An update by Ars Technica on Cellebrite’s ability to access the content on otherwise secured iOS devices:
Cellebrite is not revealing the nature of the Advanced Unlocking Services’ approach. However, it is likely software based, according to Dan Guido, CEO of the security firm Trail of Bits. Guido told Ars that he had heard Cellebrite’s attack method may be blocked by an upcoming iOS update, 11.3.
“That leads me to believe [Cellebrite] have a power/timing attack that lets them bypass arbitrary delays and avoid device lockouts,” Guido wrote in a message to Ars. “That method would rely on specific characteristics of the software, which explains how Apple could patch what appears to be a hardware issue.”
Regardless of the approach, Cellebrite’s method almost certainly is dependent on a brute-force attack to discover the PIN. And the easiest way to protect against that is to use a longer, alphanumeric password—something Apple has been attempting to encourage with TouchID and FaceID, since the biometric security methods reduce the number of times an iPhone owner has to enter a password.
This once again confirms the importance of establishing strong, long, passwords for iOS devices. Sure they’re less convenient but they provide measurably better security.
The Israeli firm, a subsidiary of Japan’s Sun Corporation, hasn’t made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren’t authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company’s literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of “Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11.” Separately, a source in the police forensics community told Forbes he’d been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple’s newest devices worked in much the same way.
If Cellebrite has, indeed, found a way of compromising all iOS devices then they’ve accomplished a pretty impressive task. I have to wonder whether the vulnerabilities emerged from studying the iBoot leak or their own software or hardware research. Assuming Cellebrite’s claims are legitimate they serve to underscore the position that government’s shouldn’t introduce backdoors or vulnerabilities into devices given that doing so will only exacerbate the existing problems associated with securing devices. Security is designed to add friction, not totally prevent an unauthorized party’s actions, and deliberately reducing such friction will put all users at greater jeopardy.
I’ve been putting a lot of thought into how to structure my life, not just on a day to day basis, but with the intent of accomplishing something meaningful this year. Some of that relates to personal projects I want to pull off.1 But perhaps the most important thing I want to do this year is develop a really boring habit.
Mike Vardy wrote about his intent improve his personal fitness this year. His description of past attempts to become fit and how that differs from his current behaviours resonated with me. He wrote:
When I was trying to achieve a “body for life” before, I was single and doing it mainly to improve my physique for any potential ladies that I may wind up dating. I wasn’t really doing it for myself.
In contrast, this time he’s doing:
it for myself — and my family. My wife deserves to have a husband who’s in decent shape, and my kids deserve to have a father who can keep up with them. When my youngest turns thirteen, I’ll be fifty. I want to be able to roughhouse with him at that age and not feel it for weeks afterward. I’d also like to give myself the best shot at seeing my kids’ grandkids. Without exercise and proper diet, that just ain’t going to happen
In the past I tried to become more fit by taking it to the extreme. I also felt I had to hide what I was doing to avoid recriminations from family and people I lived with. I exercised when no one was around, or up, and hid the fact I was going on long challenging walks to avoid all kinds of hurtful commentary: getting fit was something that people were bemused about, at best, and openly mocked, at worst. I don’t have that kind of negative energy around me now and, instead, I have the support of people I love.2
I don’t know that my motives are quite the same as Mike: I’m not a father, and don’t intend to become one, nor am I doing this because I think someone else deserves my body in one format or another. No, I’m doing this purely because I would like to be in a situation where I can just say ‘sure, let’s climb that mountain’ and get going. I want to be able to hop on a bike and cycle across one of Canada’s smaller provinces because it would be neat to take that ride. And, more importantly, I want to get in the habit that regular active exercise is just so routine that it’s a normal, established, and boring part of my life.
Tim Cook was asked in the Apple earning call that took place in February about the company had considered whether, and if so how, their battery replacement program might affect replacement rates. The implied comment was the replacements might reduce the likelihood that consumers would upgrade to the new versions of devices, on grounds that some upgrades had historically taken place because people bought new phones as a result of their old ones slowing down or their batteries not providing adequate charge to get through a day. Cook responded that Apple:
did not consider in any way, shape, or form what it would do to upgrade rates. We did it because we thought it was the right thing to do for our customers. I don’t know what effect it will have for our customers. It was not in our thought process of deciding to do what we’ve done.
