Wednesday, January 7, 2026
Juli Clover:
Language learning app Duolingo has apparently been using the iPhone’s Live Activity feature to display ads on the Lock Screen and the Dynamic Island, which violates Apple’s design guidelines.
According to multiple reports on Reddit, the Duolingo app has been displaying an ad for a “Super offer,” which is Duolingo’s paid subscription option.
Just like with notifications, another guideline that Apple doesn’t enforce. You have to fill out a privacy manifest to justify reading your own preferences file or displaying a timestamp to a user, but there are no such restrictions on Live Activities or notifications, nor even an API to tag them with a type so that users could choose to filter out ads and promotions.
Previously:
Advertising App Review App Store Duolingo iOS iOS 26 iOS App Live Activities Push Notifications
Tim Hardwick (Slashdot, Hacker News):
Logitech users on macOS found themselves locked out of their mouse customizations yesterday after the company let a security certificate expire, breaking both its Logi Options+ and G HUB configuration apps.
Logitech devices like its MX Master series mice and MX Keys keyboards stopped working properly as a result of the oversight, with users unable to access their custom scrolling setup, button mappings, and gestures. It wasn't long before the Logitech subreddit was awash with frustrated reports as people discovered their configured peripherals had suddenly reverted to default settings.
Jeff Johnson:
This article is technically inaccurate, sigh.
All Developer ID code signing certificates expire eventually, and macOS does NOT prevent software with an expired certificate from running, otherwise all of your older apps would be dead now.
Logitech was doing some ADDITIONAL validation of their own design, and that's where the problem occurred.
Logitech:
Because the certificate also affected the in‑app updater, you will need to manually download and install the updated version of the app. Please do not uninstall the app and follow the steps below.
[…]
The certificate that expired is used to secure inter-process communications and the expiration resulted in the software not being able to start successfully.
Previously:
Bug Code Signing Interprocess Communication (IPC) Logitech Mac Mac App macOS Tahoe 26 Mouse Security
Claudio Wunder (Hacker News):
Any Engineer at @1Password here? Your Chrome Extension seems to recently started breaking HTML from certain pages. For example, the Node.js website code snippets break when 1Password Extension is enabled.
Evan You:
1Password browser extension is injecting Prism.js globally on every page, which then applies its syntax highlighting logic on all <code> blocks matching [lang=*] regardless of whether it’s meant to be compatible, thus breaking original highlighting.
As I’ve said, I dislike this whole architecture where you need a browser extension that can read and write to the page in order to enter your password. I would hope that as little code as possible is injected and that it’s all been vetted by 1Password, not just pulled down as a dependency.
1Password:
We’re aware of an issue in recent versions of the 1Password browser extension that can interfere with syntax highlighting on some pages.
The team is actively working on a fix. We don’t have a timeline to share yet, but keeping the extension up to date will ensure you receive it once it’s available.
Robert Menke:
Sorry this bug slipped through our release process. I just raised this issue again in our internal Slack. We are working on getting a fix out.
[…]
The fix has already been merged into our main branch. We’ll be putting out a release with just this fix. I’m hoping to have it submitted to the browser extension stores today [December 30].
It’s unclear to me whether this is fixed. The latest Mac version still seems to be 8.11.22 from December 9. When I go to the page for the browser extension and click “what’s new” it takes me here, which is a release from December 30 that talks about passkeys and then says only:
We’ve made general improvements and fixed various bugs for a better 1Password experience.
I don’t see anything on the announcements page or Twitter.
Christina Warren:
I’m glad @1Password is taking this seriously now. But this issue was reported on their community forum and to their engineers weeks ago in beta and was not prioritized as a fix until it went viral here. Every company is guilty of this kind of triage, but this is a process failure as much as it is a testing one.
sheng:
really hoping to read a postmortem on this one
Previously:
1Password Bug JavaScript Mac Mac App macOS Tahoe 26 Passwords Safari Extensions
Tuesday, January 6, 2026
John Gruber (MacRumors):
The first is an entire BlackBerry-style phone: Clicks Communicator. It runs Android but ships with a custom launcher that emphasizes messaging and notifications; it has a hardware mute switch and a side button with a color-coded alert light they call the Signal LED.
[…]
The second is the Clicks Power Keyboard. It’s a MagSafe-compatible battery back with a keyboard that slides out, underneath your phone. (Reminiscent of the Palm Pre?) It’s a Bluetooth keyboard, and you can pair it with up to three devices. Examples they cite include pairing with an iPad, Apple TV, and, intriguingly, a Vision Pro. (I’d rather type with my thumbs on a device like this than peck at the virtual keyboard in VisionOS, I think.) This strikes me as a much better idea for a hardware phone keyboard accessory than a case.
The Power Keyboard looks great. An easily detached battery pack with a keyboard is way more appealing than a case that makes your phone huge. Unfortunately, my phone is just not a good fit for most of the work I do (code and e-mails/HTML that pull together links and content from multiple places). The software and small screen can’t be overcome by a keyboard, though I guess it does make the useable screen a bit larger. But if I did more pure writing I would definitely try one of these.
Maybe I will, anyway. There are a bunch of longer blog posts that I think I could make more progress on during deadtime when I only have access to my phone. Part of what’s stopping me is that I find typing on the screen unpleasant. But the other part is that there’s no MarsEdit for iOS, so I’d need to move certain drafts to another app ahead of time and then bring them back.
Previously:
Update (2026-01-07): Roberto Mateu:
I returned my new iPhone 17 Clicks keyboard case and preordered the Power keyboard on the same day. The new keyboard basically addresses all my issues about the case: portability, flexibility being the main ones. However, another big one I haven’t seen mentioned, is my hope that the new keyboard allows for a better weight distribution by making the bottom heavier.
Android Bluetooth Clicks iOS iOS 26 iPhone Keyboard MagSafe MarsEdit Power This Blog
Apple (Hacker News):
In iOS 26.2 and later, browser engines other than WebKit can be used in two types of apps for users in Japan: Dedicated browser apps that provide a full web browser experience, and apps from browser engine stewards that provide in-app browsing experiences using an embedded browser engine.
[…]
To help keep users safe online, Apple will only authorize developers to implement alternative browser engines after meeting specific criteria and who commit to a number of ongoing privacy and security requirements, including timely security updates to address emerging threats and vulnerabilities.
Previously:
Antitrust BrowserEngineKit iOS iOS 26 Japan Legal
Paul Thurrott (Slashdot):
“My goal is to eliminate every line of C and C++ from Microsoft by 2030,” Microsoft Distinguished Engineer Galen Hunt writes in a post on LinkedIn. “Our strategy is to combine AI and Algorithms to rewrite Microsoft’s largest codebases. Our North Star is ‘1 engineer, 1 month, 1 million lines of code.’ To accomplish this previously unimaginable task, we’ve built a powerful code processing infrastructure. Our algorithmic infrastructure creates a scalable graph over source code at scale. Our AI processing infrastructure then enables us to apply AI agents, guided by algorithms, to make code modifications at scale. The core of this infrastructure is already operating at scale on problems such as code understanding.”
Mayank Parmar (Hacker News):
Microsoft told Windows Latest that the company does not plan to rewrite Windows 11 using AI in Rust, which is a programming language that is more secure than C and C++.
[…]
I also screenshotted the LinkedIn post before it was edited out by the top-level Microsoft engineer[…]
[…]
Honestly, most people would not have taken this seriously if it did not come from a top-level Microsoft engineer. When someone with that kind of title and long history at the company talks about eliminating C and C++ and using AI to rewrite large codebases, it sounds less like a random idea and more like something Microsoft is at least exploring.
Miguel de Icaza:
It bothers me that the clarification was not “sorry I misled you”, but “you folks are dumb by parsing my words the way I wrote them”
Meanwhile, here’s the actual www.office.com site matter-of-factly rebranding Office as Copilot (via Hacker News):
The Microsoft 365 Copilot app (formerly Office) lets you create, share, and collaborate all in one place with your favorite apps now including Copilot.
Previously:
Artificial Intelligence Copilot AI Microsoft Microsoft Office Programming Rust Programming Language Software Rewrite
Monday, January 5, 2026
Brent Simmons:
We’re dropping the Slack group as the NetNewsWire forum and switching to Discourse — here’s the new forum.
Slack’s been pretty great for us, but it does have some limitations: conversations are automatically deleted and they’re not findable on the web in the first place.
It’s a shame that the Slack archives were deleted, but I think this will increase the longevity and accessibility of the information going forward.
Previously:
Datacide Discourse iOS iOS App Mac Mac App NetNewsWire Slack Web
Michael Kennedy (via Hacker News):
For example, how fast or slow is it to add an item to a list in Python? What about opening a file? Is that less than a millisecond? Is there something that makes that slower than you might have guessed? If you have a performance sensitive algorithm, which data structure should you use? How much memory does a floating point number use? What about a single character or the empty string? How fast is FastAPI compared to Django?
I wanted to take a moment and write down performance numbers specifically focused on Python developers. Below you will find an extensive table of such values.
Previously:
Memory Management Optimization Programming Python
Jonas Bonér (based on work by Peter Norvig and Jeff Dean from 2012):
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD
Read 1 MB sequentially from memory 250,000 ns 250 us
Round trip within same datacenter 500,000 ns 500 us
Read 1 MB sequentially from SSD* 1,000,000 ns 1,000 us 1 ms ~1GB/sec SSD, 4X memory
Disk seek 10,000,000 ns 10,000 us 10 ms 20x datacenter roundtrip
Read 1 MB sequentially from disk 20,000,000 ns 20,000 us 20 ms 80x memory, 20X SSD
Send packet CA->Netherlands->CA 150,000,000 ns 150,000 us 150 ms
Colin Scott has a page that helps visualize how these types of numbers have changed over time (Hacker News).
Jon Snader:
Mohammad Zeya Ahmad has an informative post [archive] that answers that question. He has a list of how much time various common operations take. That’s interesting but what make his list stand out is that he draws conclusions from his results.
For example, SSDs are about 30 times faster than HDDs so if you have a high performance disk-based task, it makes sense to use SSDs. Of course, there are reasons to prefer HDDs but if performance is your controlling metric, SSDs are probably your best choice.
For each group of comparable metrics, Ahmad offers an actionable suggestion. Those groups range from CPU versus Cache and Memory speeds to network transfer times.
Previously:
Math Memory Management Optimization Processors Programming Solid-State Drive (SSD) Storage
Ryan Jones:
Can anyone explain why there’s no “Clear Documents & Data” button?
Reinstalling the app just to clear it is dumb.
I can see why Apple doesn’t want to make it easier for users to accidentally delete data that they meant to keep. But I would like to at least see a standard system button for clearing an app’s caches. It’s backwards that to clear the cache you have to Delete App, which also removes its data, then reinstall it and somehow restore. You might think that Offload App would delete the app as well as the purgeable data, leaving only that which can’t be recreated automatically, but as far as I’m aware it leaves the caches in place.
Previously:
Update (2026-01-06): Craig Grannell:
I have a 130MB health app that’s so far ballooned to 1.5GB due to downloading everything each day. It keeps growing. Natch, there is no way to delete old data. (Nor can you get at the data to get the audio files – which is 99% of it – out of the thing.)
iOS iOS 26 Storage
Thursday, January 1, 2026
Simon Willison (tweet, Hacker News):
This is the third in my annual series reviewing everything that happened in the LLM space over the past 12 months. For previous years see Stuff we figured out about AI in 2023 and Things we learned about LLMs in 2024.
[…]
Every notable AI lab released at least one reasoning model in 2025. Some labs released hybrids that could be run in reasoning or non-reasoning modes. Many API models now include dials for increasing or decreasing the amount of reasoning applied to a given prompt.
[…]
It turned out that the real unlock of reasoning was in driving tools. Reasoning models with access to tools can plan out multi-step tasks, execute on them and continue to reason about the results such that they can update their plans to better achieve the desired goal.
[…]
Reasoning models are also exceptional at producing and debugging code. The reasoning trick means they can start with an error and step through many different layers of the codebase to find the root cause. I’ve found even the gnarliest of bugs can be diagnosed by a good reasoner with the ability to read and execute code against even large and complex codebases.
Previously:
Artificial Intelligence ChatGPT Claude Developer Tool Google Gemini/Bard LLaMA Programming
naruse (Hacker News):
Ruby Box is a new (experimental) feature to provide separation about definitions. Ruby Box is enabled when an environment variable RUBY_BOX=1 is specified. The class is Ruby::Box.
Definitions loaded in a box are isolated in the box. Ruby Box can isolate/separate monkey patches, changes of global/class variables, class/module definitions, and loaded native/ruby libraries from other boxes.
[…]
ZJIT is a new just-in-time (JIT) compiler, which is developed as the next generation of YJIT. You need Rust 1.85.0 or newer to build Ruby with ZJIT support, and ZJIT is enabled when --zjit is specified.
We’re building a new compiler for Ruby because we want to both raise the performance ceiling (bigger compilation unit size and SSA IR) and encourage more outside contribution (by becoming a more traditional method compiler). See our blog post for more details.
[…]
Ractor, Ruby’s parallel execution mechanism, has received several improvements. A new class, Ractor::Port, was introduced to address issues related to message sending and receiving (see our blog post).
Compiler Just-In-Time Compilation (JIT) Language Design Programming Ruby
Wednesday, December 31, 2025
Marcus Mendes (PDF):
In the paper UICoder: Finetuning Large Language Models to Generate User Interface Code through Automated Feedback, the researchers explain that while LLMs have gotten better at multiple writing tasks, including creative writing and coding, they still struggle to “reliably generate syntactically-correct, well-designed code for UIs.” They also have a good idea why:
Even in curated or manually authored finetuning datasets, examples of UI code are extremely rare, in some cases making up less than one percent of the overall examples in code datasets.
To tackle this, they started with StarChat-Beta, an open-source LLM specialized in coding. They gave it a list of UI descriptions, and instructed it to generate a massive synthetic dataset of SwiftUI programs from those descriptions.
The paper was published last year, but I didn’t see people talking about it until August. In the interim, Apple started using third-party AI providers in Xcode.
Der Teilweise:
18-25% of the output does not even compile. (The model they started with: 97% of the results FAILED to compile. Even the BEST model fails to produce compilable code in 12% of the cases.)
This lines up with GitHub’s report that typed languages are more reliable for generative AI.
Matt Gallagher:
To be blunt: after testing them out, I have not used LLMs for programming for the rest of the year. Attempting to use an LLM in that way was simply too frustrating. I don’t enjoy cleaning up flawed approaches and changing every single line. I do regularly ask ChatGPT how to use specific APIs, but I’m really just using it as a better documentation search or asking for sample code that is missing from Apple’s documentation. I’m not directly using any of the code ChatGPT writes in any of my apps.
