The Money Mustache Community
Around the Internet => Antimustachian Wall of Shame and Comedy => Topic started by: Syonyk on November 14, 2020, 10:49:24 PM
-
Well, in the land of owning up to financially suboptimal decisions, I've got an Apple Silicon (ARM) Mac Mini on the way at some point in the next month or so, whenever they decide to ship it.
I'll be replacing a 2018 Intel based Mac Mini, which is a general desktop for me, though a bit less as of late with some other lightweight systems I have online (the Raspberry Pi 4 covers a lot of my use). Still nice to have a desktop that can handle video/photo processing for the handful of things I use it for, and that can generally chew through various other tasks as needed.
My plan is to sell the existing hardware for pretty much the cost of the AS version, and enjoy yet another step in de-Inteling my life, because they've been a great pain to me professionally lately, and I'm happy to kick them to the curb for personal use. I've got some older Intel hardware I use, but am otherwise trying to get away from them as much as I can.
So, anyway, facepunch away for a nearly $1000 purchase. 16GB/256GB, planning to use my external storage, and that it sips quite a bit less power than the Intel one means I can consider doing some self hosted serving on it, even though it's running in a solar powered office 24/7. The Pi4 I don't quite trust to handle database workloads, even though it's on a USB SSD. :/
//EDIT: Update here: https://forum.mrmoneymustache.com/antimustachian-wall-of-shame-and-comedy/facepunch-away-i-bought-an-apple-silicon-mac-mini/msg2888709/#msg2888709 I'm no longer going to be using Apple.
-
Congrats. No face punches from me. I can't think of any Apple product that's sharply priced, but they're hardly going to bankrupt you either, and in an aesthetic and usability sense I think some of their products are still class leaders. The new chips are apparently great. If you like it, then you have nothing to justify, and not worthy of a face punch.
-
I look forward to reading your thoughts on the new silicone once you’ve had a chance to test it. My 2014 MBP is getting a bit long in the tooth and while I gave in last year and bought a dedicated windows desktop for my primary solid-works machine, I’m less than thrilled with the experience. I’m currently planning to wait a bit longer before the next laptop unless this turns chip turns out to be close to the hype...
-
Just read back through some of your blog posts, so I'm looking forward to hearing what you make of it (I am _very_ familiar with one of those architectures). It'll be interesting to see how well virtual machines run in emulation, and also whether there's any legacy software out there that randomly fails. Suspect Apple will have done a good job making sure that doesn't happen.
-
... and not worthy of a face punch.
*checks which forum he's on* Oh, come on, you can do better. :p I ought to use the internet via a tin can string manually whistling modem noises! :D ... which isn't half far from what I use a lot of the time, really.
I look forward to reading your thoughts on the new silicone once you’ve had a chance to test it.
I expect it to be far faster than I can make any reasonable use of. I don't really push personal computers anymore, though the horror that is the new Blogger interface will choke anything out (I've not set up alternatives yet, and almost none of my computers can chew through writing an image-heavy post anymore, some of them literally can't handle plain text on the new interface). About the only thing that would actually push a computer was Kerbal Space Program, but that's not built for ARM, almost certainly won't be, and I'm not sure the new GPU will have enough power to deal with it anyway. I might try it in emulation, just to see. I loaned a house desktop that could handle heavy loads to our church to do video processing at the start of Covid, and... well, I honestly don't expect to ever see it again. So without gaming, there's nothing to stress a system. Maybe some autorouter work for PCBs, but I don't do enough complex PCB design to stress one at all yet.
It'll be interesting to see how well virtual machines run in emulation, and also whether there's any legacy software out there that randomly fails. Suspect Apple will have done a good job making sure that doesn't happen.
Apple doesn't seem to have done Rosetta 2 in a way that can run x86 VMs, so I don't think that will be an option. Which is fine, I have another little VM workstation I can run x86 stuff on, and a house server as well. But I'm interested in serving off ARM VMs, if it's power efficient enough to do that - specs make it look like it should be, only 6.5W at idle. I'm trying to move away from cloud hosting, and to move to self hosted as... the problems with cloud hosting become obvious. See Blogger, see anyone saying anything disagreeable on mainstream social platforms, etc. So having more ARM hardware to work on will be nice. I might put a few Pis together for a serving cluster, at which point being able to run higher power ARM dev VMs would be useful.
You certainly could do VMs in emulation, and I might mess with that some, but qemu, at least, gets you about 10% of native performance in emulation (on my PBP). Apple's gigantic L1 caches will help a ton, but straight up emulation or even JIT isn't going to get particularly good VM performance. I'd expect someone to either chain off Rosetta or borrow the concepts to allow high performance x86 VMs at some point, but I'm not likely to work on that.
Reality is, though, it's quite overkill for anything I need. I'm just trying to get away from (modern - Clank is perfectly fine with an in order Atom chip) Intel wherever I can, and this opens up a lot of options for me on that front.
-
I'm a full time SW dev that has a MBP for work but I honestly prefer my Lenovo T14 with Ubuntu 20.04. Faster, cheaper, and better battery life, at least for the type of development that I do (embedded Linux).
My shop also does macOS and iOS work and we are generally really disappointed with recent changes in the Apple ecosystem. My photography friends have similar comments.
But I do hope that you enjoy your new mini, I used to buy them for myself.
-
Unfortunately, there's nothing in the midrange of the ARM ecosystem except Apple's stuff right now. There's a huge gap between something like the Raspberry Pi 4 (which is a fine light use desktop, but a bit limited in terms of storage performance and IO) and the $5k+ ARM workstations designed for high end development. And the GPU performance on the Pis leaves more than a little to be desired.
-
Yup, and you wanted ARM just for the power savings because your office is off grid? I get that.
-
Yup, and you wanted ARM just for the power savings because your office is off grid? I get that.
Partly, yes. ARM tends to be lower power than Intel - this is why I have a RPi4 desktop in there, because it can be always-on at the cost of a few watts. If I'm able to run a Mac Mini on nearly the same idle power budget, well... there's some interesting option in terms of self hosting.
However, I'm also just irritated with Intel (and have been for the past few years). They've taken some exceedingly leaky shortcuts in the pursuit of performance, to the point where the microarchitectural vulnerabilities mean the chips are far slower than they used to be, and still leak if you ask them politely. Intel can't reason about their chips anymore, far as I can tell, and that concerns me greatly. So I'm trying to move away from them. AMD has some interesting option and I'm probably going to replace my homeserver guts with AMD in the near future, but I see ARM as the future at this point. ARMv8 (at least AArch64) really cleaned up their architecture, and gets rid of a ton of legacy cruft. An AArch64 only chip is quite clean compared to the older versions, and obviously can be made to perform excellently. Plus, there are far more ARM vendors and implementations than x86.
I won't be able to de-Intel my life entirely (yet), but I can de-Intel my personal life significantly (or use old Intel chips that behave - this Atom netbook doesn't speculate, so is immune to all the speculative execution issues). Now, if I were to replace a perfectly functional Pi4 with an ODroid N2+ for no reason beyond "But a bit faster!"... yeah, that would be silly.
-
I understand all of that, and I mostly agree. Intel is just so cheap and ubiquitous and everything just works. AMD Threadripper would make an amazing embedded Linux build rig.
I happen to have an ODroid N2+!
EDITed to add - if you get tired of blogspot you could try self hosting with jekyll (https://jekyllrb.com/).
-
I understand all of that, and I mostly agree. Intel is just so cheap and ubiquitous and everything just works. AMD Threadripper would make an amazing embedded Linux build rig.
T
Cheap? Not really. Everywhere, certainly. Thing is, I don't really do large job builds anymore for personal use. So Threadripper isn't a huge win for me, unless I'm doing a lot of VM hosting.
EDITed to add - if you get tired of blogspot you could try self hosting with jekyll (https://jekyllrb.com/).
Yeah, I'm familiar. Jekyll or Hugo will likely handle generation, it's just "totally and completely not what I'm used to and requires new templates and new workflows and new media pipelines and new everything else and doesn't work on a Chromebook." Not impossible, just a royal pain in the ass for someone who has to come up into the stratosphere to deal with Linux sysadmin tasks, and CSS/JS are... way, way, high level, like, orbital mechanics high level. I make my living below the weeds at this point. Would you like to discuss the ARM barrel shifter?
-
Cheap? Not really.
I was including all the used hardware in my assessment, but I guess compared to a Pi4 it is still kind of expensive. But with nice big caches and fast IO.
Not impossible, just a royal pain in the ass for someone who has to come up into the stratosphere to deal with Linux sysadmin tasks, and CSS/JS are... way, way, high level, like, orbital mechanics high level. I make my living below the weeds at this point.
CSS/JS is above me too, although I'm super comfortable as a Linux sysadmin. I think that you could run Jekyll on that mac and then just host it in an AWS lambda (https://aws.amazon.com/lambda/), although I have not personally tried. I have paid a little money for some Jekyll templates on the open market, and I'm sure that fiverr is full of people that could help for a tiny bit of money.
-
I was including all the used hardware in my assessment, but I guess compared to a Pi4 it is still kind of expensive. But with nice big caches and fast IO.
Sure, if the goal is power burn, I've got a dual... oh, some old Xeon box, idles at about 150W, pulls 300W under load. It's not in a chassis, so I have some fans rigged to cool the chipset on it or it'll shut down from overheat.
The Pi4 draws very little power the performance, but is still very much a low to mid-range box, at best. Even with a USB SSD on it. It's fine for end user purposes, just chokes out if you ask it to do much dev work, any VM work, etc.
CSS/JS is above me too, although I'm super comfortable as a Linux sysadmin. I think that you could run Jekyll on that mac and then just host it in an AWS lambda (https://aws.amazon.com/lambda/), although I have not personally tried. I have paid a little money for some Jekyll templates on the open market, and I'm sure that fiverr is full of people that could help for a tiny bit of money.
I used to be a Linux sysadmin, just... my skills end around 2008. yaml and such baffle me. I can get through them, I just don't understand the details of them. I host a Matrix instance, I host a Jitsi instance for church, via cloud, and... they mostly work, but I can't claim to understand them end to end either.
I have no idea what a fiverr is, beyond a $5 bill with an extra R.
-
I hope you won't mind if I briefly hijack this thread in order to ask a question that I'm having no luck Googling an answer to.
How much RAM does a person need? I am eyeing the new Macbook Air and while 8gb of RAM seems fine for now (I mostly surf the web, work in MS Office, teach by Zoom, and do light coding...though I very occasionally work with million+ observation data sets), I expect to keep the computer to 5+ years (my current Air is an early 2014). If I plan to get out of the data analysis game, is there a need for 16gb for some other "future proofing"? I'm leaning toward the upgrade because it's a few hundred dollars spread over 5 years of use, so why not? But I wish this was easier for the average person to get their head around.
-
Short answer: Get 16GB.
You can do normal daily use with 8GB, but 16GB opens other options for the future and almost certainly will help resale value, as the RAM can't be upgraded in the future. Modern SSDs and compressed RAM help a ton, but the power penalty for extra RAM is minimal.
-
Short answer: Get 16GB.
You can do normal daily use with 8GB, but 16GB opens other options for the future and almost certainly will help resale value, as the RAM can't be upgraded in the future. Modern SSDs and compressed RAM help a ton, but the power penalty for extra RAM is minimal.
Thanks. The "can't be upgraded in the future" sure makes it hard to cheap out now if I want to keep it a for while.
-
Have fun with the BIG dumptSUR fire when it arrives? The "firewall bypass" Apple is doing is super sketchy. And a security hole waiting to happen -- terminal bypasses the firewall... as does anything it runs. Like daemons. Or curl. Hopefully its just a scary quirk to you as opposed to a real issue.
-
Apple doesn't seem to have done Rosetta 2 in a way that can run x86 VMs, so I don't think that will be an option.
I suspect that rules it out for running CAD software for the time being. Though, I was inclined to let people with more interest in software figure out all the implications of the change before i worry about replacing my old MBP anyway. It will be worth keeping an eye on though.
-
Have fun with the BIG dumptSUR fire when it arrives? The "firewall bypass" Apple is doing is super sketchy. And a security hole waiting to happen -- terminal bypasses the firewall... as does anything it runs. Like daemons. Or curl. Hopefully its just a scary quirk to you as opposed to a real issue.
Oh NO! BIG dumptSUR fire? I'd better go back to Micro$oft Winblows!
While I've not been keeping terribly close attention on that particular kerfluffle, reality is that if I care terribly about what a system is doing on the network, I won't rely on the built in firewall anyway, because a built in firewall is one local exploit away from being open anyway. They're nice for informational use, but if you're relying on the host firewall to actually control traffic, there are relatively few cases in which I think that's wise. So I'd put a box where I wanted to control network traffic on its own VLAN and firewall it externally, or simply use it as a disconnected system. But I've no particular need for that in personal use.
I suspect that rules it out for running CAD software for the time being. Though, I was inclined to let people with more interest in software figure out all the implications of the change before i worry about replacing my old MBP anyway. It will be worth keeping an eye on though.
I don't see why, unless the only way you run CAD on a Mac is in a Windows VM. Anything x86 and platform native (Eagle, Kicad, etc) should be just fine with Rosetta 2.
-
I suspect that rules it out for running CAD software for the time being. Though, I was inclined to let people with more interest in software figure out all the implications of the change before i worry about replacing my old MBP anyway. It will be worth keeping an eye on though.
I don't see why, unless the only way you run CAD on a Mac is in a Windows VM. Anything x86 and platform native (Eagle, Kicad, etc) should be just fine with Rosetta 2.
I must have misunderstood your original statement. I took not running x86 virtual machines to mean it couldn't run a windows vm. I currently work primarily in SolidWorks. Once I'm done working for client(s) that use Solidworks I'll probably look for other cheaper options.
