diglloyd Mac Performance Guide

The Speed You Need

SSDStorageMemory

MPG iMac 5K Arrives Soon

I’ll be setting up this puppy next to my 2013 Mac Pro and putting both through their paces. I expect the iMac to outperform in CPU speed, but its screen is both a wonder and a problem (too dense for critical image assessment).

The Mac Pro uses dual displays, the NEC PA302W and the NEC PA301W (both 30-inch), 64GB memory and so on—my “production” workhorse.

The iMac will have its built-in display and the NEC EA244UHD and will get 32GB memory from OWC.

  iMac 5K should soon be enroute to MPG
iMac 5K should soon be enroute to MPG

OS X Yosemite: Switched to it on my Main Machine

My experience with OS X Yosemite on my laptop was fairly seamless (with one headache), so I installed it on my main “production” machine (2013 Mac Pro with dual screens).

There are some points of confusion like having to go dig up java and install it (I develop using JDK 6—why does Apple erase a perfectly good installed java?). Also, Remote Desktop would not update normally (and posted an erroneous alert about using Software Update in the Apple menu, which no longer exists). Safari reset its window positions. And a few other nigglers.

The biggest problem so far is extremely sluggish File Open dialog performance to the point of it seriously impairing its use. And that’s on a fast SSD. This worries me because I use the File Open dialog all day along. It looks like it involves 'quicklookd', as if it were opening every file in the window before one can interact (hundreds of images in a folder). Or maybe hitting every mounted volume (I have 10). And this persists with use. Something is broken. Delays are visibly sluggish, multi-second long affairs. Very frustrating.

Still, so far OS X Yosemite looks to not have been rushed out the door like the Mavericks fiasco. Time will tell but this OS X release looks much cleaner.

Activity Monitor still shows a CPU history with virtual cores (16 graphs for an 8 core), and has no option for 8 history graphs for an 8 CPU box. A minor point, but it would be nice someday.

I haven’t found much that really helps my work efficiency yet, but I do like the much better space utilization for mailboxes in Apple Mail.

On the flip side, Safari hides the URL and this is a constant time-wasting nuisance, because now instead of just seeing it there, I have to click to see it (as a web developer, I need to see that URL all the time). Or I thought I did. Turns out there is a preference for this (is it “advanced” to want to know where one is these days?): Show full website address. Except that the new OS X Yosemite design clips off the URL, so that it cannot be seen.

How to show the full URL in Apple Safari
How to show the full URL in Apple Safari

Update: crash

Within hours of installing Yosemite, my first crash, with a dead/inoperable OS. Oh Goody.

Capacity Utilization vs Speed: that 5th Terabyte on 5TB and 6TB Hard Drives

Finishing up the MPG analysis of real world drive speed:

For 5TB and 6TB drives, what happens when the drives contain 4TB of data so that a 5th terabyte is now being stored?

Hard drives at OWC with the 90 day DOA replacement guarantee: Toshiba 4TB, Toshiba 5TB, Seagate 6TB.

  Hard drive performance vs capacity utilization over 4TB partition (4/5/6TB hard drives)
Hard drive performance vs capacity utilization over 4TB partition (4/5/6TB hard drives)

Apple iMac 5K Memory Kits at OWC

I’m crossing my fingers that 64GB might be possible in the new iMac.

But for now OWC has 8GB, 16GB and 32GB memory kits for the iMac 5K and the existing memory can be sent in for a OWC memory rebate. This nets out the cost of 32GB to about $358 (versus $600 at Apple, which pays for the faster CPU option!).

Capacity Utilization vs Speed, which is faster, 4TB, 5TB or 6TB Hard Drive?

Running out of space and you have 1TB or 2TB or 3TB of data to store—

Which drive capacity should be used for best performance?

What is the best way to actually realize that performance for new work?

Following up, another graph is presented, this one comparing a 4TB partition on 4TB, 5TB, 6TB hard drives.

Hard drives at OWC with the 90 day DOA replacement guarantee: Toshiba 4TB, Toshiba 5TB, Seagate 6TB.

  Hard drive performance vs capacity utilization over 4TB partition (4/5/6TB hard drives)
Hard drive performance vs capacity utilization over 4TB partition (4/5/6TB hard drives)

Apple iMac 5K Color Gamut?

Glenn K writes:

It's remarkable that none of the media covering the release of this machine have thought to open the ColorSync Utility and take a look at the gamut.

MPG: cheerleaders are preferred by 11 out of 10 marketing people at Apple. So far, MPG has never gotten an early look at Apple hardware.

Yes, the gamut is a key question for anyone looking to do high quality photography, but calibration is even more important (and it’s true calibration of iMac is not possible). I expect that it will be very good, but how good is unclear. MPG did look for a color profile for the iMac 5K in /Library/ColorSync/Profiles/Displays but nothing there yet for the iMac 5K.

OS X Yosemite: Screen Bleed-Through for Images Impairs Perception

In Yosemite, images now bleed through the user interface in Safari, as shown.

Click for larger image.

Image bleeding through user interface (Safari, OS X Yosemite)
Image bleeding through user interface (Safari, OS X Yosemite)

The neutral gray surround is discolored, interfering with perceptual evaluation of an image. Moreover, it feels unstable, because the amount of “bleed” changes with scrolling the image; the colors and intensity continually vary, which means that perception of color and density varies continually.

If you’ve ever seen a display about to fail, it can look like this smeared mess—it gave me quite a 'start' when I first saw it, thinking my 4K display had gone bad. Good interface design should not be surprising, or feel unstable or broken. Feels like core rot to me.

The user interface changes on OS X Yosemite feel gratuitous and arbitrary; they do not improve the usability in any way I can detect; rather I find that elements are rather merged in feel—less discrete, less solid. If the changes make the cut of true visual and usability improvements, why does every OS X release redo it all?

As John Siracusa at ArsTechnica writes (spot on):

Though I’ve tiptoed around it thus far, the friction point in Yosemite’s new visual design is its pervasive use of transparency. (Technically, “translucency” is more accurate, but please indulge my idiomatic usage.) Allowing what’s behind to influence the appearance of what’s in front is problematic in a couple of ways. From a purely aesthetic perspective, transparency is unpredictable. Designers can decide which aspects of the background will influence the foreground image, but they can’t control the content of that background. Will its contribution make the final image more pleasing, or will things turn ugly?

In terms of usability, transparency risks impairing readability and recognition. Colors bleeding through from other content can undermine the intended contrast between text and its background. Symbols and shading meant to subdivide an interface can be sabotaged by the influence of unrelated background images. The content as designed by the application developer is the signal; any background content that shows through is noise.

... Inevitably, I find myself searching for a reason. Why is it important for me to see any aspect of what’s behind the front-most active window? Why risk reducing both the usability and attractiveness of the UI? To what end?

... As much as I may support any of these lines of reasoning, my tolerance for any instance of impaired readability due to background “leakage” is very low.

Ditto. OS X Yosemite is gratuitous. But even that is not right, it is damaging to usability in too many scenarios. And MPG might summarize this more bluntly: “one designers’s maniacal ego trip is another person’s visual pollution”. It reminds MPG of the godawful shadow and outline fonts in the original Mac. They didn’t last, and for good reason. This “vibrancy” (bleeding) is the same sort of dreck when it is applied willy-nilly. The idea tha blurred colors are somehow less distracting because there is no detail includes a tacit and ignorant presumptuous of what content might be present, and what might matter to the user.

On the other hand, I completely support the “Yosemite” approach as applied to women’s clothing, at least for young attractive women. :; But please top only and not for hairy men.

I accept that software needs to evolve, but I also feel that a sense of stability and continuity should be given due deference: as another example, window zoom dispenses with 30 years of behavior and now goes to full screen mode instead of zooming. And it also blanks out my 2nd display entirely, rendering it useless. How can it be good design to destroy use of a 2nd display, I ask. Only by option-clicking can the window zoom as before. Well, at least that one is manageable; I can unlearn longstanding habit. But I cannot turn off my vision and not see color smearing, just as I cannot close my ears.

I am a photographer with strong color discrimination (vision), and a stable and neutral visual environment matters to me (and to many who view my images).

A mitigation

So I went hunting, and found this control in Preferences => Accessibility. It does not fix the issue, but it greatly reduces the amount of transparency (“Reduce” is an accurate description, as it does not disable transparency entirely).

So there is still a faint color cast, but it is much less disturbing. Still, it impairs the ability to evaluate an image against a neutral surround in Safari is what I am after (color perception is very much dependent on surrounding colors). Google Chrome does not suffer from this issue, at least not yet.

Reduced Transparency
Reduced Transparency

Oct 2014 Mac Mini (new one): is the Memory Upgradeable?

The October 2014 MacMini is a study in compromise, which could be frustrating for some users:

  • The memory is not user-upgradeable (soldered on).
  • Dual-core CPU options only (no quad core). Base model has extremely slow 1.4 GHz CPU.
  • Internal drives are limited also, versus two in prior models.

So this MacMini downgrade upgrade that kills the cult appeal of the MacMini. it’s now just a “toaster” with no inferio upgradeability and no quad-core option, which is a major issue for some uses. It even might be slower than the 2012 model. Which is not to say it is a bad machine, just more of a “toaster” now (so to speak).

By the time the 3 GHz CPU and 16GB memory and 256GB SSD are specified, it’s a $1400 machine. This makes little sense to me; refurbished quad-core laptops can be had for about that price.

One reader suggests that memory in the new MacMini might not be upgradeable (e.g., soldered on). Caution advised until the situation is clarified, otherwise be sure to order with 16GB memory (+$200 is a steep premium to bump up to 16GB from 8GB, as per usual Apple practice).

Apple MacMini memory configuration choices
MacPerformanceGuide recommendation for MacMini memory

Apple makes no mention of such a critical consideration, but that would not be a first. MPG sure hopes that that the late 2014 Apple MacMini memory is upgradeable as always has been.

Note that the new iMac 5K is described as having “four SO-DIMM slots, user accessible”, and that the MacMini is not so-described, which does not bode well.

UPDATE: all indications are that the memory in the MacMini is soldered-on, so be sure to order it with 16GB, or at the least no less than 8GB. The knowledge base MacMini memory page has not been updated for the 2014 model, so no clarity there.

Update 2: confirmed that MacMini has soldered-on memory and thus cannot be upgraded after purchase.

Apple MacMini memory configuration choices

Why There is no New 5K External Display to Match the iMac 5K

The late 2014 iMac 5K has a 5120 X 2880 retina display.

But don’t expect to see an external 5K display any time soon: even Thunderbolt 2 cannot deliver the bandwidth needed for 5K, and that’s even 8 bit color (vs 10 bit color, for which OS X still has no graphics drivers).

Bandwidth: 5120 X 2880 X 3 bytes = ~44MB/frame @ 60 Hz = 2.654 GB/sec, versus 3840 X 2160 X 3 bytes = ~25MB/frame = 1.49 GB/sec for a 4K UltraHD display. Thunderbolt 2 can handle a 4K display but that’s where it maxes out.

As far as MPG understands, Thundebolt 2 is limited to 20 Gbps bandwidth, or 2.5GB/sec, so 5K video is a bit too much.

Hard Drives: Capacity Utilization vs Speed aka “4TB or 5TB or 6TB Hard Drives?”

Running out of space and you have 1TB or 2TB or 3TB of data to store—

Which drive capacity should be used for best performance?

What is the best way to actually realize that performance for new work?

Hard drives at OWC with the 90 day DOA replacement guarantee: Toshiba 4TB, Toshiba 5TB, Seagate 6TB.

  Hard drive performance vs capacity utilization
Hard drive performance vs capacity utilization

How Much Resolution in a 5K Display?

The late 2014 5K iMac offers an incredible 5K resolution display: 5120 X 2880, which is 14.7 megapixels, or nearly the entire resolution of many of today’s popular APS-C digital cameras.

This compares to still-emerging 4K UltraHD diplays which are typically 3840 X 2160 = 8.3 million pixels, and to HD (BluRay) which is a paltry 1920 X 1080 2.07 million pixels. Kinda funny how “HD” is now “low resolution”.

Diglloyd photography publications and guides have included the viewing pleasure of UltraHD images for about 18 months now (3840 wide, 8.3 million pixels).

A 4K UltraHD image at 3840 X 2560 image will easily fit onto an iMac 5K display. The 8.3 million pixels will leave another 6.4 million pixels unused! Click for larger.

  4K UltraHD 3840 X 2560 image as it fits onto an iMac 5K display
4K UltraHD 3840 X 2560 image as it fits onto an iMac 5K display

Game Changer: MacMini with Dual Thunderbolt 2 Ports

The MacMini’s main limitation has been a single Thunderbolt v1 port. Attaching a display used that port, even if in some cases daisy-chaining could be done—and it was Thunderbolt v1.

Today’s announcement that the new MacMini now has dual Thunderbolt 2 ports brings the MacMini into far more useful territory for expansion, and it might be a good choice for some users.

Be sure to order the MacMini with 16GB, because the memory is soldered-on and cannot be upgraded.

Bleep42 writes:

I would like to point out that Apple Decided to cripple the MacMini this time around to only a Dual Core i7 from a Quad Core i7, in the previous iteration (MacMini 2012).

I have been using My MacMini 2.6Ghz / 16gb / 2x 1TB SSD, since the release of the Quad Core, and was hoping to Upgrade, but after seeing it was only a Dual core decided not to.

I love the fact that if I need more storage space I can add a MiniStack to it and build a mini tower that way. I currently have both the MiniStack & MiniStack with BluRay drive. Also Thunderbolt has been pretty useless to me. I have found USB3 to work better for my need, and easier to find drives for it.

Love your reviews!

MPG: (real names preferred). In practice a fast CPU clock on a dual core can outperform a slower quad core on most all tasks, because most tasks for most users never use more than two CPU cores except briefly. So a 3 GHz Intel Core i7 with TurboBoost to 3.5 GHz can perform very well, including Photoshop.

But it all depends on workload, and if one CPU core is being sucked up by a background task, one remaining core is sometimes not much to work on.

The main limiting factor for photographers and similar is the 16GB memory limit. While 16GB is plenty for ordinary tasks, it does exert a top bound on some tasks, just as with the Macbook Pro. That said, compressed virtual memory on a fast internal SSD helps greatly should memory get low, so the MPG advice is to go with a straight SSD (“flash storage”) for the internal drive, and add (as needed) external hard drive storage with Thunderbolt (preferred) or USB3.

WOW! Apple iMac with 5K Display

Readers know I am not a fan of the iMac for professional use for a variety of reasons having to do with workflow, ports, color matching, etc. But....

Apple’s announcement of a 5K iMac (5120 X 2880, 14.7 million pixels) stops me in my tracks and makes me lust over the screen, for the screen is how we see things on a computer. The 5120 X 2880 resolution behaves like a 2560 X 1440 display (pixel doubling) in user interface terms, but can be scaled to other sizes.

Apple probably had to do some custom work to support a 5K display because even Thunderbolt 2 falls well short on bandwidth (cannot drive a 5K display, which needs ~45 MB/sec bandwidth). But in the all-in-one iMac, custom is fine; no standards need to be followed for connectors and so on. The iMac can only drive 4K for external (additional) displays.

But here’s the kicker: the 5K iMac starts at $2499. So it’s like buying a groundbreaking display and getting a computer for free: the professional-grade NEC PA322UHD 4K display will list at $2999 ($3249 for BK-SV model), and while that is my intended screen on my 2013 Mac Pro for color matching and image evaluation, for sheer viewing pleasure the iMac 5K offers a far larger number of viewable pixels.

With up to a 4 GHz quad-core CPU, it’s gonna be fast, but what a shame it can’t go to 64GB memory (32GB seems to be the limit).

iMac limitations

The iMac 5K has clear limits which make the 2013 Mac Pro a better choice for high-end users:

  • 32GB memory limit (64GB or 128GB with Mac Pro).
  • No 6/8/12 core variants.
  • Single high performance GPU with 4GB max memory (Mac Pro can have two GPUS each with 6GB).
  • Two Thunderbolt port, presumably on a single Thunderbolt bus (versus 6 ports on 3 busses for Mac Pro).
  • More likely to fail with rigorous usage, if for no other reason that less robust cooling and built-in display.

Ordering suggestions:

  • MPG ordered the iMac with 8GB so as to get 32GB of memory at OWC, saving several hundred dollars.
  • The internal 1TB SSD (“flash storage”) is the way to go for power users; add the OWC Thunderbay for extra storage.
  • Get the fastest CPU, which compensates in part for other factors. It should outperform all 2013 Mac Pro models for many if not most common tasks, because most tasks use only a few CPU cores.
  • The fastest GPU is less important than getting a large SSD and faster CPU for most users and uses.
iMac 5K as ordered by MPG
iMac 5K as ordered by MPG

Bruce Z writes:

Do you think the iMac 5K screen will be able to be profiled as readily as the NEC screens are famous for?

5K images will look great, but we will still need to have the monitor tweak-able with a display calibration system to get the most out of those pixels.

MPG: Any display can be profiled, the question is whether true calibration can be done, or just crummy faux calibration.

Calibration is designating a target output, then adjusting the display itself to match that target as closely as possible, ideally with < 1 delta E accuracy using 14-bit adjustments internal to the display. Contrast that with 8-bit numbers on a video card which are adjusted (mangled) to achieve something “sorta accurate”—that is faux calibration. Ask yourself how 2/3/4/5-bit numbers (dark tones) could ever be properly adjusted: there is no dark gray having value 13.7, only a choice of 13 or 14 (crudely stepped/rounded). OS X graphics drivers are still only 8 bit, not even 10 bit, which makes matters worse.

Once a display is calibrated properly (or faux-calibrated), its actual performance—what it actually produces for the designated target (gamma, grayscale, color, etc)—is characterized with a display profile (profiling).

All iMacs including the new iMac 5K can be profiled, but cannot be calibrated. So the iMac will still have faux calibration along with a shiny screen which is not good for print matching. Beautiful to behold, but not a professional-grade tool, especially over time and temperature changes. For professionals doing work where color accuracy matters (and consistency over time matters), the NEC PA322UHD is a far superior choice.

But there is an “out” by adding a 4K display externally:

Simultaneously supports full native resolution on the built-in display and up to 3840 by 2160 pixels on an external display

Unlovely: Password Negligence at Financial Institutions

Password restrictions at Schwab.com requiring low-security password
Click to read more

For bank and brokerage and other financial accounts, MPG strongly advises using a long and complex password .

Making a Strong (Highly Secure) Password

The stupefying situation is that some financial institutions places strict limits on password quality.

Don writes:

Between myself and a family member, I have to manage many separate financial accounts (i.e. accounts with real money at stake, easily taken if the account is compromised). The restrictions preventing strong passwords across them runs from mildly-frastrating to serious risks, such as your example with Schwab.

I’ve been asking reporters, such as those at Ars Technica who follow this stuff, to compile a list of password restrictions from all the top financial institutions and publishing them as a ‘name and shame’ piece to spur better practices. Unfortunately, no one has taken this on that I’m aware of. It seems like the sort of thing that would be an instant hit among the security conscious, but alas that seems to be an all-too-small audience.

This is like watching a chain-smoker puffing away right after having a lung removed. The problem is obvious, but denial is a tough thing to overcome.

MPG: seems like a good article for the Wall Street Journal.

Lovely: Long Ugly Passwords

DIGLOYD signed up for Coinbase.com today, a service that accepts bitcoin payments, e.g. for diglloyd publications and diglloydTools.

