With the introduction of the iPhone X and Face ID, some are concerned that Apple’s new biometric system is not as secure or easy to use as the legacy fingerprint-based Touch ID. AppleInsider digs deeper to explain why you shouldn’t fear facing the future.
I went into the iPhone X launch with some preconceived notions about Touch ID having some convenience advantages over Face ID.
As this article points out, the convenience advantage lies with Face ID, and Face ID is only going to get better over time. It is the future. Good read.
UPDATE: Looks like Apple’s re-issue of Security Update 2017-001 most likely addressed the file sharing issue, so there’s nothing you need to do on your end. [H/T, Bryan Lee]
Short story even shorter, you’ll go to Terminal and enter this line:
sudo /usr/libexec/configureLocalKDC
Follow with your admin password, when prompted, and you should be good to go. This is all a bit of a mess, but kudos to Apple for their rapid response here.
It’s natural to speculate how a bug as egregious as the now-fixed High Sierra root login bug could escape notice for so long. It seems to have been there ever since High Sierra 10.3.0 shipped on September 25, and may have existed in the betas through the summer.
And:
More insidious though, is the notion that it might not have escaped notice prior to its widespread publicization yesterday — but that the people who had heretofore discovered it kept it to themselves.
If you’re unable to login at startup using username: root and empty password, then login with your existing account (standard user).
Again, head over to System Preferences>Users & Groups. Click on the Lock Icon. When prompted for username and password, type username: root and leave the password empty. Press enter. This might throw an error, but try again immediately with the same username: root and empty password. This should unlock the Lock Icon.
There it is, in all its glory. This was a known issue a full two weeks ago. And well enough known that someone pulled it out as a recommendation for someone else. In other words, this was not discovered two weeks ago, it was already old hat. It’s possible this was discovered back in September, when High Sierra first shipped.
I get how a bug can sit there, undiscovered, for a long time. But (and this is my two cents) once it’s known, find a way to quietly and privately communicate this to Apple. There are many ways to do that. Filing a radar is the obvious first path, but what do you do if that does not get the attention of the right people?
Going to Twitter might seem the exact wrong approach, but I think that’s actually a pretty effective path, provided you do so without revealing any of the details in public. I’ve found that a tweet to @AppleSupport always yields a response. Start by saying you’ve got a significant security bug, but one whose details you don’t want to reveal in a public forum. I’ve no doubt the @AppleSupport mechanism will quickly offer you a path to start a private DM chat.
That’s my take. File a radar, then follow with an @AppleSupport tweet, but keep the details private. Give Apple a chance to fix this before word gets out. This isn’t about Apple’s reputation, this is about minimizing the misuse of a security breach.
Of the handful of companies that have come to define technology in the 21st century, including Amazon, Facebook and Google, only Apple depends on selling its own hardware. And Ive’s mark is on everything Apple builds, from the airy, minimalist chic of its 497 retail stores to seminal devices like the iPhone and iPad, and newer pieces like the Apple Watch and the upcoming HomePod speaker.
It’s clear from my recent interview with Ive—he’s sitting on a sofa in a suite at the Carlyle Hotel in Manhattan—that his artistic impulses haven’t changed much since childhood: He has always sought to make things that aren’t just beautiful but are supremely functional as well.
The team behind Pixelmator is releasing a brand new app today called Pixelmator Pro. As the name suggests, it is a more powerful, refreshed version of the company’s original image-editing app. You can buy it today for $60 on the Mac App Store or try it for free.
It is a fully native app that takes advantage of most of Apple’s native APIs. While Adobe is still struggling to release Photoshop patches for macOS High Sierra, Pixelmator Pro is already using Apple’s latest APIs.
Pixelmator Pro has all the tools you’d expect from an image processor, such as a smart selection tool, retouching tools, painting tools, all sorts of color adjustment effects and more.
Pixelmator has been teasing us for a long time about this app and it’s finally here. I’m looking forward to testing it out.
The Rockford Files hit the airwaves in September 1974, and until the show ended in 1980, each episode began in the same way. During the title sequence, you’d hear a phone ring, and then an answering machine would start to play, “This is Jim Rockford. At the tone, leave your name and message. I’ll get back to you.” With each new episode, a caller would leave a different message after the beep.
The short messages told you pretty much everything you needed to know about Jim Rockford. He’s a private detective living paycheck to paycheck. He cuts corners and bends rules when he needs to. He has friends among women, and enemies among men. He’s a quintessential private dick.
