Month: November 2020

This week has been a quiet news week, which is probably a good thing. What with the election shenanigans raging to and fro I’ve sort of peered at the news with a cautious, jaundiced eye and been pleased that the default recommended behavior has not – for once – been to actively recoil. When we’re living in a world where my news feed is sending me stories about byzantine security measures in macOS and not doubling up on every specie and varietal of The Current Apocalypse then I’m prone to taking the win. It’s the little things, etc.

Still, some little things are – depending on where your priorities lie – big things. I refer of course to the minor brouhaha about macOS and GateKeeper – the former being a hugely popular and recently updated operating system (you may have heard of it) and the latter being Apple’s ingenious quarantining mechanism designed to keep nasty things from happening to your Mac. The current controversy kicked off with an article from November 12th which pointed out that with the advent of Big Sur/macOS 10.16/macOS 11 Apple was constantly collecting a lot of information about what programs you were opening, where you were when you opened them, what the time and date was, and what computer you were opening them on. Further, it noted that as a partner in PRISM Apple was essentially turning all this data over to The Powers That Be in order that Big Brother can track your every movement.

This, I’m sure we can all agree, sounds Bad. But – as in so much of life – an ounce or two of perspective can often throw things into a different light.

First of all, what the heck is GateKeeper?

Good Question.

Thanks!

GateKeeper’s ancestor was a system that Apple put in place back in 2007 which eventually evolved into a two-part mechanism designed to make sure that anything you download and install on your Mac isn’t riddled with malware. Initially it was a pretty basic tool; applications downloaded to your computer were quarantined until you explicitly gave permission to open them for the first time, and provided you knew what you were doing (or were at least prepared to say that you knew what you were doing) then the presumption was that nothing was apt to go awry. A year or two later Apple upgraded the system so that Mac OS X would check the downloaded application for known malware threats, and then the whole thing was spruced up again with Mac OS X Lion to incorporate signed apps.

And it’s this mechanism – the checking for signed apps – that’s really the crux of the recent concern. In a nutshell, here’s how the process works.

1. A developer – let’s call him Dave – wants to write a macOS application. He signs up for an Apple Developer account, goes and bangs out his masterpiece in Xcode, and signs it with a certificate denoting his Developer ID.
2. A customer – let’s call him Bob – purchases this amazing application. When he runs it, his Mac looks at the application, notes the certificate that Dave signed it with, then sends an inquiry to Apple to make sure that the application is legitimate and actually written by an actual Apple-approved Developer. Said inquiry is in the form of a hash that contains an identifier of the application that’s being opened.
3. The OCSP (Online Certificate Status Protocol) responder at Apple looks at the hash it’s been sent, notes that yes, everything looks okay, and then tells Bob’s Mac that the application is okay to run.

This system is not without its flaws, but they tend to be the obfuscatory variety and not the destructive sort. The worst of the bunch is that occasionally a developer certificate will expire, so when the application is launched the hash pushed to OCSP is refused, leading to a lot of frustrating inabilities to open the application. Fortunately, renewing a developer certificate is a relatively simple process.

There’s also been some alarm about the fact that these hashes are sent with non-encrypted http instead of https, although logic dictates that if you use a certificate-encrypted https session to check for an OCSP certificate then you’ll first need to decrypt the https certificate, and eventually it’s certificates all the way down, which would at least give all the elephants something to look at.

Still, the idea that your computer is constantly sending a stream of information about what applications you’re running out to The World™ sans encryption isn’t a great look. So much so that Apple has published an updated document on the subject, thus.

It’s comforting to read that kind of thing, but one should also trust and verify. Thankfully, a lot of that kind of heavy lifting is done by better and wiser minds than mine; for example – Jacopo Jannone, who published an article that did a fascinating deep dive into the OCSP process. I’d encourage anyone who’s remotely interested in looking under the hood of their computer to follow his process. I mean, I know that I did; using Wireshark to capture an OCSP request for CodeRunner.app I was able to pull the serial number of the application and match it to what was being sent to OCSP, as well as noting that once that was sent the first time the app was opened after a reboot no further requests were sent, even after opening and closing the app.

So, a storm in a teacup, then. Apple isn’t tracking your every move via application opening and closing (or if they are then they’re doing a shockingly inefficient and terribly-implemented job of it). There’s still a temptation to disable your Mac’s ability to go talk to OCSP but that’s a temptation to be metered or avoided. Gatekeeper might seem like some authoritarian mechanism, but it’s a vast improvement on the absence of any kind of check or balance. In a world without rational, transparent security – even the kind that leaves an uncertain taste in your mouth, it’s all too easy to end up with a fully open sandbox where applications can run unmetered and unchecked, and send a lot more information out than the time and date you anonymously open a browser…

Well, today Apple pulled the wraps off their new toys in a manner that surprised almost nobody at all. We got new portables and a new Mac mini (which hadn’t been talked about a great deal by anyone, but seemed a shoo-in on the grounds that the Apple Silicon Dev kit was… also a Mac mini). And these are all great products, and will do very well because they’ll do what they do very well.

