Apple Icon

Apple

Nerding out about Apple stuff and all things Apple Inc. related.
32 Stories
All Topics

Apple samcurry.net

We hacked Apple for 3 months: here’s what we found

Six white-hat hackers spent a few months on Apple’s bug bounty program:

There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact.

This is a report of their findings: how they did it, vulnerabilities found, and how Apple responded to each one.

Max Braun Medium

PiSight brings back Apple iSight

Max Braun thinks today’s webcams are boring, so he brought back a classic. Max took an Apple iSight and retrofitted it with a $5 Raspberry Pi Zero, which “fits the iSight’s dimensions almost perfectly.”

The PiSight actually works like you’d expect it to. Just plug in the USB cable and the camera will show up in your video conferencing app of choice. The image quality is quite good, possibly better than the built-in camera of today’s MacBooks.

The best part is you can do this too because Max made all the plans available as open source.

Just in case you’re not completely taken aback by the absurdity of this project and are now considering building your very own PiSight, rest assured that I’m making everything available as open source.

The GitHub repo has a list of parts and where to get them, the 3D-print-ready model of the frame, and the source code. I’m thinking it should be possible to get the total cost down to under $150. I had to spend a bit more than that because I needed to experiment and opted for higher-end materials.

PiSight brings back Apple iSight

Browser London Icon Browser London

Apple’s move to ARM could reshape the development landscape

James Blizzard, writing for Browser London:

in my view, a number of factors are converging to make change ever more likely. Namely, the huge scale of cloud computing providers, Apple’s plans to migrate their laptop products to ARM-based processors, and the opening up of the educational space to include ARM-based systems.

There are some great thoughts from James in this article. From my vantage point, ARM is well-positioned for the short/medium-term, but RISC-V might just disrupt that for the long-term. One small piece of evidence: how Apple positioned this transition to Apple Silicon instead of to ARM.

Apple github.com

A virtual Apple Macintosh with System 8 (running in Electron)

First things first… does it actually work?!

Yes! Quite well, actually - on macOS, Windows, and Linux. Bear in mind that this is written entirely in JavaScript, so please adjust your expectations. The virtual machine is emulating a 1991 Macintosh Quadra 900 with a Motorola CPU, which Apple used before switching to IBM’s PowerPC architecture in the late 1990s.

Ok, cool. Does it run my favorite game?!

The short answer is “Yes”. In fact, you’ll find various games and demos preinstalled, thanks to an old MacWorld Demo CD from 1997. Namely, Oregon Trail, Duke Nukem 3D, Civilization II, Alley 19 Bowling, Damage Incorporated, and Dungeons & Dragons.

There are also various apps and trials preinstalled, including Photoshop 3, Premiere 4, Illustrator 5.5, StuffIt Expander, the Apple Web Page Construction Kit, and more.

A virtual Apple Macintosh with System 8 (running in Electron)

InfoQ Icon InfoQ

How Apple plans to address the systemic issue that made iOS 13 so buggy

iOS 13’s rollout was soooo buggy. Most notably: backgrounded apps were routinely being killed for no reason. What was to blame?

…Apple top executives Craig Federighi and Stacey Lysik identified iOS daily builds’ instability as the main culprit for iOS 13 bugs. In short, Apple developers were pushing too many unfinished or buggy features to the daily builds. Since new features were active by default, independently of their maturity level, testers had a hard time to actually use their devices, which caused Apple’s buggy releases.

Here’s how they plan to address the problem:

Federighi suggested leaving all new features disabled by default, so testers can ensure no regressions make it into the latest build and avoid being impaired by new bugs. New features shall be enabled on-demand by testers using a new internal Flags menu, making it possible to test each new feature in isolation.

How did it take Apple to the end of 2019 before they discovered feature flags? I hope it helps 🤞

Joseph Cox vice.com

This legit-looking iPhone lightning cable will hijack your computer

It looks like a legit cable from Apple. It works like a legit cable from Apple. BUT….

Joseph Cox writing for Vice Motherboard:

I plugged the Apple lightning cable into my iPod and connected it to my Mac, just as I normally would. My iPod started charging, iTunes detected the device, and my iPod produced the pop-up asking if I wanted to trust this computer. All expected behaviour.

But this cable was hiding a secret. A short while later, a hacker remotely opened a terminal on my Mac’s screen, letting them run commands on my computer as they saw fit. This is because this wasn’t a regular cable. Instead, it had been modified to include an implant; extra components placed inside the cable letting the hacker remotely connect to the computer.

