David Shayer, who worked as a software engineer at Apple for 18 years across iPod, the Apple Watch, and Apple's bug-tracking system Radar, among other projects, looks at the current iOS and macOS releases and tries to work out why they are so buggy. He writes: 1. Overloaded Feature Lists Lead to Schedule Chicken: Apple is aggressive about including significant features in upcoming products. Tight schedules and ambitious feature sets mean software engineers and quality assurance (QA) engineers routinely work nights and weekends as deadlines approach. Inevitably some features are postponed for a future release, as we saw with iCloud Drive Folder Sharing. In a well-run project, features that are lagging behind are cut early, so engineers can devote their time to polishing the features that will actually ship. But sometimes managers play "schedule chicken" since no one wants to admit in the departmental meeting that their part of the project is behind. Instead, they hope someone else working on another aspect of that feature is running even later, so they reap the benefit of the feature being delayed without taking the hit of being the one who delayed it. But if no one blinks, engineers continue to work on a feature that can't possibly be completed in time and that eventually gets pushed off to a future release.

2. Crash Reports Don't Identify Non-Crashing Bugs: If you have reporting turned on (which I recommend), Apple's built-in crash reporter automatically reports application crashes, and even kernel crashes, back to the company. A crash report includes a lot of data. Especially useful is the stack trace, which shows exactly where the code crashed, and more importantly, how it got to that point. A stack trace often enables an engineer to track down the crash and fix it. Crash reports are uniquely identified by the stack trace. The same stack trace on multiple crash reports means all those users are seeing the same crash. The crash reporter backend sorts crash reports by matching the stack traces, and those that occur most often get the highest priority. Apple takes crash reports seriously and tries hard to fix them. As a result, Apple software crashes a lot less than it used to. Unfortunately, the crash reporter can't catch non-crashing bugs. It's blind to the photos that never upload to iCloud, the contact card that just won't sync from my Mac to my iPhone, the Time Capsule backups that get corrupted and have to be restarted every few months, and the setup app on my new iPhone 11 that got caught in a loop repeatedly asking me to sign in to my iCloud account, until I had to call Apple support. (These are all real problems I've experienced.) Shayer has offered several more possible explanations in the original post.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 78 for Windows, Mac, Linux, Android, and iOS. The release includes the CSS Properties and Values API, Native File System API, new Origin Trials, and dark mode improvements on Android and iOS. You can update to the latest version now using Chrome's built-in updater or download it directly from google.com/chrome. With over 1 billion users, Chrome is both a browser and a major platform that web developers must consider. In fact, with Chrome's regular additions and changes, developers often have to stay on top of everything available -- as well as what has been deprecated or removed. Chrome 78, for example, removes the XSS Auditor due to privacy concerns. Chrome 78 implements the CSS Properties and Values API to let developers register variables as full custom properties. There's a new Native File System API that lets developers build web apps that interact with files on the user's local device. Chrome 78 adds to the Original Trials introduced in Chrome 77, such as Signed Exchanges and SMS Receiver API. "The former allow a distributor to provide content signed by a publisher," reports VentureBeat. "The latter allows websites to access SMS messages that are delivered to the user's phone."

Other features that are rolling out gradually include the ability to be able to highlight and right-click a phone number link in Chrome and forward the call to their Android device. "Some users might also see an option to share their clipboard content between their computers and Android devices," adds VentureBeat. "Chrome is also getting Google Drive integration. From Chrome's address bar, you will be able to search for Google Drive files that you have access to."

An anonymous reader writes: Mozilla today launched Firefox 70 for Windows, Mac, Linux, Android, and iOS. Firefox 70 includes social tracking protection, a Privacy Protections report, new Lockwise features, and performance improvements on Windows and macOS. Firefox 70 for desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. The Android version is trickling out slowly on Google Play and the iOS version is on Apple's App Store. According to Mozilla, Firefox has about 250 million active users, making it a major platform for web developers to consider. With Firefox 70, Mozilla now also includes social tracking protection under the Standard setting. It blocks cross-site tracking cookies from sites like Facebook, Twitter, and LinkedIn.

