Author: Steven Fisher

My first Macintosh was a Centris 610, which you’ve probably never heard of. The line survived less than a year, though it introduced the case that would later be used in the Quadra 610 and Power Mac 6100. It was a pretty good Mac. The power button eventually fell off, but it was repaired with glue.

I bought a Mac Studio this weekend. As I purchased it, I stopped the Genius to check the specs on the box before realizing there was no way I’d be getting less than the computer I wanted. I was getting the base model.

The OS seems to basically live in the Efficiency cores, with the occasional 75% burst on the first two Performance cores. There are six more Performance cores all but untouched. Of course, when I build code there’s a more sustained usage of additional cores. I could see a Mac Studio with an M1 Ultra being useful for that, but this one better fit my budget.

I needed a monitor for my PC laptop this year. At a coworker’s suggestion, I got a 43″ 4K TV instead. The results were a little mixed, as I couldn’t get the PC to drive it a more than 30Hz. I had the same problem with my M1 MacBook Air. The Mac Studio can not only run this at 60Hz over HDMI, but it can also run four 6K displays over USB-C. Getting a new monitor is out of my budget for now, but I plugged in my 27″ Thunderbolt Display via a Thunderbolt 2 Adapter and was able to extend the desktop to it, too.

The biggest flaw is the front ports. It has two USB-C ports and a SDXC slot on the front. USB-A and the headphone jack are only available on the back. I just don’t understand why Apple can’t put headphone ports on the front of their computers where they’d be actually useful.

Overall, I’m pretty impressed. Technology is always marching on, but this seems a huge leap over even last year’s M1 MacBook Air.

There’s no doubt that 2020 has brought a lot of “worst things.” But I think one of the worst things from the perspective of human nature has been how well QAnon conspiracy theories have caught on.

Cosmopolitan has a fascinating profile on how “wellness influencers” were caught up in the Trump conspiracy theories:

An extensive list would be pretty difficult, but I wanted to build a list of a typical processor every few years. This gets more difficult in later years as more variations of processors exist and companies stopped giving them clear names. You can find a more complete list at Transistor Count on Wikipedia.

I’m not trying to compare how “good” these numbers are, only showing a progression. I think it’s also important to note that a lot of those transistors are not added complexity but cache, so the progression isn’t necessarily what you think. But it does show increased complexity and the ability to fit more into less space.

Year	CPU	Transistor Count
1975	MOS Technology 6502	4,528
1978	Intel 8086	29,000
1979	Motorola 68000	68,000
1982	Intel 80286	134,000
1984	Motorola 68020	190,000
1985	Intel 80386	275,000
1987	Motorola 68030	273,000
1989	Intel 80486	1,180,235
1990	Motorola 68040	1,200,000
1993	Intel Pentium	3,100,000
1994	PowerPC 601	2,800,000
1997	Pentium II	7,500,000
1999	Pentium III	9,500,000
2000	Pentium 4	42,000,000
2005	Cell	250,000,000
2006	Core 2 Duo Conroe	291,000,000
2008	Intel i7	731,000,000
2011	Six-core Core i7/8-core Xeon E5	2,270,000,000
2014	Xeon Ivy Bridge-EX (15-core)	4,310,000,000

Here are Apple’s CPUs. Again, how “good” these numbers are isn’t the point, just that there’s a progression here.

Year	CPU	Transistor Count
2013	Apple A7	1,000,000,000
2014	Apple A8	2,000,000,000
2016	Apple A10 Fusion	3,300,000,000
2017	Apple A11 Bionic	4,300,000,000
2018	Apple A12 Bionic	6,900,000,000
2019	Apple A13 Bionic	8,500,000,000
2020	Apple A14 Bionic	11,800,000,000
2020	Apple M1	16,000,000,000

My first computer was a TRS-80 Color Computer, based on a Motorola 6809 launched in 1978 with 9,000 transistors. It was about 52mm by 14mm (or 728mm²). The Apple M1 has about 1.7 million times the number of transistors. I don’t think we have exact dimensions of the M1, but it’s certainly smaller than 13mm by 13mm (less than 170mm²).

Chris’s first CPU was the 6502, which launched in 1975 with about half the number of transistors of the 6809.

