1. 15

    Please consider signing the open letter against these changes: https://appleprivacyletter.com/

    1. 10

      Are you going to post an open letter for Microsoft, Google, DropBox, Facebook, Twitter, and all the other companies who have used the exact same database for this exact purpose for the last decade?

      1. 8

        Which provider has previously used this list against images that aren’t stored on their infrastructure?

        1. 4

          Images sent via iMessage are stored on Apple’s infrastructure.

          1. 1

            I think the question had implied “stored in plain text”. iMessage doesn’t do that.

            1. 6

              Right. So, every other provider has direct access to your photos, and scans for CSAM with their direct access. Apple, rather than give up their E2E messaging, has devised a privacy-preserving scheme to perform these scans directly on client devices.

              I really don’t understand how Apple is the bad guy here.

              1. 4

                Other providers that scan cleartext images are off the hook, because they’ve never had E2E privacy guarantee.

                [smart guy meme]: You can’t have encryption backdoor if you don’t have encryption.

                Apple’s E2E used to be a strong guarantee, but this scanning is a hole in it. Countries that have secret courts, gag orders, and national security letters can easily demand that Apple slip in a few more hashes. It’s not possible for anyone else to verify what these hashes actually match and where they came from. This is effectively an encryption backdoor.

          2. 3

            If I understood what I read, although the private set intersection is done on device, it’s only done for photos that are synced with iCloud Photo Library.

            1. 2

              Apologies to all in this thread. Like many I originally misunderstood what Apple was doing. This post was based on that misunderstanding, and now I’m not sure what to do about it. Disowning feels like the opposite of acknowledging my mistake, but now I have 8 voted based on being a dumbass 🙁

              1. 2

                iCloud Photos are stored on Apple infrastructure.

            2. 4

              This page gets the scope of scanning wrong in the second paragraph, so I’m not sure it’s well researched.

              1. 3

                how so? can you explain?

                “Apple’s proposed technology works by continuously monitoring all photos stored or shared on a user’s iPhone, iPad or Mac, and notifying the authorities if a certain number of objectionable photos is detected.”

                seems like an appropriate high-level description of what is being done, how is it wrong?

                1. 7

                  I may be wrong but, from what I understood, a team of reviewers is notified to check manually the photos once a certain number of objectionable photos is detected, not the authorities… If (and only if) the team of reviewers agrees with the hashes matches, they notify the authorities.

                  This is a detail but this introduces a manual verification before notifying the authorities, which is important.

                  From MacRumors:

                  Apple’s method works by identifying a known CSAM photo on device and then flagging it when it’s uploaded to ‌iCloud Photos‌ with an attached voucher. After a certain number of vouchers (aka flagged photos) have been uploaded to ‌iCloud Photos‌, Apple can interpret the vouchers and does a manual review. If CSAM content is found, the user account is disabled and the National Center for Missing and Exploited Children is notified.

                  Link to the resource: https://www.macrumors.com/2021/08/05/apple-csam-detection-disabled-icloud-photos/

                  1. 1

                    Second paragraph of the AP article

                    The tool designed to detected known images of child sexual abuse, called “neuralMatch,” will scan images before they are uploaded to iCloud

                    This resource from Apple also states that only images uploaded to iCloud are scanned.

                    1. 2

                      This quote you cite figures nowhere within the page.

                    2. 1

                      Apple’s proposed technology works by continuously monitoring photos saved or shared on the user’s iPhone, iPad, or Mac.

                      Only photos uploaded to iCloud Photos are matched against known hashes.

                  2. 4

                    Or just don’t buy an Apple device. Do you really think a trillion dollar company cares about digital signatures?

                    1. 6

                      I think this is a good statement of intent though.

                      I just bought an iPhone 12 and would be otherwise unlikely to be noticed as a lost sale until the iPhone 14~ since most people don’t upgrade a single minor version.

                      Giving them warning that they have lost me as a customer because of this is a good signal for them. If they choose not to listen then that’s fine, they made a choice.

                      Also the more noise we make as a community; the more this topic gains attention from those not in the industry.

                      1. 4

                        I didn’t mean to make some sort of “statement” to Apple. I find that idea laughable. What I meant is that if you are really concerned about your privacy to the point where scanning for illegal images is “threaten[ing] to undermine fundamental privacy protections” (which I think is reasonable), then why buy Apple in the first place? This isn’t the first time they have violated their users’ privacy, and it certainly wont be the last.

                        1. 6

                          What’s your proposed alternative?

                          I think Apple making a stance on privacy, often posturing about it a lot, does cause a lot of good will and generally those who prefer to maintain privacy have been buying their products. (myself included). You can argue that it’s folly but the alternatives are akin to growing your own vegetables on a plot of land in the middle of nowhere connected to no grid (a-la rooted android phones with f-droid) or google owned devices which have a significantly worse privacy track record.

                          1. 3

                            You oughta update your intel about the “alternative” smartphone space. Things have come a long way from “growing your own vegetables on a plot of land in the middle of nowhere connected to no grid.” The big two user-friendly options are CalyxOS and LineageOS with microG. If you don’t feel like installing an OS yourself, the Calyx Institute, the 501(c)(3) nonprofit which develops CalyxOS, even offers the Pixel 4a with CalyxOS preinstalled for about $600.

                            I’m running LineageOS on a OnePlus 6T, and everything works, even banking apps. The experience is somewhere between “nearly identical” and “somewhat improved” relative to that of the operating system which came with the phone. I think the local optimum between privacy-friendliness and user-friendliness in the smartphone world is more obvious than ever, and iOS sure ain’t it these days.

                          2. 2

                            It does seem folly to make a statement by not buying something, but consider this: When you vote, there are myriad ways that politicians have to dilute your impact (not going to enumerate them here but it’s easy to do). By comparison, when you make an economic choice, ever dollar is counted in full, one way or another. So if you vote, and you should, then there’s every reason to vote with your pocketbook as well.

                    1. 1

                      I’m surprised that the author didn’t think that winget deserved more than a passing mention! To me it was one of the most interesting announcements.

                      1. 1

                        I don’t get the whole “We are excited to announce the release of Windows Package Manager 1.0!” when it appears to still be a preview that you need to be running Windows Insider to use unless you want to manually install it?