In the meantime, I have watched plenty of presentations about letting Claude Code, and other tools, completely build an “app” but the successful presentations have usually focussed on JavaScript web apps or Python wrappers around small command-line tools. The two times this year that I’ve watched developers try the same with Swift apps have led to non-working solutions and excuses claiming it does sometimes work if left to run for another 20 minutes.
Previously:
Update (2026-01-05): Tas:
My brother is working on an IPTV app in SwiftUI and has a similar experience. Claude Code improved the quality of outputs significantly especially if you download the docs and do spec-driven development. But the chance of one-shotting tasks is still lower than with Typescript for example.
Greg Brockman:
rust is a perfect language for agents, given that if it compiles it’s ~correct
Jonathan Blow:
I understand the motivation, he wants the borrow checker to help make up for the lack of consistent reasoning in LLMs. But the fact he thinks this is a potential solution is nutballs and makes me think he does not understand the problem really.
Artificial Intelligence iOS iOS 17 Programming Swift Programming Language SwiftUI Top Posts Xcode
GitHub (tweet):
This surge in activity coincides with a structural milestone: for the first time, TypeScript overtook both Python and JavaScript in August 2025 to become the most used language on GitHub, reflecting how developers are reshaping their toolkits. This marks the most significant language shift in more than a decade.
[…]
Generative AI is now standard in development. More than 1.1 million public repositories now use an LLM SDK with 693,867 of these projects created in just the past 12 months alone (+178% YoY, Aug ’25 vs. Aug ’24). Developers also merged a record 518.7M pull requests (+29% YoY). Moreover, AI adoption starts quickly: 80% of new developers on GitHub use Copilot in their first week.
[…]
TypeScript is now the most used language on GitHub. […] Its rise illustrates how developers are shifting toward typed languages that make agent-assisted coding more reliable in production. It doesn’t hurt that nearly every major frontend framework now scaffolds with TypeScript by default. Even still, Python remains dominant for AI and data science workloads, while the JavaScript/TypeScript ecosystem still accounts for more overall activity than Python alone.
Java is #4 and C# is #5.
Previously:
Artificial Intelligence Copilot AI GitHub JavaScript Programming Python TypeScript
Tuesday, December 30, 2025
Juli Clover:
Apple should be able to collect a reasonable commission on purchases made using external links included in iOS apps, the U.S. Court of Appeals ruled today (via Reuters). The U.S. Court of Appeals partially reversed sanctions imposed on Apple after Apple was found to have willfully violated an injunction in the ongoing Epic Games vs. Apple legal battle.
[…]
Apple is not going to be able to start charging a commission immediately, though. The case has been sent back to the district court so that a reasonable fee can be determined.
[…]
Apple can restrict developers from making external links more prominent than in-app purchase options. Specifically, Apple can restrict a developer from putting buttons, links, or other calls to action in more prominent fonts, larger sizes, larger quantities, and more prominent places than buttons for in-app purchases. Apple has to allow developers to place buttons in “at least” the same fonts, sizes, and places as Apple’s own.
Kyle Orland (Hacker News, Slashdot):
The ruling, signed by a panel of three appellate court judges, affirmed that Apple’s initial attempts to charge a 27 percent fee to iOS developers using outside payment options “had a prohibitive effect, in violation of the injunction.” Similarly, Apple’s restrictions on how those outside links had to be designed were overly broad; the appeals court suggests that Apple can only ensure that internal and external payment options are presented in a similar fashion.
The appeals court also agreed that Apple acted in “bad faith” by refusing to comply with the injunction, rejecting viable, compliant alternatives in internal discussions. And the appeals court was also not convinced by Apple’s process-focused arguments, saying the district court properly evaluated materials Apple argued were protected by attorney-client privilege.
While the district court barred Apple from charging any fees for payments made outside of its App Store, the appeals court now suggests that Apple should still be able to charge a “reasonable fee” based on its “actual costs to ensure user security and privacy.” It will be up to Apple and the district court to determine what that kind of “reasonable fee” should look like going forward.
Jay Peters (MacRumors):
“If you want to have an app go through review with custom linkouts, maybe there’s several hundred dollars of fees associated with that every time you submit an app, which is perfectly reasonable because there are real people at Apple doing those things and Apple pays them, and we should be contributing to that,” Sweeney says. But he says that the ruling, “completely shuts down, I think, for all time, Apple’s theory that they should be able to charge arbitrary junk fees for access.”
With these two areas that Apple would be allowed to charge for, Sweeney says that “I can’t imagine any justification for a percentage of developer revenue being assessed here.”
[…]
The ruling wasn’t the only big news for Epic and Fortnite on mobile today: the game also returned to Google Play in the US after similarly being booted by Google when Epic added the in-app payments system to Fortnite. Epic and Google announced last month that they have agreed to settle their lawsuit, and while the two sides are still seeking court approval for their settlement, it resolves their disputes worldwide.
Jeff Johnson:
The court ruling is confusing.
It says Apple can charge “necessary” costs for use of its IP but seems to interpret IP extremely narrowly to apply only to external links?
I’m not even sure what that IP is supposed to be.
Previously:
App Store Business Epic Games External iOS Payments Fortnite iOS iOS 26 Lawsuit Legal
Screen Sizes is a Web app that shows the display resolution for each iPhone model, and it also has details about the sizes of the home indicator, notch, widgets, etc.
Via Nick Heer:
Something I need to do at my day job on a semi-regular basis is compositing a screenshot on a photo of someone holding or using an iPhone or an iPad. One of my pet peeves is when there is little attempt at realism — like when a screenshot is pasted over a notch, or the screen corners have an obviously incorrect radius. This is not out of protection for the integrity of Apple’s hardware design, per se; it just looks careless. I constantly refer to Screen Sizes to avoid these mistakes.
Previously:
Developer Tool Display iOS iOS 26 iOS Widgets iPhone Programming Retina Web
Monday, December 29, 2025
Howard Oakley (Hacker News):
If someone had told me 12 months ago what was going to happen this past year, I wouldn’t have believed them. Skipping swiftly past all the political, economic and social turmoil, I come to the interface changes brought in macOS Tahoe with Liquid Glass. After three months of strong feedback during beta-testing, I was disappointed when Tahoe was released on 15 September to see how little had been addressed. When 26.1 followed on 3 November it had only regressed, and 26.2 has done nothing. Here I summarise my opinions on where Tahoe’s overhaul has gone wrong.
[…]
In real life, whiteouts are dangerous because they’re so disorienting. There’s no horizon, no features in the landscape, and no clues to navigation. We see and work best in visual environments that are rich in colour and tonal contrasts. Tahoe has continued a trend for Light Mode to be bleached-out white, and Dark Mode to be a moonless night. Seeing where controls, views and contents start and end is difficult, and leaves them suspended in the whiteout.
[…]
I’m sure that, in the right place and time, transparency effects of Liquid Glass can be visually pleasing. Not only is this the wrong time and place, but those with visual impairment can no longer remove or even reduce these effects, as the Reduce Transparency control in Accessibility settings no longer reduces transparency in any useful way. That was one of the regressions in 26.1 that hasn’t been addressed in 26.2.
jjice:
I don’t mind how Liquid Glass looks at all. It’s just insane how buggy the system has become. Even Messages will bug out, like deleting my first word if I type too fast after opening a conversation or auto scrolling and not letting me scroll down until I exit and re-enter.
Unacceptable for the premium you pay for Apple software. Unacceptable for any software one is paying for. I hope they get their shit together and start fixing before they continue adding new stuff. 26.2 doesn’t inspire me that they’re on that trajectory.
Previously:
Update (2025-12-30): Craig Grannell:
Sad to see that last pic of an older macOS and see how far things have fallen. (And Howard didn’t even mention the absurd “hovering” buttons.)
Nick Heer:
Oakley reviews several lingering problems with Liquid Glass in MacOS, but the above remains the most — and I use this word intentionally — glaring issue I have with it. It is a problem that becomes entirely clear as you scroll to the bottom of Oakley’s post and find a screenshot from — I think — Mac OS X Mavericks with evident precision and contrast.
Aaron Trickey:
What pushed me over the edge in deciding to chase at least some of it was installing the first beta of macOS Tahoe. It was clear that non-updated apps would immediately stand out, from the radius of the window corners to the look of standard controls, and I wanted to make sure my apps looked well-maintained. I decided on a major (dot-zero) release number to give me a bit more license to update the UI than normal, and dug in.
[…]
This, unfortunately, turned into a surprising time sink. There was a lot of
churn, with each macOS beta changing at least something about how glass
effects looked or behaved. Different control types applied glass effects
inconsistently (and still do, in the released versions). When presented over a
white background, glass layers become hard to spot without additional
tweaking. This resulted in many hours of experimenting and iterating, far more
than the size of these controls would imply. I’m pleased with the final
result, but expect to keep revising it over time.
One thing Apple pushed for, which I did not adopt, was to extend blurred
document content up under the toolbar. I tried, over many hours, repeating
with each new beta, but it never worked out.
Accessibility Apple Software Quality Design Liquid Glass Mac macOS Tahoe 26
Benny Kjær Nielsen:
I’ve previously described the transition to the new pricing model as a huge gamble because I would no longer be selling license keys for $50. This was the majority of the revenue generated. So far, this gamble has paid off since I’ve had an increase in revenue when comparing 2025 to 2024. It does not correspond to what one (where I live) would expect from a full time job, but it does mean that I’m going to continue full time development in 2026. I believe that is good news for MailMate users and I’m really thankful for all of the, new and old, MailMate development patrons/subscribers.
Some users might have noticed that I haven’t uploaded any test releases of MailMate for quite a while (more than 2 months). This is not because I’ve not been working on MailMate. It’s because I’ve been working on some broad changes to very old core parts of MailMate, in particular, related to parsing/editing of emails and memory management.
Previously:
Business E-mail Client Mac Mac App macOS Tahoe 26 MailMate
Friday, December 26, 2025
matthewfromteneriffe (Reddit):
Since updating to WatchOS 26 I no longer receive any alerts (i.e. pace, heart rate zone and splits) - only beeps, no voice alerts. I do not use headphones/iphone while running.
Xiruzero:
What I realized is that the alerts don’t work if the watch is offline, but will work if the watch is connected with the Internet. My watch is Wi-Fi only and I don’t take my phone on my runs, so it’s always offline during workouts.
The issue happens even if the watch disconnects mid workout. It’ll start playing alerts and stop as soon as the watch loses connection.
matthewfromteneriffe:
After a number of calls with a support person (and engineering via that support person), they confirmed verbally that to get voice feedback when not connected to an iPhone/internet, you need to download the voice files to the watch (I think I did this prior to updating to OS26 but had not done this in OS26 as I was not aware this was needed) AND your watch needs to be connected to headphones to play the voice alerts (although the voice alerts play from the watch when the phone is connected). The support person confirmed that this change is by design - naturally I voiced my irrigation and lack of clear communication by Apple that they had made this decision for me.
I did not test this as I do not use headphones when exercising so I am having my watch downgraded to the previous OS.
[…]
If I hadn’t become so ‘addicted’ to tap to pay (and other tap functions) on the watch, I’d be switching to a Garmin.
trail-runner:
In case this helps others experiencing this issue, I’ve spent numerous hours with Apple support on this and finally received an official response from their engineering team:
Workout Voice Feedback was removed on Watch OS 26 for GPS models of Apple Watch. This feature is still available on cellular models of Apple Watch as it now requires a network connection for the feature to operate. This feature applies to normal voice feedback during workouts. It is now expected that if the iPhone and GPS models of the Apple Watch are not within range of each other during the workout, that the voice feedback function will not work.
alexskunz:
I’m experiencing the same thing, and I am completely dismayed by this change. Getting Voice Feedback without having to haul the phone around was the whole reason to get an Apple Watch as my fitness tracker (listening to music via AirPods was just an added benefit).
I have tried everything that is mentioned in this whole lengthy thread (downloading the speech files via Accessibility setting, adjusting the notifications to “all” instead of “Urgent”, Siri settings, etc.) without any improvement.
The Watch with OS26 doesn’t speak when it isn’t connected to an iPhone. The interesting thing is that the iPhone does NOT need to have a network connection — I had mine in my pocket, in airplane mode, and the Watch still gave me Voice Feedback. This is in line with the observations from MajorLeagueSoccer that their Watch with “cellular” doesn’t actually have a cellular connection, but does provide Voice Feedback as well.
This seems to contradict what the engineering team said. I don’t understand whether there’s an artificial restriction or a bug.
Previously:
Update (2025-12-30): Bob O’Shaughnessy:
I’ve been infuriated by this since the release of WatchOS 26. Running without phone has been my main workout For a few years now.
Hopefully this gets the issue some traction with people at Apple who can fix it. The calls to support and the huge Apple Support Community thread haven’t helped.
Bug Speech Synthesis watchOS watchOS 26 Workout
Juli Clover (Hacker News, Slashdot):
The Texas App Store Accountability Act (SB2420) requires Apple and other app marketplaces to confirm user age when a person creates an Apple Account. Apple Accounts for users under 18 would need to join a Family Sharing group, with new controls available for parents and restrictions for minors.
In a preliminary injunction that delays the implementation of the act, Judge Robert Pitman said that it violates the First Amendment and is “more likely than not unconstitutional.”
Sarah Perez:
The Texas attorney general’s office noted in a court filing that it plans to appeal the decision, a report from Reuters noted.
Apple:
In light of this ruling, Apple will pause previously announced implementation plans and monitor the ongoing legal process.
[…]
These tools can also be used to help developers with their obligations under laws coming into effect in Utah and Louisiana in 2026. The Declared Age Range API remains available worldwide for users on iOS 26, iPadOS 26, and macOS 26, or later.
Previously:
App Store Children iOS iOS 26 Legal Texas
Monica J. White (via Mac Power Users):
SSDs rely on stored electrical charge in NAND flash cells to represent data. When an SSD is powered and in regular use, it can correct many small errors with ECC, remap weak blocks, and generally keep data reliable. Leave your SSD in a drawer, though, and it can’t do any of that.
Industry sources talk about this at length. Western Digital notes that data retention diminishes as PE cycles increase. Most SSDs run checks in the background to verify which blocks are experiencing higher bit error rates, but when the SSD is powered off, that process can’t take place.
YouTuber HTWingNut runs a (very small-scale) yearly experiment that shows what can happen to SSDs when they’re used as cold storage. The latest results after two years showed that out of four cheap TLC SSDs tested, drives that were previously heavily used (way past their recommended TBW rating) showed signs of corruption after being unpowered for two years.
[…]
If you need to park data on an SSD, check on it periodically. Power it up, run a full read/verify pass, and compare checksums for your irreplaceable files.
