Thursday Comment: 24 Years of the iMac; Switching to OS X; Switching from China; CSAM and Detractors

By Graham K. Rogers

The iMac was announced 24 years ago. Although not Apple's first all-in-one computer the see-through iMac was as significant as the original Macintosh of 1984. As well as the new design there was OS X. Developed from the NeXT UNIX OS, it has now evolved into macOS. There is still debate about Apple's CSAM intentions. The EU is now in on the act with planned legislation for all devices (Android too) to have on-device scanning capabilities. Any warnings seem to have been brushed aside.

On Wednesday this week Apple released a Security Update for macOS Monterey bringing this to version 12.5.1. On the Eclectic Light Company, Hoakley reports that "This fixes two serious security vulnerabilities, one in the kernel and one in WebKit, which Apple is aware may have been actively exploited." A link to more details is provided. As usual, I ran a Time Machine backup before downloading the update. It was shown as 1.18GB for my M1 MacBook Pro in the information panel, but 2.06GB in the download.

The download was unusually slow, but this may be local conditions. A speed test did show that my fast link was not up to its usual standard. Local speeds picked up a bit, but the Monterey download still lagged. It arrived eventually. This update was followed by iOS 15.6.1 and iPadOS 15.6.1: all related to the detected exploit, so this appears to have been quite serious.

Several online sources reminded me that twenty-four years ago this week saw the introduction of the Apple iMac: an all-in-one device that was one of the factors that helped bring Apple back from the brink. The Jony Ive-designed semi-translucent computer with G3 chip was a major change from the grey boxes we were used to. The reactions from the (admittedly partisan but knowledgable) audience suggested that Apple had made some good decisions. An edited video (just over 26 minutes) of the presentation with Steve Jobs and support from Phil Schiller is embedded in an article about the event (Sami Fathi, MacRumors). Looking back I am shocked by the 233GHz, 32MB RAM and a 4GB disk. The case and locations of ports were novel and well-received.

Up to that time I had owned a couple of used Macs and some eBay specials, including a Power Mac that had been put together for me, but there were always drawbacks to these early devices. A few months later, I ordered an iMac and the all-white version cost me just over 30,000 baht in 1999 (about $850 today). I still have that and it sort of works. I gave it to a friend when I bought the G4 eMac which also gave good service. My friend used the iMac for a few years and then graduated to a MacBook Pro. As part of the deal, he returned the iMac to me.

The iMac was ready to run OS X but came as a twin booting device with System 9 installed as default. I also had access to a G4 PowerMac at work and tried OS X on that first. I must admit it was so different I was scared by what I had in front of me, so switched back to System 9 almost immediately. However, I realized that Apple was not going back and had obviously invested a lot into this, so gave it another try and the penny dropped. OS X (Ten not X) had been developed from NeXT and when Gil Amelio bought that company he also got Steve Jobs.

Not many people were using the UNIX-based OS X at the time and this gave me an advantage. With some book reviews and other input, I was able to persuade the Bangkok Post to run an Apple-Mac column (I had already been writing in the Database supplement for a while). As a result, I made several contacts and was invited to the 2007 iPhone introduction. Much has changed since.

As well as the iMac I still have some of the OS X release disks. These came in large boxes, with manuals, and were usually released at 6pm here at special events on Friday evenings. We would all line up for the privilege of paying 6,000 baht. I would then rush home, install and start writing. I only had one problem with all the updates. When 10.2 Jaguar was installed, that upset a 3rd party plugin for the browser. I uninstalled that and the problem went away, but similar problems with mouses [yes, I have checked] or printers made me wary of such drivers. I tended to stick to the inbuilt OS X drivers for the mouse and printer (CUPS, or Common UNIX Printing System).

CUPS can still be used, although these days I tend to use a wifi connection and apps on the iPad or iPhone. With Monterey on the Mac mini I tried the original http://127.0.0.1:631 in the browser but that would not work, then http://localhost:631/printers/ which I saw on TimelyHelp. Although the browser page was not the same, I followed the advice to enable the CUPS interface using the command cupsctl WebInterface=yes. After entering the Admin password I was able to access CUPS using localhost or the IP number.

