Archive for October 10, 2014

Friday, October 10, 2014

iOS 8’s Health App

Chuq Von Rospach:

The first thing I really like: it implements an ICE (In Case of Emergency) contact area on the phone available even if you’ve put in a PIN lock. […] Everyone should set this up. You do so by firing up the Health app and going into the Medical ID area.

[…]

The first problem is the app has no way to back up data — I’ve already heard of someone who reset and restored a device and lost the data collected. There’s no way to export the data, there’s no way for me to import my existing data — and I have years of it accumulated. There’s no web version on iCloud so there’s no way I can look at or share the data, and it doesn’t sync the data to the cloud. The app isn’t available on the iPad, either, so the data can’t be views/manipulated there.

In other words, it’s a write-only data hole, and if you have to restore your device or lose it, the data’s gone. So using this “in production” is a non-starter. The app has a feel of a working demo, not a final app.

[…]

There is no way for a woman to track her period, and there’s no capability for fertility monitoring.

[…]

There is no “notes” section. One thing I do in my spreadsheet is keep notes about various things that happen on specific days, like when I change dosage on a prescription or switch drugs. I can go back three years and see what I was taking and what dosages. there’s no way to do that in this app. I also keep key events documented that give context to the readings at that time, like “Norovirus” or “Visited the Emergency room”. To me, unless I can annotate notes onto a given day, this app is a lot less useful than it could be.

I was surprised that it doesn’t track blood cholesterol (LDL and HDL) or triglycerides. I presume that there will be third-party apps to export and import the data.

Secure Golden Key

Jonathan Zdziarski:

So Apple fixed their security – so what? Well, they fixed it right… and that means that they fixed it so they, themselves, couldn’t break into it… which is the only way to do encryption right. They can’t break into their own phones, at least without using a password breaking tool. That is significant. So in fixing their security, Apple has now said to law enforcement, “we’re sorry, but we’d have to perform sophisticated attacks against our own products in order to even have a chance at dumping data for you.” What they haven’t said, but is very much also the truth, is “we’ve made our products secure enough so that we can’t even hack them … and can keep you safe from criminals, keep our public officials safe from spy agencies, and can keep our military safe from foreign governments – all looking to spy on, eavesdrop on, steal data from, and learn crucial intelligence to harm America (insert any other country here)”.

Bruce Schneier:

FBI Director James Comey claimed that Apple’s move allows people to “place themselves beyond the law” and also invoked that now overworked “child kidnapper.” John J. Escalante, chief of detectives for the Chicago police department now holds the title of most hysterical: “Apple will become the phone of choice for the pedophile.”

Matthew Green:

Since only the device itself knows UID -- and the UID can’t be removed from the Secure Enclave -- this means all password cracking attempts have to run on the device itself. That rules out the use of FPGA or ASICs to crack passwords. Of course Apple could write a custom firmware that attempts to crack the keys on the device but even in the best case such cracking could be pretty time consuming, thanks to the 80ms PBKDF2 timing.

(Apple pegs such cracking attempts at 5 1/2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!)

The Washington Post:

How to resolve this? A police “back door” for all smartphones is undesirable — a back door can and will be exploited by bad guys, too. However, with all their wizardry, perhaps Apple and Google could invent a kind of secure golden key they would retain and use only when a court has approved a search warrant.

Chris Coyne:

A “golden key” is just another, more pleasant, word for a backdoor—something that allows people access to your data without going through you directly. This backdoor would, by design, allow Apple and Google to view your password-protected files if they received a subpoena or some other government directive.

[…]

Apple’s anti-backdoor policy aims to protect everyone. The following is a list of real threats their policy would thwart. Not threats to terrorists or kidnappers, but to 300 million Americans and 7 billion humans who are moving their intimate documents into the cloud. Make no mistake, what Apple and Google are proposing protects you.

Whether you’re a regular, honest person, or a US legislator trying to understand this issue, understand this list.

Update (2014-10-14): Rich Mogull:

Law enforcement, especially federal law enforcement, has a history of desiring and imposing backdoors into technology. The Communications Assistance for Law Enforcement Act (CALEA) of 1994 requires all telecommunications equipment manufacturers to enable remote wiretapping for law enforcement in the hardware. But CALEA backdoors have also been abused by criminals and intelligence agencies.

Update (2018-06-02): Devlin Barrett (via Hacker News):

The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000, The Washington Post has learned.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order.

iOS 8 Family Sharing

Geoffrey Goetz:

In the old style of sharing an iTunes account, computers and devices could switch between different accounts every ninety days. With the new iTunes Family Share, each iCloud account can only be associated with one Family Share at a time, and can switch only twice in a calendar year.

[…]

What makes it worth switching is the fact that the children on the account can start building up their own account with their own apps. This may not be important for any child under the age of thirteen, but will become important once your child grows up and wants to manage their own purchases. With the old style of sharing an iTunes account across multiple devices within a family, there was no way to break away from the family and start of with a library of your own apps, music, books and movies. Now there is, family members can start building up their library before moving out of the family.

Update (2014-10-24): Dave Stachowiak:

Family sharing doesn’t seem to be all it was cracked up to be. It’s not making sense to have to pay for iTunes Match multiple times or in app purchases again for different IDs in the same house.

iPhone Bend Testing

Previously, on Bendgate: Just Avoid Sitting in That Way.

Josh Lowensohn:

Apple’s answer today, both in a statement and now in these testing facilities, is that the iPhone 6 is tough. It’s made with steel / titanium inserts designed to reinforce potential stress points, a special blend of aluminum Apple formulated itself, and ion-strengthened glass. But more important, Apple says, is that the iPhone 6 has been put through hundreds of tests, as well as tested in the pockets of thousands of Apple employees before consumers ever get their hands on it.

