This week in tech: Bloomberg’s hit piece on Supermicro, iPhone Xr reviews surface, and new Macs coming next week

First off, here is the Bloomberg article that claimed Supermicro’s hardware had been compromised during manufacturing in China:

https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom

Companies that utilize servers with motherboards manufactured by California-based Supermicro have all come out stating that the Bloomberg article was hogwash and that there is no evidence of any compromised hardware or software on the supposedly affected servers. This includes tech giants such as Amazon and Apple who would definitely have a lot to loose if they were trying to cover this up. It’s clear that Bloomberg is full of it and should retract the story since the evidence is clearly not there. Should be interesting to see how this plays out legally since the story sent Supermicro’s shares plummeting. Looks like I won’t be reading anything from Bloomberg anymore.

 

Secondly, the iPhone Xr has arrived in the hands of tech reviewers and the first reviews are surfacing. Here are some substantial ones by Nilay Patel at The Verge and John Gruber:

https://daringfireball.net/2018/10/the_iphone_xr

https://www.theverge.com/2018/10/23/18011306/apple-iphone-xr-review-camera-screen-battery-price

I have some strong opinions regarding the 326 ppi LCD screen on a $750 phone but then again I haven’t seen it in person so I can’t judge just yet.

 

Finally, we have some new Macs coming! I am very excited to see a new Mac mini as well as a nice refresh for the rest of the lineup.

https://appleinsider.com/articles/18/10/24/four-new-macs-spotted-in-eurasian-regulatory-filings

 

 

 

Xamarin Tips and Tricks – Re-generating the Mono GAC after updating .NET SDK

In my current work environment we use Babel for .NET to obfuscate our Xamarin binaries. The nice thing about Babel is that it’s the only Xamarin obfuscator that runs directly in macOS, eliminating the need for a Windows machine just for release builds. Things were working fine until after I installed the latest Visual Studio for Mac update along with the latest version of Xcode, Xamarin SDK, and .NET SDK. Turns out that Babel got removed from Mono’s Global Assembly Cache which is basically where DLLs (like Babel’s build DLL) get tracked so you don’t need to use an absolute path to the DLL to reference it. Adding the DLL back via gacutil solved it (if you have Babel the gacutil command syntax was included with the zip they send you). I am guessing you’ll need to do this every time there is a major update to the .NET SDK or Mono framework. Thanks to Alberto from Babel for the solution.

Fixing things broken by macOS Mojave

I haven’t had enough time to fully play around with Mojave so I can’t write a full review yet. Things have already broken (as expected) and I will be keeping this list updated as I find and fix them:

Subpixel antialiasing workaround (have yet to try this out myself): https://www.reddit.com/r/apple/comments/9inu3e/if_the_font_rendering_on_mojave_looks_odd_to_you/

Missing Safari Extensions (such as uBlock Origin): Once starting up Safari after updating to Mojave you will notice that your extensions are gone. You will also notice trying to install extensions from Preferences > Extensions redirects you to the Mac App Store since Safari extensions are now hosted there. You can still install extensions from the Safari Extensions Gallery website here: https://safari-extensions.apple.com/?category=mostpopular

Recently opened apps added to Dock: You will notice that apps that you haven’t pinned to the Dock are still there even after you close them. This is because the option “Show recent applications in Dock” is now enabled by default. You can turn it off under System Preferences > Dock > Show recent applications in Dock.

MITM Attacks in Mobile Apps

A Man-in-the-middle or MITM attack is a common technique used to steal data during transport to and from a web service and a mobile app. An easy way to see what sort of data your app is leaking is to use a MITM proxy server such as the Python based mitmproxy. Today I’m going to show a quick demo using a small app that sends and receives JSON payloads with mitmproxy capturing all that data. If you want to try this out yourself you can use your own app or feel free to use mine:

Requirements:

-A mobile app to test with (the one used in the video is available here: https://github.com/ShravanJ/MITMAppDemo/)

mitmproxy

-A web service endpoint to deliver a JSON payload (I used json-server for testing)

You will need to setup mitmproxy to work with your phone with the following steps. Once you have that setup you can test how your app handles web service requests whether it be JSON, SOAP, or loading images and videos. This should give you some insight on how easy it is to see what your app is doing when communicating with a web service. One way to help prevent this is to implement Certificate Pinning. I have provided some implementation guides below:

For Xamarin apps:

https://github.com/chrisriesgo/xamarin-cert-pinning

https://thomasbandt.com/certificate-and-public-key-pinning-with-xamarin

For native iOS apps:

https://github.com/datatheorem/TrustKit

https://www.bugsee.com/blog/ssl-certificate-pinning-on-ios-using-trustkit/

I will probably be doing another video with a web service running over HTTPS and show how Certificate Pinning can help stop MITM attacks. And as usual, thanks for reading.

