Mobile
My iOS apps
Other apps
Open source
  • Bandwidth benchmark
  • TouchWidgets UI lib
  • Diviner big number math
  • Documentation
  • x86 instructions ref
  • GIT quick ref
  • GPG quick ref
  • Avoid Ubuntu
  • Android malware risks
  • iOS malware risks
  • OS/X security tips
  • Who blocks Tor
  • Software engineering
  • BASH aliases
  • I.B. pro/con
  • Nutrition
  • Blog
  • Contact
    1 at zsmith dot co

    An unassuming tech blog

    © by
    All rights reserved.

    A series of random observations organized in reverse chronological order. Why unassuming? Because egotism is a learning disability, of course.

    Why so little innovation in laptop keyboards

    July 2017

    Notebook computer manufacturers often play follow-the-leader, but when it comes to keyboards the situation is worse: They delegate to non-leaders. They mostly just buy standard keyboard parts from standard keyboard manufacturers and then forget about the keyboard, as if keyboards were like instant ramen or roofing tiles.

    The two things a consumer touches when they try a computer at the store are the keyboard and touchpad. Each is an afterthought. Does that seem like good planning to you? No wonder that Apple has become popular. They excelled (until recently) in the tactile experience.

    The result is an avalanche of PC laptops with chiclet keyboards that feel awful and are unhealthy to use for even a few hours.

    Apple, which is considered a leader of sorts, has ironically produced their butterfly keyboard, in so doing hijacking the name of a famous IBM Thinkpad keyboard, but unlike IBM's masterpiece Apple's thing is unhealthy to use for even a few minutes. Only the Onion could have predicted something worse:

    Cherry continues to produce interesting keyboard switches for office computers and gamers, and their keyswitches have made one appearance unmodified in the very heavy MSI Titan laptop. They seem unwilling to allocate brainpower toward actually improving laptop keyboards however.

    Now some unknown keyswitch maker may have innovated. It has produced mechanical backlit keyboard switches for the Lenovo Y900, reviewed in Laptop Mag. Let's hope they can make a difference.

    If we recognize that typing all day is as rough on the body as:

    • Standing all day
    • Walking all day
    then perhaps we can see deduce what the solutions to the problem of improving the laptop keyboard might involve.

    If someone who stands all day needs sturdy shoes, perhaps someone who types all day needs a non-flimsy keyboard, which is not a $5 part. (Both Thinkpads and Apple's pre-2016 laptops are known to have sturdy keyboards.)

    If someone who walks all day needs gel-cushioned soles, perhaps someone who types all day needs a keyboard that does not cause a hard impact when it clicks nor when it hits bottom but instead touches down on rubber or dare I say, gel?

    Finally, if someone has a crooked posture all day, the solution is to switch to a natural posture. Let us ask then: Why does a wide 15" or 17" laptop not already in 2017 have any correction for ulnar deviation? A straight row of keys makes no sense if there is room for an ergonomic V-shape layout.

    Product quiz

    July 2017

    Guess which business strategy is the fake one:

    1. Pizza Hut decides to add inedible silicone in their pizza cheese as a filler because it has great shelf life and it simulates the mouth feel of cheese.
    2. Wells Fargo decides to load up customers with invented bank accounts for which those customers did not ask and which incurred unwanted fees and penalties.
    3. Apple decides to put a home button in its expensive phones that does not move when pressed but rather vibrates to simulate a click sensation, even though no users requested such a button.
    Surprise! They are all real.

    Innovation quiz

    July 2017

    Which of these product decisions feel like a visionary gave them his eager thumbs-up approval?

    iPhone missing headphone jack.
    No. It was removed to add space for a haptic response buzzer, which was itself put in based on dubious justifications.
    Macbook Pro dongleitis (excessive dongle disease)
    No. It is just a scheme to force unwanted purchases of dongles.
    Butterfly keyboards
    No. Its insufficient key travel is guaranteed to cause repetitive stress injuries, and some models have an unrepairable problem wherein keys become super-tough to press down.
    Haptic feedback home button
    No. You press an unmoving button that vibrates instead of moving? It is a fake button.
    The awkward and useless touch-bar
    No. It feels unnatural and takes your eyes off the screen. It was meant to placate users to wanted a touch screen but instead only offended them.
    Macbook 12-inch
    No. It is a computer for which no one asked and it is not better than the Air.
    Endless Swift changes
    No. Perpetual twiddling is a tacit admission of having no vision and no plan. If Kotlin gets ported to iOS, Swift will be in trouble.
    $180 iPad keyboards
    No. An overpriced second-rate solution is not visionary.

    Where is the genius in dongles?

    Where is the genius in stealing a product name? Check out the original butterfly keyboard

    Objective C on Android

    July 2017

    With Apple making increasingly strange product decisions the prospect of compiling Objective C to run on Android is looking more appealing, especially given that Android's NativeActivity environment could may allow this.

    My own TouchWidgets project could in theory be adapted as a user interface toolkit. It would require that I write additional classes including UITableView and UICollectionView.

    But first things first: Will compilation even be possible? There is GNU's pre-2.0 Objective C compiler, which I used to build TouchWidgets. And there is LLVM. Further research needed.

    Print recent disk mountings/unmountings on macOS

    June 2017

    Are you paranoid that someone plugged a USB flash drive into your computer? Here's how to scan the last four hours of the log for mounts and unmounts.

    log show --last 4h | grep -e ": mounted " -e ": unmount " 
    

    Android finally improving?

    June 2017

    Google I/O 2017 brought news that Google is taking its Android product's security more seriously, addressing core security concerns of users and the computer security community who had largely deemed Android to have seized the mantle of least secure operating system from Microsoft Windows. But will Google follow through?

    Meanwhile, there is more evidence that product naming is becoming an increasingly desperate and risky enterprise unto itself. The language that Google has chosen to supplement the lawsuit-encumbered Java language is Kotlin, whose name is borrowed from a Russian island. The odd thing is, Kotlin literally means in German little dung. This is unfortunate; it appears that Kotlin is a pretty good language, despite being more or less Swift-for-Android.

    Kot = German for dung
    -lin = diminutive i.e. little.

    A simple fix for the iPad's boring home screen

    May 2017

    Much has been made about the useful widgets that can be put on the Android home screen, and the fact that iOS does not support home screen widgets. But it easily could:

    Apple merely needs to let users place running iPhone apps on the iPad's home screen pages. They could allow 320x568 point app screens or even revert to yesteryear's 320x480 screen size, which would be more convenient for the 9.7" iPad's limited screen space.

    Scrolling between pages could be the same programmatically as locking and unlocking an iPhone screen i.e. when an iPhone app is not visible, that app loses its Active status, but does not enter the background.

    The tricky thing is layout: namely, what to do about rotation?

    A tree command for macOS

    May 2017

    macOS doesn't include a tree command, unlike GNU/Linux, which means you either have to install the official tree program. There are three basic approaches:

    1. Install tree from source code: a laborious process.
    2. Install homebrew, then install tree through it, which puts you at risk because it means installing untested binaries from strangers.
    3. Simulate tree with a BASH function.

    Here's my version of option 3:

    function tree {
        for s in `find . -type d`; do
            A=`echo $s | sed "s/[^\/]//g" | sed "s/\//.   /g"`
            B=$(basename $s)
            echo "$A"$B
        done
    }
    

    How to print out the reason for your computer waking up

    May 2017

    Are you afraid your landlord is sneaking into your apartment when you're gone? Does your keyboard suddenly feel sticky one day?

    Print the last 8 hours' Wake reasons:

    log show --predicate 'eventMessage contains[d] "Wake reason"' --info --last 8h

    A response to the AnC exploit solution

    Apr 2017

    The creator of the AnC exploit, which defeats ASLR, explained to me that one possible solution to AnC is cache partitioning, which the Intel CPUs are capable of supporting. Intel calls their take on cache partitioning Cache Allocation Technology.

    A quick search shows that Linux supports this in the RDT module.

    The problem? CAT mainly exists on Xeon processors.

    He pointed out that one problem with my solution of having decoy pages is that decoy code pages won't be loaded into the largest cache if no instructions are executed in them. But this is easy to fix: Load a JMP instruction in each, which jumps to the next decoy page, until the CPU reaches the last one which contains a RET. Then make a subroutine call the first JMP. Of course the kernel itself would both create the decoys and initialize their contents.

    How to defeat the AnC Address Space Layout Randomization exploit

    Apr 2017

    Not long ago, the tragic news was broached that Address Space Layout Randomization (ASLR) can be defeated using a technique of walking page tables and measuring the delays caused by cache line misses. This is possible because it turns out, Intel, AMD and others use the caches to store page table entries (PTEs) rather than bypassing the caches. While putting PTEs in the cache speeds up software, it makes ASLR trivial to defeat.

    The exploit is called ASLR⊕Cache, or AnC for short.

    The essential flaw is that when PTEs are stored in a cache, part of their address is of course used to determine where in the cache the entry will go, and this fact can be used to coax the cache into revealing that part of the address. Remaining address bits can be obtained using a related technique. Once it's known what entries in each page table are in use, a full understanding of what specific virtual pages are in use can be constructed.

