AMITIAE - Wednesday 26 February 2014

Cassandra: Midweek Review - More DoS Site News; OS X goto Problems & the Misinformation Following; 10.9.2 Update; Chip Week; Tesla Battery Gigafactory

apple and chopsticks


By Graham K. Rogers


Monday would have been the 59th birthday of Steve Jobs. There were several comments on this, including Twitter messages from Tim Cook and one from MacDaily News, with the Stamford Commencement video.

My own site difficulties continued through Monday with the realisation by the hosting company that the problems were larger than had been expected. Physically, the servers are in the USA, but the site is a Thai site. All the magic of DNS does that, but the denial of service (DOS) attack put paid to that: eXtensions ceased to exist as far as the DNS was concerned. If you had the IP number, that would still bring up the pages, but we don't usually work that way.

Repairs were under way late Monday, and it was hoped that the data for my site and a number of others could be transferred to a new server. In the meantime, the access was intermittent, so I was able to upload an item on Monday evening; and also check some email once or twice. When I looked at site statistics, we were down to about 25% of normal hits just on Sunday. I also had a nudge from Google telling me their spiders were unable to find the site 51.3% of the times it tried.

On Tuesday morning, a message from the hosting service told me that all the data was about to be moved to a new server as the old one just wasn't working. I think that was more of software problem than hardware. With a temporary solution in action by the end of the business day here, I was able to start uploading again; but there may be more disruption as a full solution evolves.

Stairway During Monday and Tuesday there was more information on the security update to iOS and the delayed update to OS X (which was finally made available at about 01:00 on Wednesday morning).

Of course, some sites were myopic and saw this single example as proof that Apple did not take security seriously. It is amazing how silent they are on other developers or systems, like Adobe, Android or Microsoft whose software is not exactly renowned for lack of problems.

If Apple knew about the problem soon enough to push out the iOS update on Friday morning (here), then that suggests at least a day had passed - maybe more - before discovery. It also hints that they were starting work on an OS X fix at the end of last week; but this appears to be more complex.

The reason for the delay in an update to OS X may be for a number of reasons. For one thing, as was suggested on re/code by James Temple there is more to the OS X problem than initially meets the eye and other apps may be at risk, including Keynote, Mail and Calendar. I note that these sync via iCloud.

What was beginning to get to people by late Monday was the almost total silence on this from Apple. A side note from MacNN suggested that the 10.9.2 update to OS X Mavericks was imminent, and included the comment, a promised fix for SSL security.

Many were annoyed that Apple had said almost nothing, apart from "a fix is on the way" about the insecurities in OS X and there was some realistic comment on this from Karl Bode on TechDirt. We did have plenty of helpful suggestions from different sources that I included in Monday's Cassandra Review, but nothing concrete from Apple. In between checking for my own site to reappear, I clicked on Software Update several times, but the Mac App Store always reported "No Updates Available."

There is an explanation by John F. Braun on The MacObserver about what this one stray line of code could mean: imagine that, one line among hundreds of thousands. Much of the information here was already available Monday and I put some of this out in Monday's (delayed) Cassandra Review. As Braun suggests, the insecurity is there, so be circumspect, but it does not mean you are automatically under attack.

Later, CBC News had an article by Andre Mayer who is not normally thought of as anything expert on Apple. He managed to find a few tame experts to cry, Shock! Horror! at Apple's one line of code and build this up into a major production.One of these was Brian Bourne who in a blog post lauds the Microsoft Surface among other things, but despite the apparent security credentials does not seem to have much to answer why he was quoted. His suggestion that Apple security is based on restricting what software can do, just does not cut it and leads the reader into an idea that has little proof. "Restricting" is just one part of a much larger picture.

Bourne is also wrong about Apple not engaging with those reporting faults as this information is often included in security updates, as a few minutes taken with a search engine might have found the Apple Support Document HT1318 that acknowledges more than a couple of hundred (I gave up counting) who had reported problems to Apple. Maybe Apple just doesn't engage with Bourne.

To further highlight the error of that assertion, another iOS flaw has been revealed, Benjamin Mayo reports on 9to5 Mac, including the comment that "FireEye is in communication with Apple about this security hole."

Johannes Ulrich seems a little better and he does at least have some muscle, but his assertion that Apple's security is a myth may just be playing to the gallery and for proof uses the iOS 7 insecurity, which we know about anyway. But the one that had me laughing the most was the suggestion that Macs are under attack (a discovered weakness does not mean attack) because the platform is popular. This of course turns the previous argument that Macs were not targets for virus attacks because of security through obscurity.

The climax is when Bourne compares Apple with Microsoft, who had had a shock in - he says - 2003 with the Blaster Worm. "Hengartner thinks with the latest iOS security flaw, Apple may be reaching a similar point."

This is based on a known sample of one? And how many viruses affect Windows?