According to TechCrunch, Apple is delaying their new anti-tracking features. Instead of shipping with iOS 14, it will ship in an update early next year.

Expected out later this year, iOS 14 will contain a new prompt that asks users whether they would like to opt into this kind of targeted ad tracking. Developers will be able to integrate this prompt into their apps as soon as iOS 14 is released, but they will not be required to, as Apple indicated they would earlier.

Apple won’t force developers to let users opt out of tracking until next year – TechCrunch. (2020, September 3). TechCrunch. https://techcrunch.com/2020/09/03/apple-delay-ios-14-privacy-ad-tracking/

This is bad news for privacy-concerned individuals. Even though Apple already has some of the strongest privacy protections on the market, and shipping in the first calendar quarter of 2021 isn’t that long of a delay, every day a little more damage is done to your privacy.

Over on Daring Fireball, John Gruber doesn’t mince words (though the emphasis is mine):

The entitlement of these fuckers is just off the charts. They have zero right, none, to the tracking they’ve been getting away with. We, as a society, have implicitly accepted it because we never really noticed it. You, the user, have no way of seeing it happen. Our brains are naturally attuned to detect and viscerally reject, with outrage and alarm, real-world intrusions into our privacy. Real-world marketers could never get away with tracking us like online marketers do.

Online privacy should be modeled on real-world privacy. (2020, September 3). Daring Fireball. https://daringfireball.net/2020/09/online_privacy_real_world_privacy

Gruber’s writing on this is terrific and you should read it in its entirety. There are some great real-world analogies. The bit I’ve emphasized is totally the right response to this, and the delay makes me angry. I think everyone should be concerned over this. Every day these fuckers get a little more data about you and it needs to stop.

I’m really curious to know if there are technical problems with this, or if Apple is just giving advertisers more time to adapt. If it’s the latter, they won’t. It’s in advertisers’ best interest to drag their feet as long as possible on this.

MacRumors has a summary of new security features coming in iOS 14.

With every iteration of iOS, Apple adds new privacy features to better protect iPhone and iPad users, and iOS 14 is no exception. This year’s update is worth downloading for the privacy protections alone, which include Privacy Reports in Safari, recording indicators, an option to share approximate location with apps instead of precise locations, and more.

iOS 14 privacy features: Approximate location, clipboard access warnings, limited photos access and more. (2020, August 21). MacRumors. https://www.macrumors.com/guide/ios-14-privacy/

There are a number of really great ideas in here. One of my favorites is how Apple has handled clipboard access. Instead of prompting the user to allow or disallow clipboard reads, iOS just tells the user if it happened. This tells you how often an app is reading the clipboard, rather than just that it has read it once and may read it again in the future.

There are a number of places where clipboard reads are completely innocuous. In our app BeLooped, for instance, we have several screens where the user can type a code that’s received over email, text message, or given out loud by another user. These screens “taste” the clipboard to see if it contains a code when they first open, and again if you switch to another app and back. If it’s not one of our codes, we do nothing with the value.

I’m pretty confident we can explain this behavior to our users: those prompts will only appear “unexpectedly” on screens asking for a code. But if Apple had prompted for permission instead and included an option to let apps always access the clipboard, you’d have no idea when we were accessing it. This bucks Apple’s pattern of asking first and allowing the app to be given “whenever it wants”-type access, but in a particular case where it makes sense.

After I shared my previous post, a friend pointed out this post from earlier this month:

Security questions are a form of “Knowledge based authentication,” or KBA. That is, verifying identity based on a piece of information that “only” the person you’re trying to identify would know.

Why we retired the security question. (2020, July 2). Gandi News. https://news.gandi.net/en/2020/07/why-we-retired-the-security-question/

When you fill out “fun” quizzes you’re actually filling up the bucket on what they know about you.

Wherever possible I’ve started giving random answers to security questions. I store the question and answer in 1Password so I can look it up later. 1Password has a password generator that makes passwords that look like yeJvPGstRdt6hhUau (but longer) which I use for most websites, and a password generator that makes passwords that look like seacoast-shingle-monger-exhibit-harden for passwords I might have to remember or type in. Two words should be good enough for a security answer.

