like another instance where Apple has failed to fully communicate changes — at all, or in a way most people can understand. When iOS 14 was released earlier this year with support for home screen widgets and compromised password notifications, among other features, some users conflated the two features and insinuated that popular customization apps were effectively keyloggers. Meanwhile, Apple’s developer documentation is, as Casey Liss put it this week, “piss poor”, and examples of miscommunication from its App Review team about rule changes or noncompliance are well-known.

  1. The prior version is available on the Internet Archive↥︎

MacOS App Security Histrionics blog.jacopo.io

For a few hours on Big Sur’s launch day, Apple’s overwhelmed servers prevented a MacOS process called trustd from quickly verifying signatures using the Online Certificate Status Protocol, or OCSP. This affected many versions of MacOS and manifested as applications taking forever to launch, and some general slowness.

This problem sucked, but it was resolved quickly. I hope a future MacOS update has a patch for whatever bug created this misbehaviour. But, this being the internet, it somehow snowballed into a crisis — MacOS is apparently spying on users, it’s worse in Big Sur, and that means Apple’s new M1 products that run nothing but Big Sur are evil surveillance devices that should not be bought by anyone. Or, at least, that’s what you would think if you read Jeffrey Paul’s article that hit the top of Techmeme and Hacker News:

On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.

[…]

This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city.

If you read this and thought hey, this doesn’t seem right, you’re not alone. I wanted to know the answers to at least these questions:

  1. Does a request to Apple’s OCSP server include a signature specific to an application?

  2. Does it report this to Apple on every launch?

  3. Why are these requests made over HTTP and not HTTPS?

  4. Are these requests logged remotely and, if so, for how long?

  5. Is this documented anywhere?

Over the past couple of days, I have read dozens of articles about OCSP, monitored trustd’s network activity for myself, poked around local certificate databases, and generally got a bit obsessive. I cannot recommend this. But the feeling I had last night is that either my research skills are terrible, or Paul fundamentally misunderstands OCSP and what MacOS is doing. To be clear, I am not confident I have a full handle on this topic, either, but I think the most alarming aspects of Paul’s post are incorrect.

The answer to the third question I had — why these requests were made over plain HTTP, instead of HTTPS — materialized quickly. OCSP is a certificate verification protocol. It needs to check the validity of certificates, so if it was signing those requests with an HTTPS certificate, how could it verify that its own request was valid? It is a recursive problem. It is, as best as I can tell, extremely common to make a request like this over plain HTTP.

But that still left me with my questions about the behaviour of MacOS. Apple loudly trumpets its privacy bonafides over its competitors’ practices, so the accusations levelled by Paul would deeply undermine trust and confidence in those statements.

A gut check came today in the form of a fantastic technical explanation from Jacopo Jannone, via John Gruber. This is exactly the kind of article I was looking for:

Capturing a OCSP request is as easy as setting up an HTTP proxy or starting Wireshark. No HTTPS means no encryption, no certificate pinning, no problems whatsoever. I captured the following request while opening Firefox.

I should also add that after closing Firefox and opening it again, no requests were made. This is reasonable, and indicates that certificate checking isn’t performed at each launch but only after it hasn’t been performed for a certain period of time.

[…]

It is clear that the trustd service on macOS doesn’t send out a hash of the apps you launch. Instead, it just sends information about some certificate — as we would certainly expect after understanding what OCSP is in the first place.

I cannot recommend Jannone’s article highly enough. It is as clear-headed and as easy-to-follow an explanation as you could hope for, given the technical subject matter. It answers my first two questions, both of which are among the more egregious accusations Paul levelled against MacOS’ behaviour.

But Jannone’s research did not appear until two days after Paul’s post, so the bad information in the latter has showed up everywhere. Purism piggybacked on it to sell its “Libre”-branded smartphones and laptops.

Jeff Benson of Decrypt wrote a very long article summarizing Paul’s findings, but until the second-to-last paragraph did not explain that it is an industry standard:

Hardeman implied that Apple is more or less using an industry standard protocol as it’s meant to be used—and that most people benefit from it. However, he called on Apple to fix the bugs that “resulted in all the screaming yesterday.”

I found a post from 2011 on Sophos’ blog chastising Apple for, at the time, leaving OCSP as an option that users were required to switch on.

However, I still do not have answers to questions four and five on my list. I think this is something Apple should be documenting in a format as clear as Jannone’s post. Paul’s article is incendiary but, as it turns out, largely untrue, at least in its most serious accusations.1 The headlines and summaries of this saga make it seem like Apple is practically running a keylogger on every Mac. The sober reality is that MacOS sometimes checks the validity of certificates of all types, something which it has done for years. All these histrionics for something really boring and not, actually, a tool for spying, not even accidentally.

  1. He also relies upon Glenn Greenwald’s mischaracterizing explanation of how the NSA’s PRISM program functions, calling Apple a “partner”, and claims in the original that there is no way to block OCSP requests, something that is easily disproved by the dozens of people who simply added it to their /etc/hosts file. That’s probably not a good idea, but it is possible.

    Oh, and in his previous post criticizing Twitter’s moderation practices, a couple of his arguments would make @BadSec230Takes proud.

    I just think it would have been helpful for all of the outlets that feverishly republished his wild claims to have verified them first, but that’s just me. ↥︎

Server Issues During Big Sur’s Launch Goobered Up Other MacOS Versions Due to Certificate Checks arstechnica.com

Samuel Axon and Lee Hutchinson, Ars Technica:

Mac users today began experiencing unexpected issues that included apps taking minutes to launch, stuttering and non-responsiveness throughout macOS, and other problems. The issues seemed to begin close to the time when Apple began rolling out the new version of macOS, Big Sur—but it affected users of other versions of macOS, like Catalina and Mojave.

[…]

It didn’t take long for some Mac users to note that trustd — a macOS process responsible for checking with Apple’s servers to confirm that an app is notarized — was attempting to contact a host named oscp.apple.com but failing repeatedly. This resulted in systemwide slowdowns as apps attempted to launch, among other things.

This was happening for me right around the time I was updating Nova and I could not figure out why it had suddenly become the slowest app in the universe. Its icon just bounced away in the Dock for half a minute and launched at a crawl.

Jeff Johnson, who was among the first to tweet the cause of these slowdowns:

Don’t confuse Developer ID certificate status (/usr/libexec/trustd to ocsp.apple.com) with notarization (/usr/libexec/syspolicyd to api.apple-cloudkit.com).

Notarization check only occurs on first launch. Online Certificate Status Protocol can occur on any launch.

I hope this is quickly rectified. There is no reason a local Mac app ought to have difficulty launching because it cannot check in with Apple first.

Foxconn Still Thinks People Are Buying Its Wisconsin Pipe Dream ca.reuters.com

Yimou Lee and Ben Blanchard, Reuters:

Foxconn said on Thursday its investment plan did not depend on who the U.S. president was. It was, however, exploring the option of building a new production line there.

“We continue to push forward in Wisconsin as planned, but the product has to be in line with the market demand … there could be a change in what product we make there,” Chairman Liu Young-way said at an investor conference.

Possible new products include those related to servers, telecommunications and artificial intelligence, he later told reporters.

Like some sort of AI 8K+5G combination, perhaps? I am dying to know what, precisely, Foxconn believes that is.

Assorted MacOS Big Sur Design-Related Observations

Ten years from now, Big Sur will be remembered for many big changes it ushered in: it is the very first release of MacOS 11 and, therefore, truly closes the book on Mac OS X; it is the first version of a Macintosh operating system that runs on Apple’s own silicon; and it is the first time one of Apple’s operating systems can natively run software from an entirely different platform. But it is also the biggest redesign of the Mac operating system since Mac OS X debuted twenty years ago.

