When I go to a restaurant, I make sure that I check its rating. I'd prefer to see an
When I buy milk I similarly assess the risk level; I find its sell-by date to gauge its freshness, making sure it's not past-due to near it.
But when I download a banking app, there isn't any kind of safety rating
to let me confirm that it is safe to use
and was audited and double-checked.
The data that people put into a banking app is highly sensitive and if stolen, damaging.
Small banks like credit unions never ever have actual app developers on staff, and they may outsource the work
to far-flung locations to cut costs.
This combination is potentially a prescription for disaster.
But let's identify what there is to fear.
Lacking any safety rating or a security auditor's stamp of approval, what specifically do we not know?
We cannot know:
Whether (or how well) anyone at the bank code-reviewed the source code to identify obvious security risks
and ensure that the app does not expand the attack surface due to programmers having cut corners
or over-engineered the thing.
Whether it was someone at the bank who compiled the source code and submitted the app
to the App Store or whether they outsourced that part.
Whether programmers foolishly used precompiled libraries that contained malware, spyware or vulnerabilities.
Whether the programmers' machines were infected with malware e.g. XcodeGhost
which injected malware into the app.
Whether there was a separate, protected, malware-free build machine or just any random computer was used.
If the bank only received object code like an IPA file for testing, whether anyone did a security audit of that e.g.
running a packet sniffer to make sure customer data is not being sent to criminals.
Whether the source code for the app was stolen from the programmers by criminals who can use it to find vulnerabilities.
Whether the bank did any in-house testing to make sure the app does what it is supposed to and no more
or did they just outsource the testing too?
Whether the programming was done by people who are connected to any criminal enterprise,
or to a not-so-nice government etc.
Whether the programmers live in a country without an extradition treaty.
And so on.
Chain of responsibility is unknown.
Code-level security is unknown.
System-level security is unknown.
Human security is unknown.
Security mishaps are unknown.
What we do know, based on the lack of a rating or seal of approval,
is that the bank didn't pay for a formal security audit, which they should have done
and which they'd be reckless if not crazy not to do.
In theory the App Store should ensure a very basic level of safety,
but in recent weeks scamware has
made it into the App Store
and risen to the Top 10 even while Apple has aggressively and recklessly attacked harmless spam apps,
many of which are patently not spam.
Clearly Apple's priorities are askew and they are missing obvious abusers.
Summary: Don't use a banking app, especially not a small bank's.
As explained in the neat summary linked-to hereunder, tech companies own most everything
you put online. That means it's not yours anymore.
You might call it theft by lawyer.
If you hire a felon to break into someone's house and steal their photos, you get to become a felon too. Boo-ya!
If you hire a lawyer to write some legal fine print to steal someone's photos, you get to become a tech millionaire.
With the iPhone X, Apple has misstepped in 3 ways that Steve Jobs likely would have vetoed.
Every moment that you use the X, your awareness of these
missteps will grow. This will erode your initial enthusiasm and coagulate
into a remorseful, gnawing worry -- a worry that in fact, your purchase
was quite foolish.
1. The Notch:
It is ugly. It is ever-present.
You cannot stop looking at the ugly Notch.
It looks especially awful in landscape mode -- forget about watching wide aspect ratio videos.
That odd shape:
Surely the screen's odd shape to accommodate the notch made it more expensive to manufacture than a square screen, and raised the overall cost.
The X could have been an $800 phone without the Notch.
Therefore you paid more for something worse.
To make things worse still, the X's Notch requires software changes in most existing apps
but many developers will take forever to update those apps. What a drag.
2. Facial recognition... why?
It is unnecessary. It is super-creepy.
Face ID electronics are elaborate and surely raised the cost of the phone as a whole.
Everyone was just fine with Touch ID.
Touch ID works 99% of the time.
1% failure is not a crisis.
Why did they not simply just put a Touch ID on the back, out of sight and mind?
Why not wait for something better?
Just a few months later, Synaptics got under-display Touch ID working.
Face ID is a huge privacy risk.
