Fatbobman's Swift Weekly #054
Security, Convenience, and Privacy
Weekly Comment
Security, Convenience, and Privacy
In the digital age, security, convenience, and privacy remain perpetual challenges. According to a recent report from The Register, Apple has proposed a significant change to SSL/TLS certificate lifespans, planning to reduce them from the current 398 days to 200 days in 2025, 100 days in 2026, and ultimately to just 45 days by 2027.
While this proposal is unlikely to pass the vote in the CA/B Forum, tech giants including Apple and Google will likely proceed with this policy anyway. Indeed, strengthening internet security is an inevitable trend, but the additional workload of frequent certificate updates will undoubtedly pose new challenges for many developers and IT operators.
Today, everyone is forced to master an increasing number of passwords and install various authentication applications. Taking my personal experience as an example, in recent months, my Microsoft account has faced login attempts almost daily. Fortunately, with two-factor authentication enabled, my account security is reliably protected. However, the frequent authentication notifications on my phone and watch have indeed caused some annoyance.
As a long-time Safari user, my preference for it largely stems from its seamless integration with Apple's Keychain (now renamed to "Passwords"). Additionally, Apple's anonymous account feature allows me to enjoy a convenient login experience while protecting my privacy when registering for various services.
Biometric authentication technology has undoubtedly provided users with a more relaxed verification method, but unfortunately, many service providers and hardware manufacturers have yet to gain users' full trust.
Whenever I look at the various authentication apps on my phone, I can't help but feel a hint of worry. We will eventually enter old age, and our memory and management capabilities will gradually decline. Will we then transform from active participants in the digital world to mere observers left behind by the times? Imagine when we reach our twilight years, we might gradually lose connection with this digital world because we can't remember complex passwords, struggle with multi-factor authentication procedures, or even have difficulty reading verification codes.
I sincerely hope this situation can be improved, and we can build a unified digital living environment that ensures privacy while maintaining security and convenience.
If you had to make a trade-off between security, convenience, and privacy, which one would you choose to sacrifice?
Previous Issue|Newsletter Archive
If you appreciate my work and want to promote your product to the Swift and iOS developer community, sponsoring my platform could be an excellent opportunity for you.
Your support through Patreon, or Buy Me a Coffee helps keep this newsletter and blog running. Thank you for finding this content helpful!
Originals
Reinventing Core Data Development with SwiftData Principles
In modern application development, an efficient persistence framework is crucial. The emergence of SwiftData once caught the eyes of many Core Data developers, who anticipated the advent of a new era integrating modern programming concepts. This article will explore how to apply SwiftData’s way of thinking within Core Data, focusing on data modeling and concurrent programming.
Recent Selections
Copy On Write and the Swift-CowBox Macro
Copy On Write (COW) is a technique that optimizes memory usage by delaying the duplication of data until it is modified. If the data remains unchanged, it shares references, thereby improving performance and reducing memory consumption. Swift heavily relies on value types, and COW becomes a crucial mechanism for enhancing efficiency. Natan Rolnik explains the principles of COW in detail and introduces the Swift-CowBox macro, developed by Rick Van Voorden, which simplifies the implementation of COW for custom types, reducing the need to write repetitive code.
So how does this whole @preconcurrency thing work?
Many developers encountered challenges adapting their existing code to the new concurrency requirements in Swift 6. The @preconcurrency attribute offers a powerful tool for simplifying concurrent code and improving API compatibility. In this article, Matt Massicotte thoroughly explores the three main use cases of @preconcurrency and its practical applications. Massicotte warns that while the attribute is effective in handling protocol isolation, legacy API compatibility, and cross-module imports, developers must use it cautiously to avoid hiding design flaws that could lead to complex debugging in the future.
Visualizing SwiftUI Animations
SwiftUI provides two primary animation models: UnitCurve and Spring. UnitCurve animations are based on curves between points (0,0) and (1,1), allowing developers to adjust animation speed with styles such as linear and ease. The Spring model simulates natural motion using parameters like mass, stiffness, and damping to achieve more realistic effects. よぺ offers an in-depth analysis of these models, accompanied by code examples and visual demonstrations. The author emphasizes that when aiming for natural motion, Spring animations outperform traditional linear and ease types and are recommended for use.
Exploring Cursor
Cursor, an AI-powered code editor, quickly gained popularity among developers. With the help of plugins and third-party libraries, developers in the Apple ecosystem can now use Cursor to build iOS projects and enjoy the benefits of AI-enhanced development. In his series of articles, Rudrank Riyam offers practical insights into using Cursor to optimize workflows, along with setup guides and time management techniques. These strategies help developers reduce context switching and enhance productivity.
Beware UserDefaults: a tale of hard to find bugs, and lost data
UserDefaults offers a simple, thread-safe API for persisting and serializing non-sensitive, lightweight data, making it widely used. However, Christian Selig warns developers through personal experiences that improper use of UserDefaults can lead to severe bugs and data loss. Selig explains that with the evolution of iOS features like prewarming and Live Activities, the behavior of UserDefaults has become more complex and unpredictable. Developers must understand its risks and carefully choose appropriate storage solutions to minimize errors and prevent data loss.