This is easy to do if the files are stored in EagleFiler. I periodically check all my archives, though they’re stored on spinning hard drives due to the still much higher costs and lower capacities of SSDs.
Previously:
Data Integrity EagleFiler Mac macOS Tahoe 26 Solid-State Drive (SSD) Storage
Hartley Charlton:
Apple and Amazon are facing a new UK opt-out class action seeking more than £900 million ($1.2 billion) over claims that the companies struck an unlawful deal that pushed independent Apple and Beats sellers off Amazon and kept prices higher for consumers.
The claim centers on an agreement from October 2018, from which point it is alleged that Amazon restricted third-party sellers from offering Apple products on Amazon’s marketplace, while Apple gave Amazon better wholesale terms for Apple products sold directly by Amazon as a retailer.
Previously:
Amazon Antitrust Apple Beats Business Lawsuit Legal Shopping United Kingdom Web
Wednesday, December 24, 2025
Howard Oakley:
One of the primary aims of most malware is to trick you into giving it your password. Armed with that, there’s little to stop it gathering up your secrets and sending them off to your attacker’s servers. One of your key defences against that is to know when a password request is genuine, and when it’s bogus. By far the best way to authenticate now is using Touch ID, but many Macs don’t support it, either because they can’t, or because their keyboard doesn’t, and there are still occasions when a genuine request may not offer it. This article looks at the anatomy of a range of genuine password requests. Note that these dialogs aren’t generated by the app, but come from the macOS security system, hence their consistency.
It’s kind of scary that there isn’t really anything about the standard Mac password dialogs that malware couldn’t duplicate. I don’t know why Apple hasn’t figured out a way to modify the rest of the screen in a way that only they could do. But, in practice, the fake dialogs seem to be very sloppily designed, so it’s good to review Oakley’s catalog.
I use a USB keyboard that doesn’t support Touch ID 99% of the time. Even when using my MacBook Pro’s internal keyboard, I tend not to use Touch ID because it rarely works. (It doesn’t work well on my iPad Air, either, though it was very reliable back before iPhones switched to Face ID.)
Update (2025-12-26): Kyle Howells:
I’ve though for the last decade that Apple should have a second light next to the camera light* which lights up during a real macOS auth request.
As it is Apple’s flood of permission requests is security theatre which makes users less secure by training them to expect frequent random prompts for their macOS password and to just accept it without thinking and enter their password.
(*a different color, maybe the other side of the camera, or above the keyboard instead).
Adam Demasi:
I kinda don’t trust Apple to not make it even more confusing. Personally I think there’s a lot that can be learned from UAC’s seeming simplicity, while it has a bunch of anti-forgery features built in. (Don’t need to replicate all the unfixed security flaws surrounding it though lol)
OS X actually used to show more info in the admin elevation prompt, like the process name and the intended outcome (run command as root, start privileged helper, custom 3rd-party tasks), not sure why this was removed around the Lion era.
One thing for sure though, making system auth prompts look just like all other alerts is a mistake. Apple keeps doing this for some reason (see also fake Apple ID prompts, before they redesigned this UI around the Face ID double-click)
Mac macOS 15 Sequoia macOS Tahoe 26 Malware Passwords Security Touch ID
Apple:
When a user searches on the App Store, your ad can appear at the top of their search results. And starting in 2026, we’ll be introducing more ads to increase opportunity in search results.
[…]
Your ad will run in either the existing position — at the top of search results — or further down in search results. If you have a search results campaign running, your ad will be automatically eligible for all available positions, but you can’t select or bid for a particular one.
James Thomson:
Me: I really hate the advert when you search on the App Store, I wish Apple would change that.
Apple: Wish granted!
John Gruber (Mastodon):
I have a bad feeling about this.
Marco Arment:
App Store search is ineffective and primitive, and doesn’t reliably show high-quality, relevant results for queries.
How can it be improved?
More advanced search algorithms, like the last two decades? Nope!
AI-assisted relevance and ranking, like this decade? Nope!
When all you have is an insatiable desire for more “services revenue”, you can only see one solution…
Greg Pierce:
Why should Apple just take 30% of the lifetime value of your customers in perpetuity when they can charge you 90% of that just to acquire them!
Jeff Johnson:
Do additional ad positions in App Store search mean that if someone searches for your app by name, Apple can bury your app even lower than its current (hopefully) #2 position in the results?
Previously:
Advertising App Store App Store Search Ads iOS iOS 26
Halimah DeLaine Prado (Reddit):
We filed a suit today against the scraping company SerpApi for circumventing security measures protecting others’ copyrighted content that appears in Google search results. We did this to ask a court to stop SerpApi’s bots and their malicious scraping, which violates the choices of websites and rightsholders about who should have access to their content. This lawsuit follows legal action that other websites have taken against SerpApi and similar scraping companies, and is part of our long track record of affirmative litigation to fight scammers and bad actors on the web.
Google follows industry-standard crawling protocols, and honors websites’ directives over crawling of their content. Stealthy scrapers like SerpApi override those directives and give sites no choice at all. SerpApi uses shady back doors — like cloaking themselves, bombarding websites with massive networks of bots and giving their crawlers fake and constantly changing names — circumventing our security measures to take websites’ content wholesale.
Barry Schwartz:
Google claims SerpApi uses hundreds of millions of fake search requests to mimic human behavior. This allows them to bypass CAPTCHAs and other automated defenses that Google uses to prevent bots from overwhelming its systems.
SerpApi sells a “Google Search API” to third parties. Google argues this is deceptive because Google does not offer a public search API for this type of data. SerpApi is essentially selling a back door to Google’s proprietary search engine.
Google argues that its security systems (like SearchGuard) are “technological measures” that control access to copyrighted work. By bypassing them, SerpApi is allegedly violating Section 1201 of the DMCA. Google claims SerpApi is violating Google’s Terms of Service, which strictly prohibit automated scraping and the use of proxies to hide one’s identity. Google alleges that SerpApi is profiting from Google’s massive investment in organizing the world’s information without contributing to the ecosystem or respecting the rules.
“Google estimates that SerpApi sends hundreds of millions of artificial search requests each day to Google. Over the last two years, that volume has increased by as much as 25,000%,” Google said.
Danny Goodwin:
What SerpApi has said previously. SerpApi argued that “public search data should be accessible,” framing its work as protected by the First Amendment and warning that lawsuits like Reddit’s threaten the “free and open web.”
Nick Heer:
Recent actions taken by U.S. courts, for example, have found Google illegally maintained its search monopoly. In issuing proposed remedies earlier this year, the judge noted the rapidly shifting world of search thanks to the growth of generative artificial intelligence products. “OpenAI” is mentioned (PDF) thirty times as an example of a potential disruptor. However, the judge does not mention OpenAI’s live search data is at least partially powered by SerpApi.
Previously:
Artificial Intelligence Copyright Digital Millennium Copyright Act (DMCA) Google Lawsuit Legal OpenAI SerpApi Web Web Crawlers
Clare Duffy (Reddit):
TikTok has signed the deal backed by President Donald Trump to spin off its US assets to create a new entity with a group of mostly American investors, CEO Shou Chew told employees in a memo Thursday.
Although the transaction is not yet complete, the move brings TikTok one step closer to securing its long-term future in the United States. It comes after a law passed last year required that the US version of the app be spun off from its parent company, ByteDance, or be banned in the United States.
[…]
Under the agreement, the US TikTok app will be controlled by a new joint venture, 50% of which will be owned by a consortium of investors comprised of tech company Oracle, private equity firm Silver Lake and Emirati-backed investment firm MGX. Just over 30% of the joint venture will be held by “affiliates of certain existing investors in ByteDance” and 19.9% will be retained by ByteDance, according to Chew’s memo.
John Gruber (Mastodon):
The craziest aspect of this whole saga is that TikTok has been operating illegally since Trump took office.
Nick Heer:
Oracle is among the companies illegally supporting TikTok for the past year, along with Apple and Google. Instead of facing stiff legal penalties, Oracle will get to own a 15% piece of TikTok.
Karl Bode (Hacker News):
The deal purportedly involves “retraining the content recommendation algorithm on U.S. user data to ensure the content feed is free from outside manipulation,” but given you can’t trust any of the companies involved, the Trump administration, or what’s left of U.S. regulators, that means absolutely nothing. Oracle will be “overseeing data protection,” but that means nothing as well given Oracle is run by an authoritarian-enabling billionaire with a long history of his own privacy abuses.
Also, this seems to ignore that three years ago, during the Biden administration, it was already announced that Oracle was overseeing TikTok’s algorithms and data protection. It’s kinda weird that everyone seems to have forgotten that. This is all, more or less, what was already agreed to years ago.
Nick Heer:
There is a kind of implied for now which should be tacked onto the end of its impact on Canadians. This U.S.-specific version lays the groundwork for a political wedge issue in Canada and elsewhere: should people use the version of the app run by a company headquartered in Beijing and mostly owned by a mix of American, Chinese, and Emirati investors, or should they use the app run by a company based in the U.S and mostly owned by a mix of American, Chinese, and Emirati investors? Or, to frame it in more politically expedient terms, should people be allowed to use the “Chinese” app or should they be pushed into the “American” app? Under that framing, I would not be surprised to see the U.S. version become the dominant client for TikTok worldwide.
Previously:
Acquisition Business China Legal Oracle TikTok Web
Tuesday, December 23, 2025
Juli Clover (Hacker News, Reddit):
The Digital Markets Act requires Apple to provide third-party accessories with the same capabilities and access to device features that Apple’s own products get. In iOS 26.3, EU wearable device makers can now test proximity pairing and improved notifications.
Here are the new capabilities that Apple is adding:
- Proximity pairing - Devices like earbuds will be able to pair with an iOS device in an AirPods-like way by bringing the accessory close to an iPhone or iPad to initiate a simple, one-tap pairing process. Pairing third-party devices will no longer require multiple steps.
- Notifications - Third-party accessories like smart watches will be able to receive notifications from the iPhone. Users will be able to view and react to incoming notifications, which is functionality normally limited to the Apple Watch.
I’m looking forward to Apple’s blog post about how easier Bluetooth pairing will put users at risk. The notification forwarding was previously announced, but I didn’t realize it also included support for reactions.
Steve Dent:
However, there’s no indication that it will allow seamless switching between devices as you can do with Apple’s [AirPods], for instance.
Previously:
Update (2025-12-26): Steven Aquino:
I could be wrong, but it sounds like Apple’s using its AccessorySetupKit API for this.
[…]
In the end, this week’s news should make disabled people living in the European Union really happy because product pairing is about to become a way more accessible experience.
These benefits aren’t exclusive to Apple. Google’s “Fast Pair” does it on Android too.
AirPods Antitrust Bluetooth Digital Markets Act (DMA) European Union iOS iOS 26
Joe Rossignol (Slashdot):
Due to regulatory action, Apple has agreed to allow alternative app stores, third-party payment systems for in-app purchases, and in-app links to external offers on iOS in Brazil, according to legal news website MLex and Brazilian blog Tecnoblog.
Previously:
Update (2025-12-26): Hartley Charlton (Slashdot):
CADE specified that Apple may still display warnings or informational messages to users, but those messages must be neutral, objective, and limited in scope, and must not introduce extra steps or barriers that make alternative options harder to use.
According to Brazilian technology site Tecnoblog, which said it obtained the details directly from CADE, purchases made through the App Store will remain subject to a 10% or 25% commission under standard terms. Developers who use Apple's payment system would also pay a 5% transaction fee.
If an app directs users to pay outside the app using only static text, with no clickable link or button, Apple will not charge a fee. If the app includes a clickable button or link that sends users to an external website for payment, Apple will charge a 15% fee. Third-party app stores will be subject to a 5% Core Technology Commission.
Marcus Mendes:
In 2022, Latin American e-commerce giant MercadoLibre filed a complaint with Brazil’s competition watchdog, the Conselho Administrativo de Defesa Econômica (CADE), challenging Apple’s iOS App Store rules, including restrictions on app distribution and the mandatory use of Apple’s in-app payment system.
Since then, the legal back-and-forth closely followed the script seen in other countries where Apple has faced similar antitrust scrutiny. Both Apple and MercadoLibre scored legal wins, which were immediately challenged by the opposing side.
[…]
In a statement provided to 9to5Mac, Apple said:
In order to comply with regulatory demands from CADE, Apple is making changes that will impact iOS apps in Brazil. While these changes will open new privacy and security risks to users, we have worked to maintain protections against some threats, including keeping in place important safeguards for younger users. These safeguards will not eliminate every risk, but they will help ensure that iOS remains the best, most secure mobile platform available in Brazil and we will continue to advocate on behalf of users and developers.
Antitrust App Marketplaces Brazil Business External iOS Payments iOS iOS 26 Legal
Juli Clover:
Apple and Google are teaming up to make it easier for users to switch between iPhone and Android smartphones, according to 9to5Google. There is a new Android Canary build available today that simplifies data transfer between two smartphones, and Apple is going to implement the functionality in an upcoming iOS 26 beta.
[…]
The collaboration will apparently add “more functionality” and support for transferring data types that are not available to transfer with the current tools.
This is good, but I don’t love that it seems to be a private arrangement between Apple and Google. We should all be able to get a dump of our own data.
Juli Clover:
The simplified smartphone switching Apple and Google are adopting is an example of how the Digital Markets Act (DMA) benefits users and developers, the European Commission said today. Apple and Google are making it easier for users to switch between iPhone and Android smartphones, adding an option to transfer data from another smartphone during the device setup process.
Apple and Google are implementing this functionality because the DMA requires services to offer effective data portability to avoid data lock-in to an operating system.
[…]
The DMA is also the reason why Apple and Google designed a simplified eSIM transfer solution earlier this year.
Previously:
Android Antitrust Digital Markets Act (DMA) European Union iOS iOS 26
Thijs Xhaflaire:
Jamf Threat Labs observed a signed and notarized stealer that did not follow the typical execution chains we have seen in the past. The sample in question looked highly similar to past variants of the increasingly active MacSync Stealer malware but was revamped in its design.
Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more deceptive, hands-off approach. Delivered as a code-signed and notarized Swift application within a disk image named zk-call-messenger-installer-3.9.2-lts.dmg , distributed via https://zkcall.net/download, it removes the need for any direct terminal interaction. Instead, the dropper retrieves an encoded script from a remote server and executes it via a Swift-built helper executable.
Bill Toulas (Reddit):
The stealer emerged in April 2025 as Mac.C by a threat actor named ‘Mentalpositive’. It gained traction by July, joining the less crowded but still profitable space of macOS stealers alongside AMOS and Odyssey.
A previous analysis of Mac.C by MacPaw Moonlock indicates that it can steal iCloud keychain credentials, passwords stored on web browsers, system metadata, cryptocurrency wallet data, and files from the filesystem.