Unlike the infrared face-ID that appeared in Samsung phones and Windows laptops recently,
Apple's actually works.
If you live in a country where crimes include being the wrong ethnic group or having evidence-based beliefs
or anything else that powerful people do not like,
your Face ID data can be used to persecute you.
Can you really trust that Apple, which participates
in NSA's PRISM program, won't send your super accurate face-print to the spooks?
When Apple inevitably uploads faceprints to its servers, despite claiming it will not,
you must realize it is also inevitable that their cloud will get hacked.
It has happened before at least twice.
Senator Al Franken expressed similar concerns.
What if your phone gets hacked?
The Secure Enclave that would protect your faceprint was recently compromised.
As for animated emojis, who will use them for more than 5 minutes?
Animojis are a useless novelty, like curvy mirrors at an amusement park.
3. Priced at $1000, the X feels more like a test of maturity.
Do you lack self-control? Buy it!
Do you crave the admiration of others? Buy it!
Do you seek entry into some cool crowd? Buy it!
Do you need to make foolish people feel envious? Buy it!
Meanwhile there is a far better Android phone, the
Razer, that is available for $700.
So what should Apple's executives have done?
Apple should have made a phone that is 100% screen on the front: no Notch.
They should have made the rear Apple logo into a Touch ID sensor. Maybe one that lights up.
For the users who need the selfie camera and front speaker (not everyone does) just put them in a protrusion --
not the awkward intrusion of the Notch.
The gimmick of facial recognition comes at a large cost, so it should have been optional, not forced on customers.
Now that would have been revolutionary.
But wouldn't a protrusion look goofy? Only if it's
done wrongly, without an obvious workaround that
any competent innovator will hit upon.
With Intel recently gaining notoreity for putting a secondary spyware CPU
inside every x86 CPU that it has produced since 2006, specifically the
Intel Management Engine and variants,
even if they never officially intended it for spying
(yet it can transmit sound from your microphone even when the power is off)
a feeling of repulsion and nausea would be understandable whenever the name
Intel comes up.
It is a natural response to betrayal.
The fact that AMD has put a similar secondary CPU (named
inside their processors since around 2013 is disturbing, too.
One could argue that these two data points provide reason enough to contemplate a permanent switch
away from the x86 architecture.
But how would that work? For a GNU/Linux user, it would seem trivial, so long as
a safe and sufficient ARM-based solution exists.
But what about Windows users, whose software may never be recompiled for ARM?
Microsoft is preparing the imminent launch of Windows 10 for (Snapdragon) ARM-based laptops,
but this switch-over to ARM now seems
legally quite risky if they include x86 emulation that supports SSE.
Perhaps recompilation for ARM is required after all.
Or machine-code translation?
It helps to question assumptions.
Namely, is an ARM CPU automatically safe?
I assert that to assume ARM is safe is wishful thinking. A hardware backdoor surely exists in some ARM-based
devices. Who knows if an affected device is from MTK, Qualcomm, or inside the much-promoted Raspberry pi?
Careful analysis is always necessary.
We learned that lesson when Windows Vista was caught contacting servers from DoD and Halliburton
when it first booted up.
We learned that lesson again when Nuance was caught sending voice-prints to the Pentagon.
Perhaps in the short term, a downgrade would be wiser. Not a break with x86, but a pivot to
older hardware, like a pre-2013 AMD-based computer.
Perhaps the urge to always upgrade to yet higher-end computers
was always foolish.
Notebook computer manufacturers often play follow-the-leader,
but when it comes to keyboards the situation is worse: They delegate to non-leaders.
They mostly just
buy standard keyboard parts from standard keyboard manufacturers
and then forget about the keyboard, as if keyboards were commodities like
instant ramen or roofing tiles.
The two things a consumer touches first when they try a computer
at the store are the keyboard and touchpad.
But each is typically a afterthought.
Does that seem like good planning to you?
No wonder that Apple has become popular.
They excelled (until recently) at perfecting the tactile experience.
The result is an avalanche of PC laptops with chiclet keyboards
that feel awful and are unhealthy to use for even a few hours.
