Apple Security "blog"

"It's a trick. It's not dead. Get an axe."

Apple yet again unleashes "a blog" to "address the community", Apple Security this time. … I can't recall what the title of the last one was, it lasted like 2 posts a few years back. Same pattern:

  • No author names
  • No RSS
  • No comments
  • No way to send feedback at all, even to their ghost town forums.

First post is a long, rambling dissection of a new kernel malloc, maybe reducing the memory access errors that keep giving h4xx0rz 0-days into Apple gear. No actionable content; it's for them to say they're doing something, not you to improve your code.

Second is an update claiming now they're gonna actually pay out bug bounties, even tho it's been a nightmare to extract a red cent from them in the past, honest kick the ball this time for sure, Charlie Brown.

Zero trust in this meaning anything. I bet Grubs fellates this like the second coming of WWDC.

Mac Protip: Open URL in Browser

Not all browsers have an "Open in" service. I tend to use Chromium for media so it's a different crashy app than my main Safari. I've been manually copying URLs, pasting into it.

Open Automator, create a new Quick Action, pick Run Shell Script, paste in:

read -r url
open -a Chromium "$url"

Save it as "Open URL in Chromium". Quit Automator.

You can now right-click on any URL, Services menu, and send it there.

Gone from Suck to Blow

Want to move a URL or other text between your local computers, and they're not all Mac/iOS where universal pasteboard mostly works? There's smart ways, and then there's how I do it:

# note: needs Apache turned on. sudo apachectl start
mac% cd /Library/WebServer/Documents
mac% sudo ln -s $HOME/Sites
mac% cd
mac% cat bin/blow
#!/bin/zsh
pbpaste >$HOME/Sites/suckblow.txt

raspi% sudo apt-get xclip
…
raspi% cat bin/suck
#!/bin/zsh
curl -s "http://mac.local/Sites/suckblow.txt" |xclip -i -selection clipboard
xclip -o -selection clipboard

And in the reverse set, pbcopy is the Mac equivalent of xclip -i. In practice, I don't run a server on my RasPi but I rarely need to paste the other way, just sometimes scp files.

Now on the Mac, I copy some text, type "blow" in iTerm2. On the RasPi, I grab terminal and type "suck". It can take a few seconds, and then the text is in clipboard.

Without running Apache (or other web server, but I'm a caveman), you can use scp to grab the file, then cat it into xclip -i.

Happy blowing & sucking!

[Update 2022-12-03: Some update on raspi changed the default in xclip from clipboard to primary (X11). So I've added -selection clipboard to them all.]

Apple Destroys App Store History

Note, currently all my old apps like Perilar, DungeonDice, etc. are off the store. They all still work. Apple wants me to pay $100 extortion, recompile a bunch of old code that maybe takes minutes, maybe hours or days of catching up to "modern" APIs, before I can resubmit.

And once they start requiring Monterey instead of Big Sur, I have to buy new hardware to even do that, my iMac just misses the deadline for support (but they still give me a notification a couple times a month to "upgrade" to Monterey, so smart & classy).

And my reaction these days is basically "fuck you, App Store". I could pay them nothing, and spend that effort on my Mystic Dungeon Club Javascript games, or my Scheme games (shipping real soon now!), and then I'm the only one who can disappoint me. Most of my JS stuff works on an iPad just fine; I'm not really inclined to try resizing for iPhone or Android, but in theory they'd work, too.

My little Glitch.app, full of mostly-not-allowed tools which I don't distribute but sideload, doesn't currently run, and I think I can get it to reload on the free account. If not, I guess I don't glitch. I could probably rewrite a lot of it in Pythonista, assuming that survives the App Store-pocalypse.

I have no problem with Apple's 30% cut, 15% would be better but hey, whatever. It was a nice storefront for a few years there, anything less than the 50% cut retail takes was warranted.

But every other part of the App Store policy is so noxious, all that's left are shovelware predatory gacha games from China, "social" (masturbatory pictures of yourself) network garbage, and AAA studio teaser games, but not the real games. And now they're just gonna make it impossible to get anything from the good era.

I literally use my iPhone now as a, uh, phone. It's almost back to the 2007 release set of Apple apps, because nothing else is any better. The iPad has several more useful tools, and I worry that they'll be removed by this policy.

Android fanatics, note that you are not helpful:

Earlier this month, the Google Play Store similarly announced it would begin limiting the visibility of apps that
“don’t target an API level within two years of the latest major Android release version.”