How many of you will say, “Cool!” and how many will say, “Who’s Jim Rockford?”
Join us for an Hour of Code from Dec. 4–10, and celebrate Computer Science Education Week at Apple. Whether you’re a kid or adult, beginner or developer, you can master the basics, code with Swift, program robots—and turn an hour into a lifelong love of code.
I’ve got a (new!) 12-year-old and I really wish I could get him to one of these sessions. I’ve heard a lot of good things about them.
An update to High Sierra has now gone live. It addresses the root password issue we first mentioned in this post.
“Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS”, said an Apple spokesperson in a statement to The Loop.
“When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.
We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”
The download is now available via the Mac App Store.
This is an ugly hack, not something I would ever do to what I consider a beautifully designed case. Especially considering that Apple is said to be shipping their own inductive AirPods case in the near future.
That said, I did find this interesting, a chance to see how to quickly and cheaply implement a Qi-compatible wireless charging solution.
eero WiFi System: eero’s mesh network is simply the best WiFi system in the industry. It’s simple to set up and covers your entire home. Go to eero.com and enter dalrymple at checkout to get free shipping in the U.S. and Canada.
Facebook may soon ask you to “upload a photo of yourself that clearly shows your face,” to prove you’re not a bot.
The company is using a new kind of captcha to verify whether a user is a real person. According to a screenshot of the identity test shared on Twitter on Tuesday and verified by Facebook, the prompt says: “Please upload a photo of yourself that clearly shows your face. We’ll check it and then permanently delete it from our servers.”
And:
In a statement to WIRED, a Facebook spokesperson said the photo test is intended to “help us catch suspicious activity at various points of interaction on the site, including creating an account, sending Friend requests, setting up ads payments, and creating or editing ads.”
This is somewhat reminiscent of Face ID, though presumably without the machine learning aspect, with zero 3D information (it’s a picture, after all) and, also presumably, with a much slower reaction time.
My two cents: I find it interesting that we have such a splintered approach to security. We’ve got security cams, passwords, fingerprints, iris scanning, and 3D facial mapping, all implemented with varying degrees of success by a wide variety of vendors.
Over time, there will be a tension for standards to emerge, to allow for constant verification. With the obvious dystopian potential that goes along with constant surveillance. This tension is between the requirement to verify that you are you, to validate a transaction, protect you from hackers and the like, and the desire to track you, to mine your habits.
With each new security standard you sign up for, opt into, important to know exactly where that data goes, what it will ultimately be used for.
Apple said it is working to fix an issue that allows someone to login as a root user when they have access to your machine.
“We are working on a software update to address this issue,” an Apple spokesperson said in a statement provided to The Loop. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
There’s a security hole in macOS High Sierra and we’ve verified the issue.
First reported in this tweet:
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
Click the lock to make changes but do NOT enter your normal credentials
Instead, change the user name to root, leave the password field blank, but click in the password field (does not appear to work if you don’t click in the password field) and click Unlock
If you don’t get in, change the user name to root, leave password field blank (but click in it), click Unlock again
Eventually, you will get a second Unlock dialog. Repeat this procedure with root and empty password field. This time, when you click Unlock, the admin lock will unlock and you are in.
Note that this does require you to have physical access to a machine and be already logged in to the machine. I have verified this on my machine and it does work.
While this is an issue, this would be way more of an issue if this technique allowed you to log in to a machine (perhaps a stolen one, for example), as opposed to gaining root access to a machine whose user logged in and granted access in the first place. Not nothing, but the sky is not falling.
We’ve reached out to Apple and will update this post the moment we hear back.
UPDATE: This just got a bit worse. This same technique will enable you to login to any Mac whose login options are set to “Display login window as Name and password” instead of “Display login window as List of users”.
While you wait for Apple to respond, suggest you do this:
Go to System Preferences / Users & Groups
Click the lock, login as your admin user
Click Login Options (bottom left)
Click List of users instead of Name and password
You can also follow up by entering a root password or, as others have suggested, disabling the root user. My suggestion would be to wait until Apple responds, then follow their suggested advice.
Some of the year’s best classic rock came from pop stars like Kesha and Harry Styles; some of the year’s most acclaimed pop statements came via glossier sounds from alterna-rock icons like Queens of the Stone Age, Foo Fighters, St. Vincent and Grizzly Bear. SZA melded emo self-evaluation with the sounds of modern R&B, Chris Stapleton joined classic soul to contemporary country, Jlin added experimental cutting-edge textures to Chicago dance music, Valerie June explored decades of American music and Drake pulled sounds and collaborators from all across the world. Here’s the best of a tumultuous year.