This is a great answer. Though I do suspect that the battery replacement program will delay some upgrades, I don’t know that such a delay would be inherently bad for the company. Jason Snell wrote that the iPhone 8 — not the X — was a really amazing phone for most people because they tended to be coming from devices that were release two or more years ago. As a result, people that were coming from iPhone 6, 6s, and 5s devices didn’t just get the updates of the iPhone 8 but also all the updates that came to the iPhone 7 and, in some cases, iPhone 6s.
In effect, people who waited three or more years to update ended up being wowed by all of the features in the new iPhone. These are everyday users who really do use words like ‘magic’ and literally utter ‘wow’ when things happen. They laugh with joy when Siri just does something right, or they have calendar items automatically added from their mail. These are the everyday consumers that Apple is making its money from.
These normal users are the ones that are going to be blown away whenever they do an upgrade, and are going to be especially appreciative of all the incremental updates that take place in the extra year they might delay an upgrade. They’re going to talk to their friends and family and co-workers. They might also talk about how the battery situation sucked while, simultaneously, mentioning how no other company offers a similar replacement program. Probably the only equivalent they’ll be able to think of was Samsung’s global recall of devices that were literally exploding in people’s hands.
Quotation of the Week
“By retreating into ourselves, it looks as if we are the enemies of others, but our solitary moments are in reality a homage to the richness of social existence. Unless we’ve had time alone, we can’t be who we would like to be around our fellow humans. We won’t have original opinions. We won’t have lively and authentic perspectives. We’ll be – in the wrong way – a bit like everyone else.”
I’ll update as I’m successful on those projects, instead of indicating what they are then failing to deliver. ↩
It also helps that my father died of a heart attack last year; getting fit isn’t just aimless or directionless, but it’s to reduce the likelihood of a similar event befalling me. ↩
Matt Green has a good writeup of the confusion associated with Apple’s decision to relocate Chinese users’ data to data centres in China. He notes:
Unfortunately, the problem with Apple’s disclosure of its China’s news is, well, really just a version of the same problem that’s existed with Apple’s entire approach to iCloud.
Where Apple provides overwhelming detail about their best security systems (file encryption, iOS, iMessage), they provide distressingly little technical detail about the weaker links like iCloud encryption. We know that Apple can access and even hand over iCloud backups to law enforcement. But what about Apple’s partners? What about keychain data? How is this information protected? Who knows.
This vague approach to security might make it easier for Apple to brush off the security impact of changes like the recent China news (“look, no backdoors!”) But it also confuses the picture, and calls into doubt any future technical security improvements that Apple might be planning to make in the future. For example, this article from 2016 claims that Apple is planning stronger overall encryption for iCloud. Are those plans scrapped? And if not, will those plans fly in the new Chinese version of iCloud? Will there be two technically different versions of iCloud? Who even knows?
And at the end of the day, if Apple can’t trust us enough to explain how their systems work, then maybe we shouldn’t trust them either.
Apple is regarded as providing incredibly secure devices to the public. But as more and more of the data on Apple devices is offloaded to Apple-controlled Cloud services it’s imperative that the company both explain how it is securing data and, moreover, the specific situations under which it can disclose data it is stewarding for its users.
I was excited about the idea of the Apple HomePod but the more I learn about it, the less it seems to make sense for my home. I only use one set of speakers — connected to my TV — for the Apple TV as well as Playstation 4.1 But it seems like I can’t hook my TV proper to the HomePod? And if that’s the case, then I’d just have another speaker in my house not doing anything particularly novel or special.
OK, and a crappy Bluetooth speaker in the bathroom for podcasts while showering. ↩
iOS is still incredibly janky. Since updating to iOS 11 I’ve had to periodically do full device resets in order to stop podcasts from trying (and failing) to download in perpetuity; there’s no other was I’ve found to stop the process and, if I don’t, the battery drain rate is approximately 10-15% per hour, when the device is just sitting idle. And on a device that only has wireless service (no mobile data connection) I have to turn the wireless radios on and off about once per week to get Siri to actually take requests. Without a doubt this version of iOS is the worst I’ve ever had to muddle through…
The constraint on the Move goal is my rest days. I don’t do yoga on Tuesdays or Thursdays. Instead, I cook, usually in big enough portions that I can use the leftovers for lunch the next day. The relevant thing here is that cooking takes time; I can’t work out and cook at the same time. Without rest days, I hardly cook at all, which means I spend more money on takeout, which is generally worse for me than the foods I prepare myself.
