Archive for March 10, 2015

Tuesday, March 10, 2015 [Tweets] [Favorites]

Switching to Smaller iPhones

Kirk McElhearn (iPhone 6 to iPhone 5s):

I used the iPhone 6 for a week; I went back to the iPhone 5s on Friday, to see if I really liked it better. And I did. This may be because of its familiarity; it’s a comfortable size. I can hold it comfortably in one hand, and do most of what I need with just one hand. The iPhone 6, however, felt alien, as though it was just not the right size for my hand. Granted, iPhones have always been smaller (I don’t consider the taller display of the iPhone 5 and 5s to be that different from previous models), so the iPhone 6 was very new. But it just wasn’t right for me.

I’ve always bought unlocked iPhones, and I’ve bought them from Apple, so I have the option of returning them within 14 days. I appreciate Apple’s return policy that allows me to try out a new device. I’ve never returned any Apple products for this reason before; I’ve exchanged defective Macs, but never sent back something I simply didn’t like.

Chris Mills (iPhone 6 to iPhone 5s)

For the first two months, everything seemed perfect. Texting from my desktop seemed magical, HealthKit was kinda handy, and it hadn’t even bent. But heading abroad, I needed an unlocked phone, so grabbed my poor, forgotten 5S out of a drawer and took it adventuring. Over the course of a couple days, I realized something: in every different way that matters to me, the iPhone 5S is a better phone.

[…]

As it turns out, the thing that most clearly sets the two devices apart—the size and design—is what I find to be the most annoying on the 6. I have small (but not ridiculously tiny) hands, and I basically live in perpetual fear of dropping it. That prompted me to spend even more money on Apple’s own leather case, and that improved things a little, but it’s still nowhere near as comfortable to hold as the 5S. The idea that big phones are ergonomically worse is far from new—heck, Apple made ads to that effect back when they launched the 5—but it bears repeating just how annoying it can be.

Fred McCann (iPhone 6 to iPhone 5s):

After my reluctance and experience moving to the larger sized iPhone 5, I was much less apprehensive about the 6. Certainly Apple knew what they were doing. I knew there would be an adjustment period, but I was so confident that this would not be an issue that I gave away my iPhone 5 a few days after getting the 6.

I was wrong.

Seth Clifford (iPhone 6 Plus to iPhone 6):

In addition to its unique physical characteristics, based on my personal findings and the feedback of other Plus users, I’ve come to believe that the device is severely affected by its RAM allocation. My theory is that while it has the same amount of memory that the iPhone 6 has, the extra large screen and constant scaling the device does to manage the display put it at a serious disadvantage. I noticed apps constantly relaunching, Safari tabs being flushed extremely quickly, and states across actions and apps not being preserved the way I’d expect. In day-to-day use it gets annoying, but it’s not crippling. That said, for a device I use dozens of times a day, it becomes a pretty glaring negative. The few OS updates that have arrived since it launched have helped a little it seems, but not enough to be unnoticeable. Additionally, this impacts other aspects of use, as an app like Pebble will get flushed from memory more frequently, preventing the watch from working correctly. Any external hardware that requires an app connection to be held in memory for consistent functionality passed between devices is probably eligible for this kind of problem.

Manton Reece:

I’m still using the iPhone 5C and think the design is nearly perfect. I wish I had the iPhone 6’s camera, but I’m not upgrading phones until Apple ships a “6C” next year with a 4-inch screen.

I’m still liking my iPhone 5s and hoping there will be a new 4-inch model this fall. If there is, I’ll upgrade in a heartbeat. If not, I’ll probably keep using the 5s.

Update (2015-03-10): Anthony C:

I love my 6, but still think my 5s is the best phone ever.

Andrew Abernathy:

See, I’m not the only one who prefers the iPhone 5 over the 6. I’ll keep hoping for a smaller iPhone in the future.

(I flat out prefer the iPhone 5 design, too, in addition to preferring the smaller size. Beautiful and comfortable.)

Gus Mueller:

You can add me to the list.

Jim Correia:

I really miss the 5 form factor for most use cases, but I can type much better on a 6.