Apple github.com

Turn a MacBook into a touchscreen with $1 of hardware

We turned a MacBook into a touchscreen using only $1 of hardware and a little bit of computer vision. The proof-of-concept, dubbed “Project Sistine” after our recreation of the famous painting in the Sistine Chapel, was prototyped by Anish Athalye, Kevin Kwok, Guillermo Webster, and Logan Engstrom in about 16 hours.

See that thing at the top of the laptop? It’s a mirror that’s redirecting the webcam downward to do the detection. How they detect a touch is (at least in principle) simple:

Surfaces viewed from an angle tend to look shiny, and you can tell if a finger is touching the surface by checking if it’s touching its own reflection.

Turn a MacBook into a touchscreen with $1 of hardware

Wired Icon Wired

The clever cryptography behind Apple's 'Find My' feature

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they’re offline, allowing nearby Apple devices to relay their location to the cloud… it turns out that Apple’s elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.

WIRED with a fascinating explanation of an utterly fascinating scheme.

Chris Welch The Verge

How hard it is to compete with Apple's App Store?

Apple launched a new section to their website for the App Store. According to The Verge, this new page titled “Principles and Practices” is believed to be a defensive response to recent criticism of the App Store.

Chris Welch writing for The Verge:

Apple’s new site puts a big spotlight on the App Store’s unrivaled success and reach, but in some ways, it also brings more attention to how difficult it can be to compete against Apple.”

Apple from “Principles and Practices”:

Since the launch of the App Store, an entire industry has been built around app design and development, generating over 1,500,000 U.S. jobs and over 1,570,000 jobs across Europe.

We’re proud that, to date, developers have earned more than $120 billion worldwide from selling digital goods and services in apps distributed by the App Store.

84% of apps are free, and developers pay nothing to Apple.

Mozilla Icon Mozilla

“Privacy. That’s iPhone” — made us raise our eyebrows

For all our #applenerds out there — a key feature in iPhone has Mozilla worried. According to Ashley Boyd, VP of Advocacy at Mozilla, this key feature is making “their latest slogan ring a bit hollow.”

Each iPhone that Apple sells comes with a unique ID (called an “identifier for advertisers” or IDFA), which lets advertisers track the actions users take when they use apps. It’s like a salesperson following you from store to store while you shop and recording each thing you look at. Not very private at all.

You can turn the feature off, but “most people don’t know that feature even exists.” Mozilla has an idea of “privacy by default” though…

Arun Venkatesan arun.is

The design of Apple's credit card

Definitely one of my favorite announcements from Apple at their special event this week — the physical version of Apple’s new credit card, Apple Card.

As is expected from Apple, the card is unlike any other. At a close glance, the minutest details set it apart from the rest. Of course, the physical card hasn’t been released yet, but we can learn a lot from what Apple has shown in promotional material.

If you haven’t yet, tune in to Backstage #3 for our hottest of hot takes right after Apple’s special event.

The design of Apple's credit card

Swift forums.swift.org

Apple is indeed patenting Swift features

Is Apple trying to own paradigms of a computer language or are they trying to keep the patent trolls away? Here’s a link to the patent in question, and here’s the patent’s abstract:

In one embodiment, an improved programming system and language for application development is provided that combines elements of the C and Objective-C languages without the constraints imposed by a requirement to maintain compatibility with the C language. The language provides the functionality of the C language compatibility in certain areas to improve the inherent safety of software written in the language. The new language includes default safety considerations such as bounds and overflow checking.

Medium Icon Medium

Apple succumbs to the smartphone malaise

When was the last time you got REALLY EXCITED about the latest iPhone announcement? It’s been awhile for me too…I mostly get excited about improvements made to the camera. We generally expect newer models to get faster and better, right? So, progress alone makes that an expectation. Everything else is just kinda, meh.

From The Economist on Medium:

Smartphones revolutionized everything from shopping and dating to politics and computing itself. They are some of the most popular products ever put on sale. But after a decade-long boom, devices once seen as miraculous have become ubiquitous and even slightly boring.

Federico Viticci MacStories

This iOS shortcut proves you can do awesome programming with Shortcuts

Federico Viticci on MacStories didn’t understand why Apple Music doesn’t offer a “Year in Review” feature, so he built his own:

But Apple doesn’t seem interested in adding this feature to Apple Music, so I decided to build my own using Shortcuts. The result is the most complex shortcut I’ve ever created comprising over 540 actions.

I just tried out the shortcut last night, and it’s incredible. But as Federico himself points out, doing something this complex pushes the boundaries of Shortcuts and iOS:

Apple Music Wrapped pushes the limits of what is possible to achieve with the ‘Find Music Where…’ and ‘Open URLs’ actions of the Shortcuts app. In the past few weeks, I (and other testers) have run into limitations and inconsistencies worth pointing out both for MacStories readers and Shortcuts engineers at Apple.

It’s nothing short of a programmatic feat, and if you use Apple Music, I recommend you give it a shot.

Brad Frost bradfrost.com

Ditching the MacBook Pro for a MacBook Air

For all of our #applenerds out there — I haven’t read this fully (though it’s probably a ~3-5 min read) Brad touched on some key sticking points we didn’t fully cover on our recent Spotlight episode on Apple’s Fall 2018 Mac/iPad event.

Here’s one pro that stood out to me:

The bevel is back, baby. — one of the best things about this machine is the nice slope that doesn’t hurt my writs while typing. This was one of the biggest things I noticed when I switched from my original MacBook Air to a MacBook Pro, and I’m happy to return to a comfortable typing environment.

If you’re a MacBook Pro user, have you been considering the switch to a MacBook Air?

Spotlight Spotlight #15

Apple's Fall 2018 Mac/iPad event

Adam, Jerod, and Tim get together to put a spotlight on Apple’s October 30th Mac/iPad event from a developer’s perspective. They cover the specs of the new MacBook Air and the viability of having it as a development machine, the new Mac Mini in the ever popular Space Gray, and whether or not Tim will be able to stop pulling his hair out to find an affordable, yet powerful desktop machine with it, and the gorgeous new iPad Pro.

Apple blog.halide.cam

iPhone XS is a whole new camera

We don’t nerd out much here in the newsfeed about Apple hardware on the regular. We mostly save that for behind the scenes in #applenerds in Slack — join in.

BUT — I’ve been on the fence about the new iPhone. I currently use an iPhone 7 Plus, which is a great phone, and has a decent camera. I take lots of photos, so the camera on the iPhone is one of the main reasons I have it in my pocket. I’ve been resisting the upgrade mainly due to the sheer cost of the newest models. However, the camera may be what gets me to make the move.

After seeing this video from Unbox Therapy, I decided to wait for the next rev or more details on the camera to surface. Then I read this post from Sebastiaan…the camera and image science behind the new XS (and XS Max) is giving me some serious FOMO.

iPhone XS is a whole new camera

Apple github.com

How far can JavaScript take us?

Tanner Villarete asked himself, “How far can JavaScript take us?” Then answered:

Turns out, pretty dang far. This web app was my attempt at mimicking Apple’s iOS music app, and I think I’ve come pretty close!

I have to admit, he did a pretty good job. The frontend is built on React and Redux. The backend? A Laravel-based API running on a Raspberry Pi!

Here’s the live demo, but be nice because Raspberry Pi.

GitLab Icon GitLab

Apple just announced Xcode 10 is now integrated with GitLab

No other details were shared in this tweet, but this image from the stage of WWDC says all it needs to.

In a post-Microsoft + GitHub worldit has been a crazy 24 hours for GitLab.

More than 2,000 people tweeted about #movingtogitlab. We imported over 100,000 repositories, and we’ve seen a 7x increase in orders. We went live on Bloomberg TV. And on top of that, Apple announced an Xcode integration with GitLab.

Here’s an interesting exchange between Emily Chang and Sid Sijbrandij on Bloomberg Technology:

Emily: I spoke with Satya Nadella earlier today, and he said “he promises to put developers first.” Do you not believe him, or do you think it’s not possible for a company with so many objectives to really put developers first?
Sid: I believe him. Microsoft has shown that it is the new Microsoft, and they’ve done great. The new CEO, Nat Friedman, shows he really understands developers. So I believe him when he says they are going to be good maintainers of GitHub.
Emily: So, then what’s so bad about GitHub?
Sid: There’s nothing bad about GitHub.
Emily: What’s so much better about GitLab?
Sid: It’s a fundamentally different product. It’s open core, so a lot of it is open source. You can host it yourself. But second and I think most importantly, it’s not just code hosting. With GitHub you host your code. GitLab is the entire DevOps lifecycle. So all the way from planning something to rolling it out, container registries, monitoring — all in a single product. That allows you to get the whole organization on the same page. And that’s why people are flocking to it.

They go on to talk about being a sustainable business, financials, etc.

Apple just announced Xcode 10 is now integrated with GitLab
0:00 / 0:00