If Chrome for Android users visit a site where they enter passwords, Chrome will isolate that site from all the other tabs in a separate Android process, keeping the user's data safe from Spectre-like attacks, Google said today. From a report: Furthermore, Site Isolation, which has been available for desktop users since July 2018, has also been expanded for Windows, Mac, Linux, and Chrome OS users, which now receive protection against more attacks than the original Meltdown and Spectre vulnerabilities. Site Isolation is a Chrome security feature that Google started developing as a way to isolate each website from one another, so malicious code running on one site/tab couldn't steal data from other websites/tabs. Site Isolation was developed to act as a second layer of protection on top of Same Origin Policy (SOP), a browser feature that prevents websites from accessing each other's data. Google developed Site Isolation because browser bugs often allowed sites to jump the SOP barrier and steal user data stored in the browser, created by other sites.

Scientists have uncovered a glitch in a piece of code that could have yielded incorrect results in over 100 published studies that cited the original paper. From a report: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, last week in the journal Organic Letters. "This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]." Yuheng Luo, a graduate student at the University of Hawai'i at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria. The aim of the project was to "try to find compounds that are effective against cancer," Williams said.

Over 100 published studies may have incorrect results thanks to a glitchy piece of Python code discovered by researchers at the University of Hawaii.

An anonymous reader quotes Motherboard: The glitch caused results of a common chemistry computation to vary depending on the operating system used, causing discrepancies among Mac, Windows, and Linux systems. The researchers published the revelation and a debugged version of the script, which amounts to roughly 1,000 lines of code, on Tuesday in the journal Organic Letters.

"This simple glitch in the original script calls into question the conclusions of a significant number of papers on a wide range of topics in a way that cannot be easily resolved from published information because the operating system is rarely mentioned," the new paper reads. "Authors who used these scripts should certainly double-check their results and any relevant conclusions using the modified scripts in the [supplementary information]."

Yuheng Luo, a graduate student at the University of Hawaii at Manoa, discovered the glitch this summer when he was verifying the results of research conducted by chemistry professor Philip Williams on cyanobacteria... Under supervision of University of Hawaii at Manoa assistant chemistry professor Rui Sun, Luo used a script written in Python that was published as part of a 2014 paper by Patrick Willoughby, Matthew Jansma, and Thomas Hoye in the journal Nature Protocols . The code computes chemical shift values for NMR, or nuclear magnetic resonance spectroscopy, a common technique used by chemists to determine the molecular make-up of a sample. Luo's results did not match up with the NMR values that Williams' group had previously calculated, and according to Sun, when his students ran the code on their computers, they realized that different operating systems were producing different results.

Sun then adjusted the code to fix the glitch, which had to do with how different operating systems sort files.
The researcher who wrote the flawed script told Motherboard that the new study was "a beautiful example of science working to advance the work we reported in 2014. They did a tremendous service to the community in figuring this out."

Sun described the original authors as "very gracious," saying they encouraged the publication of the findings.

Last year, Apple software chief Craig Federighi said developers would be able to easily bring their iPad apps to Mac computers, essentially letting coders write an app once and deploy it across millions more devices. So far, the reality has fallen short for some developers and is even leaving consumers paying twice for apps. From a report: Major app developers and service providers like Netflix are also demurring on taking part, at least at this early stage. Apple rolled out Catalyst, the technology to transition iPad apps into Mac versions, on Monday. It's the initial step toward a bigger goal: By 2021, developers should be able to build an app once and have it work on iPhones, iPads and Mac computers through a single, unified App Store. But the first iteration, which appears to still be quite raw and in a number of ways frustrating to developers, risks upsetting users who may have to pay again when they download the Mac version of an iPad app they've already bought.

"As a user, I don't want to pay again just to have the same app," said longtime Apple developer Steven Troughton-Smith. "As a developer, I don't want my users to have to make that decision." James Thompson has had to work harder than he expected to get his popular PCalc calculator iPad app running well on Mac computers. Getting paid a second time for that extra work makes sense for developers, but consumers may not immediately understand that after Apple made the porting process sound as easy as checking a box, he said. Kevin Reutter, who has brought his Planny app to Mac computers, called the situation "sad."

iTunes is officially dead with the release of macOS Catalina today. Apple decided to break apart the app into separate Apple Music, Podcasts and TV apps. "Each is better at its individuals task than it was as a section within iTunes, which was teetering on collapse like the Jenga tower of various functions it supports," writes Dieter Bohn via The Verge.

"In the early days, iTunes was simply a way to get music onto Apple's marquee product, the iPod music player," reports Snopes. "Users connected the iPod to a computer, and songs automatically synced -- simplicity unheard of at the time." It was the first service to make songs available for 99 cents apiece, and $9.99 for most albums -- convincing many people to buy music legally than seek out sketchy sites for pirated downloads. "But over time, iTunes software expanded to include podcasts, e-books, audiobooks, movies and TV shows," recalls Snopes. "In the iPhone era, iTunes also made backups and synced voice memos. As the software got bloated to support additional functions, iTunes lost the ease and simplicity that gave it its charm. And with online cloud storage and wireless syncing, it no longer became necessary to connect iPhones to a computer -- and iTunes -- with a cable."

What did you like or dislike about iTunes? When you look back at the media player, what are you reminded of?

It's happening a little later in the season than usual, but Apple's latest version of macOS is available to download today. From a report: Catalina arrives on the heels of iOS 13, which saw several back-to-back updates after an initially rough launch. For what it's worth, I've been using successive versions of the Catalina beta as my daily driver for months now and can assure you that the latest build is stable enough to safely install. [...] Speaking of games, today also marks the first time that Catalina beta users will have been able to play Apple Arcade games. If you're wondering how the heck you'll play those titles from your Mac, it's worth a reminder that many Arcade games support Xbox and PlayStation controllers.

Also new in this release: As you browse episodes in the podcast app, you'll see avatars for guests and hosts. Apple also says it's made some small usability tweaks to Sidecar, the feature that allows you to use an iPad as a secondary Mac display. You'll also notice more promotional Apple TV+ material in the new TV app, which makes sense -- the streaming service launches November 1st. It'll cost $4.99 a month, but Apple is offering a free year with the purchase of a new Mac, iPhone, iPad or Apple TV. Further reading: Apple's MacOS Catalina Opens Up To iPad Apps; Apple Will Permanently Remove Dashboard In macOS Catalina; Apple Replaces Bash With Zsh as the Default Shell in macOS Catalina; and Apple Finally Kills iTunes.

ugen (Slashdot reader #93,902) writes: Something I discovered today, while trying to change a MAC address on a new MacBook Air (as I did for years on other MacBooks): ifconfig en0 ether "new mac" no longer works. It appears that this is a change made sometime last year, applicable to all Apple newer MacBooks.

Implications of permanently fixed MAC addresses on privacy and security are hard to underestimate. Given that Windows now supports complete Wifi MAC address randomization — I am sad to admit that Microsoft looks like a champion of privacy here. What are your thoughts? Solutions anyone knows of (I'll take a reasonable technical hack).

Here are a few mentions of this elsewhere:
Mac Rumors forums
The GitHub repo for SpoofMAC
A discussion on Stack Overflow
I've seen other theories about what's going on, though the bigger question is still what's the solution? Leave your own thoughts and suggestions in the comments.

And did MacOS stop allowing changes to wifi MAC addresses?

An anonymous reader writes: "DDoS-for-hire services, also known as DDoS booters, or DDoS stressors, are abusing macOS systems to launch DDoS attacks," reports ZDNet. "These attacks are leveraging macOS systems where the Apple Remote Desktop feature has been enabled, and the computer is accessible from the internet, without being located inside a local network, or protected by a firewall. More specifically, the attackers are leveraging the Apple Remote Management Service (ARMS) that is a part of the Apple Remote Desktop (ARD) feature. When users enable the Remote Desktop capability on their macOS systems, the ARMS service starts on port 3283 and listens for incoming commands meant for the remote Mac." Hackers have figured out a way to bounce traffic off these ports and carry out DDoS attacks with the help of internet connected Macs. Nearly 40,000 macOS systems are currently connected online and can be used to send out DDoS attacks.

Microsoft today announced that Windows Virtual Desktop has hit worldwide general availability. As a result, you can deploy and scale your Windows desktops and apps on Azure "in minutes," the company said today. From a report: Think of Windows Virtual Desktop as a tool for deploying and scaling Windows desktops and apps on Azure with built-in security and compliance. The Azure-based service provides a virtualized multi-session Windows 10 experience and Office 365 ProPlus virtual desktop on any device. The Windows Virtual Desktop client is available on Windows, Mac, Android, iOS, and HTML 5. Windows Virtual Desktop also supports Windows Server Remote Desktop Services (RDS) desktops and apps in a shared public cloud. Microsoft announced Windows Virtual Desktop in September 2018, but only in private preview.

Developer Riley Testut is launching an alternative to Apple's App Store, called AltStore, that theoretically lets you "push the boundaries" of iOS without either jailbreaking or worrying that Apple will pull access. Engadget reports: AltStore works by fooling your device into believing that you're a developer sideloading test apps. It uses an app on your Mac or Windows PC to re-sign apps every seven days, using iTunes' WiFi syncing framework to reinstall them on your device before they expire. You only need a free Apple ID (a throwaway will do) to install apps that Apple would never allow, such as Testut's Delta emulator for Nintendo consoles.

In theory, there's not much Apple can do to easily shut things down. It could take down individual accounts, but you could just create another Apple ID if needed. Also, iOS only looks for an excessive number of app provisioning profiles, not the number of apps you have installed. So long as AltStore manages those profiles, Apple doesn't know if you're running one app or twenty. Testut told The Verge that measures to block AltStore would break key functionality for developers or iTunes syncing. AltStore is available in preview form now, with a formal launch due on September 28th. "People who back Testut's Patreon will also have the option to install almost any app, not just those in the store," the report adds.

A faulty Google Chrome update is likely to blame for the issue Monday that resulted in Mac Pro workstations being rendered unusable at a number of Hollywood studios. "We recently discovered that a Chrome update may have shipped with a bug that damages the file system on MacOS machines," the company wrote in a forum post. "We've paused the release while we finalize a new update that addresses the problem." Variety reports: Reports of Mac Pro workstations refusing to reboot started to circulate among video editors late Monday. At the time, the common denominator among impacted machines seemed to be the presence of Avid's Media Composer software. The issue apparently knocked out dozens of machines at multiple studios, with one "Modern Family" reporting that the show's entire editing team was affected. Avid's leadership updated users of its software throughout the day, advising them to back up their work and not to reboot their machines.

The real culprit was apparently a recent release of Google's Keystone software, which is included in its Chrome browser to automatically download updates of the browser. On computers that had Apple's System Integrity Protection disabled, the update corrupted the computer's file system, making it impossible to reboot. System Integrity Protection is an Apple technology that is meant to ensure that malicious software doesn't corrupt core system files. Google advised affected users on how to uninstall the Chrome update, and also suggested that most users may not be at risk at all. "If you have not taken steps to disable System Integrity Protection and your computer is on OS X 10.9 or later, this issue cannot affect you," the forum post reads. A possible connection to Chrome was first detailed on the Mr. Macintosh blog Tuesday afternoon. As for why several Hollywood studios were hit the hardest, one theory suggests it's because many of the video editors had to disable System Integrity Protection in order to work with external audio and video devices that are common in professional editing setups.

