Desktops (Apple)

Apple Snafu Means Updating To macOS 10.13.1 Could Reactivate Root Access Bug (betanews.com) 74

Mark Wilson writes: A few days ago, a serious security flaw with macOS High Sierra came to light. It was discovered that it was possible to log into the 'root' account without entering a password, and -- although the company seemed to have been alerted to the issue a couple of weeks back -- praise was heaped on Apple for pushing a fix out of the door quickly. But calm those celebrations. It now transpires that the bug fix has a bug of its own. Upgrade to macOS 10.13.1 and you could well find that the patch is undone. Slow hand clap.
Iphone

Should Apple Share iPhone X Face Data With App Developers? (washingtonpost.com) 66

The Washington Post ran a technology column asking what happens "when the face-mapping tech that powers the iPhone X's cutesy 'Animoji' starts being used for creepier purposes." It's not just that the iPhone X scans 30,000 points on your face to make a 3D model. Though Apple stores that data securely on the phone, instead of sending it to its servers over the Internet, "Apple just started sharing your face with lots of apps." Although their columnist praises Apple's own commitment to privacy, "I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn't being paranoid enough about the minefield it just entered." "I think we should be quite worried," said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. "The chances we are going to see mischief around facial data is pretty high -- if not today, then soon -- if not on Apple then on Android." Apple's face tech sets some good precedents -- and some bad ones... Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There's a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.

To see for yourself, use an iPhone X to download an app called MeasureKit. It exposes the face data Apple makes available. The app's maker, Rinat Khanov, tells me he's already planning to add a feature that lets you export a model of your face so you can 3D print a mini-me. "Holy cow, why is this data available to any developer that just agrees to a bunch of contracts?" said Fatemeh Khatibloo, an analyst at Forrester Research.

"From years of covering tech, I've learned this much," the article concludes. "Given the opportunity to be creepy, someone will take it."
Medicine

Can Researchers Detect Irregular Heart Rhythms with the Apple Watch? (usatoday.com) 42

An anonymous reader quotes USA Today: Might wearing an Apple Watch save you from a stroke or cardio problem? Apple is careful not to make that direct claim. But the company, in collaboration with Stanford University School of Medicine, launched the Apple Heart Study app on Thursday that uses the heart rate sensor inside the Apple Watch to collect data on irregular heart rhythms... If an irregular heart rhythm is detected, participants in the study will be notified through the Apple Watch and on their iPhones. Should that occur, you'll be offered a free consultation with a study doctor, and possibly an electrocardiogram patch for additional monitoring...

A participant in the study merely has to download the app and wear the watch... The way Apple explains it, a sensor inside the watch uses green LED lights flashing hundreds of times per second and light-sensitive photodiodes to detect the amount of blood flowing through the wrist. The sensor has an optical design that gathers signals from four distinct points on the wrist. Using software algorithms, the Apple Watch can isolate heart rhythms from other noise, and identify an irregular heart rhythm.

The FDA has also approved the first personal electrocardiogram accessory for the Apple Watch, according to TechNewsWorld. "The KardiaBand" also detects and records atrial fibrillation that can lead to strokes or other heart problems. "The user simply touches an integrated sensor, and the results are then displayed on the face of the Apple Watch."

An irregular, bloodflow-disrupting heartbeat is the top cause of strokes, which kill 130,000 people every year just in the U.S. -- in many case before they've experienced any symptoms.
Businesses

Shouting 'Pay Your Taxes', Activists Occupy Apple Stores in France (marketwatch.com) 233

An anonymous reader quotes MarketWatch: A group of global activists stormed and occupied several Apple Stores in France on Saturday in a move aimed at pressuring the company to pay up on a €13 billion ($15.5 billion) tax bill to the European Union. In a press release, the France unit of the Association for the Taxation of Financial Transactions and Citizen's Action organization (Attac), said 100 of its members occupied the Opera Apple Store in Paris, demanding the company pay its taxes... Attac said dozens of protests were organized at other Apple store locations throughout France on Saturday. In the Paris store, activists were seen via videos circulating on Twitter, pushing past security and hanging a banner that said "We will stop when Apple pays." Security in Paris reportedly evacuated Apple workers from the building as those protests began.
After three hours they left the store -- leaving behind protest messages on the iPads on display. The group claims that Apple has stashed $230 billion in tax havens around the world, but also hopes to raise awareness about other issues.