I have some thoughts on overarching themes and trends in Apple’s operating systems that I want to more carefully consider. But I wanted to share some brief observations on Big Sur’s design direction that, I think, feel suited to a bulleted list. I have been using betas of Big Sur since they were released in June, and have used the final release candidate since yesterday. If you have yet to install the update, I think Andrew Cunningham’s review at Ars Technica and Stephen Hackett’s screenshot library are excellent resources if you would like to follow along.

So, some observations:

  • This design direction feels like it takes greater advantage of bigger and higher-resolution displays. Almost everything appears to be the same size, but Big Sur’s unified title bars and toolbars have allowed for bigger, bolder window and document titles, with a little more space around them. Similarly, the larger radius of rounded window corners is something that looks best on high-density displays with less-noticeable aliasing.

  • Folders in Finder have more readable icons than the styles Apple has been using since Leopard.

  • Windows use much brighter, whiter textures when using the “light” appearance, which I always use.

  • Combine all of these bullet points and you might think it points to a welcome higher-contrast trend. Alas, the vast majority of UI elements in Big Sur have far poorer contrast than Catalina. Many toolbar elements have either entirely no background or a very subtle one.

  • While buttons, menu bar items, toolbars, window control widgets, and many other parts of Big Sur have more padding, notifications and tabbed window controls appear to have less. It is an odd choice that makes these features — particularly notifications — look unfinished.

  • Big Sur is a victim of Apple’s current preoccupation with hiding things that only become visible when hovering. Notifications are a good example: any buttons that were present on the right-hand side of that notification — say, the “close” and snooze buttons on a Calendar notification — are now buried in a chintzy-looking “Options” button that only reveals itself when you hover over the notification.

    Most glaring is the way Big Sur hides the proxy icon in any window with a unified toolbar. It will show up a beat after you hover over the window title. You can do proxy icon things before it is visible, but hiding it is unnecessary and the slight delay before it becomes visible makes the system feel slow. I hope there will soon be a universal preference to make it visible at all times. Make it a command line-only preference for all I care, but it should be possible.

  • Big Sur introduces an iOS-like rounded square standard icon shape. I miss the carefully jumbled look of my pre-Big Sur Dock less than I thought I would. Apps that have not been updated to the new standard shape stand out.

    That said, as with iOS, many system icons are simply a glyph on a white or black background, and there are very few circumstances where I think that is an appealing design choice. The icon for System Information is particularly weak. That is not the case for all utility icons — Grapher, for example, looks like it was designed with great care and love.

  • I love how the new Dock looks like it is floating. But do not fear — MacOS continues to respect Fitts’ law by extending the click target all the way to the edge of the display.

  • Highlighted elements — like a menu item that you’re hovering overtop, or a selected email in Mail’s message list — now have rounded corners. I am surprised this has not happened before because it feels so Mac-like.

  • The full-height sidebars that have been hinted at in Catalina apps like Music and Podcasts are now mostly systemwide, and I think they work well. If you want to nitpick, they create a visual separation between window control widgets and the window itself, but I don’t think anyone will be confused. This is a nice way to clean up the multiple layers of toolbar and sidebar. It also means that the toolbar is no longer a primary anchoring element for the entire window, and I will miss that clarity.

  • Dialog boxes and sheets remain my least-favourite changes in Big Sur. I tried to get used to them — I really did — but I think both are weak replacements.

    Sheets used to be attached to the window’s title bar; they were among the most clever and wonderful elements in MacOS. They now sit atop an insipid dimmed window, and look semi-detached — not quite anchored in the way sheets used to be to the title bar, but not quite independent either.

    Dialog boxes build upon these flaws by inexplicably centring their contents and stacking action buttons at the bottom. Sometimes, those buttons appear side-by-side; I think this is only the case if there are exactly two actions. In any case, these dialogs are often very tall with small and hard to read text, but the buttons are unnecessarily large. At the very least, it is a truly strange use of space on displays of all sizes. In most cases, I think they are an unforced regression.

Overall, I have found Big Sur’s new design direction to be a welcome refresh that successfully bridges the Mac OS X world of past with Apple’s iOS and iPadOS motifs. I am annoyed by its poor contrast, but there are a couple of Accessibility preferences that correct its most egregious qualities.

