Google details how it protected services like Gmail from Spectre
Google says it already deployed anti-Spectre and Meltdown solutions to protect its products, and users didn’t even notice. The downside of the patches companies are rolling out to fix the CPU vulnerabilities is that they have the potential to slow down systems. For the big G, that means slowdown for huge services like Gmail, Google Drive and Search and its Cloud products. Mountain View had to gather hundreds of engineers working across the company to find a way to protect its products. After a few months, they found a solution for Meltdown and the first variant of Spectre (two of the three vulnerabilities), which they then started rolling out way back in September. Google says it didn’t get any complaint reporting performance degradation after it deployed the fix.
However, the second variant of Spectre proved a lot more problematic. Google’s engineers thought the only way to protect against it was to switch off the CPU features that made the chips vulnerable to attackers. Unfortunately, doing that slowed down applications considerably and caused inconsistent performance, so the tech titan had to look at unusual or “moonshot” solutions. It found the answer in Retpoline, a technique conjured up by Google Senior Staff Engineer Paul Turner, which “modifies programs to ensure that execution cannot be influenced by an attacker.”
Retpoline allowed Google to protect its services from the second variant of Spectre without having to modify source codes or to switch off hardware components. And by December, the company was done rolling our protections against all three variants. Google reiterates that it received no support tickets related to the updates, but then again, people might have attributed their complaints to other things if they didn’t know about the flaws.
Google considers this set of vulnerabilities the “most challenging and hardest to fix” it’s had to deal with in the past decade. That it was able to find solutions for them relatively quickly demonstrates just how powerful the company is. Thankfully, the tech titan isn’t keeping Retpoline a secret: it has shared its research with other tech companies in hopes that it “can be universally deployed to improve the cloud experience industry-wide.”
Via: TechCrunch
Source: Google
International User Accounts Swept Up in Chinese iCloud Data Migration
Apple’s announcement on Wednesday that its iCloud services in mainland China will be handed over to a Chinese company has already run into controversy, after it emerged that accounts registered overseas are being swept up in the migration.
Apple said yesterday that customers based in China had been contacted and advised to examine new terms and conditions, which include a clause that both Apple and the Chinese firm will have access to all data stored on iCloud servers, which will be transferred from February 28. Customers living in mainland China who did not want to use iCloud operated by GCBD had been given the option to terminate their account.
However, according to some users who spoke to TechCrunch, in the data to be handled by local partner Guizhou-Cloud Big Data (GCBD), Apple is including iCloud accounts that were opened in the U.S., are paid for using U.S. dollars, and/or are connected to U.S.-based App Store accounts.
STRANGE: my US Apple ID also got the China iCloud Transfer mail… pic.twitter.com/MZvjsbPiYL
— 王博源 Wang Boyuan (@thisboyuan) January 11, 2018
When asked for comment, Apple pointed to its terms and conditions site, which explains that it is migrating iCloud accounts based on the settings of the user’s device, not where an iCloud account is registered or billed to.
The operation of iCloud services associated with Apple IDs that have China in their country or region setting will be subject to this transition. You will be notified of this transition via email and notifications on your devices. You don’t need to take any further action and can keep using iCloud in China.
After February 28, 2018, you will need to agree to the terms and conditions of iCloud operated by GCBD to keep using iCloud in China.
As it stands, this could result in thousands of users temporarily living in China to study or work having their data migrated to servers under the control of GCBD, which is owned by the Guizhou provincial government in southern China.
The situation is said to have left many users feeling trapped into the migration, but one user has discovered an apparent opt-out. This involves switching an iCloud account back to China before signing out of all devices. The user then switches their iPhone and iCloud settings to the U.S., and after signing back into iCloud, their account should no longer be part of the migration.
“What will Apple do when the Chinese authorities request a backdoor to access data that is encrypted?” Charlie Smith, founder of censorship monitoring site Great Fire, told TechCrunch. “Will they continue to adhere to local laws and regulations and submit to the request? Or are they leaving this decision squarely in the hands of GCBD, their local partner?”
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Tags: China, iCloud
Discuss this article in our forums
Wu-Tang Clan Frontman RZA to Lead Music Lab Session at San Francisco Apple Store
Wu-Tang Clan lead member and acclaimed American rapper RZA will host a Music Lab session at Apple’s Union Square store in San Francisco later this month. First spotted by AppleInsider, the the free-to-attend session called “Developing Your Sound with RZA” will reveal a number of techniques the hip-hop artist uses to produce his music.