                      1. 3

                        I am confused how the presented scheme is anything close to tracing. The first step is

                        The plaintext that is to be traced is submitted along with RF, NF and context.

                        But NF is a 256bit random nonce that no one other than the sender and recipient have access to. You may be able to guess a plaintext, but there’s no way you can guess that.

                        Additionally, it seems to me that if you have access to an oracle that can say if a given ciphertext is equal to some plaintext, you have broken ciphertext indistinguishability, a property that is very important to confidentiality (“Indistinguishability is an important property for maintaining the confidentiality of encrypted communications.”)

                        1. 1

                          There would be a step where the reveal of this nonce would be compelled, similarly to how message franking implements such a step in its current form. The idea is that you can just substitute the rationale for this step from “abuse reporting” to “message tracing”.

                          1. 2

                            How is compelling the reveal of the nonce any different from compelling the reveal of the plaintext? They’re stored next to each other and the only parties that have the nonce are the same parties that have the plaintext. The difference between “abuse reporting” and “message tracing” is which party is performing the action, and that makes all the difference.

                            1. 2

                              As far as I understand, the nonce serves to validate the initial HMAC, which serves as a pre-commitment to the authenticity of the message within its original context.

                        1. 2
                          1. If you try to encrypt a message longer than 256 bytes with a 2048-bit RSA public key, it will fail. (Bytes matter here, not characters, even for English speakers–because emoji.)
                          2. This design completely lacks forward secrecy. This is the same reason that PGP encryption sucks.

                          Could these tradeoffs be worth it if it means the system is really simple and easy to understand?

                          1. 12

                            The first one, no. Breaking on large messages is a serious usability pain-point, and doing a hybrid public key encryption is 100% worth the additional complexity.

                            The second one, YES! If you make the threat model clear, then eliminating forward secrecy greatly simplifies your protocol. (Implementing X3DH requires an online server to hand out “one-time pre-keys” to be totally safe.) At worst, you’re as bad off as PGP encryption (except, if you follow the advice in my blog, you’re probably going to end up using an authenticated encryption construction rather than CAST5-YOLO).

                            1. 1

                              The first one, no. Breaking on large messages is a serious usability pain-point, and doing a hybrid public key encryption is 100% worth the additional complexity.

                              Isn’t it something people are quite used to though? Both SMS and tweets have a character limit.

                              But let’s say we do want to go with the simplest secure model, without forward secrecy but no character limit. So hybrid encryption but not X3DH. What library functions would the smart developer use?

                              1. 5

                                If they’re using libsodium? crypto_box_seal() and crypto_box_seal_open(). Problem solved for them.

                                If they’re using OpenSSL (or one of the native wrappers), something like this:

                                type SealedMessage = {cipher: Buffer, tag: Buffer, wrappedKey: buffer};
                                const DOMAIN_SEPARATION_AES = Buffer.from('AES-256-CTR');
                                const DOMAIN_SEPARATION_HMAC = Buffer.from('HMAC-SHA256');
                                
                                function hmacSha256(msg: string|Buffer, key: Buffer): Buffer {
                                    const hmac = crypto.createHmac('sha256', key);
                                    hmac.update(msg);
                                    return hmac.digest();
                                }
                                
                                function seal(msg: string|Buffer, recipientPublicKey: Buffer): SealedMessage {
                                    // Generate and wrap the primary key 
                                    // (which is split into two keys: one for AES, one for HMAC)
                                    const key = crypto.randomBytes(32);
                                    const aesKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_AES]), key);
                                    const macKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_HMAC]), key);
                                    const rsaCiphertext = crypto.publicEncrypt(
                                        {
                                            key: recipientPublicKey,
                                            padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
                                            oaepHash: "sha256",
                                        },
                                        key
                                    );
                                    
                                    // Encrypt the data
                                    const nonce = crypto.randomBytes(16);
                                    const aes = crypto.createCipheriv('aes-256-ctr', aesKey, nonce);
                                    const ciphertext = Buffer.concat([
                                        nonce, 
                                        aes.update(Buffer.from(string)), 
                                        aes.finish()
                                    ]);
                                    
                                    // Authenticate the data
                                    const tag = hmacSha256(ciphertext, macKey);
                                    
                                    return {
                                        cipher: ciphertext,
                                        tag: tag,
                                        wrappedKey: rsaCiphertext
                                    };
                                }
                                
                                function unseal(sealed: SealedMessage, secretKey: Buffer): Buffer {
                                    const key = crypto.privateDecrypt(
                                        {
                                            key: secretKey,
                                            padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
                                            oaepHash: "sha256"
                                        },
                                        sealed.wrappedKey
                                    );
                                    const aesKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_AES]), key);
                                    const macKey = hmacSha256(Buffer.concat([key, DOMAIN_SEPARATION_HMAC]), key);
                                    const nonce = sealed.cipher.slice(0, 16); // AES-CTR nonce size
                                    const ciphertext = sealed.cipher.slice(16);
                                    if (!crypto.timingSafeEqual(sealed.tag, hmacSha256(ciphertext, macKey)) {
                                        throw new Error("Integrity check failed");
                                    }
                                    const aes = crypto.createDecipheriv('aes-256-ctr', aesKey, nonce);
                                    return Buffer.concat([aes.update(ciphertext), aes.final()]);
                                }
                                

                                (This is why “just use libsodium” is so much better.)

                                1. 1

                                  Please consider using Pastebin for code; Lobsters renders code in a larger-appearing font than text in its comment section and doesn’t seem to fold it away properly, creating a wall of text that makes it harder to scroll through comments.

                                  1. 1

                                    I somewhat agree, but I don’t think that there’s a good pastebin which is free to Lobsters without signup and also allows posts to persist. (The Reputation Problem disincentivizes such a service; it would be open to abuse.) It would be cool if Lobsters had the ability to click to expand/hide long code snippets.

                                    1. 1

                                      Definitely the best solution would be for Lobsters to fix code rendering in comments.

                                      1. 4

                                        We have an issue tracking this if anyone wants to pick up the work

                                    2. 1

                                      For what it’s worth, that comment looks ok to me (Chrome on Windows).