What I'm Watching: Severance

Well, it's on TV+ which normally I treat like a sub-Disney® quality back-alley shithole gutter of the most boring shows ever conceived by AI to lull Humans into submission before mulching the species (that popular one? That's the one I mean.), but Severance seems fun! Very Office Space, and The Office, and Better Off Ted, crossed with Paycheck (best Baffleck movie; mediocre PK Dick adaptation; worst John Woo), but even more brain fucking and crying. Also some of the Stargate SG-1 episode "Beneath the Surface".

A woman (Britt Lower) wakes up in a windowless underground office, doesn't know who she is. A man (Adam Scott, very punchable face but I'm not sure where I've seen him before) cries and then goes to work and is chipper and kind of pointless. The office job is pointless, maybe relentlessly stupid. Maybe it'll make more sense later? Their outside lives are frankly not that good for the kind of pay you'd expect to get for taking this job.

The office maze is driving me a little crazy. I'm pretty sure it's just a grid. They walk & talk right, right, right, left and are somehow in a different corridor. But they all look the same. The "break room" and "wellness room" are just like the "break pods" at one corp job I had, where it was almost literally a punishment to be sent there if you were having a rough time of it.

The office procedures are repetitive nonsense. The coffee is Rwandan. Literally blood coffee.

The biggest irony of this show is that it looks and acts like Apple already does. If Timmy Apple could do this to people, he absolutely would. Forcibly. With drill holes in the skull. He's already threatening people with their jobs or coming into the UFO-shaped office to catch plague, what's a little endless torture in a fluorescent-lit Hell? How did this get past their own self-awareness and PR?

Also doesn't help that they're promoting in pre-roll fucking ads wecrashed, a documentary about WeWork's cult, rise, and fall, which looks excessively like Severance. This isn't really an SF show, it's just how corporate workplaces already are. The cyberpunk dystopia of my yout' is here.

I'm not a fan of the episode length, nearly an hour. Half inside, half outside; but at least so far the inside is fun, light, gets to the point and tells the story, while the outside is long meandering talks with people that drag on for an endless eternity with maybe a minute of plot. I'm going nuts sitting thru this junk. Half length, and it'd be twice as good, as I often say about these bloated streaming waste-of-hours. I don't get it; there's no advertising, so why make it take forever?

TV+ continues to be the absolute worst app in a long cycle of shitty apps from Apple. I select the show in the main TV+ window, but can't see the title of each ep. Guess the next one's the first unlabelled video blob? Then it opens a player window. Of course you can't even screenshot, I have to use my iPhone camera if I want to take notes or something (like the weirdo keyboard, or the partial floor map). I'm surprised Apple hasn't embedded a "don't take pictures of this" signal in the show. Yet. Just wait until they issue Eyes with content filters.

★★★★☆ so far, aside from the pain in the ass of watching it on TV+.

Mac Icons for PDFs

I have a great many folders of PDFs, mostly grabbed from archive.org magazine_rack, ataribooks, etc. The trouble is when I open a folder of these, Finder makes preview icons for a few of them, then gives up and they all show a generic "PDF" icon. What I want is a persistent icon for the first page!

First, you need osxutils:

% sudo port install osxutils
% man seticon

And my icontool.

sips (Scriptable Image Processing System) is a built-in tool on the Mac, incredibly powerful image converter. I'm not gonna do anything fancy with perspective ratios or padding, just use it to get an image.

Now create pdficonset.zsh:

#!/bin/zsh
export CG_PDF_VERBOSE=1
find . -type f -d -iname "*.pdf" |while read -r f; do
    echo $f
    sips -s format png $f -o thumb.png && \
    icontool.zsh thumb.png thumb.icns && \
    seticon -d thumb.icns $f
    rm -f thumb.png thumb.icns
done

Run it in the parent directory, and boom! All nice icons.

[update: added a little better error-safety. CG_PDF_VERBOSE just gives better but still not useful error messages.]

I don't have the problem as bad with CBZ/CBR comics; they'd be trivial to extract the first page from, since they're just ZIP/BZIP files.

Green and Blue Bubbles Again

Some disreputable right-wing rag is pushing the Google-paid-ad conspiracy theory that Apple promotes bullying to get kids to prefer blue bubbles and iMessage to green bubbles in Android trash. Whenever this comes up, the mainstream rags never mention the real difference: Security vs. insecurity, encryption vs. everyone in the world able to read your messages.

