Oh. My. God.
Alan, what have you done?!
Burnt to the core, but not broken…
iOS developer. Views expressed are mine alone.
iOS 26 (and OSes 26 in general) add an OS-facilitated way to securely migrate your passkeys, passwords, and other data saved in one password manager app to another. The details here are super interesting and are covered in the WWDC25 video “What's new in passkeys” (https://developer.apple.com/videos/play/wwdc2025/279). The rest of this post includes a summary of part of that video and other publicly-available information. (I am not breaking any kind of news here.)
- Data is sent from one app to the other without exporting any kind of file to a filesystem. This means it can’t accidentally be accidentally uploaded to an attacker attempting to compromise one or all of your accounts.
- There’s an OS API that password manager apps call to export their data. Then, securely and out-of-process, users select which app to send the data to. They are reminded of the scope of the data, and authentication with local biometrics or their passcode to confirm sending the data.
- The destination app is not revealed to the source app.
- Remember that crappy unstandardized CSV format for migrating passwords between password managers? It’s going to be a thing of the past, because…
- The data sendable via the API is explicitly based on the “Credential Exchange Format” (https://fidoalliance.org/specifications-credential-exchange-specifications/) standard. This standard is being developed in the FIDO Alliance, the standards body working on passkeys, but the spec covers far more than passwords and passkeys. In fact, it was co-developed by 1Password, Dashlane, and others. There’s a collection of Swift structs in the SDK implementing the standard, with as few modifications as possible.
- The data format part of the API is versioned so it can evolve as the Credential Exchange Format does.
I know it’s taken some time for this to come to fruition, but I hope that delivering a phishing-resistant credential migration process based on open standards (with a credential format standardized for the first time!) makes up for the delay. As I have said since day 1, your passkey data is yours. Passkeys are not a form of “vendor lock-in”.
Yes, there is a German word for how you feel.
A #California #farmworker died on Friday from injuries sustained a day earlier when #US #immigration agents raided a cannabis operation & arrested hundreds of workers, according to a farmworker advocacy group.
Dozens of #ImmigrantRights activists faced off w/ #federal agents in rural Southern California on Thursday. It was the latest escalation of #Trump's campaign for #MassDeportations of immigrants in the US.
#law #HumanRights #ICE #Gestapo #PoliceBrutality
https://www.reuters.com/legal/government/one-california-worker-dead-hundreds-arrested-after-cannabis-farm-raid-2025-07-11/
Just remember, a few years from now, that anyone who joined ICE in 2025 knew what the fuck they were signing up to do.
I wish more people understood the distinction between being good and being nice.
UFW says a farm worker has died of injuries sustained as a result of yesterday’s immigration enforcement action in Ventura County, California.
If you know folks in California who are represented by republicans, encourage them to call their reps and demand ICE stop
No more deaths.
No more disappearing.
We're not repeating the last 406 years of mistakes.
Here's the republican reps:
LaMalfa
Kiley
McClintock
Fong
Valadao
Obernolte
Kim
Calvert
Issa
Capitol switchboard
202-224-3121 (voice) or
202-224-3091 (TTY)
#USpol #ICE #activism #California
From: @inquiline
https://assemblag.es/@inquiline/114836526180390351
I submitted a bug to Apple for macOS Music. The way my little music widget apps work is by using NSDistributedNotificationCenter.
Whenever you’d play/pause/stop or change tracks in Music, it would fire a notification which my app would then pick up with all sorts of metadata like track info and player state.
They’ve cut down on the information provided so much my apps are now broken. If they can’t/won’t fix, that is it for them; they’d have to go. ☹️
FB18717349
Meet our new backend developer.
Oh wow, I love that!
The Apple Lisa GUI in your Browser.
Try it here:
Absolutely awesome!
#MustSee: A powerful frontline documentary and work of resistance art created inside the war-torn city of Kherson. It exposes one of the most horrifying aspects of Russia’s invasion: systematic drone attacks on civilians—what witnesses describe as a “human safari.”
Liquid Glass doesn't seem to want circular buttons. The default `.glassProminent` button style adds an extra 5pt of horizontal padding compared to its vertical padding.
You can set the `buttonBorderShape` to be a `.circle` which will make it visually render as a circle, but when tapped get a oval shaped highlight.
Not really sure if this is a bug, working as designed or something in the middle. Best I've found for when I want a circular button is to apply `.padding(.horizontal, -5)`🤷🏻♂️
@bigzaphod @Iconfactory I don’t know what to say except that several years ago I paid Iconfactory to design an icon for my app and, while it felt expensive at the time, the design process was great and I was incredibly happy with the result. Money well spent.
I’ve been a huge Iconfactory fan since the 90s. I hope to remain so for a long time to come. ❤️
Mastodon 4.4, now available, has a small setting that’s a big deal. See Administration/Server Settings/Discovery, “Allow external sites to see your Mastodon server as a traffic source”.
It means that every time you post a link to a site, that site is going to see as many hits as the number of instances that you have followers on, and those hits are going to be labeled as coming from Mastodon.
This is going to seriously increase Fediverse visibility. Get your instance admin to turn it on!
So Bluesky is about to require people to verify their age, which means sharing their real identity. I’ve no problem with people knowing my identity but then I’m not trying to hide from abusers. Or explore my gender. Or be a whistleblower. Or protest without getting arrested. Or or or… there are so many reasons people need anonymity.
Despite being myself online I am not keen to show Bluesky my scanned face or my bank card. So I guess I won’t be sticking around there.
I gave my advice before I left, which was “Switch to Mastodon, nobody there cares who you are, as long as you’re funny.”
Why do iOS people in particular tend to fight the frameworks and reinvent or abstract what you already get for free instead of working within them?
EFF is 35! 🎉
We've spent three+ decades defending your rights online—and we're not slowing down: https://eff.org/35years