The (super short) iMac Pro Review

I recently upgraded my work Mac mini (Late 2014) to the base iMac Pro. After spending about a week working with it I am pleased to say that it has surpassed all expectations I had for it.

iMacPro

DESIGN

The iMac Pro is the first iMac to be finished in the modern Apple “Space Grey”. This, along with the 27″ 5K panel, make for a striking combination. The included space grey accessories and a black Lightning cable are a nice touch. Overall the iMac Pro has a great desk presence for any setting. This is the first iMac I have ever used an the compactness of having a screen and processing hardware all-in-one is great for saving desk space and general aesthetic.

PERFORMANCE

Here is why I really went for the iMac Pro: the 8 core Xeon-W processor matched with 32 gigabytes of ECC DDR4 RAM and 1 TB NVMe based storage (which is actually dual 512 GB drives running in RAID 0). The performance is simply staggering, with apps opening basically instantly. The biggest difference I saw was in Xamarin.Forms app build times which are cut in half in most of my workloads. Compiling, uploading, and debugging are noticeably faster and smoother compared to the maxed out Mac mini I was using previously. I haven’t tested out native Xcode project build times just yet, but I am guessing it will be halved as well. The only issue I have had so far, and this isn’t really related to CPU performance, but viewing a 5K display over VNC through a VPN was terrible through the built in VNC server. I tried RealVNC as I use on the other development Macs but the latest licensing model has switched to a yearly subscription so I had to look elsewhere. I ended up settling with OSXvnc (https://github.com/stweil/OSXvnc) which performs somewhere in between the built-in VNC server and RealVNC. Setup was pretty easy, only thing I had to do manually was set it to launch at login via System Preferences.

SUMMARY

Overall the iMac Pro, even with it’s base config, is a fantastic development machine. It is a massive step up from the late 2014 Mac mini and most consumer grade Macs in general. If you can justify the $5,000 price tag it is totally worth it.

 

How to use a piezoelectric buzzer with ARM based Arduino compatibles

I recently had to integrate a basic passive piezoelectric buzzer into a project utilizing the Adafruit Bluefruit Feather nRF52, which is an Arduino IDE compatible development board that is based on the Nordic Semiconductor nRF52832 SoC containing an ARM Cortex-M4F processor. Upon googling how to use a piezo buzzer with Arduino all guides pointed towards using the build in tone() library which should do the trick. But there is only one problem, there is currently no native support for ARM based controllers due to some changes in timings that would need to be made from the AVR compatible version. The solution is simple, just use basic PWM to make the buzzer buzz. Here is a wiring diagram to get it working:

buzzer

Just hookup the positive side of the buzzer to any PWM supported header and the negative to ground. In this case I have it connected to A4 which translates to digital output 28 according to this pinout:

nRF52Pinout

Now that we have the wiring done, we need to write a program to address the buzzer. This requires the Arduino IDE of course along with the correct BSP installed (check Adafruit’s website for the BSP install info for this particular board). Now for the program itself.


int buzzerPin = 28;
long input = 0;
void setup()
{
pinMode(buzzerPin, OUTPUT)
Serial.begin(115200);
}
void loop()
{
if(Serial.available() > 0)
{
input = Serial.Read();
if(input > 0)
{
buzz(input);
}
}
}
void buzz(long duration)
{
for(long x = 0; x < duration; x++)
{
digitalWrite(buzzerPin, HIGH);
delayMicroseconds(1000);
digitalWrite(buzzerPin, LOW);
delayMicroseconds(1000);
}
}

view raw

buzzer.ino

hosted with ❤ by GitHub

This solution allows you to enter in the duration of the buzz into the Serial Monitor and the piezo buzzer will buzz for that allotment of time. It uses digitalWrite() to send an alternating HIGH and LOW signal to the buzzer with a 1000 microsecond delay between modulation. Changing the delay will alter the pitch of the buzz, with lower delays providing a more high pitched sound and higher delays providing a lower pitch. Feel free to change the delays to match your desired pitch. This quick and simple solution will pretty much work with all Arduino compatibles that support digitalWrite().

Intel RealSense D435: Intel’s answer to Kinect?

