There’s a Slightly Better Raspberry Pi 3 Available

The Raspberry Pi single-board computer has a slight update in the form of the Raspberry Pi Model 3 B+. It has the same processor, but this new + model is clocked 200 Mhz faster at 1.4 Ghz, unless it gets too warm in which case it’ll throttle back down to regular Model 3 speeds of 1.2 Ghz. The wireless networking is improved, as well as the wired ethernet which is supposed to be 2-3 times as fast as the old 3. This model also has a new add-on board in the pipeline for power-over-ethernet. It’s still $35, just like the old Model 3, which is being sold at the same price, so if you’re buying one, make sure to get the B+.

The official Raspberry Pi blog has some charts and graphs with more details on the 3 B+.

The HomePod Situation

Apple’s competitor to other standalone high-end speakers came out on Friday. It’s the HomePod. Apple boasts about its higher quality sound that adapt to the room you are in, reviewers agree.

Nilay Patel wrote this in his review:

All of this means the HomePod sounds noticeably richer and fuller than almost every other speaker we’ve tested. You get a surprisingly impressive amount of bass out of it, but you can still hear all of the details in the midrange and the bass never overwhelms the music. And it’s immediately, obviously noticeable: set in a corner of my kitchen, the HomePod sounded so much better than everything else that our video director Phil Esposito went from thinking the whole thing was kind of dumb to actively pointing out that other speakers sounded bad in comparison.

Compared to the HomePod, the Sonos One sounds a little empty and the Google Home Max is a bass-heavy mess — even though Google also does real-time room tuning. The Echo and smaller Google Home aren’t even in the same league. The only comparable speaker that came close in my testing was the Sonos Play:5, which could match the detail and power of the HomePod in some rooms when tuned with Sonos’ TruePlay system. But it also costs more, is larger, and doesn’t have any smart features at all.

The Apple engineers I talked to were very proud of how the HomePod sounds, and for good reason: Apple’s audio engineering team did something really clever and new with the HomePod, and it really works. I’m not sure there’s anything out there that sounds better for the price, or even several times the price.

What most reviewers also say is that Siri isn’t as hot as the virtual assistant competition in “OK, Google” and Amazon’s Alexa.

Joanna Stern for the WSJ:

Stumping Siri wasn’t as easy as it has been—it knew state capitals, kitchen measurements and the year “Friends” premiered. But Alexa and Google Assistant not only knew more answers, they could better parse my questions. When I asked, “Who is the prime minister of England?” they both correctly named Theresa May. On the HomePod, Siri only knew the answer when I asked, more appropriately, “Who is the prime minister of Great Britain?”

There are other problems I won’t shut up about: Many people will put a HomePod in the kitchen, yet it can’t set two simultaneous cooking timers. It can’t wake me up to “Wake Me Up Before You Go-Go,” either. Echo and Google Home can do both. Apple says it is improving Siri all the time.

Of course the “Who is the prime minister of England?” question no-longer stumps Siri, Apple read that review and fixed the glitch, but they’d do that for whatever trivia a reviewer points out. More fundamental issues like the one with multiple timers have been a thorn in the side of anyone who uses iOS’ built-in timer for the past decade, and every Homepod reviewer seems to have taken the time to (rightly) dig into Apple on it.

Siri on the HomePod also fails at understanding multiple users. This is a real issue because it won’t lock other people out of your messages and other personalized features. So, unless you live alone and never have guests, it would never make sense to turn on the personalized features option in the HomePod’s settings.

The other downside is that the device only works out of the box with Apple Music and other music in Apple’s ecosystem through iTunes Match or purchased in iTunes.

I wish that there were a cheaper HomePod Jr. that was cheaper than $350, and that Siri had worked better on the device today. It will get better over time, and I know that for many people that want a smart speaker they’re going to choose the Amazon or Google options, but I wouldn’t ever buy a box running Amazon or Google’s assistants for one reason: Trust.

Google is an advertising publisher, they are fantastic at search, but that’s how they make their money. So, their assistant-in-a-box is not something I would ever trust to keep in my home. I don’t even use their browser, Chrome.

Amazon is a weird business that wants to put something in your home so that you will buy things through it and it can learn more about you to sell you more things. Amazon is more focused on being user-friendly than Google, but the ultimate goal is still so that you’ll be used to ordering paper towels or whatever through their assistant. They also have abhorrent labor practices.

