ranson

The OLED panels used in the current iPad Pro displays are known as a "single-stack product," 

What? The current iPad Pro displays are Mini-LED. iPads have NEVER used OLED panels! This site has really gone downhill in quality. Typos everywhere; Basic, well-known facts being completely wrong. We readers point out the problems, and nobody cares to correct the article.

harrykatsaros said:

They shouldn't compromise on anything. If they start making compromises the Apple Vision ends up just becoming the Meta Quest with a different logo slapped on it. Just wait it out and let the Gen 1 Vision Pro become the lower cost entry level option when component prices drop as Gen 2 and Gen 3 devices get released. They just need to follow the same pattern they've been using with the iPhone where the older gen device evolves into a lower entry cost phone as the new iPhone is released. It's a proven strategy so why fix what isn't broken.

What are you even talking about here? Since the iPhone 11, they've released Pro and non-Pro versions of the iPhone every year at the same time. The non-pro version comes with a less powerful screen (60hz max without ProMotion), a less powerful camera array that lacks telephoto zoom and lidar, a less powerful cpu/gpu, and a slower modem. These are consistent differentiators between the pro and non-pro lines every year. Why would they not do the same w/ Vision?

The EyeSight feature provides no benefit to the user/wearer of the device. It's nothing but a shiny bell, requiring a custom, curved oled screen and multiple sensors, that is unnecessary for an entry-level device. Removing it would make the headset not only cheaper, but thinner, lighter and less power-hungry. When they showed off EyeSight in the launch video, I literally rolled my eyes at how much more expensive the device would cost for such uselessness, and mused that I'd happily pay for a cheaper version that didn't include it.

Apple's primary goal is profit. You make profits by selling in high volume (to the detriment of your competition) at excellent margins. You can't do that when a product is too expensive because you've baked in bells and whistles that few users would actually care about, thus diminishing demand for the product. Apple is likely discovering through their own consumer research studies that, while EyeSight is a killer feature, it is not enough of a draw for people to justify spending an additional $3K over just buying a Valve or Meta headset.

There are other opportunities for Apple to save here too, by farming out some of the built-in features of Vision Pro Gen1 to other parts of the Apple ecosystem. For example, consider the sensors that are constantly trained on your hands to detect finger taps. You may recall that the latest Apple Watch now detects the same gesture.  So they could remove those sensors from an entry level Vision device, and allow the user to instead wear an Apple Watch to enable the feature. At the same time, this would address some of the reliability issues of that feature on Vision Pro when the hands might be obscured from the cameras.

clexman said:

The headline should be, "Person comes in 2nd, wants the same trophy as the person who came in 1st." Says, "Rules are not fair and shouldn't be followed."

I disagree here, because the circumstances are highly unusual. The reasons the Apple employee was not first to report the vulnerability are listed out in the article. In simplest terms, it boils down to someone who does not work at Apple and was not involved in discovering the vulnerability having effectively overheard the Apple team talking about their discovery during the hackathon and submitting the form first. The reporter likely just provided the steps to reproduce the attack to Google, all while the original discoverer was still working to author a deep technical description of the vulnerability and identify any similar or derivative methods of exploiting it.

Imagine physicist who makes an amazing discovery, or an astronomer who discovers a new asteroid or dwarf planet. And now imagine someone else who witnessed the discovery actually going to publication with details about it before the discoverer. That would be the death knell for the ninja's career because it's plagiarism.

When someone makes a novel discovery, everyone else should provide space and deference for the discoverer to confirm their findings and report them properly and completely. In the case of cybersecurity, this is especially important because denying someone a bounty for finding a vulnerability (much less, awarding it to someone completely disconnected from the discovery) will only encourage the discoverer to stop participating in the bounty program going forward. And since they are the one actually finding the vulnerabilities (and not the ninja), we absolutely want them to continue in the program, so as to ensure the most secure products that the vast majority of the world is using every day of their lives.

AppleInsider's "Unlikely" rating for this rumor is spot-on.  If this were true, Apple certainly would have made it a major talking point as part of their big reveal last month, given the general lack of substance around Day 1 content and app offerings.

This is an interesting choice with somewhat dubious reasoning: pay us $8 for the continuing privilege of using the least secure MFA mechanism.

Most likely, the SMS's were too costly for Elon's liking, while Authenticator apps are both more secure and effectively free for Twitter to support. So from a financial perspective, it makes a lot of sense. From a security posture, forcing users off of SMS and over to an Authenticator app is a good long-term decision.

However, the outright disabling of nonconforming users' existing SMS MFA on March 20 is a terrible idea, as it will expose what is likely millions and millions of accounts to being compromised, should their passwords have been previously harvested. This will particularly impact users who rarely access Twitter anymore, if at all. A better approach here would be to retain the SMS MFA on those users indefinitely, but require them to explicitly disable MFA or switch to an Authenticator app the next time they access Twitter after 3/20. You should never just turn someone's MFA off without their explicit approval.