The Apple Watch doesn’t care about any of this. Rest days are the limiting factor on my ability to hit my Move goal — while I easily hit 700 calories by the Watch’s measure on my workout days, I move a lot less when I take time off from working out. But rest days are crucial for exercise: they let your body recover. Without recovery, you don’t get the strength you’re trying to build, and you place yourself at risk for overuse injuries.
At times I remind myself of what Blahnik said: this is a minimum. You’re supposed to beat it. This reminder makes me feel worse, not better. I stop letting the Watch set my Move goal. It is too unkind to me.
The Move goal is adjustable — I can lower it at any time — but there’s no way to program the Watch to consistently honor my rest days. I just have to manually lower the goal for that day, and then raise it for the next one. Unfortunately, this requires too much of my attention. I have actual things to do that are more important than manually telling my fitness app to let me rest, so mostly I forget to do it until it’s too late. Even when I remember, I wind up with a different problem: I forget to reset the Watch to a higher Move goal the next day. I spent one week being psyched that I hit my goal only to discover that I had only hit the lowered goal.
In my case, it drives me nuts that if I’m sick for a few days that my fitness streaks go to hell. Or if I’m travelling, and I can’t move as much as normal because I’m stuck in a flying coffin for 6-16 hours I get penalized. It’s a serious failing of the current iterations of the software though, also, a failing that Apple or other companies could correct if they just invested the time and energy. Maybe they could talk to real or normal users of their technologies?
Despite my iPad showing that I’m using its built-in speakers, the top right bar indicates that I’m attached to my BeatsX headphones. And music is, in fact, being played through the headphones. But no matter what I do – connect, disconnect, turn off and on Bluetooth, etc -I can’t get this panel to recognize I’m connected to my headphones.
Apple design: it’s often great if Apple has recently given a damn about the area you’re dealing with.
I’ve long planned a lot in my personal and professional life. I keep financial roundups so that I can see how I’m faring through and across years, periodic emotional evaluations, and live by my weekly and quarterly professional schedules.1 But what I’m doing is only kinda-working. So I’ve been casting about for a new process to not just hold myself to account but to hold myself to better set goals and accomplish my tasks at hand.
I’m considering adopting shortened planning periods (e.g. 10 week planning cycles, with a 2 week ‘buffer’ for recollection, learning, evaluation, and next-cycle planning) and will likely experiment with this approach to professional goal setting and project completion. But I also want to get better at reflecting on my annual themes and goals. To that end, I was interested in what Michael Karnjanaprakorn (of Skillshare) wrote about planning his ‘ideal’ year.
Specifically I was interested in how he reviews his monthly and weekly goals. In writing about monthly goals, at the end of each month he evaluates:
From 0–10, how do you feel you are doing?
What were the highlights and lowlights?
What were the biggest lessons learned?
Review your goals and assess your progress. Did you spend your time on the right things? If not how will you improve next month?
Write down goals for the upcoming month.
I’ve been really bad at reviewing my monthly (and quarterly) goals but that’s a result of why I’ve historically set and logged professional goals: I’m just really bad at remembering all that I’ve done in any given year, and so fall into deep funks if I can’t periodically go through the past year and realized ‘oh, hey! I’m actually doing a hella lot of work, and am advancing both my own projects and those of colleagues and partners!’ After years of doing this kind of goal-tracking I want to get better at longer-term tracking that is less done for just mental health reasons and more for organizational accountability reasons.
So, to try and get better at reviewing longer-term goals I want to try something like what Michael has outlined. But, at the same time, I want to figure out a way of nicely presenting this information a glanceable digital format; all of my weekly tracking is on paper and so it’s not particularly conducive to understanding longer-term trends that exceed a month or two.