This is a perfect use case for a long ugly password—long and ugly for hackers and long and ugly for remembering (no way)! A perfect way to use 1Password.

The main issue I ran into at Coinbase.com was an apparent incompatibility with Apple Safari web browser: entering the code for 2-factor authentication hangs (the web site never finishes and accepts). I’ve reported this bug to them, but they do not offer any notification or ETA on fixes. Google Chrome works fine however.

The 'Cloud' Remains a Huge and Tempting Target for Hackers

MPG has long distrusted using the “cloud” for any data storage for a variety of reasons, but namely security (certainly for nude selfies!). It doesn’t matter how conscientious a provider is, because between sophisticated hackers and the NSA and foreign governments, everything can be compromised somehow—including a personal computer, but one single computer is not in general a tempting target for hackers, like a service used by millions.

The unwavering recommendation from MPG is to distrust cloud storage for any sensitive data. Because it is not “if” but “when”.

Any site with millions of users is a huge prize, hence considerable effort is expended to crack into large web sites. This modest web site suffers many times a day probes from hackers, yet it is hardly a prize (nothing sensitive is stored on it). Ditto for any web site.

One more of many incidents

Dropbox was not hacked, but very apropos in terms of password managers and password risks is this Oct 13 2014 news at ArsTechnica which represents just one of many such incidents that occur many times each year. Right or wrong, it speaks t the concerns and risks with major services.

On Friday evening we began a routine server upgrade. Unfortunately, a bug installed this upgrade on several active servers, which brought down the entire service. Your files were always safe, and despite some reports, no hacking or DDOS attack was involved.

1Password: web site logins
1Password: web site logins

The particulars of this case are not relevant; it’s the ongoing risk and commonplace occurrence of this type of issue. Sometimes there has been no hacking, but too often the news reads otherwise.

With 1Password, a high quality master password is key, which protects the vault even if the vault is stolen.

Never use a password for more than one purpose. Use a unique password for each and every web site or service. This is why a password manager is so valuable: strong and obscure passwords unique to each web site that one does not have to type in or memorize.

In short, MPG strongly recommends using a password manager.

Recommended: 1Password for Both Higher Security and Convenience

I’ve been using Agile Bits 1Password for about 6 weeks now, taking a conservative viewpoint on adding any new software to my system, particularly something involving security.

I am now persuaded that 1Password is a keeper, and it is now a permanent part of my computing. It’s not just better security, it’s actually started saving me a lot of time and hassle. 1Password is available for OS X and iOS and can sync up between all your devices (for my specific useage, I use 'git' to do the sync, but iCloud or Dropbox can be used).

Using 1Password for Password and Logins

1Password: enter master password to unlock the vault
1Password: enter master password to unlock the vault

Wiping Free Space on Hard Drives and SSDs

Looking for a quick way to wipe free space on any volume?

diglloydTools

The dgl wipeFree command in diglloydTools does so efficiently without any need to erase the drive (a full erase/wipe is always better if the drive is to be sold, but this is not viable when/if the drive is in active and continued use).

At present, the wipeFree command is command-line (Terminal) only. There is also the wipe-files command which erases file and/or folder contents and metadata.

As it turns out, my most frequent use of the wipeFree command is to wipe free space on Disk Utility disk images so that they compress down to the smallest possible size (e.g. when I zip compress one for downloading).

Note that for SSDs, wiping really cannot truly be done in a security sense due to block remapping internal to the drive. In this case, use disktester recondition command (available in GUI) with total writes exceeding the drive capacity by at least 10% does the job, so that the SSD has to “turn over” all its internal blocks.

RAID-5 Can Partitioned

Several readers have emailed to ask whether RAID-5 can be partitioned into multiple volumes. Indeed it can:

RAID-5 Can be Partitioned to Suit

Note that OWC offers a RAID-5 edition of the Thunderbay, which comes with SoftRAID 5 included. The MPG recommendation for most users is to NOT use one large 12/15/18TB volume, but to “chunk” it into 4/5/6TB volumes that thus match 4/5/6TB single-drive external backup volumes, which has several operational advantages. See Using Cloning as a Backup Strategy.

Three 5TB RAID-5 volumes using four 5TB drives

Three 5TB RAID-5 volumes using four 5TB drives

Upgrading the CPU in a 2009 or 2010 or 2013 Mac Pro Tower

The 2009 or 2010 or 2012 Mac Pro CPU can be upgraded to as much as a 12-core 3.46 GHz chip. With its internal bays and high speed PCIe slots, these older models are far from defunct, especially for video users (stuff several video cards into slots for video work).

With the 2013 Mac Pro priced not to sell (expensive), a CPU upgrade may be just what makes sense for some users. Downsides? No 4K display support as with the latest Mac Pro, and no Thunderbolt. Still, a CPU upgrade may be much more palatable than a $5K to $12K new model.

See Upgrading the Mac Pro CPU.

OWC CPU upgrade program

The graph below was derived a few years ago, but remains relevant in showing relative performance. Results vary greatly with which software and tasks are part of the workflow.

Relative CPU speeds
Relative CPU speeds

Photoshop and CPU Core Usage

One of the more frustrating things about Photoshop is how many operations run single-threaded, or only slightly better than single threaded. This graph shows a multi-minute job that I needed to run today many times—on the fastest Mac Pro that can be built (8 core 3.3 GHz CPU)!

Observe that CPU usage is about 130%, meaning that one CPU core of eight real CPU cores is used (800%). Put another way, 84% of the computing power goes unused, and the GPUs are useless for this task also. This is why a 4-core anything often performs as well as a far more expensive Mac Pro. Still, there are cases where 6 or 8 cores do get used; it’s all a question of which tasks for how long during the workday.

The core issue remains the same today as 10 or 15 years ago: software algorithms. There are plenty of places where Photoshop runs single-threaded where it need not. It’s a matter of software architecture and until and unless Adobe sees fit to advance in some areas, the fastest CPU speed wins for most all tasks.

CPU usage in Photoshop CC
CPU usage in Photoshop CC

Big Storage: 4TB, 5TB, 6TB Hard Drives

Prices on large hard drives have improved slightly. Even 6TB drives are now at reasonable levels (given how new they are). Prices have remained stable on 4TB drives, but the 5TB and 6TB are now dipping slightly lower.

Prices at OWC (which I prefer due to their 90-day DOA replacement policy):

4TB for $175 | 5TB for $219 | 6TB for $325

Many users will find 4TB drives ample, particularly in a unit like the OWC Thunderbay (4 X TB). Yet the 5TB drives are about 25% faster and the same price per gigabyte; this is 5TB drives are what MPG uses today.