Jeff Johnson (Mastodon):
I hate to say I told you so but…who am I kidding, I love to say I told you so. In 2019 I wrote a prescient blog post, The true and false security benefits of Mac app notarization, in which I foretold such an attack, suggesting that notarization is security theater.
[…]
Many of the Mac malware “protections” that Apple has added over the years are merely punishments for Mac users and honest Mac developers, making their computing life more miserable while leaving gaping holes for malware to sneak through. (See my own Apple Security Credits, as a Mac developer, not a professional security researcher, and those are just issues that Apple fixed, not all of the issues I discovered.) Earlier this month 9to5Mac also reported, Apple security bounties slashed as Mac malware grows, a tacit admission by Apple of this hopeless situation.
Céline Didone:
it was always about creating fear around the well established practice of installing apps from outside the App Store.
Previously:
Update (2025-12-30): Jeff Johnson (Mastodon, Rosyna Keller):
My assumption all along was that notarization is intended to stop malware authors from distributing their own maliciously crafted apps, and in this respect I still think notarization is security theater. However, perhaps my assumption was wrong. What if the purpose of notarization is more narrowly focused, to prevent supply chain attacks like XcodeGhost? The requirement of uploading the built app to Apple for a malware scan is not very good at stopping a determined attacker with full control over app creation, submission, and distribution who is intentionally trying to sneak malware past Apple. On the other hand, the notarization requirement can stop an unwitting developer who is unintentionally distributing known malware in their app only as a carrier, a dupe, already a victim themselves.
The timeline of notarization seems a bit off, three years between 2015 and 2018 for Apple to engineer a mitigation for the massive, damaging XcodeGhost supply chain attack. I don’t see a sense of urgency there; it would be practically lackadaisical. Nonetheless, the motivation and implementation would make sense in light of XcodeGhost.
Is this blog post a mea culpa by me? Maybe! I now acknowledge there may be some security benefit to notarization. Whether the benefit outweighs the many downsides is another question, though. In any case, it would have been nice if Apple had made some kind of public, official statement like, “Hey, we’re introducing notarization because of XcodeGhost,” and then the whole thing would have made sense to everyone from the beginning. Instead, Apple chose its habitual path of greatest resistance, security by obscurity.
Previously:
Mac macOS Tahoe 26 Malware Notarization
Monday, December 22, 2025
Joe Rossignol (Hacker News, ArsTechnica):
Italy’s Competition Authority (AGCM) has imposed a €98.6 million ($116 million) fine on Apple over its App Tracking Transparency feature.
[…]
In a press release and executive summary today, the AGCM said the App Tracking Transparency rules are “disproportionate,” and “harmful” to app developers and advertisers. Ultimately, it found that Apple abused its dominant position in the EU market.
Previously:
Antitrust App Tracking Transparency iOS iOS 26 Italy Legal
John Daniel (via John Siracusa, Reddit):
As of 26.1, when you encode a security-scoped bookmark to “file:///”, what you decode will be a bookmark to “file:///.nofollow/”. So the decode method now succeeds, but the value is wrong. I actually preferred the behaviour of the original bug.
Kevin Elliott:
The “.nofollow” syntax is a new part of the core system that allows components to construct paths that the lower level system guarantees will not be resolved or followed. This makes it simpler to protect against TOC/TOU attacks by allowing one component of the system to resolve a particular path, then pass that path to another component while guaranteeing that the second component won’t inadvertently cause a second resolve.
Unfortunately, the bug here is that parts of Foundation aren’t handling this correctly when the path references root.
I expect this will be resolved in the next system update [26.2]; however, it’s not clear to me whether that will mean that resolution will return “/” again or that the new “file:///.nofollow/” construct will start working.
However, even if we revert to “/”, you should be aware that “.nofollow” and “.resolve” paths are not inherently invalid and you should expect to see more of them in the future.
I don’t remember seeing this in the documentation or at WWDC.
Kevin Elliott:
The standard way of preventing this attack is by passing one of the “no follow” flags to open, but in a complex system that can be extremely difficult to guarantee and validate.
The new “.nofollow” construct effectively “attaches” the no follow flag to the path itself, forcing that flag on all open calls regardless of the actual flag passed in.
Kevin Elliott:
I’m not sure what the current state of things is, but the expectation is that most/all syscalls that interact with paths will “preserve” these “.<flag>” prefixes. I’ll also note that the behavior of realpath will change based on “.nofollow”.
[…]
In the context of framework code, I think the best option is to treat any “.nofollow” path you receive as “inherently” canonical and simply use it directly.
Kevin Elliott:
My general advice here is to treat any URL you receive from the system as a “magic” object. In practice, I generally convert it to a bookmark, then resolve the bookmark again, and use that new URL*, discarding the original (“magic”) URL.
*This ensures that the rest of my app is ALWAYS working with “a URL that came from a bookmark”, instead of a “split” flow.
Previously:
File System Mac macOS Tahoe 26 Programming Security Security Scoped Bookmarks Symbolic Links URL
Jeff Johnson (Mastodon):
This morning I reluctantly updated my iPhone SE (3rd generation) from iOS 18.7.2 to iOS 26.2. I had been hoping for Santa Cook to bring me iOS 18.7.3 for Christmas. Apparently, though, we’ve all been naughty. Or maybe Cook himself is not nice. I was aware that it was (previously) possible to install iOS 18.7.3 by enabling beta software updates, but nowadays that requires enabling iCloud, which I refuse to do on my iPhone. According to MacRumors and my followers on social media, Apple has within the past 24 hours stopped providing 18.7.3 on the beta track. Moreover, Apple is providing restore image to developers for only a few iPhone models: XR, XS, and XS Max. Thus, it appears that iOS 18 is effectively discontinued on most devices, and iOS 18.7.2 suffers from actively exploited security vulnerabilities.
More on that here. I also somewhat involuntarily just updated to iOS 26.2, because I got a new Apple Watch and it refuses to pair with an iPhone running iOS 18.
What struck me on iPhone was something I hadn’t noticed as much on Mac and iPad: the animations.
[…]
There are quite a few visual glitches remaining, three months after the public release of the new operating system. If iOS 26.0 was half-baked, iOS 26.2 is at most two-thirds-baked.
Needless to say, I enabled Reduce Transparency in Display & Text Size Accessibility Settings as soon as I updated to iOS 26. I had already enabled Show Borders and On/Off Labels in iOS 18 or earlier.
[…]
By the way, don’t get me started on the Liquid Crass replacement of close buttons with checkboxes. (On iOS 18, the checkbox in the video was a Done button.) This change is insane! And I’ve already had a customer confused by the checkbox, thinking that they had to “approve” something in the window.
I’d seen the betas, too, and already knew I didn’t like Liquid Glass. What struck me in everyday use is how many glitches remain and that the accessibility settings don’t work very well. There are glass borders that start out with square corners and then become rounded. As with previous recent versions, various things just don’t look good with Reduce Transparency enabled—ugly colors, edges that are harder to see in a sea of white—like I’m being penalized for using it. I ended up turning it off because sometimes the keyboard doesn’t show the labels of the keys. I find the Liquid Glass animations annoying, too, but many of them remain even after enabling Reduce Motion. Prefer Cross-Fade Transitions helps but looks odd, in my opinion, and causes temporarily glitches with curved outlines being left behind. I guess it’s easier to not consider the “bloody ROI” if you don’t commit the resources to actually finishing the job.
Previously:
Update (2025-12-23): Craig Grannell:
“like I’m being penalized for using it”
That’s how I’ve long felt about Apple’s approach to the visual design of a lot of accessibility features. It feels petulant. “Well, if you don’t want our gorgeous design, you can make do with THIS.” And there are so many vestibular triggers left in these systems, it may actually be dangerous for some people to update. Yet Apple is effectively forcing them too anyway.
Update (2025-12-26): Arnaud:
I personally love the animations but hard agree on the half baked stuff.
The Mail app is the worst, especially in the headers where the unsubscribe prompt and “could not load over vpn” message live. It’s something you’d expect from android circa 2010.
Accessibility Apple Watch SE Bug Design iOS iOS 26 Liquid Glass watchOS watchOS 26
Chiara Castro (Hacker News, Reddit):
Proton has confirmed the company has begun moving out of Switzerland due to “legal uncertainty” over the newly proposed surveillance law.
[…]
The firm behind one of the best VPN and encrypted email services has been very critical of the Swiss government’s proposed amendment of its surveillance law since the beginning, already sharing plans to quit Switzerland back in May.
[…]
Proton launched its ChatGPT competitor, Lumo, in July 2025, to give its users an alternative to Big Tech solutions that truly protect their privacy.
In a blog post about the launch, Proton’s Head of Anti-Abuse and Account Security, Eamonn Maguire, explains that the company has decided to invest outside Switzerland for fear of the looming legal changes.
Previously:
Artificial Intelligence Business Germany Legal Lumo Privacy Proton Proton Drive Proton Pass Proton VPN ProtonMail Switzerland
Friday, December 19, 2025
Juli Clover:
Mac users with the Studio Display have been complaining about intermittent flickering since the update launched in September. There are also complaints from users who have other kinds of displays, so it might be a bug that is affecting more than one type of external monitor.
We have experienced this issue with a MacBook Pro running macOS Tahoe connected to a Studio Display, and the macOS Tahoe 26.1 and macOS Tahoe 26.2 updates haven't improved the situation at all. In fact, the flickering seems to be getting worse in recent days.
Dan Moren:
I’m glad this is finally gaining some attention because I have been seeing this since the earliest betas of Tahoe back in June (I complained about it again more recently). And that’s been on multiple Macs, including my Mac mini attached to a Studio Display, my old M1 MacBook Air, and my current M4 MacBook Air.
Oliver Haslam:
It’s thought that this dithering causes a flickering effect which, in some cases, can even cause headaches. Thankfully, a third-party utility called Stillcolor can override the display controller’s behavior.
Disabling dithering via Stillcolor is reported to have fixed the issue for some. Unfortunately, others say it hasn’t worked for them, so your mileage may vary.
Previously:
Update (2025-12-22): eric:
wow I thought I was losing my mind of my m4 Mac mini was going south. I don’t see it in my work MBP without Tahoe.. didn’t think it was the OS but I guess it is! It’s not bad and infrequent but unnerving either way.
Bug Display Mac macOS Tahoe 26 Studio Display
John Gruber:
There are many sites — and the trend seems to be accelerating — that do not use passwords (or passkeys) for signing in. Instead, they only support signing in via expiring “magic links” sent by email (or, sometimes, via text messages). To sign in with such a site, you enter your email address, hit a button, and the site emails you a fresh link that you need to follow to sign in. I despise this design pattern, because it’s inherently slower than signing in using an email/password combination that was saved to my passwords app and autofilled by my web browser.
[…]
To make matters worse, when you create a new account using a “magic link”, nothing gets saved to Apple Passwords. I don’t have many email addresses in active use, but I do have several. Sometimes I don’t remember which one I used for my account on a certain site.
[…]
One workaround I’ve used for a few sites with which I keep running into this situation (Status, I’m looking in your direction) is to manually create an entry in Apple Passwords for the site with the email address I used to subscribe, and a made-up single-character password. Apple Passwords won’t let you save an entry without something in the password field, and a single-character password is a visual clue to my future self why I did this.
I have also run into this friction where the Passwords app insists I not leave the field blank but there’s nothing that really makes sense to put there.
I’d always assumed that sites used magic links because people don’t remember their passwords, and it’s easier to click a link than to go through the password reset process each time. But Gruber notes that magic links are also an effective way to combat account sharing.
Previously:
Update (2025-12-22): Ezekiel Elin:
You actually can create password entries without passwords because there’s a bug in the app where the (command)+S keyboard shortcut works even when the UI button to save is disabled
Apple Password Manager Mac macOS Tahoe 26
Peter Maurer:
The volume indicator, on the other hand, is most important to me when there’s currently no sound playing, e.g., because I want to confirm my system is muted (or at least not in “yell loud enough to wake everyone in the house” mode) before I start playing a video. And I’d rather do that without having to squint at a tiny slider on a fuzzy-glassy background in an inconvenient spot way outside of my center of attention. A tiny slider on a fuzzy-glassy background in an inconvenient spot way outside of my center of attention, I might add, that doesn’t always update properly when I hit the mute/unmute key.
[…]
Enter Hudlum, the nostalgic retro HUD-style system volume indicator for dinosaurs[…] As silly as it may seem, this helped me make peace with macOS 26.
Previously:
Audio Bug Hudlum Mac Mac App macOS Tahoe 26
Rob Halliday:
It appeared that Backblaze was now just not backing up Dropbox AT ALL, and was discarding (without warning) existing backups of Dropbox folders.
I contacted Backlbaze tech support. Janet their ‘AI Agent’ who is “well-trained to answer your questions” (!!), responded an hour or so later saying that Backblaze now basically do not back up Dropbox as of a recent update to the Mac Backup software.
[…]
Working back through the Backblaze release notes, this change happened in 9.2.2.878. The release notes page does not include release dates for software versions, so there is no way of telling when this change happened.
[…]
If I hadn’t discovered this by accident today, I might not have found out until too late. I suspect this is why I haven’t managed to find more outcry about it on the web today - I suspect this applies to a lot of people, who know this has been working fine and haven’t yet noticed that it’s now broken. Yes, it’s in the release notes, but a change like this should, I feel, be displayed VERY PROMINENTLY as part of an update, or an update causing a change this dramatic should not be forced on users automatically.
I’ve had concerns about Backblaze for a long time, but this is a new low.
Previously:
Update (2025-12-22): It seems like Backblaze now also excludes iCloud Drive and OneDrive but not Dropbox via Maestral. This seems to not be due to Dropbox using the File Provider Extension framework, and it’s not overridable at the user level, so I guess there’s some sort of built-in exclusion. CrashPlan also no longer backs up Dropbox. Arq can still back up all this stuff.
Backblaze Backup Datacide Dropbox File Provider Extensions iCloud Drive Mac Mac App macOS Tahoe 26 Microsoft OneDrive
Thursday, December 18, 2025
Apple:
Apple today announced changes impacting iOS apps in Japan to comply with the Mobile Software Competition Act (MSCA). These updates create new options for developers to distribute apps on alternative app marketplaces and to process app payments for digital goods and services outside of Apple In-App Purchase.
[…]
The MSCA’s requirements for alternative app marketplaces and app payments open new avenues for malware, fraud and scams, and privacy and security risks.
They just couldn’t help themselves.
For their iOS apps distributed on the App Store in Japan, developers will be able to include an alternative payment processing method in their app and/or link users to a website to complete a transaction.
These alternative payment options will always be presented alongside Apple In-App Purchase, so that users in Japan are clear on when they are transacting through Apple.