Matthew Drayton:

I prefer the 6 Plus over previous models but I’m sure I’m in the minority. I’ve got large hands and can use it one-handed.

Update (2015-03-11): I have medium sized hands. I use the iPhone 5s without a case and have never come close to dropping it. I find the 5s and 4S much less slippery than the 6 and the 3GS. My wife got her first iPhone in December and reluctantly chose the 5s because she found it easier to hold than the 6.

Jeff Hunsberger, from February (iPhone 6 to iPhone 5s):

The iPhone 6 screen always felt a bit like it wasn’t made for my hands like the iPhone 5S was. The iPhone 4 and 4S were tiny and I could easily reach any area of the screen. My resistance to the iPhone 5 gave way to the fact that I could still reach the top left corner while holding my phone in the right hand. The iPhone 6 requires you to shift the phone in your hand, balance it on your fingertips and then stretch across to hit the top left of the screen one-handed. The whole time you are courting disaster.

Using cp to Copy a Lot of Files

Rasmus Borup Hansen (via Hacker News):

Having almost used up the capacity we decided to order another storage enclosure, copy the files from the old one to the new one, and then get the old one into a trustworthy state and use it to extend the total capacity. Normally I’d have copied/moved the files at block-level (eg. using dd or pvmove), but suspecting bad blocks, I went for a file-level copy because then I’d know which files contained the bad blocks. I browsed the net for other peoples’ experience with copying many files and quickly decided that cp would do the job nicely. Knowing that preserving the hardlinks would require bookkeeping of which files have already been copied I also ordered 8 GB more RAM for the server and configured more swap space.

[…]

After some days of copying the first real surprise came: I noticed that the copying had stopped, and cp did not make any system calls at all according to strace. Reading the source code revealed that cp keeps track of which files have been copied in a hash table that now and then has to be resized to avoid too many collisions. When the RAM has been used up, this becomes a slow operation.

Trusting that resizing the hash table would eventually finish, the cp command was allowed to continue, and after a while it started copying again. It stopped again and resized the hash table a couple of times, each taking more and more time. Finally, after 10 days of copying and hash table resizing, the new file system used as many blocks and inodes as the old one according to df, but to my surprise the cp command didn’t exit. Looking at the source again, I found that cp disassembles its hash table data structures nicely after copying (the forget_all call). Since the virtual size of the cp process was now more than 17 GB and the server only had 10 GB of RAM, it did a lot of swapping.

As far as I know, the Mac version of cp does not preserve hard links.

Mac Java’s New Ask.com Toolbar

Jared Newman:

Java’s shady bundled adware is no longer a Windows exclusive, as Oracle has started sneaking the Ask.com toolbar into the Mac version.

Similar to the Windows version, Java for OS X now attempts to install the Ask toolbar during the setup process, and also tries to set Ask.com as the default browser homepage. ZDNet’s Ed Bott first reported on the adware, noting that Oracle added it to Mac installations sometime over the last month.

To avoid the adware entirely, users must hit “Cancel” when the “Install the Search App by Ask” prompt appears. This is counter-intuitive, because all other steps of the setup process require users to click “Next” to advance. In this case, clicking “Next” installs the toolbar, even when the “Set Ask.com as my browser homepage” box is unchecked.

Rich Trouton:

However, Oracle apparently anticipated that MacJREInstaller may need to be run on a logged-out Mac, as they added a -silent function flag to MacJREInstaller. To invoke this installation method, run the following command with root privileges:

/path/to/Java_install_application.app/Contents/MacOS/MacJREInstaller --silent

This installation mode does not attempt to download the Sponsors.framework.tar file and does not install the Ask.com browser settings and toolbar.

The Java runtime is needed for popular applications like Minecraft and Photoshop. I use CrashPlan, which includes its own Java runtime, as well as Apple’s Java-based tools for submitting to the Mac App Store.

Update (2015-03-11): At reader Bill Cheeseman’s suggestion, I tried running Oracle’s Java installer, with different results than Newman’s:

So the situation doesn’t seem as bad as I first thought.

