Rigorously lab tested and OWC certified.

Deep Discounts on Macs, iPads: B&H Photo Black Friday Deals + Nikon, Canon, Sigma, Sony and more

See my mac wish list.

See all Black Friday discounts on Macs and iPads and more at B&H Photo.

Shopping deals on computers, cameras, mobile, TVs, etc.

There are many discounted Macs to fit many needs, but my pro picks are in my Apple Mac wishlist. Be sure to click through for latest pricing.

B&H Photo Black Friday Deals

Nikon, Canon, Sigma camera gear

Deals Updated Daily at B&H Photo

Reader Question: Best Mac if Buying Now

See my Mac wish list.

Del B writes:

Time to buy a new iMac, and plan on doing so through your link around black Friday. Will go with your publisher preference. Will the new Mac com with the not ready for prime time filing system.

Somewhere I read that the new file structure will initially be focused on the iMac Pro. Do you know? Part of me wants to wait for the new design rumored for '18 but I really need to buy something very shortly

DIGLLOYD: My top deals pages are updated daily and always a good place to bootmark and scan each day. There are many such pages sorted by category.

The fastest Mac today for most users (and indeed one I’d consider switching to) is model which is currently $200 off, the $2899 Apple 27" iMac with Retina 5K Display (Mid 2017) model #APIMTRMNED43. Of course, add 64GB OWC memory, and you’ll probably want big fast external storage too.

As for value, the iMac Pro is a massive losing proposition for most users, unless money is meaningless to you. The iMac Pro could actually be *slower* for many things than the 2017 iMac 5K.

File system is code and I can see no reasonable argument that Mac Pro SSD would perform better than the 2017 iMac Pro SSD—unless it is due to the fact that Apple put a *slower* SSD into the 2017 iMac 5K than the 2015 iMac 5K (for transfers up to 1MB or so). Presumably the iMac Pro will rectify that, but who knows.

See all iMac articles.

Which Camera System / Lenses Should Are Best?
✓ Get the ideal system for your needs: diglloyd photographic consulting.

Reader Comment: Thunderbolt 3 Crash with High Sierra

Mac wish list •  all 15" Apple MacBook Pro 2017 models •  MPG gets credit if you buy through those links.
MPG tested a fully-loaded 2017 MacBook Pro with 1TB SSD.
Suggested accessories include the OWC Thunderbolt 3 Dock, the 1TB Envoy Pro EX.

Grant G writes:

I’m a long time reader of your site and have found your blog and ordering links quite helpful over the years.

Just curious if any of your other readers have been having a lot of stability problems with OSX 10.13 and 10.13.1 with there Thunderbolt 3 MacBook Pro.

Any time I have one of my Thunderbolt 3 raids connected I get a full system crash.

MPG: MPG has not heard of this one, but it does not sound surprising. Could be the specific unit involved perhaps.

For the first time ever, I have upgraded none of my machines to the current macOS, since they all must function properly with new bugs and crashes.

As discussed, MPG strongly advises to not upgrade to High Sierra until at least 3 months pass from its release, preferably 6 months. Apple has been shoveling out whatever manure is ready when the scheduled date arrives—it’s all driven by calendar dates, not not by quality metrics.

See also the following. Certain things might now be fixed, the point is the negligence of macOS releases foisted on the public by ship dates of the iPhone:

B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 21 hours unless noted. Certain deals may last longer.
$2699 SAVE $300 = 10.0% Canon 11-24mm f/4 EF L USM in Lenses: DSLR
$3297 SAVE $1169 = 26.0% Nikon D810 DSLR with 24-120mm in Cameras: DSLR

It’s Television Discount season!

Buying tips/pages:

Thanksgiving, Christimas, Hanukkah, football season, etc—what’s not to like about the a great new TV? Those OLED models are amazing—I saw them at CES last January.

Television Deals at B&H Photo


OWC Halloween savings

Mac wish list •  all 15" Apple MacBook Pro 2017 models •  MPG gets credit if you buy through those links.
MPG tested a fully-loaded 2017 MacBook Pro with 1TB SSD.
Suggested accessories include the OWC Thunderbolt 3 Dock, the 1TB Envoy Pro EX.

