I self-host a lot of the tools and services I use on a daily basis, meaning that rather than relying on iCloud or Dropbox or GitHub, I run a comparable (usually open-source) service on a server I control, either in the cloud or out of a server in my house. One thing that has been missing from that setup has been a tool to manage documents (receipts, tax forms, bank statements, etc). I recently stumbled onto Docspell and have been trying it out in that role for the last few days. The only problem is that it didn’t have an iOS app to use to upload receipts and documents to it. Rather than try to make an app myself, I saw that there was a simple HTTP POST API for uploading documents, which was compatible with the iOS Shortcuts app.

So I built a shortcut to do that. When you add it to your Shortcuts app on an iPhone or iPad, it’ll ask you a few questions, like what your upload API URL is and what kind of document it’ll prompt you for (e.g. if you wanted a shortcut specific to receipts). It’ll default to having the name “save to Docspell”, but you can change that to something else like “save a receipt”.

There are four main ways to use this:

1. You can tap it as a button from the Shortcuts app or widgets. It’ll ask you the name of the thing you want, and then prompt you to either select a file or capture some photos with the camera.
2. You can ask Siri to “save to Docspell” (or whatever you named it), and it’ll prompt you for those same things.
3. You can use the share button to save stuff from across your device. Attachments in mail, downloaded PDFs, screenshots, or really anything that could be treated as a file. In theory you can even share webpages to it and it should make an archive of the page (though my server times out when I try this).
4. You can use it as an export target for other workflows, meaning if you wanted to use a Shortcut to generate a PDF, you could then feed it into the Save to Docspell shortcut and upload it there.

When you run it without input (#1 and #2 above) it’ll ask whether you want to upload a file or take some photos with the camera. If you take multiple photos, it’ll stitch them into a PDF for upload. All photos will be converted to JPEG, even if your phone is set to save as HEIC by default, and the orientation will be fixed to make sure OCR works. If you select a file, you can use the phone’s file browser to pick one from your device, iCloud, or any storage providers (e.g. Nextcloud) that you might want to export from. And it’ll notify you when the upload is successful, using a message directly from the API, so it can’t fail silently unless there’s a problem on the server. You can also setup multiple copies of the workflow with different public API upload URLs and names, so if you wanted one for receipts and a different one bank statements.

This is a notice that I have created a new PGP key as of May 19, 2020. The old key was not compromised, but all future PGP usage should rely on the new key as of this date. The new key was created in a secure environment and is trustworthy in all places where the old key was trusted previously.

This project uses Swift 5’s new property wrappers to dynamically define and run GraphQL queries based on a SwiftUI view, similar to Relay on the web. The result: Instead of writing API connectors and view models and all that, you just say that you want a property to map to a GraphQL field, and the library builds a query for you.

I was a guest on The Icon Garden podcast today, talking about the newly announced SwiftUI, how it co-exists with other tools like React Native, and what it means for the future of native apps and cross-platform hybrid apps.

So Zoom runs a web server on your Mac (even after you uninstall the app), and that web server can launch Zoom calls via URLs, and those Zoom calls can default to having your camera open. Which apparently makes it very easy to embed something into a web page (or an ad) in an attempt to trick people into unwittingly opening a video chat.

Remote video exploits are one of the worst case scenarios of security vulnerability, and this is it. It looks like Zoom took over two months to start responding to it from the timeline, and if that’s true, it’s irresponsible security practice.

If you have Zoom installed on your Mac, check the “Patch Yourself” section of the article to block the functionality that allows this.

The New York Times has written a great dive into mobile apps that harvest data off your device, such as location data. Many of these companies feel entitled to harvest and store your data for things like location when you give consent for location access, and are in the business of selling that data to advertisers.

The book ‘1984,’ we’re kind of living it in a lot of ways.

Bill Kakis, a managing partner at Tell All

I’ve been removing a lot of the native apps I’ve relied on recently in favor of mobile web apps. I won’t let Facebook run code natively on any device I own, precisely because I know they go out of their way to capture every scrap of data they can. Running Instagram in a mobile web browser provides a much stronger sandbox, limiting the amount of data they can steal dramatically.

Apple and Google have largely destroyed any real marketplace for paid apps that don’t need to rely on selling data, and app review mechanisms have been unwilling or unable to protect customers from it. They deserve a huge share of blame for the status quo being what it is.

Owen Williams:

Microsoft, it seems, has removed all of the barriers to remaining in your ‘flow.’ Surface is designed to adapt to the mode you want to be in, and just let you do it well. Getting shit done doesn’t require switching device or changing mode, you can just pull off the keyboard, or grab your pen and the very same machine adapts to you.

It took years to get here, but Microsoft has nailed it. By comparison, the competition is flailing around arguing about whether or not touchscreens have a place on laptops. The answer? Just let people choose.

This coherency is what I had come to expect from Apple, but iPad and MacBook look messier than ever. Sure, you can get an iPad Pro and Apple Pencil, but you can’t use either of them in a meaningful way in tandem with your desktop workflow. It requires switching modes entirely, to a completely different operating system and interaction model, then back again.

