In Motion There is Great Potential
SSD Wishlist…

Security: Another Phishing Example (plus Apple Junk Mail Bug)

This phishing email (very dangerous) purports to be an Amazon gift award. The idea is that you will click the link, login to a page that looks like Amazon, then the hackers will have your login info to exploit in every possible way, including trying that login on the accounts you might have (which is why one should NEVER use the same login info on multiple sites, certainly not the password, and ideally not the username either).

Continues below with recommended email hygiene.

Secondary issue: the longstanding Apple Mail bug is also seen: junk mail filter is off (as shown), has been off for years, and yet Apple Mail still invokes junk mail filtering. Apple Mail junk mail works in a half-assed sort of way (better than nothing, but barely); I strongly recommend Spam Sieve instead.

Phishing Email Purporting to be Amazon Gift

Email security hygiene

If the above is not scary enough, here’s a good summary of a gmail phishing approach that is highly effective.

It just amazes me that corporations allow anyone using email to auto-load remote content, or to have links within emails clickable, since both are security hazards. Apple provides for disabling remote content, but has no “disable web links in email” option or option to warn first after running against a highly skeptical pre-flight check (which could even live-test the site for SSL and so on)—shame on Apple, for this is a major security risk vector.

  • Always disable loading of remote content by default. Failure to do so gives a ping back to a spammer indicating that the email is a “live one”. You might as well reply stating “thank you, please keep me on your spam list and sell it to everyone you can”.
  • Avoid clicking links in emails. This is a major vector for compromising a system. Clicking on links in email should the rare exception. If you really really want to, then right/control click to copy the URL, paste into a plain text empty window and see if the URL looks valid (and is https). If so, then paste it into the web browser. “Yes I’m smart enough” = no one is smart enough. It’s just too easy to make one mistake ever—I’m not. Don’t do it by default. The only exceptions I make are when I am expecting an email and/or for a part I am sure I trust and the headers all look good.
  • Have more than one email for sensitive accounts. Do not use an email address for banks, brokerage, or anything sensitive that is the same email as your regular one.
  • Use disposable email addresses for shopping, etc. Get rid of them every 3 months or so, moving to a new disposable one. The nasty thing here is so many sites require an email for a login instead of a username—poor security hygiene—making it tempting to use the email address as a username. This defeats the “disposable” idea and it also means an attacker can run that email against thousands of web sites to which you might belong. When possible, use disposable username and emails, to limit the damage. And never use the same password for more than one site—use 1Password to help, possibly leaving out critical logins for financial sites.

When Will a new iMac and Mac Pro Arrive?

If a new iMac is coming, it ought to be announced by mid-April, which would still make it one of the longest “droughts” for an iMac update in a long time. Otherwise, think June or August. The bad news is the rumor of using AMD graphics chips, which 80% of pros do NOT want.

Tim Cook’s assurances of “great new desktops” don’t assure any pro users I know of, but MPG thinks there ought to at least be a new iMac soon, and, hoping against years of disappointment, a new Mac Pro, but perhaps one to be put off for up to another six months. But... never rule out good luck.

And maybe Apple would even diverge from its anti-functional approach with the MacMini towards a design that works more like an Intel NUC, which would be far more elegant than the current marginalized design that serves mainly to kill interest in the MacMini.

With desktop CPU performance at a standstill and software quality often a bottleneck , the areas for progress on performance come down to hoping for improving the support areas around the CPU:

  • Thunderbolt / USB-C support.
  • 8K display support (iMac 8K, special support on Mac Pro).
  • Optional 2nd internal SSD.
  • Two or three 16X PCIe slots (Mac Pro), although users might get by with Thunderbolt 3 on multiple busses.
  • 8 memory slots instead of 4 (Mac Pro)
  • 2 internal hard drives (Mac Pro).
  • Up to 18 CPU cores (Mac Pro).
  • Mild processor speed bump.

In other words, features that make actual computing work go a lot faster and/or be more productive and/or make for a lower cost of entry while affording future capability.

MPG does not expect that Tim Cook’s idea of what constitutes a “great desktop” has much to do with the list above, all past indications suggestions that “great” means thinner with fewer ports and less functionality. But at least Thunderbolt 3 / USB-C would be a nice bump forward.

* Such as Apple Mail being incompetently implemented and rife with bugs.

See also:

Cycling

Manage That Keyboard: How to Disable Caps Lock

A friend of mine calls me every few months because he cannot login into his computer. It’s always the same reason: the caps lock key is pressed.