    I believe there is a solution to this exploit. Well, two really.

    The first and obvious solution is for CPU manufacturers should in future stop using the caches to speed up accesses to page table entries. They should also provide microcode patches for existing CPUs, when microcode was used to implement the page table walk. The problem is that while some companies put page table entry loading in microcode, which can be updated, not all do; some implement it in hardware.

    My second proposal is slightly tedious but probably should have be done anyway: Use decoy pages. Let's say you're running a web browser that has a 40MB footprint. That's 10,000 4kB pages. If you produce 4 times that in decoy pages, another 40,000 pages, any attacker using the ASLR-defeating exploit will have to scan 5 times the number of true pages to find what it wants. But 80% of the pages will be useless decoys, meaning a 1 in 5 chance of success.

    But what shall you put in those decoys? Assuming the exploit is looking for particular libraries or data structures, you simply need to create fake pages that look real enough while being harmless. They may need to have pointers to one another just like real pages, and real-looking strings and code. But the code shouldn't do anything useful, like make valid system calls. And the strings shouldn't contain anything useful, like real domain names or usernames.

    Object-oriented assembly language (OOA)

    Apr 2017

    My new article on how to write object-oriented code in x86 asm is here.

    To offer a high level assessment, the basic problem is that while there are several ways to do OOA, the easiest is the most limiting, and once you commit to one approach it may be time-consuming to switch to another.

    For this reason, a computer language that is just slightly more sosphisticated than assembly might be the best solution, if code speed is the goal. This was the major point of my C@ compiler project.

    iOS: Areas for improvement

    Apr 2017

    While some like to hold Apple above criticism, because for whatever reason they think Apple is perfect, it has become obvious that some aspects of iOS hardware and software need a rethink.

    Realists on this topic can be found everywhere:

    • Reviewers and ranters on Youtube
    • Retail salespeople in Apple stores
    • Bloggers
    • And anywhere else that the Svengali trance of Apple has no hold.
    iOS imperfect? Let us count the ways...
    1. iOS devices really do need SD slots that can read and write files. For a tool to be useful it has to be fit for purpose and a computing device without a serious storage option (iCloud is not that) is not an effective tool.
      • A photo editor running on iOS has to be able to save an edited file somewhere useful like an SD card from where it can then be efficiently archived. The iCloud or Dropbox solution is not ideal for privacy or speed (upload speeds being generally slow). Regarding sensitive photos, uploading to the cloud may be fine for trivial photos but anything at all sensitive or important needs to go somewhere safer than iCloud.
      • The same goes for critical business files like contracts, customer lists and sales data. No business manager worth his salary is going to accept putting important and confidential business documents into the cloud where a hacker or a government operative can steal them, corrupt them, or delete them and thereby disrupt the smooth operation of his company. Files need to be saveable to a physical medium like SD flash and then put into private backups.
      • The fact that an SD card slot is needed is only half the problem. iOS needs the ability to write to SD cards that have encrypted file systems (like macOS can) to protect user data before it is archived.
    2. The app launch screen (Springboard) is no better than it was in 2007. Android's home screens have useful gadgets of various types like a search bar, a calendar, and concise news headlines. It is quite bizarre that Apple, which fanboys claim is a fount of innovation, is clearly being out-innovated by its imitator.
    3. Apple's obsession with streaming sounds very clever to fanboys, who argue that the age of physical media is already over. But there is a problem: WiFi frequencies are in the microwave range and as such they do go straight through your body and they do cook you slightly. While industry scientists claim this is harmless, that is not true according to some research. Microwaves are officially non-ionizing radiation unlike Xrays so genetic damage should not be observed but the problem is, it has been observed nevertheless. Thus WiFi microwaves may be the new smoking: safe only if you trust the industry and ignore the evidence.
    4. Touches too precise? The premise of the touch screen is that tapping is so easy that it is hard to screw it up. Unless you are in motion. Anyone who has been a passenger in a car or bus or just walking down the street knows that taps are harder to get right while in motion. There are several reasons why this is so, but one is that Apple seems to be encouraging user interfaces that require more and more precise taps. Perhaps Apple bigwigs only ride in super-smooth transport like shuttle buses and let their retinue take the bumpier road. But for the Rest of Us there is an obvious solution that at least Apple could embrace for its apps. What is that solution? My secret.
    Certain types of businesses capitalize on bad decisions.
    • Alcohol and tobacco vendors.
    • Junk food manufacturers.
    • Casinos and lotteries.
    • Payday lenders.
    • Narcissism-boosting social media.
    • Subprime mortgage providers.
    Apple, by encouraging cloud storage instead of physical storage to SD cards, by encouraging streaming and electromagnetic radiation exposure, has effectively joined the ranks of these predatory businesses that capitalize on poor reasoning, pretending all the while to be somehow embracing the future. Is anyone besides the fanboys buying it?

