Rigorously lab tested and OWC certified.

Mobile Phone Companies Sell your Name and Location Data

From EasyDNS.com:

TechCrunch reported Shotwell Labs’ co-founder findings that even after the FCC penalized Verizon for injecting markers into their customers’ data that enabled them to be tracked without customer consent, the practice is still thriving across mobile providers and being used to sell name and location data to whoever ponies up for it.

The mobile providers are injecting a new data element similar to Verizon’s Unique Identifier Header (UIDH) which is appended to HTTP requests and allows websites visited to see personally identifiable data, including billing and location info, if they subscribe to the carriers data feed for it. While the article does enumerate some legitimate reasons for websites to gain access to this (employee tracking), it’s still concerning.

MPG: scum bags.

From TechCrunch Mobile phone companies appear to be providing your number and location to anyone who pays:

The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)

MPG: the one site linked-to is now offline:

Want to see something crazy? Open this link on your phone with WiFi turned off

Note: this demo site may have been taken down after this report got traction.

Click “Begin,” enter the ZIP code and then click “See Underlying Data.”

What you should see is your home address, phone number, cell phone contract details, and — depending on what kind of cell phone towers you’re currently connected to — a latitude and longitude describing the current location of your cell phone.

MPG: So nice of the Feds to require that mobile devices be locatable to within 100 feet or so.

A few CEOs in prison for a few years would get things moving on eliminating or reducing some of these issues.

Private data is just too dangerous to trust to companies, or the government, since even the NSA cannot do it, an the IRS contracted with Equifax, which served up malware. Identity theft can land you in prison if the thief commits a crime in your name. It’s time to impose severe penalities for mis-use of private information, including the corporate death penalty.

Michael C write:

I was reading this morning your post and wanted to offer a few observations:

1 – Attached is a redacted privacy page from my Verizon wireless account here in San Francisco. Well hidden on the Verizon Wireless customer page, one can get to an opt-out page (My Profile > Privacy Settings)

2- Once on that Privacy Settings page, you will see three areas where OPT OUT selections can be made. I am presuming that Verizon is honoring those OPT OUTS. If they are not, then we are back to beating the snot out the scumbags in court, AGAIN.

3- The relevant FCC order is:

“5. To settle this matter, Verizon Wireless will pay a fine of $1,350,000 and implement a compliance plan that requires it to obtain customer opt-in consent prior to sharing a customer’s UIDH with a third party to deliver targeted advertising. With respect to sharing UIDH internally within Verizon Communications Inc. and its subsidiaries,6 it must obtain either opt-in or opt-out consent from its customers. Verizon Wireless will also generate customer UIDH using methods that comply with reasonable and accepted security standards.”

Like most other rational adults, I loathe the data-hoovering that goes on around us. I am concerned, though, that the Shotwell and TechCrucnh folks may have gone off half-cocked UNLESS the telcos are willfully violating these FCC orders.

MPG: good points—important to see proof of willful violaton—might be less bad than it seems.

Equifax: It Just Keeps Getting Better, for Hackers

MPG insists upon the corporate death penalty for Equifax. Let that be a lesson to a company profiting from information that is private.

Equifax consumer assistance website infected with malware

From EasyDNS.com:

The hits just keep on coming for Equifax. After one of the worst data breaches in history the company received further criticism for winning a “no-bid” contract with the IRS to “secure taxpayer data”.

Now it turns out the public information website it set up to help consumers understand the nature of the data breach was itself infected and thus served up malware to those browsing it. The hostile code took form of a fake “Adobe Flash Update” which instead of updating Flash, installed third-party spyware on the subject computer. Keep up the good work Equifax!

MPG: many people are going to lose everything to identify theft, or be imprisoned because an imposter commits a crime. Just try proving “it wasn’t me” with a stolen identify problem. Extremely dangerous stuff here.

Which Camera System / Lenses Should Are Best?
✓ Get the ideal system for your needs: diglloyd photographic consulting.

All your WIFI are belong to us: Major vulnerability in WPA2 to be released

MPG has long advised wired internet for performance reasons, as well as advising against public WiFi locations.

WiFi is apparently vulnerable to a complete loss of security.

For the techie, emphasis added:

Key Reinstallation A acks: Forcing Nonce Reuse in WPA2

We introduce the key reinstallation attack. This attack abuses design or implementation aws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are a ected by the attack.


Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.


All Wi-Fi clients we tested were vulnerable to our attack against the group key handshake. This enables an adversary to replay broadcast and multicast frames. When the 4-way or fast BSS tran- sition handshake is attacked, the precise impact depends on the data-confidentiality protocol being used. In all cases though, it is possible to decrypt frames and thus hijack TCP connections. This enables the injection of data into unencrypted HTTP connections. Moreover, against Android 6.0 our attack triggered the installation of an all-zero key, completely voiding any security guarantees.

Rather worryingly, our key reinstallation attack even occurs spontaneously if certain handshake messages are lost due to back- ground noise. This means that under certain conditions, implementations are reusing nonces without an adversary being present.

Less technical, from an email I received from EasyDNS.com:

WPA2, the encryption algorithm in use today on nearly all WIFI access points has been discovered to have a major security flaw which renders them hackable.

The upshot is that attackers will be able to read all data traversing the WIFI access point (another reason to use VPN sessions to further encrypt your data before it flows over the air). Security researchers will release their findings at Computer and Communications Security (CCS) on November 1, 2017. My understanding of this so far is that once the paper drops and the inevitable exploits follow, both the access point and the clients will need vendor patching to be secure. Think “heart bleed” to the exponent “shell shock”.

Security researchers will release their findings at Computer and Communications Security (CCS) on November 1, 2017. My understanding of this so far is that once the paper drops and the inevitable exploits follow, both the access point and the clients will need vendor patching to be secure. Think “heart bleed” to the exponent “shell shock”.

MPG: every iPhone and iPad and laptop and similar user relying on WiFi should take pause, particularly at public WiFi access points that might not get patched (remember Equifax screw-up? No need to remember, it is now at present a worse screwup).

Don H writes that Apple already has a patch, albeit only in beta versions of macOS and iOS. The claims in that link are that once the iPhone/iPad/Mac are patched that they will be safe to use anywhere. Kudos to Apple for rolling this out quickly (assuming that happens).

