Author Topic: Facepunch away. I bought an Apple Silicon Mac Mini.  (Read 11079 times)

Syonyk

  • Magnum Stache
  • ******
  • Posts: 4113
    • Syonyk's Project Blog
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #50 on: December 23, 2020, 08:51:56 AM »
I'm fine with all of that sentiment, but I'm pretty sure that ARM never said in their marketing material that userspace code could snoop TrustZone, which is what ARMageddon is.

No, but it's a different category of attack.  It's basic cache disturbance observation, which has been used on x86 to observe cross process and into SMM for decades.  It's not a speculation based attack.  Different categories.  Still annoying, but much easier to mitigate and harder to get really fine details out of.  I'm not picking on Intel for their entire history of issues, just the recent speculation based ones, and, in particular, the ones that crack open SGX with their pipeline misbehaviors.

The question was why I want to get off Intel, and I answered.  If you don't care about that stuff, fine.  Intel's speculation based trainwreck has been a thorn in my side for quite a while, so I'm moving away from them, and I finally have options to do so without dropping back to utter gutless wonders as the previous ARM based options for desktop/laptop use were.

Isn't it billions of Arm chips per year - couple of orders of magnitude more than Intel? Would be interesting to know whether black hats are more likely to try attacking Apple phones, or Apple laptops.

It's far harder to get the sort of totally arbitrary execution across a range of modes you need to do this sort of work on the phones.  Not impossible, but far, far harder than on a desktop type platform where you can write kernel modules and go poking around.  I expect some papers in a year or so, but have no real guess as what's going to be in them.

Quote
The TOP500 list currently shows the Arm based Fugaku supercomputer at the top, with a performance 2-3x faster than the 2nd place (Power-based) IBM supercomputer at Oak Ridge. I don't think we'll be getting a few hundred petaflops in a desktop any time soon though.

... and a supercomputer isn't exactly in the same category as what I was referring to.  First, don't confuse throughput and single threaded speed.  It's easy to get good throughput by going wide, but it doesn't help with typical end user tasks that are single threaded.  And I've no particular use for the sort of "drive a huge vector engine" chip designs that make up most modern supercomputers.

There have been no "really fast" desktop/laptop ARM chips available to typical end users, and while things like the Rpi4 are fast enough to be usable for basic light to moderate desktop use, they're not particularly quick compared to the x86 offerings.  The M1 is - it runs even with the top available x86 chips in single threaded performance, and because of their memory model toggle, can emulate (technically translation, as it pre-compiles an ARM binary out of the x86 binary) x86 at an awfully good percentage of native speed (around 80% or so - you can absolutely play mid-range x86 games on the M1).  You were limited to either the small chips like the Rpi4, or the ODroid N2+, or you were looking at some of the ARM development workstations - the eMag or similar were options, but they're priced like workstations and not exactly power sippers.

Anyway, I feel I've answered the question in some detail, and don't particularly care to make this whole thread a rehashing of the last 20 years of chip architecture security either.

Just Joe

  • Magnum Stache
  • ******
  • Posts: 4554
  • Age: 125
  • Location: Just past the red barn on the left.
  • Here to learn.
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #51 on: December 26, 2020, 06:30:07 PM »
Thanks - learning lots from everyone here.
« Last Edit: January 01, 2021, 05:57:04 PM by Just Joe »

Chris Pascale

  • Bristles
  • ***
  • Posts: 420
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #52 on: December 30, 2020, 09:08:28 AM »
Meh, if you want the computer, buy it.

Happy New Year.

Syonyk

  • Magnum Stache
  • ******
  • Posts: 4113
    • Syonyk's Project Blog
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #53 on: January 01, 2021, 11:26:37 AM »
Meh, if you want the computer, buy it.

That approach, applied to life in general, leads to lots of bad outcomes. :p  Hence this forum.

Zikoris

  • Magnum Stache
  • ******
  • Posts: 3963
  • Age: 34
  • Location: Vancouver, BC
  • Vancouverstachian
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #54 on: January 01, 2021, 05:18:15 PM »
Actual facepunch incoming, rather than the "rah rah buy whatever you want" consumerist spiel.