What they won’t do very well? Not much, but I can think of one glaring problem if you’re anyone who works in design, video or do a lot of CAD work – and it’s not really Apple’s fault. What’s the problem? I’ll give you a hint in the form of the accessories available for the new MacBook Pro:

Too oblique? Okay, that’s understandable – if you’re looking at a forest and don’t notice that it’s missing a tree, then that’s not on you. Here, I’ll make it easier by showing you the accessories available for the older, Intel-based MacBook Pro:

Now I am – and this is no surprise to anyone who knows me – not what you’d call a world-expert on chip design, but it’s pretty clear to me that in putting the entire system (CPU, Cache, Neural Engine, Fabric, GPU and DRAM) on a single chip then you’re somewhat boxed into the idea that you’re stuck with integrated graphics. And if that’s the case, then said system on a chip is – by its nature – not going to have any mechanism to go and talk to discreet graphics – whether it’s a graphics card or an eGPU. It’s counter to the design of the thing.

Still, no eGPU support isn’t entirely surprising when you consider the nature of the beast(s). These are, after all, not Pro machines. Yes, yes, I know: the MacBook Pro has “Pro” in the name and is used by professionals, but the 13-inch model isn’t historically renowned as the hard-hitting graphical powerhouse of the line. And, to be fair, the M1’s octo-core GPU generates some very decent numbers – from peering uneasily at screen grabs and doing some back-of-the-napkin math it looks like the thing’ll churn out about half of a Radeon RX 580, which while admittedly a long way from the top of the heap isn’t exactly chump change, either.

I don’t mean to dump on these new machines. They’re really, really great products (and I’ve already ordered a couple of Airs for my kids). As a first run, it’s extremely impressive that Apple’s managed to come up with machines that are bound to make Intel go a little pale and wobbly-footed, but it’s also true that having machines this powerful at the low end of the range generates some interesting questions about the rest of the product line. Benchmarks have yet to be forthcoming, but based on the claims of speed increases from the older, intel-based versions of the MacBook Air, MacBook Pro and Mac mini it rather looks like those computers will cheerfully stomp all over the iMac and iMac Pro in raw performance, and even give the Mac Pro a bit of a turn.

Except when it comes to tasks and pro use-cases that involve significant GPU compute needs, that is, which raises two questions (both of which I have actually been asked this morning):

Are the rest of Apple’s desktop products suddenly lame ducks?

If you’re, say, the manager of a small publishing company with a limited budget, what reason is there to go and buy four new iMacs? After all, there are going to be new, M1-based iMacs coming out at some point.

Are Apple’s Pro computers ever going to be good again?

Further from the last question – is it even possible that Apple can make a chip that can compete with some of the higher-end graphics cards? After all, those are companies that have years of experience and deep benches of R&D expertise, and even assuming that it’s possible to compete, why would you want to buy a pro machine with non-upgradeable graphics cards?

I won’t lie; this was an awkward conversation. But I’ll put down what I said after a couple of minutes of thought. Maybe – just maybe – we’re thinking about what a Pro machine is, and coming up with some answers that are informed by what we’ve been conditioned to believe instead of thinking flexibly. Maybe we’re looking at it all wrong.

Graphics cards are awful devices. No, really; finicky, phenomenally expensive, prone to failure and oft laid low by software problems (not to mention hot and noisy and wildly, wildly power-hungry). One of the rumors about the new Mac line has been about a supposed new Mac Pro – much smaller – and the feedback I’ve read has solidly fallen into discussions about how there’ll be no room for expandability, adding extra cards and storage and so forth. Maybe we’re looking at this kind of problem the same way that people looked at the first cars and sniffed, derisively, pointing out that there was no place to attach the horses to the front of the thing.

I don’t think we’re going to see Macs (and by association, a lot of the PC market) using discreet graphics in future. Yes, there are people who upgrade their pro machines with new-and-improved hardware as time goes by, but I’ve worked with those clients for the thick end of two decades and the vast, vast majority of those clients? When they’re ready for an upgraded graphic card, they look at the budget, look at the depreciation scheduled, and just buy a new computer.

There’s a reason that Apple rolled out Apple Silicon the way that it has. Consumer/Prosumer machines first (because the M1’s secret weapon is it’s absurdly low power footprint); and then, later on, a followup product with significantly more graphic cores. After all, if a Mac mini with eight GPU Cores can come within punching distance of a decent graphics card, what can a twelve core card do? Or a sixteen core? Or a thirty-two core?