The Surface lineup is super compelling now, and Windows continues to get better and better through minor feature updates every few months. Microsoft under its new CEO is cleaning up its act and actually conveying and executing a vision for how the personal computer fits into a modern lifestyle in 2018. At a time when Apple is struggling to remember that it’s creator audience exists, Microsoft is capitalizing on it and giving people what they want.

That said, it’s really silly that the Surface Studio 2, their iMac equivalent, is using a 7th generation CPU when Intel’s 8th generation has been out for months, and some of these are missing USB-C and Thunderbolt 3. There is definitely more work to do to bring these machines to peak performance.

I really wanted to like this show. I loved 24, and this seemed like it would embrace lots of the political intrigue elements that made 24 as captivating as it was. Ultimately, it failed to capture much of that.

Here’s hoping Netflix works some magic on it to give it a new shot at life.

Firefox is going to start being more aggressive about blocking slow and invasive trackers by default. This is a great move to speed up the web and make things more secure and private by default. And there’s a way to enable it today.

Long page load times are detrimental to every user’s experience on the web. For that reason, we’ve added a new feature in Firefox Nightly that blocks trackers that slow down page loads. We will be testing this feature using a shield study in September. If we find that our approach performs well, we will start blocking slow-loading trackers by default in Firefox 63.

In the physical world, users wouldn’t expect hundreds of vendors to follow them from store to store, spying on the products they look at or purchase. Users have the same expectations of privacy on the web, and yet in reality, they are tracked wherever they go. Most web browsers fail to help users get the level of privacy they expect and deserve.

In order to help give users the private web browsing experience they expect and deserve, Firefox will strip cookies and block storage access from third-party tracking content. We’ve already made this available for our Firefox Nightly users to try out, and will be running a shield study to test the experience with some of our beta users in September. We aim to bring this protection to all users in Firefox 65, and will continue to refine our approach to provide the strongest possible protection while preserving a smooth user experience.

Deceptive practices that invisibly collect identifiable user information or degrade user experience are becoming more common. For example, some trackers fingerprint users — a technique that allows them to invisibly identify users by their device properties, and which users are unable to control. Other sites have deployed cryptomining scripts that silently mine cryptocurrencies on the user’s device. Practices like these make the web a more hostile place to be. Future versions of Firefox will block these practices by default.

Firefox got really good last year and you should be using it.

This New York Times interview with Elon Musk is something. When Musk is spinning off companies like The Boring Company and selling crappy flamethrowers rather than salvaging Tesla’s Model 3 production woes, it says to me that he’s burnt out running these companies, and this interview pretty much confirms that.

I created an account on Mastodon.social, you can find me on @stevestreza@mastodon.social. If you’re into that sort of thing, you can follow me over there.

Eventually I hope to create an ActivityPub setup that can publish directly to my own site and the Mastodon network. But until then, this is good enough. Between Twitter’s ongoing moral cowardice and their ongoing hostility towards the developers that made them what they are, I can’t continue siloing my data there.

But Mastodon is so far revealing itself to be much more pleasant than Twitter, and it has some interesting forward-thinking decisions that I’ll talk more about later. In the meantime, go find me on there. You can sign up on the instance I use, Mastodon.social, or you can sign up at any number of other instances, such as those found on instances.social or joinmastodon.org. Even if you sign up on a different instance, just search for my handle @stevestreza@mastodon.social and it should work just fine.

Apple’s App Review has made another sweeping change that is disrupting the lives of developers yesterday, kicking out a bunch of apps without warning that are for gambling. Many of the apps involved have either nothing resembling gambling mechanics in them. And many of these are from small developers who effectively have no recourse.

It appears that this was a massive overreach that is actively getting walked back by Apple, but it still highlights the fact that Apple can and will terminate your business on a whim, without warning, based on whatever reason they like. And since you can’t bypass the App Store like you can on Android, if your business depends on this, you’re toast. Decisions like this are why I don’t make my own iOS apps anymore.

Apple’s official line:

In order to reduce fraudulent activity on the App Store and comply with government requests to address illegal online gambling activity, we are no longer allowing gambling apps submitted by individual developers. This includes both real money gambling apps as well as apps that simulate a gambling experience.

As a result, this app has been removed from the App Store. While you can no longer distribute gambling apps from this account, you may continue to submit and distribute other types of apps to the App Store.

They’ve pulled magazine app (since restored), a GIF search app (since restored), a YouTube search app (since restored), a YouTube player, a photography app, a Reddit client (since restored), and many others. It’s unclear if these were all automated, though in at least one case it appeared to involve a call to Apple developer support. There’s also an 11 year old blackjack game and a poker chips calculator app, which possibly could fall under some definition of “simulated gambling”, which is now apparently against the rules for some reason.

Since there is no oversight of App Review or the rulings it makes, there is no way to know the full extent of the bans, how many apps were affected, or what percentage of them are being reinstated. Still, it sounds like this was an error at least some of the apps are returning. I’m sure the developers could’ve done without the panic attack from an email suddenly stating that their apps were kicked off, though.