-
Can't really facepunch for this. I'm not a fanboi of any of Mac/Win/Tux/iOS/Android/other. To me they are just a tool to achieve the desired output.
I have only one Mac (MBP 2017) from work, and it is solid and does its intended job (I'm a cloud engineer - whatevs that means).
I have seen Macs/iMacs/Minis get used for many years if they are regularly cleaned up and don't require major HW upgrades. Apple does make solid machines. There's an Australian guy on youtube who fixes up old Apple devices.
Having said that, I have a Win godbox (i7-2600) still running fine since 2010. Only thing I did after 7 years was replace the 8 GB RAM with 16 GB. Also have HTPC built in 2010 that still functions. Once a year (or more), I'll open them and remove the dust. And every couple of years clean out the old thermal paste and apply some new Arctic Silver.
I also had Ubuntu workstation in the past, have a RasPi3 running pi-hole, a RasPi4 with Raspbian (need to install Ubuntu), these are all tools to perform certain needs.
My sister does a lot of landscape photography and she's been happy with Macs for years.
A good hands-on review on the Apple M1. I'm looking to build or buy a new machine, may have to consider the M1 MacMini.
https://arstechnica.com/gadgets/2020/11/hands-on-with-the-apple-m1-a-seriously-fast-x86-competitor/
-
Hell, I'll throw a face punch your way if nobody else is going to do it.
You are replacing a three year old computer with a new model and paying I'm guessing at least 750 dollars for this privilege after the sale of your older machine. All this for what benefit exactly? How much time do you lose waiting on lag with a 3yo machine vs. a new one? Have you measured it?
I thought the whole rationale for getting an Apple was that they "get used for many years". If you are going to dispose of them every 2-3 years why not get a desktop box with twice the technical specs running Linux or Windows for maybe a third of the price?
Short answer: Get 16GB.
You can do normal daily use with 8GB, but 16GB opens other options for the future and almost certainly will help resale value, as the RAM can't be upgraded in the future. Modern SSDs and compressed RAM help a ton, but the power penalty for extra RAM is minimal.
Thanks. The "can't be upgraded in the future" sure makes it hard to cheap out now if I want to keep it a for while.
This is what it looks like to get played by corporate planned obsolescence. To incinerate the maximum amount of cash, get the $200+ RAM upgrade AND replace it every 3 years anyway.
Don't get me wrong, Apple makes great premium luxury products. But if you're serious about FIRE it's hard to justify hundreds of dollars a year in computer depreciation.
Sorry, somebody had to do it.
-
This is what it looks like to get played by corporate planned obsolescence. To incinerate the maximum amount of cash, get the $200+ RAM upgrade AND replace it every 3 years anyway.
My Dell XPS 13 is going strong after five years, I imagine that the new Air will be as well. But with that said I completely agree about soldering on components. I understand why they do it for the very smallest/lightest laptops, but I refused to buy a 2018 Mac mini because Apple soldered on the storage, which will eventually wear out.
-
Short answer: Get 16GB.
You can do normal daily use with 8GB, but 16GB opens other options for the future and almost certainly will help resale value, as the RAM can't be upgraded in the future. Modern SSDs and compressed RAM help a ton, but the power penalty for extra RAM is minimal.
Thanks. The "can't be upgraded in the future" sure makes it hard to cheap out now if I want to keep it a for while.
This is what it looks like to get played by corporate planned obsolescence. To incinerate the maximum amount of cash, get the $200+ RAM upgrade AND replace it every 3 years anyway.
Don't get me wrong, Apple makes great premium luxury products. But if you're serious about FIRE it's hard to justify hundreds of dollars a year in computer depreciation.
Sorry, somebody had to do it.
Too late, I ordered an 8 core Air with a 512gb SDD and 16gb RAM today. Just 12 easy payments of $95.75, interest-free, plus 3% cash back which I will put toward a wireless charger baybe. Thank you Tim Apple.
-
I must have misunderstood your original statement. I took not running x86 virtual machines to mean it couldn't run a windows vm. I currently work primarily in SolidWorks. Once I'm done working for client(s) that use Solidworks I'll probably look for other cheaper options.
Are you running SolidWorks in a Windows VM on a Mac? o.O That won't work, no (at least, not yet - I expect someone to solve it, just the performance of an x86 VM is up in the air).
You are replacing a three year old computer with a new model and paying I'm guessing at least 750 dollars for this privilege after the sale of your older machine. All this for what benefit exactly? How much time do you lose waiting on lag with a 3yo machine vs. a new one? Have you measured it?
Actually, it's closer to a straight across trade. My existing one is a 2018 with 32GB RAM, and current eBay prices on it put it as slightly more than I paid for the new one, give or take. Minus eBay fees, if I can't sell it locally, and it's about a wash. I'm just going to use some external storage if needed, most of my data lives on a homeserver, not my desktops. The new one is only $900 in a sane config, so hard to lose $750 on the deal... I didn't go with an insanely high end config on the old one.
However, for me, the main benefit is radically reduced idle power. My office is purely off grid, and winter is a challenge. I'm pretty touchy about idle power here, and the new one idles around 4W - which is nothing. The Intel one idles around 10-15W, which is a far bigger deal for overnight loads out here, so, quite honestly, I don't use it that much. It just draws too much power to run 24/7 out here, and I'd really like a Mac online 24/7 for a variety of things (to include possibly self hosting some stuff - looking to reduce some of my cloud spend for hosting).
Also, it's a major step in de-Inteling my life. Value of this is up to the person, but I place a good value in working towards a de-Intel'd life. I still have a few Intel systems, and am actively trying to replace them. A power efficient mid-range system is worth a lot for that, to me.
I thought the whole rationale for getting an Apple was that they "get used for many years". If you are going to dispose of them every 2-3 years why not get a desktop box with twice the technical specs running Linux or Windows for maybe a third of the price?
They do get used for many years. Just perhaps not by the first purchaser. The hold value quite well, so selling them off doesn't have nearly the same impact you get from selling off a PC that isn't worth nearly as much in a few years. Quirk of Apple ownership. But I expect to get $900-$1000 for my current Mini. Perhaps more, if people are stocking up on Intel hardware for whatever reason. They're not "discarded" as scrap when you get rid of them... usually.
This is what it looks like to get played by corporate planned obsolescence. To incinerate the maximum amount of cash, get the $200+ RAM upgrade AND replace it every 3 years anyway.
I don't have data on hand regarding resale value at 3 years of various configurations, but given that the higher-RAM options tend to command a nice premium on the used market a few years in, I'm not actually sure which way you'd be better, TCO-wise. I would expect you might edge slightly ahead with less RAM, but I'm not at all sure, and it probably depends on just how long you keep it. If you want to incinerate cash, the Mac Pro, fully loaded, is a far better way to do that.
Don't get me wrong, Apple makes great premium luxury products. But if you're serious about FIRE it's hard to justify hundreds of dollars a year in computer depreciation.
"A couple hundred a year in computer depreciation" really isn't that much... it's hard to stay much lower unless you don't ask them to do much of anything.
Sorry, somebody had to do it.
Appreciated! :D
-
I have seen Macs/iMacs/Minis get used for many years if they are regularly cleaned up and don't require major HW upgrades. Apple does make solid machines. There's an Australian guy on youtube who fixes up old Apple devices.
Their "solid" systems are why I had to replace 5% of the ram across hundreds of machines -- because they shipped bad ram that xrdiags wouldn't detect.
And let's not even get started on the xserve raid controller that had bad ram. On the plus side we had backups. On the down side, that was a huge waste of time until we figured out what was wrong. Which took longer because apple had no reporting to point to said failure, we had to suss it out based on behavior.
-
Are you running SolidWorks in a Windows VM on a Mac? o.O That won't work, no (at least, not yet - I expect someone to solve it, just the performance of an x86 VM is up in the air).
This seems totally doable to me for an x86 mac. I used to run windows games (think: civ 6, wow, etc) in a windows vm, at max settings, under linux on a desktop. I was doing GPU passthrough. The performance hit was something in the range of <5%. The bigger problem was nvidia doesn't like it and so the drivers were always (artificially) an issue on the windows box, or the gpu had intentionally disabled pcie reset support, so you couldn't reboot the vm without rebooting the host os, etc.
I'd expect at least one of the mac vm programs to be able to run CAD fine on an x86 mac. Maybe you need a TB3 GPU enclosure to do it (TB3 limited bandwidth is probably a bigger perf penalty than the gpu passthrough), but it should work. At the very least, it'd work under linux on the same mac (presuming linux could be run on said mac in the first place).
-
No facepunch from me. Apple makes a pretty solid final product, but is generally a bit too expensive for what you get, IMO.
I built my computer over 4 years ago for ~$1000. It has been running basically non-stop the entire time, and I have yet to find a game or program that challenges the GPU. It's getting close to that point, however.
For you nerds:
GPU: GTX 1070
32GB RAM
256GB M.2 drive, + 1TB internal HDD
Core i5 6600k, overclocked to 4.1GHz
-
Are you running SolidWorks in a Windows VM on a Mac? o.O That won't work, no (at least, not yet - I expect someone to solve it, just the performance of an x86 VM is up in the air).
This seems totally doable to me for an x86 mac. I used to run windows games (think: civ 6, wow, etc) in a windows vm, at max settings, under linux on a desktop. I was doing GPU passthrough. The performance hit was something in the range of <5%. The bigger problem was nvidia doesn't like it and so the drivers were always (artificially) an issue on the windows box, or the gpu had intentionally disabled pcie reset support, so you couldn't reboot the vm without rebooting the host os, etc.
I'd expect at least one of the mac vm programs to be able to run CAD fine on an x86 mac. Maybe you need a TB3 GPU enclosure to do it (TB3 limited bandwidth is probably a bigger perf penalty than the gpu passthrough), but it should work. At the very least, it'd work under linux on the same mac (presuming linux could be run on said mac in the first place).
I'm running it as a dual boot machine with Windows 8.1 and boot camp. Through a combination of CC games and Bestbuy sales I got price down to an equivalently powerful Dell plus a copy of windows. In comparisons with my friend's Dell they were really similar performance, but mine was about 3 lbs lighter and 2/3rds as thick... As mobility and weight were pretty important at the time, that was worth the price of a windows license (I lived in a village with no road access and the small planes that flew in and out limited carry on weight pretty strictly). I never did run it in a VM because the dual boot worked so well, but that is what I was considering if I were to upgrade. Mobility has been a lot less important lately and I've moved most of my work to a desktop, but if I'll be keeping an eye on the VM progress. I might be a candidate for the last generation of x86 machines...
@Syonyk, I read your post on the mess google made of blogger. Are you going to try it with the new hardware, or stay away on principle? I feel like SolidWorks has done much the same thing. Each new system is incompatible with the previous version, so once you update parts to the new version you can never open them again in the old. That means I have to use whatever version my clients are using. Every update is more processor intensive and usually does little to make the design process smoother. My current projects are in 2017, which pushed me to a desktop, but now the client is mumbling about "upgrading" and if it's anything like the last time I'm afraid even this liquid cooled monster is going to struggle with the "improved" version. Maybe that will give me the final push to pull the plug and RE/go get that pilot's license...
-
Syonyk, I read your post on the mess google made of blogger. Are you going to try it with the new hardware, or stay away on principle?
Oh, I have hardware that will do it. I'm just trying to use it less, in my quest to use the internet less, and in more restricted ways. All I have for a laptop in the house at the moment is Clank - an old netbook from 8 years ago. It works fine for things like this, with text, and used to work fine for blog posts (I normally edited photos on another system, but could do it on here in a pinch).
I think at this point, I'll finish out the solar posts on Blogger, this winter, and then move to something else for other posts. Just leave that which I've posted there, so I don't have to worry about moving existing content. There are plenty of links to my blog from various places, and I suppose I could do some redirects, but... I just really hate web admin and stuff, it's no longer remotely close to my area of expertise, so I'd rather not. Keep a backup for when they turn the whole stupid thing off because nobody uses it anymore.
But, yes, I expect a new Mac Mini would chew through the abomination that is their code. :/ And that's part of the problem, write crappy code, people buy new hardware for it.
Maybe that will give me the final push to pull the plug and RE/go get that pilot's license...
I'm no help there. Flying is awesome. Just haven't done much of it this year, I've been working on other projects, and now that I have time to go fly, I'm isolating due to possible covid exposure, again. :/
-
Keep a backup for when they turn the whole stupid thing off because nobody uses it anymore.
I haven't read through your solar series yet and I decided not to try to squeeze an install into this year. I'll have to take a look at that make a back up in case it goes away. I should probably do something with my much neglected blogspot blog too...
I'm no help there. Flying is awesome. Just haven't done much of it this year, I've been working on other projects, and now that I have time to go fly, I'm isolating due to possible covid exposure, again. :/
That is helpful
-
It arrived last week and I had time to set it up over the weekend.
It's really, really good.
Fast. Power miser. Teh Snappy.
I'm impressed.
-
NO facepunch from me. My sister and I just bought one for my mom to replace her 2009 iMac.
The 2009 iMac was finally running too slow for her, so we upgraded to the new Mac mini for about 60% of the cost of what her iMac was originally.
And now she has the ability to plug in two huge monitors for more than double the screen real estate that she had with the iMac.
She received it last week and is really happy with it.
-
I spent the early 00s building and upgrading computers and becoming obsessed with faster hardware. Then the 2010s hit and I held onto my desktop for 10 years. Around 2017 I finally started to give laptops a chance.
