JamesBrickley

rob53 said:

What about formatting external RAID HDD as APFS? OWC’s SoftRaid is waiting for Big Sur to make this happen. My RAID can’t be used to backup my Catalina APFS volumes. 

You do not need to format your NAS as APFS.  But you need to setup something to act like an Apple Time Capsule. For example, my ZFS NAS has a tiny virtual machine running Linux that simulates the Apple Time Capsule.  When I create a backup using the Apple Time Capsule it creates a DMG sparse image for each Mac.  When doing so from a Big Sur Beta test Mac it creates the DMG sparse disk using AFPS.  If I encrypt that image it still works.  This is how off-the-shelf NAS providers like Synology work. They run the open source tools to simulate a Time Capsule over SMB (Netatalk). 

You can do this without a Time Capsule emulation but it's a bit harder and requires you enable Time Machine over SMB on each Mac which is officially unsupported.  It does in fact work.  Here is the override.  But I don't recommend this method.

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

The supported method is if you were to run say a Mac mini with macOS High Sierra or above you could do it that way.  Just mount the NAS storage on the Mac mini  and turn on File Sharing select the mounted NAS folder and right-click it select Advanced Options and check the box to enable Time Machine network location.  It will provide the intermediate Time Capsule like functionality and it will be fully supported by Apple.  You don't even need macOS Server.  It's quite a bit overkill in overhead and cost considering you can do the same with even an old Raspberry Pi and Netatalk open source project for far less and with far less overhead. Heck you could run quite a bit more on a Raspberry Pi 3+ and not even stress it much.  Like a print server and a Pi-Hole (network wide ad-blocker), etc.  But you could probably find alternative uses for the Mac mini to do many more things as well.

Remember that Mac's are still UNIX and they play extremely well with UNIX/Linux and when there is a will there is a way.  You don't need to do everything with Apple. But Apple still makes things rather easy, you just need to know how to peel back the layers to find it at times.  Bet most people didn't know that macOS High Sierra can run a Time Machine server.   I just checked it's still an option.  

The ARM A12Z is just to get the developers running on the new silicon.  It's not what Apple will be shipping in production but it's enough for development testing and porting, etc.  It is currently not too shabby but I am waiting for the real architecture.  I fully expect it will be stunning and there will be rapid progress year after year.

Something tells me Intel won't be so smug in 2 years.  Apple has none of the constraints that tie the hands of Intel / AMD. Apple will move forward much faster than they can imagine.  Looking at what they did the last few years should be proof of that.  Apple will hit 5nm sooner than Intel and AMD will be there as well but even AMD won't be able to keep up for long.  Apple chips won't be sucking down hundreds of watts and they will be going much faster than chips that do.  

But the real threat is if Apple decides to start producing server class silicon or perhaps licensing it...

Just in time for iOS 14 to be announced and Apple to squash the exploit.  There are some definite good reasons to Jailbreak. But most of those have gone away since the early days.  Now it's more about perhaps being able to run a Wi-Fi explorer and analysis tool whose basic functionality is not allowed.  But for the most part, Jailbreaking is not that interesting until you get into forensics and want to deep dive on the hidden metadata that stays on device.  The sort of data the FBI desires.  

Physical access to any device would result in potential exploit. If one were to hand over a device to law enforcement or especially border control and received it back, you should immediately reset the device via DFU mode and set an entirely new strong passcode.  I wouldn't even unlock it, I would shut it off and connect it to a computer in DFU mode then wipe it and re-download and install the signed operating system. Then restore backup from the computer.  Previous backups being made regularly to the computer and not iCloud as your iCloud backups are not encrypted and Apple could supply your iCloud backups to law enforcement.  

For maximum security, don't use iCloud and especially not iCloud backups. Set a very strong passcode of 20+ characters.  If handing over to someone else disable FaceID/TouchID so only the passcode is allowed.  If they give the device back, you either destroy it or DFU wipe and restore the OS and restore a local encrypted backup.  

If traveling across nation state borders either don't bring your primary device or bring a burner you can discard. They may demand you unlock the device so they can inspect / image it. Border security laws are drastically different than normal law enforcement. They may seize your device. The US, Australia and New Zealand have highly invasive demands.

But the truly paranoid will simply go off grid.  Zero electronics whatsoever.  Your smartphone is constantly broadcasting unique identifiers over cellular, wi-fi, bluetooth, or NFC and you can certainly be tracked. When you see that COVID-19 map of those cell phone users on the Daytona FL spring break beach and each device was tracked back to their homes across the country.  That should open ones eyes that metadata is extremely valuable.  Many retail stores are tracking your movement through the store by using these broadcast identifiers and if you pay with a credit card or store card or use a membership card they tie all that data together and identify you.

The encrypted data stores on an iPhone contain far more detail that never leaves the device.  But Android phones send all that data back to Google.  Notice how Google is not being hounded by the DOJ only Apple.  The most sensitive privacy data is kept on the device and as such Apple is providing the highest level of privacy at this time. 

In many cases these Grayshift articles are not explaining the details such as the latest model iPhones not being vulnerable but because there are so many older models these devices are still viable for law enforcement.  When the DOJ mentioned that latest crack against the terrorists iPhones they mentioned that the technique used already doesn't work on the latest models.  That might have been a reference to the hardware flaw that Apple fixed after the iPhone X that was the beginning stage of a jailbreak.  The Grayshift device has found some way to side-load a hidden App that breaks the rules sandboxed apps normally follow.  It's possible the device is indeed jailbroken.  Some Apps such as BlackBerry Work among others will detect the jailbreak and cease functioning as well as destroying the encrypted corporate email storage. Most MDM managed devices would also report on a jailbreak and an MDM administrator would then remotely nuke the device for security purposes.  

If a device leaves your possession you can no longer trust it.  This has always been the case.