Get stuff before it's over and while they last.


OWC Halloween savings
OWC Thunderbolt 2 Dock
Review of Thunderbolt 2 Dock

Apple Kernel Bug? 2015 iMac 5K Runs at 0.8 GHz When Cold, Even with Warm Air Out Rear Vents

Mac wish list •  all 15" Apple MacBook Pro 2017 models •  MPG gets credit if you buy through those links.
MPG tested a fully-loaded 2017 MacBook Pro with 1TB SSD.
Suggested accessories include the OWC Thunderbolt 3 Dock, the 1TB Envoy Pro EX.

Back in August, I reported on the 2015 MacBook Pro dropping to 0.8 GHz when temperatures rose, making it unusable for any useful work.

It turns out that cold also causes an issue, and this time it looks like a bug that does not go away without shutting down and restarting—rebooting did not fix the problem.

Conditions: 33°F inside of my Mercedes Sprinter photography adventure van, rapidly warming interior to 73°F within about 20 minutes.

Clock speed starts at 0.8 GHz and stays there

The graph below from Intel Power Gadget shows the 2015 iMac 5K running like molasses in a refrigerator, at 0.8 GHz. All four CPU cores are at 100%, but at 0.8GHz. User tasks do run, but very slowly, in slow motion.

Initial ambient temperatures of 33°F might explain this behavior as some self-protective measure, but rebooting twice and with warm air coming out of the back of the iMac and with cabin temperature of 73°F the iMac still ran at 0.8 GHz with no sign of changing behavior.

Not until the iMac was shutdown and rebooted did it run at normal speeds.

The Intel CPU seems unlikely to be responsible, since it was at 33.3°C as shown below. Accordingly, a reasonable theory is yet another Apple macOS kernel bug.

Intel Power Gadget showing 2015 iMac 5K running at 0.8 GHz

When this behavior occurs, kernel task consumes all four real CPU cores.

With 2015 iMac 5K running at 0.8 GHz, kernel task consums all four real CPU core at 100%
Upgrade Your Mac Memory
At much lower cost than Apple, with more options.
Lloyd recommends 64GB for iMac or Mac Pro for photography/videography.

Caution on Upgrading to macOS High Sierra: Sony Firmware Updates

See my Nikon wish list and get Nikon D850 at B&H Photo.

MPG has advised users, particularly profeessional users, not to upgrade to macOS High Sierra for at least 6 months.

Apple quality control has gone seriously downhill over the past 5 years. The most recent evidence for that is exposing cleartext passwords + a new zero day exploit and having to rush out a fix. It speaks volumes.

Below is a camera-related issue issue I received in email today: you might not be able to update firmware for Sony cameras when running macOS HighSierra. Sony ought to be more clear, is it it “may not” [sic] or “will not”.

See also:

Fujifilm GFX and Nikon D850
Rigorously lab tested and OWC certified.

Will the iMac Pro Be Worth The Cost?

See also Assessing the Dec 2017 Apple iMac Pro.

It’s about 6 weeks until the alleged debut of the 2017 iMac Pro, and nary a peep from Apple.

The best 2017 iMac 5K with 1TB SSD has been $200 off at B&H Photo on and off recently. At about half the price of the most basic iMac Pro. That “best” presumes an upgrade to 32GB or 64GB of memory. Even better is the best 2017 iMac 5K with 2TB SSD. Both are a lot less than the imac Pro.

See best deals on Apple desktops and best deals on Apple laptops.

What do you get for the extra $2200 or so of a starter iMac Pro over the 2017 iMac 5K, and does it matter to most users?

Early-access test results

Early-access tests using GeekBench state the following, emphasis added. The author seems clueless about the implications of what he has written, including the fact that the 18 core is likely to be even slower than the 8 core or 10 core CPU on single threaded tests.

When it comes to actual scores, the 8-core iMac Pro averages at 23,536 in multi-core tests, making it the highest performance of any iMac ever, nearly 22% faster than the top-of-the-line 5K iMac.

The 10-core iMac does even better, reaching a multi-core score of 35,917, some 41% better than the high-end Mac Pro featuring a 12-core Xeon E5 processor.

The single-core result, 5,345, is faster than all but the highest 5K iMac released this year. If that’s not enough, then you should remember that Apple will also have an 18-core iMac Pro on sale this December, but that model was not benchmarked yet.

Let’s restate the biased viewpoint above in its proper context:

  • With 8 CPU cores on the iMac Pro vs 4 cores for the 2017 iMac 5K (double the core count!), there is a pathetic 22% gain over the 4-core top of the line 2017 iMac 5K.
  • The single-core speed of the iMac Pro is inferior to the fastest 2017 iMac 5K. Since many programs run with only a single core much of the time, the iMac Pro is going to be slower than the 2017 iMac 5K for many common tasks.

The implications here are that for many users, the iMac Pro will perform less well than the 2017 iMac 5K 4.2 Ghz on many tasks, at a huge price premium. The iMac Pro might make sense for video users and applications driving all the cores for significant periods of time, but it seems doubtful to be of much benefit for Photoshop users, since Photoshop rarely uses more than 2 CPU cores except in short bursts.

The about $3079 top-of-the-line 2017 iMac 5K is starting to look like a bargain for most users, particularly when discounted by $200 or more, as has happened recently.

Feature set

  • Choice of 8 or 10 or 18 core CPU. Even for my work, 8 cores is going to do little to speed up my work unless there are other jobs running at the same time. And the lower clock speed might actually make it inferior to the 2017 iMac 5K since the most time wasting part of my work usually does not hit more then 3 cores due to Photoshop limitations. My instinct on this for *my* workflow is that 8 cores will be enough. But there is reduced bandwidth (apparently) for the 8 core CPU, so that pushes me to the 10 core, and that will probably be another $500 or $1000.
  • Dual Thunderbolt 3 busses. This is a win, but maybe makes no difference in my everyday workflow and imparts hassles like not being able to directly connect a Mini DisplayPort display like my NEC PA302W. Ironically, it is also the most important feature to me—for testing a new crop of high performance Thunderbolt peripherals.
  • 10 gigabit ethernet port. This is a win if/when it applies. But it has zero value for most users, who won’t have a 2nd or 3rd Mac also having 10 gigabit. I don’t plan on buying a pair of $5K to $15K iMac Pro systems.
  • Up to 128GB of ECC memory. ECC memory is important in some cases, but for most users it offers no benefit. For my uses 64GB is enough and the 2017 iMac 5K already offers that. So the ECC memory is the advantage for me, but not a compelling one.
  • Faster GPU. This is a win for Photoshop presumably, but quite possibly the real world Photoshop performance gains will be fractional for my work, so it’s no clear win until I actually see what actually happens in real world work.
  • Display is apparently no better. What a pity it isn’t at least a 6K display in a 30" form factor.
  • Support for external 4K or 5K displays is a clear win for the iMac Pro, and it might even be able to support an 8K display by using both Thunderbolt 3 busses via Multi Stream Transport. Now that is something that gets exciting, but such displays might be 1-2 years off.

There you have it—no clear win for any but specialized users.

To add a small insult to injury, Apple has discontinued the full size keyboard and changed the position of the control keys on the toy wireless keyboard, breaking years of “finger training” for me.

Still, I am likely to consider the iMac Pro rather than wait for the new Mac Pro, which is still vaporware on the distant horizon—because of the dual Thunderbolt 3 busses for testing coming high performance peripherals. Waiting another 12-18 months for a mythical 2019 Mac Pro is not appealing.

Martin D writes:

I’m pretty sure the iMac Pro is 95% for 3D (games, video effects and VR development), and for (a rather pitiful and short-lived form of) bragging rights.

Of course, you can build a cheaper, more powerful 3D system, today, if you’re willing to use Windows, which, of course, is where most of the 3D software is anyway. The other 5% would be Xcode programmers who think it will be a comparatively helpful architecture to speed compiling.

MPG: I'll stay open to being 'sold' if 8K support is possible and when I test one and see if it outperforms for my actual real-world tasks. I’d also like a design that makes it easy to clean out dust, which the iMac Pro looks to not have, making it a non-pro machine from the outset.