Now I have a $950 laptop with 144Hz screen, 8-core CPU, 16GB replaceable RAM, mid-to-high range GPU with 6GB, 1TB PCIe x3 NVME storage, ~4.5 hour battery life... that battery is great when compared to any other laptop with this much hardware, and dismal in comparison to the Macbook Air and Pro using the M1. Battery doesn't matter much on the Mini ;) Like my laptop, it'll probably be plugged in most of the time.
I'm actually within my return period yet... and if I could just get like 95% success rate on games like StarCraft II and Diablo 3 running on an M1 (Air/Pro) at high settings, fast framerates and no crashes, I'd probably swoop in and try MacOS life (and great battery life... life). But right now there are just a handful of reports on Apple Silicon Games (https://applesilicongames.com/) and they are mixed or low settings at best.
The Lenovo T14 has some great hardware... assuming you have the AMD model... ? :)
Anyway, I assume this Mac Mini purchase will require you to work an extra 4 years? ;)
-
Anyway, I assume this Mac Mini purchase will require you to work an extra 4 years? ;)
Eh? It's a straight across trade for the old one that didn't do most of what I was hoping it would do (mostly because the GPU was beyond terrible - Intel Integrated, and NOT one of the better years).
... and I may have traded some other hardware and monitors I had laying around, generally less utilized, for a LG 5k monitor that is stunningly beautiful. That the AS hardware drives just fine. Someone had won it in a raffle and lacked the computer to drive it or the use cases for it, and I do enough photo/video work that being able to view higher resolution native is nice. I just don't like 4k, it's the wrong resolution for 27", but 5k gets me integer scaling to my preferred 1440p, while still showing the full image. <.<
Mostly, though, I've been trying to get away from Intel for a variety of reasons, and this was an opportunity to do so for a lateral trade.
-
Eh? It's a straight across trade for the old one that didn't do most of what I was hoping it would do
That's the joke! :) It wasn't a good joke, but you get what you pay for. Kind of sometimes.
-
I have an older Intel laptop that I'd like to replace in the next few years. Not interested in buying the first generation of a new processor architecture though. I'll wait a year.
-
I have an older Intel laptop that I'd like to replace in the next few years. Not interested in buying the first generation of a new processor architecture though. I'll wait a year.
For most people, that's the right answer. While a lot works, and for light use (that doesn't need a blisteringly fast processor), there's plenty that either doesn't quite work or isn't yet ideal. We'll see what the next year shakes out, but I expect to see a lot of support for things that aren't currently supported hammered out - optimistically including x86 VMs with decent performance. The hard part of translating x86 binaries for ARM processors, the memory model issues (ARM has a far weaker memory model than x86), are solved by Apple having a toggle to just enable the strict memory ordering in hardware.
"Weird ARM issues" are nothing new to me, I've been using ARM desktops for 4 years or so (assorted Raspberry Pis), and I'm happy to deal with broken stuff to get away from Intel.
-
The hard part of translating x86 binaries for ARM processors, the memory model issues (ARM has a far weaker memory model than x86), are solved by Apple having a toggle to just enable the strict memory ordering in hardware.
Presumably there's a way of enabling that on a per binary basis? Correctly written code should just work, of course, and it would be a shame to slow down code which didn't need it.
I suppose there are other occasional issues - float to int conversion of infinities, for example.
-
Presumably there's a way of enabling that on a per binary basis? Correctly written code should just work, of course, and it would be a shame to slow down code which didn't need it.
Yeah, it's a per-thread config setting. Presumably fiddles a system control register bit on task swaps.
https://github.com/saagarjha/TSOEnabler
I suppose there are other occasional issues - float to int conversion of infinities, for example.
Likely, but there are some ARM instructions to handle the weirder common cases, and I doubt this is the bulk of the code.
In any case, Apple is getting 80% of native performance on their x86 emulation, which is *nuts*. I'm sure the gigantic L1 caches don't hurt either...
-
I would have bought a Mac Mini (~2016 or so), but it didn't have the multiple 4K support I wanted. ----> facepunch, etc etc.
I eventually got a referb Mac Pro (2013/ trashcan). Having 10 square feet of desktop space, I feel is facepunch worthy IMHO.
-
I'm a full time SW dev that has a MBP for work but I honestly prefer my Lenovo T14 with Ubuntu 20.04. Faster, cheaper, and better battery life, at least for the type of development that I do (embedded Linux).
My shop also does macOS and iOS work and we are generally really disappointed with recent changes in the Apple ecosystem. My photography friends have similar comments.
But I do hope that you enjoy your new mini, I used to buy them for myself.
I too prefer Ubuntu, but with work security protocol our IT group says we have to have a Mac or Windows. I went with a MBP because of the unix terminal and it's similarity to linux. But I'm hearing that the WSL on Windows has improved a lot over the past year, so now I'm somewhat second guessing my decision.
-
Syonyk - can you tell me why you avoid Intel. I'll probably learn something.
-
Not OP but I like to meddle and disparage Intel so... ;)
First, to their credit, their CPUs have been used in a great number of personal computing devices, and much to the benefit of many people. They have done some really great engineering over the years.
But... there is also AMD, who has been battling it out with Intel for roughly 50 years (there's an article out there about their history.) They are both big American companies... for what it's worth. Intel is just much bigger, and so AMD at least feels like the scrappy underdog, and as such, I find myself rooting for them, and against Intel.
Mostly I root for solid competition and benefits to the consumer.
AMD stumbled after their solid Athlon and OK Phenom chips - Intel got ahead and stayed just ahead of Intel. But with AMD struggling, Intel either consciously or ineptly failed to advance computing in the meantime. (Maybe it was just AMD and Intel flopping, but with Intel, it felt like they weren't trying very hard to push things forward.) The GHz wars mostly wrapped up about ten years ago when 4/5Ghz barriers were broken, and dual/quad core was quickly going from enthusiast to mainstream. Which means that until 2017, almost nothing changed. Finally AMD got their act in gear under Lisa Su, and suddenly 8 core CPUs became mainstream - this year laptops with 8 cores became common.
Intel is still... flopping though. That isn't a reason to spite them, but it does mean their chips aren't as good as AMDs - they have to run hotter and push more power through them to remain somewhat competitive, so they aren't the better option for your dollars. In the past, AMD was sometimes the better option for dollars, because they weren't competitive, so they competed on price. Intel will likely do the same if it becomes absolutely necessary, but for now, they have too much influence over OEMs and still hold too much market share to sweat AMD and lower their prices too much. (There are some cases of CPUs dropping from $2k to $1k in a generation after AMD started to sell much higher performing high-core CPUs at less than half the cost of Intel's...)
For Apple users, Intel was the only CPU option from 2006 to fall 2020, and the struggles of Intel meant Apple hardware was falling behind. With the Apple Silicon M1, at least the ultra portable and small form factor is wildly competitive again for Apple, and it is easily expected for other varieties of Apple computers to become very competitive as their new CPUs are introduced.
-
Syonyk - can you tell me why you avoid Intel. I'll probably learn something.
Short answer: They've demonstrated to me clearly, in the past 3-4 years, that they cannot reason about their chips. The endless waves of security issues coming out mean that they no longer understand their chips, and they make claims that are false at the time they make them (and it's clear they don't know the claims are false). I'm unwilling to support a company that builds things they no longer understand, and in the case of computer security, I think their chips are simply not trustworthy at this point. It's been too many massive missteps, too many "Oh, gosh, we screwed that up too?..." responses to security researchers, and too many failed patches/fixes/hacks/microcode updates/etc for me to believe they have any clue as to what's going on internally in their processors anymore. I don't know why - but I've proven to my own satisfaction that it's true.
As a result, I'm trying to move that of my life which I can off Intel. I'm not entirely there yet, but I'm making good progress. My homeserver got swapped out some while back for AMD parts to replace the Intel parts (which I've donated to the church server with hyperthreading disabled), and the Mac Mini has been swapped out. I make heavy use of a Raspberry Pi 4 in my office, I've got an older Intel netbook that predates all the speculative execution vulnerabilities by not speculatively executing anything, and... I've still got an Intel MacBook Pro that runs the latest OS with hyperthreading generally disabled. I can't justify replacing that one quite yet, but I'm careful with it.
Long answer, sorry for technical details if you don't care:
Meltdown and Spectre showed up some while back, and were pretty devastating to the concept of a processor enforcing security boundaries. The processor enforced them architecturally - what you see in registers - but it wasn't even bothering to try to enforce them when doing the "run ahead" execution that most modern chips do (speculative execution, you keep the results and save time if you're right, throw the results away and try again if you'er wrong). One could guide the speculative execution down a forbidden path, and before the processor caught up and realized it wasn't actually allowed to do that, it had altered the state of internal resources (typically the state of cache). Through various creative techniques, one could encode data in how one disrupted cache lines and therefore read out the forbidden data. For Meltdown, in particular, on 64-bit systems, this meant that you could read literally anything in RAM on the system if you knew how to look and ask politely. You could freely, as a random user process, read kernel memory, and for a variety of reasons, 64-bit kernels keep all of physical memory mapped into the kernel address space. So, I'm some random process with no permissions beyond the ability to run code and make a few basic syscalls, and I effectively have full read access to the entire system. Crypto keys for SSL termination, cryptocurrency wallets, passwords, you could read everything. Whoops.
However, at the time, while horrid, I was willing to give Intel some benefit of the doubt. The system did behave properly, in terms of architecturally specified behaviors, and... maybe this was a one-off thing someone didn't think through. Fine. It would be bad if they didn't know about it, because it means they don't understand the chips, but it would also be bad if they knew about it and didn't do anything to correct it. I wasn't sure which was correct, but neither one was good.
And then the world continued coming down around Intel, and I got my answers in the form of the vulnerabilities that cracked open production SGX enclaves.
SGX is a "secure enclave" that, on paper, allows you to perform private (nobody can see what you're doing) and correct (nobody can interfere with the validity of your results) calculations on a fully compromised system. Intel explicitly considers the OS and such in bounds as attack surfaces for SGX. Their claims were that even with a fully compromised, actively malicious operating system (ring 0) managing the enclaves, you could not either see into a production enclave or do something that would alter the results. They did things like encrypting the memory they used, signing pages as they were swapped out to prevent the OS from loading an old or incorrect memory page when swapping things back in, and generally made an awful lot of claims about how you couldn't mess with SGX.
All of which were wrong, at the time they were made, on the current hardware of the time.
There's a laundry list of microarchitectural vulnerabilities out there, and I'm not going to point out most of them, but two in particular violate Intel's claims about their processors and SGX.
The first was Foreshadow/L1TF/L1 Terminal Fault. This is a hardware implementation detail of the L1 cache (fast memory close to the CPU core) that means that, if page tables were misconfigured in a particular way, you could (speculatively) read the data out of another process's memory space - including that of an SGX enclave. If you knew what you were doing, you could violate just about any security boundary in the system. User to kernel, virtual machine to hypervisor, virtual machine to virtual machine, OS to SGX... just ask nicely, and you can read out what's going on. In particular, you could read the memory out of an SGX enclave. Because SGX enclaves store their register state in their memory when exiting, you could also read out the register data from the current enclave execution state. Throw in some other tricks and techniques to single step an enclave, and you could quite literally read out the entire memory and register state of a production SGX enclave, at every single step of execution. This includes private keys used by the loaders and such that you weren't supposed to be able to read, ever.
Whoops. So much for "Can't read the enclave." But, hey, at least you can't mess with it, right?
Except, you can. Plundervolt is research in which the OS (explicitly untrusted, remember) can make use of an undocumented (!) hardware configuration register (MSR) for undervolting the processor. This allows the OS to improve power efficiency, but as implemented, it also allows the OS to lower the voltage just enough that certain complex instructions start faulting. You can, as the OS, edge the voltage down until multiply and AES encryption operations start faulting, but everything else works fine. These instructions have a longer chain of transistors involved and will show the signs of overclocking/undervolting first.
So, you run the chip down to the edge of faulting, launch the production SGX enclave, and... it runs at the reduced voltage, with multiply and AES instructions faulting in the predictable ways. Which means the enclave gets the results wrong. Not only does this usually allow you to pull out crypto keys (again), it means that the claim that the OS can't impact operation of the enclave was also wrong.
And the list goes on, and on. https://en.wikipedia.org/wiki/Transient_execution_CPU_vulnerability has a lot of it.
As far as I'm concerned, these demonstrate (well enough for my convincing) that Intel (a) can no longer reason about their CPUs and all their behaviors, because (b) they're simply too complex to reason about anymore, even with literally all the data about how they're built.
And let's not discuss their hyperthreading leaks, and outright architecturally incorrect behavior on Skylake...
AMD is impacted by the branch predictor vulnerabilities (Spectre classes), and ARM is as well, because these are just fundamentally an issue with out of order and speculative execution. You can't "run ahead" without predicting branches, and branch predictors can be mis-trained. There are mitigations for some of the issues, by flushing or scrambling the branch predictors on process change, but AMD has been largely unimpacted by the other huge classes of vulnerabilities Intel is struggling to keep up with.
Does this mean AMD is more secure? Well... evidence points to yes. They seem to detect "Huh, that's weird..." and wait for the execution to catch up to resolve it in a wide range of conditions that Intel just blasts on through. I expect this might be from their long process disadvantage - mis-speculation is simply burning power, so waiting around in the oddball hard-to-predict cases saves power that is likely to have been wasted. Intel, recently, has been struggling with their process being utterly stuck, so they've been pushing the bounds of "Anywhere we can gain some performance, we must." Getting creative with speculation to save a cycle here and there does add up, as long as it's not about to blow up in your face...
So, given all that, I've been trying to move that which I can away from Intel. Some goes to AMD (homeserver, possibly my office utility NUC at some point once the comparable AMD system is in stock), some goes to ARM (Pi4, PineBook Pro, Mac Mini). I generally think that ARM is going to be the future of most computing, and so I'm more inclined to move to ARM when I can. Apple's new silicon solves the main issue with ARM - that it's been slow. The Mac Mini is, by far, the fastest computer that I have (some other stuff might out-throughput it, but... probably not). It sips power (in a solar powered office), is blisteringly fast, and is not-Intel.
And I absolutely accept that I am being financially sub-optimal by swapping out functioning hardware, long before it's obsolete, to get away from Intel. I'm trying to do it as even as I can (selling the old Mac Mini for most of what the AS one cost), and where I can't, well... honestly, I just don't care. I'm at a point where I can live out some of my convictions/desires about computing, so I'm doing so. It doesn't have a real impact on my financial state, which is doing just fine.
Should you (in the generic sense) get rid of Intel systems? Probably not. I don't think that many of these issues are terribly likely to be exploited, but on the flip side, it's also impossible to tell that they have been exploited because they leave no traces anywhere.
You should, probably, consider a few steps if you do anything terribly sensitive on your computers, though:
- Disable hyperthreading. Plenty of ways to do this. Hyperthreads leak. Horridly.
- Make sure you keep your BIOS and OS up to date. Install the damned updates. Yes, they slow things down. Beats some bit of Javascript being able to read out all your system memory, far as I'm concerned. There are people on this forum who still suggest using Windows XP or Windows 7, and to me, that's lunacy. I will get rid of daily use hardware when it stops getting OS updates, period.
-
Syonyk - can you tell me why you avoid Intel. I'll probably learn something.
Not Syonyk, not a chip geek or anything.
Back when Apple was going to intel, I tried to stay away as long as possible. My Mac G5 (Power PPC 750) not only was a non-x86 chip, but ran completely different firmware and microcode, to the extent that it was big endian (most significant digit first) in stead of little endian (like Intel etc). https://en.wikipedia.org/wiki/Endianness
I saw no compelling reason for 15 years to change to a chip style had the majority of the malware written for it (and the associated MicroSoft OS's)
Browser age eventually crept up. But even with an Intel chip in my new-to-me refurbished Mac, I do my best to expunge Microsoft code.
-
Meltdown and Spectre showed up some while back, and were pretty devastating to the concept of a processor enforcing security boundaries.
I'm all for bashing Intel, but some* ARM cores are also vulnerable to both Meltdown and Spectre (https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)). In fact, ARMageddon (https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_lipp.pdf) was the first attack in this family.
* - The ones that support Out of Order execution, just like Intel. EDITed to add: well, some of them are only affected by Spectre but the A75 is also vulnerable to Meltdown.
-
I'm all for bashing Intel, but some* ARM cores are also vulnerable to both Meltdown and Spectre (https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)). In fact, ARMageddon (https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_lipp.pdf) was the first attack in this family.
* - The ones that support Out of Order execution, just like Intel. EDITed to add: well, some of them are only affected by Spectre but the A75 is also vulnerable to Meltdown.
The ARM cores with OOO are vulnerable to Spectre, but the sort of thing that allows for Meltdown-style attacks is far less common. It's entirely possible that this is because nobody needed that level of performance out of ARM cores, and they were just lagging far enough back that they didn't have the same issues, but AMD is also not broadly vulnerable to Meltdown. And the rest of the issues are pretty darn Intel-specific.
However, I disagree with your assertion that ARMageddon was in the same class of attacks. It provided the various cache timing techniques that were used for later papers (in that it's the same group of researchers, hardly surprising that they used their prior research), but it doesn't relate to speculative execution at all. Just cache based attacks, which have been a thing on desktop computers pretty much since they had caches (and we've been fighting that sort of battle for decades with crypto algorithms as well, you ideally want a constant time, memory oblivious algorithm... eh, more rabbitholes).
It's certainly possible that ARM will have a similar set of uarch vulns as performance increases, and I'm certainly looking forward to more aggressive probing of the AS behaviors now that they're out into the general public hands. But, at the same time, the various groups designing ARM cores haven't given the same sort of utter lack of confidence about their claims that Intel has. Had it ended at Meltdown/Spectre, it would have been an interesting time in computer security, would have involved the kernel changes and page table isolation (which is a royal pain in the rear for certain things), and... we would have moved on. But that Intel claimed their enclaves were immune to software based attacks from ring 0, when they absolutely were not, in a wide variety of ways... that tells me Intel just can't reason about their chips anymore, and that they don't understand them. If Intel can't understand their chips, I don't want to run them in things I care about, as I can get away from them.
-
But that Intel claimed their enclaves were immune to software based attacks from ring 0, when they absolutely were not, in a wide variety of ways... that tells me Intel just can't reason about their chips anymore, and that they don't understand them. If Intel can't understand their chips, I don't want to run them in things I care about, as I can get away from them.
I'm fine with all of that sentiment, but I'm pretty sure that ARM never said in their marketing material that userspace code could snoop TrustZone, which is what ARMageddon is.
-
I'm certainly looking forward to more aggressive probing of the AS behaviors now that they're out into the general public hands.
Isn't it billions of Arm chips per year - couple of orders of magnitude more than Intel? Would be interesting to know whether black hats are more likely to try attacking Apple phones, or Apple laptops.
Apple's new silicon solves the main issue with ARM - that it's been slow.
The TOP500 list currently shows the Arm based Fugaku supercomputer at the top, with a performance 2-3x faster than the 2nd place (Power-based) IBM supercomputer at Oak Ridge. I don't think we'll be getting a few hundred petaflops in a desktop any time soon though.
-
I'm fine with all of that sentiment, but I'm pretty sure that ARM never said in their marketing material that userspace code could snoop TrustZone, which is what ARMageddon is.
No, but it's a different category of attack. It's basic cache disturbance observation, which has been used on x86 to observe cross process and into SMM for decades. It's not a speculation based attack. Different categories. Still annoying, but much easier to mitigate and harder to get really fine details out of. I'm not picking on Intel for their entire history of issues, just the recent speculation based ones, and, in particular, the ones that crack open SGX with their pipeline misbehaviors.
The question was why I want to get off Intel, and I answered. If you don't care about that stuff, fine. Intel's speculation based trainwreck has been a thorn in my side for quite a while, so I'm moving away from them, and I finally have options to do so without dropping back to utter gutless wonders as the previous ARM based options for desktop/laptop use were.
Isn't it billions of Arm chips per year - couple of orders of magnitude more than Intel? Would be interesting to know whether black hats are more likely to try attacking Apple phones, or Apple laptops.
It's far harder to get the sort of totally arbitrary execution across a range of modes you need to do this sort of work on the phones. Not impossible, but far, far harder than on a desktop type platform where you can write kernel modules and go poking around. I expect some papers in a year or so, but have no real guess as what's going to be in them.
The TOP500 list currently shows the Arm based Fugaku supercomputer at the top, with a performance 2-3x faster than the 2nd place (Power-based) IBM supercomputer at Oak Ridge. I don't think we'll be getting a few hundred petaflops in a desktop any time soon though.
... and a supercomputer isn't exactly in the same category as what I was referring to. First, don't confuse throughput and single threaded speed. It's easy to get good throughput by going wide, but it doesn't help with typical end user tasks that are single threaded. And I've no particular use for the sort of "drive a huge vector engine" chip designs that make up most modern supercomputers.
There have been no "really fast" desktop/laptop ARM chips available to typical end users, and while things like the Rpi4 are fast enough to be usable for basic light to moderate desktop use, they're not particularly quick compared to the x86 offerings. The M1 is - it runs even with the top available x86 chips in single threaded performance, and because of their memory model toggle, can emulate (technically translation, as it pre-compiles an ARM binary out of the x86 binary) x86 at an awfully good percentage of native speed (around 80% or so - you can absolutely play mid-range x86 games on the M1). You were limited to either the small chips like the Rpi4, or the ODroid N2+, or you were looking at some of the ARM development workstations - the eMag or similar were options, but they're priced like workstations and not exactly power sippers.
Anyway, I feel I've answered the question in some detail, and don't particularly care to make this whole thread a rehashing of the last 20 years of chip architecture security either.
-
Thanks - learning lots from everyone here.
-
Meh, if you want the computer, buy it.
Happy New Year.
-
Meh, if you want the computer, buy it.
That approach, applied to life in general, leads to lots of bad outcomes. :p Hence this forum.
-
Actual facepunch incoming, rather than the "rah rah buy whatever you want" consumerist spiel.
Electronics are horrible for the environment, and produced in terrible conditions, including child labour and all kinds of other ridiculous crap, and will leach toxic shit into the earth long after you, me, and everyone else on these forums is dead. You should seriously consider weaning yourself off of your consumerist tech addiction, because you're literally killing us all, including people who haven't even been born yet.
I fully acknowledge that a certain amount of tech is basically a necessity to live in the modern world, but I think we should all try to buy it as minimally as we can manage, and a big part of that is not replacing perfectly functionally stuff solely because you want something shiny and new. The ethical option here is to buy minimally, secondhand if possible, use stuff until it no longer functions, and then try to dispose of it in the most eco-friendly way possible.
Apple specifically just got busted again for using child labour, FYI. Is that really something you want to support?
-
Learn to repair your stuff a little. Definitely get off the upgrade treadmill as advertised on the tech websites. ;)
The 2020 ACME computer is not noticeably better for the average person than the 2019 ACME computer...
-
Actual facepunch incoming, rather than the "rah rah buy whatever you want" consumerist spiel.
Much appreciated! Quite missed recently on this forum.
Electronics are horrible for the environment, and produced in terrible conditions, including child labour and all kinds of other ridiculous crap, and will leach toxic shit into the earth long after you, me, and everyone else on these forums is dead. You should seriously consider weaning yourself off of your consumerist tech addiction, because you're literally killing us all, including people who haven't even been born yet.
Certainly, which is why I try to both keep old hardware running (I go on rather extensively about repair and repairability on my blog), and try to make use of lower power/lower cost hardware that's minimal in terms of production emissions (small form factor ARM boxes, I've got a nice little ARM laptop, etc). I've done things like replace capacitors on some older boards before sending them to people who have vintage gaming habits, instead of throwing them away. It's rare for a piece of electronics to leave in the trash from our place, and that's the generally unfixable stuff like "broken screens." Which are rare, but have happened. Replace the screen, keep the phone, go on your way.
I would attempt to argue that I don't have a consumerist tech addiction, though by some standards on the forum I certainly do - I've got, as personal computing hardware, a 2012 netbook, a 2015 MacBook Pro, the Mac Mini in my office, a RasPi4 for desktop use, a homeserver that provides media and VM hosting, and a couple older machines that exist to blow off surplus solar energy from my office doing faintly useful things (Folding@Home and World Community Grid, mostly, though I was doing some Rosetta@Home work earlier this year on the heaters). Plus an older (but still supported) iPhone 6S, older (but still supported... there's a theme here) iPad that is mostly a PDF reader for work, an old eink Kobo (purchased used), and plenty of hardware for work because I do low level tech stuff for a living. Far from one computer. :/ However, it's mostly older, repaired, and I try to keep it as long as feasible. I just won't run devices past the end of OS support, for a long set of reasons I've probably covered elsewhere in this thread. I'm aware of the Android open source alternatives, have done so in the past, but generally find the process to be a mix of "broken" and "... really? Ugh. Fine, I'll install this random binary from a .ru site..." - not something I'm a fan of in any form.
I fully acknowledge that a certain amount of tech is basically a necessity to live in the modern world, but I think we should all try to buy it as minimally as we can manage, and a big part of that is not replacing perfectly functionally stuff solely because you want something shiny and new. The ethical option here is to buy minimally, secondhand if possible, use stuff until it no longer functions, and then try to dispose of it in the most eco-friendly way possible.
I try to generally live by that, though the past year or so has been a bit of an anomaly as I've been trying to put my "de-Intel my life" goals into action. I replaced an Intel Mac Mini with the M1 version, and have replaced some couple-year-old homeserver guts with AMD bits and pieces. However, in terms of disposal, nothing I've rotated out has been disposed of - they've been repurposed for other use. Both the server pieces and the Intel Mac Mini are being used by my church now, and the old church server guts (which were... honestly, less than reliable and utterly ancient - Athlon64 X2) went to a friend who does vintage gaming.
Mostly, this has been a set of transitions to get myself away from Intel, who, IMO, has been shitting their bed consistently, towards hardware and companies that are more trustworthy. Again, I play in the deep weeds of this stuff, so I've got somewhat strong opinions on the matter. One of the very large issues with ARM has been the software ecosystem (ARMv6, ARMv7, and AArch32 are handwavingly fine due to the Rpi, AArch64 is a hot mess), and I'm working to improve that as I can. The M1 is a step in that direction, being hardware that I've been... mostly lusting after for about 3 years - a NUC-type ARM box that isn't glacial. The Rpi4 is sane for light use, but isn't a full desktop replacement for anything beyond reasonably light use (though it can handle a couple dozen tabs). I've tried, and have documented the process fairly well. Enable zswap, use a USB3 SSD, and... you're mostly there, really.
Electron can go die in a fire, though. "Desktop" apps that are just horrid web abominations that burn a full core to be useful are no progress for anything of value.
Apple specifically just got busted again for using child labour, FYI. Is that really something you want to support?
Not specifically, though I doubt any of the other tech companies are much better. Apple is, however, pretty well opposed to this sort of thing and goes out of their way to ensure that things that they find out about, that weren't supposed to happen, don't happen again. I'm less convinced most other tech companies care about any of it, unless they're caught. Apple's high profile means they're subject to more intense scrutiny, meaning issues are almost certainly discovered before they would be for other tech companies.