I’ve seen things like the following recently on social media:

• Find out your dominant personality trait (by entering your birth month).
• Find which Chinese year you were born in (by entering your birth year).
• Discover your superhero name by entering the city you were born in and your first pet’s name.

If you participate in fun stuff like this, you’re making it easier for hackers to take control of things and potentially steal from you. And there are people who will participate just because you did.

Every time you follow a link like this and enter information, no matter how “fun” it is, you’ve giving a piece of your identity to someone you don’t know. Would it surprise you to learn that these sites can and do talk to each other? (Not all of them to all, but there’s definitely companies that specialize in this sort of thing.) Each of these pieces of information can be collated.

Once you’ve given up your birth month, it’s known.

Once you’ve given up your birth year, it’s not only known but collated with your birth month. If you’ve entered the birth day (like 13) somewhere, either alone or combined with a month, they’ve got your entire birthday.

Once you’ve given up the city you were born in and your first pet’s name, it’s known and collated with the other personal data.

Now think about the security questions you’ve set up with websites, banks, your insurance company, your cellphone company, your internet provider. They’re things like this, plus mother’s maiden name, name of your third grade teacher, etc. These are just more questions you can be asked in fun personality tests like this. When you are entering seemingly innocuous information to these sites, you are actually giving critical security information away to unknown parties that can be used in the future against you. Most things on the internet are for profit, and if you’re not sure how someone is making a profit from a particular thing it’s probably in a way you don’t like.

Brian Krebs of Krebs on Security wrote this in 2018:

On the surface, these simple questions may be little more than an attempt at online engagement by otherwise well-meaning companies and individuals. Nevertheless, your answers to these questions may live in perpetuity online, giving identity thieves and scammers ample ammunition to start gaining backdoor access to your various online accounts.

Don’t give away historic details about yourself — Krebs on security. (2018, April 9). Krebs on Security. https://krebsonsecurity.com/2018/04/dont-give-away-historic-details-about-yourself/

Please stop making it easy for hackers. Those little games aren’t innocent. This isn’t just about your safety, either. When you share these, your voice provides free advertising for them to people who trust you. There are people who would not otherwise fall for these who will out because you did.

Will Shipley posted an anecdote about Steve Jobs on Twitter. It starts with this tweet:

I feel like people don’t get why Steve Jobs was ultimately so successful. It wasn’t because of his huge ego or because he could be a complete jerk. It wasn’t because of his incredible charisma, although that helped.

Will Shipley. (2020, July 11). Twitter. https://twitter.com/wilshipley/status/1282098099997954048

Please, follow that link to see the whole story. (Twitter will automatically show his thread.)

I don’t have any Steve Jobs stories. I never met him, though I once emailed him a passionate plea to start using breakaway connectors for power on laptops. He didn’t reply, but MagSafe was introduced a couple of years later. I’m sure I’m not the only one who asked, but I’m still glad he listened to users in aggregate.

I strongly believe that a good product is used by its creators and those creators stay in touch with the people that use the product. It’s only in daily use that we uncover the flaws in our products. I know of problems in BeLooped that no more than a handful of people in the world have experienced, and they’re on my list for fixing.

One example is the performance on Android. For whatever reason, our Android programmer wasn’t testing it with a large number of groups. He just wasn’t in a lot of groups. It took Chris and I running it with many groups to determine how slow it could be. We’re now testing the Android client with much larger data sets, and while it will be a while before it performs as well as we’d like we’ve made a lot of improvements.

Another example was on iOS. Every now and then, the forum history would disappear for a user. We had very few reports on this, and no leads that could be reasonably pursued. Because we use the software ourselves so frequently, we were eventually able to notice enough details to find and solve the problem. (It was really complicated, involving a perfect mismatch of several conditions.)

We’ve got more changes requested by users coming, too. We’ve also got a long list of things we want the software to do that will help users, too.

Senators proposed the EARN IT act in March 2020. It’s supposed to be about protecting children from abuse, rape and exploitation. Instead, though, it’s a crippling attack on encryption on the internet. It just passed the senate judiciary committee.

Simply put, the EARN IT bill is the US government’s plan to scan every message online.

A drum I’ve been banging on for a long time is to make sure you’re properly securing your accounts: don’t share passwords between different services, and enable Multi-Factor Authentication (MFA) anywhere you can.