I’m officially old. Not only do I not own any of these albums, I’ve never even heard of three-quarters of the listed bands.
When he died from cancer on Dec. 28, 2016, the 31-year-old Pan Pan was the world’s panda paterfamilias: the oldest known living male and the panda (male or female) with the most genetic contribution to the species’ captive population. Today, there are 520 pandas living in research centers and zoos, mostly in China. Chinese officials say more than 130 of them are descendants of Pan Pan.
Pan Pan saved his species by being really, really, ridiculously good at sex.
I bet when you woke up you didn’t think you’d be reading a really interesting story about panda sex today, did you?
Apple began a support Twitter account early in 2016, answering customer queries and tweeting out the occasional iOS tip. It has now expanded into a dedicated Apple Support YouTube channel.
The account features highly-produced tutorial videos explaining all sorts of iOS features from how to change your wallpaper to deleting your call history.
And now this. What’s going on here? Is this machine learning going awry? Is this the future of AI? Works most of the time, but every so often a robot goes insane and starts breaking things?
One problem with machine learning is that it creates evolving behavior, which creates a complex tree of possible behaviors, impossible to completely test.
That said, is that what’s going on here? Or is this something more mundane? It’d be good to actually know the cause of these issues. So far, mum’s the word.
When my 10.5″ iPad Pro arrived I decided to do a little experiment. You see, I honestly believe that the iPad, iPhone, and other micro super-computers are the future of computing and I want to force myself out of old-man complacency. Five months ago I committed to that experiment and avoided using my Mac unless there was absolutely no way to do something on my iPad or iPhone. Last week I ended my experiment and I have a few opinions (big surprise).
I use my Mac, iPhone, and iPad in a mix throughout the day. My iPhone is always with me, gets all the looks when I am away from my desk. My Mac gets all my looks at my desk. And my iPad gets the rest, those times when I am bopping about, laying about, or in a car (not driving!)
[Of course, my Apple Watch gets its share of looks, no matter the device I’m using, but in my view, does not impact the Mac vs iPad argument.]
Gabe’s piece really captures my feelings about the Mac, why it is the best solution for certain (but by no means all, or even most) situations. Here’s a taste:
I do a lot of text editing, so this is a category where I feel friction the most. There’s really no comparison for me. Text editors on the Mac are more feature rich and I can edit faster than on iOS.
Friction is a perfect word. The Mac is customizable to the point where I can really get at those friction points, ease them to make my process more efficient. iOS, on the other hand, is more portable, easier to get going and, for me, always with me every second I’m awake.
Apple has found a perfect blend of devices. At least for me and my habits.
That said, read Gabe’s piece. See if it resonates for you.
With the improved sensor, wider aperture, and added optical image stabilization on the telephoto lens in the iPhone X, I wanted to see if Apple’s frequency of presenting a cropped image at 2X was reduced at all. The answer: yes. But by how much?
I created a test to hopefully get a rough idea of how much light is required before an iPhone 7 Plus and iPhone X decide to switch to their respective telephoto lenses in 2X mode.
One of the things I’ve seen people talking about is the much improved low light capability of the iPhone X. This is a good description of what happens in low light with the iPhone 7 Plus and iPhone X and how the X deals with it much better.
Regardless of how much (or little) you enjoy the singing or production values, I do find this a fascinating piece of Apple history. Folks who’ve been around the Apple universe for long enough will recognize a lot of these references.
The video was originally posted in 2012, but I just came across it this morning, thought it worth sharing. Anyone recognize anyone in the video? They are ALL Apple employees.
Steven Aquino, responding to Marco Arment’s fixing the MacBook Pro post, specifically this point Marco made about the Touch Bar:
Sorry, it’s a flop. It was a solid try at something new, but it didn’t work out. There’s no shame in that — Apple should just recognize this, learn from it, and move on.
From Steven’s response:
Arment’s recommendation that Apple “back away from the Touch Bar” reiterates a popular sentiment in the Apple community: in blunt terms, the Touch Bar sucks. I’ve read many articles and heard many podcasts where prominent members of the community deride the feature and question its future. These criticisms, while legitimate, sting me personally because I like the Touch Bar.
Read on for the details, but I agree. Don’t throw the baby out with the bathwater. The Touch Bar is an important concept. Let it evolve into the thing it was born to be.
There’s a lot to like about the new MacBook Pros, but they need some changes to be truly great and up to Apple’s standards.