Electronics are horrible for the environment, and produced in terrible conditions, including child labour and all kinds of other ridiculous crap, and will leach toxic shit into the earth long after you, me, and everyone else on these forums is dead. You should seriously consider weaning yourself off of your consumerist tech addiction, because you're literally killing us all, including people who haven't even been born yet.

I fully acknowledge that a certain amount of tech is basically a necessity to live in the modern world, but I think we should all try to buy it as minimally as we can manage, and a big part of that is not replacing perfectly functionally stuff solely because you want something shiny and new. The ethical option here is to buy minimally, secondhand if possible, use stuff until it no longer functions, and then try to dispose of it in the most eco-friendly way possible.

Apple specifically just got busted again for using child labour, FYI. Is that really something you want to support?

Just Joe

  • Magnum Stache
  • ******
  • Posts: 4554
  • Age: 125
  • Location: Just past the red barn on the left.
  • Here to learn.
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #55 on: January 01, 2021, 05:59:08 PM »
Learn to repair your stuff a little. Definitely get off the upgrade treadmill as advertised on the tech websites. ;)

The 2020 ACME computer is not noticeably better for the average person than the 2019 ACME computer...
« Last Edit: January 01, 2021, 06:11:06 PM by Just Joe »

Syonyk

  • Magnum Stache
  • ******
  • Posts: 4113
    • Syonyk's Project Blog
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #56 on: January 01, 2021, 06:09:19 PM »
Actual facepunch incoming, rather than the "rah rah buy whatever you want" consumerist spiel.

Much appreciated!  Quite missed recently on this forum.

Quote
Electronics are horrible for the environment, and produced in terrible conditions, including child labour and all kinds of other ridiculous crap, and will leach toxic shit into the earth long after you, me, and everyone else on these forums is dead. You should seriously consider weaning yourself off of your consumerist tech addiction, because you're literally killing us all, including people who haven't even been born yet.

Certainly, which is why I try to both keep old hardware running (I go on rather extensively about repair and repairability on my blog), and try to make use of lower power/lower cost hardware that's minimal in terms of production emissions (small form factor ARM boxes, I've got a nice little ARM laptop, etc).  I've done things like replace capacitors on some older boards before sending them to people who have vintage gaming habits, instead of throwing them away.  It's rare for a piece of electronics to leave in the trash from our place, and that's the generally unfixable stuff like "broken screens."  Which are rare, but have happened.  Replace the screen, keep the phone, go on your way.

I would attempt to argue that I don't have a consumerist tech addiction, though by some standards on the forum I certainly do - I've got, as personal computing hardware, a 2012 netbook, a 2015 MacBook Pro, the Mac Mini in my office, a RasPi4 for desktop use, a homeserver that provides media and VM hosting, and a couple older machines that exist to blow off surplus solar energy from my office doing faintly useful things (Folding@Home and World Community Grid, mostly, though I was doing some Rosetta@Home work earlier this year on the heaters).  Plus an older (but still supported) iPhone 6S, older (but still supported... there's a theme here) iPad that is mostly a PDF reader for work, an old eink Kobo (purchased used), and plenty of hardware for work because I do low level tech stuff for a living.  Far from one computer. :/  However, it's mostly older, repaired, and I try to keep it as long as feasible.  I just won't run devices past the end of OS support, for a long set of reasons I've probably covered elsewhere in this thread.  I'm aware of the Android open source alternatives, have done so in the past, but generally find the process to be a mix of "broken" and "... really?  Ugh.  Fine, I'll install this random binary from a .ru site..." - not something I'm a fan of in any form.

Quote
I fully acknowledge that a certain amount of tech is basically a necessity to live in the modern world, but I think we should all try to buy it as minimally as we can manage, and a big part of that is not replacing perfectly functionally stuff solely because you want something shiny and new. The ethical option here is to buy minimally, secondhand if possible, use stuff until it no longer functions, and then try to dispose of it in the most eco-friendly way possible.

I try to generally live by that, though the past year or so has been a bit of an anomaly as I've been trying to put my "de-Intel my life" goals into action.  I replaced an Intel Mac Mini with the M1 version, and have replaced some couple-year-old homeserver guts with AMD bits and pieces.  However, in terms of disposal, nothing I've rotated out has been disposed of - they've been repurposed for other use.  Both the server pieces and the Intel Mac Mini are being used by my church now, and the old church server guts (which were... honestly, less than reliable and utterly ancient - Athlon64 X2) went to a friend who does vintage gaming.