"Attac said the action was part of the #PhoneRevolt movement aimed at highlighting unfair practices by Apple, that are not just about taxes, but also pollution via extraction of metals for its phones, worker exploitation and driving a global consumption binge."
Iphone

Every iPhone X Is Not Created Equal (pcmag.com) 74

According to a PC Magazine report that uses data from Cellular Insights, the Qualcomm-powered iPhone X has better LTE performance than the Intel-powered model. From the report: There are three iPhone X models sold globally. Using lab equipment, Cellular Insights tested two of them: the Qualcomm-powered A1865, sold by Sprint, Verizon, and U.S. Cellular and in Australia, China, and India; and the Intel-powered A1901, sold by most other global carriers including AT&T and T-Mobile. (The third model, A1902, is only sold in Japan.) Here in the U.S., we anticipate that the SIM-free model sold directly by Apple will be the A1865, as that's the model that supports all four U.S. carriers. For this test, Cellular Insights looked at performance on LTE Band 4, which is used by every major U.S. carrier except Sprint, as well as in Canada and parts of Latin America. Cellular Insights attenuated an LTE signal from a strong -85dBm until the modems showed no performance. While both modems started out with 195Mbps of download throughput on a 20MHz carrier, the Qualcomm difference appeared quickly, as the Intel modem dropped to 169Mbps at -87dBm. The Qualcomm modem took an additional -6dBm of attenuation to get to that speed. Most consumers will feel the difference in very weak signal conditions, where every dBm of signal matters, so we zoomed in on that in the chart below. At very weak signal strength, below -120dBm, the Qualcomm modem got speeds on average 67 percent faster than the Intel modem. The Intel modem finally died at -129dBm and the Qualcomm modem died at -130dBm, so we didn't find a lot of difference in when the modems finally gave out.
Desktops (Apple)

High Sierra Root Login Bug Was Mentioned on Apple's Support Forums Two Weeks Ago (daringfireball.net) 85

John Gruber, reporting for DaringFireball: It's natural to speculate how a bug as egregious as the now-fixed High Sierra root login bug could escape notice for so long. It seems to have been there ever since High Sierra 10.3.0 shipped on September 25, and may have existed in the betas through the summer. One explanation is that logging in with the username "root" and a blank password is so bizarre that it's the sort of thing no one would think to try. More insidious though, is the notion that it might not have escaped notice prior to its widespread publicization yesterday -- but that the people who had heretofore discovered it kept it to themselves. This exploit was in fact posted to Apple's own support forums on November 13. It's a bizarre thread. The thread started back on June 8 when a user ran into a problem after installing the WWDC developer beta of High Sierra.
Google

Google Faces Lawsuit For Gathering Personal Data From Millions of iPhone Users (betanews.com) 35

Mark Wilson writes: A group going by the name Google You Owe Us is taking Google to court in the UK, complaining that the company harvested personal data from 5.4 million iPhone users. The group is led by Richard Lloyd, director of consumer group Which?, and it alleges that Google bypassed privacy settings on iPhones between June 2011 and February 2012. The lawsuit seeks compensation for those affected by what is described as a "violation of trust." Google is accused of breaching UK data protection laws, and Lloyd says that this is "one of the biggest fights of my life." Even if the case is successful, the people represented by Google You Owe Us are not expected to receive more than a few hundred pounds each, and this is not an amount that would make much of an impact on Google's coffers.
Desktops (Apple)

Apple To Review Software Practices After Patching Serious Mac Bug (reuters.com) 192

Apple said on Wednesday it would review its software development process after scrambling to patch a serious bug it learned of on Tuesday in its macOS operating system for desktop and laptop computers. From a report: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused," Apple said in a statement. "Our customers deserve better. We are auditing our development processes to help prevent this from happening again."
Businesses

Apple Accuses Qualcomm of Patent Infringement in Countersuit (reuters.com) 34

From a report: Apple on Wednesday filed a countersuit against Qualcomm, alleging that Qualcomm's Snapdragon mobile phone chips that power a wide variety of Android-based devices infringe on Apple's patents, the latest development in a long-running dispute. Qualcomm in July accused Apple of infringing several patents related to helping mobile phones get better battery life. Apple has denied the claims that it violated Qualcomm's battery life patents and alleged that Qualcomm's patents were invalid, a common move in such cases. But on Wednesday, in a filing in U.S. District Court in San Diego, Apple revised its answer to Qualcomm's complaint with accusations of its own. Apple alleges it owns at least eight battery life patents that Qualcomm has violated.
Bug

MacOS High Sierra Bug Allows Login As Root With No Password (theregister.co.uk) 237

An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."
Bug

iPhone Users Complain About the Word 'It' Autocorrecting To 'I.T' On iOS 11 and Later (macrumors.com) 116

