Has anyone had a problem with a Retina MBP (I'm on a 2016 if it matters) where brightness auto adjust raises the contrast or something and makes everything look bleached? I dont know if its my screen or a software issue, but I think its tied to auto adjust since disabling it restores correct contrast.
EDIT: Oddly, I've only just noticed this today, but I havent installed an update in a while. Seems weird that software would just all of a sudden make changes like that without my input or a software update or something.
What drives me nuts about that is, between the family members in my home and all their devices, my Mac, iPhone, and iPad are are always popping up with notifications whenever they want to download something since mine is the main account. And they all have at least two Apple devices. I * think * it's only supposed to do it once for each device? Seems like it happens more frequently.
I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.
I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.
God help me I keep looking at that iMac Pro page.
If you look about you can get the LG thunderbolt 3 monitors for MacOS refurbished at a good discount, It was much much better discount when Apple still had the money off USB C stuff and people were returning the first run of monitors. I managed to get the 21 inch 4K version for £189 refurb back in Feb, now a new one is close to £700.
Otherwise there is a lot of really good new monitors coming forth and the new OS update is including support for those external GPU boxes like Razor make. So what might be worth doing is getting a standard high spec iMac or MacBook Pro and buying the GPU of choice for gaming depending on how much the iMac Pro costs?
FWIW, all of those external boxes introduce a 10-50% performance hit (depending on game, etc) at the moment. If you don't have a good reason to pay the Portability Tax, you're better off with something integrated that is closer to what you want.
I wouldn't expect the iMac Pro to be good at gaming compared to an equivalently priced PC, though it will be a very nice workstation for a few years. And you end up with the eternal iMac tradeoff of having to throw out a very good (and expensive) monitor whenever the internal components no longer meet your needs.
FWIW, all of those external boxes introduce a 10-50% performance hit (depending on game, etc) at the moment. If you don't have a good reason to pay the Portability Tax, you're better off with something integrated that is closer to what you want.
I wouldn't expect the iMac Pro to be good at gaming compared to an equivalently priced PC, though it will be a very nice workstation for a few years. And you end up with the eternal iMac tradeoff of having to throw out a very good (and expensive) monitor whenever the internal components no longer meet your needs.
I think it'll be fine at gaming for some definition of "fine". It will basically be an X299 box (precisely, the Xeon counterpart to Skylake-X/X299) with an AMD Vega GPU running a 5K display. So CPU/GPU performance will be high-end but not the highest end. It's the the 5K display that will cause problems for gaming. It's simply too much for any GPU. Thus, you'd probably want to pick up a second lower resolution display to game on, which in the context of buying an iMac Pro, would probably be pretty cheap.
FWIW, all of those external boxes introduce a 10-50% performance hit (depending on game, etc) at the moment. If you don't have a good reason to pay the Portability Tax, you're better off with something integrated that is closer to what you want.
I wouldn't expect the iMac Pro to be good at gaming compared to an equivalently priced PC, though it will be a very nice workstation for a few years. And you end up with the eternal iMac tradeoff of having to throw out a very good (and expensive) monitor whenever the internal components no longer meet your needs.
I think it'll be fine at gaming for some definition of "fine". It will basically be an X299 box (precisely, the Xeon counterpart to Skylake-X/X299) with an AMD Vega GPU running a 5K display. So CPU/GPU performance will be high-end but not the highest end. It's the the 5K display that will cause problems for gaming. It's simply too much for any GPU. Thus, you'd probably want to pick up a second lower resolution display to game on, which in the context of buying an iMac Pro, would probably be pretty cheap.
You can always scale the resolution down. I do that all the time on my MacBook Pro and the screen still looks better the my native 1080p Dell Ultrasharp.
I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.
God help me I keep looking at that iMac Pro page.
You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.
I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.
God help me I keep looking at that iMac Pro page.
You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.
Yeah the workstation part is what is missing in that equation though. Xeons and ECC ram isn't cheap.
I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.
God help me I keep looking at that iMac Pro page.
You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.
Yeah the workstation part is what is missing in that equation though. Xeons and ECC ram isn't cheap.
If you are able to wait one more year on this, I would suggest checking out whatever Mac Pro was promised by Cook earlier this year for a 2018 release.
It is (supposedly) a callback to the classic Mac Pro / G5 towers of yore, with normal expansion capabilities.