Kelly Weill for the Daily Beast:

In 2015, Ohio gave Amazon more than $17 million in tax breaks to open its first two distribution centers in the state. The handout was heralded as a job-creator.

By August 2017, more than one in ten of those new Ohio Amazon employees or their family members received government food assistance, state data show.

Spencer Soper at The Morning Call reporting on conditions inside an Amazon warehouse back in 2011:

Workers said they were forced to endure brutal heat inside the sprawling warehouse and were pushed to work at a pace many could not sustain. Employees were frequently reprimanded regarding their productivity and threatened with termination, workers said. The consequences of not meeting work expectations were regularly on display, as employees lost their jobs and got escorted out of the warehouse. Such sights encouraged some workers to conceal pain and push through injury lest they get fired as well, workers said.

During summer heat waves, Amazon arranged to have paramedics parked in ambulances outside, ready to treat any workers who dehydrated or suffered other forms of heat stress. Those who couldn’t quickly cool off and return to work were sent home or taken out in stretchers and wheelchairs and transported to area hospitals. And new applicants were ready to begin work at any time.

An emergency room doctor in June called federal regulators to report an “unsafe environment” after he treated several Amazon warehouse workers for heat-related problems. The doctor’s report was echoed by warehouse workers who also complained to regulators, including a security guard who reported seeing pregnant employees suffering in the heat.

Apple, in theory, wants to sell you a good product that does a thing that you will hopefully find delightful. I believe that their engineers take privacy seriously, and genuinely try to treat their workers well even though the executives fuck up like clockwork, I haven’t seen anything as galling as what happens with Amazon and Google.

The Apple engineers, at least, try to do as much as possible with processing our data on our devices instead of shipping your data off to their server farms to analyze it. Siri does require shipping your voice data off, but I would bet $100 that some of Siri’s limitations are down to the security restrictions Apple has in-place to protect our privacy.

It’s wrong to personify any company, but this is the only company I would trust to have a microphone in my home all day. I also like Apple Music, I’ve been using it daily since 2015 and I still love it.

That’s why I’d be good with trusting the HomePod with what it offers today, and would recommend it to someone who wants to listen to music, podcasts, or other audio sent over Apple’s AirPlay to the dingus. I just have no idea where it would even fit into my life.

I use a cheap bluetooth speaker in the bathroom to listen to music and the news while I take a shower or give my kid a bath. I bring an even cheaper bluetooth speaker with us to the playground so that we can listen to music and baseball games. The HomePod can’t replace the bluetooth speaker in either of those scenarios.

When I want to listen to music in my house I can turn on the Apple TV box, TV, and audio/video receiver with one tap of the remote. The speakers inside the HomePod sound great, but they aren’t going to beat a real stereo set. The HomePod doesn’t have a physical line-in, so it can’t replace my AVR and speakers.

So, I don’t really know where the HomePod is supposed to fit in, for me and my family. It’s not a soundbar, it’s only a bluetooth speaker replacement when you don’t need portability, and obviously don’t need it to work with non-Apple devices since the HomePod only supports Apple’s AirPlay. Maybe if you live an extremely minimal life it’d fit in for you. What a strange device.

Apple’s Ongoing Laptop Nightmare

A MacRumors forum member, project_2501, has posted this extensive log (via Nick Heer) of his attempt to work with Apple’s support to get a refund for one of the latest MacBook Pro’s after his couldn’t play video at 4K without overheating. Of course that overheating also caused other issues, like the glue holding the glass onto the screen peeling off. It’s an eye-watering account, I really recommend reading the whole post.

One of the reasons I’ve chosen, and recommended, Apple hardware in the past has been the often incredible customer support.

When the hardware fails, rarely, they’ve stood by it and repaired it or replaced it with the latest version in case it was a design flaw.

Their latest laptops seem to be incredibly poorly designed. So many people have written about the keyboards failing due to (what should be) insignificant specks of dust permanently interrupting keys.

Casey Johnston wrote this article for The Outline last year. Headline: The New MacBook Keyboard is Ruining My Life.

Perhaps it’s true that less dirt gets under butterfly switched-keys. But therein lies the problem — when dirt does get in, it cannot get out. A piece of dust is capable of rendering a butterfly switch nonfunctional. The key won’t click, and it won’t register whatever command it’s supposed to be typing. It’s effectively dead until someone can either shake loose the debris trapped under it or blow at the upside-down keyboard Nintendo-cartridge style. Meanwhile, Apple quietly put up a page with instructions expressly to try and help people with dead butterfly switch keys.

