Okay, here’s a weird one: Chinese drone manufacturer DJI has reportedly bought a majority stake in famous camera brand Hasselblad. The news comes from TechCrunch and photography website Luminous Landscape, both claiming inside sources have confirmed the as-yet unannounced deal. Details are beyond sketchy, since neither company has spoken to journalists to confirm or deny the transaction so far.
Archive for Hardware
If Apple’s strength is integrating various technologies together, it’s also a weakness. In this case, a pretty terrific bit of hardware is let down by a software feature of only middling reliability. Too many of Siri’s commands still seem to direct responses to a screen, which makes it inappropriate for voice-only use.
That’s a mistake, for a few reasons. First, Siri control is only functional when there’s an Internet connection. If you want to adjust the volume of your AirPods when you’re in an area with no service, you’ll need to pull out your phone or launch the Now Playing widget on your Apple Watch to do it. Why Apple doesn’t allow Siri to gracefully degrade to a few basic hardware-oriented commands when there’s no network connectivity is beyond me. The Internet doesn’t need to exist for me to tell my phone to skip to the next track—but that’s how Apple has apparently built this feature.
For years, people have speculated about whether Apple would ditch macOS in favor of iOS, shedding desktops and turning laptops into something like an iPad Pro in a fixed clamshell. A version of iOS has apparently come to the Mac, but not in a way that anybody expected.
- The new Touch Pad has a separate brain, a custom T1 ARM processor system-on-a-chip (SoC), that looks to be running a stripped-down variant of iOS, possibly derived from watchOS.
- Apple has paired Touch ID in iOS with its custom Secure Enclave chip, a tamper-resistent security vault that’s separate from but intertwined with an iPhone or iPad’s processing circuitry.
- There’s a Secure Enclave chip in every Touch Bar, just as in every iOS device with Touch ID.
- When you enroll your fingerprints in Touch ID, the underlying data is pushed into Secure Enclave, and can’t be pulled back out. When you touch the sensor after that, the characteristics of your fingerprint get sent to Secure Enclave
- Secure Enclave is used for other purposes, including storing and processing authorization information for Apple Pay.
- the T1 also controls the ISP (image signal processor) for the FaceTime camera in the MacBook Prorouting camera access and data via a more heavily secured separate processing system reduces the surface area substantially of an attacker trying to gain access.
The audio company can trace its roots back to the 1950s, when Sidney Harman teamed with Bernard Kardon to make high-fidelity machines. The company would later acquire brands including JBL and Infinity, among other audio equipment makers, and become a leader in high-end car stereo systems. It also owns the Bang & Olufsen brand for cars after acquiring the business last year.
What I read online seems to be “Professionals” (those guys), telling me it’s not Pro at all, not Pro enough or not the right kind of Pro. How many of these people have even touched the new devices? Very few.
I’ve been using the new 15” MacBook Pro (with Touch Bar) for the last week or so for actual work, so here’s my “Professional” opinion.
And last but not least. This is a laptop. It’s not an iMac. It’s not a MacPro. The lack of updates to those Macs shouldn’t be colouring the opinion of this Mac. The absence of clarity from Apple on those other devices is a problem, but it’s a whole different conversation. Would we have seen this level of negativity towards the MacBook Pro if the others had also been updated? Probably not.
Which brings me to the ports, (or the dongles, if that’s the way you choose to frame it). I feel the same about this as I did losing DVD, firewire 800 and Ethernet on my 2012 Retina MacBook Pro four years ago. It might be a slight annoyance for six months and then I’ll be in the future again.
A ‘Professional’ should be defined by the work they deliver and the value they bring, not their gear. Use the new MacBook Pro, don’t use the new MacBook Pro. Your audience don’t care. You just have to keep making great work however you can. For me, I love it and I think most people will do too… once they actually touch it.
