Daring Fireball

Apple Support: ‘How to Enable Full Mitigation for Microarchitectural Data Sampling (MDS) Vulnerabilities’ 2019-05-15 23:09:08

Apple Support:

Intel has disclosed vulnerabilities called Microarchitectural Data Sampling (MDS) that apply to desktop and notebook computers with Intel CPUs, including all modern Mac computers.

Although there are no known exploits affecting customers at the time of this writing, customers who believe their computer is at heightened risk of attack can use the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology, which provides full protection from these security issues.

This option is available for macOS Mojave, High Sierra and Sierra and may have a significant impact on the performance of your computer. […] Testing conducted by Apple in May 2019 showed as much as a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks.

It’s good that there are no known exploits using these techniques, but even if there were, the overwhelming majority of Mac users — almost everyone — would not need to enable this mitigation. These MDS vulnerabilities enable malware on your computer to do bad things. But these vulnerabilities are not ways for malware to get onto your computer.

Once you have malware on your computer, the game is over. I’m not saying these MDS vulnerabilities aren’t a problem — they obviously are, because they make malware potentially more dangerous. But the game is keeping malware off your computers in the first place.

(Also worth noting: these vulnerabilities can’t affect iPhones, iPads, Apple Watches, or Android devices because ARM chips don’t have these vulnerabilities. Only Intel chips. We’re running out of reasons for Apple not to switch the entire Mac platform to ARM.


Read more

‘Behind Twitter’s Plan to Get People to Stop Yelling at Each Other’ 2019-05-15 21:13:01

Interesting feature by Nicole Nguyen for BuzzFeed with an inside look at “twttr” — a new version of Twitter currently being tested. Lots of screenshots, and I particularly enjoyed (and would have liked to see more of) senior product designer Lisa Ding’s sketchbook.

I do think most of these designs significantly help indicate reply threading. What’s a reply to the original tweet, what’s a reply to another reply, that sort of thing. Twitter is really just awful for that right now, and always has been. And the fundamental reason why is kind of obvious: Twitter started as a product that did not even have the concept of replies. Users invented them, by starting a tweet with “@username” for whomever they were replying to. Twitter eventually embraced replies as a full-fledged feature, but the way it’s worked out over 13 years (poorly) is a perfect example of a fundamental design precept: the origins of a product forever shape its future.

But again, these “twttr” designs do seem to make replies clearer. That’s good. What I don’t see is anything, anything at all, that addresses the ostensible goal of this whole effort: reducing abuse, hostility, and general bad behavior. Trolls and bullies are Twitter’s core problem, not the clarity of reply threads.

Read more