Mobile Phone Companies Sell your Name and Location Data

From EasyDNS.com:

TechCrunch reported Shotwell Labs’ co-founder findings that even after the FCC penalized Verizon for injecting markers into their customers’ data that enabled them to be tracked without customer consent, the practice is still thriving across mobile providers and being used to sell name and location data to whoever ponies up for it.

The mobile providers are injecting a new data element similar to Verizon’s Unique Identifier Header (UIDH) which is appended to HTTP requests and allows websites visited to see personally identifiable data, including billing and location info, if they subscribe to the carriers data feed for it. While the article does enumerate some legitimate reasons for websites to gain access to this (employee tracking), it’s still concerning.

MPG: scum bags.

From TechCrunch Mobile phone companies appear to be providing your number and location to anyone who pays:

The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)

MPG: the one site linked-to is now offline:

Want to see something crazy? Open this link on your phone with WiFi turned off

Note: this demo site may have been taken down after this report got traction.

Click “Begin,” enter the ZIP code and then click “See Underlying Data.”

What you should see is your home address, phone number, cell phone contract details, and — depending on what kind of cell phone towers you’re currently connected to — a latitude and longitude describing the current location of your cell phone.

MPG: So nice of the Feds to require that mobile devices be locatable to within 100 feet or so.

A few CEOs in prison for a few years would get things moving on eliminating or reducing some of these issues.

Private data is just too dangerous to trust to companies, or the government, since even the NSA cannot do it, an the IRS contracted with Equifax, which served up malware. Identity theft can land you in prison if the thief commits a crime in your name. It’s time to impose severe penalities for mis-use of private information, including the corporate death penalty.

Michael C write:

I was reading this morning your post and wanted to offer a few observations:

1 – Attached is a redacted privacy page from my Verizon wireless account here in San Francisco. Well hidden on the Verizon Wireless customer page, one can get to an opt-out page (My Profile > Privacy Settings)

2- Once on that Privacy Settings page, you will see three areas where OPT OUT selections can be made. I am presuming that Verizon is honoring those OPT OUTS. If they are not, then we are back to beating the snot out the scumbags in court, AGAIN.

3- The relevant FCC order is:

“5. To settle this matter, Verizon Wireless will pay a fine of $1,350,000 and implement a compliance plan that requires it to obtain customer opt-in consent prior to sharing a customer’s UIDH with a third party to deliver targeted advertising. With respect to sharing UIDH internally within Verizon Communications Inc. and its subsidiaries,6 it must obtain either opt-in or opt-out consent from its customers. Verizon Wireless will also generate customer UIDH using methods that comply with reasonable and accepted security standards.”

Like most other rational adults, I loathe the data-hoovering that goes on around us. I am concerned, though, that the Shotwell and TechCrucnh folks may have gone off half-cocked UNLESS the telcos are willfully violating these FCC orders.

MPG: good points—important to see proof of willful violaton—might be less bad than it seems.

It seems that Verizon has at least one bad link to opt out. A company with tens of millions of customers (probably more) cannot be bothered to make its opt-out links work? That should leave anyone incredulous.

Michael C wrote to Verizon:

Thank you for the information. You might make sure 611 Customer Service is equally aware. The answer " we have no control over security settings" is both inaccurate and inappropriate. Second, I note the link http://privacy.aol.com/advertising-and-privacy/#Adchoices located on https://wbillpay.verizonwireless.com/vzw/secure/setPrivacy.action is broken and thus

Verizon Wireless is not properly providing access to the necessary OptOut that is part of the OATH alliance "Verizon's Relevant Mobile Advertising program helps make the ads you see more interesting and useful. This program shares information with Oath (formed by the combination of AOL and Yahoo)"

I wish to ensure and verify that I am opted out of any information sharing related to my account, my usage, my location, or my web services. Under no circumstances is Verison to share my data with OATH or any other partners.

I look forward to (1) Verizon fixing the broken link on the privacy page and (2) your response.

with Verizon responding (whether ever fixed or if the message gets through, who knows):

I apologize for any inconvenience this may have caused to you. I will report that the link is not working correctly to opt out of Oath. After further review, I did verify that you can visit http://privacy.aol.com/mobile-choices/ to opt out of Oath on your mobile devices. If you have any other additional questions. Please feel free to email me.