With regards to weekly updates, Michael evaluates progress on monthly and weekly goals. Specifically:
Review annual & monthly goals
Review last week’s progress
Review habits
Plan weekly priorities (3 personal & 3 work)
I’ve been good at reviewing my last week’s progress and thinking about weekly priorities but less good at either thinking about habits or how activities really advance my longer-term goals. So I want to adopt some of these kinds of reviews as well.
But the area that I most need to focus on surrounds setting longer-term personal life goals. I’m pretty good at professional goal setting: I’ve been setting and hitting the big ticket items over the past decade or so. But I don’t have really good visions for what I want to happen in my personal life.2
To this end, I’ve adopted a series of personal goals this year that aren’t just about reforming habits but are more focused towards longer-term aspirations. I’m going to be curious as to how those really work out but, to be honest, I just want to try and envision what my non-technical personal goals might be.3 If I can spend a year thinking through what I want to do with my personal life over the next 5, 10, and 20 years, and have some discrete strong ideas, then I’ll really be happy regardless of how well I accomplish the more technical personal goals I’ve set for myself this year.
Companies are doing everything they can to ensure that you own a speaker and/or microphone device that is hooked into their virtual assistant. Microsoft is trying to do it with Cortana. Google with, well, Google. Amazon with Alexa. And Apple with Siri.
For a long time it’s seemed like the assistant that comes with your chosen smartphone would act as the pathway into any given virtual assistant. While some might have multiple assistants on the same device — by way of installing the assistant in a separate application — it was unlikely that the secondary assistants would ‘take over’ your daily operations. And given the failure of Amazon’s Fire Phone, Amazon was likely out of the running for establishing the most dominant assistant in the United States.
But then along came Amazon’s smart speakers and the landscape of smart speakers and Alexa in the continental United States has changed dramatically. As noted by M.G. Siegler:
Amazon is winning this battle because they’re putting Alexa everywhere. Some of this is thanks to third-parties, but a larger part is the strategy to sell devices such as the Echo Dot for $29. At such prices, it’s not only a no-brainer to get one to at least try out — it’s a no-brainer to get a few of them to place all around your house. If this is the winning strategy — which I believe it to be — Apple cannot compete with this because it’s not in Apple’s DNA to run this type of playbook.
I think that one the one hand Siegler is very correct: Amazon is fast becoming a dominant player in the United States. But there are a few limitations to his (admittedly brief) analysis:
Amazon’s Alexa, by being as cheap as it is, lacks the prestige of Apple’s brand and, by extension, Siri’s exclusivity;
Apple’s ‘moat’ which is created around their infrastructure by only letting Siri be the default virtual assistant means that a lot of non-price conscious users will keep waiting and using Apple products;
Alexa is a very United States-focused product; the speakers are cheap by not essential to conducting daily life or business. Contrast with smartphones which are requirements for daily life in many areas of the world; this means that even as Alexa floods the U.S. market the emerging economic regions of the world will continue to adopt Android (i.e. Google) and, to a far lesser extent, Cortana and Siri.
While the ‘threat’ to Apple of Alexa’s spread-by-speaker is linked to people buying them in droves I think that Amazon’s smart speakers are fundamentally poised to intrude into Google’s market and less Apple’s. Moreover, while people tend to only buy speakers once in a few years4 that tends to be the case because they’re expensive. So if people are only spending $100 or so on speakers…will that mean they’re disincentivized to buy ones that sound significantly better to play music? For consumers that purchase the HomePod they’re unlikely to replace the one or two they buy every few years, whereas if someone dropped $60 on Amazon speakers they might be tempted to just shift over to Google’s own (equivalently priced) offering or even to Apple’s or Sonos’ more expensive, and better sounding, premium offerings.