                              2. 2

                                If you are okay with giving up on security (e.g. for educational purposes) then it could be worth it.

                                In practice absolutely not.

                                1. 1

                                  Giving up on security is too vague, sorry. Can eve read my messages? No? Then I think I’m pretty safe.

                                  1. 2

                                    Maybe bfiedler refers to the second point, meaning if Eve compromises Alice’s private key, then Eve can read past, present and future messages. My personal opinion is that this should be default for any secure messaging system.

                              1. 8

                                I appreciate the intentions behind this post, but as a cursory introduction to a common problem in cryptography, I worry that this article muddies together a number of concepts, and I’m taking the time to write a correction here given how this have been upvoted to the top of Lobsters and could therefore mislead some developers.

                                This design completely lacks forward secrecy. This is the same reason that PGP encryption sucks.

                                This is just bizarre, because it strongly implies that the project whose cryptography the author is criticizing, “Zuccnet”, “completely lacks” forward secrecy because it uses RSA. But RSA is a primitive for public key encryption. Forward secrecy, on the other hand, is a property of a cryptographic protocol. Using RSA or not using RSA doesn’t have direct bearing on whether or not you obtain forward secrecy. RSA itself cannot possibly “lack” or “offer” forward secrecy, and constructing an argument based on this logic makes no sense:

                                1. Were I to replace RSA usage with AES-CBC, AES-GCM, XSasla20-Poly1305, etc. — none of that would grant me or take away forward secrecy.
                                2. Were I to follow the author’s advice and encrypt symmetric keys using RSA, that wouldn’t grant me forward secrecy, either, if I don’t have a protocol that manages the way those keys are generated/derived, used and refreshed.
                                3. Even if I were to use an authenticated key exchange as the author later suggests, that itself doesn’t guarantee forward secrecy, either! It simply guarantees, as the name suggests, an authenticated key exchange step for the protocol.

                                I think that it would be better for the author here to more clearly distinguish between RSA as a primitive and the design of the protocol they are criticizing, to avoid misleading new readers. It’s important to understand that RSA does not affect forward secrecy and vice versa. The conflation with PGP further muddies the comparison and mixes together a bunch of contexts that in reality aren’t very closely related.

                                Some cryptography libraries let you treat RSA as a block cipher in ECB mode and encrypt each chunk independently. This is an incredibly stupid API deign choice: […]

                                Calling this an “incredibly stupid design choice” doesn’t make sense to me, because the supposed “design choice” itself has been fundamentally misunderstood and is being miscommunicated. The author here is almost certainly referring to RSA constructions being referred to as, for example, RSA/ECB/OAEPWithSHA1AndMGF1Padding. This is a naming scheme that was first promoted in Java and that has found itself copied into a tiny number other, largely Java-inspired frameworks.

                                As noted in Java documentation and in ample references around the web, it is highly misleading to refer to how RSA Encryption is used as “ECB mode”. The “ECB” here doesn’t actually mean anything — it’s just a stand-in for there not being a a real block cipher mode of operation, and was likely added as part of the naming scheme for ciphers so that asymmetric ciphers are referred to in a way that structurally is similar to that of symmetric block ciphers (eg. AES/CBC/PKCS5PADDING).

                                Working around [the lack of forward secrecy] requires an Authenticated Key Exchange (AKE)

                                Some popular protocols, such as Signal or the Noise Protocol Framework, do establish some forward secrecy (and post-compromise security) via an AKE, but this doesn’t mean that an AKE is required to obtain forward secrecy. In the case of Signal, the majority of the forward secrecy and post-compromise guarantees are actually not even guaranteed by the AKE at all but by the subsequent ratcheting mechanism, with the AKE only setting the stage for that and offering forward secrecy for session initialization only.

                                Protocols can achieve forward secrecy via periodic key rotation or other mechanisms that don’t implicate an AKE, and this could be preferable depending on the use case scenario and execution context.

                                Finally, the “Recommendations” section contains pieces of advice that all seem to conflict with one another:

                                • RSA is for encrypting symmetric keys, not entire messages. Pass it on.

                                • Consider not using RSA.

                                • Instead, if you find yourself needing to encrypt a message with RSA, remind yourself that RSA is for encrypting symmetric keys, not messages. And then plan your protocol design accordingly.

                                • You should use RSA-KEM instead of what I’ve sketched out […]

                                If you’re the party planning the protocol design, then why would you find yourself needing to encrypt a message with RSA? If it’s better not to use RSA at all, then why is the article’s subheading mentioning that “RSA is for encrypting symmetric keys”? If one were to use a KEM, why would they use an RSA-based KEM?

                                I think the article is better off just providing a simpler, more coherent recommendation that leads people away from RSA entirely. As it is, I could read this article as a new cryptography engineer and walk away with four conflicting recommendations.


                                As others have noted, this post is commendable for not shaming the developer of “Zuccnet” and trying to raise the bar against common cryptography mistakes, so I’d like to congratulate the author their intentions but wish more time was spent on a polished execution. If folks are interested, I’d like to suggest some readings on protocol design that could serve as a more coherent reference on how to think about protocols, primitives, etc. (yes, they’re from ePrint, but they’re not harder to read than this blog post, I promise!):

                                1. 3

                                  I mostly agree with you Nadim but I cannot think of a way to do PFS with RSA.

                                  Except for very scientific constructions like having a million RSA keys and throwing away all the used ones. The problem is that you cannot really hash an RSA key to a new key. That’s why 0-RTT PFS for TLS is so cool. But it requires puncturable encryption.

                                  So, practically speaking, I would agree that using RSA encryption means you don’t get PFS.

                                1. 7

                                  This is the worst article I’ve ever seen on the front page of Lobsters. The author decides that he doesn’t like some of the more political assertions in some of Paul Graham’s writings on his blog (since, of course, any critique of the American left is “reactionary”):

                                  Recently, however, his writing has taken a reactionary turn which is hard to ignore. He’s written about the need to defend “moderates” from bullies on the “extreme left”, asserted that “the truth is to the right of the median” because “the left is culturally dominant,” and justified Coinbase’s policy to ban discussion of anything deemed “political” by saying that it “will push away some talent, yes, but not very talented talent.”