Here’s what I’m hoping to see in the next MacBook Pro that I believe is technically possible, reasonable, widely agreeable, and likely for Apple to actually do, in descending order of importance:
On the newer, butterfly keyswitches:
Butterfly keyswitches are a design failure that should be abandoned. They’ve been controversial, fatally unreliable, and expensive to repair since their introduction on the first 12” MacBook in early 2015. Their flaws were evident immediately, yet Apple brought them to the entire MacBook Pro lineup in late 2016.
After three significant revisions, Apple’s butterfly keyswitches remain as controversial and unreliable as ever.
No matter how you feel about the feel of the butterfly keyswitch, reliability and cost of repair are real issues. To me, butterfly or scissor design, Apple should stand by their keyboard design. If it’s true that the butterfly keyswitches are breaking far more frequently than their scissor predecessors, Apple should acknowledge this and extend warranty support for the keyboards, repair them free of charge for, say, two years.
On the placement of the arrow keys on the new keyboards:
The Magic Keyboard only needs one change to be perfect for the MacBook Pro: returning to the “inverted-T” arrow-key arrangement by making the left- and right-arrow keys half-height again. This arrangement is much more natural and less error-prone because we can align our fingers by feeling the “T” shape, a crucial affordance for such frequently used keys that are so far from the home row.
Yup.
On Apple branded USB-C hubs:
Apple’s most full-featured USB-C accessory is downright punitive in its unnecessary minimalism: one USB-C passthrough, one USB-A (a.k.a. regular/old USB), and an HDMI port that doesn’t even do 4K at 60 Hz — all for the shameless price of $80.
Instead of giving us the least that we might possibly need, this type of product should give us the most that can fit within reasonable size, cost, and bandwidth constraints.
How can you argue with this?
USB-C is great, but being limited to 2 or 4 total ports (including power) simply isn’t enough. Even if you adopt the USB-C ecosystem, these MacBook Pros are more limited than their predecessors
On the Touch Bar:
Sorry, it’s a flop. It was a solid try at something new, but it didn’t work out. There’s no shame in that — Apple should just recognize this, learn from it, and move on.
Not sure I agree with this. As is, the Touch Bar might not be exactly right, but it is a concept that some people do find useful, even invaluable. I think of Touch Bar as more an early adopter work in process, a MacBook element that will evolve into something we all grow to love.
And on charging:
I’d like to see them bring back the charging LED on the end of the cable, and the cable-management arms on the brick. These weren’t superfluous — they served important, useful functions, and their removal made real-world usability worse for small, unnecessary gains.
Amen. I miss the charging LED, especially.
Thoughtful work from Marco, well worth the read, a terrific conversation starter.
This is a fascinating glimpse of Google’s R&D organization, known as X. What I found most fascinating, was the coverage of one of the earliest X moonshots, Project Loon:
Loon took the spotlight in the wake of Hurricane Maria, which knocked out power and communications for nearly all of Puerto Rico’s 3.4 million residents.
Before the storm, Project Loon’s team had been working on an AI-based navigation system that can keep high-altitude balloons over a given area for weeks or months at a time to provide aerial internet connections. Peru was the primary testing ground, and Puerto Rico was one of the launch sites. After the hurricane hit, the focus shifted to filling the gap in Puerto Rico. The team quickly worked out arrangements with Puerto Rico’s government and federal authorities as well as AT&T and T-Mobile to boost connectivity.
And:
X says Project Loon is currently providing basic internet connectivity for more than 100,000 people in Puerto Rico.
Loon may not be as well known as Google’s self-driving vehicle project, Waymo, but Project Loon has achieved a real-world impact.
ModMy today announced it has archived its default ModMyi repository on Cydia, which is essentially an alternative App Store for downloading apps, themes, tweaks, and other files on jailbroken iPhone, iPad, and iPod touch devices.
ZodTTD/MacCiti also shut down last week, meaning that two out of three of Cydia’s major default repositories are no longer active as of this month.
And:
The closure of two major Cydia repositories is arguably the result of a declining interest in jailbreaking, which provides root filesystem access and allows users to modify iOS and install unapproved apps on an iPhone, iPad, or iPod touch.
I’ve always thought of jailbreaking as a wild west frontier, with few rules, little oversight and, correspondingly, no real way to prevent malware. Jailbreaking also technically violates your iPhone warranty.
But, that said, jailbreaking also brought some interesting, experimental features to iOS. Over time, Apple caught up, bringing the more successful jailbreaking features into the fold.