Preferring blue bubbles is good behavior, whether kids know it or not. It has end-to-end encryption, it never even touches Apple's servers in plaintext. Anything you send, you know only the person you sent it to can ever read it. (note: You should not use iCloud backups, because those WILL store logs in plaintext)

A green bubble means it's insecure SMS; it can be read by cops, the phone company, anyone with a "Stingray" radio packet decoder in the area, and anyone who's SIM-cloned your device, which can be as simple as a single phone call to the carrier. Google is criminally negligent still shipping SMS as their "IM" in 2022.

Use iMessage if you can, Signal, Telegram, LINE if not.

Don't use WhatsApp, it's owned by Facebook and just as bad spyware as anything owned by Google.

M1 MacBooks Pro

I love beepy music made from Apple system noises. This is not the first!

I could not care any less about HomePod (I have cheap but acceptable stereo BT speakers in every room) or AirPods (BT lag into my ears makes me dizzy). So do with these as you will. I'll be using cheap wired earbuds or expensive wired cans forever.

M1 names combine the ugly internal product number with marketing "Pro". "Max" implies you can't get better. Who'd need more than 64GB RAM? Should be one or the other, like "Apple Chip Pro", or "M1P-10-16-32" (cores-gpus-ram).

MacBook stats are given in mm & lb. PICK ONE SYSTEM!

"The physical keys replace the Touch Bar." Almost like it was a gigantic mistake everyone hated. And MagSafe is back! Multiple ports and SD card reader! It's 2013 again!

What would you do if you had a million bucks? LCD, 3 XDRs, & a 4K monitor at once! (actual cost of the shown system is ~$25K).

How's the notch gonna work with fullscreen programs like Notch's game Minecraft? Just a blank spot. Might obscure the compass in Elder Scrolls games, too. Maybe it just blacks out the entire upper area in fullscreen, wasting real estate but not being stupid. I dislike the notch thing in every device, desktop more than others.

Battery life & GPU performance are awesome, no kidding. Faster than anything Apple shipped in a desktop even, my iMac 5K has a low-end AMD Radeon.

The 16" with M1 Max, 64GB RAM, 4TB SSD, is $4899, still less than a single XDR monitor. 14" with M1 Pro, 32GB RAM, 1TB SSD (get a cheap thunderbolt drive for storage) is $2899, almost reasonable.

I'm not, I think, actually getting this; the iPad Air satisfies my portable needs at present. I want the M1 Max in a Mini format, so I can wire up any monitor (not a $6000 XDR).

But if I took a new dayjob, I'd do it in a minute.

The Death of iTunes

So, I was listening to my last playlist, and realized I don't own one of the albums, so I figure I'll grab it off iTunes…

No iTunes app. No "show in iTune Store" action on the album page (Share has since shown back up, because Apple Music is non-deterministic). There's an iTunes Store on my phone, but I want to download it here on my desktop. Fine, where's the store page. It's… missing. After some duck searches, turns out you have to open Apple Music Preferences, check "iTunes Store" in a little grid. I didn't deselect this, it came deselected, meaning NOBODY is going to see it.

Once that's done, Store is back in the sidebar, and clicking it shows the good old storefront, account links, etc. But how do you search? Search box just shows Apple Music (streaming). WAAAAAY up in the top-right corner is a selector for Songs or Store. Now I'm on the album. And it's $8.99. Yeah, there's no DRM, but you know, I can get this elsewhere.

So I went over to 'zon and bought a used CD (a little cheaper), because I can rip that lossless. At least they want my money.

And like that, with no announcement, Apple killed their store.

What Are You Doing, iCloud?

I often use Pythonista for automation or just code goofing off on the iPad. And unfortunately, the only ways Apple has allowed to get files into it are:

  1. Download with some other app (Dropbox or Readdle Documents, mostly) and share, one-way into it and no way out like a roach motel, or
  2. Put the file in iCloud, and it "should" sync automatically.

This is 100% an Apple policy problem, #1 demonstrates other apps can use networking just fine.

So on Mac I open iCloud (only in Finder, it's a stupid long path in shell), Pythonista3, try dragging the now-annoying disappearing proxy icon… can't drag it. So up a folder and I can drag THAT into shell.

Now in my CodePy folder, ln -s LONGICLOUDPATH icloud and voila, convenient access. Move my working project in there.

Make changes to a file, look in Pythonista, and it's all good. Make a new file, wait… it never shows up. Finally I open Files app on iPad, see if it's there, and NOW it syncs.

Maybe Pythonista is getting old and missed a notification, I notice the keyboard row isn't coming up, but Apple's incompetent garbage service iCloud/MobileMe/iTools has been failing to sync files for 15 FUCKING YEARS NOW, and I'm goddamned sick and tired of it.

This is why I give Dropbox money every month, because their syncing always works.