Archive for July 5, 2022

Tuesday, July 5, 2022 [Tweets] [Favorites]

M2 Mac Thermal Concerns

Vadim Yuryev (video):

We discovered SEVERE thermal throttling with Apple’s new M2 MacBook Pro, proving that it needs a BETTER cooling system with two fans instead of one. We exported 8K Canon RAW and saw temps hit 108°C, more than we’ve ever seen on a Mac, even an Intel Mac.

[…]

The fan was maxed out at 7200RPM the ENTIRE time, so there was nothing the MacBook Pro could do to cool itself down except for HEAVILY throttle down the M2 chip. This led to much worse performance than the M1 Pro chip, which didn’t have to max out its fans.

Via Marco Arment:

This is concerning if it’s not a fluke.

It suggests that M2 thermal load is higher than M1 by enough to warrant different cooling needs (and different buying decisions) if your workload heavily stresses the GPU.

Curious about the Air. 30W seems like too much to passively cool.

Previously:

Update (2022-07-06): See also: Hacker News.

Gary and Hardware Unboxed have not been able to reproduce the problem.

Update (2022-07-10): See also: Accidental Tech Podcast.

Update (2022-08-29): Snazzy Labs:

The M2 MacBook Air launched to a lot of dramatic hullabaloo—reports of thermal throttling and a slow SSD were just a few of the controversies that befell the redesigned fan-favorite. We’ve found some of the complaints to be credible, many to be false, and generally find ourselves in love with this little machine.

The Power of SwiftUI “task” View Modifier

Majid Jabrayilov:

The task view modifier starts the unstructured async task and binds it to the view lifecycle. SwiftUI automatically cancels ongoing tasks whenever the view disappears by propagating cooperative cancellation.

[…]

Another variant of the task view modifier allows us to observe equitable data and run the async task whenever the data changes. The task lifecycle is still bound to the view lifecycle, but SwiftUI also cancels the ongoing job whenever data changes and creates a new one for the latest data.

[…]

Usually, we want to debounce requests to our servers and make them after a slight pause. We can quickly achieve this effect by leveraging the power of the cooperative cancellation and data observing capabilities of the task view modifier.

PACMAN Attack on M1 Processor

Carly Page (Hacker News, paper):

The attack, appropriately called “Pacman,” works by “guessing” a pointer authentication code (PAC), a cryptographic signature that confirms that an app hasn’t been maliciously altered. This is done using speculative execution — a technique used by modern computer processors to speed up performance by speculatively guessing various lines of computation — to leak PAC verification results, while a hardware side-channel reveals whether or not the guess was correct.

What’s more, since there are only so many possible values for the PAC, the researchers found that it’s possible to try them all to find the right one.

[…]

The researchers — which presented their findings to Apple — noted that the Pacman attack isn’t a “magic bypass” for all security on the M1 chip, and can only take an existing bug that pointer authentication protects against.

Samuel K. Moore:

Other researchers familiar with PACMAN say that how dangerous it really is remains to be seen. However, PACMAN “increases the number of things we have to worry about when designing new security solutions,” says Nael Abu-Ghazaleh, chair of computer engineering at University of California, Riverside, and an expert in architecture security, including speculative execution attacks. Processors makers have been adding new security solutions to their designs besides pointer authentication in recent years. He suspects that now that PACMAN has been revealed, other research will begin to find speculative attacks against these new solutions.

Yan’s group explored some naive solutions to PACMAN, but they tended to increase the processor’s overall vulnerability.

[…]

“People used to think software attacks were standalone and separate from hardware attacks,” says Yan. “We are trying to look at the intersection between the two threat models. Many other mitigation mechanisms exist that are not well studied under this new compounding threat model, so we consider the PACMAN attack as a starting point.”

Joseph Ravichandran:

Our goal is to demonstrate that we can learn the PAC for a kernel pointer from userspace. Just demonstrating that this is even possible is a big step in understanding of how mitigations like pointer authentication can be thought of in the spectre era.

We do not aim to be a zero day, but instead aim to be a way of thinking about attacks/ an attack methodology.

The timer used in the attack does not require a kext (we just use the kext for doing reverse engineering) but the attack itself never uses the kext timer. All of the attack logic lives in userspace.

Provided the attacker finds a suitable PACMAN Gadget in the kernel (and the requisite memory corruption bug), they can conduct our entire attack from userspace with our multithread timer. You are correct that the PACMAN Gadget we demonstrate in the paper does live in a kext we created, however, we believe PACMAN Gadgets are readily available for a determined attacker (our static analysis tool found 55,159 potential spots that could be turned into PACMAN Gadgets inside the 12.2.1 kernel).

BrooksT:

The design flaw is in the ARM v8.3 architecture, and it just happens that the M1 is the only commercial chip on that architecture at this time. When other v8.3 systems ship, they’ll have the same flaw.

Previously:

Pruning iOS “System Data”

frownface84:

Phone had about 6gb of free space yesterday and was out of space when I woke up this morning. What’s this 10gb worth of system data?

AwsomeOHdog:

Why would “System Data” be using almost 40 GB of storage?

Mizikame (via Meek Geek):

Erase the device via Settings > General > Transfer or Reset iPhone > Erase All Content and Settings

Go through Setup Activation Assistant > Setup Manually > Get to Apps & Data Screen > Choose Restore From iCloud Backup

[…]

Do NOT backup to a computer or IT WILL restore the same GB allotment amount of the unnecessary System/Other Data before erasing the device and that will defeat the purpose of the fix

A classic Apple situation: remove the ability to directly access files to make things simpler and more foolproof, but then if something goes wrong the only tool you have is nuking it from orbit.

Simone Manganelli:

So annoyed that “System Data” is still a thing on iOS. Give me the goddamn ability to delete all the dumb log and cache files taking up 6 fucking GB of data!!

Changed the photos that sync to my iPad from a year back to just three months back.

Disk space taken by photos stayed constant at ~5.3 GB. “System Data” dropped from 6.6 GB to 2.9 GB. 🙄🙄🙄

Previously:

Update (2022-07-06): Matt Sephton:

I do this Restore from iCloud dance every few months. I’m only 10% free on a 64GB phone which makes things worse. I need to call my bank after I do it, which is the main hassle.

Apple Maps Location Scan Slows Down Wi-Fi

Ben Kuhn:

I just did another round of “what’s making my Zoom calls stutter every 60s” and this time the culprit was… APPLE #!*$ING MAPS. That’s right, Macs now come preloaded with software to ruin wifi latency :(

You can fix by revoking Maps’ location access in Preferences[…]

This time, Maps was requesting a location scan every 60s, which triggered a wifi network scan, which, as previously discussed, tanks your latency for a few seconds.

Adam Engst:

Complaints about website loading have been trickling in of late, and while the details vary, the commonality has been that the problems started with macOS 12.4 Monterey. Sometimes the problem was just with Safari; other times, it affected Chrome and other browsers too. In some cases, the entire page would refuse to load; in others, only portions of the page would fail.

The solution to the problems I’ve seen so far is simple: in System Preferences > Network, turn off Limit IP Address Tracking for each network adapter you use (Ethernet and Wi-Fi below—they look surprisingly different).

Previously: