Connect with us

Biz & IT

Review: Apple’s iPhone XR is a fine young cannibal

Published

on

This iPhone is great. It is most like the last iPhone — but not the last “best” iPhone — more like the last not as good iPhone. It’s better than that one though, just not as good as the newest best iPhone or the older best iPhone.

If you’re upgrading from an iPhone 7 or iPhone 8, you’re gonna love it and likely won’t miss any current features while also getting a nice update to a gesture-driven phone with Face ID. But don’t buy it if you’re coming from an iPhone X, you’ll be disappointed as there are some compromises from the incredibly high level of performance and quality in Apple’s last flagship, which really was pushing the envelope at the time.

From a consumer perspective, this is offering a bit of choice that targets the same kind of customer who bought the iPhone 8 instead of the iPhone X last year. They want a great phone with a solid feature set and good performance but are not obsessed with ‘the best’ and likely won’t notice any of the things that would bug an iPhone X user about the iPhone XR.

On the business side, Apple is offering the iPhone XR to make sure there is no pricing umbrella underneath the iPhone XS and iPhone XS Max, and to make sure that the pricing curve is smooth across the iPhone line. It’s not so much a bulwark against low-end Android, that’s why the iPhone 8 and iPhone 7 are sticking around at those low prices.

Instead it’s offering an ‘affordable’ option that’s similar in philosophy to the iPhone 8’s role last year but with some additional benefits in terms of uniformity. Apple gets to move more of its user base to a fully gesture-oriented interface, as well as giving them Face ID. It benefits from more of its pipeline being dedicated to devices that share a lot of components like the A12 and True Depth camera system. It’s also recognizing the overall move towards larger screens in the market.

If Apple was trying to cannibalize sales of the iPhone XS, it couldn’t have created a better roasting spit than the iPhone XR.

Screen

Apple says that the iPhone XR has ‘the most advanced LCD ever in a smartphone’ — their words.

The iPhone XR’s screen is an LCD, not an OLED. This is one of the biggest differences between the iPhone XR and the iPhone XS models, and while the screen is one of the best LCDs I’ve ever seen, it’s not as good as the other models. Specifically, I believe that the OLED’s ability to display true black and display deeper color (especially in images that are taken on the new XR cameras in HDR) set it apart easily.

That said, I have a massive advantage in that I am able to hold the screens side by side to compare images. Simply put, if you don’t run them next to one another, this is a great screen. Given that the iPhone XS models have perhaps the best displays ever made for a smartphone, coming in a very close second isn’t a bad place to be.

A lot of nice advancements have been made here over earlier iPhone LCDs. You get True Tone, faster 120hz touch response and wide color support. All on a 326 psi stage that’s larger than the iPhone 8 Plus in a smaller body. You also now get tap-to-wake, another way Apple is working hard to unify the design and interaction language of its phones across the lineup.

All of these advancements don’t come for free to an LCD. There was a lot of time, energy and money spent getting the older technology to work as absolutely closely as possible to the flagship models. It’s rare to the point of non-existence that companies care at all to put in the work to make the lower end devices feel as well worked as the higher end ones. For as much crap as Apple gets about withholding features to get people to upsell, there is very little of that happening with the iPhone XR, quite the opposite really.

There are a few caveats here. First, 3D touch is gone, replaced by ‘Haptic Touch’ which Apple says works similarly to the MacBook’s track pad. It provides feedback from the iPhone’s Taptic vibration engine to simulate a ‘button press’ or trigger. In practice, the reality of the situation is that it is a very prosaic ‘long press to activate’ more than anything else. It’s used to trigger the camera on the home screen and the flashlight, and Apple says it’s coming to other places throughout the system as it sees it appropriate and figures out how to make it feel right.