My money says that we’ll see an Apple Silicon iMac within the year, with graphical performance that’ll jump up and down all over the current iMac range. In the mean time, though, I think there’ll be a lot of difficult decisions to make about sticking with Intel-based Macs…

This is, admittedly, sort of close to home in a very literal sense; a few weeks ago I walked out of my back door, took a bracing lungful of clear morning, air, coughed, and then noticed that the large expanse of legally-contested Mesa behind my yard was, in fact, on fire. Thus:

Now, I don’t know about you, but this kind of thing is something I typically find… perturbing. You know what? I’m not ashamed to say it. I was perturbed. You could even make an argument for my being alarmed. There’s an initial instinct to be very British about it (which – being British – comes easily to me) and look at the encroaching flames and say things like “Right,” and “Ah,” and “I see,” and then go back indoors and spend a couple of minutes unpacking the emotional load that comes with oncoming disaster in order that those emotions can be best suppressed or – better yet – filed away, never to be spoken of (because, again, British). Once that initial instinct is out of the way, I’m glad to report that I behaved in an adult and responsible fashion and immediately called the local authorities that deal with these sorts of things, let them know who I was and where I was and what the issue was, and then hung up and watched the roiling inferno as it bore down upon my person, my loved ones, the collection of creatures that I think of as pets and that they think of as roommates and, oh yes, all my possessions.

I had a nice, long wait until fire trucks turned up. I’m not complaining; mine is an out-of-the-way sort of place that’s hard to get to. We don’t often see any kind of law enforcement-type activity back here, which is fine because we’re not exactly a hotbed of crime and public disorder (save for the party house on the next street and the occasional, terrified middle-class teenagers doing low-level drug deals in the most highly conspicuous, terrified middle-class teenager way underneath the sole streetlight at the end of the road). I spent some of that time messing around with hoses and calling neighbors, and the rest of the time running through the mental checklist of What I’d Do If My House Burned Down.

Other than protecting all my stuff and the welfare of my loved ones, it turned out to be a fairly short list. I have a go-bag with a laptop that’s signed into iCloud so that I can get to iCloud Keychain, a portable hard drive with a lot of copies of insurance information on, a key to a safe deposit box and a bunch of chargers and cables and batteries. The idea would be that if I had a few seconds I could grab that thing, throw it into whatever vehicle is nearest, and then leave the family manse to the flames, secure in the knowledge that as long as I can get to some kind of internet access I’ll be able to start piecing everything else together. Further, everyone in the household backs up to BackBlaze, so provided nothing wildly unexpected happens most (if not all) of everyone’s data should be available in some form.

So, well done me. Roll out the red carpet, do mischief to the fatted calf and so forth. The whole nine yards. But now that self-congratulatory claptrap is out of the way it’s probably worth establishing some basic guidelines so that you, gentle reader, can figure out what to do when sheets of flame come roaring and hissing down the hill behind your house while your neighbors talk to the local TV reporter and don’t pull their weight vis-a-vis the oncoming inferno. Yes, you can imagine the petty, annoyed tone in that last sentence. Oh please, it’s not like they read this, anyway.

Firstly, have a backup strategy that includes a cloud component. Or two; after all, while belt and suspenders are solid, belt and suspenders and another pair of suspenders are better. And optionally another belt. When I talk to clients about backup strategies I like to present three separate scenarios, ranging from mundane to ridiculous, that hopefully spell out the value in mixing different backup techniques. They are:

You lose a file or accidentally erase something. This one’s easy; use some kind of directly attached storage on your computer or (if you’re accessing files on a server) have some kind of directly attached storage hooked up to the server. This mostly works out to be some kind of big hard drive, and the product I chiefly recommend to clients to actually run the backups is Apple’s Time Machine. No, it’s not perfect, and yes, once in a blue moon it’ll just stop working, but it’s built in to the OS, its extremely easy to use, and it’s… well, it’s reliable enough

Your office/home burns to the ground. A little more alarming, but still possible. In that case I like to recommend a combined strategy of offline physical and (optionally) online cloud backups – a set of hard drives that are rotated out on a regular schedule and then the inactive drives stored at a separate physical location. If disaster strikes then you can retrieve the offsite backup, plug it into a replacement computer (or server), and within an hour or two you’re back in business.

The entire State of California sinks into the unforgiving blackness of the Pacific Ocean, or else is enveloped in relentless white-hot fire that pulls the air from your lungs even as if blackens the sky, bringing utter destruction and the irretrievable loss of not only your business premises but every other place where you might have a backup stored. Funny thing, this one. There was once a time when I’d trot this out and there’d be a certain amount of good-natured eye-rolling and general amusement. Of late this has started to tip over the edge from “kind of thing that people laugh about” to “kind of thing that people laugh nervously about.” It’s California. Sun. Surf. Gorgeous scenery. The Golden Coast. The American Riviera.

Except during fire season, when it unaccountably has a tendency to turn into bloody Mordor at the drop of a bloody hat. Having your data backed up to the cloud is a solid hedge against this kind of disaster. Cloud backups are massively slower than direct backups because, well, internet, but services like BackBlaze will send you a hard drive containing all of your data if you give them about a hundred bucks, which seems like an astonishingly efficient way of recovering huge amounts of data without having to muck around with hotel wifi.

Secondly, have some kind of secure repository of information that you might need in case of disaster.

Now, that sounds completely subjective, as it doesn’t make a lot of distinctions about what either “secure,” “repository,” or “information” actually consist of. I’ll try and break this down in reverse order because, hey, that’s a little more fun.

Information. What information? That kind of depends on what you’re currently doing with your data and what you need to be able to do. For example: if you use two-factor authentication through an app like Google Authenticator the you should have a bunch of backup codes for each of the services you use so that (once your house has burned down with your phone in it) you’ll be able to set up a new device to get new two factor codes. Or this might mean something physical – paper copies of insurance documentation, deeds, birth certificates – stuff that’s not necessarily irreplaceable but certainly not something that can be re-sourced at the drop of a hat.

Repository. This can be digital, but it doesn’t have to be. That’s important to note; I think it’s widely assumed that having everything on a thumb drive or on The Cloud™ is better than traditional media, but that’s not always the case. When you’re talking about the aforementioned birth certificates, deeds etc then that’s kind of a moot point – there are some things that are only valid in dead tree format – but having vital information on paper can be a huge time saver. Of course, there are a slew of issues with having physical copies of things, so it’s worth mentioning…

Secure. Having that data – no matter what its form – secure is vital. Critical data in rest is always a target of some sort, or at least vulnerable to opportunism. In the simplest sense; having a notebook labelled “Passwords and Bank Account Info” lying around in case you need to grab it on the way out the door is only great in that one, narrow moment. Until then it’s just a book with everything required to remake or ruin your life, just lying around the house. Don’t do that. A Safe Deposit box with your local bank runs to a couple of hundred bucks a year. Put it in a vault, get a spare key, and put the spare key somewhere safe. If we’re not talking about physical security then think about data and encryption. Really consider things like the keys you’re using to encrypt your data, and where records of those keys might be kept.

Finally – and this is something that I don’t see mentioned a lot, but that I personally think is vital – have spare hardware. Nobody stands in the smoking ruins of their home, brushes themselves off, and says “Oh good. Now I can go stand around at the Apple Store for an hour spending upwards of a couple of grand on a new laptop. At last, the excuse that I’ve been looking for. Oh happy day! This was all worth while.”

Okay, maybe there are few really odd people out there, but I’m willing to bet they’re the exception rather than the rule. I go the other route – the laptop I have shoved in my IT go-bag is a 2013 MacBook Pro running macOS Mojave. It’s not some speed demon, and it’s not running anything except the basic, stock applications. I power the thing on a couple of times a year, kick the tires, make sure that everything seems in working order, then shut it off and put it away again. It’s not a thing for tinkering with; it’s the thing that I’m going to know is working properly when I absolutely need it to. You don’t need a laptop, though; an iPad does the job just fine for most things, and even an old iPhone or iPod touch will be serviceable in a pinch – provided that whatever you use can is recognized by iCloud or your cloud-solution of preference.

I’m reliably informed that – this being the internet and all – many people reading this are not in Southern California, but I think these simple guidelines work no matter where you are and no matter the disasters you’d like to mitigate. Fire, flood, violent political unrest – at the end of the day you end up coming back to something that I bang on about endlessly both in the written word and in person whenever I’m called on to speak to a room full of people who are checking Facebook while ostensibly paying attention at conferences: Helen Keller was right. Security is mostly superstition. It doesn’t exist in nature. The sun may rise and set from one day to the next for months, years, decades – but it’s an unwise person who believes that we’re playing anything other than a numbers game. One day, the axe will fall. Possibly when you least expect it – you’ll stroll out of your back door with coffee cup in hand, behold the fire as it races forward, borne by the cool morning breeze, and in a moment your world will shift minutely but significantly.

Thankfully, my house didn’t burn down (which was a great relief to all parties concerned), but yours might. Or your office, or in extreme cases, the city where you live. It may sound doom-and-gloom, but there’s no getting away from that; you can’t escape the risk, and you can’t prevent it. But, with a few careful decisions and an ounce or two of forethought, you can mitigate those risks and prepare for the worst.

After all, this is 2020. Preparing for the worst has practically become a national sport at this point… 🙂