Setting aside the dubious idea of allowing caps lock to function at all for a login dialog (why encourage poor passwords?), how does one disable the caps lock key entirely? Simple:

  1. Open System Preferences => Keyboard
  2. Click Modifiers Keys…
  3. Choose Caps Lock = No Action
macOS: disable caps lock key in System Preferences => Keyboard => Modifier Keys

Michael K writes:

Not sure if you're aware of the 'Modifier Keys' bug introduced in Sierra or not. In case you're not – Sierra resets all Modifier Keys back to their factory defaults upon restart, meaning you have change them back to what you want every time you start the computer.

This has survived through all four releases of Sierra – 10.12 through 10.12.3. One of the first things I've always done any new OS is set Caps Lock to No Action, however, since Sierra the option has to set by the user every single time the computer boots up. The Mac Pro (5,1) and MacBook Pro (10,1) are doing this but the Mac mini (6,2) is not.

I've filed two seperate bug reports with Apple, clear and concise, I've heard nothing back.

MPG: yes, I’ve seen the bug myself on multiple machines. I had forgotten the cause... indeed I had fixed my friend’s machine and the geniuses at Apple unfixed it, so to speak.

Just now, I rebooted my iMac 5K and I see that the modifier keys have been reset. Ditto for the 2015 MacBook Pro. OTOH, the 2013 Mac Pro does not suffer from the issue from what I have seen.

When will Apple incompetence end? Do we have to wait years now to have Tim Cook assure us that “we have great macOS software coming”? Their are hundreds of crappy little things like this that have accumulated all over macOS (don’t get me started on the clusterf*** that is iCloud).

Apple Core Rot: Logging Spew

My 2013 Mac Pro was running a bit noisy and hot for some hours yesterday even while idle. It is normally whisper quiet and all but inaudible. I have seen that behavior before, and it is always caused by some runaway process doing something useless in the background.

MacOS Sierra has been filled with new bugs, too numerous to contemplate. But the one discussed here is what I call the “logging spew” bug: a continuous stream of logging visible in the Console application, and steadily growing the size on disk of the numerous logging files, all of which are 100% useless to 99.999% of users.

As it turns out, Activity Monitor (in it, View => All Processes) it was logd chewing up a steady 10% of a CPU doing nothing but logging, a few hundred messages per second spewing out. It was some bash process running even after I had quite all Terminal windows. I had to 'kill -9' the process by its process number, but so steady was the logging onslaught that it took a few seconds for console to finish displaying the output. I then rebooted to hope for some sanity.

Yes, you do really need 296 or 3845 CoreSync or whatever update logs in ~/Library/Logs. And thousands of other log files from dozens of processes like that. You will never want to look at these files, nor do you have any use for them, but Apple makes sure to pollute your user folder with them. Don’t get me started on system Logs, which you cannot easily delete, and just build up forever over time, like dental plaque.

Opening Console, you’ll see the ceaseless spew from a cornucopia of processes, including many I never want, and will never use. It might be 'quiet' at times, but what I’ve found is that a number of Apple services get triggered from time to time to go into a state of endless bitching and moaning, often with messages that equate to “fix this bug someday”.

For example, here is this lovely new Apple bug involving touchui. On a Mac Pro no touch user interface exists, but the engineers at Apple don’t bother to test much any more, so the com.apple.nowplayingtouchui apparently is just going to fail forever. The word “idiots” comes to mind. What triggers it I don’t know. Rebooting made this one go away until the next morning—it’s baaaaack, failing every 2 seconds again today. The “0 seconds... respawn” message means that the process is crashing or failing—an obvious bug that should never ship to customers.

Mar  9 21:26:06 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:26:36 --- last message repeated 2 times ---
Mar  9 21:26:36 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:26:45 diglloydMP syslogd[51]: ASL Sender Statistics
Mar  9 21:26:46 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:27:16 --- last message repeated 2 times ---
Mar  9 21:27:16 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:27:46 --- last message repeated 2 times ---
Mar  9 21:27:46 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:28:16 --- last message repeated 2 times ---
Mar  9 21:28:16 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:28:46 --- last message repeated 2 times ---
Mar  9 21:28:46 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:29:16 --- last message repeated 2 times ---
Mar  9 21:29:16 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:29:46 --- last message repeated 2 times ---
Mar  9 21:29:46 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Mar  9 21:30:16 --- last message repeated 2 times ---
Mar  9 21:30:16 diglloydMP com.apple.xpc.launchd[1] (com.apple.nowplayingtouchui): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.          

Wikileaks Reveals Many Things... like Televisions as Covert Listening Devices

The internet is not safe and probably never will be. But most people do not suspect that their television can be a covert listening device, even when turned off. Unplugging it when not in use is the only safe bet.

Please read George Orwell’s visionary 1984.

Today’s Wikileaks treasure trove “Vault 7” is a 500GB download, for those who have time to read it. Here’s a 'fun' one from the NYT:

Some of the details of the C.I.A. programs might have come from the plot of a spy novel for the cyberage, revealing numerous highly classified — and in some cases, exotic — hacking programs. One, code-named Weeping Angel, uses Samsung “smart” televisions as covert listening devices. According to the WikiLeaks press release, even when it appears to be turned off, the television “operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.”

...

In early 2015, Samsung appeared to acknowledge the TVs posed a risk to privacy. The fine print terms of service included with its smart TVs said that the television sets could capture background conversations, and that they could be passed on to third parties.

The company also provided a remarkably blunt warning: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of Voice Recognition.”

There are enormous privacy and legal implications here, and MPG is not singling out Samsung For example, law enforcement is already demanding Amazon Echo records shows that you probably have no legal protection even inside your own home. Today, the law has very weak protections for email, let alone your data in the cloud at Apple or Amazon and doesn’t even contemplate televisions inside a home. You have zero privacy rights in essence, all in the context of hysteria about cookies—security theatre and the joke is on you.

Anything with a speaker or camera or blinking light or GPS or internet connection or wireless connection is a vector, and both the CIA and organized hackers are enormously creative and well funded.

Cell phones, iPads, computers, televisions, smart watches, etc all form the infrastructure for a police state as per George Orwell’s visionary 1984, let alone organized and very well funded cyber crime organizations. The technology has arrived—hardware and software. What will happen? What might today’s campus thugs (aka students and professors), unable to tolerate other viewpoints without resorting to physical violence, might do with such power in a decade or two while holding office?

Deals Updated Daily at B&H Photo

OWC Nearly Doubles PCIe SSD Performance with Accelsior Q

MPG Lloyd still runs dual OWC Accelsior 960GB PCIe SSDs in an OWC Helios 2 Thunderbolt 2 enclosure—a stalwart performer for years now. There is also the single-slot OWC Helios.

OWC has just started shipping the Accelsior Q PCIe SSD:

  • Mac Pro (2008 to 2012)
  • Other Macs with Thunderbolt via OWC Helios enclosure or OWC Helios 2 enclosure
  • Available in 480GB, 1TB and 2TB capacities
  • Blazing-Fast PCIe Storage with up to 1,293MB/s sustained speeds
  • PCIe 2.0 x8 SSD

Blazing-Fast PCIe Storage

Create your best work, faster than ever before. Mercury Accelsior Pro Q offers ultra-fast PCIe storage to take your creative workflow to the next level. Step up to the fastest Mac Pro you've ever experienced - With phenomenal data speeds up to 1293 MB/s, Mercury Accelsior Pro Q makes high-demand creative tasks a breeze.

The Ultimate Performance Storage Upgrade

Mercury Accelsior Pro Q delivers a gigantic speed boost to virtually any system. Streamline your workflow and say goodbye to frustrating render wait-times, dropped frames and spinning beachballs. With this much bandwidth, you can preview, render and process files at full resolution, in real-time. The bottom line is you create much more and wait much less.

It's an Easy DIY Install

Mercury Accelsior Pro Q installs in a snap in any available PCIe x8 slot in your 2008-2012 Mac Pro or OWC Mercury Helios. Download the driver and you're up and running in a flash.

Tested, Tested, Tested Again

The Mercury Accelsior Pro Q is proudly designed in Austin, Texas and undergoes a rigorous 7-stage testing procedure including 100% burn-in, resulting in unwavering dependability. We back the Mercury Accelsior Pro Q with a full 3-year limited warranty and OWC's free USA-based lifetime support.

OWC 480GB Thumb Drive
only $270

What Lloyd uses in the field for a carry-around backup.
Fits just about anywhere, tough aluminum case.
Deals Updated Daily at B&H Photo
View BEST Deals Right Now

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2008-2017 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__