If there is anything I wish Apple had scrapped, it the new approach to sheets and dialog boxes. I find the changes to those to be not a problem of taste, but a serious detriment to usability and clarity. I have quibbles with a few aspects, and am largely pleased by most of the new changes — or, at least, the direction they suggest. But those new sheets and dialogs have got to go.

In an Interview With the Independent, Craig Federighi Tempers Speculation of Touch Screen Macs independent.co.uk

Following Tuesday’s Apple event, Andrew Griffin, of the Independent, interviewed Greg Joswiak, Craig Federighi, and John Ternus about the products announced. Griffin also asked about the company’s plans for future products, which it was characteristically reticent about, but Federighi did want to tamp down expectations of touch screen Macs:

But it’s still the case that fans repeatedly speculated that Apple was going to do something more profound to the Mac: turn it into something like the iPad, for instance, or use the transition to radically alter how its laptops work. Apple has repeatedly insisted that it thinks the laptop form factor is valuable and distinct from touchscreens like the iPad, but people haven’t always believed them.

This has led to ideas including the theory that Apple had redesigned its new macOS to make way for touch screen Macs. The Big Sur aesthetic borrows from the iPhone and iPad — buttons are bigger, with more space, which numerous commentators pointed out would make them perfect for manipulating with your fingers — but not because of some secret plan to change the way the Mac works, Federighi says.

“I gotta tell you when we released Big Sur, and these articles started coming out saying, ‘Oh my God, look, Apple is preparing for touch’. I was thinking like, ‘Whoa, why?’

“We had designed and evolved the look for macOS in a way that felt most comfortable and natural to us, not remotely considering something about touch.

Big Sur offers a little more space around some elements, but not by much, so I think this speculation is quickly snuffed out if you use Big Sur for more than a couple of minutes. Most of the menus, buttons, and window controls are still tiny and clearly designed for a cursor and decidedly not a finger. It is still very much on the desktop side of the continuum.

First M1 Benchmarks macrumors.com

Yesterday, in my summary of Apple’s first own-designed Mac processors, I wrote:

Despite the M1 being an apparently entry-level configuration, Apple is promoting big performance gains. Graphics on the MacBook Air, it says, are up to five times faster than the highest-specced Intel model; on the MacBook Pro page, it says that machine learning performance is eleven times faster. Those are big leaps for complex tasks, but we’ve been down this road before. The Intel iMac was said to be two to three times faster than the PowerPC model it replaced, while the first MacBook Pro was apparently four to five times faster. Those tests were conducted using benchmarking tools, while the comparisons this year are being made using real-world tasks. All of this is to say that we can’t know just yet how fast these new Macs are. Even though they are not Apple’s most performative products, could they perhaps out-perform their Intel-based cousins? Or are they modest updates that help guide users and first- and third-party developers onto a new platform?

It appears that, today, we have an answer.

Juli Clover, MacRumors (emphasis in the original and very appropriate):

The M1 chip, which belongs to a MacBook Air with 8GB RAM, features a single-core score of 1687 and a multi-core score of 7433. According to the benchmark, the M1 has a 3.2GHz base frequency.

[…]

In comparison to Macs, the single-core performance is better than any other available Mac, and the multi-core performance beats out all of the 2019 16-inch MacBook Pro models, including the 10th-generation high-end 2.4GHz Intel Core i9 model. That high-end 16-inch MacBook Pro earned a single-core score of 1096 and a multi-core score of 6870.

Benchmarks for the two other M1 models have also appeared on Geekbench and show similar performance. Again, I will stress that testing does not necessarily translate directly to real-world performance, but it certainly seems like the ostensibly lowest-end Macs you can buy are outperformed only by the highest-end desktop Mac configurations and only in multicore tasks.

And, apparently, the two notebooks also get about one-and-a-half to two times the battery life of their Intel-based predecessors. Oh, and the MacBook Air doesn’t have a fan.

I was prepared for big gains, but I am stunned by these results.