Juli Clover:
Apple has established a new fee structure in Japan, and fees are based on distribution and payment method. Apple says that fees will be the same or lower for 100% of developers in Japan.
Participants in the Small Business Program, Video Partner Program, and Mini Apps Partner Program will pay the reduced rate below. Subscriptions in apps maintained after the first year are also subjected to the lower fee. The Small Business Program includes developers that earn less than 1 million USD annually. Developers that earn more than that have to pay Apple's full commission rates.
- App Store w/ In-App Purchase - Varies from 15% to 26%. 21% base fee, 5% payment processing fee. Base fee is 10% for program participants, and 5% fee remains the same.
- App Store w/ Alt Purchase - Varies from 10% to 21%. 21% base fee, no payment processing fee. 10% for program participants.
- App Store w/ Web Link - Varies from 10% to 15%. 15% Store Services Fee, 10% for program participants.
- Alternative Marketplace - 5% Core Technology Commission.
Juli Clover:
iPhone and iPad users in Japan can download the alternative app marketplace from the AltStore website, and then use the AltStore to download apps without having to go through Apple’s App Store. Prospective AltStore users need to be physically located in Japan, and have a Japanese App Store account. Devices also need to be running iOS/iPadOS 26.2 or later.
Previously:
Update (2025-12-19): Malte Kirchner (via ednl):
On paper, many things look the same between Japan and the EU. But tone matters. The law passed in Japan in June 2024 relies more on dialogue than confrontation, is heard from Apple Park. The Japanese are concerned with data protection, security, and child protection for users. In Europe, they argue in Cupertino, the interests of a few large competitors are primarily being satisfied. This leads to a worse user experience and compromises in security, Apple is convinced.
What makes Apple conciliatory in Japan is likely the numerous exceptions and the bargaining chips that the company has there. Concerns about cybersecurity or child protection can override certain rules. For example, there are alternative app stores in Japan, but no complete sideloading. The requirements for interoperability also turn the European principle on its head: in Japan, this is available on request, while in Europe they want it "by design" – i.e., when new functions are launched. The European model is based on the fear that requests could be indefinitely postponed. Therefore, they want interoperability immediately. The Americans, on the other hand, see this as an obstacle to innovation and an expropriation of intellectual property, but also as a major security risk.
[…]
At least on the day of introduction, the Japanese conditions seem enviable from a European perspective. No threat of legal action, constructive discussions, and the regulator gets its functions, while new features are to be brought to Japan without delay – European customers undoubtedly wish for this too. However, it remains to be seen whether the situation in Japan will truly remain so harmonious and whether the law will prove to be a tame paper tiger if the regulated parties are too satisfied with it.
Update (2025-12-22): John Gruber (Mastodon):
Developers are allowed to offer lower prices in alternative payment methods. That strikes me as a decent, but not ideal balance. I think it’s fair for Apple to mandate that its own IAP be offered alongside any form of alternative payment within an app. But, as I’ve long advocated, links to the web — leaving the app for the system’s default browser — should be permitted without having to offer IAP too. But overall, where Japan landed is reasonable.
[…]
An Apple spokesperson confirmed that, in contrast with the DMA, the guidelines that accompany the MSCA provide more clarity on things like privacy, security, safety, and youth protection. (E.g. apps distributed outside the App Store in Japan still require age ratings. There’s no such requirement in the EU.)
[…]
It’s hard to find anything aside from small nits to complain about in the MSCA. It arguably gives Japanese users a better, more robust iOS experience than what Apple offers to the rest of the world.
AltStore Antitrust App Marketplaces External iOS Payments In-App Purchase iOS iOS 26 Japan
Fatbobman:
SwiftData provides a batch deletion API that is more modern and type-safe than its Core Data counterpart.
[…]
Note: Unlike the standard single-object deletion modelContext.delete(_ model: T), batch deletion is only applied to the database after save() is executed.
Coming from Core Data, this is really strange. With Core Data, NSBatchUpdateRequest and the other batch operations are completely separate from saving the context. This makes sense because they operate directly on the database rather than on the in-memory objects that are owned by the context.
I’m trying to wrap my head around what SwiftData is even doing that batch deletions happen on save. Is it queuing up a bunch of SQL to be executed along with the save? Why would anyone want this?
Going by what the documentation literally says, with it taking place after the save, it sounds like it even reorders operations. If I do a batch delete, then insert some objects, then save, will it delete the new objects (if they match the predicate) even though I intended the insert to happen after clearing out the old objects? Or does executing the batch delete eagerly fetch the IDs of the objects to be deleted and then it deletes them by ID later (when the predicate might no longer match)?
Either way, it seems confusing in the event that there are multiple batch deletes in sequence. The first one might affect which objects match the predicate of the second one.
Although Swift 6 and iOS 26 have brought many improvements, as of now, SwiftData natively supports only batch deletion. It does not yet provide native APIs for Batch Update or Batch Insert.
Previously:
Core Data iOS iOS 26 Mac macOS Tahoe 26 Programming SwiftData
Howard Oakley:
When first introduced in Mac OS X, no provision was made for xattrs to have type-specific preservation, and that was added later using flags suffixed to the xattr’s name. For example, the com.apple.lastuseddate xattr found commonly on edited files is shown with a full name of com.apple.lastuseddate#PS to assign the two flags P and S to it, and the most recent xattr com.apple.fileprovider.pinned, used to mark files in iCloud Drive that have been pinned, has the two flags P and X assigned to it for a the full name of com.apple.fileprovider.pinned#PX.
[…]
It’s further complicated by a set of system tables for some standard xattr types that don’t have flags suffixed, but are treated as if they do.
[…]
When using standard commands such as cp, macOS will automatically apply these rules when deciding whether to preserve xattrs. However, using a command for a different intent, such as cp for backing up, won’t normally invoke the behaviour you might want.
Code using standard macOS file operations should follow the behaviour expected for its intent, and shouldn’t require any special handling of xattrs. Lower-level operations are likely to differ, though, and may require implementation of equivalent behaviours.
The xattr_intent_with_flags() function will tell you, given an intent and a set of flags, whether you should preserve the xattr.
Previously:
Extended Attributes iCloud Drive Mac macOS Tahoe 26 Metadata Programming
Wednesday, December 17, 2025
Jeff Johnson (Mastodon):
“Every instance of UserDefaults shares the contents of the argument and registration domains.” In other words, the result of calling registerDefaults on the object returned by [NSUserDefaults initWithSuiteName:] is the same as calling registerDefaults on the object returned by [NSUserDefaults standardUserDefaults]! Yet the documentation for registerDefaults does not mention this fact.
How did this become a Link Unshortener bug? In the NSApplicationDelegate method applicationWillFinishLaunching, I call [NSUserDefaults initWithSuiteName:] and registerDefaults to register the default values of Link Unshortener settings. Then I check whether the app container settings need to be migrated. If migration is necessary, then I call [NSUserDefaults setObject: forKey:] on the group defaults, using [NSUserDefaults objectForKey:] from the app defaults. If the default key has never been set in the app defaults, then [NSUserDefaults objectForKey:] should return nil. Or so I thought! But at that point registerDefaults has already been called on the group defaults object, and the app defaults object shares the registration domain with the group defaults object, so [NSUserDefaults objectForKey:] returns a non-nil value, which gets saved in the group defaults.
Previously:
Bug Cocoa iOS iOS 26 Link Unshortener Mac macOS Tahoe 26 NSUserDefaults Programming
Adam Engst:
However, getting that playlist working this year proved intensely frustrating. Even though it contains over 300 songs, only a handful played when we asked Siri to shuffle the playlist on the HomePod. It made no sense—I could cause any song in the playlist to play on the HomePod from my iPhone, and the Music app had no problem continuing from one song to another as long as shuffle wasn’t turned on.
[…]
But wait! Isn’t there some other checkbox that might be related? I opened the Info window for one of the tracks that wouldn’t play and clicked through all the tabs. There it was in the Options tab: “Skip when shuffling.” I selected all the songs in the playlist, pressed Command-I to open an Info window that would apply to everything selected, and turned off “Skip when shuffling.” Voilà! My playlist started working correctly again.
[…]
But this raises a question. If you prefer to listen to holiday music only at the end of the year, how do you prevent it from playing at other times? I can imagine a range of approaches, including exclusionary playlists and separate music libraries, but they would require me to change how I interact with Apple Music for the rest of the year. Other techniques suffer from allowing holiday songs to be mixed in with other music.
I’ve been seeing some strange behavior recently when I tell the Music app to shuffle a particular artist. I would expect this to produce a random-seeming mix of all the songs I have by that artist. But often it actually plays one of the following:
- A random mix of songs, but only from the artist’s most recent 2–3 albums, when there are far more in my library.
- A random mix of songs, but each time it plays a song it will play all the versions of that same song (e.g. compilations, live recordings) before moving on to the next song.
Update (2025-12-18): Wayne Dixon:
I’ve been seeing an issue with shuffling myself. I’ll listen to a bunch of shuffled songs, switch to some other audio for a while and when I listen again, it will replay songs I’ve already heard.
Now, I don’t know if it’s strictly something that’s related to moving from my iPhone, to a HomePod, and then back again. It will continue what I was listening to on the HomePod, but after switching to other audio and then back again, it seems to jump back in the playlist.
iOS iOS 18 iOS 26 Music Music.app
Juli Clover:
iOS 26.3 adds a new “Notification Forwarding” setting that allows incoming notifications on an iPhone to be forwarded to a third-party device.
The setting is located in the Notification section of the Settings app under a new “Notification Forwarding” option. Apple says that notifications can only be forwarded to a single device at a time, so if Notification Forwarding is enabled with a third-party wearable, the Apple Watch won’t able to receive and display notifications.
Users can choose to have a device receive notifications only from selected apps rather than all apps, and notifications will include the name of the app and all content contained in the notification. This is a feature that is only available to those living in Europe.
It’s amazing how much iOS functionality now differs by region.
Previously:
Update (2025-12-18): Alex Barrientos:
This isn’t generous feature-giving—it’s regulatory compliance dressed up as user choice.
Nate:
It’s amazing too how spiteful Apple is. By nerfing Apple Watch they ensure this feature will never actually be useful. Even if it was limited to a single device at a time AND Apple Watch, then someone would build a “notification router” app that fanned out to all the other devices you care about.
Antitrust Digital Markets Act (DMA) European Union iOS iOS 26 Push Notifications watchOS watchOS 26
danah boyd (2024):
Since the “social media is bad for teens” myth will not die, I keep having intense conversations with colleagues, journalists, and friends over what the research says and what it doesn’t. (Alice Marwick et. al put together a great little primer in light of the legislative moves.)
[…]
Can social media be risky for youth? Of course. So can school. So can friendship. So can the kitchen. So can navigating parents. Can social media be designed better? Absolutely. So can school. So can the kitchen. (So can parents?) Do we always know the best design interventions? No. Might those design interventions backfire? Yes.
Does that mean that we should give up trying to improve social media or other digital environments? Absolutely not. But we must also recognize that trying to cement design into law might backfire. And that, more generally, technologies’ risks cannot be managed by design alone.
[…]
Do some people experience harms through social media? Absolutely. But it’s important to acknowledge that most of these harms involve people using social media to harm others. It’s reasonable that they should be held accountable. It’s not reasonable to presume that you can design a system that allows people to interact in a manner where harms will never happen. As every school principal knows, you can’t solve bullying through the design of the physical building.
Nick Heer:
This is pretty clearly a response to arguments pushed by people like Dr. Jonathan Haidt.
[…]
Then again, why not both? Kids can be educated on how to use new technologies responsibly and platforms can be pressured to reduce abuses and hostile behaviour.
[…]
I find it plausible it is difficult to disentangle the influence of social media from other uses of a smartphone and from the broader world. I am not entirely convinced social media platforms have little responsibility for how youth experience their online environment, but I am even less convinced Haidt’s restrictive approach makes sense.
Mike Masnick:
Jonathan Haidt’s incredibly well-timed decision to surf on the wave of a moral panic about kids and social media has made him a false hero for many parents and educators. In my review, I noted that his book, “The Anxious Generation,” is written in a way that makes adults struggling with the world today feel good, because it gives them something to blame for lots of really difficult things happening with kids today.
The fact that it’s wrong and the data don’t support the actual claims is of no matter. It feels like it could be right, and that’s much easier than doing the real and extremely difficult work of actually preparing kids for the modern world.
[…]
Earlier this year, we had Dr. Candice Odgers on our podcast. Unlike Haidt, she is an actual expert in this field and has been doing research on the issue for years. The podcast was mostly to talk about what the research actually shows, rather than just “playing off Haidt’s” misleading book. However, Odgers has become the go-to responder to Haidt’s misleading moral panic. She’s great at it (though there are a ton of other experts in the field who also point out that Haidt’s claims are not supported by evidence).
Still, Odgers keeps getting called on by publications to respond to Haidt’s claims. She’s done so in Nature, where she highlighted what the research actually shows, and in The Atlantic, where she explained how Haidt’s supported proposals might actually cause real harm to kids.
Australian Broadcasting Corporation (Hacker News):
Children and teenagers under the age of 16 could soon be banned from using social media after Labor announced it would back the higher cut-off limit.
The government had previously committed to introducing the legislation that would get kids off social media by the end of the year, but earlier suggested it would not announce a specific cut-off age until after a trial of verification technology.
Prime Minister Anthony Albanese also confirmed on Thursday that the proposed legislation would not include grandfathering arrangements — meaning young people already on social media would not be exempt — nor would it allow for exemptions due to parental consent.
Rod McGuirk:
A social media ban for children under 16 passed the Australian Parliament on Friday in a world-first law.
The law will make platforms including TikTok, Facebook, Snapchat, Reddit, X and Instagram liable for fines of up to 50 million Australian dollars ($33 million) for systemic failures to prevent children younger than 16 from holding accounts.
Laura Dobberstein:
As to how exactly age verification would be executed, Rowland said that was part of the purpose of the nation’s $6.5 million age assurance trial.
[…]
Meta posted a blog last week in which it made a case for parental approval for under-16s rather than a ban. That approval, it suggested, could be executed in the app store.
[…]
Social media’s harm to children has been extensively documented. For example, US Surgeon General Dr Vivek Murthy cited adolescents who spend more than three hours per day on social media as having double the risk of developing depression and anxiety. Murthy has advocated for health warning labels on social networks.
The US has been working on its own age verification software, but the results of its efforts remain unreliable.
University of York (Hacker News):
Psychologists at the University of York, who tested the impact that smartphones have on children’s behaviour for a new two-part documentary series for Channel 4, found that a ban in school impacted positively on sleep and mood.
Hunt Allcott et al. (Hacker News):
We estimate the effect of social media deactivation on users’ emotional state in two large randomized experiments before the 2020 U.S. election. People who deactivated Facebook for the six weeks before the election reported a 0.060 standard deviation improvement in an index of happiness, depression, and anxiety, relative to controls who deactivated for just the first of those six weeks. People who deactivated Instagram for those six weeks reported a 0.041 standard deviation improvement relative to controls.
Paris Buttfield-Addison (November 2025):
Australia’s world-first ban on social media for children under 16 takes effect in just over a month on December 10, 2025, yet nobody knows exactly how it will work.
The Online Safety Amendment (Social Media Minimum Age) Act 2024 passed parliament in a rushed process in November last year, imposing potential fines of up to $50 million on platforms that fail to keep out underage users. While 77% of Australians support the ban, only 25% believe it will actually work, and with weeks until launch, the mounting controversies, technical failures, and expert warnings suggest it’s becoming exactly the shitshow sceptics predicted.
[…]
The age verification requirement creates a piece of backdoor surveillance infrastructure that affects every Australian, not just children. Elon Musk labeled it “a backdoor way to control access to the Internet by all Australians,” a rare instance where his fevered ranting and hyperbole aligns with expert consensus.
[…]
The paradox is built into the law itself: s 63DB prohibits platforms from directly collecting government-issued IDs or requiring Digital ID systems, yet platforms must verify ages. This forces reliance on unproven technologies like facial biometric scanning, behavioural tracking, and AI age estimation, all of which require invasive data collection.
Apple (MacRumors):
Beginning December 10, 2025, a new Australian law will require certain social media platforms operating in Australia to prevent people under 16 from having a social media account. Impacted developers are responsible for making sure they follow the requirements of the new law, including deactivating any existing accounts for users under 16 and monitoring new signups.
Apple provides several tools to help meet the requirements of this law[…]
Mike Masnick (Hacker News):
Australia’s social media ban for kids is now in effect. As we’ve discussed, this is a monumentally stupid plan that will do real harm to kids. It’s based on a moral panic and a wide variety of faulty assumptions, including that social media websites are inherently bad for kids, something that none of the evidence supports.
Molly Buckley (Hacker News):
Age verification laws are proliferating fast across the United States and around the world, creating a dangerous and confusing tangle of rules about what we’re all allowed to see and do online. Though these mandates claim to protect children, in practice they create harmful censorship and surveillance regimes that put everyone—adults and young people alike—at risk.
Lisa Kashinsky (Hacker News):
Rahm Emanuel, who is mulling a presidential run, is pushing for the United States to follow Australia’s lead in banning children under 16 from most social media.
Simon Sharwood:
Forum site Reddit has filed a case that seeks to exempt itself from Australia’s ban on children under 16 holding social media accounts.
Mike Masnick:
But late last week, some additional news broke that makes the whole thing even more grotesque: turns out the campaign pushing hardest for the ban was run by an ad agency that makes gambling ads. The same gambling ads that were facing their own potential ban—until the Australian government decided that, hey, with all the kids kicked off social media, gambling ads can stay.
Kristof Van Landschoot (Casey Liss):
Has anybody figured out if it is possible to update the age rating on App Store Connect without submitting an update to the app?
Previously:
Advertising App Store Australia Children iOS iOS 26 Lawsuit Legal Mac Mac App Store macOS Tahoe 26 Privacy Reddit Science
Tuesday, December 16, 2025
Anthony Enzor-Demeo (Hacker News):
Today, I step into the role of CEO of Mozilla Corporation. It is a privilege to lead an organization with a long history of standing up for people and building technology that puts them first.
[…]
- First: Every product we build must give people agency in how it works. Privacy, data use, and AI must be clear and understandable. Controls must be simple. AI should always be a choice — something people can easily turn off. People should know why a feature works the way it does and what value they get from it.
- Second: our business model must align with trust. We will grow through transparent monetization that people recognize and value.
- Third: Firefox will grow from a browser into a broader ecosystem of trusted software. Firefox will remain our anchor. It will evolve into a modern AI browser and support a portfolio of new and trusted software additions.
David Pierce:
Mozilla is not going to train its own giant LLM anytime soon. But there’s still an AI Mode coming to Firefox next year, which Enzor-DeMeo says will offer users their choice of model and product, all in a browser they can understand and from a company they can trust. “We’re not incentivized to push one model or the other,” he says. “So we’re going to try to go to market with multiple models.” Some will be open-source models available to anyone. Others will be private, “Mozilla-hosted cloud options,” he says. And, yes, some will be from the big companies in the space — Enzor-DeMeo didn’t name Gemini, Claude, or ChatGPT, but it’s not hard to guess.
Enzor-DeMeo has been at Mozilla for almost exactly a year. Until now, he’s been leading the team building Mozilla’s Firefox browser, which, in so many ways, is the thing that makes Mozilla go.
[…]
At some point, though, Enzor-DeMeo will have to tend to Mozilla’s own business. “I do think we need revenue diversification away from Google,” he says, “but I don’t necessarily believe we need revenue diversification away from the browser.” It seems he thinks a combination of subscription revenue, advertising, and maybe a few search and AI placement deals can get that done. He’s also bullish that things like built-in VPN and a privacy service called Monitor can get more people to pay for their browser. He says he could begin to block ad blockers in Firefox and estimates that’d bring in another $150 million, but he doesn’t want to do that. It feels off-mission.
Thomas Claburn:
The renewed focus on Firefox within Mozilla Corporation, Surman said, has internal and external explanations. “Internally, I think we haven’t had the leadership for the last few years to really drive us technically on what’s possible with the tech stack we have,” he said.
”The external reason is really that the market for browsers and the space for innovation over browsers is really in motion again. And people have written browsers off as a commodity. Other people are innovating, and it creates a really good context for us to do the same again and to reinvest there.”
ploum:
Mozilla has a new CEO who:
- Has been at Mozilla for less than a year
- Has no prior open source experience (but well in “fintech” and “real estate”)
- Has a MBA (aka “brainworm diploma”)
- Is all-in on AI
That’s exactly the kind of bingo profile the whole community has been waiting for.
Previously:
Update (2025-12-18): Bruno (Hacker News):
In an interview with “The Verge”, the new Mozilla CEO, Enzor-DeMeo, IMHO hints that axing adblockers is something that, at the very least, was on the table in some form and at some point.
[…]
It may be just me, but I read this as “I don’t want to 😜 😜 but I’ll kill AdBlockers in Firefox for buckerinos 😂”. This disappoints and saddens me a lot, and I hope I’m wrong.
[…]
Killing one of its advantages over the Chromium engine, being able to have a fucking adblocker that's actually useful, and that nowadays is a fucking security feature due to malvertising, will be another nail in the coffin, IMHO.
Joey Sneddon (Hacker News):
Being able to opt-out is agency (I guess), but if diverting revenue through AI is part of this “double bottom line”, how easy will “easily” actually be?
A single button presented on first run, or will it mean diving through menus, opening about:config, or configuring an enterprise policy?
[…]
The logic on why this benefits end users is somewhat circular: to fight Big AI, Firefox will host a Big AI buffet where we pick our preferred flavour of algorithmic mediation from a limited menu, which in turn gooses Big AI to further silo us from each other. Agency!
[…]
As someone who chose Firefox because it wasn’t doing the same things other companies were, was committed to open standards and championing an open web where the little guys’ needs weren’t overlooked for the Goliaths’, I’m kind of left wondering who’s fighting for us?
Previously:
Artificial Intelligence Firefox Mac Mozilla Privacy Web Web Browser
Cameron Faulkner (Amazon):
The 27-inch 60Hz 5K IPS screen delivers 217 pixels per inch (PPI) — just one pixel per inch shy of the pricier options. Who knew that there was a color-accurate, pixel-dense display out there that won’t send creators or the 5K-curious among us into extreme debt?
The H27P3 may be worth considering if you just need a good screen. Just know that this is not a premium device. Its design looks like my budget-friendly gaming monitor, it has a limited port selection (and speed) that pales in comparison to pricier models, and its clumsy onscreen menus make accessing its marquee features more difficult than it should be.
[…]
The H27P3 has one HDMI 2.0 port, one DisplayPort 1.4 input, and one USB-C input for power (up to 65W PD passthrough) and video. All video inputs support 5K at 60Hz via display stream compression (DSC) except HDMI, which is limited to 4K / 60Hz due to bandwidth limitations. The monitor also has two USB-A 3.0 ports and a headphone jack for audio over HDMI and USB-C. KTC advertises that this model has a KVM switch — enabling the feature requires you to dive once again into the cursed OSD — but it’s not really a KVM switch in the sense that it lets you control multiple connected computers with a single mouse and keyboard. It’s just a USB hub, adding a couple USB-A ports to plug in extra accessories, like a mouse dongle and an SSD.
This part seems fine to me. Even the Studio Display isn’t a good hub. I don’t think it makes sense to combine that functionality with a display.
Paul Haddad:
The weird thing is that they say its lowest ever price was $355, which is crazy low and I’m 99% sure its never been under $500 (or I probably would’ve bought it to test out).
Previously:
Display Mac Retina
Honza Dvorsky:
Today, we’re pleased to announce the initial release of Swift Configuration: a new library that provides a unified approach to reading configuration in your Swift applications.
Configuration management has long been a challenge across different sources and environments. Previously, configuration in Swift had to be manually stitched together from environment variables, command-line arguments, JSON files, and external systems. Swift Configuration creates a common interface for configuration, enabling you to:
-
Read configuration the same way across your codebase using a single configuration reader API that’s usable from both applications and libraries.
-
Quickly get started with a few lines of code using built-in providers for environment variables, command-line arguments, JSON and YAML files, and in-memory values.
-
Build and share custom configuration providers using a public ConfigProvider protocol that anyone can implement and share.
Helge Heß:
It actually makes me a little sad, because Foundation has a configuration management system already: UserDefaults. Is it really necessary to reinvent the wheel again and again?
My point is that instead of enhancing/embracing the existing system (and defaults are really flexible, e.g. an environment domain is something that is conceptually supported), something completely new and separate is created. Yes, just like logging and metrics FWIW, desktop/mobile and server are not really as different as some people tend to think either. 🙈
Honza Dvorsky:
Swift Configuration brings a unified, type-safe approach to this problem for Swift applications and libraries. What makes this compelling isn’t just that it reads configuration files: plenty of libraries do that. It’s the clean abstraction that it introduces between how your code accesses configuration and where that configuration comes from. This separation unlocks something powerful: libraries can now accept configuration without dictating the source, making them genuinely composable across different deployment environments.
With the release of Swift Configuration 1.0, the library is production-ready to serve as a common API for reading configuration across the Swift ecosystem. Since the initial release announcement in October 2025 over 40 pull requests have been merged, and its API stability provides a foundation to unlock community integrations.
Update (2025-12-16): Lukas Valenta:
At first, I asked myself why. Then I created a small Vapor application and I understood - the current ways to set environment are not great. Or more precisely, had not been. Looking forward to implementing it!
Update (2025-12-18): Honza Dvorsky:
The original motivation came from making Swift servers easier to operate, as switching between env vars, CLI flags, JSON/YAML files, or even remote feature flagging services shouldn’t require a large refactor. […] Turns out, putting an abstraction layer between sources of config and the config reading API is pretty powerful as it lets libraries configure themselves from an opaque config container. Not just servers benefit from that.
iOS iOS 26 Mac macOS Tahoe 26 NSUserDefaults Open Source Programming Swift Programming Language Vapor
Juli Clover:
Google today announced a new cross-platform feature that allows for file sharing between iPhone and Android users. With AirDrop on the iPhone and QuickShare on Pixel 10 devices, there is a new file transfer function available.
The file sharing option works on Apple devices that include iPhone, iPad, and Mac, along with the Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, and Pixel 10 Fold.
Dan Moren:
It’s currently only available on the Pixel 10 family, though Google says it is “expanding it to more Android devices.” It also requires you to set your AirDrop visibility to “Everyone for 10 minutes”, as it presumably has no visibility into your contacts.
Interestingly, there’s no indication that Apple did anything to make this possible. The provisions of the Digital Markets Act in the European Union do currently stipulate that Apple will have to allow for competing standards to AirDrop (which might very well include the Android Quick Share feature that Google is leveraging here) as well as bring interoperability to the feature.
Matt Birchler:
Inexplicably, it is not working in either direction on my personal devices, but I have seen people do it successfully, so I’ll chock this up to first day weirdness.
Aisha Malik:
“This implementation using ‘Everyone for 10 minutes’ mode is just the first step in seamless cross-platform sharing, and we welcome the opportunity to work with Apple to enable ‘Contacts Only’ mode in the future,” Google explained in a blog post.
[…]
The feature does not use a workaround, and the connection is direct and peer-to-peer, Google says. This means that data isn’t routed through a server and that shared content is never logged.
[…]
It’s worth noting that Google’s blog post doesn’t detail anything about how it worked with Apple to launch the new functionality.
Juli Clover:
Typically, Apple and Google work together on cross-platform features, but it turns out that Apple had no involvement this time. Google created the Quick Share to AirDrop interoperability on its own, and apparently sprung it on Apple with a public announcement. From a statement Google provided to Android Authority:
We accomplished this through our own implementation. Our implementation was thoroughly vetted by our own privacy and security teams, and we also engaged a third party security firm to pentest the solution.
David ImeI:
What this means for the feature long term we’ll have to see. Will this be another Beeper situation?
Will Sattelberg (Slashdot):
While it initially seemed like this was a rogue move made by Google to coerce Apple into another boundary-breaking decision, it might actually be part of the repercussions that also led to USB-C on iPhone and the adoption of RCS.
[…]
As reported by Ars Technica, the answer to this week’s mysterious Quick Share upgrade lies in the EU’s interoperability requirements designed for the DMA. The ruling out of the European Commission pushed Apple to begin supporting interoperable wireless standards beginning with this year’s set of OS upgrades, replacing the previous proprietary standard the company used to power its various Continuity features. That forced Apple to add support for the Wi-Fi Alliance’s Wi-Fi Aware standard of multi-directional file sharing, at the cost of completely phasing out its previous walled-in protocol.
Previously:
AirDrop Android Digital Markets Act (DMA) European Union iOS iOS 26 Mac macOS Tahoe 26 Wi-Fi
Monday, December 15, 2025
Fatbobman:
Core Data/SwiftData does not create separate tables for each subclass. Instead, it merges data from the parent entity and all its child entities into a single table (usually named after the parent entity).
[…]
- The Wide Table Problem: If there are many types of child entities with distinct attributes, this table will end up with a massive number of columns (a “Wide Table”). Even in the Swift 6 / iOS 26 environment, while hardware has improved, loading wide rows containing a vast number of
NULL values still consumes extra memory bandwidth.
- Index Efficiency: Since all subclasses share a single table, the indexes can become bloated, potentially slowing down insertions and updates.