Attendees at the January 22 session will begin by brainstorming and sketching out ideas to create their music story and sound profile. Then they’ll get to grips with GarageBand for iPad Pro and ROLI Blocks, which will help them learn how RZA developed his trademark beats, which revolutionized hip-hop in the 1990s.
Sadly, the session at Union Square is all booked up, but anyone interested will have other opportunities to attend the same course with a video introduction by RZA. The sessions will be offered at all Apple stores as part of the company’s new “Today at Apple” retail program, which involves locations hosting community-building workshop events. Check the link for details on upcoming events in your area.
Tags: GarageBand, Today at Apple
Discuss this article in our forums
Apple’s Tim Cook and More Than 100 CEOs Urge Congress to Protect Dreamers
Apple’s Tim Cook on Wednesday joined over 100 other CEOs in urging the U.S. Congress to pass a bill to protect young immigrants before the Deferred Action for Childhood Arrivals (DACA) program expires. For those unfamiliar with the program, DACA gives about 800,000 illegal immigrants who entered the U.S. at age 16 or younger work permits and protection from deportation by two-year deferral. Many of those protected by DACA have been in the United States for most of their lives.
In an open letter to House and Senate leaders, the group called on lawmakers to introduce legislation supporting so-called Dreamers by Friday, which is the deadline for Congress to pass a bill for government funding to avert a shutdown. The DACA program actually expires on March 5, but the CEO signatories say the government needs time to implement a new program before that deadline.
“We write to urge Congress to act immediately and pass a permanent bipartisan legislative solution to enable Dreamers who are currently living, working, and contributing to our communities to continue doing so,” the letter reads. “The imminent termination of the DACA program is creating an impending crisis for workforces across the country.”
Facebook’s Mark Zuckerberg, Microsoft president Brad Smith, Amazon’s Jeff Bezos, and Verizon CEO Lowell McAdam were additional signatories of the letter, which cited a CATO Institute study that found ending the DACA program could cause a $215 billion decline in the gross domestic product.
“In addition to causing a tremendous upheaval in the lives of DACA employees, failure to act in time will lead to businesses losing valuable talent, cause disruptions in the workforce, and will result in significant costs,” the group wrote. “While delay or inaction will cause significant negative impact to businesses, hundreds of thousands of deserving young people across the country are counting on you to work in a bipartisan way to pass permanent legislative protection for Dreamers without further delay.”
Tim Cook has been consistent in his support for a legislative solution to protect those affected by the end of the DACA program. Following U.S. President Donald Trump’s September announcement that DACA would be phased out over six months, Cook sent an email to employees saying Apple would try to help Congress find a solution and would be working with impacted Apple employees to provide support, including access to immigration experts. Apple employs 250 “Dreamers”, Cook previously revealed in a tweet.
In December, Cook teamed up with Koch Industries CEO Charles Koch to write an opinion piece in The Washington Post about DACA, asking Congress to work quickly to come up with a solution before the end of the year. That never happened, and the government’s stance on the issue now appears to be mired in confusion.
On Tuesday, a federal judge in California issued a nationwide injunction ordering the Trump administration to maintain the DACA program on a nationwide basis while legal challenges to the president’s decision go forward.
In another development this week, concerns grew among hardliners after Trump met with lawmakers during a freewheeling televised session, in which he signaled he was open to compromise and seemed to express support for a number of legislative options to legalize Dreamers.
Indeed, the president appeared to suggest that the details of a legislative solution didn’t matter to him, telling congressional leaders that he would approve whatever they sent him. “I will be signing it,” Trump said towards the end of the meeting. “I’m not going to say, ‘Oh, gee, I want this or I want that.’ I’ll be signing it.”
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Discuss this article in our forums
Facebook is Testing a New City-Specific ‘Today’ Feed for Local News and Events
Facebook is currently testing a new section of its mobile app called “Today in…”, which serves up a feed of city-specific events, announcements, and local news, according to TechCrunch.
The company is kicking off the local hub with a small batch of test markets, including New Orleans, Louisiana; Olympia, Washington; Billings, Montana; Binghamton, New York; Peoria, Illinois; and Little Rock, Arkansas. Users in those markets can access the feature via the lower-right menu button, indicated by three horizontal lines in the main Facebook app.