Variety also suggests that the hardware dongles used for licensing Avid may have played some role in the shut-downs.

tearmeapart writes (edited to add more details): Cloudflare is opening up its security and speed-focused mobile VPN service called WARP and WARP Plus to the general public. WARP is a mobile app for Android and Apple to establish a VPN to CloudFlare's huge global network. Cloudflare is promising:
1. No user-identifiable log data to disk;
2. No selling browsing data;
3. No need to provide any personal information
4. Regularly get audited. This is the second time Cloudflare is launching Warp. The VPN builds on Cloudflare's existing mobile app 1.1.1.1, which encrypts domain name system connections. But Warp goes beyond this protection to encrypt the whole journey from your device to a web server and back -- even if the website itself still isn't offering HTTPS web encryption. And all of this happens quickly, without draining your battery, and without complicated setup. In an interview with Wired, Cloudflare CEO Matthew Prince said: Yeah, what we thought was going to be easy back in April turned out to be a lot harder than we expected. We had been testing this primarily in San Francisco and Austin and London, which is where the teams that were working on this are based. But as soon as users started to get anywhere that didn't have a fairly reliable internet connection, just all hell broke loose. The report adds: In describing the hurdles Cloudflare faced getting Warp off the ground, John Graham-Cumming, the company's chief technology officer, and Dane Knecht, its head of product strategy, note that many of the challenges came from dealing with interoperability issues between mobile device models, operating system versions, and different mobile network and Wi-Fi configurations around the world. For example, Warp is built on a newer secure communication protocol for VPNs known as WireGuard, which isn't ubiquitous yet and therefore isn't always natively supported by devices. The team also faced challenges dealing with web protocols and standards that are implemented inconsistently across different wireless carriers and internet service providers around the world. Cloudflare's 1.1.1.1 focuses on encrypting DNS connections specifically, but Warp aims to encompass everything in one protected tunnel. Keeping everything together as data traverses the labyrinth of servers that make up the internet, including Cloudflare's own massive network, was tough. Warp is free to use without any bandwidth caps or limitations. But Warp Plus, which is being offered through a monthly subscription fee, offers a "faster version of Warp that you can optionally pay for. The fee for Warp Plus varies by region and is designed to approximate what a McDonald's Big Mac would cost in the region. On iOS, the Warp Plus pricing as of the publication of this post is still being adjusted on a regional basis, but that should settle out in the next couple days. Warp Plus uses Cloudflare's virtual private backbone, known as Argo, to achieve higher speeds and ensure your connection is encrypted across the long haul of the Internet. We charge for it because it costs us more to provide," the company said in the blog post.

A possible computer virus attack has knocked out Mac Pro workstations for many film and TV editors across Los Angeles. According to Variety, the issue -- which is causing the workstations to refuse to reboot -- is widespread among users of Mac Pro computers running older versions of Apple's operating system as well as Avid's Media Composer software. From the report: Avid said in a statement that it was aware of the issue: "Avid is aware of the reboot issue affecting Apple Mac Pro devices running some Avid products, which arose late yesterday. This issue is top priority for our engineering and support teams, who have been working diligently to determine and resolve the root cause. As we learn more, we will immediately publish information -- directly to our customers and via our community forums and social media platforms -- in order to resolve this issue for all affected customers and prevent any further issues."

"A lot of L.A. post shops and people out on shows having their Macs slowly crash," reported video post-production consultant Matt Penn on Twitter. Freelance film editor Marcus Pun reposted a message from a popular Avid Facebook user group, advising users not to turn off their workstations. Other users reported that multiple computers at their company were affected by the issue, with social media chatter indicating that a number of different companies, and even major shows like "Modern Family," were affected by the issue. UPDATE: The issue appears to be caused by a Google Chrome update gone haywire.