For data intensive uses, buying too small for needs means replacement before the service life is over, so it’s best to assess current needs and rate of growth when choosing capacity.

MPG likes to match backup drive capacity to a matching-size volume (which implies partitioning large storage devices into volumes no larger than the backup drive capacity). And for RAID users, MPG strongly recommends a cold spare.

For a high capacity portable bus powered mini drive for travel or for desktops, MPG likes the 2TB OWC Mercury Elite Pro Mini.

High capacity hard drive prices
High capacity hard drive prices
5TB hard drive speed
5TB hard drive speed

iPhone Features, AT&T vs Verizon

See What does an iPhone 6 Plus cost? and screen size on the iPhone 6 Plus.

Ivan writes:

With some practical considerations:

Regarding your comments on the iPhone6+…… When the iPhone 5 came out, I decided to try and buy one from both AT&T and Verizon. I returned the Verizon iPhone (14 day policy). AT&T has superior phone clarity and the use of the data at the same time of placing a phone call. That is a big plus for me, and is not offered on the other networks. Verizon is now only starting to offer it in some areas from what I heard.

As for pricing, Verizon is more in my area vs. AT&T (south FL). I just compared it again, and the reduced rate of each line for the Next plan makes it so. Otherwise, its the same price. Sprint is a little less but, I don’t have the confidence in the network and the iPhone will also cannot do data and cell at the same time.

I have 4 iPhones on a plan, and just upgraded all to the Plus and I am getting on average $200 per iPhone trade in (have you thought of selling your iPhone 5s (probably get $275) and use it towards the replacement?). I will say I am pleased with AT&T customer service responses, so far. But I do think it is not a coincidence all the carriers price the same (I think you know what I mean). One other side note, the insurance plan from AT&T is less than the others, considerably. But their deductibles are onerous, whereas the Applecare does provide if you break the screen (with a $80 deductible (I think) but, not if it is stolen.

I am tempted not to get Applecare (I don’t need tech support) and get the AT&T insurance plan since the Next plan will allow me to trade up after 1 year. Moving on, there was an article and video on the net a few days ago that indicated 2 - 3 times faster LTE service with the new iPhone 6 vs. the iPhone 5s. I don’t know if that is indicative in every area. But I do know the longer battery life, more pixels, and larger display is a plus for me. I wonder if there is a larger source antenna in the plus version? Anyway, just my two cents.

MPG: These are very good points, particularly voice clarity, where I also rejected Verizon some time ago for poor voice quality vs the GSM standard used by AT&T. I have excellent hearing , never having wrecked my ears by rock concerts or chainsaws or such.

As noted in my previous comments, it’s impossible for me to test actual performance (network availability and speed) in the mountains where I travel short with anything less than a 500 mile round trip; only a full test would suffice. And travel is my critical business need. Faster LTE is of no interest to me since I see speeds as low as 100 bytes (bytes!) per second on an old edge network in Yosemite’s Tuolumne Meadows; regular 4G is ample for my travel needs.

The AT&T Next plan is financing on the the full cost of the phone over time (full retail and its price at introduction). Just multiply out the monthly payment by the term.

Longer battery life and a larger display are big pluses, but reception is something one can only test in the field, and here I doubt that it’s any better where I travel.

As for selling my iPhone 5s, AT&T rejected my request to unlock it, since it is still within the 2 year committment term.

Driving and iPhone or Siri Do Not Mix

Hands-Free Siri Interactions Result in Highest Levels of Mental Distraction While Driving

Study Shows Voice-Controlled Devices Distract Drivers

Siri or not, I take a hard line on this and more: use of any phone or similar device while driving is impaired driving. Period. And MPG thinks that Apple is grossly irresponsible to encourage any use of Siri in cars until its impairment load is reduced to a very low level.

Apple’s Siri, running on a modified version of iOS 7, scored the worst in testing, with a 4.1 point workload rating. That’s several steps up in mental workload from just talking on a cellphone, and just shy of the top of the scale, which Strayer described as “like trying to balance your checkbook” while driving.

As a cyclist, I am increasingly disturbed by what I see drivers doing with the iPhone and its ilk; it’s an epidemic of poor judgment. Like the harried parent (school pickup) with a lead foot texting as he careened towards me on my bicycle, apparently never even seeing me, but getting within 3-4 feet under hard acceleration. Perhaps that sort of thing should be punished just like a 0.10 DUI.

In my view, texting and similar while driving are incredibly dangerous. And so Apple’s idea of building iPhone-like functionality into a vehicle is irresponsible at best, to the extent that the idea is to offer interactive features or alert-type information that encourages a driver to read the alert/text/whatever while driving (which is illegal under California law now).

The causes of impaired driving are legion. The implications of that are worth pondering as to a proper legal framework that holds impaired drivers responsible whatever the cause: smoking pot, driving under the influence, or texting. Even holding a phone conversation (hands free or not) is distracting. But DUI is a stigmatized act, whereas social media usage and phone calls while driving are not. This is a new area of the law that requires some thought as communication devices evolve.

Elizabeth C writes:

I could not agree more. As far as I’m concerned, the real problem with using a cell phone while driving (whether hands free or not) is that it requires the same “higher functioning” portions of the brain as does driving.

So, if one is fully involved in a phone conversation, it is inevitable that one’s ability to process all relevant inputs while driving and then react accordingly in an accurate and timely fashion will suffer. If a situation arises where a driver has a split second to make a potentially life and death decision…. I know that I would want to be in complete control of my ability to make the “correct” decision. Unfortunately, too many drivers handicap themselves when facing such conditions. And we see this with all too frequent tragic results. We need to do better.

MPG: I admit to using a cell phone while driving, but except in dire need, only on deserted roads. In traffic, it scares the bejesus out of me.

Also, do we really think people can use medical marijuana and drive with all this? That scares me even more. Like when I was riding my bike about 2 weeks ago, and after pounding hard on the car trunk of the idiot in the bike lane (at 20 mph), to let this killer-wannabe know he was trying to kill me, he didn’t even notice. I think he was stoned and listening to his iPod.

Patches for 'bash' Shell Vulnerability

Adam Engst over at Tidbits.com has a detailed article on patching the Apple 'bash' shell vulnerability in How to Test Bash for Shellshock Vulnerabilities and Apple Updates Bash for the Shellshock Vulnerability.

Checking for the vulnerability

Paste these lines into a Terminal window to check for one of the vulnerabilities; there are apparently six different issues.

env x='() { :;}; echo VULNERABLE' bash -c "echo patched NOT vulnerable"

The patch

Why Apple forces a manual download update and not an automated Apple Software Update fix remains unclear. Downloads:

NEC to Offer 32-Inch Professional UltraHD 4K Display Soon

See commentary on the NEC PA322UHD over at diglloyd.com.