My relationship with modern tech is certainly "It's complicated..." I make a living with it (currently doing work on ARMv7 emulation), I rely on it for publishing content (moving off Blogger to something self hosted, though still on Google Cloud), and... I really don't like the directions it's going. However, within that, I'm interested in supporting the directions I find more reasonable - ARM and AMD, to be specific. I still own some Intel hardware, probably will for a while (replacing a perfectly functional 5 year old laptop with a M1 version isn't something I'm inclined to do soon), but... the less I rely on their modern stuff, the better.
In any case, I very much do appreciate the discussion/criticism.
-
Learn to repair it a little.
Does this sort of stuff count?
https://www.sevarg.net/2018/04/15/on-art-of-repair-re-capacitoring-old-mainboards
https://www.sevarg.net/2019/06/09/clank-reviving-ancient-netbook-iphone-6s-rear-lens-repair/
-
Oh I know you repair tech stuff. More than I do. I'm sitting here tonight watching a YT video about repairing electronics.
-
Oh I know you repair tech stuff. More than I do. I'm sitting here tonight watching a YT video about repairing electronics.
I mean, I feel utterly fucking defective in that I'm not using 1990s tech on the modern internet, but I've tried, and it simply doesn't work. Period. Even 2010 tech fails to keep up (for the most part).
We've (the software industry) has taken advantage of modern CPUs to say, "Sure, yeah, this will burn a billion times the CPU as what we used to use, but, hey, look, it's Javascript, so suuuuuuper easy to write!" - and it works. Sort of. If you have a modern machine with gobs of RAM.
I mostly use modern computers to do the same thing I used an overclocked 486 for back in the late 90s (talk to people, publish content, read email, chat on IRC), and... it requires an awful lot more than a 486/66MHz with 28MB RAM. To do the same damned things.
I should be able to do that which I do on an Arduino, but I've not gotten around to writing modern software stacks for 2kB of SRAM. :( Which means I'm a horrible, environmentally disastrous person who ought not be on the internet.
We had a dead cloudy day (6kWh off they gigantic solar array) the other day and pulled 70kWh from the grid for heat/transportation. :( And I'm pretty sure I lit my office generator too, which is one of the least efficient power sources known to man (5kWh/gallon gasoline, maaaybe?). So I'm an environmental shitshow, I just don't have the ability to easily change that. The solar arrays, large though they are (we have north of 20kWh on the property between the house and my office), simply cannot pull power out of a heavily clouded sky in heavy fog. And I've no biomass heaters to work with for the house or office (on the list, just... haven't found a good spot for them, and haven't purchased one yet).
Lay into me. I deserve it. I use modern tech, I make a living with the deep weeds of it. I am utterly embedded into the tech ecosystem, and even if I use older hardware, repair it, etc, I'm deep enough into the stack that all the sins of it are on my shoulders. I absolutely should not own a modern computer, yet, I've failed to spend the time required to write my own OS/browser/software stack that runs on older stuff that is fully depreciated and i can use with no real impact. And here the fuck I am, on a 2015 laptop with an Intel Haswell chip, browsing a site about reducing consumption, instead of figuring out how to to it on Lynx, with an Arduino. Facepunch the fuck away.
-
I've been trying to get away with using an RPi as a desktop for the last couple of weeks, but it's not as easy as using a 4 year old Win10pc (i7, 32gb ram). Somethings really stump it, especially when running a youtube video on half my screen, and doing something else on the other half.
Although its an interesting tech challenge, and something I've been using while not at work, I know as soon as Im back to work on Monday, I'll be back to i7 to run teams/outlook/excel/ other wage slave apps;.
-
I recently bought a new mac mini (to some extent based on your discussion about the security risks in older versions, but also because the data analysis I do really grinds the gears on this 2009 edition iMac, even after upgrading the RAM and switching to an SSD). We'll probably keep the old one for general use. If we ultimately decide to sell it, what's a good way to wipe out the disk? I don't want to disassemble it to get the disk out (that was annoying).
-
I've been trying to get away with using an RPi as a desktop for the last couple of weeks, but it's not as easy as using a 4 year old Win10pc (i7, 32gb ram). Somethings really stump it, especially when running a youtube video on half my screen, and doing something else on the other half.
Hardware video acceleration, especially in browser, is... yeah, gross is the best I'll say. Don't watch videos. That's been my solution.
If we ultimately decide to sell it, what's a good way to wipe out the disk?
You should be able to boot into recovery mode and wipe the disk from there. Or, perhaps on one that old, you'll need an external USB bootable OS installer, but that should let you do it as well. A couple passes over the drive and nothing of reasonable recovery value is left.
-
I recently bought a new mac mini (to some extent based on your discussion about the security risks in older versions, but also because the data analysis I do really grinds the gears on this 2009 edition iMac, even after upgrading the RAM and switching to an SSD). We'll probably keep the old one for general use. If we ultimately decide to sell it, what's a good way to wipe out the disk? I don't want to disassemble it to get the disk out (that was annoying).
SSD's are difficult to erase, as apparently an SSD has super-low level hardware that does "load leveling".
https://support.apple.com/guide/disk-utility/erase-and-reformat-a-storage-device-dskutl14079/mac
"Note: With a solid-state drive (SSD), secure erase options are not available in Disk Utility. For more security, consider turning on FileVault encryption when you start using your SSD drive."
That being said, using Disk Utility to erase should make it proof against most non-governmental agency data retrieval attempts.
https://support.apple.com/en-us/HT208496
https://www.macobserver.com/tips/how-to/securely-erase-macs-ssd/
-
SSD's are difficult to erase, as apparently an SSD has super-low level hardware that does "load leveling".
That works in your favor as well, though, because short of physically removing the chips from the SSD, you'll never get partial data of a properly erased sector. If you send the TRIM command down to the SSD saying "I'm done with these sectors, you can wipe them at your leisure for reuse," the disk notes that and will never return the previous data from those sectors (assuming the disk is well behaved). And even if you cut power to the SSD before it's done, it will resume scrubbing stuff to make space for more writes as soon as power is applied. They're a forensic pain in the rear - not only for that, but also because a lot of them like to lose data if they're left powered off for a year or two (as often happens in court cases when the machine sits on a shelf for a year before anyone gets around to bothering with it).
If it's simply contained home data of a typical home/office nature, writing zeros a few times and a trim or two (blkdiscard on Linux) does just fine. If it's more sensitive, and you actually need to guarantee the data is unreadable in any case, then either you should never have let it touch the disk unencrypted in the first place (FileVault on OS X is fine for these purposes), or you need to physically destroy the disk.
It's not hard to be good enough that short of a federal agency, nobody is going to read old data from the SSD.
There are quite a few papers written on the issue, though, if one wants to look into it further.
-
SSD's are difficult to erase, as apparently an SSD has super-low level hardware that does "load leveling".
That works in your favor as well, though, because short of physically removing the chips from the SSD, you'll never get partial data of a properly erased sector. If you send the TRIM command down to the SSD saying "I'm done with these sectors, you can wipe them at your leisure for reuse," the disk notes that and will never return the previous data from those sectors (assuming the disk is well behaved). And even if you cut power to the SSD before it's done, it will resume scrubbing stuff to make space for more writes as soon as power is applied. They're a forensic pain in the rear - not only for that, but also because a lot of them like to lose data if they're left powered off for a year or two (as often happens in court cases when the machine sits on a shelf for a year before anyone gets around to bothering with it).
If it's simply contained home data of a typical home/office nature, writing zeros a few times and a trim or two (blkdiscard on Linux) does just fine. If it's more sensitive, and you actually need to guarantee the data is unreadable in any case, then either you should never have let it touch the disk unencrypted in the first place (FileVault on OS X is fine for these purposes), or you need to physically destroy the disk.
It's not hard to be good enough that short of a federal agency, nobody is going to read old data from the SSD.
There are quite a few papers written on the issue, though, if one wants to look into it further.
Thanks for the information you all! I have FileVault on. Will do the other methods if we end up selling/donating it.
-
TLDR : Not a Facepunch but sharing my experiences.
I bought an M1 MacBook Pro 13" 16GB / 1TB model. Replaces a 2019 16" higher end unit which I sold through sellyourmac for $1784. With the educational store discount the new model was $1932 including tax. So only $148 to upgrade to the new architecture before the older model plummets in price. It's much more responsive and the fans barely turn on vs the 16" which always ran hot (CPU around 200° during light usage) and wasn't fully utilizing all its power due to throttling. I quickly regretted buying the bigger model due to its shortcomings. Maybe I'm old school, but one should be able to use a notebook in your lap without burning your lap. Every Mac Intel laptop I've owned since 2015 hasn't been able to do that.
My stepdad still uses the MacBook Pro 17" I used in grad school (2006). It was dropped once causing a dent in the casing. The battery also swelled up, I told him to stop using it. Mac Mini from 2007 still works but mom had to stop using it since it could no longer do basic things like online banking. Now she's running on a 2018 MBP 13" and loves it. You do pay a bit more for Apple products especially new but they hold their value well and tend to last a bit longer. I suppose depending on the level of tech expertise wiping out and running a linux distro could extend its lifespan by a few years. Still a PITA...
I do slightly miss having 4 ports and a slightly bigger screen for media consumption but I'm an Apple Silicon believer. The experience will only get better once more apps get ported over.
-
Well. That was dumb.
Under a year after buying it, it's getting scrapped out and sold off, along with a very nice monitor I traded some stuff for, because I'm not OK with the direction Apple has decided to go, using people's devices against them, with the whole CSAM scanning on device thing.
Long form thoughts here: https://www.sevarg.net/2021/08/15/apple-csam-scanning-and-you/
I'm de-Appling pretty much entirely, just keeping one machine archived for the occasional things that require MacOS. I've gone to a non-smartphone, am scrapping the M1, and will just live in the dysfunctional backwater weeds of the little ARM SBCs. Pis, ODroid, PineBook Pro, etc. If I can't do it on them, well... guess it's just not worth doing. My views on the tech industry have continued towards "I'm going to just opt out more and more."
Electronics are horrible for the environment, and produced in terrible conditions, including child labour and all kinds of other ridiculous crap, and will leach toxic shit into the earth long after you, me, and everyone else on these forums is dead. You should seriously consider weaning yourself off of your consumerist tech addiction, because you're literally killing us all, including people who haven't even been born yet.
Yup. In the past 6 months, you're far more correct than I preferred to admit before. The book on Foxconn, Dying for an iPhone, is a read that certainly has an impact on this decision.
Using little ARM boards as daily drivers sucks, so I suppose I'll be spending more time working on improving that, to allow more things to work smoothly on Pis and the like.
Anyway, update, feel free to lay into me for having made this idiotic set of decisions. I was too damned excited by the M1, which is a legitimately good chip. :(
Debating between selling the stuff and just archiving them deep, deep down in a hole, sealed in concrete.
-
Debating between selling the stuff and just archiving them deep, deep down in a hole, sealed in concrete.
Are the M1 Linux ports just unusable at this point?
-
Are the M1 Linux ports just unusable at this point?
I don't know. Haven't kept up. It does appear that through some antics, it's at least basically usable as a desktop, though I'm pretty sure GPU acceleration and such isn't a thing, which likely means the 5k output would be poor at best. That would be a very gross framebuffer to deal with.
I'm unlikely to be contributing to the M1 kernel development, so it seems silly to run something like that, when I could run some little ARM SBC where I'm more likely to actually do the kernel hacking required. I've got a PineBook Pro I can use, though the external display stuff doesn't work, and a Pi/ODroid/etc would be just fine. That most of the stuff I care about won't actually run on it (Signal, Spotify, etc) means I should fix those problems, instead of just lazily relying on an x86 platform to run that stuff.
Also, I didn't realize it until I actually had it, but the LG 5k has a built in mic and camera you can't disable. I can cover the camera with tape as usual, but short of hardware mods, I've not found a way to actually disable the mic.
Anyway, laugh away at the idiot who bought new hardware only to realize a year later that it can't be trusted with Apple's shiny new directions.
-
Apple is being incredibly arrogant with their CSAM thing. So much for switching to an iphone when my old android gives up. I wish BlackBerry was still around.
I can't quite tell from your posts: Are you operating in an environment where you need stuff like SGX to work properly? Or are you just generally irritated at the way Intel's been dropping the ball on their chip designs? I understand the c-suite at Intel isn't exactly brimming with the sort of competence Andy Grove brought to the company...
I do wonder, would it be possible to switch to Linux on your M1? I can find web sites talking about ports, for example https://9to5mac.com/2021/04/09/linux-m1-mac-june-report/ (https://9to5mac.com/2021/04/09/linux-m1-mac-june-report/)
-
Apple is being incredibly arrogant with their CSAM thing. So much for switching to an iphone when my old android gives up. I wish BlackBerry was still around.
They are, I assume there are good reasons, along the lines of "Do this, or else." From someone who has the power to apply a very large amount of "or else."
I'm also incredibly disappointed by their bowing to China with regards to iCloud. Of course, when you've put all your manufacturing in what, increasingly, has become a hostile country... well, that's some nice factories and export pipelines 'ya got there, be a shame if something were to happen to 'em... And the alternative is cheap Chinese hardware, currently on a PineBook Pro, which is oddly high quality Chinesium for very little money (1080p ARM laptop for about $200, though you can't get one because they can't get parts to build any more). I don't really know of any alternatives that aren't built in China. :( Going purely used hardware gains one some, but you're just shifting the evil, and someone bought a new device to have a used one to sell, usually... :/
The world of "dumb" phones is... poor. Though AT&T is sending me a flip phone for free, because my bananaphone (Nokia 8110 4G, you'll know why it's called that when you see it) isn't on the supported list of post-3G devices. I'm hoping it will work, though moving to a ~identical OS flip phone is just a style drop, not a function drop. I'll keep the iPhone for some limited stuff tethered, but... eh. That may not last. I've got an iPad for PDF work and ForeFlight, though I'm going to research alternatives there as well. Writing the drivers for the newly announced Pine Note seems appealing (they've basically said, "We don't expect the first gen to really work, but, hey, have spec sheets!"). I guess eink driver writing might be in my future.