Today I placed a pre-order in for the Intel RealSense D435, a stereoscopic depth sensing camera that is the new flagship device from the Intel RealSense family. You may already be using a RealSense product in certain Ultrabooks since the RealSense modules are used for Windows Hello. The latest RealSense D400 class cameras feature an all new image and depth processors as well as stereo depth cameras. This is what really sets it apart from the Kinect, which just uses a single depth sensor paired with an active IR projector to improve depth data. Now with two depth cameras, you can get a wider FOV and still maintain acceptable resolution. The specs on paper are really quiet impressive, mainly regarding the resolution and FPS of the depth sensor. The D435 can gather depth data at a resolution of 1280 x 720 @ 90 FPS, which makes the Kinect v2’s depth data capture of 512 x 524 @ 30 FPS look pretty basic. Then again, the Kinect v2 was launched in 2013, so I expect Intel’s latest hardware to be better. Hardware aside, the D435 looks to be a worthy successor to the Kinect, but for my use case I care more about the software. The project I worked on last summer relied solely on the Kinect’s native skeletal tracking functionality in the Kinect for Windows SDK. Without that our time to market would have been greatly diminished if we took a more object tracking based approach to our application. We have continued to rely on the body tracking for other projects as well, so body tracking in our next camera is also a must. The Intel RealSense 2016 SDK did contain preview components of body tracking, but that is only limited to older RealSense cameras. Sadly, the RealSense SDK 2.0 which the D435 requires does not include any body tracking functionality. A company by the name of 3DIVI claims to have the solution with their NuiTrack SDK, which offers Kinect-like body tracking functionality with competing depth sensing cameras such as the Orbbec Astra. The website claims that Intel RealSense support is coming soon. Apparently Microsoft is referring Kinect customers to go with Intel RealSense for body tracking and my best bet is that Intel will have some sort of deal to work with NuiTrack. I have no idea if there is going to be any special licensing for RealSense customers or if we will have to pay the same licensing fee as someone who is using say the Orbbec Astra. We will just have to wait and see. According to my confirmation email, the D435 should ship out within 6 weeks, I’m hoping it comes much before then. So far my experience with the Orbbec Astra, a camera that we evaluated as a replacement for the Kinect even before Microsoft announced the discontinuation, has not been so great. The hardware doesn’t seem too bad, but the software is really what killed it for me. The current body tracking SDK, while in beta, is nowhere near that of the Kinect or even NuiTrack. The example program would often mistake my Herman Miller Aeron chair for a person and offered very poor tracking in poses and positions that are relevant to our application. There development pace has been picking up but is still pretty slow. I am not very likely to continue to pursue the Orbbec route and instead plan on sticking with RealSense along with NuiTrack. The combo offers better hardware and software than Orbbec and their own home grown SDK solution. Still, this will basically be a completely new platform overhaul, mainly due to the fact that we had a lot of .NET conveniences when developing with Kinect, and NuiTrack is based in C++. I am still learning C++, so jumping straight into a project involving sophisticated depth sensing equipment and interfacing with other peripherals will be quite a challenge. Then again, I do like these sort of challenges. I’ll post more about the D435 when I receive it as well as a deeper dive into the NuiTrack SDK once we buy a license. Stay tuned.

 

 

Upgrading the 2014 Mac mini to Solid State Storage

The late 2014 Mac mini, unlike all of the other Mac mini’s before it, features soldered on RAM as well as very difficult to access hard drive that is not intended to be user replaceable. Because of this, along with the lack of a quad core i7 option, have led people who wanted Mac minis to go for a used 2012 model. Since I purchased my Mac mini for work, I settled with a late 2014 because I wanted the warranty as well as the newer processor as well as longer support for macOS. I settled on the 2.6Ghz Core i5 with 16GB of RAM and the molasses slow 1TB 5400 RPM hard drive. Since I was spoiled by the performance of the PCIe SSD found in my late 2013 Retina MacBook Pro I didn’t know how slow macOS is on spinning media. It is *really* slow, to the point where my MacBook was a faster development machine. The whole point of buying the Mac mini was so that I didn’t have to dock in my MacBook Pro to my monitors and peripherals every time I needed to get work done. So after months of putting up with molasses slow disk reads and writes I decided to look into a SSD upgrade. After watching a few YouTube videos on replacing the internal HD I realized that not only is it excessively difficult for a hard drive replacement but that there are so many things I could end up breaking along the way. I need my mini for work and I was not so keen on opening up a new $800 computer. So I looked at external drives and saw USB was an option, however there were some drawbacks. USB 3.0 has a max throughput of 5.0Gbps and SATA is 6.0 so I wouldn’t be getting the full bandwidth. UASP compatible SATA to USB connectors promised almost full SATA like performance since it attaches USB over SCSI. This is also supposed to enable TRIM support but from what I read macOS does not allow TRIM over USB. So USB 3.0 was out, so what other high speed connection is there on the Mac mini. Thunderbolt of course! With a 20Gbps link speed, Thunderbolt 2 is still a very fast standard and provides more than enough head room for SATA. I finally came across the AKiTiO Thunder SATA Go, an external Thunderbolt dock that connects SATA to eSATA to Thunderbolt, negotiating a full 6Gbps link speed. Since this is basically like a direct SATA uplink TRIM is natively supported on SSDs. Sweet. Paired with a Samsung 1TB 850 EVO and you have an absolutely killer SSD upgrade for your Mac mini without even opening it up. This convenience does come at a cost however as the Thunder SATA Go is $95, a price you would not have to pay if you just upgraded the disk internally. I think it’s worth it though since I was able to get up and running in about 2 hours after cloning my hard drive to my SSD using SuperDuper!, setting it to my start up disk, and then erasing my spinning hard drive. I now have 1TB of super fast solid state storage and 1TB of bulk spinning storage which is more than I will ever need for a development machine but boy was it worth it. Boot time, app start up time, and overall system responsiveness have increased 10 fold. Feels like a different computer now, finally a true replacement for my MacBook Pro.