Apple, which is considered a leader of sorts, has ironically produced
their butterfly keyboard, in so doing hijacking the name of a famous IBM Thinkpad keyboard,
but unlike IBM's masterpiece Apple's thing is unhealthy to use for even a few minutes.
Only the Onion could have predicted something worse:
Cherry continues to produce interesting keyboard switches for office computers
and gamers, and their keyswitches
have made one appearance unmodified in
the very heavy MSI Titan laptop.
They seem unwilling to allocate brainpower toward
actually improving laptop keyboards however.
Now some unknown keyswitch maker may have innovated.
It has produced mechanical backlit keyboard switches for the
reviewed in Laptop Mag.
Let's hope they can make a difference.
If we recognize that typing all day is as rough on the body as:
Standing all day
Walking all day
then perhaps we can see deduce what the solutions to the problem of improving the laptop keyboard might involve.
If someone who stands all day needs sturdy shoes, perhaps
someone who types all day needs a non-flimsy keyboard, which is not a $5 part.
(Both Thinkpads and Apple's pre-2016 laptops are known to have sturdy keyboards.)
If someone who walks all day needs gel-cushioned soles, perhaps
someone who types all day needs a keyboard that does not
cause a hard impact when it clicks nor when it hits bottom but instead touches down
on rubber or dare I say, gel?
Finally, if someone has a crooked posture all day, the solution is to switch to a natural
Let us ask then: Why does a wide 15" or 17" laptop
not already in 2017 have any correction for
A straight row of keys makes no sense if there is room
for an ergonomic V-shape layout.
My new article on how to write object-oriented code in x86 asm is
To offer a high level assessment,
the basic problem is that while there are several ways
to do OOA, the easiest is the most limiting, and
once you commit to one approach it may be
time-consuming to switch to another.
For this reason, a computer language that is just slightly
more sosphisticated than assembly might be the
best solution, if code speed is the goal.
This was the major point of my C@ compiler project.
iOS devices really do need SD slots that can read and write files. For a tool to be useful
it has to be fit for purpose and a computing device without a serious storage option
(iCloud is not that) is not an effective tool.
A photo editor running on iOS has to be able to save an edited file somewhere useful like an SD card
from where it can then be efficiently archived.
The iCloud or Dropbox solution is not ideal for privacy or speed (upload speeds being generally slow).
Regarding sensitive photos, uploading to the cloud may be fine for trivial photos
but anything at all sensitive or important needs to go somewhere
safer than iCloud.
The same goes for critical business files like contracts, customer lists and sales data.
No business manager worth his salary is going to accept putting
important and confidential business documents into
the cloud where a hacker or a government operative
can steal them, corrupt them, or delete them and thereby disrupt the smooth operation of his company.
Files need to be saveable to a physical medium like SD flash and then put into
The fact that an SD card slot is needed is only half the problem.
iOS needs the ability to write to SD cards that have
encrypted file systems (like macOS can)
to protect user data before it is archived.
The app launch screen (Springboard) is no better than it was in 2007.
Android's home screens have useful gadgets of various types like a search bar,
and concise news headlines.
It is quite bizarre that Apple, which fanboys claim is a fount of innovation,
is clearly being out-innovated by its imitator.
Apple's obsession with streaming sounds very clever to fanboys,
who argue that the age of physical media is already over.
But there is a problem:
WiFi frequencies are in the microwave range and
as such they do go straight through your body and they do
cook you slightly.
While industry scientists claim this is harmless, that is not true
according to some research.
Microwaves are officially non-ionizing radiation unlike Xrays
so genetic damage should not be observed but the problem is,
it has been observed nevertheless.
Thus WiFi microwaves may be the new smoking: safe only if
you trust the industry and ignore the evidence.
Touches too precise?
The premise of the touch screen is that tapping
is so easy that it is hard to screw it up.
Unless you are in motion.
Anyone who has been a passenger in a car
or bus or
just walking down the street knows that taps are harder to
get right while in motion.
