nht

Soli said:

blastdoor said:

I sure hope 2017 is the year Apple returns to regularly updating the entire mac lineup. 

You may get a year where you'll see everything updated in that year, but so long as they are dependent on Intel you're not going to get anything "regular."

Always with the Intel hate.  

Apple updates when it is prudent to do so.  It can spec bump every year if it wanted to but it's not critical to do for every Mac product anymore.  Especially since most of Intels improvement has been laptop focused.

Intel's new process-architecture-optimize will make the annual updates more regular vs the far more aggressive tick-tock where delays happened more often because the tick part is pretty hard to do. 14nm took a while to get right.

billybob88 said:

georgie01 said:

billybob88 said:

http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/

So the Pegasus exploit has been around since IOS7, yet we claim iPhone are so super secure. No, we don't know what other flaws exist in the OS to really make that claim.

It's worth noting that exploit has been fixed, as explained in the article.

Obviously we don't know any other flaws in iOS until they're discovered and so we must take things seriously. However, that doesn't draw any conclusions as to how secure iOS is relative to other OS's. There is much reason to believe that iOS is very secure. That is, unless someone wants to believe it's insecure because of one article about an exploit, in which case we are all capable of believing nearly anything.

Actually we can
https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html (984 exploits)
https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html (746 exploits)

These phones and their operating systems are very complex, so issues will arise. But there really isn't such a big difference between them in the grand scheme of things.

First, CVE identifiers do not map 1:1 to vulnerabilities.  Further the iOS vulnerabilities include webkit/safari vulnerabilities while the Android ones do not include webkit/Chrome vulnerabilities.  That's a large percentage of the vulnerabilities listed for iOS right there.  In fact the iOS vulnerabilities include chrome vulnerabilities while android doesn't.

https://www.cvedetails.com/cve/CVE-2016-5131/

How's that for weird.

Also a lot of the CVE's state "in Apple iOS before 10..." so many of the CVEs were addressed on the vast majority of iOS devices in the wild.

So there is a huge difference in the number of vulnerabilities between iOS and android.  Android has a lot more and a higher percentage still exists in phones being sold today with older versions of Android that don't contain the latest security fixes.  Some cheap phones still ship with Lollipop and a couple flagships still ship with Marshmallow.

There was a good talk be Brian Martin (vulndb) and Steve Christey (from MITRE, the source of the CVE statistics) about vulnerability statistics talk at Blackhat a few years ago that I wasn't able to attend but short version is comparing iOS CVE counts to Android CVE counts is bogus.

CVE also isn't a complete set.  For example OSVDB was tracking nearly 40,000 vulnerabilities that did not have CVE assignments before the maintainers pulled the plug on OSVDB.

Evidently newegg is the US distributor.

Soli said:

anantksundaram said:

jungmark said:

Could've ask Apple to review when they got very inconsistent results. Could've saved us from this mess. 

There was no mess. It was simply and correctly resolved in a couple of weeks. 

It was was no big deal. 

I disagree. You don't get 4.5 to 19.5 hours running the same test and then publish results that affect buying decisions for the company with the largest mindshare. This was an opportunity for CR to get extra press. I wouldn't call their actions nefarious, but I would say that their methodology with CE has repeatedly shown to be shoddy. If you want sold reviews of soft-coded technology then use Wirecutter.

They didn't even follow the same procedure as all other tests on other laptops.  The procedure in all other tests was to average the results and compute the score. Instead they decided that because their test was broken to only use the lowest score.

crowley said:

nht said:

They ignored it when making their senstionalist and incorrect assertion that MBP battery life sucked.  They even stated they ignored it.

No, they didn't ignore it, they explicitly called it out in the original blog post, even though it didn't form part of their standard testing regimen:

Once our official testing was done, we experimented by conducting the same battery tests using a Chrome browser, rather than Safari. For this exercise, we ran two trials on each of the laptops, and found battery life to be consistently high on all six runs. That’s not enough data for us to draw a conclusion, and in any case a test using Chrome wouldn’t affect our ratings, since we only use the default browser to calculate our scores for all laptops. But it’s something that a MacBook Pro owner might choose to try.

They also plainly suggest that the problems are due to software bugs (no further "comprehensive" testing needed) with their reaction and communication to Apple:

Consumer Reports has shared diagnostic files pulled from all three computers with Apple in the hope that this will help the company diagnose and fix any problem. We will report back with any updates.

(Both quotes from http://www.consumerreports.org/laptops/macbook-pros-fail-to-earn-consumer-reports-recommendation/

And I hardly think calling a result "varied" and "inconsistent" when it has been exactly that is "senastionalist" or even an assertion that it "sucked".  Indeed, I rather think you're being sensationalist with your stymying of Consumer Reports.  

Their standard tests were hampered by a software bug that didn't exist on previous products, Apple are fixing it, CR will retest.  No need to accuse anyone of being unreasonably lazy or negligent.

They posted a sensationalist "not recommended" because they deviated from their own methodology rather than state that they could not provide a rating at this time.

"However, with the widely disparate figures we found in the MacBook Pro tests, an average wouldn’t reflect anything a consumer would be likely to experience in the real world. For that reason, we are reporting the lowest battery life results, and using those numbers in calculating our final scores. It’s the only time frame we can confidently advise a consumer to rely on if he or she is planning use the product without access to an electrical outlet."

They deviated from their own method by using the lowest score rather than the average that they do for all other laptops.  Why?  Because they knew if they flunked the MBP that it would make headlines.  They have NO idea what a consumer would experience in the real world because they were not conducting a real world test.

The unbiased and proper thing to do would have been to report that they found significant problems during battery testing and could not provide any recommendation until it had been resolved.  

They KNEW the issue was a bug with Safari because they couldn't replicate it in Chrome.

They DELIBERATELY deviated from their established procedures to generate an artificially low score to generate a sensationalist result.