Rigorously lab tested and OWC certified.

Equifax: It Just Keeps Getting Better, for Hackers

MPG insists upon the corporate death penalty for Equifax. Let that be a lesson to a company profiting from information that is private.

Equifax consumer assistance website infected with malware

From EasyDNS.com:

The hits just keep on coming for Equifax. After one of the worst data breaches in history the company received further criticism for winning a “no-bid” contract with the IRS to “secure taxpayer data”.

Now it turns out the public information website it set up to help consumers understand the nature of the data breach was itself infected and thus served up malware to those browsing it. The hostile code took form of a fake “Adobe Flash Update” which instead of updating Flash, installed third-party spyware on the subject computer. Keep up the good work Equifax!

MPG: many people are going to lose everything to identify theft, or be imprisoned because an imposter commits a crime. Just try proving “it wasn’t me” with a stolen identify problem. Extremely dangerous stuff here.

Rigorously lab tested and OWC certified.

All your WIFI are belong to us: Major vulnerability in WPA2 to be released

MPG has long advised wired internet for performance reasons, as well as advising against public WiFi locations.

WiFi is apparently vulnerable to a complete loss of security.

For the techie, emphasis added:

Key Reinstallation A acks: Forcing Nonce Reuse in WPA2

We introduce the key reinstallation attack. This attack abuses design or implementation aws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are a ected by the attack.


Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.


All Wi-Fi clients we tested were vulnerable to our attack against the group key handshake. This enables an adversary to replay broadcast and multicast frames. When the 4-way or fast BSS tran- sition handshake is attacked, the precise impact depends on the data-confidentiality protocol being used. In all cases though, it is possible to decrypt frames and thus hijack TCP connections. This enables the injection of data into unencrypted HTTP connections. Moreover, against Android 6.0 our attack triggered the installation of an all-zero key, completely voiding any security guarantees.

Rather worryingly, our key reinstallation attack even occurs spontaneously if certain handshake messages are lost due to back- ground noise. This means that under certain conditions, implementations are reusing nonces without an adversary being present.

Less technical, from an email I received from EasyDNS.com:

WPA2, the encryption algorithm in use today on nearly all WIFI access points has been discovered to have a major security flaw which renders them hackable.

The upshot is that attackers will be able to read all data traversing the WIFI access point (another reason to use VPN sessions to further encrypt your data before it flows over the air). Security researchers will release their findings at Computer and Communications Security (CCS) on November 1, 2017. My understanding of this so far is that once the paper drops and the inevitable exploits follow, both the access point and the clients will need vendor patching to be secure. Think “heart bleed” to the exponent “shell shock”.

Security researchers will release their findings at Computer and Communications Security (CCS) on November 1, 2017. My understanding of this so far is that once the paper drops and the inevitable exploits follow, both the access point and the clients will need vendor patching to be secure. Think “heart bleed” to the exponent “shell shock”.

MPG: every iPhone and iPad and laptop and similar user relying on WiFi should take pause, particularly at public WiFi access points that might not get patched (remember Equifax screw-up? No need to remember, it is now at present a worse screwup).

Don H writes that Apple already has a patch, albeit only in beta versions of macOS and iOS. The claims in that link are that once the iPhone/iPad/Mac are patched that they will be safe to use anywhere. Kudos to Apple for rolling this out quickly (assuming that happens).

This site and diglloyd.com use https which and as far as I understand it protects user data, but that is not a statement of fact, only what I believe is correct, having worked with encryption as an engineer for some years.

It might be a discard your WiFi routers and get secure ones, if they cannot be updated to address the flaw.


WPA2: Broken with KRACK. What now?

Falling through the KRACKs

Reddit.com list of patches

GitHub list of vendor patches

SSD Upgrade for MacBook Pro Retina
Internal SSD Wishlist…

OWC Mini Travel Dock Handy for Quick Peripheral Usage, SD Card Reader, Pass-Thru Charging, USB Ports

Get OWC USB-C Travel Dock at MacSales.com.

See the previous post on the OWC Travel Dock which has some user comments and why cheap non-certified products might not be a good idea. OWC puts all their Thunderbolt products through the official certification process, which is neither cheap nor quick.

Just recently I was testing this nifty new Thunderbolt 3 SSD seen at bottom left, the OWC Envoy Pro EX 1TB SSD. It offers performance far exceeding anything that can be had with USB3. I’ll have a formal review just as soon as it ships and is officially announced (oops).

I can’t stand trackpads (particularly the oversized awful one on the 2016/2017 Apple MacBook Pro)—so I wanted to attach a mouse.

But that was impossible since the power plug was needed while testing and the SSD used the other port (13" models have a miserly two ports). Plus, a Type-A to USB Type-C Adapter would have been required.

With the OWC about $49.99 USB-C Travel Dock I had an instant solution, as shown: it provides a USB-3 port, passes through the power and thus the other Thunderbolt 3 port remains available for use. Headache gone.

Why do smaller/lighter Apple products always have to be compromised (memory, ports, CPUs, etc). Lots of power users want something light and compact, but do not want to lose functionality. This is not elegance of design!

More info on the USB-C Travel Dock below.

OWC USB-C Mini Travel Dock

About the OWC Travel Dock

2016 and 2017 MacBook Pro users now have a solution for reducing the number of dongles to carry to just one device for common needs in the about $50 OWC USB-C Mini Travel Dock.

  • 2 x USB 3.1 Gen 1 (Standard-A) Ports
  • USB-C Auxiliary Power Port (up to 60W)
  • SD Card Reader (UHS-II)
  • HDMI 2.0 Port Supports 4K display resolution – up to 4096 x 2160 at 30Hz
  • Available in 4 colors
  • 2 Year OWC Limited Warranty
  • Any type C power adapter up to 100 watts can be connected to the Mini Travel Dock.

Fitting easily into a small purse or back or moderate-size pocket, the OWC USB-C Travel Dock solves two key needs that I have when working in the field: USB-A port support (for a backup drive), and an SD card slot (for downloading image). Although I am still using a 2015 MacBook Pro, when I ultimately move to newer model, this will be a critical accessory.

See also OWC Thunderbolt 3 Dock and OWC USB-C Dock for Apple MacBook.

OWC USB-C Mini Travel Dock


Rigorously lab tested and OWC certified.

Deals on Factory Sealed iMac 5K at OWC + Refurbished Mac Deals

See my computing wish list.

OWC (MacSales.com) often sells factory sealed Macs. You can trust them to stand behind what they sell, be it a Mac or any kind of peripheral.

OWC / MacSales.com also has Oktoberfest deals through Oct 18.

Rigorously lab tested and OWC certified.

Out of Space on your 2010-2015 MacBook Pro? SSD Prices Highly Attractive for Upgrading SSD Capacity

OWC has SSD upgrades for MacBook Pro through 2015 as well as SSDs and SSD upgrades for just about any Mac.

In Making an Old Dog of a Laptop Run Like a New One a few years ago, I discussed how an SSD upgrade could bring new life to an older laptop that might be just fine excepting its old slow hard drive.

Most Apple MacBook Pro models from 2012 on (and some earlier ones) are still strong performers. I still run several 2012 Macbook Pros as 24 X 7 servers with 1TB OWC SSD drives—bulletproof operation for 44000 hours now.

If laptop needs are not too demanding, why spend the huge amount of on a new laptop when an SSD upgrade can speed up the current one and increase capacity? If you have several children as I do, I’m not about to spend $1500 each on a new laptop.

OWC Mercury Electra 6G SSD

Upgrading a 2012 MacBook Pro 13" from 128GB to 500GB

Here in September 2017, my father’s 2012 MacBook Pro with its Apple 128GB SSD was becoming a hassle: his relatively modest storage needs precluded having any copy or clone operation succeed due to lack of space on that Apple SSD.

His goal was to have his photos along on the laptop that were on his desktop Mac, and he was/is happy with the performance and everything else, it was just a storage capacity issue.

We considered a 250GB and 1TB options, but deemed 250GB not enough, and 1TB or 2TB way more than needed, so we settled on the about $220 OWC 500GB OWC Mercury Electra 6G SSD.

OWC also has many SSD upgrade kits, which include tools and a USB3 case for the old SSD for external use. For most users, the kit is a great idea, since the tools are included.