I’m not a fan. I know 3D touch has its detractors, even among the people I’ve talked to who helped build it, I think it’s a clever utility that has a nice snap to it when activating quick actions like the camera. In contrast, on the iPhone XR you must tap and hold the camera button for about a second and a half — no pressure sensitivity here obviously — as the system figures out that this is an intentional press by determining duration, touch shape and spread etc and then triggers the action. You get the feedback still, which is nice, but it feels disconnected and slow. It’s the best case scenario without the additional 3D touch layer, but it’s not ideal.

I’d also be remiss if I didn’t mention that the edges of the iPhone XR screen have a slight dimming effect that is best described as a ‘drop shadow’. It’s wildly hard to photograph but imagine a very thin line of shadow around the edge of the phone that gets more pronounced as you tilt it and look at the edges. It’s likely an effect of the way Apple was able to get a nice sharp black drop-off at the edges that gets that to-the-edges look of the iPhone XR’s screen.

Apple is already doing a ton of work rounding the corners of the LCD screen to make them look smoothly curved (this works great and is nearly seamless unless you bust out the magnifying loupe) and it’s doing some additional stuff around the edge to keep it looking tidy. They’ve doubled the amount of LEDs in the screen to make that dithering and the edging possible.

Frankly, I don’t think most people will ever notice this slight shading of dark around the edge — it is very slight — but when the screen is displaying mostly white and it’s next to the iPhone XS it’s visible.

Oh, the bezels are bigger. It makes the front look slightly less elegant and screenful than the iPhone XS, but it’s not a big deal.

Camera

Yes, the portrait mode works. No, it’s not as good as the iPhone XS. Yes, I miss having a zoom lens.

All of those things are true and easily the biggest reason I won’t be buying an iPhone XR. However, in the theme of Apple working its hardest to make even its ‘lower end’ devices work and feel as much like its best, it’s really impressive what has been done here.

The iPhone XR’s front-facing camera array is identical to what you’ll find in the iPhone XS. Which is to say it’s very good.

The rear facing camera is where it gets interesting, and different.

The rear camera is a single lens and sensor that is both functionally and actually identical to the wide angle lens in the iPhone XS. It’s the same sensor, the same optics, the same 27mm wide-angle frame. You’re going to get great ‘standard’ pictures out of this. No compromises.

However, I found myself missing the zoom lens a lot. This is absolutely a your mileage may vary scenario, but I take the vast majority of my pictures with the telephoto lens. Looking back at my year with the iPhone X I’d say north of 80% of my pictures were shot with the telephoto, even if they were close ups. I simply prefer the “52mm” equivalent with its nice compression and tight crop. It’s just a better way to shoot than a wide angle — as any photographer or camera company will tell you because that’s the standard (equivalent) lens that all cameras have shipped with for decades.

Wide angle lenses were always a kludge in smartphones and it’s only in recent years that we’ve started getting decent telephotos. If I had my choice, I’d default to the tele and have a button to zoom out to the wide angle, that would be much nicer.

But with the iPhone XR you’re stuck with the wide — and it’s a single lens at that, without the two different perspectives Apple normally uses to gather its depth data to apply the portrait effect.

So they got clever. iPhone XR portrait images still contain a depth map that determines foreground, subject and background, as well as the new segmentation map that handles fine detail like hair. While the segmentation maps are roughly identical, the depth maps from the iPhone XR are nowhere as detailed or information rich as the ones that are generated by the iPhone XS.

See the two maps compared here, the iPhone XR’s depth map is far less aware of the scene depth and separation between the ‘slices’ of distance. It means that the overall portrait effect, while effective, is not as nuanced or aggressive.

In addition, the iPhone XR’s portrait mode only works on people.You’re also limited to just a couple of the portrait lighting modes: studio and contour.

In order to accomplish portrait mode without the twin lens perspective, Apple is doing facial landmark mapping and image recognition work to determine that the subject you’re shooting is a person. It’s doing depth acquisition by acquiring the map using a continuous real-time buffer of information coming from the focus pixels embedded in the iPhone XR’s sensor that it is passing to the A12 Bionic’s Neural Engine. Multiple neural nets analyze the data and reproduce the depth effect right in the viewfinder.