With the iPhone almost certain to be announced next month, there have been rumors this week that this will be announced early September and that Apple will increase the price $100: not that Apple has released any information at all on this so far. Other rumors concern hardware, particularly with regard to the M2 chip. The Macs are favorite to see these, particularly after recent updates to the notebook range. There are more to come with the top of the range devices, like 14" and 16" models. Oddly there are no current rumors about the iMac. It is possible these could also see updates, but perhaps early next year.

There are rumors about iPads, however, and I am particularly intrigued by the idea of the iPad Pro with M2 chip. When the 11" iPad Pro appeared (initially with the A-series chip) I bought that right away. I had tried the largest model when it first came out and was impressed. The smaller screen version was nice, although the size was not right for me; but that 11" was perfect when it appeared with its USB-C port and the ability to import photographs directly from a camera.

M1 iPad Pro

As good as it was for most of what I did, the photo imports came up short and I had to limit the number or images imported. In practical terms that meant importing about 10, then 10 more and so on until the job was done. I am not sure if it was power or storage space causing the bottleneck, but when the more powerful M1 iPad Pro arrived with its larger basic storage (128GB) those photo imports no longer lagged. The iPad Pro is my main work machine these days. It is currently priced at 27,900 baht (about $788). I do still need the Mac for certain tasks: scanning negatives, occasional tethering, FTP and RSS uploads, and presentations.

I can easily make presentations with the iPad - even the iPhone at a pinch - but it is easier to work with Keynote on the Mac: making presentations and editing. Photos is also better on the Mac. The iPhone-like interface on the iPad is in need of revision. It may be fine for one-handed operations on an iPhone, but the iPad needs much more and Apple has let users down with this. I make do with 3rd party software (like Pixelmator Photo) to do editing properly on the iPad Pro. But the idea of an iPad Pro with M2 chip is really tempting.

At this time of year (despite today's update) we are usually looking forward to the next versions of iOS, iPadOS and macOS as well as new versions of the OS for the Apple Watch and the TV. We know that iPad OS is being delayed slightly, perhaps due to some of the new features that work with macOS, but it could be that this is also delayed as reports about beta releases are not positive. Tim Hardwick mentions comments by developer Niki Tonsky (who is critical of System Settings), and John Gruber. On Daring Fireball he comments that there is "something deeply wrong with SwiftUI that, even while in-progress, so many little layout details are apparently hard to get right." There is more from Gruber and Tonsky on the less than perfect state of Ventura, but you will need to look at Hardwick's article for more complete information.

For years we have been used to Apple products designed in America and assembled in China, although the relationship has soured a little in recent times with former president Trump damaging the trade relationship between the two countries and later the restrictions covid caused: travel, lockdowns, factory closures; and the political problems with Taiwan. I noticed that instead of products I had ordered coming from China they were with me in a day or two having been shipped from Singapore.

There has been a considerable presence there for many years and other countries in the region (Malaysia, Thailand) have also benefitted from orders, with a larger presence also in Vietnam in the last few years. Tim Cook has seen the writing on the great wall of China and began to shift work a while back, with iPhone manufacturing (in part) in India as well as more work in other countries. A few months ago, Cook met the President of Vietnam and there was much shaking of hands.

It is reported that the way Macs are now made, with more integrated components, means that it is no longer necessary to rely as much on Foxconn (and other) factories in China. Ben Lovejoy (9to5 Mac) explains how these changes are making it possible to shift assembly of the MacBooks and Apple Watch to Vietnam with more suppliers in the country.

On Apple TV+, the series, Loot, finished last Friday and I am not entirely sure it succeeded in what it was intended to do. Superclean, superclothed, super-rich and disconnected from the problems that Molly's foundation was intended to tackle, the whole thing oozed wealth and privilege. In the final episode, at a conference for the super-wealthy, the scales may have fallen from Molly's eyes when, beautifully coutured, she realized she must give her wealth away. In the final scene, however, she was shown rising from her bed in the luxury villa where she had slept with her divorced husband. Will series 2 resolve these contradictions?

Apple has just released a trailer for its documentary on Sidney Poitier and this looks like one I must watch. Oliver Haslam (iMore) has some details of the presentation and who is involved. Even the trailer, which is embedded in Haslam's item, reveals new information, so this documentary on this giant of Hollywood is looking good.

And on Netflix, we have just seen the end of Better Call Saul - superb television (like Breaking Bad before it). Read Stuart Jeffries in The Guardian for praise.

The idea of Apple's activation of on-device CSAM image detection still lingers. Even though the use of PhotoDNA and hashed images is used by other tech companies, like Microsoft (who developed the system with Hany Farid), Google, Facebook, and others, it is not yet used by Apple. The difference appears to be that these others apply detection on their own servers, while Apple set out plans to implement this on users' devices.

Initially, the plan was to include only those in the USA who were using iCloud and the Apple Photos app. The expected introduction of legislation in the UK suggests that users in Britain may be the first affected by on-device scanning for CSAM images. To paraphrase Margaret Atwood on the assassination attempt on Salman Rushdie, if we do not defend such intrusions on privacy we live in a tyranny

In a comment on how the issue is still hovering in the background, Joe Rossignol (MacRumors) mentions Apple's silence on the matter. While "Apple did move forward with implementing its child safety features for the Messages app and Siri" which had been announced at the same time as the plan for CSAM image detection, Cupertino has not publicly commented on plans for CSAM. Rossignol explains some of the potential risks for users that have been put forward.

While the main focus of critics has been on Apple, the idea of on-device image detection or Client Side Scanning (CSS) is not limited to the iPhone. Thomas Claburn (The Register), reported recently on EU attempts to bring this to all such devices. A paper cited by Claburn insists that "CSS can no more prevent the distribution of CSAM than antivirus scanning can prevent the distribution of malware." The paper, YASM (Yet Another Surveillance Mechanism) by Kaspar Rosager Ludvigsen, Shishir Nagaraja, and Angela Daly, makes some interesting points although I do have some reservations.

In the Abstract they note that, despite Apple's reluctance to proceed, the EU is proposing to push forward with forced CSS "without proper consideration of privacy, cybersecurity and legal consequences." I noted a while back that, in its examination of the perceived monopolies in the Apple and Google app stores, the UK's CMA Report on Mobile ecosystems dismissed the views of Apple (and Google) in a rather cavalier fashion on more than one occasion: "reasons Apple had put forward are (again) dismissed with what seems to be a contradictory comment, "We have not been able to comprehensively assess these justifications within this study. However, based on the evidence we have gathered, we consider that Apple has overstated the security risks of opening up NFC access" [my italics]. The EU has done similar on more than one occasion: simply dismissing any contradictory opinion as it does not fit with their preconceptions or what they intend to implement.

I read through this paper - my word it could have done with some editing - and while there is an impressive collection of evidence that argues against the use of on-device CSS detection systems, the whole paper was neeeded to be better presented and organized. This weakened what could have been a strong argument (despite being ignored by the EU) and shows that there is significant justification (e.g. Struppek et al) to indicate these methods have major drawbacks. Section 4 of the paper was better and perhaps had a different writer. ECHR was discussed in this part: the European Court of Human Rights.

I found this interesting as the USA is not a member and certain UK politicians are actively moving to withdraw from the system, while some other countries that might make use of Hashed Images in the future (separate from CSAM) would not be deterred by the ECHR. The paper, however, is focused on the use of this detection method in the EU. ECHR regulations would affect the proposed EU legislation and how Apple rolls out any on-device CSAM detection system in Europe: "It is not foreseeable for the individual that all their storage or other digital devices suddenly become live CSS systems."

The following section (5 ) had an interesting comment on the almost-certain EU decision to implement CSS: "The European Commission furthermore disregards and does not analyse the potential consequences either CSS or server-side scanning would have on cybersecurity and privacy, while they justify the victim's potential positive outcomes outweighing the negative of everyone else." As I mentioned above with the UK's CMA Report on Mobile ecosystems, there seems to be a pre-decided solution about CSAM detection and anything that does not support that is dismissed.

The references section had a good collection of useful articles (as it should), but I really wanted to take my editing scalpel to that as well. The article has some good arguments about the problems and alternatives, but the case needs to be better presented. We are in danger of sleepwalking into a bureaucrat-controlled surveillance society just as Orwell and others warned.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. After 3 years writing a column in the Life supplement, he is now no longer associated with the Bangkok Post. He can be followed on Twitter (@extensions_th)