I can't quite tell from your posts: Are you operating in an environment where you need stuff like SGX to work properly? Or are you just generally irritated at the way Intel's been dropping the ball on their chip designs?
I don't need it, though working TSX would have been useful for some projects. The consensus was, "Well, it might work, but do we actually trust Intel not to yank it on this chip? Not really." And, six months or so later, Intel yanked it for [reasons]. SGX would be very fun to play with, but I don't strictly need it.
Mostly, I'm just irritated with them. They were the flagship chip company, and utterly blew it, releasing wave after wave of broken turd that couldn't keep secrets - and they had no clue about it until other people told them. AMD shows some promise, but if I'm going to go do something totally broken, I may as well try to make the ARM world less painful for people. AArch64 builds for modern electron/Node piles of crap are simply broken, because there are some common dependencies that go, "Oh! 64-bit! I know this! Here, have an x86_64 binary!" There's been some work to get things like Signal building more reliably, but I'm not aware of any consistent AArch64 binary repos for them. I'm pretty sure I don't want to run a repo, but if it's helpful... :/ "Want to" and "can/should" are very different values.
I do wonder, would it be possible to switch to Linux on your M1?
Perhaps, though I don't see the point. Linux on AArch64 is mostly painful even with supported hardware, and the M1 is a bunch of active reverse engineering without things like working GPU acceleration (far as I can tell), and I may as well pocket the $300 or whatever it's worth now (or, rather, put it to building something useful like a YARH.io Pi handheld I can carry with me for some other mobile computation duties).
At this point, I should probably just give up on computers for anything other than work, though. I'm not sure there exists any ethical ways to use them.
-
Electronics are horrible for the environment, and produced in terrible conditions, including child labour and all kinds of other ridiculous crap, and will leach toxic shit into the earth long after you, me, and everyone else on these forums is dead. You should seriously consider weaning yourself off of your consumerist tech addiction, because you're literally killing us all, including people who haven't even been born yet.
Yup. In the past 6 months, you're far more correct than I preferred to admit before. The book on Foxconn, Dying for an iPhone, is a read that certainly has an impact on this decision.
I remember when I first started learning about stuff like that. It was absolutely horrifying. And of course, the companies all have huge PR teams and marketing budgets that do whatever they can to present only the image they want, try to keep the truth from consumers, or downplay it, etc. And they build suuuuuch strong brand loyalty that it's as if people's brains fight back against them to avoid having to give it up. The stuff I've learned over the years with regards to this stuff - particularly electronics, but also things like fast fashion and most things plastic - has turned me so totally off most forms of consumption. I want nothing to do with most of these evil companies.
-
At this point, I should probably just give up on computers for anything other than work, though. I'm not sure there exists any ethical ways to use them.
Ignorance is bliss. It does seem to be growing more difficult, don't it?
The wife and I are going through similar conundrums to your Apple purge (for far different reasons), though on the Windows end. I'll spare details, but it's frustrating.
I know you've personally expressed the discomfort of leaving a bootloader unlocked on an Android phone going aftermarket firmware, so you might find GrapheneOS (https://grapheneos.org/) of specific intellectual interest. They only support Pixel devices, the bootloader can be re-secured after install, zero Google back-end (not even microG), and the VoLTE implementation on the Pixels appears to be wholly VoLTE compatible with ATT/TMo/Vz and independent of the OS itself. Shame the only devices they support are the Pixels. Also just going to casually mention Andronix (https://andronix.app/) which can run full fledged Linux desktops on unrooted devices, though I don't know how well it might play with Graphene. Just tossing this out there... so you're aware.
I got nothing to say on the desktop/laptop end. Just grunts of sympathetic agreement. It's getting harder and harder to keep old tech running and out of the landfills.
-
I remember when I first started learning about stuff like that. It was absolutely horrifying. And of course, the companies all have huge PR teams and marketing budgets that do whatever they can to present only the image they want, try to keep the truth from consumers, or downplay it, etc. And they build suuuuuch strong brand loyalty that it's as if people's brains fight back against them to avoid having to give it up. The stuff I've learned over the years with regards to this stuff - particularly electronics, but also things like fast fashion and most things plastic - has turned me so totally off most forms of consumption. I want nothing to do with most of these evil companies.
Yeah... it's worse than I'd realized. Though I have no way of reasoning through, "Is it better to buy an Apple product, made in Foxconn, which we know is relatively abusive, or to buy something like a PineBook, made in who knows where, with unknown audits of labor or such?" I don't know enough to reason through that. I know the PBP is far cheaper, $200 or so, and is... "adequate" in terms of materials, vs the luxury materials of Apple, but it's also somewhat less recyclable in the process, and perhaps shorter lived due to being a lower power device to start with - it's not exactly quick compared to the M1.
My electronics purchases lately are more along the lines of used small board computers to see what I can make them do, and some inverters/charge controllers for solar power trailers, though we're trying to go with at least US companies for those. That's an interesting set of challenges because the supply chains are literally changing under us as we design.
Ignorance is bliss. It does seem to be growing more difficult, don't it?
Between everything being made with borderline or literal slave labor in China, and everything being as data/behavior hungry as possible, yeah. For sport, go read the Roku "privacy" policy - it's quite literally, "We will collect anything we can, and will do anything we want with it, nyah nyah!"
The wife and I are going through similar conundrums to your Apple purge (for far different reasons), though on the Windows end. I'll spare details, but it's frustrating.
Windows 11? Between the artificial obsoleting of plenty of perfectly good hardware for what appear to be "Buy a new computer, damn it!" reasons, and the aggressive push to online accounts (Win11 Home won't allow offline accounts, Win11 Pro should still, but Win10 has gotten bad enough that you have to literally install it without a network connection to even get the option for an offline account, then it nags you constantly until you find the right checkbox)... I'm looking at removing some Windows machines on the network. If I can get an ODroid N2 and Kodi to play nice, I might be able to replace the (graphically glitching) TV computer. Though if the thing suffered some sort of catastrophic failure, with the way supply chains are... I like the evening movies, but even the new TVs are pretty much pure evil, data logging all the things and submitting it upstream. I've heard claims, without strong verification, that some will eventually start trying random open networks if you've not joined them to a network.
I know you've personally expressed the discomfort of leaving a bootloader unlocked on an Android phone going aftermarket firmware, so you might find GrapheneOS (https://grapheneos.org/) of specific intellectual interest. They only support Pixel devices, the bootloader can be re-secured after install, zero Google back-end (not even microG), and the VoLTE implementation on the Pixels appears to be wholly VoLTE compatible with ATT/TMo/Vz and independent of the OS itself. Shame the only devices they support are the Pixels.
I looked into it, and the whole "Pixel only" problem was thorny. Has Google fixed the wave of 2 year hardware failures that have been their last 5-6 years of phones with the newer Pixels? They had a long wave of "Might last to the end of warranty, if you're lucky..." devices, I got burned with a few of them (the... 5X? utter pile of crap, wouldn't even reliably save photos), and I've been pretty hesitant about the whole Google/Android ecosystem since then.
I got nothing to say on the desktop/laptop end. Just grunts of sympathetic agreement. It's getting harder and harder to keep old tech running and out of the landfills.
Because everything has gone to horrid Electron based abominations, or just whatever toolkit Google is using that "runs fine here." The new Google Chat interface literally burns up almost all of a Pi4's CPU typing away at a decent clip in a browser window. No idea why, or what it's doing, but apparently Google believes that unless you've got a Xeon workstation, you don't deserve to see your letters show up at the same time you type them. It's pretty sickening just how much CPU is used to accomplish, near as I can tell, absolutely nothing. A quad core, 1.8GHz system is quite literally slower than a 66MHz single core 486 at "displaying text." Progress(TM)!
I make my living in the low level weeds of modern tech, so I've been trying to keep up with it, but the motivation is just lacking lately. I'll learn the weeds at the deep level I need to implement stuff, and screw the rest of it. Go play on my tractor or something, at least it doesn't have any firmware OTAs to worry about.
-
so what's the solution to all this, every tech company is getting more creepy and sneaky. are you going to have a smart phone still? Browse the internet? Not trying to be snarky, just want to know what's your plan forward navigating all the different tech that seems required either for work or plan?
-
Between everything being made with borderline or literal slave labor in China, and everything being as data/behavior hungry as possible, yeah. For sport, go read the Roku "privacy" policy - it's quite literally, "We will collect anything we can, and will do anything we want with it, nyah nyah!"
Oh, I know.
Windows 11?
Aye. Don't really want to go back to Linux-land myself, honestly, but the current Latitude 6440s are barely seven years old... built like a tank, hardly broken in, and last of the semi-gutsy Haswells that could clock-for-clock dance around the *lakes even with HT disabled up until about three years ago. And yet... TPM 1.2. ¯\_(ツ)_/¯
Four years yet is both a long time and a blink of an eye anymore. A lot can happen.
Has Google fixed the wave of 2 year hardware failures that have been their last 5-6 years of phones with the newer Pixels?
I repeat...
Shame the only devices they support are the Pixels.
Because everything has gone to horrid Electron based abominations, or just whatever toolkit Google is using that "runs fine here."
Yup. A great example is the new "cross platform" todotxt.net application Sleek (https://github.com/ransome1/sleek). Do we really need a 60MB application to add a checkbox interface and time due-date notifier for a task manager that's fundamentally opening and editing TEXT FILES? Especially when nearly every other todotxt.net compatible task manager on every platform that came before it barely weigh in at 500kB?
Wheee!
-
Because everything has gone to horrid Electron based abominations, or just whatever toolkit Google is using that "runs fine here."
I half agree, except Qt is alive and well (Wireshark 2, etc).
-
so what's the solution to all this, every tech company is getting more creepy and sneaky. are you going to have a smart phone still? Browse the internet? Not trying to be snarky, just want to know what's your plan forward navigating all the different tech that seems required either for work or plan?
I'm still working out the details. I've moved my primary device away from a smartphone (it's now a Nokia 8110 4G), to see how this works out in practice. I've been using aggressive ad blockers on the internet for years, though am using the internet less and less these days.
I half agree, except Qt is alive and well (Wireshark 2, etc).
Literally nobody is writing anything new in it, though. All the new stuff seems to be electron/Node/etc, and the stuff that I actually care about, for person to person communication, is all super heavy web stuff of that nature. As noted, a Pi4 can barely keep up with Google Chat now. :( I don't write the interfaces for that, and I don't really have the time to fully RE all that stuff and write (and maintain) compatible Qt versions of them. Yet.
-
I half agree, except Qt is alive and well (Wireshark 2, etc).
Literally nobody is writing anything new in it, though. All the new stuff seems to be electron/Node/etc, and the stuff that I actually care about, for person to person communication, is all super heavy web stuff of that nature. As noted, a Pi4 can barely keep up with Google Chat now. :( I don't write the interfaces for that, and I don't really have the time to fully RE all that stuff and write (and maintain) compatible Qt versions of them. Yet.
Well, maybe not for desktop. It is the industry standard #1 go-to technology in embedded Linux, at least in the shops that I've worked at. Probably for all the reasons that you mention in this thread.
EDITed to add - also, KDE.
-
Because everything has gone to horrid Electron based abominations, or just whatever toolkit Google is using that "runs fine here."
I half agree, except Qt is alive and well (Wireshark 2, etc).
This is the first time I've encountered electron. I thought node was pretty questionable, but electron seems completely nuts. This started with HTML based smart phone apps, didn't it. Now, they say, why not do the same thing for desktop apps?
Well maybe because I want my computer to be able to actually do stuff besides render your crappy GUI? Maybe because I don't think we should automatically obsolete older less powerful machines just because you want to use Javascript everywhere?
-
This is the first time I've encountered electron. I thought node was pretty questionable, but electron seems completely nuts. This started with HTML based smart phone apps, didn't it. Now, they say, why not do the same thing for desktop apps?
Well maybe because I want my computer to be able to actually do stuff besides render your crappy GUI? Maybe because I don't think we should automatically obsolete older less powerful machines just because you want to use Javascript everywhere?
I think that it actually started with Google and V8 and Chromium. But I could be wrong. Anyway, Google spent a bunch of time and money on V8 and Chromium to run their web apps faster. Then some "smart" open source people figured out that you could write a whole desktop app with that stack. They aren't wrong, and it is reasonably good for cross platform stuff (VSCode, etc). But boy dose it use a lot more CPU cycles than other technologies.
-
@Syonyk, this made the think of you: CNX Software: Firefly is working on a Rockchip RK3588 Mini-ITX motherboard (ITX3588J) (https://www.cnx-software.com/2022/03/05/firefly-itx3588j-rockchip-rk3588-mini-itx-motherboard/)
Firefly ITX3588J mini-ITX motherboard is the third hardware platform we’ve seen with Rockchip RK3588 octa-core Cortex-A76/A55 processor.
The board will be interesting to people wanting an Arm PC or workstation as the mini-ITX form factor will allow the board to be fitted to a standard enclosure, and there’s plenty of resources and I/Os with up to 32GB RAM, four SATA ports, multiple 8K/4K video outputs and inputs, dual Gigabit Ethernet, WiFI 6 and Bluetooth 5.0, a PCIe 3.0 x4 slot, and more.