- Data Migration: Modifying the model of any single subclass (e.g., adding a property) requires touching this massive core table that holds all the data.
I think the most important performance tip is that using inheritance can really slow down fetches. If you try to fetch a particular entity using an indexed property, Core Data may have to do a lot of extra row scanning.
Sometimes, it will use the property index but then have to scan to find the matches that are of the right entity. This can be addressed by making a compound index that contains both the property and Z_ENT. With Core Data, you can do this by specifying the entity key path. I haven’t see any indication that it’s possible with Swift Data.
Other times, it will use the Z_ENT index in preference to the property index, which can be a really bad a idea if there are many objects with matching entities but few with matching properties. Because the Z_ENT in the WHERE clause is generated by Core Data, you can’t use noindex: to prevent it from using that index. It can be faster to fetch on the base entity, e.g. intentionally fetch objects that are of the wrong type but at least using the right index, and then filter for the desired entity later. With my data, it’s fine to do this in RAM because there aren’t many matches. But you can also check the entity (against a string) in the fetch request’s predicate. If your desired entity has subentities, you’ll need to check against all their names. Again, I don’t know how to do this with Swift Data.
Previously:
Core Data Database iOS iOS 26 Mac macOS Tahoe 26 Optimization Programming SQLite SwiftData
Saturday, December 13, 2025
Paris Buttfield-Addison (Bluesky, Hacker News, John Gruber):
My Apple ID, which I have held for around 25 years (it was originally a username, before they had to be email addresses; it’s from the iTools era), has been permanently disabled. This isn’t just an email address; it is my core digital identity. It holds terabytes of family photos, my entire message history, and is the key to syncing my work across the ecosystem.
[…]
The only recent activity on my account was a recent attempt to redeem a $500 Apple Gift Card to pay for my 6TB iCloud+ storage plan. The code failed. The vendor suggested that the card number was likely compromised and agreed to reissue it.
[…]
I effectively have over $30,000 worth of previously-active “bricked" hardware. My iPhone, iPad, Watch, and Macs cannot sync, update, or function properly. I have lost access to thousands of dollars in purchased software and media.
[…]
Apple representatives claim that only the “Media and Services” side of my account is blocked, but now my devices have signed me out of iMessage (and I can’t sign back in), and I can’t even sign out of the blocked iCloud account because… it’s barred from the sign-out API, as far as I can tell.
Apple support was no help. We’ve been hearing stories like this for years, where someone who did nothing wrong loses access to their account and all their purchases and data. There still seems to be no solution other than running to the press after the fact. There’s no way to know that a gift card purchased through normal channels is bad. Apple won’t tell you what the actual problem was or provide any path to reinstatement. They just recommend creating a new account, which isn’t a real solution. You would still lose access to your data and purchases. As a developer, your apps would still belong to the old account, as would the purchases and data of anyone who used them. Resubmitting the apps through a new developer account would be a violation of Apple’s guidelines and potentially lead to a lifetime ban.
At the individual level, it seems like there are only a few things we can do to reduce our risk. First, use separate Apple IDs for personal and developer stuff. Second, it’s not worth trying to get a deal on a discounted gift card. If someone gives you a gift card, maybe save it for a hardware purchase so that you can use it without linking it to your account.
It shouldn’t matter—no one should have to go through this—but:
I am not a casual user. I have literally written the book on Apple development (taking over the Learning Cocoa with Objective-C series, which Apple themselves used to write, for O’Reilly Media, and then 20+ books following that). I help run the longest-running Apple developer event not run by Apple themselves, /dev/world. I have effectively been an evangelist for this company’s technology for my entire professional life. We had an app on the App Store on Day 1 in every sense of the world.
vintagedave:
I went to Uni with this person (though I doubt they remember me.) They have a very high reputation. If anyone should be able to resolve this, it’s them — that they can’t, and they have to go public, is absolutely terrifying and should make Apple execs pay attention.
I mean that. Exec level. This story and that this specific person cannot get it fixed indicates absolute failure.
SanjayMehta:
I have escalated this through my many friends in WWDR and SRE at Apple, with no success.
Update (2025-12-13): Paris Buttfield-Addison:
I do have backups of most data, including photos, but there are things you can’t backup like shared actively edited iWork documents, and things like that.
Previously:
Update (2025-12-15): Rui Carmo:
This is absolutely fracking insane, and one of the things that terrifies me the most about the way Apple (or Google) handle account blockages and support. The complete blanket blocking of all services, the lack of any meaningful support, and the complete absence of any recourse or appeal process (including the Kafkaesque “you can only contact us from a device signed in to your account” requirement) is a recipe for utter disaster.
[…]
Because the current situation is untenable, and without human contact points or sane checkpoints it is only a matter of time before someone figures out how to do this at scale to purposefully lock other people out of their accounts.
Brandon Vigliarolo:
The YouTubers we covered and Buttfield-Addison are lucky enough to have a high profile that merits media attention, but if the average Apple customer has their account irrevocably suspended after purchasing a gift card that someone already registered through a scam, it’s much harder to draw attention to the matter.
This incident also raises the specter of questionable digital content ownership.
Nick Heer:
This post has been circulating and, since publishing, Buttfield-Addison says he has been contacted by someone at Apple’s “Executive Relations”, but still does not have access to his account. I hope his situation is corrected promptly.
What I am stunned by is the breadth of impact this lockout has, and what a similar problem would mean for me, personally. I do not blame Buttfield-Addison or anyone else for having so much of their digital life ensconced in an Apple Account. Apple has effectively made it a requirement for using the features of its devices and, thanks to Apple’s policy of only trusting itself, creates limitations to using third-party services. You cannot automatically back up an iPhone or iPad to a third-party service, for example, in the same way as you can iCloud.
Peter Steinberger:
I rely on gift cards since for historical reasons my account is US-based and Apple made switching borderline impossible. (e.g. you cannot have *any* active subs, and cancelled is still active until finished, so the process would take a year, and there are far more gotchas). CCs are geo-locked so they don’t work.
This makes me very uneasy.
yonilevy:
happened to me, luckily on a secondary account. lessons learned: don’t ever use gift cards / prepaid cards with , add a backup user to your dev account
Kyle Howells:
Once accounts like Apple Accounts and Google accounts reach a certain level of importance, I genuinely believe the companies should not have the ability to lock or delete them anymore.
An automated system automatically locking or deleting your account with no recourse can ruin your life in today’s world where everything is tied to either an Apple account or Google account (iPhone or Android).
At Apple’s scale, this is probably happening to lots of people we haven’t heard about. Why gate it based on importance? Recourse should be available to everyone.
It remains unclear to me why Apple’s default reaction is to kill entire accounts, rather than only lock the features that could potentially cause harm.
Previously:
Update (2025-12-16): Paris Buttfield-Addison:
Someone from Executive Relations at Apple says they’re looking into it.
Paris Buttfield-Addison:
Apple computer says no.
Anyone got a lawyer to recommend to help me write a nastygram to Apple and/or help me sue them?
Marc Edwards:
This entire situation is terrifying. Paris’ account hasn’t been restored and Apple said they can’t help.
Malcolm Owen:
A senior Apple Support advisor contacted AppleInsider about the story, pointing out some factors that complicate the issue.
They assert that it is very unlikely that the particular card caused the account to be locked on its own. While there are many steps for an advisor to check and protect against fraud by scammers, the attempt wouldn’t necessarily flag the account on its own.
People always say this, but Apple never comments on what those other factors are, and, in all the specific cases of account locking that we’ve seen, I don’t recall it ever coming out that the victim actually did something bad.
Update (2025-12-17): Colin Cornaby:
I’ve usually regarded iCloud as a pretty safe harbor but this makes me strongly reconsider. If he has this large of a megaphone and still has had no movement from Apple I can’t imagine how impossible this would be for someone like me. And over a legitimately bought gift card? Now I’m worried redeeming an Apple gift card will blow up my account.
Adam Engst:
I had expected that escalation from his friends within Apple and the negative press attention would be sufficient to cause Apple’s Executive Relations team (which handles serious issues sent to [email protected]) to resolve it quickly.
[…]
As far as I can tell from his extensively documented story, Buttfield-Addison did nothing wrong.
[…]
There is one way the Apple community could exert some leverage over Apple. Since innocently redeeming a compromised Apple Gift Card can have serious negative consequences, we should all avoid buying Apple Gift Cards and spread the word as widely as possible that they could essentially be malware.
Update (2025-12-18): See also: Reddit.
Malcolm Owen:
There’s also the technical problem in that, if a new account is created on the currently-owned and probably hardware-flagged devices, the new account could be linked to the banned account. That would mean the new account would be disabled for attempting to circumvent Apple’s security measures and policies.
Kuba Suder:
It’s honestly kinda terrifying that the locked account thing still isn’t resolved after it got shared widely in the Apple community…
Mike Rockwell:
Seeing something like this just reaffirms that I’ve been heading in the right direction by moving what I can to self hosting and reducing my reliance on Apple and other major tech companies. The risks are just too darn high and the lack of transparency and recourse doesn’t help the situation.
Nick Heer:
Morris is correct, and there is an equally worrisome question looming in the distance: when does Apple permanently delete the user data it holds? Apple does not say how long it retains data after an account is closed but, for comparison, Google says it takes about two months. Not only can one of these corporations independently decide to close an account, there is no way to know if it can be restored, and there is little help for users.
[…]
I cannot tell you what to do, but I would not buy an Apple gift card for someone else, and I would not redeem one myself, until Apple clearly explains what happened here and what it will do to prevent something similar happening in the future.
John Gruber (Mastodon, Hacker News):
I suspect that one part of Buttfield-Addison’s fiasco is the fact that his seemingly problematic gift card was for $500, not a typical amount like $25, but that’s just a suspicion on my part. We don’t know — because key to the Kafka-esque nature of the whole nightmare is that his account cancellation was a black box. Not only has Apple not yet restored his deactivated Apple Account, at no point in the process have they explained why it was deactivated in the first place. We’re left to guess that it was related to the tampered gift card and that the relatively high value of the card in question was related. $500 is a higher value than average for an Apple gift card, but that amount is less than the average price for a single iPhone. Apple itself sets a limit of $2,000 on gift cards in the US, so $500 shouldn’t be considered an inherently suspicious amount.
The whole thing does make me nervous about redeeming, or giving, Apple gift cards. […] Until we get some clarity on this I feel like I’d only redeem Apple gift cards at an Apple retail store, for purchases not tied to my Apple Accounts.
[…]
My other question: Were any humans involved in the decision to deactivate (disintegrate?) his account, or was it determined purely by some sort of fraud detection algorithm?
John Gruber:
If I saw someone opening gift cards in-store before purchasing them, I’d think they were shameless scammers. If you need to destroy the retail packaging for a gift card to feel certain it hasn’t been tampered with, the whole systems seems fundamentally broken. (And just eyeballing the redemption code doesn’t prove it hasn’t been tampered with.)
Peter N Lewis:
I don’t get why attempting to redeem an already used gift card would lock your account in the first place. Surely it would just be rejected? And surely in such a situation, the original redeemer is more likely to be the bad guy?
Paris Buttfield-Addison:
A lovely man from Singapore, working for Apple Executive Relations, who has been calling me every so often for a couple of days, has let me know it’s all fixed. It looks like the gift card I tried to redeem, which did not work for me, and did not credit my account, was already redeemed in some way (sounds like classic gift card tampering), and my account was caught by that. Obviously it’s unacceptable that this can happen, and I’m still trying to get more information out of him, but at least things are now mostly working. Strangely, he did tell me to only ever buy gift cards from Apple themselves; I asked if that means Apple’s supply chain of Blackhawk Network, InComm, and other gift card vendors is insecure, and he was unwilling to comment.
It’s great that he has his account back; but, as Gruber says, it “leaves the question of how this happened in the first place, and why it took the better part of a week to resolve.” I don’t think anyone feels more safe now that Buttfield-Addison’s case is resolved than they did before they knew this was a thing that could happen without your having done anything wrong. There’s a sort of digital death penalty administered with no trial or process for appeal. All you can do is run to the press and hope for the best.
I would like to see—but have no illusion that it would ever happen—a postmortem from Apple about this, along the lines of last month’s Cloudflare post about its own outage. What factors can lead to an Apple account being locked? Why does Apple think this is the appropriate response? What flaws in Apple’s systems led to Buttfield-Addison’s account being locked inappropriately? Why is there no process to get accounts reinstated? Why did support and even executive relations initially tell him the account couldn’t be restored? What changes are being made so that others don’t have to go through this in the future?
Those are questions for Apple. For us, I think there are two takeaways. First, it’s probably not worth the risk of buying or redeeming Apple gift cards. Second, take stock of what you do on your Mac that requires an iCloud account but isn’t covered by your backup system, in case the account is locked or taken over. Do you have photos or iCloud Drive files that aren’t stored locally? Do you rely on iCloud Drive or iWork’s sharing features? Do you have ways of logging into Web sites without using passkeys—since even a full Time Machine restore to the same Mac can’t restore access to your passkeys if iCloud isn’t working.
Previously:
Update (2025-12-19): Adam Engst:
The more I think about this situation, the more dubious Apple Gift Cards seem. It appears to have worked out for Buttfield-Addison in the end, but he had friends inside Apple and the connections necessary to trigger significant negative press coverage. But this is not an isolated problem. TidBITS reader Brian Hoberman shared a similar story on TidBITS Talk, and a search for “gift card disabled” on the Apple Support Community forums yielded over a thousand discussions. Scanning them reveals many people who were likely victims of various scams, but that also means Apple is further victimizing them by locking their accounts.
[…]
Given those facts, I would never give anyone an Apple Gift Card, and if I received one, I would redeem it only at an Apple Store for physical items. The likelihood of a problem may be very low, but the impact of being locked out of my Apple Account is very high.
Update (2025-12-22): Alan Jacobs:
The next step: to ensure that other mission-critical data are transferred to cross-platform or even non-digital sources. I’ve exported my notes from the various note-taking apps I’ve used in the past to text files, and I’ve stopped using Apple Reminders and Calendar — in those cases going all-in on paper (I was already mostly there). For some task-related matters, I may be making more use of Workflowy, which offers the option of regularly uploading copies of your outlines as text files to Dropbox.
[…]
Paper in preference to digital; flat files in preference to databases; cross-platform tools in preference to one-platform tools.
See also: Slashdot.
Previously:
App Store Apple Developer Account Apple ID Backup Bargain Datacide iCloud iCloud Photo Library iOS iOS 26 iWork Mac Mac App Store macOS Tahoe 26 Messages in iCloud Passkeys Top Posts
Friday, December 12, 2025
Apple (xip, downloads):
Xcode 26.2 includes Swift 6.2.3 and SDKs for iOS 26.2, iPadOS 26.2, tvOS 26.2, macOS 26.2, and visionOS 26.2. Xcode 26.2 supports on-device debugging in iOS 15 and later, tvOS 15 and later, watchOS 8 and later, and visionOS. Xcode 26.2 requires a Mac running macOS Sequoia 15.6 or later.