This site and diglloyd.com use https which and as far as I understand it protects user data, but that is not a statement of fact, only what I believe is correct, having worked with encryption as an engineer for some years.

It might be a discard your WiFi routers and get secure ones, if they cannot be updated to address the flaw.


WPA2: Broken with KRACK. What now?

Falling through the KRACKs

Reddit.com list of patches

GitHub list of vendor patches

B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 17 hours unless noted. Certain deals may last longer.

OWC Mini Travel Dock Handy for Quick Peripheral Usage, SD Card Reader, Pass-Thru Charging, USB Ports

Get OWC USB-C Travel Dock at MacSales.com.

See the previous post on the OWC Travel Dock which has some user comments and why cheap non-certified products might not be a good idea. OWC puts all their Thunderbolt products through the official certification process, which is neither cheap nor quick.

Just recently I was testing this nifty new Thunderbolt 3 SSD seen at bottom left, the OWC Envoy Pro EX 1TB SSD. It offers performance far exceeding anything that can be had with USB3. I’ll have a formal review just as soon as it ships and is officially announced (oops).

I can’t stand trackpads (particularly the oversized awful one on the 2016/2017 Apple MacBook Pro)—so I wanted to attach a mouse.

But that was impossible since the power plug was needed while testing and the SSD used the other port (13" models have a miserly two ports). Plus, a Type-A to USB Type-C Adapter would have been required.

With the OWC about $49.99 USB-C Travel Dock I had an instant solution, as shown: it provides a USB-3 port, passes through the power and thus the other Thunderbolt 3 port remains available for use. Headache gone.

Why do smaller/lighter Apple products always have to be compromised (memory, ports, CPUs, etc). Lots of power users want something light and compact, but do not want to lose functionality. This is not elegance of design!

More info on the USB-C Travel Dock below.

OWC USB-C Mini Travel Dock

About the OWC Travel Dock

2016 and 2017 MacBook Pro users now have a solution for reducing the number of dongles to carry to just one device for common needs in the about $50 OWC USB-C Mini Travel Dock.

  • 2 x USB 3.1 Gen 1 (Standard-A) Ports
  • USB-C Auxiliary Power Port (up to 60W)
  • SD Card Reader (UHS-II)
  • HDMI 2.0 Port Supports 4K display resolution – up to 4096 x 2160 at 30Hz
  • Available in 4 colors
  • 2 Year OWC Limited Warranty
  • Any type C power adapter up to 100 watts can be connected to the Mini Travel Dock.

Fitting easily into a small purse or back or moderate-size pocket, the OWC USB-C Travel Dock solves two key needs that I have when working in the field: USB-A port support (for a backup drive), and an SD card slot (for downloading image). Although I am still using a 2015 MacBook Pro, when I ultimately move to newer model, this will be a critical accessory.

See also OWC Thunderbolt 3 Dock and OWC USB-C Dock for Apple MacBook.

OWC USB-C Mini Travel Dock


OWC Easy SSD Upgrade Guide
MacBook Pro and MacBook Air
iMac, Mac Pro, MacMini, more!

Deals on Factory Sealed iMac 5K at OWC + Refurbished Mac Deals

See my computing wish list.

OWC (MacSales.com) often sells factory sealed Macs. You can trust them to stand behind what they sell, be it a Mac or any kind of peripheral.

OWC / MacSales.com also has Oktoberfest deals through Oct 18.

Rigorously lab tested and OWC certified.

Out of Space on your 2010-2015 MacBook Pro? SSD Prices Highly Attractive for Upgrading SSD Capacity

OWC has SSD upgrades for MacBook Pro through 2015 as well as SSDs and SSD upgrades for just about any Mac.

In Making an Old Dog of a Laptop Run Like a New One a few years ago, I discussed how an SSD upgrade could bring new life to an older laptop that might be just fine excepting its old slow hard drive.

Most Apple MacBook Pro models from 2012 on (and some earlier ones) are still strong performers. I still run several 2012 Macbook Pros as 24 X 7 servers with 1TB OWC SSD drives—bulletproof operation for 44000 hours now.

If laptop needs are not too demanding, why spend the huge amount of on a new laptop when an SSD upgrade can speed up the current one and increase capacity? If you have several children as I do, I’m not about to spend $1500 each on a new laptop.

OWC Mercury Electra 6G SSD

Upgrading a 2012 MacBook Pro 13" from 128GB to 500GB

Here in September 2017, my father’s 2012 MacBook Pro with its Apple 128GB SSD was becoming a hassle: his relatively modest storage needs precluded having any copy or clone operation succeed due to lack of space on that Apple SSD.

His goal was to have his photos along on the laptop that were on his desktop Mac, and he was/is happy with the performance and everything else, it was just a storage capacity issue.

We considered a 250GB and 1TB options, but deemed 250GB not enough, and 1TB or 2TB way more than needed, so we settled on the about $220 OWC 500GB OWC Mercury Electra 6G SSD.

OWC also has many SSD upgrade kits, which include tools and a USB3 case for the old SSD for external use. For most users, the kit is a great idea, since the tools are included.

OWC Mercury Electra 6G SSD
OWC Mercury Electra 6G SSD

How to upgrade

See also How to upgrade your system/boot drive.

The upgrade process is painless using cloning:

  1. Clone the old drive to the new SSD (or clone to an intermediate drive).
  2. Unscrew the back cover, replace the old drive with the SSD. (if using an intermediate drive, boot off it, then clone it back to the internal SSD).
  3. Boot the machine off the new SSD (System Preferences => Startup Disk). Nothing changes except a lot more space—no need to reinstall the system or appsnothing changes due to the cloning.

As I understand it, OWC can do this part for you for a modest fee. If doing it yourself, you’ll need a small screwdriver and a torx screwdriver. See the OWC install videos in this case the install video for the mid-2012 MacBook Pro 13".

The old Apple SSD was good for about 350 MB/sec. The new SSD does 400-500 MB/sec, so not only is it a lot faster, it is 4X the storage—problem solved.

See also Case Study: Upgrade a 2010 MacBook Pro for Photoshop Performance and Case Study: Upgrade a MacBook Pro to Banish Sluggishness which shows how valuable a hard drive to SSD upgrade can be:

Before and after HDD => SSD upgrade
Before and after HDD => SSD upgrade
Rigorously lab tested and OWC certified.

macOS HighSierra: New Security Behavior includes a new Zero Day Exploit (kernel level compromise) and Dumping User Passwords

Get iMac 5K at B&H Photo and see my Mac wishlist.

This seems to be a move forward in making macOS less susceptible to malware—good. See Technical Note TN2459 User-Approved Kernel Extension Loading.


Update: so much for “good”: there is apparently a zero day exploit that comes with this new security theater. This exploit allows taking full control of the computer, more on that below.

In macOS HighSierra: Brief Use Brings Relief in a Way: Worth Ignoring for a While, I used the term “incompetent” in my post, which is too kind apparently. It should be something like “negligently incompetent”. That is, introducing a new zero day exploit that allows taking over macOS in the course of introducing a new almost marginal useful security feature.

I don’t usually hold developers at fault, since management’s calendar-driven shipping schedule guarantees problems. But in this case I have to make an exception; having worked in security before as an engineering manager (Pretty Good Privacy, startup), our team took everything seriously. You just don’t change Stuff without going over it head to toe, and I’d bet this was rushed out like everything else. Security staff should have the competence to get it right, and the integrity to push back hard against a management willing to endanger user security by rushing out new features.

macOS High Sierra Blocks install of system extensions by default
macOS High Sierra Blocks install of system extensions by default

Zero Day Exploit in macOS High Sierra

So much for “good”:

Objective See: High Sierra's 'Secure Kernel Extension Loading' is Broken › a new 'security' feature in macOS 10.13, is trivial to bypass.

In brief:

SKEL merely hampers the efforts of the 'good guys' (i.e. 3rd-party macOS developers such as those that design security products). Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected. While many respected security researchers, system administrators, and macOS developers have voiced this concern, here we'll prove this by demonstrating a 0day vulnerability in SKEL's implementation that decisively bypasses it fully.


While at this time I cannot release technical details of the vulnerability, here's a demo of a full SKEL bypass. As can be seen below in the iTerm window below, after dumping the version of the system (High Sierra, beta 9) and showing that SIP is enabled and that kernel extension we aiming to load (LittleSnitch.kext) is not loaded, nor is in the 'kext policy' database, something magic happens. In short, we exploit an implementation vulnerability in SKEL that allows us to load a new unapproved kext, fully programmatically, without any user interaction.

MPG: enjoy your new Mac with smokin' HighSierra.

Dumping user passwords

Here’s another nifty security problem: on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords) 🍎�😭 v.


macOS HighSierra: APFS Conversion of Boot Drive SSD

Get iMac 5K at B&H Photo and see my Mac wishlist.

I installed macOS HighSierra on the MacBook Pro 13": 2.4 GHz, 512GB SSD, 16GB (hey, it’s my daughter’s laptop, so it’s fair game as the guinea pig).

The installation process converts the boot drive to APFS as advertised (no choice, no asking for permission, which I deem yet another manifestation of disrespect for users).

So far, I see no performance benefits whatsoever, only weird performance problems.

Can you say “performance downgrade”? Emptying the trash is glacially slow; trash containing 1000 files should take a second or two, but took about 90 seconds. This is the SSD performance boost we’ve been promised that comes from APFS?

macOS High Sierra converts boot drive SSD to APFS


Blazing-fast PCIe storage for Mac Pro Tower

macOS HighSierra: Brief Use Brings Relief in a Way: Worth Ignoring for a While

Get iMac 5K at B&H Photo and see my Mac wishlist.

The only machine I’m willing to install macOS HighSierra on so far is my daughter’s 2016 MacBook Pro 13": 2.4 GHz, 512GB SSD, 16GB.

Upon first use, I noticed two bizarre behaviors I’ve never seen before:

  • Glacially slow login (and not the first login either), taking about 3 minutes to login. Subsequent logins went faster, but are still very slow.
  • Coming out of sleep, the MacBook Pro was running about 100 times slower than normal. It wsa not hot or under stress as with MacOS Bug: Kernel Task Uses Most or All CPU Cores Continuously (Ambient Temperature Too High). Just some new bug I’ve never seen before on any Mac and my daughter indicates that she never saw it behave the way since she got it 9 months ago.

Glitches like these right after upgrading make me think I will take quite some time before I trust smokin' HighSierra.

Apple has also rushed out a patch for a nasty security bug:

Take steps to protect your data if you see your password instead of your password hint for an encrypted APFS volume.

Incompetence is one thing; incompetence with security is an order of far worse. As usual, Apple has rushed out a macOS release with incompetence in testing, just as over the past 5 years. I am not a fan of release-by-calender-for-iPhone-quality-be-damned management.

This issue might be far nastier than described: plaintext passwords should NEVER be saved if at all avoidable (and it is avoidable for encrypted drives, login, etc) only their salted and hashed forms (irreversible computations of the original). I’m not entirely sure what is going on from the description, but if it is what is sounds like, there are serious security flaws in design.

MPG stands by and re-emphasizes its advice to avoid upgrading to High Sierra for at least six months. That’s about how much time will be needed to finish it and about how much time Apple allows until deverlopers are put onto the next buggy calendar-drive macOS release.


Update: apparently there is a new zero day exploit introduced as well.

USB-C Dock for MacBook

4 USB3 ports, 1 USB-C port, SD card reader, gigabit ethernet, audio ports, HDMK 4K port!

Travel Bag for iMac 5K — Works Great

Get iMac 5K at B&H Photo and see my Mac wishlist.

I have been using the 2015 iMac 5K along with the NEC PA302W in my Mercedes Sprinter photography adventure van now for about two weeks on the road.

The about $199 Gator Cases Creative Pro 27" iMac Carry Tote is doing a great job protecting the iMac 5K, and it can be set up in under a minute and used even without removing it from the bag, although for extended use it is best to remove it for ergonomic and heat reasons.

Well worth the price, for anyone traveling with an iMac 5K as I am.

Gator Cases Creative Pro 27" iMac Carry Tote

As shown below, the Xantrex 3012 3000 watt power inverter was too big and has been swapped out for the Xantrex Freedom XC. The van is not finished (walls in particular), and I am still using the temporary table as shown with a 2015 iMac 5K and the NEC PA302W wide gamut professional display powered by a 5 kilowatt Lithionics battery, good for about 20 hours of computing as shown. The iMac and display are stowed when driving. The Yeti Tundra 210 cooler seen at left is part of the bed platform.

iMac 5K with NEC PA302W computing setup in Mercedes Sprinter photography adventure van
f1.8 @ 1/30 sec, ISO 32; 2017-09-11 17:41:12
iPhone 7 Plus + iPhone 7 Plus back dual camera 3.99mm f/1.8 @ 28mm (4mm)

[low-res image for bot]
Sprinter photography adventure van view to Alpenglow on Mt Whitney
f9 @ 1/8 sec, ISO 64; 2017-09-24 06:48:21 [focus stack 3 frames]
NIKON D810 + Zeiss Milvus 35mm f/1.4

[low-res image for bot]
Blazing-fast PCIe storage for Mac Pro Tower

Options for Connecting a Display with Mini DisplayPort or DisplayPort input to a Mac with Thunderbolt 3 / USB-C

See MPG’s Mac wish list  MPG gets credit if you buy through those links.
Suggested accessories for new Macs include the OWC Thunderbolt 3 Dock, the 1TB Envoy Pro EX.

One problem Apple created while leaving users without an Apple solution is being able to connect an external display to a Mac with Thunderbolt 3 / USB-C. Apple’s Thunderbolt 3 to Thunderbolt 2 adapter passes data only—not video.

While the OWC Thunderbolt 3 Dock solves this problem neatly (highly recommended, more on that below), there are cases where all one wants is adaptation for the display.

In particular, in my Mercedes Sprinter photography adventure van (see setup), I just want to connect my NEC PA302W wide gamut professional display to the computer; an extra 15 watts for the Thunderbolt 3 Dock makes sense only if I need its other ports, which I do not need on the road, or at least do not need except briefly. So I am loathe to chew up 15 watts just to have the display connected (the display itself takes 90 watts which is bad enough). Aside from cost, that is a key reason why I am using a 2015 MacBook Pro and a 2015 iMac 5K—not the 2017 models which have Thunderbolt 3 ports and no Mini DisplayPort.

There are various products which might provide the necessary adaptation. They are not cheap, but not expensive either (about $80).

B&H Photo has Thunderbolt 3 to DisplayPort adapters as well as various DisplayPort to Mini DisplayPort adapters. DisplayPort (or Mini DisplayPort) is just fine for displays like my NEC PA302W, which has both types of ports (signal is the same, it’s just a cable form factor issue). If a display has only a Mini DisplayPort port, there are DisplayPort to Mini DisplayPort adapters and/or DisplayPort to Mini DisplayPort cables. Be sure to test the cables; compatibility is not guaranteed in my experience.

StarTech Thunderbolt 3 to Dual DisplayPort Adapter
Sonnet Thunderbolt 3 to Dual DisplayPort Adapter for 4K Displays (Mac & Windows)
Mini DisplayPort (male) to
DisplayPort (male) cable

Some users might be fine with HDMI inputs on a display, but that has some limitations for calibration as I understand it, at least for 10 bit with NEC Spectra View II, so I rule it out for my needs.

Cleanest/best solution for Thunderbolt 3 to Mini DisplayPort

More expensive than the adapters above, but with far more functionality, the OWC Thunderbolt 3 Dock neatly solves display connectivity issue with its Mini DisplayPort port (1 port), charges the MacBook Pro, and provides gigabit ethernet and other ports, as shown. This is the cleanest and best solution for normal desktop usage.

OWC Thunderbolt 3 Dock port layout

Philip S writes:

"One problem Apple created while leaving users without an Apple solution is being able to connect an external display to a Mac with Thunderbolt 3 / USB-C. Apple’s Thunderbolt 3 to Thunderbolt 2 adapter passes data only—not video.”

Perhaps I am misunderstanding what you have written. However I have an Apple Thunderbolt Display connected to my brand-new 5K mid-2017 iMac, using the aforesaid Thunderbolt 3-to-Thunderbolt 2 adapter. It works perfectly.

MPG: I tested the Apple adapter in 2016 and again in 2016 and it does not pass a video signal. Readers confirm the same. So something special is going on with the Apple Thunderbolt display—notable it is a Thunderbolt display, not just a Mini DisplayPort display. The fact that it works is consistent with the fact that NEC displays work fine off the OWC Thunderbolt 3 Dock.

OWC Thunderbolt 2 Dock
Review of Thunderbolt 2 Dock

macOS High Sierra: Apple’s Technote on APFS is Both Confusing and Possibly Incorrect

The only serious feature in macOS High Sierra is APFS. Indeed, APFS is the most significant change in many years to macOS. There are going to be issues.

MPG reiterates its recommendation that professionals and those with important work to do not install macOS High Sierra for at least 6 months.

Apple has published a technote Prepare for APFS in macOS High Sierra. Most of it is straightforward, but from what I can tell, no engineer ever reviewed it. I say this because the terminology is so odd that I have to interpret it and make assumptions to try to understand it.

The problematic description:

APFS compatibility

Devices formatted as Mac OS Extended (HFS+) can be read from and written to by devices formatted as APFS.
[MPG: this makes NO SENSE at all, an SSD "device" does not read another SSD. Nor is it even relevant; separate file systems are separate file systems that do not interact]

Devices formatted as APFS can be read from and written to by: Other devices formatted as APFS Devices formatted as Mac OS Extended, if using macOS High Sierra.
[MPG: devices do not read other devices, macOS reads and writes to storage. WORSE, this seems to imply that a device can be simultaneously formatted as APFS and Mac OS Extended, a nonsensical statement]

For example, a USB storage device formatted as APFS can be read by a Mac using High Sierra, but not by a Mac using Sierra or earlier.
[MPG: this makes sense (macOS reads file systems not "devices" ), but is very disappointing if true]

If this is the kind of documentation we are going to get from Apple, it’s scary as to its poor quality and what it implies for APFS itself. This technote is so confusingly phrased that I have trouble understanding it. It makes bizarre statements about devices reading devices, which makes no sense: macOS controls and coordinates I/O across devices.

My guess is that the file system team is in overdrive mode trying to fix APFS bugs before the calendar-driven release of macOS High Sierra—oops it’s too late because it has gone golden master now. I say that because no one on the engineering team seems to have had the time to read this horribly confusing and possibly incorrect technote, or at least not to have cared enough to ask the tech writer to un-confuse it and to address its omissions. But that’s the job of management—to make sure that sort of thing happens—so what does that say about the state of readiness to ship? With Apple, “ship ready” is just an X on a day on the calendar: when the iPhone train rolls, anything in the way gets crushed.

The technote also suffers from its omissions:

  • What about partitioning? Can a drive have both APFS and Mac OS Extended partitions?
  • Will my partitioned boot drive SSD will be converted to APFS, damaged or reformatted, or what exactly?
  • To point out that Fusion drives will not be converted and get no benefit from APFS, i.e., Apple sold a bill of goods regarding performance gains to those buying Fusion setups and now chooses not to support APFS with Fusion setups.
  • Will users with BootCamp on their boot SSD now be bereft of BootCamp support, since macOS High Sierra forcibly converts SSDs to APFS, which does not support BootCamp (see below)?
  • Whether hard drives will be faster or slower or the same with APFS (probably slower and I wonder about RAID in particular).

The technote might also be incorrect because one reader already reports that macOS Sierra in fact does read APFS. MPG has not installed macOS High Sierra and cannot confirm this as yet.

I deem this technote incompetent—readers can make their own call onthat, but what does it say if incompetence is considered OK for the most critical OS feature in years?

I’ll make a stab at translating the above mess, for which I have to make some assumption:

APFS compatibility (attempted translation)

Devices formatted as Mac OS Extended (HFS+) can co-exist with devices formatted as APFS on macOS High Sierra.

We tech writers at Apple aren’t sure yet if devices can be partitioned as having APFS and Mac OS Extended Partitions, so we aren’t going to talk about it here.

An external SSD or hard drive formatted with APFS can be read by a Mac using High Sierra, but not by a Mac using Sierra or earlier.

If the last point is correct, this presents a serious compatibility headache for many ordinary users (old laptop and new desktop or vice versa, one running an older macOS), let alone corporations or work groups.

Boot Camp support

Apple has stated that SSDs will be forcibly converted to APFS upon installing macOS High Sierra. That’s right—no choice in the matter for users.

The technote implies yet more Apple disrespect for users a la Final Cut Pro, e.g., breaking Boot Camp support, in effect:

APFS and Boot Camp

Boot Camp doesn't read from or write to APFS-formatted volumes, but is compatible with High Sierra.

If this note is correct, then it won’t be possible to use BootCamp any longer on those SSDs, because the boot drive will now be APFS, and BootCamp cannot work with APFS.

Or does it mean that the BootCamp partition remains as-is and BootCamp continues to run just fine, excepting not being able to access anything on the macOS boot drive (or other APFS volumes), which might make BootCamp useless for some users. At the least it presents a loss of functionality for some users.

Apple has gone about this the worst possible way. This is the way it should have been done:

  • Roll video codec support into macOS Sierra in a 10.12.7 release.
  • Add support for APFS in a macOS Sierra 10.12.8 release. Purely an option. Let this 'bake' for 6 months.
  • Release macOS High Sierra 6-9 months from now with the desired forced conversions, support for Boot Camp, etc.

MPG’s view is that Apple’s calendar-driven releases result in extremely poor judgment by Apple management (users are disrespected in various ways), and that rushed development that leads to Apple Core Rot by the mandate to ship by a fixed data, bugs be damned.

MPG reiterates its recommendation that professionals and those with important work to do not install macOS High Sierra for at least 6 months. Clearly Apple is kicking macOS High Sierra out the door with serious limitations, and that almost certainly means uncorrected bugs that users are supposed to find by painful experience.

Don H writes:

Another data point on the limitations of High Sierra upon release: I installed the High Sierra Golden Master on a test machine (which took about an hour to convert the internal SSD from HFS+ to APFS) and so far no problems in regards to that process. However, one of the first things I tried was to format a bare external HDD to APFS and then use it for a Time Machine backup. One might think that APFS would be ideal for incremental backups because of its snapshot capability.

When I selected the external disk in the Time Machine preference I got a panel telling me the disk format (APFS) was not compatible and it would ‘erase’ the disk if I proceeded. Since it was a blank disk anyway I accepted and then after an hour it completed the first Time Machine backup. When I then checked Disk Utility I discovered that it had been re-formatted back to HFS+ before performing the backup. To confirm this I tried again with a second disk, being very careful at each step from initial format to APFS (and verifying the format) to selecting the disk in the Time Machine prefs, and sure enough it too was reformatted back to HFS+. So we’ve been waiting all these years for a new file system (which doesn’t even include user data integrity checks) for this?

I assume Apple will eventually implement Time Machine using APFS, and *maybe* add data integrity later if they haven’t painted themselves into a corner at the foundational design, but for now there doesn’t seem to be much benefit for the user with High Sierra. But at least we’ll get animated poop emojis!

MPG: this is the half-baked situation I more or less expected—ship by calendar, not by quality. A lot of bugs might pop up in APFS, and there might be data loss scenarios if history is any guide.

Kees R writes:

I was reading on the apple website on High Sierra and found the devices writing to other devices strange and confusing, then decided to find out if Lloyd Chambers also thought so . . . . Well, I will follow your advise and not upgrade for the time to come, although I have to deal with an annoying error in Preview’s PDF kit which has been corrected in High Sierra (I was told). But the mess to be expected from APFS seems a far larger problem.

MPG: most users are likely to have no issues with APFS, at least that’s a good assumption. Most users have systems with a single drive and an SSD or Fusion drive. They don’t run RAID, don’t user pro software, etc. My advice is directed at those who rely on their Macs for getting work done—the risk is not worth it until the dust settles a few months out (at least), so that if issues arrives the 2nd or 3rd minor update would hopefully fix them.

OWC USB-C Mini Travel Dock for Thunderbolt 3 / USB-C Macs such as 2016/2017 MacBook Pro, 2017 iMac 5K

2016 and 2017 MacBook Pro users now have a solution for reducing the number of dongles to carry to just one device for common needs in the about $50 OWC USB-C Mini Travel Dock.

  • 2 x USB 3.1 Gen 1 (Standard-A) Ports
  • USB-C Auxiliary Power Port (up to 60W)
  • SD Card Reader (UHS-II)
  • HDMI 2.0 Port Supports 4K display resolution – up to 4096 x 2160 at 30Hz
  • Available in 4 colors
  • 2 Year OWC Limited Warranty
  • Any type C power adapter up to 100 watts can be connected to the Mini Travel Dock.

Fitting easily into a small purse or back or moderate-size pocket, the OWC USB-C Travel Dock solves two key needs that I have when working in the field: USB-A port support (for a backup drive), and an SD card slot (for downloading image). Although I am still using a 2015 MacBook Pro, when I ultimately move to newer model, this will be a critical accessory.

See also OWC Thunderbolt 3 Dock and OWC USB-C Dock for Apple MacBook.

OWC USB-C Mini Travel Dock

Greg H writes:

Love OWC products, and have been buying from them for years. You won’t get anything but praise from me for them.

But I did want to share an alternative dock option that is sleeker and more portable: https://www.hypershop.com/collections/usb-type-c/products/hyperdrive-hub-for-usb-c-macbook-pro-13-and-15-2016-2017

I have the single port and double port versions for both my laptops. They work exceedingly well. Just another choice.

MPG: at first it looks like a nice product, but according to my sources it is not a certified Thunderbolt 3 product for Thunderbolt 3 pass-through. Certifying Thunderbolt is an expensive and time consuming process for any conforming product; it is a condition of licensing Thunderbolt.

First issue I see is a dubious claim on 100 watt power pass through. One can try, I suppose. But with no certification, one might have no joy if really intending to use it.

The key issue I see is no strain relief—direct attachment could damage the ports on the MacBook Pro if any torque is applied (such as a modest bump downards or upwards), as well as a too-wide form factor for use in some situations. I'd rather see some cable arrangement for strain relief, rather than a make-pretty direct-attach. If sitting at a desk is always the use case, then AC power is available, and the OWC Thunderbolt 3 Dock is a far more robust solution. When I have traveled over the years, I never worked at a desk, although that will change now with my photography adventure van. But in prior use, I'm pretty sure I'd damage my ports quickly by inadvertant pressure; even just inserting regular USB plugs weakened the ports and made them sloppy over time.

To which Greg responds:

You hit the nail on the head. Strain relief anywhere but a desk is, I think, the #1 issue. I have used the dock primarily at my hotel desk when traveling. Sometimes on a airplane tray, but I try not to work in planes any more. I don’t take it in the field.

In effect, it is just a super portable dock that takes up as little space and weight as possible. Here at home, I use mostly iMacs, and will be adding the OWC Thunderbolt 3 Dock [just ordered], for when the new iMac Pro arrives this December. I don’t see these little plug-in docks as effective for an iMac, though, because in an odd way, they are “too big” to just hang off the back. I plan to finally cave and add the NEC, but I want to wait and see just how good—or bad—the display is on the iMac.


See also:

Rigorously lab tested and OWC certified.

iPhone Camera bug

The only way I could get the iPhone camera to work again was to reboot the phone.

I’ve seen camera bugs before; this one makes it completely unusable. The controls do not work, nor can one switch to another shooting mode, presumably because one has to press someplace completely different than the offset controls which are drawn in the wrong place.

Reliability bugs like this are troubling and I’m not keen on the cross pollination of iOS and macOS, which can only make things worse.

Apple iPhone 7 Plus camera bug
Apple iPhone 7 Plus camera bug


Thunderbolt 3 Dock
Must-have expansion for 2017 iMac/ MacBook Pro
Thunderbolt 3 • USB 3 • Gigabit Ethernet • 4K Support • Firewire 800 • Sound Ports

macOS High Sierra: Caution Advised

MPG has long advised that professionals delay by at least 3 months the adoption of any new Apple operating system. In the case of macOS High Sierra, the major change is Apple File System (APFS). Without APFS, the release would be little more than a minor revision of macOS Sierra. So it is all about APFS.

With macOS High Sierra on the horizon, rumblings abound of issues.

Accordingly, MPG hereby raises that 3 month 'wait' recommendation to a full six months from here on in. That’s because (a) a change in file system is a major change with repercussions and (b) Apple cannot be trusted to respect users or their data or their workflow, with poor judgment seem repeatedly many times over in recent years. The name for this macOS release is apt.

Remember, Apple ships on a calendar basis. Not when requisite software quality is achieved—if the bar is too high, the bar is lowered and the software ships on schedule. This has been going on for years and now with iOS and macOS tied together with APFS and iCloud, it won’t stop—the iPhone drives all.

APFS and High Sierra in trouble captures in a nutshell my concerns about macOS High Sierra, capturing multiple disturbing lapses in judgment at Apple.

Introducing a new file system is a very major undertaking, not something to be breezed away in a couple of press releases and fatuous PR claims. It is comparable in scale and effect to introducing Mac OS X itself – something which Apple left in public beta for more than six months. APFS has instead had just two months in public beta, over a period when many people around the world take their major annual holiday.

Even before those public betas, some of Apple’s decisions about APFS have proved to be misjudgments. Most obvious was the design feature that the new file system would not perform any Unicode normalisation of file and folder names – which was still a feature of APFS when it was released to hundreds of millions of iOS devices back in March.


MPG: see Malcom C’s comments below about compatibility. The source above may have been mistaken about APFS being unreadable with Sierra.

See also Apple Core Rot.

Martin D writes:

FWIW, iOS 11 is atypically flaky and unstable this late in development. Perhaps the GM will surprise us, but the latest developer beta is just plain buggy. The bugs I’m hearing about are worse on the iPhone than the iPad, but I’m also seeing plenty of oddities on the iPad Pro I’m testing on.

MPG: iOS uses APFS, so this does not bode well for macOS using APFS. It should all end well, but it might be a year before that is achieved.

Malcom C writes:

Like you I am very interested/concerned about moving to High Sierra and APFS. So I have installed the latest Beta on a 100 GB partition of a Samsung SSD on my 2011 iMac.

The main partition running 10.12.6 can read the APFS partition without problems. So my next check was to format a rotational drive in a USB case as APFS from the 10.13 OS.

According to the ECLECTIC LIGHT CO article dated 10 Sept. an APFS partition is ONLY readable from 10.13 NOT 10.12. However on my iMac the USB drive formatted as APFS is readable by 10.12.6 without any problems.

Also as a very rough test the Blackmagic Disk Speed software reports that the USB rotational drive data transfer speeds are about 2x faster under APFS.

I realise that APFS is a big step but if articles are written during a beta test period nothing can be treated as final until the GM version is available.

My quick and dirty test indicates that Sierra can read and write APFS I copied the Sierra Install file and it would read as expected. I was able today to check that Yosemite and El Capitan however cannot even see the drive.

MPG: taking the last point first, the golden master (GM) won’t have any meaningful changes at this point; the public beta is in effect the GM already. This has been true for every release for the many years this close to final release, which is nearly at hand.

My key source indicates speed issues with hard drives. Let’s hope one expert is wrong. APFS is optimized for SSDs.

Will the iMac Pro Be Worth The Cost?

In theory the Apple iMac Pro will be out about 3 months from now.

See also Assessing the Dec 2017 Apple iMac Pro.

Right now, the best 2017 iMac 5K with 1TB SSD is $200 off at B&H Photo at about half the price of the most basic iMac Pro (see all the deals on Apple desktop Macs). That “best” presumes an upgrade to 32GB or 64GB of memory. Even better (and also $200 off) is the best 2017 iMac 5K with 2TB SSD.

What do you get for the extra $2200 of an iMac Pro over the 2017 iMac 5K, and does it matter to most users?

  • Choice of 8 or 10 or 18 core CPU. Even for my work, 8 cores is going to do little to speed up my work unless there are other jobs running at the same time. And the lower clock speed might actually make it inferior to the 2017 iMac 5K since the most time wasting part of my work usually does not hit more then 3 cores due to Photoshop limitations. My instinct on this for *my* workflow is that 8 cores will be enough. But there is reduced bandwidth (apparently) for the 8 core CPU, so that pushes me to the 10 core, and that will probably be another $500 or $1000.
  • Up to 128GB of ECC memory. ECC memory is important in some cases, but for most users it offers no benefit. For my uses 64GB is enough and the 2017 iMac 5K already offers that. So the ECC memory is the advantage for me, but not a compelling one.
  • Faster GPU. This is a win for Photoshop presumably, but quite possibly the real world Photoshop performance gains will be fractional for my work, so it’s no clear win until I actually see what actually happens in real world work.
  • Display is apparently no better. What a pity it isn’t at least a 6K display in a 30" form factor.
  • Support for external 4K or 5K displays is a clear win for the iMac Pro, and it might even be able to support an 8K display by using both Thunderbolt 3 busses via Multi Stream Transport. Now that is something that gets exciting, but such displays might be 1-2 years off.
  • Dual Thunderbolt 3 busses. This is a win, but maybe makes no difference in my everyday workflow and imparts hassles like not being able to directly connect a Mini DisplayPort display like my NEC PA302W.

There you have it—no clear win that I can see. To add a small insult to injury, Apple has discontinued the full size keyboard and changed the position of the control keys on the toy wireless keyboard, breaking years of “finger training” for me.

All that said, I might actually consider the iMac Pro rather than wait for the new Mac Pro, which is still vaporware on the distant horizon. Also, dual Thunderbolt 3 busses are something very helpful for testing coming high performance peripherals.

Martin D writes:

I’m pretty sure the iMac Pro is 95% for 3D (games, video effects and VR development), and for (a rather pitiful and short-lived form of) bragging rights.

Of course, you can build a cheaper, more powerful 3D system, today, if you’re willing to use Windows, which, of course, is where most of the 3D software is anyway. The other 5% would be Xcode programmers who think it will be a comparatively helpful architecture to speed compiling.

MPG: I'll stay open to being 'sold' if 8K support is possible and when I test one and see if it outperforms for my actual real-world tasks. I’d also like a design that makes it easy to clean out dust, which the iMac Pro looks to not have, making it a non-pro machine from the outset.

Rigorously lab tested and OWC certified.

Travel Bag for iMac 5K

Get iMac 5K at B&H Photo and see my Mac wishlist.

Update: see experience report.

Since I am considering using an iMac 5K for my Mercedes Sprinter photography adventure van project, protecting the iMac 5K becomes important, particularly on rough dirt roads; it cannot sit on a desk while driving or it will end up smashed on the floor.

I’m still investigating a VESA mount iMac 5K including products like the Tether Tools Rock Solid VESA iMac Stand Adapter so as to not stow/unstow, but those solutions still will subject it to harsh shock and vibration and so I think they might not be viable.

So I looked around and the best case that suits my needs is the handsomely made about $199 Gator Cases Creative Pro 27" iMac Carry Tote. A big plus is that it is possible to use the iMac without actually taking it tout of the bag—just unzip the front; it has holes for cables to go through as well. I have one to evaluate and will try it out on my next mountain outing.

Gator Cases Creative Pro 27" iMac Carry Tote
Rigorously lab tested and OWC certified.

My Sprinter Photography Adventure Van Project: Which Mac?

Mercedes Sprinter cargo van,
before modifications

See also:

Most (maybe all) Apple computers have a limited operating range. For example, the specifications for the late 2015 iMac 5K have temperature and humidity and altitude limits, two of which are serious concerns for me with my Mercedes Sprinter photography adventure van, at least on paper: operating temperature (cold, mainly) and altitude—the picture below is at 11,500' elevation!

Electrical and Operating Requirements

  • Line voltage: 100–240V AC Frequency: 50Hz to 60Hz, single phase
  • Operating temperature: 50° to 95° F (10° to 35° C)
  • Relative humidity: 5% to 95% noncondensing
  • Operating altitude: tested up to 10,000 feet

I’ve already tested the 2015 MacBook Pro at 11,500' and it works fine at that altitude for extended periods. However, I know from past experience that the screen is problematic below about 40°F and this is probably true of an iMac as well (or any LCD display), but once it warms up, it will probably be just fine. Besides, I will have to warm up the van as my hands get too cold below about 55°F.

The NEC PA302W also works fine at 11,500' and has no problem at 90°F to 95°F (also tested), though the MacBook Pro becomes unusable.

See Reasons To Like the NEC PA302W Wide Gamut Professional Display.

Mercedes Sprinter photography adventure van at 11,500' elevation


There is an open question as to whether a 2015 MacBook Pro would be viable for my work. The short answer is “viable but problematic. Problematic because the 16GB memory limit slows me down regularly, and because the 2015 MacBook Pro does not tolerate heat well at all. Still, I might stick with it until the iMac Pro comes out, because it is now autumn and temperatures in the mountains are dropping.

I have been considering three options:

  • 2015 MacBook Pro with 16GB memory, top end model (already own).
  • 2015 iMac 5K with 64GB, top-end model (already own).
  • 2017 iMac 5K with 64GB top-end model, would have to purchase. Makes no sense with iMac Pro coming in 4 months. Also Thunderbolt 3 creates headaches, thus requiring adapters or more hardware like the OWC Thunderbolt 3 Dock just to hook up the 2nd display. So as much as I like its outstanding performance, I’ve rejected the 2017 iMac 5K out of hand for cost and hassle reasons.
  • 2017 iMac Pro has the same issues as the 2017 iMac 5K, but because I might end up getting one, I might go this way for travel. Or I might just use the 2015 iMac 5K so as not to risk the iMac Pro.
  • 2013 Mac Pro with 64GB is problematic given my requirement for two displays; I’d have to buy one whereas an iMac 5K counts as one display.
Gator Cases Creative Pro 27" iMac Carry Tote

I am going to try the 2015 iMac 5K soon now that I have solved the packing issue with the Gator Cases Creative Pro 27" iMac Carry Tote. The 2015 iMac 5K may be just the ticket, since I can avoid the extra power draw and setup/teardown hassle of the OWC Thunderbolt 3 Dock — it would be needed to connect a Mini DisplayPort display like the the NEC PA302W to a Thunderbolt 3 Mac.

Other items I’d want along:

  • At least one OWC Envoy Pro EX 1TB SSD for backups (2TB would be better, but 1TB is max as of summer 2017). The elegance of this device is that I can put it in my daypack when hiking all day as a safeguard against losing all my work disappear, should the van be broken into and computer gear stolen.
  • OWC Viper for big storage (preferably 4TB so I can carry a bunch of other stuff from home that can be used on the road also). But that presumes a Thunderbolt 3 Mac, so that means an 2017 iMac 5K or an iMac Pro (since the MacBook Pro is unacceptable for my work).
  • BatPower USB charger for iPhone and iPad and other stuff. And for MacBook Pro, which I’d take along as a backup/spare computer.
  • Fast camera card reader for both SDXC and Compact Flash and XQD cards.
  • External drive for Time Machine backup while I work, like the OWC Elite Pro Dual Mini 2TB. Assuming a Thunderbolt 3 Mac, the OWC Mercury Elite Pro Dual Mini USB-C would be a rocking fast choice.
Mercedes Sprinter photography adventure van: temporary work setup with 2015 MacBook Pro and NEC PA302W
Mercedes Sprinter photography adventure van, alpenglow on Mt Whitney from Alabama Hills
f9 @ 1/8 sec, ISO 64; 2017-09-24 06:48:21 [focus stack 3 frames]
NIKON D810 + Zeiss Milvus 35mm f/1.4

[low-res image for bot]

iPhone 7s and 8: End of the Line for Value was with iPhone 6?

See my computers wishlist.

NewerTech NuGuard KX case for iPhone 7 and 7 Plus

Last year I upgraded to the iPhone 7 Plus, a key reason being the 2X camera. The 2X camera has proved to be a deep disappointment with its godawful image quality which is poor in sunlight and crap in darker conditions, with mutilated pixel quality reminiscent of the bargain-bin point and shoots of 5 years ago.

Last fall in Apple iPhone 7: New Features I Like, I discussed new features that I thought were worth upgrading for. Below is brief recap along with my conclusion on each.

  • Dual cameras and 2X lens: FAIL. The 2X camera has very poor quality.
  • Wide Color support: FAIL—no meaningful value that I could discern when using the phone. The DCI-P3 color space is occassionally helpful for images, but the screen makes no difference to me. See iPhone 7 Sports Retina HD Screen with DCI-P3 Color Gamut and “Wide” Color Capture.
  • More powerful speakers: DOUBLE FAIL. No useful increase in volume over my 6s Plus, plus the speakers emphasize and low-level hissing on my audio books; this the 6s Plus never did.
  • Splash and water resistance: good, but it has never mattered as my iPhone 7 Plus has not gone swimming.

There you have it: for my reasons, the iPhone 7 Plus was an abject failure and a waste of $1100. I would gladly turn it in for a refund and make the 6s Plus my primary phone again.

So now we have the iPhone 7s and 7s Plus and rumored 8 coming, with a few more technology demonstrations. OMG, I cannot wait to save $1100 by not buying one—I want new value that distinctly improves useful things versus the prior model. And maybe that is there so I’ll wait and see but fool me once and shame on Apple, fool me twice, shame on me.

Sure, an OLED screen that is full width might be nice, facial recognition is an anti-feature (for me), and so on. For the most part, these new goodies are technology demonstrations that offer no real value to me. I’m sure millions will disagree* and happily fork over $800 to $1100 (which for anyone who can afford one really means earning $1600 to $2500 to have those after-tax dollars). And maybe there will be one 'killer feature' that will add real value and thus persuade me—I’d be delighted if that occurs and would then reconsider.

Hardware aside, Apple has not earned my business by doing more important things, like decluttering iOS and letting me customize my phone; the current experience is a nightmare with land mines and anti-productive behaviors and preferences buried so deep that it would have been a case study in bad design back in the days of the Apple Human Interface Guidelines.

I’m not going to play this treadmill game of buying a $1000 phone anymore.

* The earth is a big round ball, even if all but one person thought it was flat for millennia.

Rigorously lab tested and OWC certified.
Blazing-fast PCIe storage for Mac Pro Tower

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2008-2017 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__