When you snap the shutter it combines the depth data, the segmentation map and the image data into a portrait shot instantaneously. You’re able to see the effect immediately. It’s wild to see this happen in real time and it boggles thinking about the horsepower needed to do this. By comparison, the Pixel 3 does not do real time preview and takes a couple of seconds to even show you the completed portrait shot once it’s snapped.

It’s a bravura performance in terms of silicon. But how do the pictures look?

I have to say, I really like the portraits that come out of the iPhone XR. I was ready to hate on the software-driven solution they’d come up with for the single lens portrait but it’s pretty damn good. The depth map is not as ‘deep’ and the transitions between out of focus and in focus areas are not as wide or smooth as they are on iPhone XS, but it’s passable. You’re going to get more funny blurring of the hair, more obvious hard transitions between foreground and background and that sort of thing.

And the wide angle portraits are completely incorrect from an optical compression perspective (nose too large, ears too small). Still, they are kind of fun in an exaggerated way. Think the way your face looks when you get to close to your front camera.

If you take a ton of portraits with your iPhone, the iPhone XS is going to give you a better chance of getting a great shot with a ton of depth that you can play with to get the exact look that you want. But as a solution that leans hard on the software and the Neural Engine, the iPhone XR’s portrait mode isn’t bad.

Performance

Unsurprisingly, given that it has the same exact A12 Bionic processor, but the iPhone XR performs almost identically to the iPhone XS in tests. Even though it features 3GB of RAM to the iPhone XS’ 4GB, the overall situation here is that you’re getting a phone that is damn near identical as far as speed and capability. If you care most about core features and not the camera or screen quirks, the iPhone XR does not offer many, if any, compromises here.

Size

The iPhone XR is the perfect size. If Apple were to make only one phone next year, they could just make it XR-sized and call it good. Though I am now used to the size of the iPhone X, a bit of extra screen real-estate is much appreciated when you do a lot of reading and email. Unfortunately, the iPhone XS Max is a two-handed phone, period. The increase in vertical size is lovely for reading and viewing movies, but it’s hell on reachability. Stretching to the corners with your thumb is darn near impossible and to complete even simple actions like closing a modal view inside an app it’s often easiest (and most habitual) to just default to two hands to perform those actions.

For those users that are ‘Plus’ addicts, the XS Max is an exercise in excess. It’s great as a command center for someone who does most of their work on their iPhones or in scenarios where it’s their only computer. My wife, for instance, has never owned her own computer and hasn’t really needed a permanent one in 15 years. For the last 10 years, she’s been all iPhone, with a bit of iPad thrown in. I myself am now on a XS Max because I also do a huge amount of my work on my iPhone and the extra screen size is great for big email threads and more general context.

But I don’t think Apple has done enough to capitalize on the larger screen iPhones in terms of software — certainly not enough to justify two-handed operation. It’s about time iOS was customized thoroughly for larger phones beyond a couple of concessions to split-view apps like Mail.

That’s why the iPhone XR’s size comes across as such a nice compromise. It’s absolutely a one-handed phone, but you still get some extra real-estate over the iPhone XS and the exact same amount of information appears on the iPhone XR’s screen as on the iPhone XS Max in a phone that is shorter enough to be thumb friendly.

Color

Apple’s industrial design chops continue to shine with the iPhone XR’s color finishes. My tester iPhone was the new Coral color and it is absolutely gorgeous.

The way Apple is doing colors is like nobody else. There’s no comparison to holding a Pixel 3, for instance. The Pixel 3 is fun and photographs well, but super “cheap and cheerful” in its look and feel. Even though the XR is Apple’s mid-range iPhone, the feel is very much that of a piece of nicely crafted jewelry. It’s weighty, with a gorgeous 7-layer color process laminating the back of the rear glass, giving it a depth and sparkle that’s just unmatched in consumer electronics.