The feed will be populated using a mixture of human-curated and algorithmically-plucked content, and is being spearheaded by Facebook’s Journalism Project, designed to support news literacy and to serve as a hub for journalists and publishers to learn and share. It also comes on the back of the company’s recently announced Journalism Project Initiative, which aims to build local news partnerships as one of its core goals.
This isn’t the first time Facebook has dabbled in promoting local content. Last year the social network giant introduced a separate Explore Feed that is said to use live location information occasionally to suggest posts, articles, photos, and videos from local sources a user hasn’t followed, but might be interested in.
In another attempt to establish links within local communities, Facebook recently expanded its e-commerce Marketplace service, which lets users advertize and check out region-based private and business listings for things like vehicles, properties, and household goods.
Tag: Facebook
Discuss this article in our forums
CES 2018: SYNC 3-Enabled Ford Vehicles Gaining Waze Support Through iOS AppLink
This week at CES, Ford provided new details about a partnership with navigation app Waze, which will bring Waze’s GPS directions onto the touch screen of SYNC 3 vehicles when connected via USB to an iPhone. Powered by Ford AppLink, the feature will let users operate Waze “completely through a vehicle’s touch screen,” as well as allow for voice control.
As long as the Ford vehicle includes a SYNC 3 infotainment system, users will be able to plug their iPhone into the USB port while running Waze to see the app projected onto the dashboard’s touch screen system. Afterwards, all of Waze’s features will be accessible, including crowdsourced navigation updates, liking and disliking user-created warnings, adding a new hazard report, carpool lane navigation, and Talk to Waze voice commands.
“Our goal is to bring a human-centered approach to technology in the vehicle, making it as easy as possible for people to integrate the tools that matter most to them,” said Don Butler, Ford executive director, Connected Vehicle and Services. “With the flexibility of our SYNC 3 software and AppLink, customers can easily use Waze to get all the traffic and navigation help they need – on a big screen and without having to fiddle around with their phones while driving.”
The partnership was previously announced at Mobile World Congress last year, and Waze product lead for in-car applications, Jens Baron, mentioned that the company has been working on optimizing the Waze experience on an infotainment system since that time. Using Ford’s AppLink SmartDeviceLink (SDL) on iOS, Baron explained that users will “get the most updated version from Waze,” and it will be the same as driving with Waze on a smartphone.
Ford explained that the Waze integration will launch in the coming weeks and will be supported on any 2018 model year Ford vehicle that has SYNC 3 version 3.0 or greater. Other vehicles with SYNC 3 will also be able to get Waze via an over-the-air update or update via USB. In addition to Waze, Ford said that other SYNC AppLink integrations will be coming soon, like iHeartRadio.
Ford began expanding its CarPlay support in mid 2016 when it announced its SYNC 3 infotainment system — which features CarPlay and Android Auto — would be available across its entire 2017 lineup of cars, SUVs, light trucks, and electric vehicles in the United States. Then in 2017, Ford released a SYNC 3 software update that added CarPlay and Android Auto support to its older 2016 model year vehicles, allowing more users to access Apple apps like Maps, Phone, Music, Messages, and more on their dashboard.
Tags: Ford SYNC, Waze, CES 2018
Discuss this article in our forums
Chinese Smartphone Makers Plan for Mini LED Supply as Apple Expected to Control Majority of OLED Production This Year
Apple’s domination of the OLED supply chain is one of the reasons why three Chinese smartphone makers are seeking out alternative display technology in future handsets, according to a report today by DigiTimes.
Huawei, Oppo, and Xiaomi are planning to adopt mini LED-backlit panels in smartphones launched later in 2018. The three companies believe that Apple “may extend use of AMOLED panels” to iPhones coming in 2018 and occupy even more of Samsung Display’s production of the OLED displays.
Apple’s entry in smartphone OLED displays began with the manufacturing of the iPhone X last year and is expected to increase in 2018 with the second-generation iPhone X and 6.5-inch “iPhone X Plus,” which should lead Apple to significantly increase OLED display orders thanks to the larger size. The company has also implemented OLED displays into the Apple Watch.
Instead of attempting to fight for OLED display supply against Apple, the China-based smartphone makers are turning towards mini LED this year. The companies have reportedly asked Taiwan-based suppliers to begin producing mini LED backlighting in June 2018 in anticipation of products that would debut in the second half of 2018. Industry sources noted that technological advances in mini LED product designs have the potential to cut production costs, further boosting the smartphone makers’ readiness to adopt the technology.
Besides Samsung Display, a report earlier in the month suggested that Apple will add LG Display to its OLED supply chain to help build 6.5-inch panels for the iPhone X Plus. Samsung was the sole OLED supplier for the iPhone X in 2017, and it’s predicted that the company will increase supply of OLED panels to Apple with between 180 and 200 million OLED displays in 2018 (for the 5.8-inch device), up from an estimated 50 million in 2017.
Related Roundup: iPhone XTags: digitimes.com, OLEDBuyer’s Guide: iPhone X (Buy Now)
Discuss this article in our forums
Apple Delays iPhone 6 Plus Battery Replacements Until March-April Due to Limited Supply
iPhone 6 Plus users hoping to take advantage of Apple’s discounted $29 battery replacements may have to wait a few months.
Apple says iPhone 6 Plus replacement batteries are in short supply and won’t be available until late March to early April in the United States and other regions, according to an internal document distributed to Apple Stores and Apple Authorized Service Providers this week and later obtained by MacRumors.
Apple’s internal document quotes a shorter wait of “approximately two weeks” for iPhone 6 and iPhone 6s Plus battery replacements, and adds that batteries for all other models like the iPhone 6s, iPhone 7, iPhone 7 Plus, and iPhone SE are expected to be available “without extended delays” in most countries.
Apple noted that lead times may vary in some regions, including the Middle East, Africa, Latin America, Russia, and Turkey.
MacRumors has already received a few emails from readers with an iPhone 6 Plus who were quoted a late March to early April timeframe for the replacement service to be completed at Apple Stores in New York and North Carolina, in line with the information outlined in Apple’s document.
A reliable source at an Apple Authorized Service Provider indicated that they recently received a package with dozens of replacement batteries, the majority of which were for iPhone 7 and iPhone 7 Plus models.
Apple lowered its battery replacement fee to $29 last month for any customer with an iPhone 6 or newer as part of an apology over its lack of transparency about slowing down some older iPhone models to prevent unexpected shutdowns. Apple noted that initial supplies of some batteries may be limited.
As with any supply-demand situation, availability of replacement batteries will likely vary by location. Keep in mind that many Apple Authorized Service Providers like MacMedics and ComputerCare are able to replace iPhone batteries, so this may be an option worth considering beyond an Apple Store.
A source adds that Apple Authorized Service Providers are permitted to set their own prices for out-of-warranty parts and repairs, so some third-party repair shops are charging more than $29 for battery replacements, even if Apple might not prefer it, to ensure they are being fairly compensated.
Also keep in mind that Apple’s discounted rate is available until December 31, 2018, so unless you absolutely need a battery replacement now, you may wish to consider waiting until later in the year to initiate the process.
If you are replacing your iPhone’s battery for the first time, the $29 price is available regardless of whether the device passes or fails Apple’s battery diagnostic test. To be eligible for any additional replacements at the discounted rate, however, the device must explicitly fail the test or the standard $79 applies.
To get started, read our guide on how to get your iPhone’s battery replaced with an appointment at an Apple Store or Apple Authorized Service Provider. There’s also a mail-in option, but we’ve heard that Apple’s repair center may only be replacing batteries that fail a diagnostic test, and sending back devices that pass.
Related Roundups: iPhone 6s, iPhone 7Buyer’s Guide: iPhone 8 (Buy Now), iPhone 8 (Buy Now), iPhone 8 (Buy Now)
Discuss this article in our forums
FBI Forensic Examiner Stephen Flatley Calls Apple ‘Jerks’ and ‘Evil Geniuses’ for Encrypting iPhones
Senior FBI forensic examiner Stephen R. Flatley spoke at the International Conference on Cyber Security yesterday, and during the talk he discussed Apple and the FBI’s differing opinions on the topic of smartphone encryption. According to Motherboard, Flatley described the company as “jerks” and “evil geniuses” for creating iOS device encryption that is so powerful as to prevent Apple itself from entering users’ iPhones.
Flatley said that recent updates to Apple device encryption have made password guesses slower, by increasing hash iterations from 10 thousand to 10 million, “making his and his colleagues’ investigative work harder.” This extended brute force crack time from a few days to two months, leading to Flatley stating that Apple is “pretty good at evil genius stuff.” No detailed context was given regarding his “jerks” comment.
Image of Stephen Flatley taken by Lorenzo Franceschi-Bicchierai via Motherboard
That means, he explained, that “password attempts speed went from 45 passwords a second to one every 18 seconds,” referring to the difficulty of cracking a password using a “brute force” method in which every possible permutation is tried. There are tools that can input thousands of passwords in a very short period of time—if the attempts per minute are limited, it becomes much harder and slower to crack.
“Your crack time just went from two days to two months,” Flatley said. “At what point is it just trying to one up things and at what point is it to thwart law enforcement?” he added. “Apple is pretty good at evil genius stuff.”
Flatley’s comments come nearly two years after the Apple-FBI dispute began, when a federal judge ordered Apple to help the FBI enter the iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. The FBI said it wanted Apple’s help to enter just Farook’s iPhone 5c, but Apple explained that the software it was asked to create could become a “master key” and be able to get information from any iPhone or iPad.
For this reason, Apple denied the request and CEO Tim Cook penned an open letter describing the potential for setting a “dangerous precedent” if the company did go along with the order. The battle eventually ended a few months later after the government discovered an alternative way of entering Farook’s iPhone 5c, reportedly with the help of Israeli firm Cellebrite.
Flately mentioned Cellebrite as well during the security conference, describing the firm as “another evil genius” that counters Apple’s encryption and can help the FBI when it needs to enter a smartphone. The forensic examiner was described as not clearly stating Cellebrite’s name, but “facetiously coughing” at the same time to somewhat obscure the comment.
Although the Apple-FBI dispute has ended, debates over smartphone encryption have remained ongoing the past few years. In October 2017, a report came out stating that the FBI was unable to retrieve data from 6,900 mobile devices it had attempted to gain access to over the previous 11 months. That number accounted for half of the total devices the FBI tried to get into, and FBI Director Christopher Wray described the FBI’s inability to retrieve information from these devices as a “huge, huge problem.”
At the end of the case in 2016, Apple issued a statement explaining that the company will continue to assist the FBI when it can, but not at the expense of the data protection, security, and privacy of its customers: “Apple believes deeply that people in the United States and around the world deserve data protection, security, and privacy. Sacrificing one for the other only puts people and countries at greater risk.”
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Tags: FBI, Encryption, Apple-FBI
Discuss this article in our forums
CES 2018: Scosche Announces New ‘MagicMount Pro’ Qi Wireless Charging Accessories
Scosche today announced new Qi-compatible MagicMount Pro wireless charging accessories that are compatible with the iPhone X, iPhone 8, and iPhone 8 Plus.
All of the accessories in the new MagicMount Pro CHARGE line feature the Scosche’s MagicMount magnetic mounting functionality, with a 360-degree adjustable cradle that allows them to be mounted in the most convenient position. The MagicMount is designed to mount in cars, on nightstands, on desks, on countertops, and more.
Scosche says the MagicMount Pro products feature 5W or 10W Adaptive Fast Charging for “the quickest charge possible” for all Qi-enabled smartphones. Apple’s iPhones use 7.5W charging, however, and compatibility with the faster 7.5W iPhone charging specification is not explicitly mentioned.
There are several vehicle-compatible products in the MagicMount Pro CHARGE family:
- MagicMount Pro CHARGE Window/Dash – Designed to stick to a vehicle’s window or dash using a suction base.
- MagicMount Pro CHARGE Vent – Attaches to the vent in any vehicle and can also be detached to be used as a kickstand to watch videos.
- MagicMount Pro CHARGE CD – Mounts in a vehicle’s CD slot.
- MagicMount Pro CHARGE Surface – Attaches to a vehicle’s console using a StickGrip mat.
Each MagicMount Pro product includes an AC wall adapter, a micro-USB charging cord, and two MagicPLATEs with 3M adhesive.
Scosche is also introducing a new Qi Dock Powerbank that’s able to charge a Qi-compatible smartphone and a powerbank, which can then be used on-the-go to charge mobile devices.
In its standalone MagicMount series designed for mobile devices like the iPhone, Scosche is debuting new MagicMount ELITE products that combine it’s well-known magnetic mounting functionality with a more attractive metal alloy finish. As with the Qi accessories, the ELITE series features several products to meet a range of needs.
Scosche’s Qi-based products and its new Magic Mount ELITE line will all be launching in the spring of 2018. More information on the upcoming accessories can be found on Scosche’s website.
Tag: CES 2018
Discuss this article in our forums
AIVAnet 