Tuesday, June 30, 2015

Safari is the new IE

Safari is the new IE

I don’t think it’s quite as bad as the headline makes it sound, but I do seem to be seeing an increasing number of sites that simply tell me they don’t work in Safari. The most frequently frustrating example of which is Bootstrap’s customise tool.

Edit: As long as iOS is so popular (and doesn’t allow changing the default browser), users probably don’t have much to worry about. That doesn’t mean web developers have to be happy about it, though.

Thursday, February 12, 2015

Apple is promoting games without in-app purchases

Apple is promoting games without in-app purchases

I’ve harped on Apple a lot about the state of games on iOS. But this is somewhat encouraging. Someone inside Apple saw that this needed to be done. It’s not much, but it’s a start.

Friday, January 2, 2015

David Sparks's problems with iOS 8 Family Sharing

David Sparks’s problems with iOS 8 Family Sharing

For what it’s worth, Family Sharing has been flawless so far for our (small) family. I will elaborate on my own experiences, not with the intent of doubting the author, but just by way of adding more anecdotes into the mix, in case it helps someone in some way.

App Developers Must Opt In

Actually, the opt-in aspect only applies to app versions that were already on the App Store before Family Sharing was announced. It makes sense that Apple can’t retroactively enforce new terms on already-accepted app submissions, but they can mandate a new agreement for new submissions. Accordingly, Family Sharing is now in fact mandatory for all new apps, and for all app updates, released after that point. Thus, the number of apps on the Store that Family Sharing does not apply to is small and getting smaller every day, which is why this is unlikely to be a problem for many people.

In-App Purchases Are Not Included

Interesting. I haven’t encountered this yet, but I have no reason to doubt it.

It makes sense that consumables (fake currency, etc.) wouldn’t be applicable to Family Sharing. But I wonder if this also applies to non-consumable IAPs, such as episodic content? Perhaps it was easier just to treat all IAPs the same way. If so, that is a little disappointing.

iTunes Match Multiplied

This is just my opinion, but: The old way was broken. The new way is correct.

Call me selfish, but my music library is an extremely personal thing and it’s not meant to be shared. I am extremely picky about how it is organised, including all of the metadata such as recently played, play counts, star ratings, etc. I depend on all of these signals and I can’t abide anyone messing with them. As a result, prior to Family Sharing, other members of my family were effectively banned from enabling iTunes Match at all.

Now, they at least have the option to have a (separate) iTunes Match subscription, if they wish. Since the libraries are separate, it only makes sense that the subscription fee would also be separate.

I realise that not everyone is obsessive about metadata the way I am, but: It is hard for me to imagine an entire family of people having identical taste in music. More likely, they were using iTunes Match before as a sort of mega-library; a union of the sets of each person’s preferred music, each of which may have some amount of overlap. This may have been the most convenient option at the time, but it doesn’t really make sense conceptually. Each person should have their own separate library, containing exactly the things they want and nothing more. They may want to share certain select albums with each other, but my understanding is that this is exactly what Family Sharing provides–as long as the albums were purchased on the iTunes Store. If the need is to share non-iTunes-purchased albums, well… then it’s going to be a painful migration in the short term. But sometimes that’s the price you pay to have a better solution in the long term.

A less-snobby way of putting this is: Everyone’s needs are different. The old way didn’t work for me, and the new way does, so I’m happy about it. Any time you make a change, it’s going to break someone’s habits. That doesn’t always mean they were wrong.

Playlist Issues

I haven’t seen any playlists disappear so far.

App Update Hell

I have also been seeing the problem of apps that appear under ‘Updates’ but refuse to actually update. But it’s been happening to me ever since iOS 7 (and on iOS 8 for some time prior to me turning on Family Sharing). This leads me to believe that it is not solely caused by Family Sharing, although it is possible Family Sharing makes it worse for some people; but I haven’t personally seen that to be the case.