I am sure it will also be v expensive, but the ability to buy a very nice 5K monitor and have it for the next machine as apoosed to attached to your workstation will be a nice bonus.
Plus the ability to drop a whatever is passing for a 1080GTX in 2018 instead of a Radeon Fire.
SW-4158-3990-6116
Let's play Mario Kart or something...
I'm considering my next desktop PC, which I am thinking workstation + gaming, and then projecting even further, I need to buy new monitors. It's going to be a large amount of money when all is said and done.
God help me I keep looking at that iMac Pro page.
You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.
Yeah the workstation part is what is missing in that equation though. Xeons and ECC ram isn't cheap.
The parts list that PCGamer is using there to approximate what Apple will ship is sort of bone-headed for a few components, but the essential point of the article is basically correct. An iMac Pro isn't cheap, but it's cheaper than a DIY machine that matches it specs.
I'm also in the market for a new workstation-ish machine (that I'll also use for PC gaming), and I actually think I'm going to try to build a Hackintosh. Even though I think that iMac Pro will be a pretty great machine, I don't really want to get locked into a Vega GPU and a display that's not really great for gaming. I also don't want to wait till next year on the new modular Mac Pro. The Hackintosh community has Sierra up and running on Skylake-X/X299 already: Skylake-X/X299 - Live the Future now on macOS Sierra 10.12 - [Successful Build/Extended Guide].
If High Sierra is solid on SKL-X/X299 Hackintoshes by the time the SKL-X CPUs are out at the end of October, I'll build a 14- or 16-core Hackintosh.
I wonder how much external GPUs will mitigate not being able to upgrade the Vega.
Because honestly that is the one thing I update. Ever since I started building machines I never touch the cpu \ motherboard, I consider that new build terrority. I used to upgrade ram fairly regularly but that really doesn’t move forward at the same pace anymore. Basically the GPU is the one part I want to be able to upgrade, because a lot happens to GPUs in 4 years.
kaliyamaLeft to find less-moderated foraRegistered Userregular
edited October 2017
Hi all - for a friend looking at editing static images in photoshop, is there a material difference between the 2.3 ghz macbook pro and the 3.1? Both 13". Googling this question didn't produce useful results, but I would assume ram would be more important than the processor speed and processor would only be a bottleneck for video rendering.
Hi all - for a friend looking at editing static images in photoshop, is there a material difference between the 2.3 ghz macbook pro and the 3.1? Both 13". Googling this question didn't produce useful results, but I would assume ram would be more important than the processor speed and processor would only be a bottleneck for video rendering.
Not sure if it helps, but I'm using a 2.9 GHz Macbook Pro (15" with touch bar) and I find no lag in Photoshop. That's all while the Macbook is driving THREE external 24" displays (for a total of four displays). So this thing is plenty fast. I have 16 GB RAM.
Hi all - for a friend looking at editing static images in photoshop, is there a material difference between the 2.3 ghz macbook pro and the 3.1? Both 13". Googling this question didn't produce useful results, but I would assume ram would be more important than the processor speed and processor would only be a bottleneck for video rendering.
Not sure if it helps, but I'm using a 2.9 GHz Macbook Pro (15" with touch bar) and I find no lag in Photoshop. That's all while the Macbook is driving THREE external 24" displays (for a total of four displays). So this thing is plenty fast. I have 16 GB RAM.
From about 2007 onwards the biggest bottleneck was the HDD, when people changed to a SSD and apple went with its Flash memory version the systems went super fast. There is also the fact that the GPU on the Pro models are optimised for workloads rather than gaming. RAM is pretty low down on the list. I was able to edit quite well with Photoshop CC on a 2013 MacBook Air with 4GB Ram and even Lightroom.
Seems like Disk Utility stores the password as the password hint when setting the password.
So what does this mean for the rest of us?
Garry: I know you gentlemen have been through a lot, but when you find the time I'd rather not spend the rest of the winter TIED TO THIS FUCKING COUCH!
0
Options
physi_marcPositron TrackerIn a nutshellRegistered Userregular
Has it? I thought in some ways OSX was at the cutting edge of security with app sandboxing and system level protection.
What are we comparing it to? Linux distros have had similar bugs.
Yeah. Apple has a lot of great security tech that it has inherited from being based on BSD, but they're basically the worst of the worst when it comes to 'security through obscurity' with their closed source components. Security industry people have been saying for years (since the release of windows vista, basically) that OSX is by far the most vulnerable of the mainstream OSes and that as it gains popularity users should expect to see more and more critical vulnerabilities.
Has it? I thought in some ways OSX was at the cutting edge of security with app sandboxing and system level protection.
What are we comparing it to? Linux distros have had similar bugs.
Yeah. Apple has a lot of great security tech that it has inherited from being based on BSD, but they're basically the worst of the worst when it comes to 'security through obscurity' with their closed source components. Security industry people have been saying for years (since the release of windows vista, basically) that OSX is by far the most vulnerable of the mainstream OSes and that as it gains popularity users should expect to see more and more critical vulnerabilities.
What is fundamentally flawed about the security model? Like you said, it's based in Unix style security model. What did Apple change that made it more vulnerable?
Additionally they strongly steer users to their App Store which has apps that are signed and take advantage of extensive sandboxing.
While High Sierra has had a few rough security holes, my read on them is that they weren't symptomatic of a flawed security model, like say, the security flaws in pre-NT / 2000 era Windows were.
The security model they're using is fine. Like you said, it's inherited from BSD (rather, it is BSD). It's the software they've written that interfaces with it that is the problem. It doesn't matter how secure the user model is when you can type in root and hit enter twice. Those flaws aren't a symptom of problems with their security model but a symptom of the integrity of their development process. There are tons of OSX components that run with privileged access (as a necessity), and any of those components could potentially be compromised.
The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).
A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.
The security model they're using is fine. Like you said, it's inherited from BSD (rather, it is BSD). It's the software they've written that interfaces with it that is the problem. It doesn't matter how secure the user model is when you can type in root and hit enter twice. Those flaws aren't a symptom of problems with their security model but a symptom of the integrity of their development process. There are tons of OSX components that run with privileged access (as a necessity), and any of those components could potentially be compromised.
The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).
A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.
I don't think that's exactly right. It's more that they design really good security and then compromise it with stupid bugs. HomeKit, purely in terms of design, has always been more secure than other IoT protocols. Its original spec mandated some genuinely hardcore encryption: HomeKit market held back by Apple's high encryption demands - report. They relaxed some of their original standards in order to make it easier to retrofit existing IoT devices with HomeKit support, but the HomeKit spec is still heavy on security features: Apple has proven me wrong about HomeKit.
And as far as I know, Apple is the only company that bakes strong, completely inaccessible encryption keys directly into their device hardware. Is there any other mainstream PC/phone manufacturer that puts something like the Secure Enclave in their chipsets/SoCs? If there are, I haven't seen them make the press.
All that being said, the macOS root bug was egregious and inexcusable, and their flailing attempts to hotfix it were cringe-inducing. The HomeKit thing was also bad, but it required that a hacker know the target's Apple ID already.
The security model they're using is fine. Like you said, it's inherited from BSD (rather, it is BSD). It's the software they've written that interfaces with it that is the problem. It doesn't matter how secure the user model is when you can type in root and hit enter twice. Those flaws aren't a symptom of problems with their security model but a symptom of the integrity of their development process. There are tons of OSX components that run with privileged access (as a necessity), and any of those components could potentially be compromised.
The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).
A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.
I don't think that's exactly right. It's more that they design really good security and then compromise it with stupid bugs. HomeKit, purely in terms of design, has always been more secure than other IoT protocols. Its original spec mandated some genuinely hardcore encryption: HomeKit market held back by Apple's high encryption demands - report. They relaxed some of their original standards in order to make it easier to retrofit existing IoT devices with HomeKit support, but the HomeKit spec is still heavy on security features: Apple has proven me wrong about HomeKit.
And as far as I know, Apple is the only company that bakes strong, completely inaccessible encryption keys directly into their device hardware. Is there any other mainstream PC/phone manufacturer that puts something like the Secure Enclave in their chipsets/SoCs? If there are, I haven't seen them make the press.
All that being said, the macOS root bug was egregious and inexcusable, and their flailing attempts to hotfix it were cringe-inducing. The HomeKit thing was also bad, but it required that a hacker know the target's Apple ID already.
The real bad thing about the root bug is that the existence of that bug means they're probably not doing any unit testing and that is a big red flag and exactly the problem that security researchers have been talking about.
The HomeKit bug was less about the bug itself but their response to it. There was zero response to fixing a pretty critical bug until it got to their PR department. They don't give a shit about security bugs unless they're in the public eye. That is a serious cultural problem, which to me suggests that the state of their security development isn't going to improve unless the culture changes.
The security model they're using is fine. Like you said, it's inherited from BSD (rather, it is BSD). It's the software they've written that interfaces with it that is the problem. It doesn't matter how secure the user model is when you can type in root and hit enter twice. Those flaws aren't a symptom of problems with their security model but a symptom of the integrity of their development process. There are tons of OSX components that run with privileged access (as a necessity), and any of those components could potentially be compromised.
The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).
A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.
I don't think that's exactly right. It's more that they design really good security and then compromise it with stupid bugs. HomeKit, purely in terms of design, has always been more secure than other IoT protocols. Its original spec mandated some genuinely hardcore encryption: HomeKit market held back by Apple's high encryption demands - report. They relaxed some of their original standards in order to make it easier to retrofit existing IoT devices with HomeKit support, but the HomeKit spec is still heavy on security features: Apple has proven me wrong about HomeKit.
And as far as I know, Apple is the only company that bakes strong, completely inaccessible encryption keys directly into their device hardware. Is there any other mainstream PC/phone manufacturer that puts something like the Secure Enclave in their chipsets/SoCs? If there are, I haven't seen them make the press.
All that being said, the macOS root bug was egregious and inexcusable, and their flailing attempts to hotfix it were cringe-inducing. The HomeKit thing was also bad, but it required that a hacker know the target's Apple ID already.
The real bad thing about the root bug is that the existence of that bug means they're probably not doing any unit testing and that is a big red flag and exactly the problem that security researchers have been talking about.
The HomeKit bug was less about the bug itself but their response to it. There was zero response to fixing a pretty critical bug until it got to their PR department. They don't give a shit about security bugs unless they're in the public eye. That is a serious cultural problem, which to me suggests that the state of their security development isn't going to improve unless the culture changes.
Jumping to the conclusion that they aren’t unit testing is quite the leap.
Actually, based on this write up, https://objective-see.com/blog/blog_0x24.html, it sounds like more the problem wouldn’t have been caught by unit tests, it’s more what an integration test would catch.
Dayum, unlocking my Macbook Pro with my Apple Watch is way cooler than using the fingerprint sensor on the touch bar. I had no idea it could do that.
My wife loves that, too. It IS a pretty great feature. I just wish they'd get on the Android Smart Lock train and let your Apple Watch unlock your iPhone, because Face ID sure is a bit of a dog.
Ah, it stinks, it sucks, it's anthropologically unjust
+1
Options
thatassemblyguyJanitor of Technical Debt.Registered Userregular
Hello, macOS thread. I've recently adopted this ecosystem (being a masocist I need to have all three platforms in my life..)
is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.
Hello, macOS thread. I've recently adopted this ecosystem (being a masocist I need to have all three platforms in my life..)
is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.
I use Ghostery and Adblock. Gets most of them, I think.
Hello, macOS thread. I've recently adopted this ecosystem (being a masocist I need to have all three platforms in my life..)
is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.
I use Ghostery and Adblock. Gets most of them, I think.
I ended up downloading Firefox for Mac OS. It was really bugging me that Safari didn't have something more granular than "turn off all javascript". There was one extension I found, but it seemed not as well vetted as noscript (of which there is no Safari version).
Hello, macOS thread. I've recently adopted this ecosystem (being a masocist I need to have all three platforms in my life..)
is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.
I've used 1Blocker, Ka-Block, and AdGuard, all of which take advantage of Safari's native-side content blocking features instead of being pure JavaScript. Not sure about something like noscript, though.
Posts
EDIT: Oddly, I've only just noticed this today, but I havent installed an update in a while. Seems weird that software would just all of a sudden make changes like that without my input or a software update or something.
Watch my music videos
yeah, you are on a trusted device you own that you established can be used to validate two factor, and you are going through a website prompt.
the website does not know that you are on that trusted device.
For instance, I can put my username and password into google on my iphone, then go over to my authenticator app on the same phone and get the code.
Or get a text message on that phone to validate I am who I am.
Let's play Mario Kart or something...
God help me I keep looking at that iMac Pro page.
If you look about you can get the LG thunderbolt 3 monitors for MacOS refurbished at a good discount, It was much much better discount when Apple still had the money off USB C stuff and people were returning the first run of monitors. I managed to get the 21 inch 4K version for £189 refurb back in Feb, now a new one is close to £700.
Otherwise there is a lot of really good new monitors coming forth and the new OS update is including support for those external GPU boxes like Razor make. So what might be worth doing is getting a standard high spec iMac or MacBook Pro and buying the GPU of choice for gaming depending on how much the iMac Pro costs?
I wouldn't expect the iMac Pro to be good at gaming compared to an equivalently priced PC, though it will be a very nice workstation for a few years. And you end up with the eternal iMac tradeoff of having to throw out a very good (and expensive) monitor whenever the internal components no longer meet your needs.
I think it'll be fine at gaming for some definition of "fine". It will basically be an X299 box (precisely, the Xeon counterpart to Skylake-X/X299) with an AMD Vega GPU running a 5K display. So CPU/GPU performance will be high-end but not the highest end. It's the the 5K display that will cause problems for gaming. It's simply too much for any GPU. Thus, you'd probably want to pick up a second lower resolution display to game on, which in the context of buying an iMac Pro, would probably be pretty cheap.
You can always scale the resolution down. I do that all the time on my MacBook Pro and the screen still looks better the my native 1080p Dell Ultrasharp.
You could probably build a really nice Gaming PC and pick up a Mac Mini and a KVM Switch between the two of them for less than the iMac's gonna cost you in the end.
Switch: 6200-8149-0919 / Wii U: maximumzero / 3DS: 0860-3352-3335 / eBay Shop
Yeah the workstation part is what is missing in that equation though. Xeons and ECC ram isn't cheap.
If you are able to wait one more year on this, I would suggest checking out whatever Mac Pro was promised by Cook earlier this year for a 2018 release.
It is (supposedly) a callback to the classic Mac Pro / G5 towers of yore, with normal expansion capabilities.
I am sure it will also be v expensive, but the ability to buy a very nice 5K monitor and have it for the next machine as apoosed to attached to your workstation will be a nice bonus.
Plus the ability to drop a whatever is passing for a 1080GTX in 2018 instead of a Radeon Fire.
Let's play Mario Kart or something...
The iMac Pro will actually be competitively priced vs. a DIY PC using comparable parts: Apple's new iMac Pro costs $5000, but is it overpriced?
The parts list that PCGamer is using there to approximate what Apple will ship is sort of bone-headed for a few components, but the essential point of the article is basically correct. An iMac Pro isn't cheap, but it's cheaper than a DIY machine that matches it specs.
I'm also in the market for a new workstation-ish machine (that I'll also use for PC gaming), and I actually think I'm going to try to build a Hackintosh. Even though I think that iMac Pro will be a pretty great machine, I don't really want to get locked into a Vega GPU and a display that's not really great for gaming. I also don't want to wait till next year on the new modular Mac Pro. The Hackintosh community has Sierra up and running on Skylake-X/X299 already: Skylake-X/X299 - Live the Future now on macOS Sierra 10.12 - [Successful Build/Extended Guide].
If High Sierra is solid on SKL-X/X299 Hackintoshes by the time the SKL-X CPUs are out at the end of October, I'll build a 14- or 16-core Hackintosh.
Because honestly that is the one thing I update. Ever since I started building machines I never touch the cpu \ motherboard, I consider that new build terrority. I used to upgrade ram fairly regularly but that really doesn’t move forward at the same pace anymore. Basically the GPU is the one part I want to be able to upgrade, because a lot happens to GPUs in 4 years.
Not sure if it helps, but I'm using a 2.9 GHz Macbook Pro (15" with touch bar) and I find no lag in Photoshop. That's all while the Macbook is driving THREE external 24" displays (for a total of four displays). So this thing is plenty fast. I have 16 GB RAM.
Watch my music videos
From about 2007 onwards the biggest bottleneck was the HDD, when people changed to a SSD and apple went with its Flash memory version the systems went super fast. There is also the fact that the GPU on the Pro models are optimised for workloads rather than gaming. RAM is pretty low down on the list. I was able to edit quite well with Photoshop CC on a 2013 MacBook Air with 4GB Ram and even Lightroom.
Seems like Disk Utility stores the password as the password hint when setting the password. Oops?
So what does this mean for the rest of us?
Nothing. It's been fixed already.
Nintendo Network ID: PhysiMarc
I find this post kind of hilarious in light of the no password root issue. Like we thought that was bad at the time.
OSX has been having some growing pains lately.
Has it? I thought in some ways OSX was at the cutting edge of security with app sandboxing and system level protection.
What are we comparing it to? Linux distros have had similar bugs.
Yeah. Apple has a lot of great security tech that it has inherited from being based on BSD, but they're basically the worst of the worst when it comes to 'security through obscurity' with their closed source components. Security industry people have been saying for years (since the release of windows vista, basically) that OSX is by far the most vulnerable of the mainstream OSes and that as it gains popularity users should expect to see more and more critical vulnerabilities.
What is fundamentally flawed about the security model? Like you said, it's based in Unix style security model. What did Apple change that made it more vulnerable?
Apple has actually been going out of their way to lock down certain aspect of macOS to a degree that I haven't seen in Linux and Windows. You basically have to have physical access to the machine to disable it.
Additionally they strongly steer users to their App Store which has apps that are signed and take advantage of extensive sandboxing.
While High Sierra has had a few rough security holes, my read on them is that they weren't symptomatic of a flawed security model, like say, the security flaws in pre-NT / 2000 era Windows were.
The same is true of other desktop operating systems, but other OSes have more safeguards in place. The Linux variants are open source and have tons of eyes combing over them for bugs. Windows is closed source but has source sharing programs with security industry companies and experts as well as educational and governmental agencies that help provide extra sets of eyes and insights into potential bugs. When the stupid root access vulnerability bug showed up we only knew why it worked because somebody disassembled the executable and went over it by hand (which also raised some questions about why it was designed the way it was in the first place).
A big part of the problem is just the culture over at Apple. They just don't take security as seriously there as they should. It's not just OSX either. There's been serious security holes in stuff like HomeKit, where it's obvious that security was more of an afterthought than a design goal. There are big problems with how they respond to vulnerability reports too, where they commonly just don't respond at all unless the vulnerability starts making headlines.
I don't think that's exactly right. It's more that they design really good security and then compromise it with stupid bugs. HomeKit, purely in terms of design, has always been more secure than other IoT protocols. Its original spec mandated some genuinely hardcore encryption: HomeKit market held back by Apple's high encryption demands - report. They relaxed some of their original standards in order to make it easier to retrofit existing IoT devices with HomeKit support, but the HomeKit spec is still heavy on security features: Apple has proven me wrong about HomeKit.
And as far as I know, Apple is the only company that bakes strong, completely inaccessible encryption keys directly into their device hardware. Is there any other mainstream PC/phone manufacturer that puts something like the Secure Enclave in their chipsets/SoCs? If there are, I haven't seen them make the press.
All that being said, the macOS root bug was egregious and inexcusable, and their flailing attempts to hotfix it were cringe-inducing. The HomeKit thing was also bad, but it required that a hacker know the target's Apple ID already.
The real bad thing about the root bug is that the existence of that bug means they're probably not doing any unit testing and that is a big red flag and exactly the problem that security researchers have been talking about.
The HomeKit bug was less about the bug itself but their response to it. There was zero response to fixing a pretty critical bug until it got to their PR department. They don't give a shit about security bugs unless they're in the public eye. That is a serious cultural problem, which to me suggests that the state of their security development isn't going to improve unless the culture changes.
Yeah, but I hold Apple to a higher standard.
Sort of like Hebrew National hotdogs
Watch my music videos
Jumping to the conclusion that they aren’t unit testing is quite the leap.
Actually, based on this write up, https://objective-see.com/blog/blog_0x24.html, it sounds like more the problem wouldn’t have been caught by unit tests, it’s more what an integration test would catch.
Watch my music videos
My wife loves that, too. It IS a pretty great feature. I just wish they'd get on the Android Smart Lock train and let your Apple Watch unlock your iPhone, because Face ID sure is a bit of a dog.
is there a well respected/vetted noscript-like solution and ad-block solution for Safari? My internet searching turned up some results, but I'd like to see what this thread says.
I use Ghostery and Adblock. Gets most of them, I think.
I ended up downloading Firefox for Mac OS. It was really bugging me that Safari didn't have something more granular than "turn off all javascript". There was one extension I found, but it seemed not as well vetted as noscript (of which there is no Safari version).
I've used 1Blocker, Ka-Block, and AdGuard, all of which take advantage of Safari's native-side content blocking features instead of being pure JavaScript. Not sure about something like noscript, though.