Meanwhile, Apple continues to allow and profit heavily from apps with actual gambling mechanics like loot boxes and gacha games that encourage people, including minors, to gamble.

AMD’s Threadripper CPU platform snuck up on everyone last year and revealed itself to be an incredible platform for high-end computing with chips going from 8 cores to 16 cores. Just one year later, they’re taking that platform all the way up to a mind-bending 32 CPU cores. It fits nicely between their mainstream Ryzen CPUs and their Epyc CPUs to take a prominent place for workstations used by professionals.

The new chips come in 12, 16, 24, and 32 core varieties, each with AMD’s take on hyperthreading that effectively doubles the thread count. And these chips are priced at $649, $899, $1299, and $1799 respectively. This puts each chip at roughly $54-$57 per core. Intel, by comparison, can’t come close to hitting those prices. Intel’s workstation CPU flagship, the 18-core i9-7980XE, costs $1879 while having 14 fewer cores. At every rung of the ladder, Skylake X costs significantly more per core. On the server side, it’s even worse. Xeons often cost several thousand dollars.

AMD is singlehandedly responsible for revitalizing the desktop CPU market, leaving Intel scrambling, and I’m really excited about the future. I’m strongly considering stepping up to the 2920X and its 12 cores and 64 PCIe lanes, and finally building Hackintosh support into my machine.

Apple’s quarterly results showed the Mac down 13% year-over-year. Everything was out of date; the new MacBook Pros didn’t ship until Q3 in July, so that certainly didn’t help. John Voorhees also has some handy charts over at MacStories.

I really hope Apple starts to get the Mac back in shape soon. They showed a relatively strong offering of Mac software at WWDC, probably the most exciting since the reveal of the trash can Mac Pro in 2013.

TypeScript (and its integration with Visual Studio Code) are doing amazing things for developer productivity and reliability with JavaScript. I originally used Flow for type-safe JavaScript, but I’m really seeing a lot more benefits from TypeScript, and have been making new projects (including this site) in it.

Also, it’s getting really popular.

I got a time of 26 minutes 21 seconds, with 73 deaths. I kicked a couple bucks to the developer. Check it out.

Of all the companies to acquire GitHub, Microsoft is probably the best. What was a critical piece of internet infrastructure held up under a venture capital model will now at least be sustained by one of the biggest tentpole companies in the software industry. They will presumably be able to bring some organizational support and work to shore up the sites notoriously rocky reliability. And a company like Microsoft will hopefully not be able to shrug off a sexual harassment claim the way GitHub did.

I don’t see this alleviating a major problem with software engineering culture, the over-reliance on GitHub as a centralized home of code. Git is distributed by nature and most of the value added by GitHub (PRs, issues, wikis, etc.) are found on competitive platforms like GitLab and Bitbucket. But many companies rely exclusively on GitHub, and many tools like Travis CI support GitHub exclusively. Competition makes everyone better, and Microsoft will probably use its existing platforms to further lock in developers and companies and reduce competition.

I personally use a self-hosted instance of GitLab on my VPS server (which is quite easy to install nowadays), which provides me with all the features I would want and an unlimited capacity of private repositories. I use it for continuous integration and continuous deployment with its built-in Docker image registry, and those images get deployed automatically to servers. I’m hoping to do a tutorial on setting that up.

Interesting timing with WWDC kicking off tomorrow, though.

I wrote a guest post for MacStories, covering the history of patent law surrounding patent trolls. While recent lawsuits from Lodsys and Kootol are causing panic and alarm from indie developers, it’s not like this threat is suddenly new. Patent lawsuits have always been on the table, but they were ignored by the majority of small companies. Now it’s clear that patent holders will pursue people who violate their patent. Whether ethical or not, they are legally required to defend their patents, and that means we will see more patent lawsuits pursued by trolls. Meanwhile, none of these small developers can afford to fight, so they settle, perpetuating the cycle.

Twitter recently introduced a feature on its website called “Who To Follow”. This feature presents you with a list of people you aren’t following already, but who are active in your social graph. However, I happen to be very proactive in finding new people to follow through a variety of means, and have no need for Twitter to point it out to me. I thought it was a bit obnoxious to see, especially considering both of my first recommendations were people I had blocked.

This Safari extension removes that box from the Twitter homepage, whether you have it turned on for you or not. It’s a simple CSS stylesheet that sets display:none on that box. You’ll never have to see it again.

You can download it here. I’m still a bit new at Safari extensions, but it should auto-update in the future if I ever release an update.

Update 9/18/2010: Follow Freely 1.1 has been released, with support for the new Twitter web client. It also fixes the issue where Safari would constantly say there was an update available.

Caboose is an app that loads notifications from the Boxcar service. It provides a reusable class for interacting with the Boxcar service for receiving push notifications. Currently it loads notifications for one account and dumps them to a Growl feed, but a full UI is planned.