There are several reasons why this is so,
but one is that Apple seems to be encouraging
user interfaces that require more and more precise taps.
Perhaps Apple bigwigs only ride in
super-smooth transport like shuttle buses and let their retinue
take the bumpier road.
But for the Rest of Us there is an obvious solution
that at least Apple could embrace for its apps.
What is that solution?
Certain types of businesses capitalize on bad decisions.
Alcohol and tobacco vendors.
Junk food manufacturers.
Casinos and lotteries.
Narcissism-boosting social media.
Subprime mortgage providers.
by encouraging cloud storage instead of physical storage
to SD cards,
by encouraging streaming and electromagnetic radiation exposure,
joined the ranks of these predatory businesses
that capitalize on poor reasoning,
pretending all the while to be
somehow embracing the future.
Is anyone besides the fanboys buying it?
The meaning of Magritte's painting is the pedestrian observation that a word is not the thing.
But in order to think, we need accurate words to describe a thing.
If Apple makes a touch-screen computer but then says they don't believe in making touch-screen computers,
what are they saying?
What is the iPad with keyboard then really? A surveillance device?
Without an SD card slot or a USB port, it certainly isn't a serious tool for productivity.
Consumers want solutions to problems, not
Their money is hard-earned.
They are not idiots and you treat them like idiots at your peril.
I was one of the vocal proponents of a big-screen iPhone, telling anyone who'd listen
that Apple needs to make one with a 5.5 or 6 inch screen.
I expected the 6 Plus was going to prove me right.
After owning the iPhone 6 Plus, I believe I was wrong.
It's not a terrible phone.
But the 6 Plus is rather heavy.
While the 6 Plus only weighs 1.52 ounces more than the 6 (6.07 versus 4.55 ounces respectively),
that is 1.33 times the weight, and the difference is almost alarming when they're side by side.
The expense and delicateness of the 6 Plus means a rugged case is vital.
My preferred case is the Magpul field case,
but it's heavy.
The Magpul case adds substantially to the overall weight -- 1¾ ounces to be exact --
bringing the total to 7¾ ounces.
Having also owned the cheaper, lighter, and plasticy $150 LG Stylo 2 Plus, which is 5.1 ounces
but has a screen that is 5.7 inches, I can say that the 6 Plus compares quite poorly.
The bare 6 Plus is already 1 ounce heavier.
The 6 Plus's high cost and fragility militates for using a rugged case.
The LG Stylo 2 Plus can be used daily without a case because it is cheap and replaceable.
However the 6 Plus with rugged case weighs nearly 8 ounces.
Given the weight situation,
only software -- iOS -- saves the 6 Plus, because Android is frankly crap.
[Update: Android O may finally fix that.]
So why go with the 6 Plus at all?
While a 5.5 inch screen is a good size for web browsing on the go, it's not a
great replacement for a tablet or a laptop.
Perhaps if you are working as a security guard or a librarian,
or are idle in a quiet environment,
you will be able to watch video outside of the home.
A large phone may help you do so.
Most people can't.
Even a 10-inch tablet can make web browsing difficult.
A 5.5" screen will be much worse, and it isn't going to be a great improvement over say, a 4.7" display.
But it will be much better than a 4-inch screen.
I'd say that if Apple cannot make a less delicate, expensive, and weighty phone,
it should settle on a smaller size.
A 5-inch screen may be the Goldilocks size: Not too large, not too small,
not too heavy. Just right for practical use while keeping the weight down.
Many a-time there's a need in C and Objective C for a simple repetition loop à la
8086 instruction LOOPNZ.
But one doesn't always need access to the loop counter itself.
To this end, here's a simple
#define that gives you precisely that.
It may not work in every compiler, but it seems to be safe when used in Xcode.
#define repeat(COUNT) unsigned long x##__LINE__ =COUNT; while (x##__LINE__ --)
On OS/X there is no need to install ImageMagick in order to resize images from the command line.
Let's say you want to generate a new set of icons for an iOS app.
You can do it with two commands: cp and sips.
Below I offer an example, left as an exercise for the reader,
on how you might do this from a script: