The Meltdown-and-Spectre Edition Thursday, January 4, 2018

Researchers Discover Two Major Flaws In The World’s Computers, by Cade Metz, New York Times

The two problems, called Meltdown and Spectre, could allow hackers to steal the entire memory contents of a computer. There is no easy fix for Spectre, which could require redesigning the processors, according to researchers. As for Meltdown, the software patch needed to fix the issue could slow down computers by as much as 30 percent — an ugly situation for people used to fast downloads from their favorite online services.


Microsoft, maker of the Windows operating system, and Apple, maker of the Mac operating system, will need to distribute software code that can patch the first flaw, the researchers said. The worldwide community of coders that oversees the open-source, Linux operating system, which runs about 30 percent of computer servers worldwide, has already posted a patch for that operating system.

These software patches could slow the performance of affected machines. Andres Freund, an independent software developer who has tested the new Linux code, said that the fix could slow performance 20 to 30 percent in some situations. The researchers who discovered the flaws voiced similar concerns.

Apple Has Already Partially Implemented Fix In macOS For 'KPTI' Intel CPU Security Flaw, by Mike Wuerthele, AppleInsider

Multiple sources within Apple not authorized to speak on behalf of the company have confirmed to AppleInsider that there are routines in 10.3.2 to secure the flaw that could grant applications access to protected kernel memory data. These measures, coupled with existing programming requirements about kernel memory that Apple implemented over a decade appear to have mitigated most, if not all, of the security concerns associated with the flaw publicized on Tuesday.


Our sources, as well as Ionescu, say that there are more changes in the macOS High Sierra 10.13.3 —but both declined comment on what they may be, or what else is required to totally secure users.

What’s Behind The Intel Design Flaw Forcing Numerous Patches?, by Peter Bright, Ars Technica

These rings are used to protect the kernel memory from user programs. The page tables aren't just mapping from virtual to physical addresses; they also contain metadata about those addresses, including information about which rings can access an address. The kernel's page table entries are all marked as only being accessible to ring 0; the program's entries are marked as being accessible from any ring. If an attempt is made to access ring 0 memory while in ring 3, the processor blocks the access and generates an exception. The result of this is that user programs, running in ring 3, should not be able to learn anything about the kernel and its ring 0 memory.

At least, that's the theory. The spate of patches and update show that somewhere this has broken down. This is where the big mystery lies.

Solving A Washed-Out Display Problem, by Adam C. Engst, TidBITS

I don’t expect that anyone would experience this exact problem, but if you feel like your screen is brighter or whiter than it should be, check the Accessibility preference pane to make sure the Display Contrast slider is all the way to the left. Also, it’s worth taking a spin through your keyboard shortcuts and disabling anything you don’t recognize so accidental keyboard presses don’t cause unexpected behavior.

The ‘App’ You Can’t Trash: How SIP Is Broken In High Sierra, by The Eclectic Light Company

Thus SIP prevents the user from uninstalling a third-party app which the user installed, even though the kernel extension might be rendering macOS unstable, or have other significant side-effects.

SEC Mixes Message On Apple Shareholder Proposals, Activists Say, by Ross Kerber, Reuters

Apple Inc was allowed to disregard one activist shareholder proposal on greenhouse gas emissions but told to hold a vote on another concerning human rights issues, in closely watched securities rulings that tested new guidance from U.S regulators.


SEC staff on Nov. 1 gave companies potentially more room to disregard shareholder proposals related to “ordinary business,” so that investors are not micro-managing executives. Apple quickly cited the new guidance.


Are There Any Good Portable MP3 Players For Blind And Visually Impaired People?, by Jack Schofield, The Guardian

The iPod Touch is the only surviving member of the iPod family, and it’s much like an iPhone without the phone. You might dismiss it for being a touchscreen player or, more likely, because it’s expensive at £199/£299 or $199/$299. However, it does have a number of features that may make it usable by blind and visually impaired users. These include the VoiceOver screen reader and Voice Control, which recognises command such as shuffle, pause and next song. See Apple’s help page, Use Accessibility features on your iPhone, iPad, and iPod touch.

Better still, the latest iPod Touch has Siri, Apple’s voice-controlled digital assistant. Experiment with Siri on an iPad or iPhone to find out if you can operate an iPod Touch successfully.

Early Apple Park Design Concepts Shown In New Norman Foster Foundation Book, by Michael Steeber, 9to5Mac

Spaces, photographed by José Manuel Ballester, is a new publication detailing the walls of the Norman Foster Foundation. Fortunately, those walls happen to contain early architectural renders of designs considered for Apple’s new campus in Cupertino. The aerial images reveal a wide variety of shapes and building layouts, including clusters of small structures, a three blade “propeller,” and what almost resembles a spider.

Best Weather Apps For iPhone, by Lory Gil, iMore

There are hundreds of weather apps in the App Store. It's a very popular category. Sure, Apple's built-in weather app is a great option with nice graphics and animations and useful hourly forecasting. But, each person has a different idea of what makes a great weather app. Some want simplicity, while others want all the data. We've got a list of the best weather apps across a variety of styles. Which one is right for you?


Some Useful URL Schemes In Xcode 9, by Cocoa Engineering

Not many people know that Apple introduced some interesting automation capabilities in Xcode 9 via URL schemes. I sometimes use them, and as I didn’t see them publicized anywhere, I decided to document them in this blog post.

Bottom of the Page

Based on my layperson understanding of the Meltdown and Spectre issues, I don't think Apple would have totally avoided the security problems if they were making their own CPU. It seems to me the flaws discovered are in some fundamental design that Apple would have also designed in similar manner. These current issues alone should not be the motivation for Apple to switch away from Intel.

(Actually, I do believe Apple has already decided on their Mac roadmap for, I don't know, next five to ten years, and this incident will not change the decisions already made.)

(I don't think Apple has any plans, currently or previously, to stop producing Macintosh computers.)


Thanks for reading.