By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: June 18, 2024

Tuesday, 18 June 2024

Jon Stewart Talks About His Split With Apple on Matthew Belloni’s ‘The Town’ ★

Interesting two-part interview, with far more information than we’ve heard about the demise of The Problem With Jon Stewart on Apple TV+. Part two is here; Overcast links to parts one and two; Apple Podcasts links to parts one and two.

Some nuggets:

• The split seemed very much amicable. Stewart isn’t one to hold back, and he emphasized repeatedly there are no hard feelings. He even professed to getting his morning news in Apple News.

• Apple paid the show’s staff for all of season 3, despite cancelling the show before production began. That’s nearly unheard of in the entertainment industry.

• Stewart himself admits that season one more or less stunk.

Well worth a listen.

Willie Mays, Greatest Centerfielder in Baseball History, Dies at 93 ★

John Shea, the San Francisco Chronicle:

Willie Mays, the iconic and endearing “Say Hey Kid” who charmed countless fans with his brilliant athleticism and graceful style and was widely considered baseball’s greatest and most entertaining player, died Tuesday of heart failure. He was 93.

“My father has passed away peacefully and among loved ones,” Mays son, Michael Mays, said. “I want to thank you all from the bottom of my broken heart for the unwavering love you have shown him over the years. You have been his life’s blood.” [...]

Mays spent most of his 23-year playing career with the Giants, six in New York and 15 in San Francisco, making him a cherished superstar from coast to coast. He hit 660 home runs, made 24 All-Star appearances and won 12 Gold Gloves, which weren’t given out until Mays’ sixth season.

The consummate five-tool player, Mays was elite at hitting, power hitting, defending, throwing and baserunning, and his ability to out-think and out-smart the competition served as a valuable sixth tool.

My dad was a clerk in the Navy, stationed in New York for a stint in the late 1950s, and they’d give free tickets to servicemen to attend ballgames for all three teams in the city: the Yankees, Dodgers, and Giants. At the time, all three clubs had centerfielders destined for the Hall of Fame: Mickey Mantle, Duke Snider, and Mays. My dad has never wavered from his conviction that Willie Mays was the best baseball player he ever saw, hands down. He hit for power and average, ran like the wind, made catches no one else could make, and had a cannon for an arm.

Best ballplayer I’ve seen play was Mays’s godson, Barry Bonds.

Why Dolphin Isn’t Coming to the App Store (Spoiler: It Needs a JIT) ★

“OatmealDome”, developer of an iOS fork of the GameCube and Wii emulator Dolphin:

Two weeks ago, Apple modified their App Store guidelines to allow retro game emulators in the App Store. This week, Delta, a multi-system emulator that was previously only available via AltStore, was released on the App Store. Since these events happened, we’ve been asked many times if we will submit DolphiniOS (our fork of Dolphin) to the App Store.

Unfortunately, no.

Apple still does not allow us to use a vital technology that is necessary for Dolphin to run with good performance: JIT. [...]

Unfortunately, Apple generally does not allow apps to use JIT recompilers on iOS. The only exceptions are Safari and alternative web browsers in Europe. We submitted a DMA interoperability request to Apple for JIT support, but Apple denied the request a few weeks ago.

Swift Playgrounds is an exception too. Apple trusts itself to use JIT compilation safely, but not third-party developers. That’s not unreasonable — but I’m not sure it’s compliant with the DMA.

Open Source PC Emulator UTM Blocked by Apple for Notarization, Including Through EU Marketplaces ★

Michael Tsai:

This is confusing, but I think what Apple is saying is that, even with notarization, apps are not allowed to “download executable code.” Rule 2.5.2 says apps may not “download, install, or execute code” except for limited educational purposes. Rule 4.7 makes an exception to this so that retro game emulators and some other app types can run code “that is not embedded in the binary.” This is grayed out when you select “Show Notarization Review Guidelines Only”, meaning that the exception only applies within the App Store. Thus, the general prohibition remains in effect for App Marketplaces and Web Distribution. But it seems like this wasn’t initially clear to Apple, either, because the review process took two months.

This also seems inconsistent with the fact that the Delta emulator is allowed to be notarized outside the App Store. It doesn’t make much sense for the rules to be more lax within the App Store. I first thought the mistake was that Apple didn’t mean to gray out 4.7 for notarization. Then everything would make sense. But the clarification states that 4.7 is not intended to apply to notarization.

The bottom line for me is that Apple doesn’t want general-purpose emulators, it’s questionable whether the DMA lets it block them, and even siding with Apple on this it isn’t consistently applying its own rules.

Confusing indeed. Apple’s stance on this seems inscrutable and arbitrary: retro game emulators are, at long last, acceptable, but general PC emulators are not. Such arbitrary policy decisions related to the purpose of the app are fine for the App Store (legally speaking), but clearly not compliant with the DMA. That’s one of the few areas where the DMA is clear. Apple can, of course, ban (say) porno apps from the App Store, but can’t refuse to notarize them for distribution outside the App Store in the EU.