                                  …and decides to go fisk through everything Graham has ever written in order to find incorrect opinions on programming languages of all things as a way to discredit him and to prove some nebulous point about why Graham isn’t such a great figure to look towards. The author spends a handful of paragraphs basically bullying Graham because his pet project, a programming language called Arc, didn’t take off (except it sort of did: Hacker News is written in Arc, and that’s all beside the point: Paul Graham is a venture capitalist, not a programming language designer!)

                                  The article then concludes:

                                  This is all to say that Paul Graham is an effective marketer and practitioner, but a profoundly unserious public intellectual. His attempts to grapple with the major issues of the present, especially as they intersect with his personal legacy, are so mired in intuition and incuriosity that they’re at best a distraction, and worst a real obstacle to understanding our paths forward.

                                  Like, what are we supposed to get from this? Some kind of self-congratulatory gratification at how big of a smackdown the author gave Paul Graham by setting him straight on programming languages? It’s hard to find a more obvious case of motivated reasoning. I thought people on Lobsters were smarter than to fall for this nonsense.

                                  I’m not sure how this arrived at the front page of Lobsters. This is really torrid stuff. This is some guy who feels threatened or offended by some of Paul Graham’s political takes and decided that it’s time to discredit him through thinly disguised bullying. There’s no other substance to this poison-soaked article.

                                  Get this off the front page. Honestly.

                                  1. 6

                                    Yeah, I’m not entirely sure why it’s on here. The number of upvotes is also interesting, and a little frightening.

                                  1. 2

                                    I have a 2013 mbp and it’s definitely due for an upgrade. However I’m going to wait until the next MBA, I hear the M1X chip is bonkers

                                    1. 2

                                      I think M1X is going to be intended for high performance computers like the iMac and 16” MacBook Pro. You’ll be waiting for the M2 most likely.

                                    1. 25

                                      I bought one last week and have used it for 7 days now. I was in an initial hype phase as well, but I am more critical now and doubting whether I should return it.

                                      Performance of native apps is as great as everyone claims. But I think it is a bit overhyped, recent AMD APUs come close in multi-core performance. Of course, that the Air works with passive cooling is a nice bonus.

                                      Rosetta works great with native x86_64 applications, but performance is abysmal with JIT-ing runtimes like the JVM. E.g. JetBrains currently do not have a native version of their IDEs (JVM, but I think they also use some other non-Java code) and their IDEs are barely usable due to slowness. If you rely on JetBrains IDEs, wait until they have an Apple Silicon version.

                                      Also, performance of anything that relies on SIMD instructions (AVX, AVX2) is terrible under Rosetta. So, if you are doing data science or machine learning with heavier loads, you may want to wait. Some libraries can be compiled natively of course, but the problem is that there is no functioning Fortran compiler supported on Apple Silicon (outside an experimental gcc branch) and many packages in that ecosystem rely on having a Fortran compiler.

                                      Another issue with Rosetta vs. native in development is that it is very easy to get environments where native and x86_64 binaries/libraries are mixed (e.g. when doing x86_64 development and CMake building ARM64 objects unless you set CMAKE_OSX_ARCHITECTURES=x86_64), and things do not build.

                                      Then Big Sur on Apple Silicon is also somewhat beta. Everytime I wake up my Mac, after a couple of minutes, it switches to sleep again 1-3 times (shutting of the external screen as well). When working longer, this issue disappears, but it’s annoying nonetheless.

                                      If you haven’t ordered one, it’s best to wait a while until all issues are ironed out. There is currently a lot of (justified hype) around Apple Silicon, but that doesn’t mean that the ecosystem is ready yet. Unless all you do is web browsing, e-mailing, and an occasional app from the App Store.

                                      Aside from this, I think there are some ethical (sorry for the lack of a better term) issues with newer Apple models. For example, Apple excluding their own services from third-party firewalls/VPNs, no extensibility (reducing the lifespan of hardware), and their slow march to a more and more closed system.

                                      Edit: returned and ordered a ThinkPad.

                                      1. 9

                                        it’s best to wait a while

                                        If you need a macbook now , for whatever reason, buying one with an Arm chip does sound the most future-proof option. The Intel ones will be the “old” ones soon, and will then be 2nd rate. It’s what happened with the PowerPC transition as well.

                                        1. 2

                                          If only there would be the Macs with 32GB RAM I would buy one as I was in need. However due to that, I bought 32GB 13” MacBook Pro instead. I will wait for polishing out the ARMs before next upgrade.

                                          1. 1

                                            From what I read, you get way more bang for your RAM in Apple processors. It’s all integrated on the same chip so they can do a lot of black magic fuckery there.

                                            1. 1

                                              In native applications - I am pretty sure that this works well, however as an Erlang/Elixir developer I use 3rd party GCed languages and DBs that can use more RAM anyway. However the fact that it is possible to run native apps from iOS and iPad could save some RAM on Slack and Spotify for sure.

                                              1. 2

                                                What I mean is, they probably swap to NAND or something, which could very likely be similar performance-wise to RAM you’d find on a x64 laptop (since they have a proprietary connection there instead of NVMe/M.2/SATA). Plus I imagine the “RAM” on the SoC is as fast as a x64 CPU cache. So essentially you’d have “infinite” RAM, with 16gb of it being stupid fast.

                                                This is just me speculating btw, I might be totally wrong.

                                                Edit: https://daringfireball.net/2020/11/the_m1_macs CTRL+F “swap”

                                                1. 1

                                                  Just wondering if you had any take on this, idk if I’m off base here

                                          2. 4

                                            Lots of valuable insights here and I’m interested in discussing.

                                            Performance of native apps is as great as everyone claims. But I think it is a bit overhyped, recent AMD APUs come close in multi-core performance. Of course, that the Air works with passive cooling is a nice bonus.

                                            Sure, but the thing is that the AMD 4800U, their high-end laptop chip, runs at 45W pretty much sustained, whereas the M1 caps out at 15W. This is a very significant battery life and heat/sustained non-throttled performance difference. Also these chips don’t have GPUs or the plethora of hardware acceleration for video/media/cryptography/neural/etc. that the M1 has.

                                            Rosetta works great with native x86_64 applications, but performance is abysmal with JIT-ing runtimes like the JVM. E.g. JetBrains currently do not have a native version of their IDEs (JVM, but I think they also use some other non-Java code) and their IDEs are barely usable due to slowness. If you rely on JetBrains IDEs, wait until they have an Apple Silicon version.

                                            Yeah, I didn’t test anything Java. You might be right. You also mention Fortran though and I’m not sure how that matters in 2020?

                                            Another issue with Rosetta vs. native in development is that it is very easy to get environments where native and x86_64 binaries/libraries are mixed (e.g. when doing x86_64 development and CMake building ARM64 objects unless you set CMAKE_OSX_ARCHITECTURES=x86_64), and things do not build.

                                            This isn’t as big of a problem as it might seem based on my experience. You pass the right build flags and you’re done. It’ll vanish in time as the ecosystem adapts.

                                            Then Big Sur on Apple Silicon is also somewhat beta. Everytime I wake up my Mac, after a couple of minutes, it switches to sleep again 1-3 times (shutting of the external screen as well). When working longer, this issue disappears, but it’s annoying nonetheless.

                                            Big Sur has been more stable for me on Apple Silicon than on Intel. 🤷

                                            If you haven’t ordered one, it’s best to wait a while until all issues are ironed out. There is currently a lot of (justified hype) around Apple Silicon, but that doesn’t mean that the ecosystem is ready yet. Unless all you do is web browsing, e-mailing, and an occasional app from the App Store.

                                            I strongly disagree with this. I mean, the M1 MacBook Air is beating the 16” MacBook Pro in Final Cut Pro rendering times. Xcode compilation times are twice as fast across the board. This is not at all a machine just for browsing and emailing. I think that’s flat-out wrong. It’s got performance for developers and creatives that beats machines twice as expensive and billed as made for those types of professionals.

                                            Aside from this, I think there are some ethical (sorry for the lack of a better term) issues with newer Apple models. For example, Apple excluding their own services from third-party firewalls/VPNs, no extensibility (reducing the lifespan of hardware), and their slow march to a more and more closed system.

                                            Totally with you on this. Don’t forget also Apple’s apparent lobbying against a bill to punish forced labor in China.

                                            1. 19

                                              You also mention Fortran though and I’m not sure how that matters in 2020?

                                              There’s really rather a lot of software written in Fortran. If you’re doing certain kinds of mathematics or engineering work, it’s likely some of the best (or, even, only) code readily available for certain work. I’m not sure it will be going away over the lifetime of one of these ARM-based notebooks.

                                              1. 4

                                                I’m not sure it will be going away over the lifetime of one of these ARM-based notebooks.

                                                There will be gfortran for Apple Silicon. I compiled the gcc11 branch with support and it works, but possibly still has serious bugs. I read somewhere that the problem is that gcc 11 will be released in December, so Apple Silicon support will miss that deadline and will have to wait until the next major release.

                                                1. 2

                                                  Isn’t Numpy even written in FORTRAN? That means almost all science or computational anything done with Python relies on it.

                                                  1. 6

                                                    No, Numpy is written in C with Python wrappers. It can call out to a Fortran BLAS/LAPACK implementation but that doesn’t necessarily need to be Fortran, although the popular ones are. SciPy does have a decent amount of Fortran code.

                                                  2. 1

                                                    Wow, who knew.

                                                    1. 23

                                                      Almost anyone who does any sort of scientific or engineering [in the structural/aero/whatever sense] computing! Almost all the ‘modern’ scientific computing environments (e.g. in python) are just wrappers around long-extant c and fortran libraries. We are among the ones that get a bit upset when people treat ‘tech’ as synonymous with internet services and ignore (or are ignorant of) the other 90% of the iceberg. But that’s not meant as a personal attack, by this point it’s a bit like sailors complaining about the sea.

                                                      Julia is exciting as it offers the potential to change things in this regard, but there is an absolute Himalaya’s worth of existing scientific computing code that is still building the modern physical world that it would have to replace.

                                                  3. 5

                                                    This is a very significant battery life and heat/sustained non-throttled performance difference.

                                                    I agree.

                                                    Also these chips don’t have GPUs or the plethora of hardware acceleration for video/media/cryptography/neural/etc. that the M1 has.

                                                    I am not sure what you mean. Modern Intel/AMD CPUs have AES instructions. AMD GPUs (including those in APUs) have acceleration for H.264/H.265 encoding/decoding. AFAIR also VP9. Neural depends a bit on what is expected, but you can do acceleration of neural network training, if AMD actually bothered to support Navi GPUs and made ROCm less buggy.

                                                    That said, for machine learning, you’ll want to get an discrete NVIDIA GPU with Tensor cores anyway. It blows anything else that is purchasable out of the water.

                                                    You also mention Fortran though and I’m not sure how that matters in 2020?

                                                    A lot of the data science and machine learning infrastructure relies on Fortran directly or indirectly, such as e.g. numpy.

                                                    I strongly disagree with this. I mean, the M1 MacBook Air is beating the 16” MacBook Pro in Final Cut Pro rendering times. Xcode compilation times are twice as fast across the board. This is not at all a machine just for browsing and emailing. I think that’s flat-out wrong.

                                                    Sorry, I didn’t mean that it is not fit for development. I meant that if you are doing development (unless it’s constrained to Xcode and Apple Frameworks), it is better to wait until the dust settles in the ecosystem. I think for most developers that would be when a substantial portion of Homebrew formulae can be built and they have pre-compiled bottles for them.

                                                    1. 1

                                                      Sorry, I didn’t mean that it is not fit for development. I meant that if you are doing development (unless it’s constrained to Xcode and Apple Frameworks), it is better to wait until the dust settles in the ecosystem. I think for most developers that would be when a substantial portion of Homebrew formulae can be built and they have pre-compiled bottles for them.

                                                      My instinct here goes in the opposite direction. If we know Apple Silicon has tons of untapped potential, we should be getting more developers jumping on that wagon especially when the Homebrew etc. toolchain aren’t ready yet, so that there’s acceleration towards readying all the toolchains quickly! That’s the only way we’ll get anywhere.

                                                      1. 16

                                                        Well, I need my machine for work. So, these issues just distract. If I am going to spend a significant chunk of time. I’d rather spend it on an open ecosystem rather than doing free work for Apple ;).

                                                    2. 5

                                                      Sure, but the thing is that the AMD 4800U, their high-end laptop chip, runs at 45W pretty much sustained, whereas the M1 caps out at 15W. This is a very significant battery life and heat/sustained non-throttled performance difference. Also these chips don’t have GPUs or the plethora of hardware acceleration for video/media/cryptography/neural/etc. that the M1 has.

                                                      Like all modern laptop chips, you can set the thermal envelope for your AMD 4800U in the firmware of your design. The 4800U is designed to target 15W by default - 45W is the max boost, foot to the floor & damn the horses power draw. Also, the 4800U has a GPU…an 8 core Vega design IIRC.

                                                      Apple is doing exactly the same with their chips - the accounts I’ve read suggest that the power cost required to extract more performance out of them is steep & since the performance is completely acceptable at 15W Apple limits the clocks to match that power draw.

                                                      The M1 is faster than the 4800U at 15W of course, but the 4800U is a Zen2 based CPU - I’d imagine that the Zen3 based laptop APUs from AMD will be out very soon & I would expect those to be performance competitive with Apple’s silicon. (I’d expect to see those officially launched at CES in January in fact, but we’ll have to wait and see when you can actually buy a device off the shelf.)

                                                    3. 1

                                                      Edit: returned and ordered a ThinkPad.

                                                      That made me chuckle. Good choice!

                                                      1. 1

                                                        You say that you returned and ordered a ThinkPad, how has that decision turned out? Which ThinkPad did you purchase? How is the experience comparatively?

                                                        1. 2

                                                          I bought a Thinkpad T14 AMD. So far, the experience is pretty good.

                                                          Pros:

                                                          • I really like the keyboard much more than that of the MacBook (butterfly or post-butterfly scissors).
                                                          • It’s nice to have a many more ports than 2 or 4 USB-C + stereo jack. I can go places without carrying a bunch of adapters.
                                                          • I like the trackpoint, it’s nice for keeping your fingers on the home row and doing some quick pointing between typing.
                                                          • Even though it’s not aluminum, I do like the build.
                                                          • On Windows, battery time is great, somewhere 10-12 hours in light use. I didn’t test/optimize Linux extensively, but it seems to be ~8 hours in light use.
                                                          • Performance is good. Single core performance is of course worse than the M1, but having 8 high performance cores plus hyperthreading compensates a lot, especially for development.
                                                          • Even though it has fans, they are not very loud, even when running at full speed.
                                                          • The GPU is powerful enough for lightweight gaming. E.g., I played some New Super Lucky’s tale with our daughter and it works without a hitch.

                                                          Cons:

                                                          • The speakers are definitely worse than any modern MacBook.
                                                          • Suspend/resume continues to have issues on Linux:
                                                            • Sometimes, the screen does not wake up. Especially after plugging or unplugging a DisplayPort alt-mode USB-C cable. Usually moving the TrackPoint fixes this.
                                                            • Every few resumes, the TrackPad and the left button of the TrackPoints do not work anymore. It seems that (didn’t investigate further) libinput believes that a button is constantly held, because it is not possible to click windows anymore to activate them. So far, I have only been able to reset this state by switching off the machine (sometimes rebooting does not bring bak the TrackPoing).
                                                            • So far no problems at all with suspend/resume on Windows.
                                                          • The 1080p screen works best with 125 or 150% scaling (100% is fairly small). Enabling fractional scaling in GNOME 3 works. However, many X11/XWayland applications react badly to fractional scaling, becoming very blurry. Even on a 200% scaled external screen. Also in this department there are no problems with Windows, fractional scaling works fine there.
                                                          • The finger print scanner works in Linux, but it results in many more false negatives than Windows.

                                                          tl;dr: a great experience on Windows, acceptable on Linux if you are willing to reboot every few resumes and can put up with the issues around fractional scaling.

                                                          I have decided to run Windows 10 on it for now and use WSL with Nix + home-manager. (I always have my Ryzen NixOS workstation for heavy lifting.)

                                                          Background: I have used Linux since 1994, macOS from 2007 until 2020, and only Windows 3.1 and briefly NT 4.0 and Windows 2000.

                                                        2. 1

                                                          Everytime I wake up my Mac, after a couple of minutes, it switches to sleep again 1-3 times (shutting of the external screen as well).

                                                          Sleep seems to be broken on the latest MacOS versions: every third time I close the lid of my 2019 mac, I’m opening it later only to see that it has restarted because of an error.

                                                          1. 1

                                                            Maybe wipe your disk and try a clean reinstall?

                                                        1. 4

                                                          From the “cons” section:

                                                          Go won’t officially support Apple Silicon binary compilation until February 2021. This is pretty slow especially compared to Rust. Apple’s been giving out dev kits since June.

                                                          (Emphasis in original).

                                                          I don’t believe the dev kits were free. They required an Apple dev membership and cost $500 (possibly defrayed by a rebate on new hardware when it became available) and there wasn’t an infinite amount of them.

                                                          1. 5

                                                            I assume the main reason for this is the Go release cycle. It basically has a release every six months and three months of code freeze before that. Therefore, when the DTKs were shipped, the code freeze for the release in August had already happened. The next release is the upcoming one in February. The ..x releases are made just for fixing “critical issues”.

                                                            This probably also means that most of the hard work is done and the upcoming beta of Go 1.16 will support Apple Silicon.

                                                            1. 1

                                                              Most of the work has been done. You can grab tip and run that rather successfully right now.

                                                            2. 2

                                                              Surely Apple and Google could agree on a bunch of dev kits so that Apple Silicon could launch with support for one the world’s most important programming languages?

                                                              1. 2

                                                                Agreed. I know that even the Nix foundation got one. I assume it is more a matter of putting it somewhere in the release schedule. The other issue is that you couldn’t really set up CI infrastructure until the M1 Macs were released.

                                                              2. 2

                                                                I remember Go’s design targeting particular scale problems seen at Google, notably the need for fast compiles. To what degree are Go’s priorities still set by Google? If that’s significant, what is their business interest in compiling to ARM?