An anonymous reader quotes a report from MacRumors: At least a few hundred iPhone users and counting have complained about the word "it" autocorrecting to "I.T" on iOS 11 and later. When affected users type the word "it" into a text field, the keyboard first shows "I.T" as a QuickType suggestion. After tapping the space key, the word "it" automatically changes to "I.T" without actually tapping the predictive suggestion. A growing number of iPhone users have voiced their frustrations about the issue on the MacRumors discussion forums, Twitter, and other discussion platforms on the web since shortly after iOS 11 was released in late September. Many users claim the apparent autocorrect bug persists even after rebooting the device and performing other basic troubleshooting. A temporary workaround is to tap Settings: General: Keyboard: Text Replacement and enter "it" as both the phrase and shortcut, but some users insist this solution does not solve the problem. A less ideal workaround is to toggle off auto-correction and/or predictive suggestions completely under Settings: General: Keyboard. MacRumors reader Tim shared a video that highlights the issue.
Iphone

Two Major Cydia Hosts Shut Down as Jailbreaking Fades in Popularity (macrumors.com) 90

Joe Rossignol, writing for MacRumors: ModMy last week announced it has archived its default ModMyi repository on Cydia, which is essentially an alternative App Store for downloading apps, themes, tweaks, and other files on jailbroken iPhone, iPad, and iPod touch devices. ZodTTD/MacCiti also shut down this month, meaning that two out of three of Cydia's major default repositories are no longer active as of this month. ModMy recommends developers in the jailbreaking community use the BigBoss repository, which is one of the last major Cydia sources that remains functional. The closure of two major Cydia repositories is arguably the result of a declining interest in jailbreaking, which provides root filesystem access and allows users to modify iOS and install unapproved apps on an iPhone, iPad, or iPod touch. When the iPhone and iPod touch were first released in 2007, jailbreaking quickly grew in popularity for both fun and practical reasons. Before the App Store, for example, it allowed users to install apps and games. Jailbreaking was even useful for something as simple as setting a wallpaper, not possible on early iOS versions.
Cellphones

Motorola Ad Mocks Samsung Ad Mocking Apple (bgr.com) 84

An anonymous reader quotes BGR: A few days after the iPhone X launched in stores, Samsung came out with an anti-iPhone campaign... I actually did not expect Samsung to pull off cheap tricks like that, but it sure looks like the iPhone X is a pretty scary device to fight against. But what probably nobody saw coming is Motorola trolling Samsung with an ad of its own... The "Up-upgrade to Motorola" ad offers the alternate ending to Samsung's ad, as Motorola explains on its Facebook page... Motorola doesn't even mention the iPhone X, so if you haven't seen Samsung's ad, you'd think it's just going after Galaxy handsets.
Elsewhere on Facebook, Motorola specifically referenced the attachable accessories available for their Moto Z when mocking the Galaxy Note 8.

"Why settle for edge-to-edge, when you could project your screen up to 70 inches?"
Piracy

Google and Apple Order Telegram To Nuke Channel Over Taylor Swift Piracy (torrentfreak.com) 37

An anonymous reader writes: Instant messaging client Telegram has for the first time blocked access to an entire channel following pressure from Google and Apple. A channel, called Any Suitable Pop, was found distributing copyright infringed copies of songs from Taylor Swift's new album 'Reputation'. It's understood that following complaints from Universal Music, Google and Apple ordered Telegram to take action.
Software

Apple Scientists Disclose Self-Driving Car Research (reuters.com) 34

Apple's first publicly disclosed paper on autonomous vehicles has been posted online by the company's computer scientists. The research describes a new software approach called "VoxelNet" that helps computers detect three-dimensional objects like cyclists and pedestrians while using fewer sensors. Reuters reports: The paper by Yin Zhou and Oncel Tuzel, submitted on Nov. 17 to independent online journal arXiv, is significant because Apple's famed corporate secrecy around future products has been seen as a drawback among artificial intelligence and machine learning researchers. The scientists proposed a new software approach called "VoxelNet" for helping computers detect three-dimensional objects.

Self-driving cars often use a combination of normal two-dimensional cameras and depth-sensing "LiDAR" units to recognize the world around them. While the units supply depth information, their low resolution makes it hard to detect small, faraway objects without help from a normal camera linked to it in real time. But with new software, the Apple researchers said they were able to get "highly encouraging results" in spotting pedestrians and cyclists with just LiDAR data. They also wrote they were able to beat other approaches for detecting three-dimensional objects that use only LiDAR. The experiments were computer simulations and did not involve road tests.

Slashdot Top Deals