The various textures of the blasted aluminum and glass are complimentary and it’s a nice melding of the iPhone 8 and iPhone X design ethos. It’s massively unfortunate that most people will be covering the color with cases, and I expect clear cases to explode in popularity when these phones start getting delivered.

It remains very curious that Apple is not shipping any first-party cases for the iPhone XR — not even the rumored clear case. I’m guessing that they just weren’t ready or that Apple was having issues with some odd quirk of clear cases like yellowing or cracking or something. But whatever it is, they’re leaving a bunch of cash on the table.

Apple’s ID does a lot of heavy lifting here, as usual. It often goes un-analyzed just how well the construction of the device works in conjunction with marketing and market placement to help customers both justify and enjoy their purchase. It transmits to the buyer that this is a piece of quality kit that has had a lot of thought put into it and makes them feel good about paying a hefty price for a chunk of silicon and glass. No one takes materials science anywhere as seriously at Apple and it continues to be on display here.

Should you buy it?

As I said above, it’s not that complicated of a question. I honestly wouldn’t overthink this one too much. The iPhone XR is made to serve a certain segment of customers that want the new iPhone but don’t necessarily need every new feature. It works great, has a few small compromises that probably won’t faze the kind of folks that would consider not buying the best and is really well built and executed.

“Apple’s pricing lineup is easily its strongest yet competitively,” creative Strategies’ Ben Bajarin puts it here in a subscriber piece. “The [iPhone] XR in particular is well lined up against the competition. I spoke to a few of my carrier contacts after Apple’s iPhone launch event and they seemed to believe the XR was going to stack up well against the competition and when you look at it priced against the Google Pixel ($799) and Samsung Galaxy 9 ($719). Some of my contacts even going so far to suggest the XR could end up being more disruptive to competitions portfolios than any iPhone since the 6/6 Plus launch.”

Apple wants to fill the umbrella, leaving less room than ever for competitors. Launching a phone that’s competitive in price and features an enormous amount of research and execution that attempt to make it as close a competitor as possible to its own flagship line, Apple has set itself up for a really diverse and interesting fiscal Q4.

Whether you help Apple boost its average selling price by buying one of the maxed out XS models or you help it block another Android purchase with an iPhone XR, I think it will probably be happy having you, raw or cooked.

Source link

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

Safari and iOS bug reveals your browsing activity and ID in real time

Published

on

Getty Images

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

The same-origin policy is a foundational security mechanism that forbids documents, scripts, or other content loaded from one origin—meaning the protocol, domain name, and port of a given webpage or app—from interacting with resources from other origins. Without this policy, malicious sites—say, badguy.example.com—could access login credentials for Google or another trusted site when it’s open in a different browser window or tab.

Obvious privacy violation

Since September’s release of Safari 15 and iOS and iPadOS 15, this policy has been broken wide open, research published late last week found. As a demo site graphically reveals, it’s trivial for one site to learn the domains of sites open in other tabs or windows, as well as user IDs and other identifying information associated with the other sites.

“The fact that database names leak across different origins is an obvious privacy violation,” Martin Bajanik, a researcher at security firm FingerprintJS, wrote. He continued:

It lets arbitrary websites learn what websites the user visits in different tabs or windows. This is possible because database names are typically unique and website-specific. Moreover, we observed that in some cases, websites use unique user-specific identifiers in database names. This means that authenticated users can be uniquely and precisely identified.

Attacks work on Macs running Safari 15 and on any browser running on iOS or iPadOS 15. As the demo shows, safarileaks.com is able to detect the presence of more than 20 websites—Google Calendar, YouTube, Twitter, and Bloomberg among them—open in other tabs or windows. With more work, a real-world attacker could likely find hundreds or thousands of sites or webpages that can be detected.

When users are logged in to one of these sites, the vulnerability can be abused to reveal the visit and, in many cases, identifying information in real time. When logged in to a Google account open elsewhere, for instance, the demo site can obtain the internal identifier Google uses to identify each account. Those identifiers can usually be used to recognize the account holder.