                                                              1. 2

                                                                at a $999 price point

                                                                Or $1340 for Europeans.

                                                                1. 6

                                                                  This is largely because the 20% VAT is included in the price and because the EU mandates twice the mandatory warranty of the US on all purchased electronics. So no, the price isn’t really that different.

                                                                  1. 4

                                                                    Thanks for the reply! So Americans actually pay $1100 for what they call a $1000 product.

                                                                    Still a difference of $240.

                                                                    (BTW, this is not meant as negative criticism of your review – I actually like it a lot)

                                                                    1. 5

                                                                      Not in all states. When I was in Oregon (not sure if this is still true), they didn’t have sales tax.

                                                                      1. 2

                                                                        Still true. No state wide sales tax in Oregon.

                                                                  2. 6

                                                                    Or $2430 for Brazilians :) (I’m actually crying)

                                                                    1. 2

                                                                      You mean 835 EUR right?

                                                                      1. 3

                                                                        No. Apple’s listed prices are more expensive in Europe as discussed above, due to higher VAT.

                                                                        On top of that, over here (Europe) the advertised price almost always includes those taxes; unlike in the US where they are added at the time of purchase.

                                                                        1. 2

                                                                          The reason I posted this, is because I think these price comparisons between difference currencies have no meaning. Why post a dollar amount for europeans who can only buy in euros. If you want to compare prices, compare to something like the big mac index or a cost of living index.

                                                                          1. 1

                                                                            Ah. That’s a pretty good point to make, and I completely agree. But I don’t think that’s clear from your original comment.

                                                                            Why post a dollar amount for europeans who can only buy in euros. If you want to compare prices, compare to something like the big mac index or a cost of living index.

                                                                            For an accurate comparison, I think you’d have to compare the price to your chosen index across various US states as well.

                                                                            1. 1

                                                                              And then, there are countries in Europe that are not a part of the Euro zone yet and still have their own currencies, and that dosn’t make the situation any better.

                                                                    1. 1

                                                                      It’s not that security by obscurity is bad. It’s rather that you can’t use it to obtain proofs or formalisms of security.

                                                                      1. 0

                                                                        I think Lea said it very well. Not really interested in hearing you whining about being mistreated after the credible accusations of sexual assault and harassment. Flag as off-topic because this isn’t technical, and it’s not “culture” either, it’s just you @nadim

                                                                        1. 0

                                                                          Hi Max,

                                                                          I received an email a few minutes ago notifying me that you had tagged me in this comment.

                                                                          I don’t think we’ve ever met, but I see that you’re one of Matt Green’s PhD students and are thus active in the field, and I wanted to respond to your comment which appears to imply that I deserve the treatment described in my post because I have, according to you, likely committed serious crimes which people have accused me of on Twitter.

                                                                          I have two things to say:

                                                                          1. I understand that you think that my blog post is “whining”. I would disagree. I think that, as an aspiring academic, you should recognize that using someone’s work and soliciting for their feedback over a period of an entire week, in over a hundred messages and in two conference calls, while promising them citations that fail to materialize, isn’t exactly something I would describe as whining; it’s actually calling out plagiarism. And pointing out plagiarists does seem to be in the community interest, especially when they (or their students) resort to ad-hominem attacks in response to the calls for proper citation. Your own thesis advisor, Matt Green, is a co-author with Lea Kissner on the Zoom paper, and so I would also wonder whether there is a conflict of interest materializing when one of his students appears to further insinuate that I have committed crimes when I point out the act of plagiarism and supplement it with evidence. If what you’re saying here is that some people deserve to be plagiarized because of Twitter rumors about them, well, that’s not something I can really come to grips with.

                                                                          2. If you are interested in what I have to say regarding the tweets that you’re referring to, I wrote a detailed response here that you can read if you wish. In that response, I address the tweets in detail.

                                                                          I don’t mind you flagging the post or not wanting to read it, but I would appreciate it if you could please consider the points I make above and try to understand why they could make your comment appear unkind at best. Thank you for reading, and all the best to you.

                                                                        1. 5

                                                                          Having tried one of the earliest versions of Verifpal last year, as a beginner to those tools, going from Tamarin to Verifpal was going from “unusable” to “easy”. Analysis speed was a big part of that, but so was the syntax and semantics of the protocol description language.

                                                                          Still haven’t gotten around to it, but I consider Verifpal a mandatory gateway to version 1.0 of Monokex (a Noise ripoff I’m working on that Nadim audited), or even any new protocol I dare invent.

                                                                          Verifpal provides formal methods to the masses. We had TLA+ in a similar vein before for concurrent programs. I can’t wait to see other domains have similar tools.

                                                                          1. 3

                                                                            Thanks very much Loup, looking forward to checking out your coming work.

                                                                            I think that especially when I see comments like this, I’m glad that I wrote this post. The second part explains clearly the differences in what Verifpal can guarantee versus a more comprehensive tool like Tamarin, and outlines that the ease of use does come at a slight cost in rigor and complete proofyness (I wonder if I just coined that term).

                                                                          1. 1

                                                                            So cool to read this. I recently discovered Valorant and have been playing it almost every evening. Great game.

                                                                            PS hit me up if you want to play together!

                                                                            1. 1

                                                                              Unfortunately, I haven’t been able to load the site successfully in either Chromium (v 84.0) or Firefox (79.0) on Linux, even after accepting the self-signed cert.

                                                                              I would definitely be interested to know what approaches you took in implementing the AI.

                                                                              1. 1

                                                                                I think you were experiencing a DNS issue. Try again.

                                                                              1. 6

                                                                                Fun game, but it would be interesting to see a write-up about what all is going on here under the hood.

                                                                                1. 4

                                                                                  Thanks, I’m strongly considering such a write-up.

                                                                                1. 2

                                                                                  Is this language memory-safe?

                                                                                  1. 1

                                                                                    I suppose so: it does not expose the raw memory directly for things like string handling, and is not even fully compiled (bytecode compiled for a simple VM) : https://github.com/tj/luna/blob/master/src/codegen.c#L31-L59

                                                                                    On the other hand, there is still some work needed to polish it : https://github.com/tj/luna/issues

                                                                                    So it looks like unfit for production use, sorry !