[…]

Apple was mum on how much the new iPhones can actually take, something it considers a trade secret. It pointed only to 25 kilograms, the amount of weight Apple puts on top of the iPhone’s screen to test it for the bends. Next to a machine that does this thousands of times is a small set of weights: this isn’t actually the full amount of weight the phone can take Riccio says, just what it can handle while being capable of “bouncing back” to its original form. Even so, there are limits.

[…]

Along with that three-point test, there’s what’s known as a “sit test,” which simulates the stresses iPhones undergo while in pockets. And not just any pockets, either. There’s a test for when people sit on a soft surface, when the iPhone is sat on, as well as what Apple considers the “worst-case scenario,” which is when it goes into the rear pocket of skinny jeans and sits on a hard surface — at an angle.

Consumer Reports (see also the criticisms at Hacker News):

All the phones we tested showed themselves to be pretty tough. The iPhone 6 Plus, the more robust of the new iPhones in our testing, started to deform when we reached 90 pounds of force, and came apart with 110 pounds of force. With those numbers, it slightly outperformed the HTC One (which is largely regarded as a sturdy, solid phone), as well as the smaller iPhone 6, yet underperformed some other smart phones.

John Gruber:

Consumer Reports is the outfit that made Antennagate a thing. If anything, their reputation is such that you’d expect them to fan the flames on this, not extinguish them. They’re saying the iPhone 6 Plus is even more bend-resistant than the regular 6. This should put an end to Bendgate — but it won’t, because in the minds of the deranged, the new iPhones bend like a chocolate bar left out in the sun.

This reminds me a lot of Antennagate. Here, as there, independent tests show that Apple’s new phone performs worse than the previous generation model, as well as some popular models from other companies. Yet people generally conclude that there is no story there. To me, the takeaway from the Consumer Reports test is that the iPhone 5 is almost twice as resistant to deformation as the iPhone 6, withstanding 130 lbs. vs. 70 lbs.

The question I would like answered is: What is Apple’s policy on replacing bent phones that were put in a front pocket but not otherwise mistreated? That should tell us whether they intend the iPhone 6 to be as durable as the previous models that we have all been using. The answer seems to be that you are out of luck.

Update (2014-10-11): Brad W. Allen bent his iPhone in his front pocket and returned it without issue.

Update (2014-10-16): Accidental Tech Podcast has follow-up about iPhones bending and Apple not replacing them.

Update (2015-08-27): Dr. Drang:

Despite these deficiencies, Lew’s basic conclusion holds: the new shell is far stronger than the current one. I wouldn’t trust any of the numbers, but there’s no question that his qualitative result is correct.

Why is the new shell so much stronger? The possibilities are stronger material, better structural geometry, or a combination of both.

[…]

In the video, Lew finesses this unknown by calling the new material “7000 series,” which is certainly true, but it’s not the whole truth. To me, the fact that the aluminum in the new shell doesn’t meet a standard specification is one of the most interesting findings. It suggests that Apple has developed its own proprietary aluminum alloy.

On iPods, iTunes, DRM, and Lock-in

Nick Heer:

If the songs did not have DRM, they could be played on iPods without any hiccups. Therefore, the claim in the suit that Apple actively prevented the playback of music acquired from non-iTunes sources is completely ridiculous. Should all companies be required to license all DRM formats? I’m surprised this suit has been going on for ten years, and that it has not yet been dismissed.

Quicken 2015: Close, But Not Yet Acceptable

Glenn Fleishman:

Quicken 2015 isn’t awful. That’s great praise given how bad Quicken Essentials was and Intuit’s long-running inability to update its flagship financial software for a platform of customers who desperately wanted a new version. At $74.99, Quicken 2015 is also not cheap, but given the small amount I’ve paid for minor updates to 2007 over the years, I was willing to plop my money down.

But for my purposes, Quicken 2015 still isn’t fully baked.

I’ve never liked Quicken, so I’ve also tried most of the alternatives. The only one I was happy with was MoneyWell, though I completely ignore the way it wants me to handle budgeting. Unfortunately, MoneyWell now needs a new home.

Recovering From a Failed Drive With Apple’s Software RAID

Wolf Rentzsch:

Disk Utility is happy to assist you a creating a new RAID, but if you try to do that with an existing slice I can speak from experience it will make good on its threat to delete all existing data before creating recreating the RAID. Which kinda misses the point of rebuilding the RAID from the slice that’s still standing.

No way, Disk Utility will let me create a RAID Mirror, but can’t actually rebuild it?

Way.

Sigh, OK, so what app do I use to rebuild? This “RAID Utility.app” looks promising.

Sorry. RAID Utility.app, available on OS X Server only, is for Apple’s hardware RAID.

As a software RAID pauper, you don’t get an app.

You’re about to tell me I need to drop down to the Unix layer, aren’t you?

Sadly, yes.

Running the Run Loop Until a Predicate Succeeds

Nicolas Bouilleaud:

By observing kCFRunLoopBeforeWaiting, we can test for completion on every loop of the RunLoop. Before sleeping (i.e. waiting for an event), the RunLoop has called everything there was to call. That’s the right time to test for completion. This variant also solves the “active polling” scenarios: if the polling_ flag is set, the RunLoop actually never sleeps and run continuously; fulfilled_ is checked on every pass. And of course, contrary to most implementations, including my own, there’s no “minimal delay”, and no additional code to handle the loop or the timeout. That should do the trick.

I’ve seen lots of implementations of this idea. I’m not sure what the Right Way is, but this seems like a good one. It uses CFRunLoopObserver.