    Safari not included with OS/X?

    Mar 2017

    On iOS, I can open Safari by saying Siri, open Safari. Such is not the case on macOS. Siri disclaims any knowledge of Safari.

    If macOS were free/open-source software, or a hobby project, this kind of obvious bug might be understandable. But it isn't written by volunteers. It's not a hobby project. What is wrong at Apple?

    How to fetch a file through TOR

    Feb 2017

    Steps:

    1. Run the TOR browser.
    2. On OS/X use this command: curl --socks5 127.0.0.1:9150 $url -o $name
    On GNU/Linux or Windows the port may be different.

    What does macOS Sierra look like when its windows server malfunctions?

    Feb 2017

    macOS sierra crash
    How did Apple screw up to even make this possible?

    Reminder: Even X-Windows never looked this bad.

    What did I do to cause it? It's my secret. Did I create an error ticket on Apple's website? Oh hello no. I've done that before; they always deflect my concerns and ignore my ample evidence.

    Ad Age: Apple losing its way.

    If Apple is against computers with touch screens...

    Feb 2017

    Why is it making this then?

    Are they taking a page from Magritte?

    Ceci n'est pas un écran à toucher.

    The meaning of Magritte's painting is the pedestrian observation that a word is not the thing. But in order to think, we need accurate words to describe a thing. If Apple makes a touch-screen computer but then says they don't believe in making touch-screen computers, what are they saying? What is the iPad with keyboard then really? A surveillance device? Without an SD card slot or a USB port, it certainly isn't a serious tool for productivity.

    Consumers want solutions to problems, not doublespeak. Their money is hard-earned. They are not idiots and you treat them like idiots at your peril.

    How to make a universal i.e. fat library for iOS

    January 2017

    Turns out, it's a simple command:

    lipo -create x86.a arm64.a ... -o universal.a
    

    Notice the pun. Lipo is the prefix for "fatty" e.g. liposuction, lipoprotein etc.

    Object-oriented programming in C

    January 2015

    An update to my old page on OOC: Link

    Common QA mistakes

    November 2014

    Testing is, in a sense, like making a hamburger. It is not terribly difficult but it has to be done right.

    • As with making hamburgers, doing testing wrongly can result in a tragedy.
    • As with making hamburgers, some people should not be doing it.

    Some common mistakes:

    • Failing to report obvious bugs therefore letting bugs pass through to the customer.
    • Not reporting critical facts or circumstances about a defect e.g. that Wifi has to be on, that it only occurs right after midnight etc.
    • Not providing any evidence of a defect e.g. screenshot, videos taken with a phone, or log files.
    • Not being knowledgable enough about the product that you are testing to know how it is supposed to behave, leading to the response that is how it is supposed to work.
    • Not taking the effort to write down what happened at the moment when it happened. Instead trying to remember much later.
    • Not wanting to check everything that needs to be checked and/or not prioritizing.
    • Not testing the latest product. Wasting time testing code whose defects are already fixed.
    • Accepting second-hand information (hearsay or rumors or lies) as totally legitimate instead of speculative.
    Some red flag mistakes that may indicate you should not be working in QA:
    • Declaring that something doesn't work but refusing to say how or why or when.
    • Doing QA because you just enjoy complaining and would do it for free.
    • Being opposed to learning a new platform in order to test software on that platform e.g. I don't do iOS. (Yes; I have heard that.)
    • Having a passive-aggressive personality or otherwise being unable to be direct.

    Management as a service job

    November 2014

    Human nature being what it is, many people enter management positions even though they don't understand people, therefore they suck at management. Or they don't understand themselves, therefore they suck at management. Why then would such people think they should manage?

    A few hypotheses:

    • He/she is bossy i.e. wants to order people around.
    • He/she is lazy i.e. actual work is super-hard and to be avoided.
    • He/she is greedy i.e. they think management is the road to riches and therefore use it to climb the ladder.
      • Example: Carly Fiorina.
    • He/she is classist or casteist, i.e. thinking oneself to be above little-people work.

    Just as a wife beater should never be allowed to become a cop...
    Nor a compulsive liar a politician...
    Nor a kleptomaniac a banker...
    Nor a bully a lawyer...
    The person who has some/all of the above-mentioned problems should be kept out of management.

    We're not in the 1970's any more; we can do better, no matter what the venture capitalists say.

    Management is essentially a service job. It's not at the same level as a cashier at a fast-food joint, but a manager cannot manage well unless he puts his ego aside, is humble and admits it when he doesn't know, can step back and just let people work, and realizes he has to serve.

    1. A manager must serve the customers and not deem them disposable, gullible or stupid.
    2. A manager must serve the workers to aid them in bring out their best and achieving goals and not boss them around for the fun of it.
    3. A manager must serve the money-people as well; but not by deceiving them nor kissing their asses.

    The blaming manager, the micromanager, the scheming player -- they can ruin products, divisions and even companies.

    Is the 5.5 inch iPhone {6, 6s, 7} Plus practical?

    September 2014

    I was one of the vocal proponents of a big-screen iPhone, telling anyone who'd listen that Apple needs to make one with a 5.5 or 6 inch screen.

    I expected the 6 Plus was going to prove me right. After owning the iPhone 6 Plus, I believe I was wrong.

    It's not a terrible phone. But the 6 Plus is rather heavy. While the 6 Plus only weighs 1.52 ounces more than the 6 (6.07 versus 4.55 ounces respectively), that is 1.33 times the weight, and the difference is almost alarming when they're side by side.

    The expense and delicateness of the 6 Plus means a rugged case is vital. My preferred case is the Magpul field case, but it's heavy. The Magpul case adds substantially to the overall weight -- 1¾ ounces to be exact -- bringing the total to 7¾ ounces.

    Having also owned the cheaper, lighter, and plasticy $150 LG Stylo 2 Plus, which is 5.1 ounces but has a screen that is 5.7 inches, I can say that the 6 Plus compares quite poorly.

    1. The bare 6 Plus is already 1 ounce heavier.
    2. The 6 Plus's high cost and fragility militates for using a rugged case.
    3. The LG Stylo 2 Plus can be used daily without a case because it is cheap and replaceable.
    4. However the 6 Plus with rugged case weighs nearly 8 ounces.
    Given the weight situation, only software -- iOS -- saves the 6 Plus, because Android is frankly crap. [Update: Android O may finally fix that.]

    So why go with the 6 Plus at all? While a 5.5 inch screen is a good size for web browsing on the go, it's not a great replacement for a tablet or a laptop.

    Let's consider video watching. If you are not working as a security guard or a librarian, or are otherwise idle in a quiet environment, you will be able to watch video outside of the home and you likely won't have a laptop with you. A large phone may help in your case.

    Let's consider web browsing. Even a 10-inch tablet can make web browsing difficult. A 5.5" screen will be much worse, and it isn't going to be a great improvement over say, a 4.7" display. But it will be much better than a 4-inch screen.

    I'd say that if Apple cannot make a less delicate, expensive, and weighty phone, it should settle on a smaller size. A 5-inch screen may be the Goldilocks size: Not too large, not too small, not too heavy. Just right for practical use while keeping the weight down.

    A repeat loop kludge for Objective C

    September 2014

    Many a-time there's a need in C and Objective C for a simple repetition loop à la 8086 instruction LOOPNZ. But one doesn't always need access to the loop counter itself. To this end, here's a simple #define that gives you precisely that. It may not work in every compiler, but it seems to be safe when used in Xcode.

    #define repeat(COUNT)  unsigned long x##__LINE__ =COUNT; while (x##__LINE__ --)
    

    Usage 1: repeat(10) puts ("message");
    Usage 2: repeat(10) { puts ("message"); }

    But why stop there? If you do need the counter value, just provide it like so:

    #define loop(VARNAME,COUNT) for(int VARNAME=0; VARNAME < (COUNT); VARNAME++)
    #define countdown(VARNAME,COUNT) for(int VARNAME=COUNT; VARNAME > 0; VARNAME--)
    

    The only caveat is that as of Xcode 5, llvm is performing a lot of type checking so you may need to type-cast the variable from the loop and countdown macros.

    Jerry Seinfeld explains why he didn't become a mere TV mogul

    September 2014

    But I didn't take that bait... because I know what it is... You can't pull that over on me.
    I've sat in all those chairs.
    I've been in those rooms. I know what it is.

    What is it? You'll just have to listen to Alec Baldwin's interesting and funny interview of Jerry Seinfeld:
    WNYC link

    Resize images from the command line

    August 2014

    On OS/X there is no need to install ImageMagick in order to resize images from the command line. Let's say you want to generate a new set of icons for an iOS app. You can do it with two commands: cp and sips. Below I offer an example, left as an exercise for the reader, on how you might do this from a script:

    cp iTunesArtwork.png Icon-144.png
    sips -Z 144 Icon-144.png  &> /dev/null
    file iTunesArtwork.png Icon-144.png
    




    © Zack Smith