Raising awareness

The leak is the result of the way the Webkit browser engine implements IndexedDB, a programming interface supported by all major browsers. It holds large amounts of data and works by creating databases when a new site is visited. Tabs or windows that run in the background can continually query the IndexedDB API for available databases. This allows one site to learn in real time what other websites a user is visiting.

Websites can also open any website in an iframe or pop-up window in order to trigger an IndexedDB-based leak for that specific site. By embedding the iframe or popup into its HTML code, a site can open another site in order to cause an IndexedDB-based leak for the site.

“Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session,” Bajanik wrote. “Windows and tabs usually share the same session, unless you switch to a different profile, in Chrome for example, or open a private window.”

How IndexedDB in Safari 15 leaks your browsing activity (in real time).

Bajanik said he notified Apple of the vulnerability in late November, and as of publication time, it still had not been fixed in either Safari or the company’s mobile OSes. Apple representatives didn’t respond to an email asking if or when it would release a patch. As of Monday, Apple engineers had merged potential fixes and marked Bajanik’s report as resolved. End users, however, won’t be protected until the Webkit fix is incorporated into Safari 15 and iOS and iPadOS 15.

For now, people should be wary when using Safari for desktop or any browser running on iOS or iPadOS. This isn’t especially helpful for iPhone or iPad users, and in many cases, there’s little or no consequence of browsing activities being leaked. In other situations, however, the specific sites visited and the order in which they were accessed can say a lot.

“The only real protection is to update your browser or OS once the issue is resolved by Apple,” Bajanik wrote. “In the meantime, we hope this article will raise awareness of this issue.”

Continue Reading

Biz & IT

Microsoft warns of destructive disk wiper targeting Ukraine

Published

on

Getty Images

Over the past few months, geopolitical tensions have escalated as Russia amassed tens of thousands of troops along Ukraine’s border and made subtle but far-reaching threats if Ukraine and NATO don’t agree to Kremlin demands.

Now, a similar dispute is playing out in cyber arenas, as unknown hackers late last week defaced scores of Ukrainian government websites and left a cryptic warning to Ukrainian citizens who attempted to receive services.

Be afraid and expect the worst

“All data on the computer is being destroyed, it is impossible to recover it,” said a message, written in Ukrainian, Russian, and Polish, that appeared late last week on at least some of the infected systems. “All information about you has become public, be afraid and expect the worst.”

Around the same time, Microsoft said in a post over the weekend, “destructive” malware with the ability to permanently destroy computers and all data stored on them began appearing on the networks a dozens of government, nonprofit, and information technology organizations, all based in Ukraine. The malware—which Microsoft is calling Whispergate—masquerades as ransomware and demands $10,000 in bitcoin for data to be restored.

But Whispergate lacks the means to distribute decryption keys and provide technical support to victims, traits that are found in virtually all working ransomware deployed in the wild. It also overwrites the master boot record—a part of the hard drive that starts the operating system during bootup.

“Overwriting the MBR is atypical for cybercriminal ransomware,” members of the Microsoft Threat Intelligence Center wrote in Saturday’s post. “In reality, the ransomware note is a ruse and that the malware destructs MBR and the contents of the files it targets. There are several reasons why this activity is inconsistent with cybercriminal ransomware activity observed by MSTIC.”

Over the weekend, Serhiy Demedyuk, deputy head of Ukraine’s National Security and Defense Council, told news outlets that preliminary findings from a joint investigation of several Ukrainian state agencies show that a threat actor group known as UNC1151 was likely behind the defacement hack. The group, which researchers at security firm Mandiant have linked to the government of Russian ally Belarus, was behind an influence campaign named Ghostwriter.

Ghostwriter worked by using phishing emails and theft domains that spoof legitimate websites such as Facebook to steal victim credentials. With control of content management systems belonging to news sites and other heavily trafficked properties, UNC1151 “primarily promoted anti-NATO narratives that appeared intended to undercut regional security cooperation in operations targeting Lithuania, Latvia, and Poland,” authors of the Mandiant report wrote.