 
  NEC PA322UHD 32-inch 4K UltraHD Display
NEC PA322UHD 32-inch 4K UltraHD Display

Radio Frequency (RF) Exposure from Apple iPhone 6

Thanks to Serko A for point out the RF numbers for iPhone 6:

In iPhone 6 SAR Nearly Exceeds Legal Radiation Limits for Simultaneous Rating, it is pointed out that the iPhone 6 and 6 Pluys

Like most cell phones, both new iPhone 6 models have several transmitters that can simultaneously emit microwave radiation, which include Cellular, Wi-Fi and Bluetooth radiation. When all these transmitters are turned on, the iPhone 6 SAR value is 1.58 W/kg and for the iPhone 6 Plus SAR it’s 1.59 W/kg. These levels are very close to the legal limit which is 1.60 W/kg.

Twenty years from now, will there be more cancers from the heavy cell phone use among today’s users? I’m unclear on whether any hard evidence of harm exists (in an epidemiological sense and subject to peer review and repeat studies confirming it).

Perhaps only time will tell. Still, it does seem like a good idea to limit exposure. And yet when I’m out and about, the phone goes into my pocket (<1mm of separation vs 5mm for the Apple test numbers), and when I’m talking it’s against my head.

Internet Speed is an End-To-End “Up To” Concept, not a Consistent Quantity

Recently the MPG server was movd to a Tier 1 data center on a dedicated 100 megabit link. Ditto for WindInMyFace.com and the diglloyd.com image server.

Testing from another computer on a different link showed near theoretical max speed. As well, local testing showed that the server was delivering as fast as the link could go. Hence the server speed and link from the server out was/is really 100 megabit.

But at my home office which uses a Comcast business-class internet 100 X 20 megabit link, testing by downloading large files showed speeds typically around 20-40 megabits, far lower than the 100 megabits that the link ought to deliver, and that my server (see above) delivers from the data center. At times speeds might briefly hit 60 megabits, but only very briefly. See “Hops” towards the end of this piece for the explanation.

End-to-end and peering

When testing an internet connection for speed, most users go to a site like speedtest.net or similar. These sites maintain fast peered links to most providers, so the speeds almost always look terrific to the customer: “I’m getting what I’m paying for”.

Testing internet speed almost always shows expected (fast) speeds because the test sites are wired-up (so to speak) to be fast against the networks of large ISPs.

It’s like testing how fast your car accelerates on a 20% downhill grade.

Comcast and other ISPs (Internet Service Providers) maintain peering* between their network and some very large providers (think Apple, NetFlix, etc). That’s very worthwhile and good for accessing big popular sites, but for the vast majority of sites out there (like this one), real speed is less, even if the site is hosted on a high speed link.

* Peering as used here means semi direct connect links between a web site and an internet service provider in order to minimize latency and maximize bandwidth.

The WiFi hop

The foregoing assumed a wired connection from the computer to a fast cable modem or similar. But for many users the use of WiFi is another “hop”, but a hop subject to speed degradation and latency issues ranging from modest to severe, depending on distance, interference and so on.

Thus for many users, WiFi is almost certainly the slowest and highest latency hop of all and thus the gating factor on internet speed (for large transfers).

In general, WiFi deliver very poor performance for small transfers in particular, such as file sharing of many small files. Wire computers into a gigabit switch instead which will benefit a local network tremendously as well as internet access.

Is the fastest internet speed worth it?

A fast internet link is only as fast as its slowest link. Put another way, the quoted speed that Comcast or another ISP markets and hypes and sells is peak speed unlikely to be realized for the vast majority of web sites. On the flip side, that high speed really does deliver in some cases (for example, big software downloads from Apple and similar).

For most users a speed of 30 megabits or so is ample. A 20/30/50 megabit link won’t be as fast a 100 megabit link when downloading, say, an Apple software update, but for most web sites the real world speed, the user experience, will hardly change. And after all, many web sites themselves are sluggish, so it’s not about connection speed at all.

A valid question when buying internet service is whether peak speeds for that occassional big download from a big popular site is worth paying for.

Real world speed depends on the investment in infrastructure to deliver that speed consistently to web sites large and small. Then ask yourself if this QOS (quality of service) is likely to be a business goal of a large corporation serving millions of customers. And then one understands the outcry over “paid peering” and the like (so-called “net neutrality” efforts offer up serious negative long term issues, and are likely to be implemented as bludgeons, and must be handled very conservatively, if at all).

Hops

I investigated the behavior for this site and its sister sites and what I found is that my Comcast link has a slew of “hops” between my office and the server in the Tier 1 data center, meaning traffic is routed between many intermediate nodes before it can get to and from my web browser.

The “trip” looks something like this using traceroute (some lines slightly truncated here, to fit one per line). Note that the first eight nodes are Comcast (#1 is my cable model); my connection has to make 8 hops before it can even head towards my server.

UPDATE: I’m told by one reader that the hops are not the issue per se assuming no congestion (and no artificial gating or bandwidth controls or traffic prioritization, which one cannot rule out for Comcast). Whatever the reason, it’s clear that there are latency and bottlenecks involved, so the “on the ground” reality is that a 100 megabit connection is only theoretical for many web sites.

traceroute to diglloyd.com (204.11.224.34), 64 hops max, 52 byte packets
1 192.168.1.129 (192.168.1.129) 0.378 ms 0.296 ms 0.176 ms
2 * * *
3 c-73-170-32-1.hsd1.ca.comcast.net (73.170.32.1) 10.844 ms 8.725 ms 8.731
4 te-0-3-0-8-sur04.santaclara.ca.sfba.comcast.net (68.85.191.17) 9.432 ms
5 te-1-1-0-13-ar01.oakland.ca.sfba.comcast.net (69.139.199.110) 12.926 ms
te-1-1-0-9-ar01.oakland.ca.sfba.comcast.net (69.139.198.190) 10.918 ms
te-1-1-0-8-ar01.oakland.ca.sfba.comcast.net (68.85.155.150) 11.270 ms
6 be-90-ar01.sfsutro.ca.sfba.comcast.net (68.85.155.14) 13.664 ms
te-1-1-0-7-ar01.sfsutro.ca.sfba.comcast.net (69.139.198.174) 10.552 ms
be-90-ar01.sfsutro.ca.sfba.comcast.net (68.85.155.14) 16.406 ms
7 68.86.166.141 (68.86.166.141) 13.209 ms 15.673 ms 23.881 ms
8 be-17-pe02.11greatoaks.ca.ibone.comcast.net (68.86.83.46) 16.672 ms 16.510
9 snj-edge-03.inet.qwest.net (67.133.42.213) 16.390 ms 14.190 ms 14.535 ms
10 svl2-cntr-01.inet.qwest.net (205.171.244.2) 17.391 ms 17.059 ms 15.346 ms
11 63.146.113.85 (63.146.113.85) 15.006 ms 17.515 ms 16.497 ms
12 204.11.230.150.static.etheric.net (204.11.230.150) 21.869 ms 18.939 ms
13 * * *
14 204.11.227.110.static.etheric.net (204.11.227.110) 22.818 ms 22.409 ms 20.640 ms

With that many hops, it is not realistic to expect peak speed to my web browser from my server (via Comcast at least).