It is especially frustrating when I’m the developer of the app in question and I’m freaking out over why it’s not updating, post-approval. As best as I can tell, it is usually a server-side cache or CDN propagation ‘thing’ that resolves itself after a few hours. I’ve found if I just leave it alone for a day, auto-update eventually kicks in without me needing to do anything.

On the other hand, I have never seen any actual error message associated with this problem: when it does fail, the way it manifests is that tapping the ‘Update’ button simply silently fails to do anything. So maybe the problem I’m seeing is different than the one the author is seeing? The point is, at least for me, updates work most of the time, whether or not the app was a Family-Shared one, and the failure rate has not noticeably increased since enabling Family Sharing.


Personally, I had originally approached Family Sharing with a considerable amount of trepidation, but so far, I’ve only been pleasantly surprised at how easy and problem-free it has been.

Wednesday, December 31, 2014

Interesting interview with Nintendo CEO Satoru Iwata

Interesting interview with Nintendo CEO Satoru Iwata

Recognising the importance Shigeru Miyamoto’s methodology, and teaching it within the company:

So, I have this strange sense of duty regarding the codifying of the ‘Miyamoto Methodology’, because I feel like it would be useful to the game industry if you could put it into words.

He doesn’t seem too worried about forecasts of doom and gloom for console-style games:

Indeed, we see the trend of, as the middle of the market disappears, the big hits only become bigger. For example, there’s been four 2 million sellers released on the 3DS [in Japan] in the last five months.

We checked and that’s never happened before in the Japanese game market. So, in the middle of people saying ‘packaged software doesn’t sell anymore’ and ‘dedicated game consoles are dead’, we have this happening.

On continuing to write software, even after becoming a manager:

Actually, in my case, I kept on writing code. Until I was 40.

[…] Of course, I couldn’t write code during the week days, but, well, my nights were my own, as they say. Or, I’d take work home on my days off and write code there. If I made anything cool, I’d bring it in to work on Monday to show it to everyone and they’d all be glad to look at it and that was fun for me.

When Super Smash Bros Melee wasn’t going to ship on time, Iwata personally went in and debugged it:

[…] my actual last work on programming happened when I was working as the General Manager of Corporate Planning at Nintendo. Something happened and the Gamecube version of Super Smash Brothers didn’t look like it was going to make its release date so I sort of did a code review for it (Wry Laugh).

[…] At the time, I went to HAL Labs in Yamanashi and was the acting head of debugging. So, I did the code review, fixed some bugs, read the code and fixed more bugs, read the long bug report from Nintendo, figured out where the problem was and got people to fix those…all in all I spent about three weeks like that. And, because of that, the game made it out on time.

He advocated strongly for sleep mode, which lets you suspend and resume any game at any time (on the Nintendo DS and 3DS):

The GBA SP was also a clam-shell design, so I pretty adamantly demanded of the hardware team that it went into sleep mode when it was closed. ‘This feature is absolutely essential!’ I said. However, at that time, they told me that as it would take re-working the chip so it could be turned on and off it would take a year to do it, so I had to reluctantly withdraw my request. Nevertheless, I did tell them that they had to make sure the next system they designed would be able to go into sleep mode.

I’ve long felt that sleep mode is the one of the greatest advancements in video games of all time, and very under-appreciated. I wish it was available on all games on all platforms, and I see no reason for it not to be.

It’s the reason I often find myself reaching for my 3DS, even though the Wii U and PS3 are nearby. It’s instant-on and instant-off, and I don’t have to worry about losing my progress, ever. Life is full of interruptions, and I often don’t know how long I’m going to be able to play, or how far it is to the next save point. Booting up a console feels like a commitment. Sleep mode removes these worries and just lets me play.

If I could ask for one improvement, it would be to let me suspend a game and switch to another one, then switch back to the first one, resuming exactly where I was, just as if I had put it into sleep mode. This isn’t currently the norm on any platform that I’m aware of1 2.

(via Shay Pierce, via Siracusa)


  1. iOS has APIs to support this feature; but, non-Apple apps almost never take advantage of it, Apple doesn’t enforce it in app review, and it isn’t common enough for users to complain about its absence. ↩︎

  2. Emulators can do this, of course; even Nintendo’s own Virtual Console can do it (sometimes). But not current games. ↩︎

Tuesday, November 18, 2014

no title

Wednesday, October 22, 2014

Convenience vs. security in China

Convenience vs. security in China

This story rather fascinating to me, to see how different the basic realities of using the internet are when in China.

A bit of background about SSL failure UIs

Invalid SSL certificates, generally speaking, are not a new problem. I would guess that most internet users, no matter where they are in the world, will come across this problem at least a few times a year. Most of the time, this is due to a temporary misconfiguration on the web server, or possibly someone in charge of the web site forgetting to renew the certificate before its expiration date1. In either case, if the web site has any non-trivial number of visitors, the web site owner usually quickly learns about the problem and corrects it. There is nothing the user needs to do or really should do, other than stop trying to use the web site and try again at a later time.

As I’ve said, usually, the problem is because of an innocent mistake on the part of the web site owner; however, there is always the possibility that it is the result of an attack. The browser cannot distinguish between these two cases.

And so it was, that in the early days of web browsers, when the internet was smaller and users were assumed to be more likely to have some technical knowledge, a browser encountering an SSL problem when trying to access a web site would simply present a dialog asking the user whether they wanted to stop or continue. After all, the browser didn’t know what the reason for the problem was, so it left it up to the user to figure it out.

The problem was that users didn’t know what the reason for the problem was either, and in most cases had no understanding of the problem at all. And therefore, the browser was presenting a nonsense choice to them. It may as well have said:

Uh, we came across some kind of problem, here’s a bunch of gibberish, I dunno, did you want to visit that web site you asked for or should we just give up?

[More Info] [Cancel] [Continue]

Obviously, the user still wants to visit the web site they asked for, and doesn’t know what any of the rest of that means. So they’re going to click ‘Continue’. Every time. This is not a good thing, because, as above, it may be the result of an innocent mistake, but it may instead be an attack.

Some of the web browser makers eventually figured out their users’ habits in relation to this, and so they changed their UIs. You can see examples in this Apple support document about the problem, which shows screen shots of Firefox and Chrome, as well as Safari.

Presently, when encountering this situation, Firefox and Chrome will show a blocking error page (similar to what happens if your network is down), attempting to explain in simple terms that something is very wrong and there’s not much else that can be done about it. There is still a way to continue despite the error, but it is harder to find in the UI. This is a good thing, because continuing in the face of an SSL failure is something that really only system administrators with specific knowledge of exactly what caused the problem should be doing.

Unfortunately, Safari never implemented similar improvements, and still shows the simpler message that unwittingly encourages the user to make the wrong choice. I hope this changes. But I’m optimistic. I would think the fact that Apple needed to create a support document to explain not to click a button in their UI should be enough for them to realise that the UI should probably be changed.

And now, China

I said earlier that an SSL failure is usually the result of an innocent mistake. This has been true in my experience (as far as I know), but my experience is limited to that of a person living in the US2. China, on the other hand…

From the various reports I’ve been reading about this, it sounds like SSL failures are extremely common when visiting any web site in China, either foreign or domestic. No-one seems to know for certain, but the general assumption is that the Great Firewall is involved; this is the very definition of a man-in-the-middle attack, in no uncertain terms. But according to some3, this has also led to a more widespread lack of concern about security, to the extent that many domestic web sites don’t even bother properly configuring SSL, because their users are so used to continuing after seeing the errors, so they see little point in doing so.

But here’s a UX problem. Firefox and Chrome have, in recent years, become so assertive about discouraging users from continuing after an SSL failure, that as a practical matter, these browsers must be almost impossible for everyday use, for an ordinary user in China. What is the user supposed to do? They don’t know if the problem is being caused by the government or the web site owner, and even if they did know, there’s nothing they can do about it and it’s unlikely to change. So what do you do? Just not use the internet? How frustrating that must be.