Apple has a security leg to stand on when it comes to JIT compilation, but the version of UTM (UTM SE) that was held up in review for two months, and ultimately rejected by Apple, doesn’t use a JIT. And because it doesn’t use a JIT, performance is poor; hence the UTM developers’ deeming it not worth fighting about. Apple goes into depth on the security challenges pertaining to JIT compilation in its documentation for BrowserEngineKit, the framework for developing non-WebKit browser engines for distribution in the EU. That’s ostensibly the reason why developers need a special entitlement to use a custom browser engine — JavaScript engines need a JIT to perform well but JITs pose a security risk.

In an earlier revision of this post, I suggested that Delta — Riley Testut’s excellent and wildly popular retro Nintendo console emulator for iOS — uses a JIT. There is indeed a JIT in Delta’s source code repository, but Testut informs me that it’s currently only enabled through the version of AltStore distributed through sideloading. Delta’s JIT is removed from the versions of Delta in the App Store and AltStore PAL (the EU app marketplace), because of Apple’s restrictions on JIT compilers. No app with a JIT is going to pass review by Apple, including for distribution outside the App Store in the EU. That restriction should, in theory, be permitted under the DMA on security grounds. But how the no-JIT version of UTM could be rejected for notarization, I do not see.

(Thinking about BrowserEngineKit makes me wonder: Now that over four months have passed since Apple announced its initial DMA compliance plans, has even a single browser developer announced plans to bring their own rendering engine to iOS in the EU? As far as I know the answer is no. It’s entirely possible Apple went to all the trouble of creating BrowserEngineKit for compliance with the DMA, but no one is actually going to use it because no browser developer deems the EU market worth forking their browser for, solely for distribution outside the App Store — while on the hook for the 50-euro-cents-per-download Core Technology Fee if such a browser becomes popular.)

Popular AI Chatbots – Including ChatGPT, Mistral, and Meta AI – Spread Russian Propaganda (Because of Course They Do) ★

Ina Fried, reporting for Axios:

To conduct the study, NewsGuard entered prompts asking about narratives known to have been created by John Mark Dougan, an American fugitive who, per the New York Times, is creating and spreading misinformation from Moscow.

• Entering 57 prompts into 10 leading chatbots, NewsGuard found they spread Russian disinformation narratives 32% of the time, often citing Dougan’s fake local news sites as a reliable source.
• The chatbots presented as fact false reports, originating on those sites, about a supposed wiretap discovered at Donald Trump’s Mar-a-Lago residence and a nonexistent Ukrainian troll factory interfering with U.S. elections.
• NewsGuard conducted its research on OpenAI’s ChatGPT-4, You.com’s Smart Assistant, Grok, Inflection, Mistral, Microsoft’s Copilot, Meta AI, Anthropic’s Claude, Google Gemini and Perplexity.

Certainly worth researching, but I’d have been more surprised if these chatbots did not present Russian misinformation as fact. For chrissake they pass Onion articles, which are intended as parody, as fact. Russian misinformation is written with the intent of convincing the gullible that it’s legit; and LLMs are by nature gullible.

Scroll Reverser for MacOS ★

I use both a mouse and trackpad at my desk, but, for whatever reason, prefer “natural scrolling” with the trackpad, but reverse scrolling with the wheel on my mouse. Apple’s control panels for Mouse and Trackpad don’t allow you to specify different scrolling directions per input device.

But that’s exactly what Scroll Reverser does. It’s a super-simple utility by Nick Moore that does one thing and does it really well. I’ve been recommending it for over 10 years. Free of charge and open source.

Apple Security Research: ‘Private Cloud Compute: A New Frontier for AI Privacy in the Cloud’ ★

Apple:

We designed Private Cloud Compute to ensure that privileged access doesn’t allow anyone to bypass our stateless computation guarantees.

First, we intentionally did not include remote shell or interactive debugging mechanisms on the PCC node. Our Code Signing machinery prevents such mechanisms from loading additional code, but this sort of open-ended access would provide a broad attack surface to subvert the system’s security or privacy. Beyond simply not including a shell, remote or otherwise, PCC nodes cannot enable Developer Mode and do not include the tools needed by debugging workflows.

Next, we built the system’s observability and management tooling with privacy safeguards that are designed to prevent user data from being exposed. For example, the system doesn’t even include a general-purpose logging mechanism. Instead, only pre-specified, structured, and audited logs and metrics can leave the node, and multiple independent layers of review help prevent user data from accidentally being exposed through these mechanisms. With traditional cloud AI services, such mechanisms might allow someone with privileged access to observe or collect user data.

Many details here, but many still to come.