The Disconnect Between Publishers and Consumers

Matt Henderson:

As a consumer, I want to read quality content and I want to do it conveniently. Feed readers like Reeder aggregate all the content I’m interested in into a single place, and presents that content uniformly, making my consumption experience efficient and consistent.

But I can sympathize with Seth. Owning one myself, I know that businesses have to earn revenue to sustain themselves, and with online publications, it’s obviously a huge challenge. But in my opinion, trying to kill through technical means the convenience users have become accustomed to is comparable to the music industry’s attempts to stop downloading.

OmniFocus 2.1

OmniFocus 2.1 makes essentially no progress on the data density regressions from version 1.x. Everything still takes up a lot more space. The window can now be slightly narrower, but the minimum sidebar width is still about twice the width of my longest context name. The font is still fixed, fuzzy, and (often) gray. Other regressions from 1.x—such as unreliable date-tabbing and not being able to drag and drop onto contexts in the main part of the window—remain in 2.1 as well.

Update (2015-03-20): Ken Case:

On February 19, 2015, we shipped OmniFocus 2.1—the first of several planned OmniFocus releases in 2015. It features a new look and new features for OS X Yosemite, as well as a few bug fixes. The file format and syncing remain compatible with all previous versions of OmniFocus, on Mac and iOS.

[…]

As I noted in January, we’re still planning on adding features to OmniFocus that will make it sync more responsively, to be easier to scan visually, and to be more efficient to use. This release is an important first step on that path!

FREAK

Microsoft Security Bulletin MS15-031:

This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected.

Apple Security Update 2015-002:

Secure Transport accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys.

Reader François Joseph notes that Apple has not made this fix available to users of the pre-release Mac OS X 10.10.3. However, he successfully applied the 10.10.2 package using Pacifist with seemingly no ill effects.

Update (2015-03-10): Lee Hutchinson:

First publicized a week ago, the “FREAK” vulnerability can be used by an attacker to force someone’s SSL/TLS connection to a Web server to use a weak 512-bit key, which the attacker can then factor with a relatively trivial amount of work and thereby decrypt and/or modify the supposedly secure connection. The vulnerability affects OS X, iOS, Android, and Windows devices. The acronym “FREAK” stands for “Factoring attack on RSA-EXPORT Keys,” which references the fact that the 512-bit weak keys are so-called legacy “export-grade” keys mandated for use in the 1990s with cryptographic hardware and software built in the US but intended for sale outside of the country.

The CIA’s Xcode

Jeremy Scahill and Josh Begley (via Asem H.):

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool.

[…]

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

Recall Ken Thompson’s Reflections on Trusting Trust.

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”

Nat! was wondering about this possibility last year.

Eamon Javers:

A U.S. intelligence official told CNBC Tuesday that American spies need to develop ways to get covert access to mobile devices.

“That’s what we do,” the official said. “CIA collects information overseas, and this is focused on our adversaries, whether they be terrorists or other adversaries.”

Xcode project manager Tim Triemstra is not happy (via Frederic Jacobs).

John Gruber:

To be clear, there is no indication in this report that this hacked version of Xcode has been used in the wild. To be useful, they’d somehow have to get developers to use their modified Xcode toolset instead of Apple’s, or, to somehow infect Apple’s Xcode code base with their modifications. (Imagine a CIA or NSA agent, a trained computer scientist, who joins Apple’s Xcode compiler team under false pretenses.)

Craig Hockenberry:

The article refers to “Xcode” generically, but as we all know, there are a lot of pieces to this puzzle: I’m going to examine a few of them below. It’s your job to think about how these things might affect your own products.

Update (2015-03-10): K.M. Gallagher notes that the Mac App Store downloads Xcode using plain, insecure HTTP. Presumably it verifies that the installer package is signed by Apple, though. If you download Xcode manually, Apple’s site uses HTTPS. You then end up with a disk image containing a Gatekeeper-signed application. However, Gatekeeper only checks that the application is signed by a registered Mac developer; it doesn’t check that it was signed by Apple.

Brent Simmons:

But today I heard: “It’s not NSApplication — it’s NSA-pplication!”