It turns out, there is a company called Qihoo in China who provide a number of free (ad-supported) products, including anti-virus, and an apparently very popular web browser. Based on what I’ve read, it seems like this browser, as a general rule, may do absolutely nothing at all in terms of warnings or errors when it encounters an SSL failure; in other words, it simply continues to the web site as if nothing happened.

Whether Qihoo’s behaviour is a result of government mandates or simply an attempt to provide a better UX, you can see why it might be an appealing option for users. After all, if you’re generally aware that the government is probably intercepting everything, and there’s nothing you can really do about it, and you want to use the internet anyway… I’m not saying it’s what I would do, but you can see why many people would make the choice to use that product.

As far as I can tell, it doesn’t seem like Qihoo have a Mac version. But that probably doesn’t matter much–most of the people visiting icloud.com worldwide are likely using Windows, as there isn’t much of a need to visit it in a web browser if you do have a Mac. Therefore, Safari’s UI problem (explained above) probably isn’t going to make much of a difference either way to the situation in China. And even if Apple do make the Safari UI for SSL failures more like Firefox or Chrome, that may only serve to push people away from using Safari, and ultimately, away from using Apple products.

What is the solution? I’m not sure. An SSL failure is kind of an ultimatum. You’re served a compromised connection, and you can either take it or leave it. Neither option is good. More advanced users may know how to use an overseas VPN or something, but that’s likely out of reach for most people.


  1. A third reason this can happen is that internal corporate networks, due to arcane policies I won’t even attempt to explain, can sometimes have very complicated and unusual SSL setups that must be configured manually in the user’s web browser or OS. This is mostly not relevant here, because it does not generally apply to web sites on the public internet. ↩︎

  2. As we all know by now, in the US, we have the NSA snooping on everything they can. But, for better or for worse, the situation remains different here. The NSA are more sneaky about what they do. They are unlikely to attempt something as clumsy as an SSL MITM attack on a large scale, because this would be quickly noticed by security researchers and reported in the mass media. The same can’t be necessarily be said of China. There’s no doubt in my mind that the NSA do similar things, but they are more careful to try to remain undetected. ↩︎

  3. Yes, I am using a lot of weasel words, and I am doing this quite deliberately, to let you know that my information about what exactly is going on in China is not at all reliable or verified and could very well be entirely wrong. Perhaps it would be best for me to avoid writing about it entirely, but that is hard to do when it is so interesting to me. I strive to be accurate, but I also strive to let you know of cases when I’m not sure of my own accuracy. ↩︎

Thursday, October 9, 2014

Quip adds spreadsheets

Quip adds spreadsheets

I’ve been using Quip for a while and I can’t say enough good things about them. They are one of my all-time favourite apps on iOS1. Up to this point, they’ve focused on collaborative word processing, and their iOS app isn’t just a little better than Google Docs–it’s a million times better. They have a web app, too.

Now that they have spreadsheets, there is absolutely no reason for me to ever go back to Google Docs. Thank goodness.


  1. Note to self: I should write more about apps I love, such as AnyList↩︎
Thursday, October 9, 2014

Final, a modern credit card

Final, a modern credit card

Looks nice. I’m not so concerned about the one-time-use card number feature, although I can see how it would be useful. More important to me is that it’s made by people who seem to care about design and UI, which is more than you can say about most banks. If they can pull it off, I’ll very likely switch.

Reminds me a little of Simple, which I’ve been hesitant to try so far because it feels difficult to trust a random startup (which isn’t actually a bank) with one’s life savings. A credit card, though, seems like much less of a risk.

In common with Simple, however, I hate the name.

Wednesday, October 8, 2014

The Horror of a 'Secure Golden Key'

The Horror of a ‘Secure Golden Key’

Great layperson’s explanation of why the Washington Post’s proposal for Apple (and other device makers) to aid law enforcement’s access of people’s devices is unreasonable and dangerous.

Tuesday, June 3, 2014

DuckDuckGo announcement: Will be in iOS 8 and OS X 10.10

DuckDuckGo announcement: Will be in iOS 8 and OS X 10.10

I’ve been waiting for this for a long time.

2 of 47