What does an iPhone 6 Plus cost?

See previous discussion of screen size on the iPhone 6 Plus.

I don’t have an eligible phone for a reduced price upgrade, having upgraded to iPhone 5s six months ago or so.

Still, it seemed a worthwhile upgrade for my particular needs, so I ordered a 64GB iPhone 6 Plus, not fully understanding the financial hit, details follow below.

Cost of an iPhone 6 Plus on AT&T Next
Cost of an iPhone 6 Plus on AT&T Next
  • If bought on the AT&T Next plan (the $42.45 per month one), you’ll receive a consumer credit disclosure showing that the phone is really an $895 purchase (plus tax on the full amount). Well, I can do math, but the notice riveted my attention: do I really need an $849 phone? So I canceled it.
  • If bought outright for $695 (my preference), AT&T throws in a fine print dirty trick (big surprise, that’s their modus operandi, they already tricked me on the 5s upgrade twice over): AT&T takes away the $25/month MobileShare discount, thus increasing my mobile phone bill by $300 per year. For just one (1) phone. The fine print alludes vaguely to this, but you have to go looking to figure it out. That makes the same phone a $995+ purchase ($695 + tax + $300) for the first year alone. After the first year you continue to get dinged by $25/month.

Smells like manure to me.

So why don’t I abandon AT&T and switch to the aggressive buy-out plans offered by Sprint? Pure and simple: coverage where I travel. It took me years to figure out where I could get coverage, and that’s essential to my business needs when I’m up there for up to two weeks at a time.

Don H writes:

If you have some sort of family plan then that’s beyond the scope of this discussion, but if it’s just a single phone + contract you might be able to get off the AT&T subsidy/handcuff treadmill and yet still use their network.

As you know, there is no free lunch, so if you buy the device *unlocked* and at list price, you’re generally no better or worse off than if you pay for it through a carrier subsidy. I just did that myself at the Apple Store last Wednesday (I assessed the iPhone 6 after the announcement and realized that, for me, the 5S would be sufficient, so I traded in my pristine 4S at the store before the resale value plummets when all the other upgraders flood the market). So that puts the device purchase on the same level as buying a new computer: no strings attached.

So now the question is what’s the best AT&T plan for those who already have a phone. I don’t know what your phone/data needs are, but there are various pre-paid plans that you could evaluate: http://www.att.com/shop/wireless/plans/prepaidplans.html

Then there is AIO prepaid, which has now been folded into Cricket, which AT&T owns and operates: http://en.wikipedia.org/wiki/Cricket_Wireless

Their pre-paid plans: https://www.cricketwireless.com/cell-phone-plans

These plans use the very same AT&T network that you’ve been signed up for on your post-paid AT&T service. Exact same coverage.

———————

I was an AT&T customer since 2001, and generally pleased with their service until I got my first smartphone (the aforementioned iPhone 4S). At that point I had to sign up for a more expensive data plan even though I didn't use it much, and the ‘surcharges and fee’s on the bill amounted to a third of the total cost! (A lot of those so-called taxes and fees are shifted from AT&T’s cost of doing business directly to the customer, just as if In-n-Out (McDonald’s) added a ‘restaurant inspection fee’ to the cost of the burger at the cash register while advertising the lower price on the menu board.) After my grandfathered contract ended they wanted to tack on even more fees for no reason other than they could.

So in January of this year I got my phone unlocked and switched to T-Mobile, which offers, for $30 per month (with no added fees or taxes), 100 minutes talk, unlimited text, and 5GB of LTE data. If I exceed 100 minutes of talk each additional minute is 10 cents per. (Since we have unlimited talk on our landline I use that for most outgoing calls including those that are likely to result in long hold times.) http://prepaid-phones.t-mobile.com/prepaid-plans

The big downside, of course, is T-Mobile's limited coverage, which would be a deal-breaker for you. But the point is I researched other options from the usual AT&T post-paid plans and with an unsubsidized, unlocked phone am now in control of my own upgrade cycles, and I can shop around for LTE plans independently. You might want to weigh all the options, including those listed above, while re-assessing just how much voice and data you need.

I’ll say one other thing about AT&T versus T-Mobile. For all their faults, AT&T has a much better web site and means of checking your account info. The T-Mobile web site and account page/app are much more disorganized or lacking in useful information. I learned how to deal with them by way of other tech blogs who love the $30 plan (for 30 days) but not the support so much. I guess that’s why we’re only paying $30 per month.

MPG: my family plan is on staggered dates and rate plans (historical reasons), so it’s a mess. I’m going to wait until November or so and reevaluate, since AT&T cannot deliver until then anyway. An unlocked buy-outright phone is more appealing on an expensing basis, and it looks like this can just be substituted in to the existing plan. I’d then sell my 5s. For that matter, an refurbished phone is fine by me, so maybe come January or so that will also be an option.

See also Apple's second secret eBay store launches with certified refurbished, unlocked GSM iPhone 5 models.

Don H also notes:

One other thing to do with any phone that gets paid off is to have it unlocked by AT&T. In the past that was an exercise in caprice as they might unlock some phones before the term was up and on others they’d drag their feet. But now they have an unlock request page:

https://www.att.com/deviceunlock/client/en_US/

Definitely do that with all your eligible devices. You never know when you might want to use it with an alternate carrier or lend to a friend for a week or whatever. There is no reason in this day an age for a phone to be ‘locked’ in the first place (they already have you with a signed contract), so unlocking it is like removing a tracking ankle bracelet when you’ve served out parole.

MPG: note that the requested passcode is not the login account password for AT&T but a separate code associated with the phone or account. Unlocking a handset also increases its resale value.

Big Storage: 4TB, 5TB, 6TB Hard Drives

Prices on large hard drives are getting interesting. Even 6TB drives are now at reasonable levels (given how new they are).

Prices at OWC (which I prefer due to their 90-day DOA replacement policy):

The larger capacities come at a premium for $/GB, but this has always been true. Buying too small for needs just means a proliferation of too many drives, so it’s best to assess current needs and rate of growth when choosing capacity.

Also, MPG likes to match backup drive capacity to a matching-size volume (which implies partitioning large storage devices into volumes no larger than the backup drive capacity).

For a high capacity portable mini bus powered drive, MPG likes the 2TB OWC Mercury Elite Pro Mini.

High capacity hard drive prices
High capacity hard drive prices

Wiping Free Space on Hard Drives and SSDs

Looking for a quick way to wipe free space on any volume?

diglloydTools

The dgl wipeFree command in diglloydTools does so efficiently without any need to erase the drive (a full erase/wipe is always better if the drive is to be sold, but this is not viable when/if the drive is in active and continued use).

At present, the wipeFree command is command-line (Terminal) only. There is also the wipe-files command which erases file and/or folder contents and metadata.

As it turns out, my most frequent use of the wipeFree command is to wipe free space on Disk Utility disk images so that they compress down to the smallest possible size (e.g. when I zip compress one for downloading).

Note that for SSDs, wiping really cannot truly be done in a security sense due to block remapping internal to the drive. In this case, use disktester recondition command (available in GUI) with total writes exceeding the drive capacity by at least 10% does the job, so that the SSD has to “turn over” all its internal blocks.

The new Apple iPhone: Display Zoom on Larger Model Attractive

Friends have asked my whether I’d be getting the new iPhone 6, having the same doubts as I have: every new iPhone comes with new hype and new sleekness and new this and that, but nothing really better for my particular needs (which do not involve music or videos or apps).

But in taking a look at the new 5.5-inch iPhone 6 Plus size model (the first large screen model Apple has offered), I am now inclined to consider it for one ergonomic reason: the tiny type on the iPhone 5s is trouble for my presbyopic eyes.

The iPhone 6 Plus screen is not only larger, but higher density. So the iPhone 6 Plus “Display Zoom” feature means I can get the iPhone 5s content magnified up to the iPhone 6 Plus screen with similar clarity but at a larger size—easier to see. The too-small everything on the iPhone 5s has denied me useful operation of an iPhone for basic operations like web browsing—can be done, but it’s never comfortable.

Along with Display Zoom, the wider landscape view affords more area which itself can help by allowing some displayed material to be larger, since other stuff can now reside to the side. Together, the iPhone 6 Plus looks like it might be a practical upgrade for a nagging issue for me.

On the downside, 172 grams vs 129 grams will make the Plus model noticeably heavier, and it won’t fit as well into a pocket. Always a tradeoff.

Battery life

The iPhone 6 Plus battery is larger, and it nets out at 20% to 80% longer battery life than the iPhone 6 and that alone could be reason to go with the larger model for some users.

But I’m not buying one.

Don’t Assume that a Password Manager is Safe, Auto-Fill for Password a Bad Idea

Security expert Bruce Schneier posted some good info on password managers.

Security is often a trade-off with convenience, and most password managers automatically fill in passwords on browser pages. This turns out to be a difficult thing to do securely, and opens up password managers to attack.

My own password manager, Password Safe, wasn't mentioned in either of these papers. I specifically designed it not to automatically fill. I specifically designed it to be a standalone application. The fast way to transfer a password from Password Safe to a browser page is by using the operating system's cut and paste commands. I still recommend using a password manager, simply because it allows you to choose longer and stronger passwords.

MPG agrees completely that use of a password manager is a big step up in security for most users, because password quality goes way up—relieving the user of the need to think up new and relatively weak passwords and/or struggle with strong but difficult and hard to remember passwords.

I don’t know if Apple Safari Auto Fill is secure or not. Or if secure, whether if it will stay secure. But this is how I configure Safari.

Apple Safari auto-fill username and password Is it safe? You never know, and so it is never a good idea.
Apple Safari auto-fill username and password
Is it safe? You never know, and so it is never a good idea.

Auto fill for passwords = risky in general

Free WiFi might be far more costly than you think.

From Password Managers: Attacks and Defenses. Emphasis added. Lots more critical details, but the main thing is that autofill is a dubious idea subject to many risks, and varies by browers and password manager as to the extent of those risks.

As a warm-up we present one example here. Consider web sites that serve a login page over HTTP, but submit the user’s password over HTTPS (a setup intended to prevent an eavesdropper from reading the password but actually leaves the site vulnerable).

Suppose a user, Alice, uses a password manager to save her passwords for these sites At some point later, Alice connects to a rogue WiFi router at a coffee shop. Her browser is directed to a landing page that asks her to agree to the terms of service, as is common in free WiFi hotspots. Unbeknownst to Alice, the landing page contains multiple invisible iFrames pointing to the login pages of the websites for which Alice has saved passwords. When the browser loads these iFrames, the rogue router injects JavaScript into each page and extracts the passwords auto-filled by the password manager.

This simple attack, without any interaction with the user, can automatically extract passwords from the password manager at a rate of about ten passwords per second. Six of the ten password managers we examined were vulnerable to this attack.

From the user’s point of view, she simply visited the landing page of a free WiFi hotspot. There is no visual indication that password extraction is taking place.
...
Chrome (all platforms) is the only automatic autofill password manager that is not vulnerable to the iFrame-based attack, because they never automatically autofill passwords in iFrames. All the other automatic autofill password managers are vulnerable to this attack. Even though the autofill policies of Norton IdentitySafe, Safari, Mobile Safari, and LastPass Tab described in Sec- tion 2.2 restrict the number of passwords that can be stolen in a single sweep to 1, they remain vulnerable.

Password sync across devices (e.g. desktop computer and iPad/iPhone) is a risky thing too, for reasons the paper discusses.

We disclosed our results to the password manager vendors, prompting several changes to autofill policies. Due to our findings, LastPass will no longer automatically autofill password fields in iFrames, and 1Password will no longer offer to fill passwords from HTTPS pages on HTTP pages.

Emperor’s new Password manager

A video explaining some vulnerabilities. Again, auto-fill is a bad idea, but there is more than that.

FOR SALE: 6 OWC Mercury Elite Pro External Quad-Interface Enclosures (for 3.5-inch Hard Drives)

You pick up locally (near Palo Alto, CA) or pay shipping. Contact.

MPG storage has moved to multiple OWC Thunderbay units, so these are no longer needed.

OWC Garage Sale

OWC has a semi-annual garage sale on all sorts of stuff: enclosures, cables, drives, power adapter, all sorts of accessories for Mac/iPad/iPhone, etc.


Max Your Mac Pro at OWC

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2008-2014 diglloyd Inc, all rights reserved.