Having worked in a computer repair center in the past five years, I’m not likely to recommend Windows laptops, they’re cheap (or sometimes expensive) shit.

My current laptop is a late-2013 MacBook Pro that was Apple Support’s replacement for a 2011 model that had repeated issues with the GPU. This 2013 model has had issues, the rubber grommet around the screen has been slowly falling apart while the screen flickers at the login screen and takes forever to wake up with the machine after it’s been sleeping. This all started happening after their last repair on it, and their support surprised me by refusing to fix the issues caused by their repair. Instead offering a $700+ repair option. I’m holding onto it until it falls apart.

I hope that Apple can get their shit together. project_2501 ended up buying one of the 2015 models that Apple still sells for some odd reason, perhaps because the current models aren’t working out so well.

Bruce Dawson’s Xbox 360 Prefetch Bug

Bruce Dawson once worked for Microsoft where he found a bug in the Xbox 360 that he was reminded of by the Spectre and Meltdown exploits:

A game developer who was using this function reported weird crashes – heap corruption crashes, but the heap structures in the memory dumps looked normal. After staring at the crash dumps for awhile I realized what a mistake I had made.

Keep reading.

Meltdown & Spectre: Update Everything

There are two big computer vulnerabilities that were announced recently, Spectre and Meltdown attacks. These are significant because they affect almost every desktop, laptop, smartphone, tablet, and game console. Almost anything with a processor can be exploited to give attackers passwords and whatever other private information is on a device.

The attacks work because of the way that computer processors attempt to speculatively work ahead of their current point in executing a computer program. My understanding is that even code executed in your web browser could execute these attacks.

There are already patches available through Apple operating systems, Microsoft’s Windows, some Android devices, and many Linux operating systems.

The workarounds that operating systems are implementing may slow these devices down because the attacks utilize performance features of the processors, but the performance effects of the mitigation might not be noticeable outside of specific workloads.

Bruce Schneier:

These aren’t normal software vulnerabilities, where a patch fixes the problem and everyone can move on. These vulnerabilities are in the fundamentals of how the microprocessor operates.

It shouldn’t be surprising that microprocessor designers have been building insecure hardware for 20 years. What’s surprising is that it took 20 years to discover it. In their rush to make computers faster, they weren’t thinking about security. They didn’t have the expertise to find these vulnerabilities. And those who did were too busy finding normal software vulnerabilities to examine microprocessors. Security researchers are starting to look more closely at these systems, so expect to hear about more vulnerabilities along these lines.

The 2017 iMac Pro

Lost during my recent travel was Apple’s release of the iMac Pro, the “pro” version of the iMac that was announced at WWDC. The iMac Pro gets you higher performance and what may be many features of the promised-but-yet-to-be-updated-since-2013 Mac Pro, but with a glued-on high-resolution (5120×2880 P3 color gamut) screen and absolutely zero upgradability of internal components.

For an iPad or iPhone, that’s fine, glue whatever you need together to make the device as thin and light as it can get. It’d be great if you could upgrade the storage in those, and if sometimes they would optimize for battery life over thinness, but here we are looking at a different beast. Despite the Xeon-based workstation hardware you get inside an iMac Pro, with modern desktops you really must be able to, at a minimum, upgrade the graphics processor in order to maintain performance for the lifespan of these devices

I don’t doubt that there are some people or businesses that would appreciate this design of high-performance in a completely sealed design computer, but I find some serious flaws in one of Apple’s proposed use-cases: the idea that this is for virtual reality developers.

Why would anyone deploy a VR app on a platform where the $5,000 iMac Pro is the only device that can support the final product? Sure you could do your work on the iMac Pro and cross-compile for Windows, but that seems like a bad idea if your main development computer isn’t also a device you can test for your primary distribution platform. This is the worst example of the inaccessibility of virtual reality today. Here’s a $5,000 computer and then you have to buy a $600 VR HMD to get started with using or playing VR. When a future VR headset is released any iMac Pro VR developers and users will either have to buy an external GPU or replace the entire computer. Anyone on a desktop tower using Windows can just upgrade their graphics card.

Of course if you’re working in video or audio production, or another field that requires high-end computation, this could be a good workstation for that. However, you have to also believe that Apple will continue to support the “pro” desktop platform that they have neglected for almost a decade with infrequent (Mac Pro) or half-assed (Mac Mini) updates.