[…]
You can now annotate C types with the SWIFT_SHARED_REFERENCE attribute.
[…]
Retain and release operations for SWIFT_SHARED_REFERENCE types can now be methods of the type. You can now annotate a C/C++ type with SWIFT_SHARED_REFERENCE(.doRetain, .doRelease) to use methods doRetain and doRelease as the lifetime operations for the type.
Nothing about the simulator and visionOS issues.
Previously:
Update (2026-01-07): Christian Tietze:
My Xcode 26.2 still suffers from an inability to compile Metal shader files because it can’t find the Metal toolchain[…] But I did have success mounting the .dmg file with the toolchain manually.
C Programming Language C++ Programming Language Mac macOS Tahoe 26 Memory Management Metal Programming Xcode
Juli Clover (release notes, security, enterprise, developer, full installer, IPSW):
macOS Tahoe 26.2 includes Edge Light, a feature that illuminates your face with soft light when you’re on a video call in a room with poor lighting. The update also adds alarms for the Reminders app, new podcast features, updated AirDrop settings, and more.
When was the last time Apple released new OS versions on a Friday?
Jeff Johnson:
I think macOS 26.2 once again erased my Local Network permissions.
Previously:
Update (2025-12-15): Nick Heer:
I have found the version of Safari in this build of MacOS 26.2 is noticeably buggy. It sometimes stops letting me scroll a webpage and, in rare cases, I have found the browser wholly crashes when closing tabs.
Rob Jonson:
Finder in tahoe 26.2
Bizare choice to show blurred through hidden left column.
Corner radius of left menu doesn’t match blur container - so there is a tiny area where it isn’t blurred!
Howard Oakley:
I have also confirmed, as I suspected from the lack of change in the RichText.mdimporter, that the ‘LG bug’ in Spotlight remains, and still hasn’t been fixed.
Apple (Hacker News):
Enables low-latency communication between Thunderbolt 5 hosts for use cases including distributed AI inference using MLX.
Jeff Johnson:
macOS 26.2 is showing a gray background for a very noticeable second on login before displaying my desktop background image (which is the default).
Rich Trouton:
As part of macOS 10.14 Mojave, Apple introduced a number of privacy controls for user data. At the same time, Apple also introduced device management options to allow authorized applications to access data protected by those privacy controls. These permissions are referred to collectively as Privacy Preferences Policy Control (PPPC) and are deployed via management profiles from an MDM server. However, up until macOS Tahoe 26.2, there was no way to see in the Privacy & Security section of System Settings which applications had which permissions granted via PPPC management profiles.
Drewski:
I’d been holding back on switching to Tahoe 26-26.1 to let the bugs get worked out, but it seems this major release I’ve seen a lot more complaints, including here. Just curious if you’ve seen improvements with 26.2.
Previously:
Update (2025-12-16): Howard Oakley:
Several of those who have already updated to macOS Tahoe 26.2 have remarked how much larger their download was than the 3.78 GB expected for Apple silicon Macs, with some reporting over 10 GB. Here I ponder how that could happen.
[…]
What is puzzling about the 26.2 update is that it wasn’t preceded by a Background Security Improvement (BSI) or Rapid Security Response (RSR). Two of the top security vulnerabilities fixed in 26.2 (and in the Safari updates for 15.7.3 and 14.8.3) are both in WebKit, which is supplied in the Safari cryptex.
Update (2025-12-17): David Deller:
Apple responded to one of my MusicKit feedbacks (slow playlist loading, FB18157502) and based on my testing, it appears to have been fixed on macOS 26.2. Still broken on 15.7.3 (current latest Sequoia). Even so, seems like progress! Happy to see it.
Update (2025-12-26): Rob Jonson:
We’re on Tahoe 26.2 and I can’t resize finder columns because the scrollbar completely covers them.
Norbert Heger:
I guess someone at Apple must enjoy looking at toolbars like this from time to time. I don’t.
Peter Cohen:
The Gigabit Ethernet port on my Thunderbolt hub for my M1 MacBook Pro stopped working. Thought it was a hardware problem because I restarted, but the hub’s connection light stayed dead. Tried swapping ports, then cables, then even the hub.
Hadn’t thought to delete the system setting altogether. Restarted to flush the NVRAM one more time. Once it restarted, the Mac recognized the Ethernet port and the hub showed a connection light.
Worth noting that this is the second odd software setting problem masquerading as a hardware issue I’ve had since upgrading to macOS 26 “Tahoe.” Can’t remember the details of the first at the moment but it took me a while to isolate and correct, regardless.
Update (2025-12-30): Atom:
After the update, my Mac no longer maintains sleep properly. When it goes into standby, it wakes up briefly every ~15–20 seconds, then goes back to sleep, repeating this cycle indefinitely. This makes proper standby essentially impossible.
Update (2026-01-07): Juli Clover:
The M4 iPad Pro models, M3 iPad Air models, A17 Pro iPad mini, M2 to M5 MacBook Pro models, M2, M3, and M4 MacBook Air models, and other Wi-Fi 6E Macs and iPads now support 160MHz maximum channel bandwidth when connected to 5GHz Wi-Fi networks, the same theoretical maximum throughput supported by 6GHz networks. Previously, these devices were limited to 80MHz.
Finder Mac macOS Release macOS Tahoe 26 Sleep Mode Wi-Fi
macOS 15.7.3 (security, full installer):
This update provides important security fixes and is recommended for all users.
macOS 14.8.3 (security, full installer):
This update provides important security fixes and is recommended for all users.
See also: Howard Oakley.
Previously:
Mac macOS 14 Sonoma macOS 15 Sequoia macOS Release
Juli Clover (release notes, security, developer):
watchOS 26.2 changes the labeling for Sleep Score point ranges to better match how people might be feeling after a night of rest. The update adjusts the ranges for Very Low, Low, OK, High, and Very High sleep score results. Very High is also a new classification that replaces Excellent.
Previously:
Update (2025-12-18): Mario Guzmán:
As of watchOS 26.2 update, my Apple Watch keeps randomly doing the push notification ding and haptic feedback but there is NO notification. Nothing pops up and when I go to Notification Center, nothing is there.
All throughout the day. Rebooted both iPhone and Apple Watch and still doing it. Gahhhhhh.
Sleep watchOS watchOS 26 watchOS Release
Juli Clover (release notes, security, enterprise, developer):
iPadOS 26.2 continues with the multitasking improvements that were added with iPadOS 26.1. You can now drag and drop apps from the Dock, Spotlight Search, or the App Library to different multitasking views, including Slide Over.
Apps can be dragged to the far left or far right to enter Slide Over mode, or to the left or right to enter a tiled view. There’s also an option to drag an app to the middle to open up a larger or smaller window, with visual indicators to make it simple.
Federico Viticci (Jason Snell, MacRumors):
As you can see, the gestures are pretty much the same ones as iPadOS 18, but the interaction is slightly different insofar as the “pull indicator” for Slide Over (re-introduced in iPadOS 26.1) now serves two purposes. That indicator now acts both as a signal that you can drop a window to instantly tile it as one half of a Split View, and it’s also a drop target to enter Slide Over right away. The design is clever, if maybe a little too hard to discover…but that’s always been the case with multitasking gestures that aren’t exposed by a menu – which is exactly why Apple is now offering plenty of options in iPadOS 26 to discover different multitasking features in different menus.
I’m glad to see Apple quickly iterate on iPadOS 26 by finding ways to blend the old multitasking system with the platform’s new windowing engine. Based on the comments I received after publishing my iPadOS 26 review, enough people were missing the simplicity of Split View and Slide Over that I think Apple’s doing the right thing in making all these multitasking systems coexist with one another.
Previously:
iOS Multitasking iPadOS iPadOS 26 iPadOS Release
Juli Clover (release notes, security, enterprise, developer):
iOS 26.2 adds an option to activate an alarm when a reminder is due, an option to change the opacity of the time on the Lock Screen, updated AirDrop functionality, and new features for the Podcasts app.
It also brings Live Translation for the AirPods to the EU, and adds support for alternative app stores and other voice assistants in Japan.
See also this previous article.
Mr. Macintosh:
To be clear, I think it’s absurd that Apple doesn’t allow iOS users to downgrade. This year, Apple unsigned iOS 18 just a week after iOS 26 launched, meaning it could never be downgraded to again.
Previously:
Update (2025-12-15): Juli Clover:
After installing iOS 26.2, if you’re just tapping through screens, you could miss the update turning on automatic software updates.
My father got tricked into updating to iOS 26, and the new Safari toolbar design broke one of his essential Web sites. (One of the site’s buttons near the bottom of the screen became inoperative, though it wasn’t actually under the liquid glass.) Fortunately, this can be worked around by changing the Safari tab bar setting.
Juli Clover (Hacker News):
Apple says that the updates address over 20 vulnerabilities, including two bugs that are known to have been actively exploited.
René Fouquet:
My wife is now giving me a daily briefing about which new part of iOS 26 she found annoying.
Today: playing podcasts via a USB connection in the car no longer works and the skip button doesn’t skip anymore.
Meek Geek:
An Apple Tech Support did an AMA.
“The 26 has made work a living hell. I tell people not to even upgrade to that bullshit.”
jvepng:
let’s start a thread of iOS 26 UI glitches
Previously:
Update (2025-12-16): Joe Rossignol:
In a support document published on Friday, Apple said that a “technical failure” in Australia prevented some older mobile phones from being able to make emergency calls by dialing 000, and it said there is a low chance that it could happen again.
[…]
For iPhone 12 users specifically, Apple vaguely stated that the iOS 26.2 update released last week “provides support for this scenario.”
Christian Tietze:
Oh god, this checkmark button is the actual new default? I thought that was just bad taste in some demo apps :)
Update (2025-12-18): Sloane Crosley:
Tech companies are accustomed to a certain amount of kicking and screaming after foisting new interfaces on the public. You can’t please all of the people all of the time, especially when “all of the people” is in the billions. But ask your friends—or Google or Reddit or Bluesky or ChatGPT—about the operating system update, and you will be swept away in a river of anger. “This is like foundationally bad,” author and musician John Darnielle replied on Bluesky to someone who agreed with his original tweet (about the poor photo-cropping function). One Reddit thread was posted under the headline “New iPhone update made me so overwhelmed, I ended up throwing my phone.” The subsequent post does not specify where the phone was thrown or at whom, but I have some suggestions. One wonders at what point a company’s petrification of obsolescence risks becoming a self-fulfilling prophecy. Ask yourself: Is this good for the phones? Normally, I’d be curious about the hissy-fit metrics inside Silicon Valley, about when public upset gets severe enough to become private data. But right now, I have my own problems.
I downloaded Apple’s new iOS 26.2 last week because I am a trained circus seal who will press any button presented to me. I came home late from a holiday party, agreed to the latest iOS almost by accident, and woke up to a new world. There’s something very A Thief in the Night about any new operating system, but in this case, the complaints, some witnessed, some personally experienced, are intense. Here is a partial list: the slow speed (every action takes twice as long), the animation of text bubbles, the incongruous mix of sensitivity and imperviousness to touch, the swipes to nowhere, the difficulty posting downloaded photos, the fact that almost nothing is where you left it (search fields, files), the unsolicited status sharing regarding dwindling battery life (“24m to 80%”), the lack of visual contrast, the screenshot fussiness, the requirement that users drive up to a mansion on Long Island and whisper “Fidelio” in order to toggle off the “Liquid Glass” function. You have to admit: It’s a little funny to get a transparency feature from a tech company.
Update (2025-12-19): John Gruber:
Lastly, iOS 26.2 seems to be the release that Apple is starting to suggest as an upgrade for users who hadn’t already installed it by choice. Be prepared for questions and complaints from non-nerd friends and family who’ve never even heard of “Liquid Glass”.
Jason Snell:
Apple generally tries not to leave behind users who haven’t updated or can’t update to the latest OS version. Apple also usually offers security updates for past OS versions, and indeed, the company also released iOS 18.7.3 to address the same issues.
Unfortunately, there’s an ugly catch: Numerous iPhone users have reported that if your iPhone is capable of running iOS 26 but you’re still back on iOS 18, you won’t be offered iOS 18.7.3. Instead, the only update option you’ll be given is iOS 26.2.
There are a lot of reasons to avoid updating to iOS 26, from a dislike of Liquid Glass to software compatibility to a general wariness to install major updates for a while. This move effectively forces users to take the iOS 26 upgrade if they want the security updates.
[…]
Apple shouldn’t be withholding a security update from people not willing to upgrade to the next OS version.
Update (2025-12-22): Ryan Christoffel:
But in iOS 26.2, there’s a new AirDrop enhancement available: “codes.”
[…]
Now, if there’s someone you want to use AirDrop with who isn’t in your contacts, you can temporarily “authorize” each other via this new one-time code.
Previously:
Update (2025-12-23): Glenn Fleishman:
The new AirDrop code provides more privacy (and security), and even creates a temporary contact entry for a party agreeing to receive material.
However, it makes it even harder to use AirDrop in an ad hoc fashion—sending or receiving items quickly with another person a single time or a few times when permission is granted.
[…]
Because this code method allows 30 days of sending after using a code, it offers some balance between unwanted contact and persistent availability in the vast majority of cases in which AirDrop is used.
Update (2025-12-26): Fabian reports that the clock on the lockscreen keeps moving left (via Hacker News).
Update (2025-12-29): sid:
Drag and drop an app into a folder on iPhone.
Difficulty level: IMPOSSIBLE
I’ve had problems like this with both iOS 18 and iOS 26. I miss being able to rearrange app icons with iTunes.
AirDrop Australia iOS iOS 26 iOS Release iPhone 12 Liquid Glass Software Update
Juli Clover (no release notes):
According to Apple’s release notes, HomePod Software 26.2 includes performance and stability improvements.
Needless to say, it still won’t play a lot of the music I’ve purchase from Apple.
Previously:
audioOS audioOS 26 audioOS Release
Juli Clover (release notes, security, developer):
The tvOS 26.2 update changes the way that profiles work on the Apple TV , adding an option to create a profile without an Apple Account. With no need for an Apple Account, profiles can be created for guests and children.
For profiles made for children, there is an age-restricted mode that limits the content that kids can access in the Apple TV app.
Previously:
tvOS tvOS 26 tvOS Release
Juli Clover (release notes, security, no enterprise, developer):
visionOS 26.2 expands the Travel Mode feature to cars and busses, plus it adds new features for spatial accessories like the Logitech Muse.
Previously:
visionOS visionOS 26 visionOS Release