dryriver writes: For the benefit of those who are not much into 3D technologies, as far back as the year 2000 and even earlier, there was excitement about "Web3D" -- interactive 3D content embedded in HTML webpages, using technologies like VRML and ShockWave 3D. 2D vector-based Flash and Flash animation was a big deal back then. Very popular with internet users. The more powerful but less installed ShockWave browser plugin -- also made by Macromedia -- got a fairly capable DirectX 7/OpenGL-based realtime 3D engine developed by Intel Labs around 2001 that could put 3D games, 3D product configurators and VR-style building/environment walkthroughs into an HTML page, and also go full-screen on demand. There were significant problems on the hardware side -- 20 years ago, not every PC or Mac connected to the internet had a decently capable 3D GPU by a long shot. But the 3D software technology was there, it was promising even then, and somehow it died -- ShockWave3D was neglected and killed off by Adobe shortly after they bought Macromedia, and VRML died pretty much on its own.

Now we are in 2019. Mobile devices like smartphones and tablets, PCs/Macs as well as Game Consoles have powerful 3D GPUs in them that could render great interactive 3D experiences in a web browser. The hardware is there, but 99% of the internet today is in flat 2D. Why is this? Why do tens of millions of gamers spend hours in 3D game worlds every day, and even the websites that cater to this "3D loving" demographic use nothing but text, 2D JPEGs and 2D YouTube videos on their webpages? Everything 3D -- 3D software, 3D hardware, 3D programming and scripting languages -- is far more evolved than it was around 2000. And yet there appears to be very little interest in putting interactive 3D anything into webpages. What causes this? Do people want to go into the 2020s with a 2D-based internet? Is the future of the internet text, 2D images, and streaming 2D videos?

Apple has confirmed Monday that it will manufacture the redesigned Mac Pro in Texas. The company said it will assemble the workstation at the same Austin, Texas plant that has produced the cylindrical Mac Pro since 2013. The reason for the move: exemptions from Trump's China tariffs for "certain necessary components" in the system. Engadget reports: Apple had received 10 out of its 15 requested exemptions for components like partial circuit boards. While Apple has a network of U.S. suppliers for its products, many of the parts for computers (and those of rivals) are still made in China -- the company wouldn't have seen much benefit from U.S. assembly if it had to pay a premium for some of the Mac Pro's key ingredients.

CEO Tim Cook (who hinted at this possibility in July) touted this as part of Apple's existing commitment to American jobs, including its recent investment into Corning. However, it's not necessarily the coup it sounds like at first blush. Apple can produce the Mac Pro stateside due to both its low volume (few people will buy a $6,000 tower for home use) and the high levels of automation at the Austin plant. This won't lead to an abundance of new jobs, and it may still be more practical to make high-volume products like iPhones and MacBooks in China even if future tariffs cut into Apple's profit margins.

Mozilla has quietly launched a new product for enterprise customers: Ability to buy paid premium support for Firefox. From a report: The premium enterprise support for Firefox costs $10 per supported installation and offers customers the ability to submit bugs privately, get critical security bug fixes, get access to a private customer portal, get access to the enterprise critical issues distribution list, and have the ability to contribute to Firefox and its roadmap. According to Mozilla, it will support Firefox installations as long as they are running on machines that meet the system requirements. Windows, Mac, and Linux based operating systems are listed in the systems requirements so all platforms should be covered by the premium support.

Google is starting to make its Chrome 77 browser update available to Windows, Mac, iOS, and Android this week. While there are many visual changes to Chrome this time, Google is introducing a new send webpage to devices feature. From a report: You can right-click on a link and a new context menu will appear that simply lets you send links to other devices where you use Chrome. If you're using Chrome on iOS you'll need to have the app open and a small prompt will appear to accept the sent tab. The feature has started showing up on Windows, Android, and iOS versions of Chrome, but it doesn't appear to be enabled in the macOS variant just yet. Chrome has long supported the ability to browse your open and recent tabs across multiple devices, but this send to device feature just makes things a little quicker if you're moving from browsing on a PC or laptop to a phone or vice versa.