                                                                                  1. 11

                                                                                    Oh cool, I opened Lobste.rs to find something to read and saw this headlining the site! It was a pleasure to work on this audit.

                                                                                    1. 3

                                                                                      I couldn’t let your work go unseen after all. :-)

                                                                                      1. 3

                                                                                        But now for the question burning under everyone’s nails: How much did it cost?

                                                                                        1. 3

                                                                                          Looking at my application, it cost $7.000, all paid by the OTF.

                                                                                    1. 9

                                                                                      I just want Android phone companies to start making small phones again.

                                                                                      I had the Nexus 5 and it was great. Before that I had the Samsung galaxy chat and that was great for the physical keyboard, albeit a bit slow.

                                                                                      I am sick and tired of phones that I can hardly hold in my hand, and I don’t want to pay the Apple tax.

                                                                                      The iPhone SE looked very interesting as it sells for 400$ in the US but for some reasons is 499€ in my country, and that’s a big let down (not sure why op who is from Paris is citing the US price).

                                                                                      1. 6

                                                                                        As a happy iPhone SE user, I’m annoyed that the new one is… quite bigger :(. I have rather tiny hands and would like to be able to use my phone with just one and the new form factor is just ad the edge of uncomfortable.

                                                                                        1. 4

                                                                                          The iPhone SE looked very interesting as it sells for 400$ in the US but for some reasons is 499€ in my country, and that’s a big let down.

                                                                                          The SE is 489EUR in Europe, not 499EUR. Most of the difference is due to the sales tax. 400USD + NY sales tax is 400EUR, while 400USD+ EU sales tax is 445EUR. Why there is an extra 44 Euros on top of that, I couldn’t say.

                                                                                          (not sure why op who is from Paris is citing the US price.)

                                                                                          Frankly, I’m not sure either. I guess I assume everything I write on the Internet has a majority American audience. I don’t know why I assume this.

                                                                                          1. 4

                                                                                            I think your math is a little off. In France, the price before tax (HT) is 395 Euro. In the US the price before tax is 399 USD. That’s about 370 EUR at today’s exchange rate. So it’s only around 15 Euro extra excluding taxes. I suspect you can attribute that difference to the shorter US standard warranty. In the US you only get 1 year of standard coverage; in the EU you get 2. 15 euro for an extra year is actually on the inexpensive side for that difference.

                                                                                            1. 2

                                                                                              Sure, I could be a little off, but you get the idea. I definitely missed the big difference in warranty, good point.

                                                                                          2. 3

                                                                                            If you’re looking for a modern, Nexus 5-sized device, take a look at the Samsung Galaxy S10e. It’s a smidge taller, but only slightly.

                                                                                            1. 2

                                                                                              I also find large phones awkward to hold and carry around but I’m very happy that they exist because I have bulky fingers. Small touch screens and bulky fingers make a terrible pair. Years ago I had a Samsung Mini and it was terrible, it took me two minutes to write an 80-character SMS.

                                                                                              The iPhone SE still costs way more than I want to spend on a phone, but I figured I might make an exception because I’d use it for a long time. I tried it in the shop and the best that I can say is that it was probably entertaining to watch me try to type something on that thing.

                                                                                              Honestly, I just want phone companies to start making phones with keyboards again – my old Nokias had really tiny buttons, but the fact that they had shape and volume made them easier to handle. But that ship has long sailed, I guess – now I’m happy to settle for something large enough to allow me to text in peace.

                                                                                              1. 2

                                                                                                Same for me, just with the Nexus 4. After I installed cyanogen mod, I was spoiled for life.

                                                                                                I guess one reason phones have larger screens, is that the bezels have been decreasing, even though I personally don’t think that legitimizes the development. You still have to reach for more screen space.

                                                                                              1. 12

                                                                                                This isn’t the first iPhone SE. Apple did this before, putting a 6S processor in a 5S case. And that model was discontinued before the new one was ready. If the original iPhone SE wasn’t a turning point in smartphone trends, why will this one be?

                                                                                                1. 3

                                                                                                  Seems to me like the leap between the first SE (which dropped four years ago) and this one is pretty big. A13, much larger display, etc.

                                                                                                  1. 11

                                                                                                    I honestly don’t get the hype. The first iPhone SE was 400USD as well. I think it’s a good phone, and awesome that Apple is still selling cheaper devices, but there’s nothing here that’s a game changer. It’s just the same as the last model - an older device body with some updated components and a $400 price tag.

                                                                                                    1. 8

                                                                                                      I think the smarter idea with the SE is to make the base model baseline still a nice experience (hence the A13 and such), but make the higher end desirable with newer design, higher end camera features, bigger screens, etc. An equivalent $400 Android phone probably isn’t going to come with the best SoC on the market. Using a lot of parts bin stuff that’s been amortized, and Apple’s making a profit on this. (Previously, Apple’s strategy was the “low end Ferarri is a used Ferarri” strategy, which, while iPhones have longer lifecycles, it probably ends up with people hanging onto things like 4Ses just to have an iPhone at all, which isn’t desirable from an ecosystem PoV…)

                                                                                                      1. 2

                                                                                                        I don’t need a game changer. I need a phone.

                                                                                                      2. 4

                                                                                                        Honest questions: I have stopped paying attention to phones years ago, but it was my understanding that the CPU/RAM problem was “solved”. Having the best, the second best or a four year old CPU won’t change much for the regular user (I guess phone reviewers and people who play action games are the exception).

                                                                                                        If I use my phone for chatting, browsing, perhaps watching youtube videos and this or that social network, what difference does it make? Is it to be expected that phones a few years in the future, all apps will require so much more computing power?

                                                                                                        I’m skeptical, because the real bottleneck in my eyes remains the battery. Both in terms of day-to-day usage and lifetime. People who develop for phones have to consider this factor when writing apps. But phone producers are reluctant to increase the battery size (setting aside technical/security reasons), because that’s usually what kills a phone after 2-4 years. It used to be that they were too slow or the RAM didn’t suffice, but as I said, I see these things as non-issues.