OWC Mercury Electra 6G SSD
OWC Mercury Electra 6G SSD

How to upgrade

See also How to upgrade your system/boot drive.

The upgrade process is painless using cloning:

  1. Clone the old drive to the new SSD (or clone to an intermediate drive).
  2. Unscrew the back cover, replace the old drive with the SSD. (if using an intermediate drive, boot off it, then clone it back to the internal SSD).
  3. Boot the machine off the new SSD (System Preferences => Startup Disk). Nothing changes except a lot more space—no need to reinstall the system or appsnothing changes due to the cloning.

As I understand it, OWC can do this part for you for a modest fee. If doing it yourself, you’ll need a small screwdriver and a torx screwdriver. See the OWC install videos in this case the install video for the mid-2012 MacBook Pro 13".

The old Apple SSD was good for about 350 MB/sec. The new SSD does 400-500 MB/sec, so not only is it a lot faster, it is 4X the storage—problem solved.

See also Case Study: Upgrade a 2010 MacBook Pro for Photoshop Performance and Case Study: Upgrade a MacBook Pro to Banish Sluggishness which shows how valuable a hard drive to SSD upgrade can be:

Before and after HDD => SSD upgrade
Before and after HDD => SSD upgrade
OWC Easy SSD Upgrade Guide
MacBook Pro and MacBook Air
iMac, Mac Pro, MacMini, more!

macOS HighSierra: New Security Behavior includes a new Zero Day Exploit (kernel level compromise) and Dumping User Passwords

Get iMac 5K at B&H Photo and see my Mac wishlist.

This seems to be a move forward in making macOS less susceptible to malware—good. See Technical Note TN2459 User-Approved Kernel Extension Loading.


Update: so much for “good”: there is apparently a zero day exploit that comes with this new security theater. This exploit allows taking full control of the computer, more on that below.

In macOS HighSierra: Brief Use Brings Relief in a Way: Worth Ignoring for a While, I used the term “incompetent” in my post, which is too kind apparently. It should be something like “negligently incompetent”. That is, introducing a new zero day exploit that allows taking over macOS in the course of introducing a new almost marginal useful security feature.

I don’t usually hold developers at fault, since management’s calendar-driven shipping schedule guarantees problems. But in this case I have to make an exception; having worked in security before as an engineering manager (Pretty Good Privacy, startup), our team took everything seriously. You just don’t change Stuff without going over it head to toe, and I’d bet this was rushed out like everything else. Security staff should have the competence to get it right, and the integrity to push back hard against a management willing to endanger user security by rushing out new features.

macOS High Sierra Blocks install of system extensions by default
macOS High Sierra Blocks install of system extensions by default

Zero Day Exploit in macOS High Sierra

So much for “good”:

Objective See: High Sierra's 'Secure Kernel Extension Loading' is Broken › a new 'security' feature in macOS 10.13, is trivial to bypass.

In brief:

SKEL merely hampers the efforts of the 'good guys' (i.e. 3rd-party macOS developers such as those that design security products). Due to flaws in its implementation, the bad guys (hackers/malware) will likely remain unaffected. While many respected security researchers, system administrators, and macOS developers have voiced this concern, here we'll prove this by demonstrating a 0day vulnerability in SKEL's implementation that decisively bypasses it fully.


While at this time I cannot release technical details of the vulnerability, here's a demo of a full SKEL bypass. As can be seen below in the iTerm window below, after dumping the version of the system (High Sierra, beta 9) and showing that SIP is enabled and that kernel extension we aiming to load (LittleSnitch.kext) is not loaded, nor is in the 'kext policy' database, something magic happens. In short, we exploit an implementation vulnerability in SKEL that allows us to load a new unapproved kext, fully programmatically, without any user interaction.

MPG: enjoy your new Mac with smokin' HighSierra.

Dumping user passwords

Here’s another nifty security problem: on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords) 🍎�😭 v.


Thunderbolt 3 Dock
Must-have expansion for 2017 iMac/ MacBook Pro
Thunderbolt 3 • USB 3 • Gigabit Ethernet • 4K Support • Firewire 800 • Sound Ports
Rigorously lab tested and OWC certified.

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2008-2017 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__