All evidence points to Russia

Ukrainian officials said UNC1151 was likely working on behalf of Russia when it used its skill in harvesting credentials and infiltrating websites to deface Ukraine’s government sites. In a statement, they wrote:

As of now, we can say that all the evidence points to the fact that Russia is behind the cyber attack. Moscow continues to wage a hybrid war and is actively building forces in the information and cyberspace.

Russia’s cyber-troops are often working against the United States and Ukraine, trying to use technology to shake up the political situation. The latest cyber attack is one of the manifestations of Russia’s hybrid war against Ukraine, which has been going on since 2014.

Its goal is not only to intimidate society. And to destabilize the situation in Ukraine by stopping the work of the public sector and undermining the confidence in the government on the part of Ukrainians. They can achieve this by throwing fakes into the infospace about the vulnerability of critical information infrastructure and the “drain” of personal data of Ukrainians.

Damage assessment

There were no immediate reports of the defacements having a destructive effect on government networks, although Reuters on Monday reported Ukraine’s cyber police found that last week’s defacement appeared to have destroyed “external information resources.”

“A number of external information resources were manually destroyed by the attackers,” the police said, without elaborating. The police added: “It can already be argued that the attack is more complex than modifying the homepage of websites.”

Microsoft, meanwhile, didn’t say if the destructive data wiper it found on Ukrainian networks had merely been installed for potential use later on or if it had actually been executed to wreak havoc.

There’s no proof that the Russian government had any involvement in the wiper malware or the website defacement, and Russian officials have flatly denied it. But given past events, Russian involvement wouldn’t be a surprise.

In 2017, a massive outbreak of malware initially believed to be ransomware shut down computers around the world and resulted in $10 billion in total damages, making it the most costly cyberattack ever.

NotPetya initially spread spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine. Both Ukrainian
and US government officials have said Russia was behind the attacks. In 2020, federal prosecutors charged four Russian nationals for alleged hacking crimes involving NotPetya.

Continue Reading

Biz & IT

Backdoor for Windows, macOS, and Linux went undetected until now

Published

on

Researchers have uncovered a never-before-seen backdoor written from scratch for systems running Windows, macOS, or Linux that remained undetected by virtually all malware scanning engines.

Researchers from security firm Intezer said they discovered SysJoker—the name they gave the backdoor—on the Linux-based Webserver of a “leading educational institution.” As the researchers dug in, they found SysJoker versions for both Windows and macOS as well. They suspect the cross-platform malware was unleashed in the second half of last year.

The discovery is significant for several reasons. First, fully cross-platform malware is something of a rarity, with most malicious software being written for a specific operating system. The backdoor was also written from scratch and made use of four separate command-and-control servers, an indication that the people who developed and used it were part of an advanced threat actor that invested significant resources. It’s also unusual for previously unseen Linux malware to be found in a real-world attack.

Analyses of the Windows version (by Intezer) and the version for Macs (by researcher Patrick Wardle) found that SysJoker provides advanced backdoor capabilities. Executable files for both the Windows and macOS versions had the suffix .ts. Intezer said that may be an indication the file masqueraded as a type script app spread after being sneaked into the npm JavaScript repository. Intezer went on to say that SysJoker masquerades as a system update.

Wardle, meanwhile, said the .ts extension may indicate the file masqueraded as video transport stream content. He also found that the macOS file was digitally signed, though with an ad-hoc signature.

SysJoker is written in C++, and as of Tuesday, the Linux and macOS versions were fully undetected on the VirusTotal malware search engine. The backdoor generates its control-server domain by decoding a string retrieved from a text file hosted on Google Drive. During the time the researchers were analyzing it, the server changed three times, indicating the attacker was active and monitoring for infected machines.

Based on organizations targeted and the malware’s behavior, Intezer’s assessment is that SysJoker is after specific targets, most likely with the goal of “​​espionage together with lateral movement which might also lead to a ransomware attack as one of the next stages.”

Continue Reading

Trending