-
@Syonyk, this made the think of you: CNX Software: Firefly is working on a Rockchip RK3588 Mini-ITX motherboard (ITX3588J) (https://www.cnx-software.com/2022/03/05/firefly-itx3588j-rockchip-rk3588-mini-itx-motherboard/)
I'm quite familiar with that SoC, have been... rather eagerly awaiting getting my hands on a proper technical reference manual for it, and have several 16GB Rock5 boards on preorder (RK3588, NVMe, and micro-HDMI in, which... if supported, could allow for some interesting use cases I've not fully thought through as a little portable KVM system). They're supposed to ship "Q2 2022," so given the state of supply chains, I'll likely see them sometime in 2025, and expect working kernel support sometime after that, though I hold some slight hope that they'll be similar enough to the RK3399 (which can support NVMe in certain configurations) that the port will be easy for basic functionality. Full GPU support would be nice, framebuffer support is enough for my immediate needs. So, facepunch away for that particular bit of stupidity, preordering promising looking new hardware, instead of sticking with the SBCs I have - though I'm also considering selling my 8GB Pi4, as they're regularly tapping $200 on eBay, and I can survive on 4GB - though the difference between 32-bit ARMv7 on 8GB and ARMv8/AArch64 on 4GB is quite noticeable. The right answer, which I've not built yet, is a Arm64ilp32 build of Ubuntu (AArch64 operating mode, 32-bit pointers/virtual address space, rather better memory density for typical use), and you may also entirely facepunch me for not having set one of those up. Honestly I'm not even sure how to go about doing it, maybe go Gentoo for testing... but the reality is that I just don't have the time to maintain an entire port of a Linux distro in a bizarre and mostly unsupported format that's certain to break something or another.
The Mac Mini M1 is shipping out, having... been a rather suboptimal financial, entirely facepunch worthy decision. Having spent roughly $2100 effectively on the M1 Mini and the LG 5k (in late 2020), plus scattered extra amounts for some SSDs and such (external drives), and whatever residual value the old keyboard/mouse from an iMac that failed (cost of the screen alone was roughly the cost of the system, so I parted out the rest - I don't have the skills to do screen/glass lamination separation and reconnection, should probably have learned that too), and that whole batch sold for about $1250, minus eBay fees and such, which are quite non-trivial on that. So, roughly, flushing $1000+ down the drain by buying a system I planed to use indefinitely and getting rid of it when it became all to apparent that Apple was heading in a direction I was not OK with, treating users as guilty until their device proved them innocent. Or, more accurately, not sufficiently guilty, yet. They've delayed implementation of the on-device CSAM scanning, though their statements about "planning to continue with the previous plan" indicate that they would still like to find some way to deploy it - or, at least, that's how I read it. Either by stealth or by waiting for a proper incident they can utilize, either way, I've no interest in it.
I remain unconvinced that there is a way to justify the use of modern consumer electronics devices from any reasonable ethical system, starting from first principles. I've not yet decided if buying used is any different from buying new, as it stimulates demand for more new hardware. Yet, as seen above, even there I'm inconsistent as I have (new) Rock5 boards on preorder. My personal server in the colo is also new hardware, built... a year or two ago, now. Give or take.
Anyway, I think the summary of this thread is, "I work with computers for a living and should not be trusted to own any of them outside work hardware, because I make exceedingly stupid decisions based on available information."
Please, rip into me as I deserve for this idiotic set of decisions.
-
You're buying this stuff because you're a technology hobbyist? I know it's not a face punch, because everyone needs a hobby...
-
You're buying this stuff because you're a technology hobbyist? I know it's not a face punch, because everyone needs a hobby...
I agree. Syonyk literally asked to get face-punched and I try to helpfully oblige. But honestly spending money on things that you actually value is a MMM ideal. The fact that we don't always know what will make us happy is just being human. Syonyk couldn't have know that Apple was going to go full big brother, for example.
I have had similar disappointing dev board experiences too. Live and learn, now I'm more careful, and better at packaging an entire ARM Linux FS with custom kernel at my house (but who has time for that)?
-
The stuff you all are talking about is way above my head. I took several Computer Engineering courses in college that barely scratched the surface of some of this... nope, nope, nope, retreated to Computer Science land after that :)
I won't be meting out any facepunches here as I'm guilty of the same sins. That said, for those lurking and interested, the following things helped me get off the tech forced obsolescence treadmill.
About a year ago my perfectly functional 2013 iMac went "Vintage" (in Apple-speak) and I couldn't update the OS, which means it was essentially unsupported and no longer receiving most security updates. Sigh. I refuse to use computers that aren't getting security updates, and I refuse to throw out working hardware. This forum, and Daley in particular, helped me pick a Linux distro to give this machine new life. The most difficult part was removing the adhered screen to replace the HDD with a SSD. Manjaro was easy to install, though finding the right kernel + video + wifi drivers required some trial and error (bespoke Apple hardware issues). And installing the rEFInd boot manager was a big improvement over GRUB. In any case, I'm very very happy with this setup. It just works, and it's FAST and feels lightweight compared to macOS and Windows. I really like Manjaro's rolling release update model. EOL for my LTS kernel is 2027, and I will likely update to newer LTS kernels as needed. I should get another 5-10 years out of this machine, perhaps more. So instead of junking that old device (maybe you recently upgraded?), throw a SSD on it and install Linux. This is a great low-risk way to learn and experiment with Linux as a daily driver.
For those considering a new laptop, a quick plug for Framework (https://frame.work/). I was in the market last year for a laptop and decided to take a risk on these guys. It's not the cheapest hardware, nor is it the most performant. [Sorry Syonyk, Intel only at this point.] But I love the concept and really hope they succeed long-term. Their initial launch was successful, and the Marketplace (https://frame.work/marketplace) is live, so that's all promising. Though the MBA side of me still worries that for-profit hardware companies can't really survive without premature obsolescence... I guess time will tell. I'm dual booting Manjaro/Windows and overall am very happy with it even though the screen is a little more floppy than I'd like (the trade-off for not being glued together) and battery life is mediocre. It's a great feeling to open up the internals and see the elegant design, and how all the components are intentionally serviceable, and are even marked with QR codes that link to tutorials and parts on the Marketplace. My hope is to keep this for many many years and upgrade and repair as needed. It's certainly not for everyone, but something to consider.
-
About a year ago my perfectly functional 2013 iMac went "Vintage" (in Apple-speak) and I couldn't update the OS, which means it was essentially unsupported and no longer receiving most security updates. Sigh. I refuse to use computers that aren't getting security updates, and I refuse to throw out working hardware.
I know it's history now, but did you consider an upgrade patcher to keep your vintage iMac supported? I.e. http://dosdude1.com/catalina/ (http://dosdude1.com/catalina/)
I'm running Catalina on a 2009 Macbook with no issues thanks to this patch.
-
About a year ago my perfectly functional 2013 iMac went "Vintage" (in Apple-speak) and I couldn't update the OS, which means it was essentially unsupported and no longer receiving most security updates. Sigh. I refuse to use computers that aren't getting security updates, and I refuse to throw out working hardware.
I know it's history now, but did you consider an upgrade patcher to keep your vintage iMac supported? I.e. http://dosdude1.com/catalina/ (http://dosdude1.com/catalina/)
I'm running Catalina on a 2009 Macbook with no issues thanks to this patch.
Yes. I wasn't excited about the prospect of running proprietary software on officially unsupported hardware via an unsupported hack. Besides, after making the move I now prefer KDE over DW's MacBook. Less clutter, cleaner, faster, simpler. I'm sure it helps that I used Linux professionally almost exclusively for ~10 years.
-
@ChpBstrd Also, unsupported operating systems running on unsupported hardware isn't likely to have microcode updates, firmware updates, current drivers and patched kernels for older Intel CPU specific flaws, either. Older Intel CPUs are dodgy enough on their own without running a hacked OS that disables core security features and no longer mitigates hardware specific vulnerabilities on any level, on top of already locking you out of the UEFI keeping you from disabling features like HyperThreading. Effort is at least made to keep older Intel CPUs as secure as possible under the circumstances under the Linux kernel. That is an expectation sorely missing from running bodged Darwin/OSX. Some people don't care about keeping their computer secure, and more power to them. You're not likely to find many of those people in this thread.
Speaking of EOL hardware and unsupported OSes, October 14, 2025 is gonna be a rough day in this house.
Besides, after making the move I now prefer KDE over DW's MacBook. Less clutter, cleaner, faster, simpler.
KDE on Manjaro can be quite buttery smooth, eh?
I want to prefer OpenSUSE Tumbleweed's rolling release implementation over Manjaro's, but Manjaro's default KDE implementation is second only to KDE's own Neon across all the distros I've tried.
That said, Manjaro+KDE isn't even enough to keep me booting back into Windows anymore. Either Linux as a whole has lost its way, or I'm no longer a marginally catered demographic. It doesn't help that Serif Affinity has completely ruined using GIMP/Inkscape/Scribus for me, either, and Affinity + WINE == U+1F4A9
-
You're buying this stuff because you're a technology hobbyist?
I'm not sure that I am, though. I don't actually like the stuff, but it's the world I know (I make a living in the weeds of it), and I keep trying to figure out if there exists a safe and sane way to use a modern computer on the modern internet (and that's separate from the ethics of it, see earlier). I have two "smart" things in the house (a Roomba, which is a pain in the ass but my wife likes it, and a Nest purchased 6 years ago, back when they'd not merged into Google and started accumulating more data). I wouldn't mind getting rid of both, but the Hestia Pi project doesn't seem to have enough relays on their board for my HVAC system (standard US heat pump, I need heat, cool, blower, and emergency heat/coils, they seem to have two relays - and the relays are EOL as far as I can tell, so I'd have to redesign the boards anyway). Much less controlling a water heater, though that should be replaced with a heat pump unit.
I've started trying to keep track of how much time I spend "working on computers to try and make them less toxic, so I can use them." Lately, this has been... a lot. I spent my evening adding a third boot option to the house PC, having spent time over the weekend moving an OS install from a larger to smaller SSD to free up an install for this machine, so I now have Qubes on a small scratch SSD, and can then nuke the Windows/Linux installs and clean them out - I don't think I want my server admin creds sharing system images with browsers and such anymore. That means that single system image machines, even the ARM boxes, are somewhat less useful, though aggressive removal of Javascript from my life except on a few sites I trust does seem to reduce some of the risk factors. And at least the ARM boxes aren't the standard x86 targets, but... still. I should probably work with Xen on them and see if I can get some split SSH going. Or simply not spend the time. The Rock5s, I'd like to port Qubes to, but... also a huge time commitment down in technical weeds. I think if I stopped using computers entirely outside work, and brief periods of use on "safer" OS configurations, I'd save an awful lot of time in my life. But that still presupposes there exists a safe, sane, ethical way to use a modern computer. And that's an awfully strong claim I can't begin to back.
Syonyk couldn't have know that Apple was going to go full big brother, for example.
No, but as they were the most privacy-focused of the tech companies in a number of ways (mostly in that they used to sell hardware, not data, although now they're all about those subscriptions), it would have been a good bet that they'd change direction at some point. Such heel-turns are common among the trusted tech companies, sadly. I timed things wrong.
...and better at packaging an entire ARM Linux FS with custom kernel at my house (but who has time for that)?
If such things are the only way one can somewhat sanely use a modern computer, such things then should be done. If hacking together your own OS images to gain a bit more performance let things work on weaker hardware, then one ought do such things. Maybe. I'm not sure anymore. Perhaps one ought simply "Go Galt" and let the whole tech ecosystems crumble. Does one person matter? No idea.
For those considering a new laptop, a quick plug for Framework (https://frame.work/). I was in the market last year for a laptop and decided to take a risk on these guys. It's not the cheapest hardware, nor is it the most performant. [Sorry Syonyk, Intel only at this point.] But I love the concept and really hope they succeed long-term.
If I had to buy a new Intel laptop, it would be a tossup between them and a Purism. Neither one works well, from what I understand, in terms of having basic stuff like sleep and wifi reliable, which suits me just fine.
I like the concept of repairable, upgradable laptops like the Framework. The acid test, to me, is "Will they release another board that's a significant upgrade?" When that happens, I'll be sold on the concept, but for now, until that's been done, it's a good concept awaiting proving. Pine64 is the same, I like their stuff, but if they release a RK3588 upgrade board or something, well, that would be amazing.
I'm running Catalina on a 2009 Macbook with no issues thanks to this patch.
Can you explain how it works? Not a "I run it, and can install the OS on unsupported hardware" - but what it's actually doing under the hood? The source is available, and I've not felt the desire to chew through all of it to understand what it's actually doing. I played with it briefly, but then decided it wasn't worth making all sorts of rather undocumented changes, via a random binary application, to the core of the OS I was planning to trust.
It's a neat trick, certainly, but I'm not convinced it's a good one.
Speaking of EOL hardware and unsupported OSes, October 14, 2025 is gonna be a rough day in this house.
The sooner you free yourself from that anchor, the better.
That said, Manjaro+KDE isn't even enough to keep me booting back into Windows anymore. Either Linux as a whole has lost its way, or I'm no longer a marginally catered demographic. It doesn't help that Serif Affinity has completely ruined using GIMP/Inkscape/Scribus for me, either, and Affinity + WINE == U+1F4A9
I expect less and less out of computers, and am usually pleased with the results. At this point, I no longer consider anything but a software framebuffer to be required. If my systems can't play videos, oh well. Such is life.
My attitude has changed to be, "If I can't do it within a system/OS framework I don't yet object to, it's not worth doing." It's limiting, certainly... but I'm also not convinced it's wrong, in the approach to computing. I do still keep Windows around for some gaming, but I'm trying to get off that, and Steam/Proton seems to be worth something there, as is the fact that Minecraft and KSP can run on Linux tolerably (just not Qubes - no GPU acceleration to be found there). I can't get a new GPU? Ok, I just won't do things that require one. I'm still strongly considering de-Inteling the house desktop, but it's a chunk of change I don't know I need to spend.