肘子的话
安全、便利与隐私
在数字浪潮的冲击下,安全、便利与隐私始终是一个永恒的命题。据 The Register 报道,苹果最新提案建议大幅缩短 SSL/TLS 证书的有效期:从现行的 398 天开始,预计 2025 年缩短至 200 天,2026 年减至 100 天,到 2027 年最终定为 45 天。
虽然该提案在 CA/B 论坛的投票中获得通过的可能性不大,但包括苹果、谷歌在内的科技巨头们很可能会坚持推进这一政策。诚然,加强互联网安全性是大势所趋,但频繁更新证书带来的额外工作负担,无疑会给许多开发者和运维人员带来新的挑战。
如今,每个人都在被迫掌握越来越多的密码,安装各式各样的验证应用。就拿我的个人经历来说,近几个月来,我的微软账户几乎每天都会遭遇登录尝试。幸运的是,由于启用了双重认证机制,账户安全得到了可靠保障。不过,手机和手表频繁弹出的认证提示,也确实带来了些许困扰。
作为一个长期的 Safari 用户,我对它的偏爱很大程度上源于其与苹果钥匙串(现已更名为"密码")的无缝集成。此外,苹果提供的匿名账户功能也让我在注册各类服务时,能够在保护隐私的同时,享受到便捷的登录体验。
生物识别技术无疑为用户带来了较为轻松的验证方式,但遗憾的是,许多服务商和硬件制造商还未能赢得用户的充分信任。
每当我看着手机中各式验证应用,内心不免升起一丝忧虑。我们终将步入老年,记忆力和管理能力也将日渐衰退。那时的我们,会不会从数字世界的积极参与者,沦为被时代抛在身后的观望者?设想一下,当我们步入暮年,可能会因为记不住复杂的密码、难以操作多重认证程序、甚至看不清验证码,而逐渐与这个数字世界失去联系。
我衷心期待这种情况能得到改善,能够构建一个既保障隐私,又兼具安全性和便利性的统一数字生活环境。
如果必须在安全、便利与隐私这三者之间做出取舍,你会选择牺牲哪一项?
如果您发现这份周报或我的博客对您有所帮助,可以考虑通过 爱发电,Buy Me a Coffee 支持我的创作。
原创
以 SwiftData 之道,重塑 Core Data 开发
在现代应用开发中,高效的持久化框架至关重要。SwiftData 的出现,曾让众多 Core Data 开发者眼前一亮,大家期待着一个融合现代编程理念的新时代到来。本篇文章将探讨如何在 Core Data 中应用 SwiftData 的思维方式,重点关注数据建模和并发编程。
近期推荐
写时复制及 Swift-CowBox 宏 (Copy On Write and the Swift-CowBox Macro)
写时复制(Copy On Write, COW)是一种通过延迟复制来优化内存使用的技术:只有在修改内容时才进行数据复制,未修改时则共享引用,从而提升性能和减少内存占用。Swift 广泛使用值类型,在此过程中 COW 成为提高效率的关键机制。Natan Rolnik 详细解析了 COW 的原理,并介绍了 Rick Van Voorden 开发的 Swift-CowBox 宏,该宏简化了为自定义类型实现 COW 的过程,减少了重复代码的编写负担。
Swift 的 @preconcurrency 属性解析 (So how does this whole @preconcurrency thing work?)
许多开发者在转向 Swift 6 后发现现有代码难以满足新编译器的并发要求。这时,@preconcurrency 成为一种简化并发代码、提升 API 兼容性的有力工具。Matt Massicotte 在本文中深入解析了 @preconcurrency 的三大主要用途及其在实际开发中的应用场景。Massicotte 强调,尽管该工具在处理协议隔离、旧 API 兼容性以及跨模块导入等方面非常有效,但开发者需谨慎使用,以免掩盖潜在的设计缺陷,使问题在后期更难排查和修复。
SwiftUI 动画的图解说明
SwiftUI 的动画曲线主要分为两大模型:UnitCurve 和 Spring。UnitCurve 基于 (0,0) 和 (1,1) 两点之间的曲线,通过控制曲线形状来调节动画速度,如 linear 和 ease 系列动画。Spring 则模拟弹簧的运动,使用质量、刚度和阻尼等参数实现更自然的动态效果。よぺ 详细解析了这两种动画模型的原理与实现,并通过代码和动图展示了如何灵活运用它们。作者强调,在需要模拟自然运动时,Spring 模型优于传统的 linear 和 ease 系列动画,建议开发者优先使用。
探索 Cursor (Exploring Cursor)
作为一款以 AI 辅助为核心特色的代码编辑器,Cursor 自发布以来迅速吸引了大量开发者的关注。借助插件和第三方库,苹果生态的开发者如今也可以使用 Cursor 构建包括 iOS 项目在内的应用,并体验 AI 带来的高效开发体验。Rudrank Riyam 在其系列文章中详细介绍了如何使用 Cursor 优化开发工作流,提供了实用的设置指南和时间管理等技巧,帮助开发者减少上下文切换,提高工作效率。
谨防 UserDefaults:隐藏错误与数据丢失的故事 (Beware UserDefaults: a tale of hard to find bugs, and lost data)
UserDefaults 提供了简单且线程安全的 API,支持数据的持久化和序列化,因此被广泛用于存储非敏感和非大量数据。然而,Christian Selig 在本文中通过亲身经历警告开发者:尽管 UserDefaults 有诸多优势,但如使用不当可能引发严重的错误和数据丢失。Selig 指出,随着 iOS 系统的不断演进(如预热机制和 Live Activities 的引入),UserDefaults 的行为变得越来越复杂且难以预测。因此,开发者应深入了解其潜在风险,以减少错误并避免数据丢失。