Mostly, this has been a set of transitions to get myself away from Intel, who, IMO, has been shitting their bed consistently, towards hardware and companies that are more trustworthy.  Again, I play in the deep weeds of this stuff, so I've got somewhat strong opinions on the matter.  One of the very large issues with ARM has been the software ecosystem (ARMv6, ARMv7, and AArch32 are handwavingly fine due to the Rpi, AArch64 is a hot mess), and I'm working to improve that as I can.  The M1 is a step in that direction, being hardware that I've been... mostly lusting after for about 3 years - a NUC-type ARM box that isn't glacial.  The Rpi4 is sane for light use, but isn't a full desktop replacement for anything beyond reasonably light use (though it can handle a couple dozen tabs).  I've tried, and have documented the process fairly well.  Enable zswap, use a USB3 SSD, and... you're mostly there, really.

Electron can go die in a fire, though.  "Desktop" apps that are just horrid web abominations that burn a full core to be useful are no progress for anything of value.

Quote
Apple specifically just got busted again for using child labour, FYI. Is that really something you want to support?

Not specifically, though I doubt any of the other tech companies are much better.  Apple is, however, pretty well opposed to this sort of thing and goes out of their way to ensure that things that they find out about, that weren't supposed to happen, don't happen again.  I'm less convinced most other tech companies care about any of it, unless they're caught.  Apple's high profile means they're subject to more intense scrutiny, meaning issues are almost certainly discovered before they would be for other tech companies.

My relationship with modern tech is certainly "It's complicated..."  I make a living with it (currently doing work on ARMv7 emulation), I rely on it for publishing content (moving off Blogger to something self hosted, though still on Google Cloud), and... I really don't like the directions it's going.  However, within that, I'm interested in supporting the directions I find more reasonable - ARM and AMD, to be specific.  I still own some Intel hardware, probably will for a while (replacing a perfectly functional 5 year old laptop with a M1 version isn't something I'm inclined to do soon), but... the less I rely on their modern stuff, the better.

In any case, I very much do appreciate the discussion/criticism.


Just Joe

  • Magnum Stache
  • ******
  • Posts: 4554
  • Age: 125
  • Location: Just past the red barn on the left.
  • Here to learn.
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #58 on: January 01, 2021, 06:13:13 PM »
Oh I know you repair tech stuff. More than I do. I'm sitting here tonight watching a YT video about repairing electronics.

Syonyk

  • Magnum Stache
  • ******
  • Posts: 4113
    • Syonyk's Project Blog
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #59 on: January 01, 2021, 06:55:40 PM »
Oh I know you repair tech stuff. More than I do. I'm sitting here tonight watching a YT video about repairing electronics.

I mean, I feel utterly fucking defective in that I'm not using 1990s tech on the modern internet, but I've tried, and it simply doesn't work.  Period.  Even 2010 tech fails to keep up (for the most part).

We've (the software industry) has taken advantage of modern CPUs to say, "Sure, yeah, this will burn a billion times the CPU as what we used to use, but, hey, look, it's Javascript, so suuuuuuper easy to write!" - and it works.  Sort of.  If you have a modern machine with gobs of RAM.

I mostly use modern computers to do the same thing I used an overclocked 486 for back in the late 90s (talk to people, publish content, read email, chat on IRC), and... it requires an awful lot more than a 486/66MHz with 28MB RAM.  To do the same damned things.

I should be able to do that which I do on an Arduino, but I've not gotten around to writing modern software stacks for 2kB of SRAM. :(  Which means I'm a horrible, environmentally disastrous person who ought not be on the internet.

We had a dead cloudy day (6kWh off they gigantic solar array) the other day and pulled 70kWh from the grid for heat/transportation. :(  And I'm pretty sure I lit my office generator too, which is one of the least efficient power sources known to man (5kWh/gallon gasoline, maaaybe?).  So I'm an environmental shitshow, I just don't have the ability to easily change that.  The solar arrays, large though they are (we have north of 20kWh on the property between the house and my office), simply cannot pull power out of a heavily clouded sky in heavy fog.  And I've no biomass heaters to work with for the house or office (on the list, just... haven't found a good spot for them, and haven't purchased one yet).

