Finally got around to reading about Private Cloud Compute and let’s just say I’m not super impressed Apple seems to just categorically fail at threat models that involve themselves. I guess for iPhone you just suck it up and use it anyway but for this the whole point is that it’s supposed to be as secure as on-device computation so this is kind of important

Just finished reading this blog post, and I cannot recommend it more highly. It is *exceptionally* good. I am not an expert on kernel heap exploitation, so I probably shouldn’t comment on the technical details, but it really shows Apple understands what they’re doing here.

https://twitter.com/_bazad/status/1585706652967133184

Mitigations are not created in a vacuum. This blog post not only acknowledges this fact but goes into detail on how the decisions were made to ship this. How well it will hold up is still up in the air, but it is clear that they (finally?) really nailed the design process.

Earthquake! Sadly the shake alert came a bit after it started

Some end of the week thought leadership: most programming languages are far more flexible than you’d think. When a language “isn’t a great fit for a particular environment” what it means is you should be extra mindful of the context you’re bringing it into. There are some fundamental limits that are somewhat difficult to work around (getting a high level language on a Z80 might be more trouble than it’s worth) but beyond that languages matter far less than people think they do.

Here’s an interesting instance of quadratic complexity: adding and removing KVO observers on an object (FB11644022). A graph of its performance as I scale the number of observations is so perfect it could probably feel right at home in an algorithmic complexity textbook! It’s probably not surprising in the least that observers are stored internally in a set of hash tables. But when you add observations on an object, part of the lookup process calls for computing a hash value over all the observers. This *would* be O(n) on each KVO update…

It’s kind of weird to describe it this way but to me Git is just one of those tools that really gets out of your way to let you work however you want, rather than actively fighting you because its authors didn’t understand that flexibility allow for all kinds of novel workflows. Its design is really quite simple and clever. The default porcelain is pretty bad but it’s actually quite amazing how you can pretty much swap out whatever parts of it you don’t like. You can make all sorts of complex scripts to manipulate the repository, custom GUIs, …

Windows is a fun OS because I basically don’t know it at all and every time anybody asks anything about it I get to go on a fun quest through Microsoft documentation (which is very good!) and years of blog posts that are still relevant today Today’s question, from @cis_female: does Windows have a vDSO/commpage? It seems like the answer is effectively yes to both, NTDLL is mapped into every process by the kernel, and SharedUserData seems to effectively function as a commpage

This is not a subtweet of one specific thing but joining a group of people with varying interests with a mindset of “I need to save them from themselves” that turns to outright disdain of your colleagues when you don’t get what you want is kind of not a very good look This is not to say that your points may not be correct or that arguing for them hasn’t given you legitimate burnout, but being unable to acknowledge the concerns and goals of the people you work with as you do for yourself is generally not a recommended way to get results

Since a bunch of people keep asking me stuff I sat down and wrote up some thoughts about how @Twitter was like. Fittingly, I’ll post them on the platform itself because none of these are particularly sensitive but even if they were it’s not like they can fire me :) Q: How was it?

Great! I had lots of fun and got paid to work with a lot of awesome people on something technically challenging and with a large impact. Checks most of the boxes for job satisfaction, doesn’t it?

I always find it amusing what kinds of things get bug bounty payouts and news coverage. Take this article, for example: appleinsider.com/articles/22/01…. It’s a pretty serious UXSS, and I commend Ryan on finding it. He fully deserves the bounty he got for it. AppleInsider believes it’s “Apple's largest bug bounty payout” and writes up an article about it that is shared widely. But it’s far cry from the “up to $1.5 million” that Apple claims their bounty is willing to pay out. Either they don’t pay that, or nobody reports on it.

Tip: when expanding an Xcode XIP archive, use the command line (xip --expand) rather than Archive Utility. It’s at least 25% faster–sometimes even twice as fast, depending on the circumstances. They both call into the Bom API, so I profiled both to see why there’s a difference. Decompressing a XIP is fairly straightforward: Bom runs file operations (which don’t generally benefit from parallelization) on one main thread and then spawns worker threads as necessary for CPU-bound tasks. The most obvious one is decompression, of course.

The new “native” Music on macOS is such a great example of misaligned priorities. We’re all so used to Electron garbage that it’s almost unthinkable that it’s possible to go from WebKit garbage to Cocoa garbage, and yet Music did exactly that instead of actually getting better. This app is so bad that people are desperate to come up with some reason, any reason, to explain it. Is it just poorly made? No, it must be the web views. And making the whole app native is going to fix it! Apple would never give us software this terrible!

Writing something cursed so here’s a thread me livetweeting what I find out in the process You cannot use “auto” to deduce the type of a block parameter, even though you can for lambdas since C++14

(error: 'auto' not allowed in function prototype that is not a function declaration)

Something I’ve found interesting when working “at scale” is that it’s really just similar to working on smaller projects. Large companies like to show how they are somehow really careful and thorough, because of their special CI/tooling/whatever, but that just doesn’t seem true? Everyone loves stories of the people who shave microseconds off a hot path or write software resilient to a CPU socket literally falling off, but most code is super pedestrian and as full of bugs as any other. Often the code I see on the outside is of far higher quality…

I think what I love the most about scale is that I can sit down for a couple hours and write a five-line patch that will, when taken in aggregate, save many lifetimes of waiting for things to load By the way, if you’re using method_setImplementation/method_exchangeImplementations in your app, you may wish to reconsider doing so if possible for performance reasons. (If you’re using them to swizzle, there might be correctness reasons as well–but I digress.)

Just confirmed that @slackhq has fixed this issue, and I expect that they'll soon roll this out generally. If you noticed that your phone was getting poor battery life or would feel noticeably warm, this might help!

https://twitter.com/_saagarjha/status/1393743300469792771

The main problem appeared to be an accidentally-quadratic loop in a part of the app that read log files between the app and an extension. For each file it would scan the entire directory, which doesn't really work if there are several thousand logs ;)

Looks like the final iOS 15 is a different build than the RC from last week–19A346 verus 19A344. Maybe this one will have the security fixes iOS 14.8 shipped with? (I hear that the new build actually mostly exists to fix a last-minute crash. I’m not seeing the bug in the security notes at the moment…)

Hey Mac Safari team, I know you're busy getting things ready for Monterey, but can you please fix the bug where Safari crashes when you try to reopen a window that has pinned tabs? I already filed FB9637329, but to make this as easy as possible I've already found the bug for you. About halfway down -[BrowserWindowPersistentState initWithBrowserWindowController:encryptionProvider:skipTabStates:] you save the currently selected tab to self->_selectedUnpinnedTabIndex. The index you calculate includes all the pinned tabs…

I am so tired of watching people continue to juice numbers by doing things to boost short-term growth and causing attrition in places that are not tracked–spelling disaster in the long term. As an industry, we have really failed in creating "sustainable metrics". The funny thing is that we all kind of already know exactly where these blinds spots are: if you are measuring engagement, it's easy to boost that by giving people things that keep them addicted to the platform. So you want to counterbalance by measuring conversation health.

Just patched yet another project to delete a “-Werror” just so it would build on my computer and I think I’ve finally come to the conclusion that we have *really* failed at explaining why compiler warnings exist to an entire segment of programmers. We need to fix this. The problem has gotten so bad that some of these people are *working on compilers* right now! They are literally encoding these assumptions into programming languages millions of people use. The productivity cost is real–if you use Swift or Go, you’re already living through it.

My “We aren’t going to look at your non-CSAM pictures and messages” T-shirt has people asking a lot of questions already answered by my shirt.

https://twitter.com/verge/status/1425211129106739210

Jokes aside, though, as engineers we regularly deal with complex systems that can be difficult for our users to understand. Having a hard time explaining how they work is one thing, but regardless of your position on this technology @Apple’s messaging has been unacceptable.