eXtensions - Wednesday 27 December 2017
eXtensions: The Wednesday File (37) - Security Fallout and Merging Platforms
By Graham K. Rogers
Although we were warned all during the year that the new iPhones would be failures and Apple had supply chain problems, when the iPhone 8 and latterly the iPhone X were released it seems that a lot of people bought them, despite what experts had been insisting. This happens so often (take the record last quarter for example) that one would think people would have the idea by now. I am of course joking.
Selling Apple short makes headlines, makes hits and so makes some people money. At the beginning of this week, despite apparent high sales, another report of missed targets appeared. This morning, Neil Hughes (AppleInsider) reports that another analyst disputes these suggestions and confirms that iPhone X production is on schedule, noting that sales in China are good. I will wait for the next quarterly results.
iPhone 8 (left) and iPhone X
It began with the information that it was possible to enter a Mac Root account with a couple of simple keystrokes. This had been reported weeks before and nothing had apparently been done. It was only when someone put the details online that panic set in and action was taken to fix the gaping hole.
OS X and macOS have no Root password by default, unlike other Unix (and Linux) systems. I can remember setting up Silicon Graphics computers running IriX and the first thing done was to create a Root account. With no password on the OS X Root account, it was impossible to guess the password (you can't guess what doesn't exist) and any Root tasks need Admin account actions, which could not be done other than by the physical presence of a logged in user: no viruses for you.
When the weakness became known, several online sources recommended adding a password and then disabling it. I presumed (rightly) that a fix would be coming and waited this one out as it would need physical access to the computer to use this exploit. I keep my Macs close to me and a fix was released in a day or so, although some users still had problems with the rushed fix.
A few days later, there was an iOS problem when some found that on 2 December the devices were crashing unless they changed the date. Again a fix was put out; but this one appeared quickly and for me it was on a Saturday afternoon: highly unusual.
Unfortunately, a developer, who goes by the name Khaos Tian, found a weakness in HomeKit back in October and told Apple who fixed one part of the problem, but opened another door even wider. With a lack of action, and poor communication, he contacted 9to5 Mac who released bare details about the problem: Apple finally acted and a fix has now been produced.
I picked this up first on The Verge (Thomas Ricker), but the earlier story on 9to5 Mac which I had missed (Zac Hall) that appeared 2 weeks ago is more worrying. In the macOS Root situation and this HomeKit one, the team at Apple who should be taking care of the locks and keys, let us (and Apple) down and it is not until there is a public airing of dirty laundry that anything was done.
After the macOS Root publicity, Apple stated that the auditing process was to be reexamined and shortcomings would be addressed. Another example here suggests that these shortcomings have an unusual urgency.
I wrote a comment about this on Sunday. At that time there were three law cases filed, but this has grown to 9 now, with one at a ridiculous $999 billion (Patently Apple). A later article from Andrew Orr (The MacObserver) outlines the comments of a battery scientist: these experts regard capacity falling to around 70% - 80% as the battery's end of life (EOL). With other comments as to cause and effect, it appears that Apple acted reasonably in its update that throttles power. The problem is not so much with the act, but conveying the Why to users.
Many commentators also saw this as the end for macOS, especially with the push that Apple was having for these new hand-held devices. I found that I could ignore the app in most cases and focus on the task I wanted to do. It is immaterial which platform I am working on.
Apple was ignored when it kept telling critics and users that the macOS would continue: as would the development of new Macs. Even the announcement and subsequent release of the iMac Pro did little to reduce this. Note that Apple sold 5.386 million Macs in its most recent quarter, which was up 10% on the same quarter of the previous year. That is over $20 billion a year: the sort of revenue that some companies envy, for what some critics see as a niche product: some niche.
iPad Pro (image courtesy of Apple) and Mac Pro
There was a bit of a surprise last week when the first reports of Project Marzipan (sounding like a renamed Android OS) appeared. Apple was apparently intending to allow developers to produce apps that would run on Macs and iOS devices (Mark Gurman, Bloomberg).
I can see some limits here, for example with Final Cut Pro, although there are apps like FiLMIC Pro (and others) that allow some good video work to be done on iOS devices. Photo-editing apps abound of course, including some that have roots on the Mac. With Keynote, Numbers and Pages, I just work on the platform that is most convenient, although I concede that creating a presentation is easier on the Mac.
There is also the fine example of Affinity Photo that I use on the Mac and iPad. This also runs on Windows because of the early development done on the core engine of the app which makes it more easy to port to different platforms. There was considerable speculation about this, for example Dan Moren (Six Colors), who also looks towards "a future unified platform."
More information is expected to be forthcoming at the next WWDC in June, although with Apple, they may start everything earlier, or simply drop the idea (although I doubt that). There are some Mac apps I would love to have on the iPhone and vice versa: there are so many great iOS apps that would beef up the Mac if I could use them on that platform. As a useful note, Michael Simon (Macworld) writes about 30 free Mac apps. I have some of these and do not agree with all of his choices, but there are several good ideas that even regular Mac users could think about,
Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)
For further information, e-mail to
Back to Home Page