Lay into me.  I deserve it.  I use modern tech, I make a living with the deep weeds of it.  I am utterly embedded into the tech ecosystem, and even if I use older hardware, repair it, etc, I'm deep enough into the stack that all the sins of it are on my shoulders.  I absolutely should not own a modern computer, yet, I've failed to spend the time required to write my own OS/browser/software stack that runs on older stuff that is fully depreciated and i can use with no real impact.  And here the fuck I am, on a 2015 laptop with an Intel Haswell chip, browsing a site about reducing consumption, instead of figuring out how to to it on Lynx, with an Arduino.  Facepunch the fuck away.

NorthernMonkey

  • Stubble
  • **
  • Posts: 179
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #60 on: January 02, 2021, 11:56:31 AM »
I've been trying to get away with using an RPi as a desktop for the last couple of weeks, but it's not as easy as using a 4 year old Win10pc (i7, 32gb ram). Somethings really stump it, especially when running a youtube video on half my screen, and doing something else on the other half.

Although its an interesting tech challenge, and something I've been using while not at work, I know as soon as Im back to work on Monday, I'll be back to i7 to run teams/outlook/excel/ other wage slave apps;.


Abe

  • Handlebar Stache
  • *****
  • Posts: 1851
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #61 on: January 02, 2021, 12:52:58 PM »
I recently bought a new mac mini (to some extent based on your discussion about the security risks in older versions, but also because the data analysis I do really grinds the gears on this 2009 edition iMac, even after upgrading the RAM and switching to an SSD). We'll probably keep the old one for general use. If we ultimately decide to sell it, what's a good way to wipe out the disk? I don't want to disassemble it to get the disk out (that was annoying).

Syonyk

  • Magnum Stache
  • ******
  • Posts: 4113
    • Syonyk's Project Blog
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #62 on: January 02, 2021, 02:36:49 PM »
I've been trying to get away with using an RPi as a desktop for the last couple of weeks, but it's not as easy as using a 4 year old Win10pc (i7, 32gb ram). Somethings really stump it, especially when running a youtube video on half my screen, and doing something else on the other half.

Hardware video acceleration, especially in browser, is... yeah, gross is the best I'll say.  Don't watch videos.  That's been my solution.

If we ultimately decide to sell it, what's a good way to wipe out the disk?

You should be able to boot into recovery mode and wipe the disk from there.  Or, perhaps on one that old, you'll need an external USB bootable OS installer, but that should let you do it as well.  A couple passes over the drive and nothing of reasonable recovery value is left.

markbike528CBX

  • Handlebar Stache
  • *****
  • Posts: 1562
  • Location: the Everbrown part of the Evergreen State (WA)
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #63 on: January 02, 2021, 02:48:34 PM »
I recently bought a new mac mini (to some extent based on your discussion about the security risks in older versions, but also because the data analysis I do really grinds the gears on this 2009 edition iMac, even after upgrading the RAM and switching to an SSD). We'll probably keep the old one for general use. If we ultimately decide to sell it, what's a good way to wipe out the disk? I don't want to disassemble it to get the disk out (that was annoying).

SSD's are difficult to erase, as apparently an SSD has super-low level hardware that does "load leveling".
https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac
       "Note: With a solid-state drive (SSD), secure erase options are not available in Disk Utility. For more security, consider turning on FileVault encryption when you start using your SSD drive."

That being said, using Disk Utility to erase should make it proof against most non-governmental agency data retrieval attempts. 
https://support.apple.com/en-us/HT208496

https://www.macobserver.com/tips/how-to/securely-erase-macs-ssd/


Syonyk

  • Magnum Stache
  • ******
  • Posts: 4113
    • Syonyk's Project Blog
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #64 on: January 02, 2021, 03:26:56 PM »
SSD's are difficult to erase, as apparently an SSD has super-low level hardware that does "load leveling".

That works in your favor as well, though, because short of physically removing the chips from the SSD, you'll never get partial data of a properly erased sector.  If you send the TRIM command down to the SSD saying "I'm done with these sectors, you can wipe them at your leisure for reuse," the disk notes that and will never return the previous data from those sectors (assuming the disk is well behaved).  And even if you cut power to the SSD before it's done, it will resume scrubbing stuff to make space for more writes as soon as power is applied.  They're a forensic pain in the rear - not only for that, but also because a lot of them like to lose data if they're left powered off for a year or two (as often happens in court cases when the machine sits on a shelf for a year before anyone gets around to bothering with it).

If it's simply contained home data of a typical home/office nature, writing zeros a few times and a trim or two (blkdiscard on Linux) does just fine.  If it's more sensitive, and you actually need to guarantee the data is unreadable in any case, then either you should never have let it touch the disk unencrypted in the first place (FileVault on OS X is fine for these purposes), or you need to physically destroy the disk.

It's not hard to be good enough that short of a federal agency, nobody is going to read old data from the SSD.

There are quite a few papers written on the issue, though, if one wants to look into it further.

Abe

  • Handlebar Stache
  • *****
  • Posts: 1851
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #65 on: January 02, 2021, 08:36:17 PM »
SSD's are difficult to erase, as apparently an SSD has super-low level hardware that does "load leveling".

That works in your favor as well, though, because short of physically removing the chips from the SSD, you'll never get partial data of a properly erased sector.  If you send the TRIM command down to the SSD saying "I'm done with these sectors, you can wipe them at your leisure for reuse," the disk notes that and will never return the previous data from those sectors (assuming the disk is well behaved).  And even if you cut power to the SSD before it's done, it will resume scrubbing stuff to make space for more writes as soon as power is applied.  They're a forensic pain in the rear - not only for that, but also because a lot of them like to lose data if they're left powered off for a year or two (as often happens in court cases when the machine sits on a shelf for a year before anyone gets around to bothering with it).

If it's simply contained home data of a typical home/office nature, writing zeros a few times and a trim or two (blkdiscard on Linux) does just fine.  If it's more sensitive, and you actually need to guarantee the data is unreadable in any case, then either you should never have let it touch the disk unencrypted in the first place (FileVault on OS X is fine for these purposes), or you need to physically destroy the disk.

It's not hard to be good enough that short of a federal agency, nobody is going to read old data from the SSD.

There are quite a few papers written on the issue, though, if one wants to look into it further.

Thanks for the information you all! I have FileVault on. Will do the other methods if we end up selling/donating it.

GuyinTexas

  • 5 O'Clock Shadow
  • *
  • Posts: 21
  • Location: Texas
  • 36, Re-evaluating my life choices
Re: Facepunch away. I bought an Apple Silicon Mac Mini.
« Reply #66 on: January 10, 2021, 09:49:23 AM »
TLDR : Not a Facepunch but sharing my experiences.
I bought an M1 MacBook Pro 13" 16GB / 1TB model. Replaces a 2019 16" higher end unit which I sold through sellyourmac for $1784. With the educational store discount the new model was $1932 including tax. So only $148 to upgrade to the new architecture before the older model plummets in price. It's much more responsive and the fans barely turn on vs the 16" which always ran hot (CPU around 200 during light usage) and wasn't fully utilizing all its power due to throttling. I quickly regretted buying the bigger model due to its shortcomings. Maybe I'm old school, but one should be able to use a notebook in your lap without burning your lap. Every Mac Intel laptop I've owned since 2015 hasn't been able to do that.

My stepdad still uses the MacBook Pro 17" I used in grad school (2006). It was dropped once causing a dent in the casing. The battery also swelled up, I told him to stop using it. Mac Mini from 2007 still works but mom had to stop using it since it could no longer do basic things like online banking. Now she's running on a 2018 MBP 13" and loves it. You do pay a bit more for Apple products especially new but they hold their value well and tend to last a bit longer. I suppose depending on the level of tech expertise wiping out and running a linux distro could extend its lifespan by a few years. Still a PITA...

I do slightly miss having 4 ports and a slightly bigger screen for media consumption but I'm an Apple Silicon believer. The experience will only get better once more apps get ported over.