Apple’s November 2020 Event by the Numbers macstories.net

John Voorhees, MacStories:

Apple sprinkled facts, figures, and statistics throughout its presentation today about the new Macs it announced. Here are highlights of some of those stats from the event, which was held online from the Steve Jobs Theater in Cupertino, California.

Apple’s executives threw a lot of numbers at viewers of its November event, but I think the one figure that surprised me most is one that Voorhees — and, indeed, most wrap-up articles — did not cite. But Kyt Dotson of Silicon Angle caught it:

Following up recently introduced new iPhones and iPads, the company turned its attention to its computer line. “We love the Mac. It’s in our DNA,” said Apple Chief Executive Tim Cook. “The Mac business grew over 30% last quarter, and the Mac is having its best year ever, and the Mac continues to attract new users. Today, over 50% of buyers are new to the Mac.”

Cook might as well have tossed the word “still” into that last sentence; Apple has been saying that about half of buyers are new to the Mac for years. At its 2018 Mac-related event, Cook said the same, and it was the case in spring 2016, too. Fourteen years ago, shortly after Apple released its first Intel Macs, half of Mac buyers were new to the platform. I am sure it has not been a perfectly steady chart for fourteen years, but it is noteworthy that Apple still keeps finding millions of new buyers every quarter, even as its business seems increasingly dominated by iPhone, iPad, and services sales.

Spotify, Learning From Google’s Domination of Every Part of the Data and Advertising Pipeline, Acquires Megaphone theverge.com

Ashley Carman, the Verge:

Yesterday, the company announced it spent $235 million to acquire Megaphone, a podcast hosting company that also inserts and sells dynamic ads for podcasts. The acquisition, though large, isn’t as flashy as some of the company’s other deals, but it sets Spotify up to become a force in podcast ad sales. With Megaphone, Spotify wants to dominate podcast advertising and become the main ad seller for shows both inside and outside its network. This could have repercussions, not just for where and how advertisers and podcast networks spend money, but also for how much Spotify knows about listener behavior both inside and outside its platform.

One reason Google was able to grow to dominate web advertising is because it acquired companies at every stage of the online advertising pipe. Spotify is echoing that for podcasts. This is going to get a lot worse for privacy and listener choice before it has any hope of getting better.

Understanding 5G tidbits.com

Glenn Fleishman, TidBits:

However, 5G won’t be transformative for most people or purposes. Its advantages primarily accrue to cellular carriers, even more so than 3G or 4G, which offered significant boosts in throughput and allowed higher rates over broader areas. 5G will let carriers charge more for service in some cases, handle more customers simultaneously, break into new markets that require higher throughput or low latency, and equip more kinds of devices with ubiquitous high-speed cellular data connections.

For users, it will gradually feel like we have broadband no matter where we might be, which is not terribly exciting except when you want to stream a 4K movie in the backseat of a car on a highway or download a 5 GB file in a minute in a coffee shop. The level of excitement should be more akin to finding out your city has (silently) dug up the streets while you were sleeping, replaced 10-inch water mains with 20-inch ones, and then cleaned it all up without you knowing. 5G is better network plumbing that your “Internet utility” had to install to deal with the amount of data and new data connections it wants to move around a city.

This is the best primer I’ve read about 5G. Fleishman manages to bring all of its different narrative strands into a coherent and easy-to-read article.

Beginning in June, Google Docs Will Count Against Users’ Storage Limits blog.google

Jose Pastor and Shimrit Ben-Yair of Google:

Also starting June 1, any new Docs, Sheets, Slides, Drawings, Forms or Jamboard file will begin counting toward your free 15 GB of allotted storage or any additional storage provided through Google One. Existing files within these products will not count toward storage, unless they’re modified on or after June 1. You can learn more in our Help Center.

David Smith:

How does Google even regulate the *size* of such documents? As an entirely internal format, we just have to take their word for it.

Google Drive currently does not display file sizes for any documents created using Google’s productivity suite; it just says they are zero bytes, since they currently are not counted against storage limits. A text document surely is not many megabytes large, but the storage and use of these files exists entirely within Google’s parameters.

These changes to storage policies also apply to Workspace and G-Suite users, including in education and enterprise. That means businesses that committed themselves to Google’s ecosystem will now have to either buy much more storage from the company at indeterminate cost — since they cannot estimate the amount of space they currently use — or have to source, test, and implement a competitor, all while many businesses are dependent on remote access.

It Is Time for Google’s Now-Annual Curtailing of Impressive but Unsustainable Services cnet.com

Alison DeNisco Rayome, CNet:

Google Photos is ending its unlimited free storage policy for photos and videos, the company said in a Wednesday blog post. After June 1, 2021, any new photos and videos you upload will count toward the free 15GB of storage that comes with every Google Account. But don’t worry: Any photos or videos you’ve uploaded before that day won’t be part of the cap.

The move is meant to encourage people to sign up for Google’s storage subscription service, Google One. Google One plans start at $2 a month in the US for 100GB of storage and other features, like Google Store discounts.

Casey Newton:

Also seems notable that free Google photo storage helped to drive tons of startups out of this market — Everpix, Loom, Ever, Picturelife. Now that they’re gone, and Google is tired of losing money on Photos, the revenue switch flips.

Notably, photos taken with Pixel phones will remain exempt from storage limits, albeit in “high quality” mode. Around the same time last year, Google ended unlimited full-quality photo backups.

Mac ‘Greatness’ Ad macobserver.com

My first thought when I saw this ad during today’s Apple event was that it was a nice — albeit familiar, very familiar — modern riff on the “Think Different” campaign.

My second thought was that it would be great to once again get a backlit Apple logo on a MacBook.

TikTok Says the Trump Administration Has Forgotten About Trying to Ban It, Would Like to Know What’s Up theverge.com

Hey, remember how, about six weeks ago, there was no concern more pressing for the now-outgoing Trump administration — in the middle of a pandemic — than selling TikTok to an American company, kind of? You remember, I remember, TikTok remembers — but the U.S. government apparently forgot to finish clearing the sale with the Chinese government, and the deadline is Thursday.

Sam Byford, the Verge:

TikTok has filed a petition in a US Court of Appeals calling for a review of actions by the Trump administration’s Committee on Foreign Investment in the United States (CFIUS). The reason, according to the company, is that it hasn’t heard from the committee in weeks about an imminent deadline for parent company ByteDance to sell off US assets over national security concerns.

Catherine Shu, TechCrunch:

In a statement emailed to TechCrunch, a TikTok spokesperson said it has been working with the CFIUS for a year to address its national security concerns “even as we disagree with its assessment.”

“Facing continual new requests and no clarity on whether our proposed solutions would be accepted, we requested the 30-day extension that is expressly permitted in the August 14 order,” the statement continued.

“Today, with the November 12 CFIUS deadline imminent and without an extension in hand, we have no choice but to file a petition in court to defend our rights and those of our more than 1,500 employees in the US.”

I know there’s a lot going on for this administration right now — there’s a pandemic to ignore, a transfer of power to throw a faux-legal tantrum over, a defence department to gut — but I was under the impression that TikTok was a pressing security nightmare that demanded immediate action.

Big Sursday macworld.com

Playing second fiddle during today’s big Mac hardware event was the software that many of us will be using shortly — very shortly. Big Sur is coming out this Thursday, November 12.

I am looking forward to the new version of Messages, better Catalyst apps, and using it with the “Reduce Transparency” preference switched very on.

M Powered

Next Friday, the first Macs powered by processors of Apple’s own design will go on sale. That is a pretty big deal. But what isn’t — at least, not from a user’s perspective — is the transition from one architecture to another. Apple last did this about fifteen years ago when it moved from PowerPC to Intel processors, and it is effectively copying its own playbook from that time. There are even sequels of the same transitional technologies: Rosetta 2 and Universal 2.

It should therefore come as no surprise that the Macs announced today use enclosures that are either identical or nearly so to the Intel model equivalents, and at similar prices. The perception of a smooth transition would be marred if there were a clear line between Intel Macs and Apple Silicon Macs, so it is best to keep everything pretty samey.

One way that this transition differs from the last go-around is the order in which Apple is turning over its lineup. The first Intel models Apple released in 2006 were the iMac and the MacBook Pro — its consumer desktop and its professional notebook. But the first Apple Silicon models are entirely on the lower end of the performance spectrum. The Intel MacBook Air has been entirely replaced by ARM models, as have the two-port 13-inch MacBook Pro models. The ARM Mac Mini is kind of a new line at the lower-end of Intel models. In the case of the 13-inch MacBook Pro, the four-port models updated earlier this year remain available only with Intel processors, as does a higher-end Mac Mini configuration.

As expected, Apple Silicon now has a proper marketing name: all of the Macs announced today run on the M1 system-on-a-chip.1 Aside from one fewer GPU core in the lowest-end MacBook Air configurations, any performance differences between these computers can likely be ascribed to their different thermal envelopes. The MacBook Air doesn’t have a fan, and the MacBook Pro remains pretty thin. Otherwise, the SoCs appear to be pretty much identical; or, if they are different, Apple is not describing them as such: they have the same transistor count, same core counts, and the same RAM options, as memory is now packaged with the SoC instead of being soldered to the board separately. And because so much of this transition is about efficiency, these MacBook models promise remarkable battery life.

Despite the M1 being an apparently entry-level configuration, Apple is promoting big performance gains. Graphics on the MacBook Air, it says, are up to five times faster than the highest-specced Intel model; on the MacBook Pro page, it says that machine learning performance is eleven times faster. Those are big leaps for complex tasks, but we’ve been down this road before. The Intel iMac was said to be two to three times faster than the PowerPC model it replaced, while the first MacBook Pro was apparently four to five times faster. Those tests were conducted using benchmarking tools, while the comparisons this year are being made using real-world tasks. All of this is to say that we can’t know just yet how fast these new Macs are. Even though they are not Apple’s most performative products, could they perhaps out-perform their Intel-based cousins? Or are they modest updates that help guide users and first- and third-party developers onto a new platform?

At this time, only Apple’s engineers know for sure. But I think these products are a great warm-up act for M-branded processors to sweep across the entire line. The M1 appears to be a bigger, badder version of the A14, so it makes sense that it would be placed in these more entry-level products. From a performance perspective, this is only a clue about what Apple’s full capabilities are. Remember, it has committed to switching every Mac to chips of its own design, including its highest-end products. If today’s event felt underwhelming from a “professional” Mac perspective, it will make up for in volume — these are among Apple’s most popular Macs. Today’s announcements are just as much about getting the future of the Mac in front of a huge number of typical users.

It is also only the start of seeing the hardware and software integration that custom-designed SoCs may allow. I was not expecting Face ID today, but I am certain that it is coming in the not-too-distant future. You can imagine for yourself what products might be enabled by own-brand processors focused on, in Craig Federighi’s words, “quiet performance”: a truly miniaturized Mac Mini, perhaps, or a less chunky iMac. A new Cube — why not? But, again, I am not surprised that nothing like that was announced today. This is an internal revolution disguised as a transition, and there is no reason to upset that illusion just yet.

So much of today’s short keynote felt like a love letter to the Mac. I won’t spoil it for you if you haven’t seen it, but there were familiar faces throughout — right to the end. The first half of the past decade, for whatever reason, felt like Apple wasn’t too sure what it wanted to do with the Mac. But recent years have indicated that the company is still strongly behind this unique family of products and truly does care about it just as much as the rest of us, even if it does not always feel like it. This is the most excited I have felt about the Mac in a long time. I am not in the market for a new computer but, when I am, I do not feel worried that I have reason to switch platforms. The Mac still feels like home.

Here’s to — for so many reasons — 2021.

  1. This branding is recycled from the motion coprocessors. Apple still refers to the “M12 coprocessor” on its iPad Pro and iPad Mini tech specs pages. ↥︎

Slingbox Is Shutting Down slingbox.com

You’re going to think that I am taking these questions out of context on Slingbox’s FAQ but I promise you that I am not (via the Verge’s Sean Hollister):

Q: Why is Slingbox being discontinued?

A: We’ve had to make room for new innovative products so that we can continue to serve our customers in the best way possible.

Q: Will Slingbox be releasing any new products?

A: No.

The company is also discontinuing its apps and its servers will be shut off in two years. But this duo of questions and answers will, I feel, live on for eternity. Someone ought to etch this into stone.

Sketch’s Mac App Manifesto sketch.com

Like a lot of people, I adored this treatise on the value of a native Mac app from the good people at Sketch:

Best of all, native Mac apps like ours are designed to fit with the rest of the operating system. It’s hard to quantify, but if you use Apple’s built-in apps you immediately get a ‘feel’ for how things should work in native apps. When an app ‘fits in’ with the rest of the OS, it doesn’t just look and feel more at home on your Mac — it lowers the learning curve when you first open it. That’s why we (and plenty of other great macOS developers) work hard to follow the conventions set out in Apple’s Human Interface Guidelines, so that our Mac app has that same, familiar feel. And you can start using it instantly, from the first click.

[…]

Ultimately, the choice is in your hands. We want to give you the best of all worlds. The latest features in a native Mac app, with all the functional benefits that brings. The ability to choose how and where you work. The option to share your work and handoff to others in Cloud. And soon, the ability to collaborate in real-time.

We simply couldn’t do this without being a native Mac app. macOS is an amazing platform to work on, and we’re grateful to the community of designers like you that use Macs every day to create amazing work. Thank you for supporting us, and all the other native apps that help make the Mac the platform it is today. And thank you, Apple, for giving us a place to call home.

You may see this as a shot across the bow of Figma, but it speaks just as readily to clumsy cross-platform apps like the Adobe suite. I see it as a firm commitment to the values of detail and quality.

The hardware that is being announced at tomorrow’s big Apple event is certainly exciting, but third-party apps are why I continue my investment in the Mac ecosystem. This piece speaks to my deep appreciation for really great Mac apps — from Sketch to Nova; NetNewsWire to MarsEdit; Keyboard Maestro to Things. I live in apps like these, and they are why I use a Mac.

Reviews of the iPhone 12 Mini and iPhone 12 Pro Max dpreview.com

The embargo dropped for reviews of Apple’s outlier phones that — on paper — are an easier sell than its two 6.1-inch models. Let’s start with the 12 Mini, which is simplest to describe: it’s a regular iPhone 12, but smaller, so you get easier handling but also shorter battery life. That seems to be consistent among reviewers, many of whom loved it despite the compromises of the smaller body.

The iPhone 12 Pro Max, though, is a mixed bag. Again, on paper, its tradeoffs are supposed to be straightforward: you have to deal with a phone so large that it becomes dangerous to operate after taking some medications, but that is the price — along with over one thousand dollars — you pay for getting a noticeably better camera system. But that does not necessarily materialize in the real world.

Among those who have posted reviews so far, Marques Brownlee and Raymond Wong of Input — which uses the most irritating format for this review that I can imagine — did not notice any significant difference between the 12 Pro and 12 Pro Max, even in the dark. But Nilay Patel of the Verge and Julian Chokkattu of Wired found the Max to be a huge improvement, while Austin Mann saw differences in some types of image but not others. As some Apple representatives said in an interview with PetaPixel today, the iPhone photography pipeline has more to do with the total combination of sensor, lens, processor, and software than it does any one part. Perhaps it is inevitable that the improvements are there, but not so groundbreaking; perhaps the camera system is more about using the technology stack for more faithful reproduction than it is about blowing your mind with detail captured in the distance at night.

I am most excited about seeing the full potential of RAW images from these sensors combined with computational photography in the new ProRAW format, coming in a software update. I think that has the potential to reveal some of the biggest differences in noise, colour accuracy, and overall quality, without as much post-processing getting in the way.