I think that the real threat to Apple or to Google will come as consumers purchase the more expensive and, by extension, better sounding, speakers. Those kinds of devices are unlikely to be replaced and will function as another kind of ‘moat’ that will contain consumers in a given virtual assistant ecosystem. Though it would be pretty amazing to see a world where people, when selling their phones second-hand, also end up selling their speaker sets alongside them to truly switch ecosystems…
Great Photography Shots
I’m absolutely loving some of the 100 best iPhone photos of 2017 which have been collated by iPhone Photography School. A few examples:
Ok, so I sometimes blow the quarterly schedules but I hold myself to account for why they get blown. ↩
To some extent my ‘success’ in planning long-term professional goals has been tightly linked to a historical failure to balance my work and life: my work entirely dominated everything I did and who I was. ↩
Technical goals being things like reduce student loan debt by X or learn Y new recipes. ↩
I’ve been using the same 2.1 speakers attached to my TV for over a decade at this point and not really tempted to replace a perfectly good set of speakers for something else that would be equally perfectly good. Except for maybe a pair of Apple HomePods… ↩
My less-busy times this week were spent writing out notes, cards, emails, and other correspondence to some of the most important people in my life. It’s been a challenging year; the world seems to be falling apart due to changes in American politics, deaths and illnesses by family and friends have been hard to take, and the tempo for high-quality professional work never really slows down. And so I took some time writing to the people I’ve most closely worked with, supported, or been supported by to thank them for just being present and active in my life.
I find writing these sorts of messages of thanks, encouragement, and praise challenging. They’re not the kind of thing that I have ever really received much of throughout my personal or professional life; it’s just not normal in my family to communicate our deep feelings for one another, and in academe the point is to move to the next project (and subject it to critique) instead of dwelling on past projects and receiving accolades for them. But as challenging as I find writing these messages they have a profound personal impact: by pulling together my thoughts and writing them down and sending them, I’m humbled by realizing just how blessed I am to be surrounded by the kind, funny, supporting, and amazing people in my life.
There used to be a time when a lot more holiday cards, notes, and messages were sent back and forth between people this time of year. And many people still send cards, but don’t take the time — five, ten, or even twenty minutes — to handwrite a real thought to whomever the recipient happens to be. But those are the cards and notes and emails that people carry with them for years, packing them carefully away as they move from one physical or digital home to another. They don’t cost a lot of money to produce, and in the case of email are almost entirely free, but they show that you’ve spent time thinking about a specific person. And that time, in and of itself, is indicative of someone’s importance in your life.
So before you go out and spend money on another present consider taking that time and, instead, writing a letter or note to whomever the recipient is. Chances are good that they’ll remember and treasure the message you left with them for longer than any material possession your might give them.
Some of the bigger news in the Apple world, this week, has focused on changes to how Apple treats older iPhones which are suffering battery degradation. While the majority of the reporting is focused on how iPhone 6 and 6s devices are experiencing slowdowns — which is the change Apple has imposed as of iOS version 11.2.0 — iPhone 7 devices are also exhibiting the slowdowns as they suffer battery degradation.
I’m of mixed minds on this. I see this as an effort by Apple to avoid having to replace batteries on older (but not THAT old) devices but in a sneaky way: the company’s lack of transparency means that it appears that Apple is trying to pull a fast one on consumers. This is especially the case for those consumers who’ve purchased Apple Care; if their devices are suffering known problems, then Apple should at the minimum be notifying owners to bring the devices in for servicing on a very proactive basis, and that doesn’t seem to have been the case.
So, on the one hand, this is Apple being sneaky.
But on the other it’s a semi-elegant engineering problem to resolve a hard-to-fix problem. We use our smartphones with such regularity and subject them (and, in particular, their batteries) to such exceptional abuse that degradation has to happen. And so I think that Apple stuffing processors into devices (at least in the current and last generation) that are excessive for daily use means the slowdowns are less problematic for most users. They might think that their devices are a bit slower but, generally, still be able to use them for about as long as they used to use them. And that length of use is what most people measure ‘battery life’ by so…maybe Apple is dealing with the problem the way users would actually prefer.
That Apple doesn’t change out batteries when they’re worn down, however, emphasizes that it’s a pretty good idea to resell your devices every year or so in order to get the best return for them as well as in order to enjoy the best performance from your iPhone. And I guess, as a byproduct, if you’re buying a second-hand iPhone you should definitely do a battery test before handing over your cash.
Inspiring Quotation
“Giving is about more than donating money. It’s about sharing your capabilities, content, and connections—and above all, giving others the chance to be heard, respected, and valued.”
Despite my iPad showing that I’m using its built-in speakers, the top right bar indicates that I’m attached to my BeatsX headphones. And music is, in fact, being played through the headphones. But no matter what I do – connect, disconnect, turn off and on Bluetooth, etc -I can’t get this panel to recognize I’m connected to my headphones.
Excited Pixels 