Anyway. Sorry. Rant about the horrid state of modern computing over. I think most of my new Qubes install is updated, so I'll let it sync mail down. Thunderbird beats gmail, anymore... though I've not migrated my email hosting off Google yet.
-
though I've not migrated my email hosting off Google yet.
Not that you asked, but I used the "free" Google Apps / GSuite / <insert 5 more names> tier for custom domain name email hosting with catch-all for 10+ years. Finally made the switch with the looming deprecation of the free tier. Using https://privateemail.com (under NameCheap (https://www.namecheap.com/hosting/email/), which I've been using for domains for a long time). I'm sure it's not perfect, but it worked well enough for me. $1-3/month per account, supports custom domains, catch-all, IMAP/POP3/SMTP/SPF/DKIM, has reasonably good spam filtering, a good enough web UI for managing manual filters, and works just peachy with Thunderbird. Also has some cloud/calendar/contacts storage if you want that kind of thing.
-
I'm running Catalina on a 2009 Macbook with no issues thanks to this patch.
Can you explain how it works? Not a "I run it, and can install the OS on unsupported hardware" - but what it's actually doing under the hood? The source is available, and I've not felt the desire to chew through all of it to understand what it's actually doing. I played with it briefly, but then decided it wasn't worth making all sorts of rather undocumented changes, via a random binary application, to the core of the OS I was planning to trust.
It's a neat trick, certainly, but I'm not convinced it's a good one.
I haven't dissected the patch either, but as I understand it the gist is to remove/edit the parts of the upgrade that a) detect incompatible equipment and error out, or b) would be incompatible with the older hardware such as modern graphics drivers, or c) prevent upgrades / cause upgrade regression errors.
I was suspicious too, but after a few hours of reviewing years and years of articles, posts, etc. about dosdude1, I decided to take the chance rather than trash working Apple equipment. Most linux distros and apps are also developed by strangers over the internet, and when you install open source software your trust system is the assumption that the broader community would probably identify and eliminate any malware written into the code. There are additional assumptions about the integrity of the websites hosting the images.
If I was running IT procurement for a bank, I would probably not be issuing 12 year old Intel processors with open-source software found on the internet to make it work. That would lead people to hold ME accountable for anything that went awry rather than mega tech companies like Microsoft, even if both options were equally secure and equally buggy. But to worry about such issues from the perspective of personal use might be overkill. Not clicking email links is 95% of the battle.
-
I was suspicious too, but after a few hours of reviewing years and years of articles, posts, etc. about dosdude1, I decided to take the chance rather than trash working Apple equipment. Most linux distros and apps are also developed by strangers over the internet, and when you install open source software your trust system is the assumption that the broader community would probably identify and eliminate any malware written into the code. There are additional assumptions about the integrity of the websites hosting the images.
Concerns about malware being written into OSS relative to proprietary products are, IMO, overstated. I worked the software mines for about 2 decades and witnessed an appalling general lack of controls and auditing around what gets released into the wild. The big tech companies are generally much better about this, but everyone else? Just terrible. All it takes is one disgruntled employee, or a security breach (most of these places also have awful security hygiene) and malicious code can go unchecked for years. Transparency and traceability are the main defense, and the Open Source community does this quite well. And the core parts of Linux are mostly funded by a collection of large tech companies who fund professional OSS developers. In other words, it's not really strangers writing code, but a collaboration of professionals that know each other well.
RE the integrity of sites hosting images, this is where cryptographic signatures come into play... it's really a non issue if these are being verified before install.
Really though, my main issue with an upgrade patch isn't malicious intent, but rather the hackiness of it. The OS/firmware/hardware interface is immensely complex and finicky. I simply don't trust that dosdude1 is going to get these details correct for an OS for which they don't even have source code.
-
You're buying this stuff because you're a technology hobbyist?
I'm not sure that I am, though. I don't actually like the stuff, but it's the world I know (I make a living in the weeds of it), and I keep trying to figure out if there exists a safe and sane way to use a modern computer on the modern internet (and that's separate from the ethics of it, see earlier).
I don't get it then. If you don't like doing it, setup a Linux system for the internet. Create a VM running Linux or Windows as required for each user to do their internet stuff. Purge the VM at some regular interval like once a week. You could probably automate this without too much trouble.
You'll be pretty safe from malware - if you get infected it almost surely won't be able to jump out of the VM and it'll only be around for a maximum of a week. And you won't be spending so much time doing stuff you don't actually like.
Or is this a trusting trust issue? https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf (https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf) That one's a lot harder...
-
I was suspicious too, but after a few hours of reviewing years and years of articles, posts, etc. about dosdude1, I decided to take the chance rather than trash working Apple equipment. Most linux distros and apps are also developed by strangers over the internet, and when you install open source software your trust system is the assumption that the broader community would probably identify and eliminate any malware written into the code. There are additional assumptions about the integrity of the websites hosting the images.
Concerns about malware being written into OSS relative to proprietary products are, IMO, overstated. I worked the software mines for about 2 decades and witnessed an appalling general lack of controls and auditing around what gets released into the wild. The big tech companies are generally much better about this, but everyone else? Just terrible. All it takes is one disgruntled employee, or a security breach (most of these places also have awful security hygiene) and malicious code can go unchecked for years. Transparency and traceability are the main defense, and the Open Source community does this quite well. And the core parts of Linux are mostly funded by a collection of large tech companies who fund professional OSS developers. In other words, it's not really strangers writing code, but a collaboration of professionals that know each other well.
RE the integrity of sites hosting images, this is where cryptographic signatures come into play... it's really a non issue if these are being verified before install.
Really though, my main issue with an upgrade patch isn't malicious intent, but rather the hackiness of it. The OS/firmware/hardware interface is immensely complex and finicky. I simply don't trust that dosdude1 is going to get these details correct for an OS for which they don't even have source code.
Somehow dosdude1 did it though. For my install, I experienced zero issues with peripherals, graphics, TimeMachine, preservation of user data and settings, etc. and experienced exactly no crashes or bugs. That ain't bad for decade+ old hardware. It was easier than installing Linux because it was just running an app and getting an update. Plus IIRC the patch app allows you to regress to the original OS.
Perhaps Apple's methods to limit upgrades to eligible machines are simpler than one might think. Write a script to swap out a few key files from the machine's older OS and off you go.
Another option for those who want a corporate development team on their side to keep old hardware up to date, is to enroll in the Apple Beta Software Program.
All this is not to say installing Linux on an old Mac is a bad idea. It's a great idea actually, that will cause the device to outlive your desire to use it and justify investments like new batteries. Beats the hell out of being one of those people who buys a whole new machine every 3-4 years at enormous financial and environmental cost.
-
Finally made the switch with the looming deprecation of the free tier.
Yeah, that's biting a few older domains I keep around, I may just drop them entirely and let them go to the spammers. I don't get much email on them anymore. Migrate a few things and be good.
Also has some cloud/calendar/contacts storage if you want that kind of thing.
I'm certain it won't sync to KaiOS... though we've gone back to a wall calendar on the home for most scheduling. It's nice - kids can view it, and it's not phone-based. Downside is no portable calendar, but we don't have that busy of a schedule that it's required. I could always port to a daytimer sort of thing, but it's just not been an issue.
But to worry about such issues from the perspective of personal use might be overkill. Not clicking email links is 95% of the battle.
It's probably overkill. However, I've been in the weeds of it long enough, and seen how broken it is, that to not do anything about it personally is not a path I'm OK with.
Further, it's not just local system security that's a problem - it's all the data collection going on for general internet use, and that's much harder to avoid. Aggressive blocking of trackers/ads, browsing without Javascript, etc, help a lot there - but you do lose a lot of website functionality that way. On the other hand, some quiet corners of the internet still work with JS disabled or mostly nerfed...
In some ways, I'm trying to figure out "Minimum viable computer." Unfortunately, "minimum viable computer" and "isolated silos" are at odds. See below.
I don't get it then. If you don't like doing it, setup a Linux system for the internet. Create a VM running Linux or Windows as required for each user to do their internet stuff. Purge the VM at some regular interval like once a week. You could probably automate this without too much trouble.
Done. ;) https://www.qubes-os.org/
That's actually exactly what Qubes is doing, just in a more flexible way. You have hardware separated VMs, all rendering into a common window environment, with dom0 drawn borders around each window so you know which domain it's from. There are defined paths between VMs if you want to use them, but it's designed to constrain untrusted workloads. You can have "restored on reboot of the VM" root directories with persistent home directory storage, fully standalone VMs, or disposable VMs that don't persist anything across reboot - and there's support for using those disposable VMs to open PDFs and the like, including a neat "render safe" option that renders a PDF in a disposable VM, and copies out an image-based copy of it that's removed all the fangs from nasty stuff. Throw in some DNS filtering, and it seems to be a decent option for casual use, as long as you don't care about GPU acceleration, and are OK with needing a lot of RAM. 16GB is useful for a toy, 32GB is more required for moderate use, and heavy use would require more. You might keep a separate OS install around to dual boot into if you need the GPU or something, too.
You'll be pretty safe from malware - if you get infected it almost surely won't be able to jump out of the VM and it'll only be around for a maximum of a week.
VM escapes are... less rare than one might prefer, really. Though Qubes uses Xen for the smaller codebase, and doesn't pass the legacy hardware through. That's where most of the bugs are. Don't pass a floppy controller to a VM you want to keep isolated, stick to the virtio/paravirt devices.
Or is this a trusting trust issue? https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf (https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf) That one's a lot harder...
I'm quite familiar with that paper, have seen modern implementations of it in practice, and it's part of why I don't trust computers... root of trust is hard. It's harder when things are so complex nobody understands the whole stack.
-
@Syonyk are you still done with Apple even though they quietly removed CSAM scanning from iOS?
-
Syonyk are you still done with Apple even though they quietly removed CSAM scanning from iOS?
Unfortunately, and please facepunch hard for my failures here, I'm back to using iOS at the moment on my existing 2020 SE. The hardware of the Flip IV was not holding up to moderate use - I got sick of keys double and triple pressing. It was to a point after a year of use that I couldn't even dial a phone number without several corrections in a 10 digit dial, and you can imagine just how difficult that makes T9 texting. I got halfway into the phone to dismantle it before running out of ideas without a lot of prying, and it was far from clear that the issue was dust ingress anyway - probably, but there are a range of other failures for "clicky" buttons that aren't repairable. I was also somewhat tired of trying to deal with large group texts on it - any sufficiently long chain I had to regularly delete and wait for new messages, because more than 20-30 messages in a chain and it would start responding very slowly, and with more than 100-200 total text messages on the phone, it would take seconds to open the app, similar amounts of time to open a thread, etc. It did not handle even moderate use very well. It also didn't handle casual moisture very well at all - being in my pocket in the evening on a fall evening got enough moisture in it to make it act very strangely until it dried out. I wasn't swimming or anything, just a humid fall evening, in my pocket.
There are some other KaiOS devices that are supposedly more rugged, or perhaps higher performance, but after a year I more or less gave up. Spending $70 or so on the experiment was fine, spending several hundred for a more rugged device to continue the experiment with an OS that isn't getting updates, and generally wasn't working well for even mild use, didn't strike me as a good use of funds when I had a perfectly good iOS device (facepunch) that I'd already purchased, and was sitting around for the things I couldn't use a KaiOS device for. One of the buildings I have access to is app-access only, and I do some Part 107 drone operations (commercial flying) on occasion that requires a smartphone (yes, facepunch away, I have a DJI drone that exfils everything to China like the rest of all consumer electronics, I try not to use it very often and I've not built my own with comparable image processing and stability, or written my own apps to interact with it - I just generally try to run with no network connectivity when operating).
I agree that Apple seems to not have actually pushed the CSAM scanning, removing the most serious objection I had. They've also added Lockdown with iOS 16, which adds quite a few things I find of value - removing the "complex external parsers" for iMessage/SMS, removing complex image formats, eliminating JIT for Javascript, eliminating web fonts, WebGL, WebRTC, and a few other things that are large, complex, exploitable surfaces. I'm still done using them for desktop, but, yes, facepunch away, I'm back to using one as a phone. It's stripped of almost all apps except the basics of what I need for communications, and it spends a lot of time shut down and tossed in a backpack pocket somewhere.
I would still prefer a device that wasn't Apple or Android, but, unfortunately, it does seem as though the modern world relies on those to a far greater extent than even I was willing to deal with. Someone hardier can probably make KaiOS or a ZeroPhone or such work better for them. I just ran out of patience with it around the time the hardware failed on me.
I'm not using Apple on the desktop anymore, though. Despite the M1 MacBook Pro being exactly what I've always wanted in a laptop, I'm making other hardware work, and have generally been migrating to Qubes on all my hardware for better isolation between domains in my life. It doesn't run on ARM boxes yet, and I haven't carved out the six months or so to make that happen (it should be possible, but the ARM SBCs are a bit short on RAM, and the new boards that support more RAM on the RK3588 don't exactly boot and run even the Linux kernel to a desktop yet - not that I've been spending much effort on making those work either). So that does, annoyingly, require some x86 class systems.
... sorry, I think I hate computers, what we've done with the internet, the data collection habits of consumer electronics, etc. This is awkward, with it being my income source. And I clearly don't hate it enough because I've not gone through the process of building my own alternative systems that don't do things I dislike that are yet interoperable with modern systems. I just host my own server, silo things, and aggressively adblock. Again, facepunch away, I'm not posting from SyonykOS.
Sufficient to continue making fun of my idiocy for ever having used a computer in the first place?