The Here One are headphones, but Kraft doesn’t like to call them that. He doesn’t even think Doppler Labs will be in hardware for the long run. Instead, like Bragi, he considers the Here One an in-ear computer — or “hearable” — and a platform for developers to build on. He wouldn’t say which developers the company has lined up already, but did say it’ll announce initial partners soon.
In non-salesman speak, he’s banking on hearables blowing up where smartwatches have fizzled, and trying to set Doppler Labs up as a leader in the Next Big Market after (or really, alongside) smartphones.
The Here One can talk to Siri or Google Assistant, make calls, and work with a few unspecified apps. The idea is to build those apps out, and make it so the computer in your ear can displace the computer in your pocket in more and more ways. (And if you pair it with an augmented reality headset, that might provide the visual aspect headphones inherently lack.)
In April last year, for instance, comScore found that the number of internet users who employ mobile platforms exclusively has surpassed those who only connect via desktop in the US (this doesn’t consider users who access via both methods). And Google revealed that more searches through its engine are being conducted via mobile platforms than on desktop as of last May.
Xiongmai’s negligence is without question, analysts say, but it is just part a larger problem in the global hardware industry. In fact, the same system that brought exploding hoverboards into consumers’ homes last Christmas is responsible for unleashing hundreds of thousands of vulnerable cameras into American households—and probably millions of other equally vulnerable internet-connected devices.
Manufacturers like Xiongmai could fix the security issues, said Boland, but instead “spend as little money as possible on security, in order to make as much margin as possible.”
There are likely many more cameras with Xiongmai components operating in households right now, although neither Xiongmai nor its partners has publicly stated which brands and devices are vulnerable.
“Rowhammer” attack goes where few exploits have gone before, into silicon itself.
“The thing that is really impressive to me in what we see here is in some sense an analog- and manufacturing-related bug that is potentially exploitable in software,” David Kanter, senior editor of the Microprocessor Report, told Ars. “This is reaching down into the underlying physics of the hardware, which from my standpoint is cool to see. In essence, the exploit is jumping several layers of the stack.”
Device manufacturers should be held accountable for their devices’ behaviors out in the wild. Without clear accountability, we’re going to continue shipping easy-to-use yet wildly vulnerable devices. Examples of manufacturer requirements should include:
- An end to common default passwords. It’s more work, but every device should start with a different administrative password and require that it be set to an even more secure one when first used in the wild. It sounds obvious, but today you can control a huge number of home devices via a simple search for “default password.”
- Impactful alerts for vulnerabilities. These devices will certainly use software that has vulnerabilities, but how does a consumer know these problems are found? Anyone out there constantly hitting refresh on the manufacturer’s device support page to find out? I didn’t think so. Manufacturers must be responsible for getting alerts to their buyers similar to how car makers handle priority vehicle safety recalls. And if the warnings are not heeded within a set amount of time, the device should be disabled.
- Self-patching software. Even the lowest-cost camera, Wi-Fi access point or DVR must ship with self-patching software. We can’t have vulnerability-laden devices all over the place just waiting for the bad guys to take them over. And it’s not the owners’ faults — the patching experience for these devices is often miserable, assuming that you even knew it was needed. It’s time to require that these devices meet a minimum standard around simple and automatic patching.
- Information sharing. It’s both good and bad news that so many internet-connected devices have so much software in common. It’s bad in that a zero-day exploit can instantly put myriad devices at risk. It’s good in that we can more proactively monitor and protect them using common processes and coordinated patches. Device manufacturers should be required to share findings regarding vulnerabilities and attacks with their peers. Done properly, it can help other manufacturers protect their products and give the cyber security industry a head start in preventing any resulting attacks.
“The components that XiongMai makes are sold downstream to vendors who then use it in their own products.”
Why is their no list of who those DownStream vendors are? So we can remove those devices, because according to them
“The password is hardcoded into the firmware, and the tools necessary to disable it are not present. Even worse, the web interface is not aware that these credentials even exist.”
My worry is the fact that names have not been released is this weakness is farther reaching then we even know.