The 10.9.2. update to OS X arrived in the early hours here, so I saw it when I woke up Wednesday. The documentation that Apple linked to begins with the suggestion that users back up There is a big list of changes, with the SSL bug at the bottom:

  • Adds the ability to make and receive FaceTime audio calls
  • Adds call waiting support for FaceTime audio and video calls
  • Adds the ability to block incoming iMessages from individual senders
  • Includes general improvements to the stability and compatibility of Mail
  • Improves the accuracy of unread counts in Mail
  • Resolves an issue that prevented Mail from receiving new messages from certain providers
  • Improves AutoFill compatibility in Safari
  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder
  • Improves VoiceOver reliability when navigating websites
  • Improves compatibility with Gmail Archive mailboxes
  • Includes improvements to Gmail labels
  • Improves Safari browsing and Software Update installation when using an authenticated web proxy
  • Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
  • Improves the reliability of diskless NetBoot service in OS X Server
  • Fixes braille driver support for specific HandyTech displays
  • Resolves an issue when using Safe Boot with some systems
  • Improves ExpressCard compatibility for some MacBook Pro 2010 models
  • Resolves an issue which prevented printing to printers shared by Windows XP
  • Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
  • Fixes an issue that could prevent certain preference panes from opening in System Preferences
  • Fixes an issue that may prevent migration from completing while in Setup Assistant
  • Provides a fix for SSL connection verification

I told you it was big.

A number of those changes are for improvements to the way OS X works and have been in the system for a while.

Airport Extreme As I like to be, I was a bit ahead of the curve when it came to the latest IEEE Wi-Fi standard. When the Airport Extreme router was announced last year I ordered one right away, but had to wait some months to be able to take advantage of some of the speed. my 13" MacBook Pro has the Wi-Fi capability, but not the iPhone 5s, so I am still waiting for the second device to push data transfers faster, although both take advantage of the better 802.11n capabilities. Jordan Kahn on 9to5 Mac reports on a new Broadcom 5G, 802.11ac chip that should be available in a few months and he identifies mobile applications - specifically iPad and iPhone - as a possible destination for this.

Other news on chips comes from Adam Shah on PCWorld who writes about the Intel catchup 64-bit Atom chips, which should be in Android devices later this year: about 12 months after Apple caught everyone with the iPhone 5s: you know, the company that doesn't innovate. There is some good information in this article as well as a road map and speculation on possible devices.

Another chip - this must be chip week - is from Imagination, AppleInsider reports, and this one may also be headed for Apple devices with a "192-core GPU that it claims will produce the most powerful graphics yet in mobile phones and tablets." The article includes a diagram of the processor as well as other good information. There were other rumours about graphics on the predicted iPhone 6, so this one may have some legs [my source for this was MacDaily News].

In the Cassandra Review on Monday, I looked at the low prices for the iPhone 5c that True is offering here and wondered why this had not been a good seller. It had all the makings of a device that would appeal to bright young things, but people preferred the top of the range iPhone 5s, which alos puts in context the Wall Street insistence that Apple must make a cheaper phone to gain market share. On Monday, Yoni Hessler on TUAW made some comments on why the iPhone 5c may have failed to connect.

Now, however, Jack Purcher on Patently Apple reports that the iPhone 5c is picking up some love in Europe, particularly among "hip females" (which sounds as if it comes from the 1960s).

Samsung, the clone company, has released its Galaxy S5 with (surprise, surprise) a fingerprint sensor and a gold model. Apple does not trademark gold of course. Recently I was travelling on a bus in Kanchanaburi with students and colleagues. One of them had a Samsung phone and we were looking at locations on maps using our phones. The iPhone - using EDGE and on a moving bus - was able to load the map faster than the Android equipped Samsung thing every time.

Rene Ritchie on iMore looks at this new phone and the Galaxy S5 problem which he writes is "no Samsung slam dunk." He adds: "There was nothing to make anyone forget about Apple. If anything, it took some of the pressure off, even as it left the door wide open and perhaps even raised interest in what Apple's going to do next."

Nikon D4s The expected arrival of a new Nikon flagship camera finally arrived this week when the D4s was released. We are told by DPReview that "the D4s packs more processing power, a refined autofocus system, faster continuous shooting, and more video features (including 1080/60p support)".

With the current D4 selling at around 200,000 baht here, we can expect a similar price, but some of those D4 cameras remaining may well be discounted. The extensive review of this magnesium alloy beast tells us that the price in the US is $6499.95.

Last week there was news that Apple had been meeting with Tesla which brought forth all manner of denials as well as a couple of articles wondering about Apple taking over the company. This week, Tyler Durden reports on ZeroHedge that Tesla is to build "the world's largest battery factory": a gigafactory. And the reason for the factory is to make batteries. Good for the Tesla cars; good for battery prices; good for Elon Musk and Solar City.

And maybe also good for Apple.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs.



Made on Mac

For further information, e-mail to

information Tag information Tag

Back to eXtensions
Back to Home Page