This computer has so many caveats and despite the fact that the starting price is actually competitive with other similarly outfitted workstation computers that price is chief among the reasons why I don’t find it very appealing. Maybe the Mac Pro will actually ship next year and be truly modular to replace the Mac Mini as well as the 2013 “trash can” Mac Pro. 

I still dream of a modular desktop Mac that can do all these things and span a wider range of prices to include regular desktop parts (and prices) in addition to scaling up to workstation performance and price, without the glued-on screen. It’ll never happen, and that’s why even though I’m still writing this on my late 2013 MacBook Pro, I built a Windows desktop machine last year.

Your Portable Denial-of-Service Launcher

Garrett M. Graff has this article for Wired about the Mirai botnet denial-of-service attack, saying that it was powered by angry Minecraft server operators and players:

As the 2016 US presidential election drew near, fears began to mount that the so-called Mirai botnet might be the work of a nation-state practicing for an attack that would cripple the country as voters went to the polls. The truth, as made clear in that Alaskan courtroom Friday—and unsealed by the Justice Department on Wednesday—was even stranger: The brains behind Mirai were a 21-year-old Rutgers college student from suburban New Jersey and his two college-age friends from outside Pittsburgh and New Orleans. All three—Paras Jha, Josiah White, and Dalton Norman, respectively—admitted their role in creating and launching Mirai into the world.

Originally, prosecutors say, the defendants hadn’t intended to bring down the internet—they had been trying to gain an advantage in the computer game Minecraft.

[…]

VDOS was an advanced botnet: a network of malware-infected, zombie devices that its masters could commandeer to execute DDoS attacks at will. And the teens were using it to run a lucrative version of a then-common scheme in the online gaming world—a so-called booter service, geared toward helping individual gamers attack an opponent while fighting head-to-head, knocking them offline to defeat them. Its tens of thousands of customers could pay small amounts, like $5 to $50, to rent small-scale denial-of-service attacks via an easy-to-use web interface.

A similar service was used to attack the ioquake3 master server in the past. It was surprisingly easy for it to be launched on an ongoing basis.

Update to iOS 11.2 Immediately, Apple’s Bad Bug Week Got Worse

Apple has another serious software flaw, this one isn’t a security vulnerability but it causes some iOS devices (iPhones, iPads) with third-party apps installed that use local notifications to get stuck in a reboot loop on December 2nd. iOS 11.2 is out now and resolves the issue along with adding other features like Apple Pay Cash to send money to your friends and family, and resolves other issues. If you’re already experiencing the reboot loop then Apple has some steps for you to do before updating.

Other workarounds include setting your time back by a day or disabling notifications for the apps that cause it, but it’s better to just update.

Some people have an idea that staying on an older version of the software is more stable or more secure, this is always a bad idea in our day of networked devices that are constantly under attack from governments and other bad actors.

It must really be crappy to be on the teams responsible for these issues this week but it’s difficult to blame anyone specifically for them. With the root exploit it looks like a reasonable mistake that could happen to anyone. We don’t have all the details of the December 2nd bug yet, but both of these issues require an extremely specific set of things to go wrong before they happen. I have no doubt that Apple’s QA processes will change to include testing for these kinds of issues, but there isn’t any perfect software. What they have done well is the delivery mechanism for getting those updates out to users.

When Android has issues like these they are difficult to resolve because so many different companies have to get involved in order for updates to get released to end-users. I don’t envy anyone trying to resolve that issue at Google.

 

Apple Has a Patch out for the macOS Root Access Security Vulnerability

Go to the Updates tab in the Mac App Store to apply it now, you won’t even need to reboot. Apple has more details about the update at this link.

Here’s the post from yesterday with the details of the vulnerability.

Update:
If you have any trouble with file sharing after applying this security patch Apple has another fix for that, oops.

The macOS Root Access Security Vulnerability

There’s a vulnerability in the latest version of macOS High Sierra (10.13.1) that may let anyone with physical access to a Mac log in and gain system administrator (root) access. Or, if they already have an account, upgrade their access to the system administrator (root) level.

You can work around the issue by setting a root password as described in this support document from Apple. They’re working on fixing it.

The vulnerability works like this:

  1. At any login or a privilege escalation dialog a user types in the username root
  2. The user hits the login button or enter a few times in quick succession
  3. The system enables the root user account and assigns it no password.

This is incredibly bad for Apple to have a vulnerability this easy to exploit, and it’s ridiculous that it was also apparently publicly available on Apple’s developer forums weeks ago.